package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASConstants;
import com.ibm.websphere.objectgrid.security.ObjectGridSecurityException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.security.access.X509KeyManagerWrapper;
import com.ibm.ws.objectgrid.security.util.PasswordUtil;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.xs.NLSConstants;
import com.ibm.ws.xs.util.Messages;
import com.ibm.ws.xs.util.dopriv.DoPrivUtil;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.PrintWriter;
import java.lang.management.ManagementFactory;
import java.net.ServerSocket;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.osgi.framework.AdminPermission;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator.class */
public class SSLConfigValidator {
    private static final String ALIAS_KEY = "alias";
    private static final String HELLO_WORLD = "HELLO WORLD";
    private static final String KEY_STORE_KEY = "keyStore";
    private static final String KEY_STORE_PASSWORD_KEY = "keyStorePassword";
    private static final String KEY_STORE_TYPE_KEY = "keyStoreType";
    private static final String TRUST_STORE_KEY = "trustStore";
    private static final String TRUST_STORE_PASSWORD_KEY = "trustStorePassword";
    private static final String TRUST_STORE_TYPE_KEY = "trustStoreType";
    private static final String PROTOCOL_KEY = "protocol";
    private static final int TIMEOUT = 2000;
    private static final String OBFUSCATED_STRING = "xxxxxxx";
    private static final TraceComponent tc = Tr.register(SSLConfigValidator.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static volatile String CLASSPATH_CLI = DoPrivUtil.getProperty("classpath.cli");
    private static final File JAVA_EXE = new File(DoPrivUtil.getProperty("java.home") + File.separator + "bin" + File.separator + "java");
    private static final String MXBEAN_CLASSPATH = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            return ManagementFactory.getRuntimeMXBean().getClassPath();
        }
    });
    private static final Boolean FIPS_SETTING = Boolean.valueOf(DoPrivUtil.getProperty("com.ibm.jsse2.usefipsprovider"));
    private static final String SP800_SETTING = DoPrivUtil.getProperty("com.ibm.jsse2.sp800-131", com.ibm.websphere.objectgrid.security.SecurityConstants.SP800_131_OFF);
    private static final boolean IS_NIST_AVAILABLE = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.2
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf((Security.getProvider("IBMJCE") == null && Security.getProvider(com.ibm.ws.ssl.core.Constants.IBMJCEFIPS_NAME) == null) ? false : true);
        }
    })).booleanValue();
    private static final boolean IS_FIPS_AVAILABLE = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.3
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Boolean run() {
            return Boolean.valueOf(Security.getProvider(com.ibm.ws.ssl.core.Constants.IBMJCEFIPS_NAME) != null);
        }
    })).booleanValue();
    private static final String JAVAX_NET_DEBUG = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.4
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            return System.getProperty("javax.net.debug");
        }
    });

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator$SSLParameters.class */
    public static class SSLParameters {
        private String keyStorePath;
        private String keyStoreType;
        private String keyStorePassword;
        private String trustStorePath;
        private String trustStoreType;
        private String trustStorePassword;
        private String alias;
        private String protocol;
        private KeyStore keystore;
        private KeyStore truststore;

        private SSLParameters() {
            this.keyStorePath = null;
            this.keyStoreType = null;
            this.keyStorePassword = null;
            this.trustStorePath = null;
            this.trustStoreType = null;
            this.trustStorePassword = null;
            this.alias = null;
            this.protocol = null;
            this.keystore = null;
            this.truststore = null;
        }

        synchronized KeyStore loadKeystore() throws ObjectGridSecurityException {
            if (this.keystore == null) {
                try {
                    this.keystore = KeyStore.getInstance(this.keyStoreType);
                    this.keystore.load(new FileInputStream(this.keyStorePath), this.keyStorePassword.toCharArray());
                } catch (Throwable th) {
                    String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_KEYSTORE_LOAD_ERROR_CWOBJ1340E, th);
                    Tr.debug(SSLConfigValidator.tc, causalException);
                    throw new ObjectGridSecurityException(causalException, th);
                }
            }
            return this.keystore;
        }

        synchronized KeyStore loadTruststore() throws ObjectGridSecurityException {
            if (this.truststore == null) {
                try {
                    this.truststore = KeyStore.getInstance(this.trustStoreType);
                    this.truststore.load(new FileInputStream(this.trustStorePath), this.trustStorePassword.toCharArray());
                } catch (Throwable th) {
                    String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_TRUSTSTORE_LOAD_ERROR_CWOBJ1335E, th);
                    Tr.debug(SSLConfigValidator.tc, causalException);
                    throw new ObjectGridSecurityException(causalException, th);
                }
            }
            return this.truststore;
        }

