package com.ibm.ws.objectgrid.security.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.queryengine.eval.Constantdef;
import com.ibm.websphere.objectgrid.security.SecurityConstants;
import com.ibm.websphere.objectgrid.security.config.SSLConfiguration;
import com.ibm.ws.ffdc.FFDCSelfIntrospectable;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.runtime.RuntimeInfo;
import com.ibm.ws.objectgrid.security.access.SSLClientProps;
import com.ibm.ws.objectgrid.security.util.PasswordUtil;
import com.ibm.ws.objectgrid.security.util.SecurityUtil;
import com.ibm.ws.objectgrid.server.ServerStateUtility;
import com.ibm.ws.objectgrid.transport.XsTransportType;
import com.ibm.ws.objectgrid.util.ObjectGridUtil;
import com.ibm.ws.xs.NLSConstants;
import java.io.File;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties;
import org.eclipse.core.runtime.Platform;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/config/SSLConfigurationImpl.class */
public class SSLConfigurationImpl implements SSLConfiguration, FFDCSelfIntrospectable {
    private static final long serialVersionUID = 5713121502994218403L;
    private static final TraceComponent TC = Tr.register(SSLConfigurationImpl.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    public static final String ALIAS = "alias";
    public static final String CONTEXT_PROVIDER = "contextProvider";
    public static final String PROTOCOL = "protocol";
    public static final String KEY_STORE_TYPE = "keyStoreType";
    public static final String KEY_STORE = "keyStore";
    public static final String KEY_STORE_PASSWORD = "keyStorePassword";
    public static final String TRUST_STORE_TYPE = "trustStoreType";
    public static final String TRUST_STORE = "trustStore";
    public static final String TRUST_STORE_PASSWORD = "trustStorePassword";
    public static final String CERT_REQ_SUBJECT_DN = "certReqSubjectDN";
    public static final String SP800_131 = "SP800-131";
    public static final String FIPS = "FIPS";
    protected String ivAlias;
    protected String ivJsseProvider;
    protected String ivKeyStoreName;
    protected String ivKeyStoreType;
    protected String ivKeyStorePassword;
    protected String ivTrustStoreName;
    protected String ivTrustStoreType;
    protected String ivTrustStorePassword;
    protected String ivProtocol;
    protected String ivSP800_131;
    protected boolean ivFips;
    protected boolean ivSuiteB;
    private transient SSLClientProps ivSslClientProps;
    private String ivCertReqSubjectDN;

    public SSLConfigurationImpl() {
        this.ivFips = false;
        this.ivSuiteB = false;
        this.ivSslClientProps = null;
    }