        List<String> setupJVMProperties(boolean z, String str) throws ObjectGridSecurityException {
            Tr.entry(SSLConfigValidator.tc, "getSecurityProps", new Object[]{Boolean.valueOf(z), str});
            ArrayList arrayList = new ArrayList();
            if (this.keyStorePath == null) {
                String msg = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_KEYSTORE_CWOBJ1330E);
                Tr.debug(SSLConfigValidator.tc, msg);
                throw new ObjectGridSecurityException(msg);
            }
            arrayList.add("-DkeyStore=" + this.keyStorePath);
            if (this.keyStoreType == null) {
                String msg2 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_KEYSTORE_TYPE_CWOBJ1331E);
                Tr.debug(SSLConfigValidator.tc, msg2);
                throw new ObjectGridSecurityException(msg2);
            }
            arrayList.add("-DkeyStoreType=" + this.keyStoreType);
            if (this.keyStorePassword == null) {
                String msg3 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_KEYSTORE_PASSWORD_CWOBJ1332E);
                Tr.debug(SSLConfigValidator.tc, msg3);
                throw new ObjectGridSecurityException(msg3);
            }
            arrayList.add("-DkeyStorePassword=" + PasswordUtil.encode(this.keyStorePassword));
            if (this.trustStorePath != null) {
                arrayList.add("-DtrustStore=" + this.trustStorePath);
                if (this.trustStoreType == null) {
                    String msg4 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_TRUSTSTORE_TYPE_CWOBJ1333E);
                    Tr.debug(SSLConfigValidator.tc, msg4);
                    throw new ObjectGridSecurityException(msg4);
                }
                arrayList.add("-DtrustStoreType=" + this.trustStoreType);
                if (this.trustStorePassword == null) {
                    String msg5 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_TRUSTSTORE_PASSWORD_CWOBJ1334E);
                    Tr.debug(SSLConfigValidator.tc, msg5);
                    throw new ObjectGridSecurityException(msg5);
                }
                arrayList.add("-DtrustStorePassword=" + PasswordUtil.encode(this.trustStorePassword));
            }
            if (this.protocol == null) {
                String msg6 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_PROTOCOL_CWOBJ1336E);
                Tr.debug(SSLConfigValidator.tc, msg6);
                throw new ObjectGridSecurityException(msg6);
            }
            arrayList.add("-Dprotocol=" + this.protocol);
            if (this.alias != null) {
                arrayList.add("-Dalias=" + this.alias);
            }
            if (z && !SSLConfigValidator.IS_FIPS_AVAILABLE) {
                String msg7 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_FIPS_PROVIDER_CWOBJ1337E);
                Tr.debug(SSLConfigValidator.tc, msg7);
                throw new ObjectGridSecurityException(msg7);
            }
            arrayList.add("-Dcom.ibm.jsse2.usefipsprovider=" + z);
            if (str != null) {
                if (!SSLConfigValidator.IS_NIST_AVAILABLE) {
                    String msg8 = Messages.getMsg(NLSConstants.SSL_VALIDATION_NO_SP800_PROVIDER_CWOBJ1339E);
                    Tr.debug(SSLConfigValidator.tc, msg8);
                    throw new ObjectGridSecurityException(msg8);
                }
                if (!com.ibm.websphere.objectgrid.security.SecurityConstants.SP800_131_OFF.equalsIgnoreCase(str) && !"transition".equalsIgnoreCase(str) && !"strict".equalsIgnoreCase(str)) {
                    String msg9 = Messages.getMsg(NLSConstants.SSL_VALIDATION_SP800_131_BAD_OPTION_CWOBJ1338E, str);
                    Tr.debug(SSLConfigValidator.tc, msg9);
                    throw new ObjectGridSecurityException(msg9);
                }
            }
            arrayList.add("-Dcom.ibm.jsse2.sp800-131=" + (str == null ? com.ibm.websphere.objectgrid.security.SecurityConstants.SP800_131_OFF : str.toLowerCase()));
            if (SSLConfigValidator.JAVAX_NET_DEBUG != null) {
                arrayList.add("-Djavax.net.debug=" + SSLConfigValidator.JAVAX_NET_DEBUG);
            }
            loadKeystore();
            if (this.trustStorePath != null) {
                loadTruststore();
            }
            Tr.exit(SSLConfigValidator.tc, "getSecurityProps");
            return arrayList;
        }