    public SSLConfigurationImpl(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10, boolean z) {
        this.ivFips = false;
        this.ivSuiteB = false;
        this.ivSslClientProps = null;
        this.ivAlias = str;
        this.ivJsseProvider = str2;
        setKeyStore(str3);
        this.ivKeyStoreType = str4;
        this.ivKeyStorePassword = str5;
        setTrustStore(str6);
        this.ivTrustStoreType = str7;
        this.ivTrustStorePassword = str8;
        this.ivProtocol = str9;
        if (str10 != null && (str10.equalsIgnoreCase("strict") || str10.equalsIgnoreCase("transition"))) {
            this.ivSP800_131 = str10;
        }
        this.ivFips = z;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getAlias() {
        return this.ivAlias;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setAlias(String str) {
        this.ivAlias = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getKeyStore() {
        return this.ivKeyStoreName;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setKeyStore(String str) {
        if (str == null || str.trim().length() == 0) {
            this.ivKeyStoreName = null;
            return;
        }
        this.ivKeyStoreName = ObjectGridUtil.replaceVar(str.trim(), null);
        this.ivKeyStoreName = new File(this.ivKeyStoreName).getAbsolutePath();
        if (File.separatorChar == '\\') {
            this.ivKeyStoreName = this.ivKeyStoreName.replace(File.separatorChar, '/');
        }
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getKeyStorePassword() {
        return this.ivKeyStorePassword;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setKeyStorePassword(String str) {
        this.ivKeyStorePassword = PasswordUtil.passwordDecode(str);
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getKeyStoreType() {
        return this.ivKeyStoreType;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setKeyStoreType(String str) {
        this.ivKeyStoreType = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getTrustStore() {
        return this.ivTrustStoreName;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setTrustStore(String str) {
        if (str == null || str.trim().length() == 0) {
            this.ivTrustStoreName = null;
            return;
        }
        this.ivTrustStoreName = ObjectGridUtil.replaceVar(str.trim(), null);
        this.ivTrustStoreName = new File(this.ivTrustStoreName).getAbsolutePath();
        if (File.separatorChar == '\\') {
            this.ivTrustStoreName = this.ivTrustStoreName.replace(File.separatorChar, '/');
        }
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getTrustStorePassword() {
        return this.ivTrustStorePassword;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setTrustStorePassword(String str) {
        this.ivTrustStorePassword = PasswordUtil.passwordDecode(str);
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getTrustStoreType() {
        return this.ivTrustStoreType;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setTrustStoreType(String str) {
        this.ivTrustStoreType = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getProtocol() {
        return this.ivProtocol;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setProtocol(String str) {
        this.ivProtocol = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getContextProvider() {
        return this.ivJsseProvider;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setContextProvider(String str) {
        this.ivJsseProvider = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getCertReqSubjectDN() {
        return this.ivCertReqSubjectDN;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setCertReqSubjectDN(String str) {
        this.ivCertReqSubjectDN = str;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public boolean equals(SSLConfiguration sSLConfiguration) {
        if (this == sSLConfiguration) {
            return true;
        }
        if (sSLConfiguration == null || !(sSLConfiguration instanceof SSLConfigurationImpl)) {
            return false;
        }
        SSLConfigurationImpl sSLConfigurationImpl = (SSLConfigurationImpl) sSLConfiguration;
        return checkEquals(this.ivAlias, sSLConfigurationImpl.ivAlias) && checkEquals(this.ivJsseProvider, sSLConfigurationImpl.ivJsseProvider) && checkEquals(this.ivKeyStoreName, sSLConfigurationImpl.ivKeyStoreName) && checkEquals(this.ivKeyStorePassword, sSLConfigurationImpl.ivKeyStorePassword) && checkEquals(this.ivKeyStoreType, sSLConfigurationImpl.ivKeyStoreType) && checkEquals(this.ivTrustStoreName, sSLConfigurationImpl.ivTrustStoreName) && checkEquals(this.ivTrustStorePassword, sSLConfigurationImpl.ivTrustStorePassword) && checkEquals(this.ivTrustStoreType, sSLConfigurationImpl.ivTrustStoreType) && checkEquals(this.ivProtocol, sSLConfigurationImpl.ivProtocol) && checkEquals(this.ivCertReqSubjectDN, sSLConfigurationImpl.ivCertReqSubjectDN) && checkEquals(this.ivSP800_131, sSLConfigurationImpl.ivSP800_131) && this.ivFips == sSLConfigurationImpl.ivFips;
    }

    public String toString() {
        return toString("");
    }

    public String propsToString(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty(Platform.PREF_LINE_SEPARATOR);
        stringBuffer.append(str).append("alias=").append(this.ivAlias).append(property).append(str).append("jsseProvider=").append(this.ivJsseProvider).append(property).append(str).append("keyStoreName=").append(this.ivKeyStoreName).append(property).append(str).append("keyStoreType=").append(this.ivKeyStoreType).append(property).append(str).append("keyStorePassword=xxxxxx").append(property).append(str).append("trustStoreName=").append(this.ivTrustStoreName).append(property).append(str).append("trustStoreType=").append(this.ivTrustStoreType).append(property).append(str).append("trustStorePassword=xxxxxx").append(property).append(str).append("protocol=").append(this.ivProtocol).append(property).append(str).append("certReqSubjectDN=").append(this.ivCertReqSubjectDN).append(property).append(str).append("SP800_131=").append(this.ivSP800_131).append(property).append(str).append("FIPS=").append(Boolean.toString(this.ivFips)).append(property).append(str);
        return stringBuffer.toString();
    }

    public SSLClientProps getSslClientProps() {
        return this.ivSslClientProps;
    }

    public void setSslClientProps(SSLClientProps sSLClientProps) {
        this.ivSslClientProps = sSLClientProps;
    }

    public String toString(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("SSLConfigurationImpl[").append(System.getProperty(Platform.PREF_LINE_SEPARATOR)).append(str).append(propsToString(str)).append(Constantdef.RIGHTSB);
        return stringBuffer.toString();
    }

    private final boolean checkEquals(String str, String str2) {
        return str == null ? str2 == null : str.equals(str2);
    }

    public void setSP800Mode(String str) {
        this.ivSP800_131 = str;
    }

    public void setFips(boolean z) {
        this.ivFips = z;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public boolean getFips() {
        return this.ivFips;
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public String getSP800Mode() {
        return this.ivSP800_131;
    }