        public String toString() {
            return "{keyStorePath=" + this.keyStorePath + ", keyStoreType=" + this.keyStoreType + ", keyStorePassword=" + SSLConfigValidator.OBFUSCATED_STRING + ", trustStorePath=" + this.trustStorePath + ", trustStoreType=" + this.trustStoreType + ", trustStorePassword=" + SSLConfigValidator.OBFUSCATED_STRING + ", protocol=" + this.protocol + "}";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator$StreamGobbler.class */
    public static class StreamGobbler extends Thread {
        private Process process;

        StreamGobbler(Process process) {
            this.process = process;
            setDaemon(true);
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            Tr.debug(SSLConfigValidator.tc, "Starting process stream gobbler.");
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.process.getInputStream()));
            boolean z = false;
            while (!z) {
                try {
                    try {
                        this.process.exitValue();
                        z = true;
                        try {
                            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                                Tr.debug(SSLConfigValidator.tc, "Process output: " + readLine);
                            }
                        } catch (IOException e) {
                            if (SSLConfigValidator.tc.isWarningEnabled()) {
                                Tr.debug(SSLConfigValidator.tc, "Error consuming process standard out: " + e);
                            }
                        }
                    } catch (IllegalThreadStateException e2) {
                        try {
                            for (String readLine2 = bufferedReader.readLine(); readLine2 != null; readLine2 = bufferedReader.readLine()) {
                                Tr.debug(SSLConfigValidator.tc, "Process output: " + readLine2);
                            }
                        } catch (IOException e3) {
                            if (SSLConfigValidator.tc.isWarningEnabled()) {
                                Tr.debug(SSLConfigValidator.tc, "Error consuming process standard out: " + e3);
                            }
                        }
                    } catch (Throwable th) {
                        try {
                            for (String readLine3 = bufferedReader.readLine(); readLine3 != null; readLine3 = bufferedReader.readLine()) {
                                Tr.debug(SSLConfigValidator.tc, "Process output: " + readLine3);
                            }
                        } catch (IOException e4) {
                            if (SSLConfigValidator.tc.isWarningEnabled()) {
                                Tr.debug(SSLConfigValidator.tc, "Error consuming process standard out: " + e4);
                            }
                        }
                        throw th;
                        break;
                    }
                } catch (Throwable th2) {
                    if (SSLConfigValidator.tc.isWarningEnabled()) {
                        Tr.debug(SSLConfigValidator.tc, "Unknown error in stream gobbler: " + th2);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator$TestProcess.class */
    public static class TestProcess {
        private static final String CLASS_NAME = TestProcess.class.getName();
        private static final TraceComponent tc = Tr.register(TestProcess.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator$TestProcess$ClientCallable.class */
        public static class ClientCallable implements Callable<Void> {
            private static final TraceComponent tc = Tr.register(ClientCallable.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
            private final SSLContext sslContext;
            private final int port;

            private ClientCallable(SSLContext sSLContext, int i) {
                Tr.entry(tc, "ClientCallable", new Object[]{sSLContext, Integer.valueOf(i)});
                this.sslContext = sSLContext;
                this.port = i;
                Tr.exit(tc, "ClientCallable");
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws ObjectGridSecurityException {
                ObjectGridSecurityException objectGridSecurityException;
                Tr.entry(tc, "call");
                try {
                    SSLSocket sSLSocket = (SSLSocket) AccessController.doPrivileged(new PrivilegedExceptionAction<SSLSocket>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.TestProcess.ClientCallable.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public SSLSocket run() throws IOException {
                            return (SSLSocket) ClientCallable.this.sslContext.getSocketFactory().createSocket("localhost", ClientCallable.this.port);
                        }
                    });
                    try {
                        try {
                            sSLSocket.setSoTimeout(SSLConfigValidator.TIMEOUT);
                            sSLSocket.startHandshake();
                            PrintWriter printWriter = new PrintWriter(sSLSocket.getOutputStream());
                            printWriter.println(SSLConfigValidator.HELLO_WORLD);
                            printWriter.flush();
                            Tr.exit(tc, "call");
                            return null;
                        } finally {
                        }
                    } finally {
                        try {
                            sSLSocket.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Throwable th) {
                    String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_CLIENT_CONNECT_ERROR_CWOBJ1350E, th);
                    Tr.debug(tc, causalException);
                    throw new ObjectGridSecurityException(causalException, th);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/ibm/ws/objectgrid/security/SSLConfigValidator$TestProcess$ServerCallable.class */
        public static class ServerCallable implements Callable<Void> {
            private static final TraceComponent tc = Tr.register(ServerCallable.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
            private final ServerSocket serverSocket;

            private ServerCallable(final SSLContext sSLContext) throws ObjectGridSecurityException {
                Tr.entry(tc, "ServerCallable", sSLContext);
                try {
                    this.serverSocket = (ServerSocket) AccessController.doPrivileged(new PrivilegedExceptionAction<ServerSocket>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.TestProcess.ServerCallable.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public ServerSocket run() throws IOException {
                            return sSLContext.getServerSocketFactory().createServerSocket(0);
                        }
                    });
                    Tr.exit(tc, "ServerCallable");
                } catch (Throwable th) {
                    String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_SERVER_BIND_ERROR_CWOBJ1352E, th);
                    Tr.debug(tc, causalException);
                    throw new ObjectGridSecurityException(causalException, th);
                }
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws ObjectGridSecurityException {
                ObjectGridSecurityException objectGridSecurityException;
                Tr.entry(tc, "call");
                try {
                    this.serverSocket.setSoTimeout(SSLConfigValidator.TIMEOUT);
                    SSLSocket sSLSocket = (SSLSocket) AccessController.doPrivileged(new PrivilegedExceptionAction<SSLSocket>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.TestProcess.ServerCallable.2
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public SSLSocket run() throws IOException {
                            return (SSLSocket) ServerCallable.this.serverSocket.accept();
                        }
                    });
                    try {
                        try {
                            sSLSocket.setSoTimeout(SSLConfigValidator.TIMEOUT);
                            String readLine = new BufferedReader(new InputStreamReader(sSLSocket.getInputStream())).readLine();
                            if (SSLConfigValidator.HELLO_WORLD.equals(String.valueOf(readLine))) {
                                Tr.exit(tc, "call");
                                return null;
                            }
                            String msg = Messages.getMsg(NLSConstants.SSL_VALIDATION_SERVER_WRONG_DATA_CWOBJ1355E, readLine);
                            Tr.debug(tc, msg);
                            throw new ObjectGridSecurityException(msg);
                        } finally {
                        }
                    } finally {
                        try {
                            sSLSocket.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Throwable th) {
                    String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_SERVER_ACCEPT_ERROR_CWOBJ1353E, th);
                    Tr.debug(tc, causalException);
                    throw new ObjectGridSecurityException(causalException, th);
                }
            }
        }