    @Override // com.ibm.ws.ffdc.FFDCSelfIntrospectable
    public String[] introspectSelf() {
        return new String[]{"alias=" + this.ivAlias, "jsseProvider=" + this.ivJsseProvider, "keyStoreName=" + this.ivKeyStoreName, "keyStoreType=" + this.ivKeyStoreType, "keyStorePassword=xxxxxx", "trustStoreName=" + this.ivTrustStoreName, "trustStoreType=" + this.ivTrustStoreType, "trustStorePassword=xxxxxx", "protocol=" + this.ivProtocol, "certReqSubjectDN=" + this.ivCertReqSubjectDN, "SP800-131=" + this.ivSP800_131, "FIPS=" + this.ivFips};
    }

    @Override // com.ibm.websphere.objectgrid.security.config.SSLConfiguration
    public void setProperties(final Properties properties) {
        String clean = SecurityUtil.clean((String) properties.get("alias"));
        if (clean != null && clean.length() > 0) {
            setAlias(clean);
        }
        String clean2 = SecurityUtil.clean((String) properties.get("contextProvider"));
        if (clean2 != null && clean2.length() > 0) {
            setContextProvider(clean2);
        }
        String clean3 = SecurityUtil.clean((String) properties.get("protocol"));
        if (clean3 != null && clean3.length() > 0) {
            setProtocol(clean3);
        }
        String clean4 = SecurityUtil.clean((String) properties.get("keyStoreType"));
        if (clean4 != null && clean4.length() > 0) {
            setKeyStoreType(clean4);
        }
        String clean5 = SecurityUtil.clean((String) properties.get("keyStore"));
        if (clean5 != null && clean5.length() > 0) {
            if (clean5.indexOf("$") >= 0) {
                setKeyStore(ObjectGridUtil.replaceVar(clean5, TC));
            } else {
                setKeyStore(clean5);
            }
        }
        String clean6 = SecurityUtil.clean((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.config.SSLConfigurationImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return properties.getProperty("keyStorePassword");
            }
        }));
        if (clean6 != null && clean6.length() > 0) {
            String passwordDecode = PasswordUtil.passwordDecode(clean6);
            if (passwordDecode == null) {
                Tr.warning(TC, NLSConstants.UNSUPPORTED_ENCODE_ALGORITHM_CWOBJ1317W, new Object[]{"keyStorePassword", PasswordUtil.getCryptoAlgorithm(clean6)});
            } else {
                setKeyStorePassword(passwordDecode);
            }
        }
        String clean7 = SecurityUtil.clean((String) properties.get("trustStoreType"));
        if (clean7 != null && clean7.length() > 0) {
            setTrustStoreType(clean7);
        }
        String clean8 = SecurityUtil.clean((String) properties.get("trustStore"));
        if (clean8 != null && clean8.length() > 0) {
            if (clean8.indexOf("$") >= 0) {
                setTrustStore(ObjectGridUtil.replaceVar(clean8, TC));
            } else {
                setTrustStore(clean8);
            }
        }
        String clean9 = SecurityUtil.clean((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.config.SSLConfigurationImpl.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                return properties.getProperty("trustStorePassword");
            }
        }));
        if (clean9 != null && clean9.length() > 0) {
            String passwordDecode2 = PasswordUtil.passwordDecode(clean9);
            if (passwordDecode2 == null) {
                Tr.warning(TC, NLSConstants.UNSUPPORTED_ENCODE_ALGORITHM_CWOBJ1317W, new Object[]{"trustStorePassword", PasswordUtil.getCryptoAlgorithm(clean9)});
            } else {
                setTrustStorePassword(passwordDecode2);
            }
        }
        String clean10 = SecurityUtil.clean((String) properties.get("trustStoreType"));
        if (clean10 != null && clean10.length() > 0) {
            setTrustStoreType(clean10);
        }
        String clean11 = SecurityUtil.clean((String) properties.remove("certReqSubjectDN"));
        if (clean11 != null && clean11.length() > 0) {
            setCertReqSubjectDN(clean11.trim());
        }
        setupFIPS_SP800(properties);
    }