        public static void main(String[] strArr) {
            Tr.entry(tc, "main", strArr);
            SecurityUtility.disableTLSAlgorithms();
            File file = new File(System.getProperty("file"));
            try {
                SSLParameters sSLParameters = new SSLParameters();
                sSLParameters.keyStorePath = System.getProperty("keyStore");
                sSLParameters.keyStoreType = System.getProperty("keyStoreType");
                sSLParameters.keyStorePassword = System.getProperty("keyStorePassword");
                sSLParameters.trustStorePath = System.getProperty("trustStore");
                sSLParameters.trustStoreType = System.getProperty("trustStoreType");
                sSLParameters.trustStorePassword = System.getProperty("trustStorePassword");
                sSLParameters.alias = System.getProperty("alias");
                sSLParameters.protocol = System.getProperty("protocol");
                sSLParameters.keyStorePassword = PasswordUtil.decode(sSLParameters.keyStorePassword);
                if (sSLParameters.trustStorePassword != null) {
                    sSLParameters.trustStorePassword = PasswordUtil.decode(sSLParameters.trustStorePassword);
                }
                execute(sSLParameters);
            } catch (ObjectGridSecurityException e) {
                try {
                    try {
                        SSLConfigValidator.writeExceptionToDisk(e, file);
                        Tr.exit(tc, "main", 1);
                        System.exit(1);
                    } catch (Throwable th) {
                        Tr.exit(tc, "main", 1);
                        System.exit(1);
                        throw th;
                    }
                } catch (ObjectGridSecurityException e2) {
                    FFDCFilter.processException(e2, CLASS_NAME + ".main", "669");
                    Tr.exit(tc, "main", 1);
                    System.exit(1);
                }
            }
            Tr.exit(tc, "main", 0);
            System.exit(0);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void execute(SSLParameters sSLParameters) throws ObjectGridSecurityException {
            Tr.entry(tc, AdminPermission.EXECUTE, new Object[]{sSLParameters});
            SSLContext createSSLContext = SSLConfigValidator.createSSLContext(sSLParameters);
            final ExecutorService newCachedThreadPool = Executors.newCachedThreadPool();
            ServerCallable serverCallable = new ServerCallable(createSSLContext);
            ClientCallable clientCallable = new ClientCallable(createSSLContext, serverCallable.serverSocket.getLocalPort());
            Future submit = newCachedThreadPool.submit(serverCallable);
            Future submit2 = newCachedThreadPool.submit(clientCallable);
            try {
                try {
                    submit.get();
                    submit2.get();
                    AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.TestProcess.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Void run() {
                            newCachedThreadPool.shutdownNow();
                            return null;
                        }
                    });
                    Tr.exit(tc, AdminPermission.EXECUTE);
                } catch (Throwable th) {
                    ObjectGridSecurityException objectGridSecurityException = null;
                    if ((th instanceof ExecutionException) && (th.getCause() instanceof ObjectGridSecurityException)) {
                        objectGridSecurityException = (ObjectGridSecurityException) th.getCause();
                    }
                    if (objectGridSecurityException == null) {
                        String causalException = SSLConfigValidator.getCausalException(NLSConstants.SSL_VALIDATION_UNEXPECTED_EXCEPTION_CWOBJ1349E, th);
                        Tr.debug(tc, causalException);
                        objectGridSecurityException = new ObjectGridSecurityException(causalException, th);
                    }
                    Tr.debug(tc, objectGridSecurityException.getMessage());
                    throw objectGridSecurityException;
                }
            } catch (Throwable th2) {
                AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.TestProcess.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Void run() {
                        newCachedThreadPool.shutdownNow();
                        return null;
                    }
                });
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SSLContext createSSLContext(SSLParameters sSLParameters) throws ObjectGridSecurityException {
        Tr.entry(tc, "createSSLContext", new Object[]{sSLParameters});
        KeyStore loadKeystore = sSLParameters.loadKeystore();
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(getSecurityProperty(SecurityConstants.KEY_MANAGER_FACTORY_ALG_KEY));
            keyManagerFactory.init(loadKeystore, sSLParameters.keyStorePassword.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (sSLParameters.alias != null && !sSLParameters.alias.isEmpty()) {
                if (!loadKeystore.containsAlias(sSLParameters.alias)) {
                    String msg = Messages.getMsg(NLSConstants.SSL_VALIDATION_ALIAS_NOT_IN_KEYSTORE_CWOBJ1343E, sSLParameters.alias);
                    Tr.debug(tc, msg);
                    throw new ObjectGridSecurityException(msg);
                }
                KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
                for (int i = 0; i < keyManagers.length; i++) {
                    if (keyManagers[i] instanceof X509KeyManager) {
                        keyManagerArr[i] = new X509KeyManagerWrapper((X509KeyManager) keyManagers[i], sSLParameters.alias);
                    } else {
                        keyManagerArr[i] = keyManagers[i];
                    }
                }
                keyManagers = keyManagerArr;
            }
            try {
                SSLContext sSLContext = CoreSecurityUtil.getSSLContext(keyManagers, getTrustManager(sSLParameters), sSLParameters.protocol, null, true);
                Tr.exit(tc, "createSSLContext", sSLContext);
                return sSLContext;
            } catch (Throwable th) {
                String causalException = getCausalException(NLSConstants.SSL_VALIDATION_SSL_CONTEXT_ERROR_CWOBJ1344E, th);
                Tr.debug(tc, causalException);
                throw new ObjectGridSecurityException(causalException, th);
            }
        } catch (Throwable th2) {
            String causalException2 = getCausalException(NLSConstants.SSL_VALIDATION_KEY_MANAGER_FACTORY_ERROR_CWOBJ1341E, th2);
            Tr.debug(tc, causalException2);
            throw new ObjectGridSecurityException(causalException2, th2);
        }
    }