    private void setupFIPS_SP800(Properties properties) {
        if (TC.isEntryEnabled()) {
            Tr.entry(TC, "setupFIPS_SP800 sslConfiguration is", new Object[]{this, properties});
        }
        String property = System.getProperty("com.ibm.jsse2.sp800-131");
        String property2 = System.getProperty("com.ibm.jsse2.usefipsprovider");
        String property3 = System.getProperty(com.ibm.ws.ssl.core.Constants.COM_IBM_JSSE2_USEFIPS);
        if (TC.isDebugEnabled()) {
            Tr.debug(TC, "setupFIPS_SP800 jvm properties", new Object[]{property, property2});
        }
        String clean = SecurityUtil.clean((String) properties.get("SP800-131"));
        if (TC.isDebugEnabled()) {
            Tr.debug(TC, "setupFIPS_SP800 security server property file sp800-131= ", clean);
        }
        if (property != null && !property.equals("")) {
            if (clean != null) {
                Tr.info(TC, NLSConstants.JVM_PROPERTY_OVERRIDES_SERVER_PROPERTY_CWOBJ0075I, new Object[]{"com.ibm.jsse2.sp800-131", property, "SP800-131", clean});
            }
            if (TC.isDebugEnabled()) {
                Tr.debug(TC, "setting ServerSSLConfigurationImpl from JVM property", property);
            }
            setSP800Mode(property);
        } else if (clean != null) {
            if (RuntimeInfo.instance().isWASInstall()) {
                Tr.info(TC, NLSConstants.JVM_PROPERTY_SERVER_PROPERTY_MISMATCH_CWOBJ0076E, new Object[]{"com.ibm.jsse2.sp800-131", property, "SP800-131", clean});
                if (TC.isDebugEnabled()) {
                    Tr.debug(TC, "JVM property needs to match security server property", clean);
                }
            } else {
                setSP800Mode(clean);
                if ((clean.equalsIgnoreCase(SecurityConstants.SP800_131_OFF) || clean.equalsIgnoreCase("strict") || clean.equalsIgnoreCase("transition")) && getContextProvider().endsWith("IBMJSSE2")) {
                    if (TC.isDebugEnabled()) {
                        Tr.debug(TC, "setting com.ibm.jsse2.sp800-131 from security server properties to ", clean);
                    }
                    System.setProperty("com.ibm.jsse2.sp800-131", clean);
                }
            }
        }
        String clean2 = SecurityUtil.clean((String) properties.get(FIPS));
        if (TC.isDebugEnabled()) {
            Tr.debug(TC, "setupFIPS_SP800 FIPS= ", clean2);
        }
        if (("true".equalsIgnoreCase(property2) || "true".equalsIgnoreCase(clean2) || "true".equalsIgnoreCase(property3)) && com.ibm.ws.ssl.core.Constants.TLSV1_2.equalsIgnoreCase(this.ivProtocol)) {
            Tr.info(TC, NLSConstants.XS_DOESNT_SUPPPORT_FIPS_AND_TLSV12_CWOBJ1356W);
            System.clearProperty("com.ibm.jsse2.usefipsprovider");
            if (property3 != null) {
                System.clearProperty(com.ibm.ws.ssl.core.Constants.COM_IBM_JSSE2_USEFIPS);
            }
        } else {
            if (property2 != null) {
                if (clean2 != null) {
                    Tr.info(TC, NLSConstants.JVM_PROPERTY_OVERRIDES_SERVER_PROPERTY_CWOBJ0075I, new Object[]{"com.ibm.jsse2.usefipsprovider", property2, FIPS, clean2});
                }
                setFips(Boolean.valueOf(property2).booleanValue());
            }
            if (!"true".equalsIgnoreCase(property2) && "true".equalsIgnoreCase(clean2)) {
                if (RuntimeInfo.instance().isWASInstall()) {
                    Tr.info(TC, NLSConstants.JVM_PROPERTY_SERVER_PROPERTY_MISMATCH_CWOBJ0076E, new Object[]{"com.ibm.jsse2.usefipsprovider", property2, FIPS, clean2});
                    if (TC.isDebugEnabled()) {
                        Tr.debug(TC, "JVM fips properties need to match security server properties, FIPS will not be enabled", clean2);
                    }
                } else {
                    setFips(Boolean.valueOf(clean2).booleanValue());
                    if (TC.isDebugEnabled()) {
                        Tr.debug(TC, "setting FIPS JVM properties from security server properties", clean2);
                    }
                }
            }
            if (this.ivFips && getContextProvider().endsWith("IBMJSSE2")) {
                if (TC.isDebugEnabled()) {
                    Tr.debug(TC, "setting up FIPS JVM properties for XIO and WAS security code to use");
                }
                System.setProperty("com.ibm.security.useFIPS", "true");
                System.setProperty("com.ibm.jsse2.usefipsprovider", "true");
            }
        }
        if (ServerStateUtility.getTransportType() == XsTransportType.ORB && this.ivFips && this.ivSP800_131 != null && !this.ivSP800_131.equalsIgnoreCase(SecurityConstants.SP800_131_OFF)) {
            Tr.info(TC, NLSConstants.OBJECTGRID_SECURITY_ENABLED_CWOBJ1329I);
        }
        if (TC.isEntryEnabled()) {
            Tr.exit(TC, "setupFIPS_SP800 sslConfiguration is", this);
        }
    }
}