    private static List<String> getClassPath(final boolean z) {
        Tr.entry(tc, "getClassPath", Boolean.valueOf(z));
        List<String> list = (List) AccessController.doPrivileged(new PrivilegedAction<List<String>>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public List<String> run() {
                ArrayList arrayList = new ArrayList();
                String path = z ? SSLConfigValidator.class.getProtectionDomain().getCodeSource().getLocation().getPath() : SSLConfigValidator.MXBEAN_CLASSPATH;
                arrayList.add("-cp");
                if (SSLConfigValidator.CLASSPATH_CLI == null) {
                    String unused = SSLConfigValidator.CLASSPATH_CLI = DoPrivUtil.getProperty("classpath.cli");
                }
                if (SSLConfigValidator.CLASSPATH_CLI == null || SSLConfigValidator.CLASSPATH_CLI.isEmpty()) {
                    arrayList.add(path);
                } else {
                    arrayList.add(path + File.pathSeparator + SSLConfigValidator.CLASSPATH_CLI);
                }
                String property = DoPrivUtil.getProperty("java.ext.dirs");
                if (property != null) {
                    arrayList.add("-Djava.ext.dirs=" + property);
                }
                String property2 = DoPrivUtil.getProperty("java.endorsed.dirs");
                if (property2 != null) {
                    arrayList.add("-Djava.endorsed.dirs=" + property2);
                }
                return arrayList;
            }
        });
        Tr.exit(tc, "getClassPath", list);
        return list;
    }

    private static TrustManager[] getTrustManager(SSLParameters sSLParameters) throws ObjectGridSecurityException {
        TrustManager[] trustManagerArr;
        Tr.entry(tc, "getTrustManager", sSLParameters);
        if (sSLParameters.trustStorePath != null) {
            KeyStore loadTruststore = sSLParameters.loadTruststore();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(getSecurityProperty(SecurityConstants.TRUST_MANAGER_FACTORY_ALG_KEY));
                trustManagerFactory.init(loadTruststore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Throwable th) {
                Tr.debug(tc, getCausalException(NLSConstants.SSL_VALIDATION_TRUST_MANAGER_FACTORY_ERROR_CWOBJ1342E, th));
                throw new ObjectGridSecurityException();
            }
        } else {
            trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.6
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }};
        }
        Tr.exit(tc, "getTrustManager");
        return trustManagerArr;
    }

    private static void testCurrentJVM(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws ObjectGridSecurityException {
        Tr.entry(tc, "testCurrentJVM", new Object[]{str, str2, OBFUSCATED_STRING, str4, str5, OBFUSCATED_STRING, str7, str8});
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.keyStorePath = str;
        sSLParameters.keyStoreType = str2;
        sSLParameters.keyStorePassword = str3;
        sSLParameters.trustStorePath = str4;
        sSLParameters.trustStoreType = str5;
        sSLParameters.trustStorePassword = str6;
        sSLParameters.alias = str7;
        sSLParameters.protocol = str8;
        sSLParameters.setupJVMProperties(false, null);
        TestProcess.execute(sSLParameters);
        Tr.exit(tc, "testCurrentJVM");
    }

    private static void testNewJVM(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, boolean z, String str9, boolean z2) throws ObjectGridSecurityException {
        final File file;
        Tr.entry(tc, "testNewJVM", new Object[]{str, str2, OBFUSCATED_STRING, str4, str5, OBFUSCATED_STRING, str7, str8, Boolean.valueOf(z), str9, Boolean.valueOf(z2)});
        try {
            try {
                file = (File) AccessController.doPrivileged(new PrivilegedExceptionAction<File>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.7
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public File run() throws Exception {
                        File createTempFile = File.createTempFile(RASConstants.KEY_EXCEPTION, ".ser");
                        createTempFile.deleteOnExit();
                        return createTempFile;
                    }
                });
                try {
                    SSLParameters sSLParameters = new SSLParameters();
                    sSLParameters.keyStorePath = str;
                    sSLParameters.keyStoreType = str2;
                    sSLParameters.keyStorePassword = str3;
                    sSLParameters.trustStorePath = str4;
                    sSLParameters.trustStoreType = str5;
                    sSLParameters.trustStorePassword = str6;
                    sSLParameters.alias = str7;
                    sSLParameters.protocol = str8;
                    List<String> list = sSLParameters.setupJVMProperties(z, str9);
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(JAVA_EXE.getAbsolutePath());
                    arrayList.addAll(getClassPath(z2));
                    arrayList.addAll(list);
                    arrayList.add("-Dfile=" + file.getAbsolutePath());
                    arrayList.add(TestProcess.class.getName());
                    final ProcessBuilder processBuilder = new ProcessBuilder(new String[0]);
                    processBuilder.command(arrayList);
                    processBuilder.redirectErrorStream(true);
                    Process process = (Process) AccessController.doPrivileged(new PrivilegedExceptionAction<Process>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.8
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public Process run() throws Exception {
                            return processBuilder.start();
                        }
                    });
                    new StreamGobbler(process).start();
                    if (waitForProcess(process) != 0) {
                        try {
                            ObjectGridSecurityException objectGridSecurityException = (ObjectGridSecurityException) AccessController.doPrivileged(new PrivilegedExceptionAction<ObjectGridSecurityException>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.9
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.security.PrivilegedExceptionAction
                                public ObjectGridSecurityException run() throws Exception {
                                    ObjectInputStream objectInputStream = null;
                                    try {
                                        objectInputStream = new ObjectInputStream(new FileInputStream(file));
                                        ObjectGridSecurityException objectGridSecurityException2 = (ObjectGridSecurityException) objectInputStream.readObject();
                                        if (objectInputStream != null) {
                                            try {
                                                objectInputStream.close();
                                            } catch (IOException e) {
                                            }
                                        }
                                        return objectGridSecurityException2;
                                    } catch (Throwable th) {
                                        if (objectInputStream != null) {
                                            try {
                                                objectInputStream.close();
                                            } catch (IOException e2) {
                                            }
                                        }
                                        throw th;
                                    }
                                }
                            });
                            if (objectGridSecurityException != null) {
                                throw translateExceptionIfNeeded(str9, objectGridSecurityException);
                            }
                        } catch (Throwable th) {
                            String causalException = getCausalException(NLSConstants.SSL_VALIDATION_READ_RESULT_ERROR_CWOBJ1347E, th);
                            Tr.debug(tc, causalException, th);
                            throw new ObjectGridSecurityException(causalException, th);
                        }
                    }
                    AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.10
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedAction
                        public Void run() {
                            file.delete();
                            return null;
                        }
                    });
                    Tr.exit(tc, "testNewJVM");
                } catch (Throwable th2) {
                    String causalException2 = getCausalException(NLSConstants.SSL_VALIDATION_START_TEST_ERROR_CWOBJ1346E, th2);
                    Tr.debug(tc, causalException2, th2);
                    throw new ObjectGridSecurityException(causalException2, th2);
                }
            } catch (Throwable th3) {
                String causalException3 = getCausalException(NLSConstants.SSL_VALIDATION_CREATE_RESULT_ERROR_CWOBJ1345E, th3);
                Tr.debug(tc, causalException3, th3);
                throw new ObjectGridSecurityException(causalException3, th3);
            }
        } catch (Throwable th4) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.10
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    file.delete();
                    return null;
                }
            });
            throw th4;
        }
    }

    private static ObjectGridSecurityException translateExceptionIfNeeded(String str, ObjectGridSecurityException objectGridSecurityException) {
        return ((objectGridSecurityException.getCause() instanceof SSLHandshakeException) && str != null && (str.equalsIgnoreCase("STRICT") || str.equalsIgnoreCase("TRANSITION"))) ? new ObjectGridSecurityException(Messages.getMsg(NLSConstants.SSL_VALIDATION_SP800_131_BAD_CERTIFICATE_CWOBJ1329E, str), objectGridSecurityException.getCause()) : objectGridSecurityException;
    }

    public static void validate(String str, String str2, String str3, String str4, String str5, boolean z, String str6, boolean z2) throws ObjectGridSecurityException {
        validate(str, str2, str3, null, null, null, str4, str5, z, str6, z2);
    }

    public static void validate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, boolean z, String str9, boolean z2) throws ObjectGridSecurityException {
        Tr.entry(tc, AuditConstants.VALIDATE, new Object[]{str, str2, OBFUSCATED_STRING, str4, str5, OBFUSCATED_STRING, str7, str8, Boolean.valueOf(z), str9, Boolean.valueOf(z2)});
        if (z == FIPS_SETTING.booleanValue() && SP800_SETTING.equalsIgnoreCase(str9)) {
            testCurrentJVM(str, str2, str3, str4, str5, str6, str7, str8);
        } else {
            testNewJVM(str, str2, str3, str4, str5, str6, str7, str8, z, str9, z2);
        }
        Tr.exit(tc, AuditConstants.VALIDATE);
    }

    private static int waitForProcess(Process process) {
        Tr.entry(tc, "waitForProcess");
        boolean z = false;
        int i = -1;
        while (!z) {
            try {
                i = process.exitValue();
                z = true;
            } catch (IllegalThreadStateException e) {
            }
            if (!z) {
                try {
                    Thread.sleep(50L);
                } catch (InterruptedException e2) {
                }
            }
        }
        Tr.exit(tc, "waitForProcess", Integer.valueOf(i));
        return i;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void writeExceptionToDisk(final ObjectGridSecurityException objectGridSecurityException, final File file) throws ObjectGridSecurityException {
        Tr.entry(tc, "writeExceptionToDisk", new Object[]{objectGridSecurityException, file});
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.11
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    ObjectOutputStream objectOutputStream = null;
                    try {
                        objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
                        objectOutputStream.writeObject(objectGridSecurityException);
                        if (objectOutputStream != null) {
                            try {
                                objectOutputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return null;
                    } catch (Throwable th) {
                        if (objectOutputStream != null) {
                            try {
                                objectOutputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        throw th;
                    }
                }
            });
            Tr.exit(tc, "writeExceptionToDisk");
        } catch (Throwable th) {
            String causalException = getCausalException(NLSConstants.SSL_VALIDATION_WRITE_RESULT_ERROR_CWOBJ1348E, th);
            Tr.debug(tc, causalException, th);
            throw new ObjectGridSecurityException(causalException, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getCausalException(String str, Throwable th) {
        Throwable th2 = th;
        while (true) {
            Throwable th3 = th2;
            if (th3.getCause() == null) {
                return Messages.getMsg(str, th3);
            }
            th2 = th3.getCause();
        }
    }

    private static String getSecurityProperty(final String str) {
        return (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.objectgrid.security.SSLConfigValidator.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return Security.getProperty(str);
            }
        });
    }
}
