package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.ObjectGridRuntimeException;
import com.ibm.websphere.objectgrid.security.config.ClientSecurityConfiguration;
import com.ibm.websphere.objectgrid.security.config.SSLConfiguration;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.SessionImpl;
import com.ibm.ws.objectgrid.naming.LocationServiceFactory;
import com.ibm.ws.objectgrid.runtime.RuntimeInfo;
import com.ibm.ws.objectgrid.runtime.context.ClientSecurityContext;
import com.ibm.ws.objectgrid.security.config.ServerSSLConfiguration;
import com.ibm.ws.objectgrid.security.config.ServerSecurityConfiguration;
import com.ibm.ws.objectgrid.security.util.PasswordUtil;
import com.ibm.ws.objectgrid.server.ServerPropertiesImpl;
import com.ibm.ws.objectgrid.util.ObjectGridUtil;
import com.ibm.ws.objectgrid.util.UUID;
import com.ibm.ws.xs.util.dopriv.DoPrivUtil;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.security.auth.Subject;
import org.omg.CORBA.ORB;
import org.omg.CORBA.ORBPackage.InvalidName;
import org.omg.CORBA.Object;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/CoreSecurityUtil.class */
public class CoreSecurityUtil {
    static final String CLASS_NAME = CoreSecurityUtil.class.getName();
    static final TraceComponent tc = Tr.register(CLASS_NAME, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static Method SET_SECURITY_ENABLED_METHOD = null;
    private static Method SET_SECURITY_CONTEXT_ON_PI_CURRENT_METHOD = null;
    private static Method ADD_CONTAINER_SECURITY_CONTEXT = null;
    private static boolean setConfigURL = true;
    static final String TMP_DIR;
    public static final String FIPS = "FIPS140-2";
    public static final String SP800_131_STRICT = "SP800-131";
    public static final String SP800_131_TRANSITION = "transition";
    private static final String IBMJCE = "IBMJCE";
    private static final String SHA1PRNG = "SHA1PRNG";
    private static final String USE_FIPS = "com.ibm.jsse2.usefipsprovider";

    public static void establishClientInterceptorSecurity(ORB orb, ClientSecurityConfiguration clientSecurityConfiguration) {
        try {
            Object resolve_initial_references = orb.resolve_initial_references("ObjectGridClientInterceptor");
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isDebugEnabled()) {
                Tr.debug(tc, "establishClientInterceptorSecurity gets the ClientRequestInterceptor: " + resolve_initial_references);
            }
            ClientSecurityContext clientSecurityContext = new ClientSecurityContext();
            clientSecurityContext.setCsConfig(clientSecurityConfiguration);
            synchronized (LocationServiceFactory.class) {
                if (SET_SECURITY_ENABLED_METHOD == null) {
                    SET_SECURITY_ENABLED_METHOD = DoPrivUtil.forName("com.ibm.ws.objectgrid.corba.ObjectGridClientRequestInterceptor").getMethod("setSecurityEnabled", Boolean.TYPE);
                }
                if (SET_SECURITY_CONTEXT_ON_PI_CURRENT_METHOD == null) {
                    SET_SECURITY_CONTEXT_ON_PI_CURRENT_METHOD = DoPrivUtil.forName("com.ibm.ws.objectgrid.security.util.SecurityUtil").getMethod("setSecurityContextOnPICurrent", SessionImpl.class, ClientSecurityContext.class, DoPrivUtil.forName("com.ibm.ws.objectgrid.corba.ObjectGridClientRequestInterceptor"));
                }
            }
            SET_SECURITY_ENABLED_METHOD.invoke(resolve_initial_references, Boolean.TRUE);
            SET_SECURITY_CONTEXT_ON_PI_CURRENT_METHOD.invoke(null, null, clientSecurityContext, resolve_initial_references);
        } catch (Exception e) {
            FFDCFilter.processException(e, CLASS_NAME + ".establishClientInterceptorSecurity", "308");
            if (!(e instanceof RuntimeException)) {
                throw new RuntimeException(e);
            }
            throw ((RuntimeException) e);
        } catch (InvalidName e2) {
            FFDCFilter.processException(e2, CLASS_NAME + ".establishClientInterceptorSecurity", "304");
            throw new RuntimeException("ObjectGrid client ORB interceptor is not found.  Verify that org.omg.PortableInterceptor.ORBInitializerClass.com.ibm.ws.objectgrid.corba.ObjectGridInitializer is in your orb.properties file in the jre/lib directory of your JDK.", e2);
        }
    }

    public static void addServerSecurityContext() {
        if (ADD_CONTAINER_SECURITY_CONTEXT == null) {
            synchronized (CoreSecurityUtil.class) {
                if (ADD_CONTAINER_SECURITY_CONTEXT == null) {
                    try {
                        try {
                            ADD_CONTAINER_SECURITY_CONTEXT = DoPrivUtil.forName("com.ibm.ws.objectgrid.security.util.SecurityUtil").getMethod("addServerSecurityContext", new Class[0]);
                        } catch (ClassNotFoundException e) {
                            throw new ObjectGridRuntimeException(e);
                        }
                    } catch (NoSuchMethodException e2) {
                        throw new ObjectGridRuntimeException(e2);
                    } catch (SecurityException e3) {
                        throw new ObjectGridRuntimeException(e3);
                    }
                }
            }
        }
        try {
            ADD_CONTAINER_SECURITY_CONTEXT.invoke(null, new Object[0]);
        } catch (IllegalAccessException e4) {
            throw new ObjectGridRuntimeException(e4);
        } catch (IllegalArgumentException e5) {
            throw new ObjectGridRuntimeException(e5);
        } catch (InvocationTargetException e6) {
            throw new ObjectGridRuntimeException(e6);
        }
    }

    public static boolean isOGServerSubject(Subject subject) {
        Iterator<Principal> it = subject.getPrincipals().iterator();
        if (!it.hasNext()) {
            return false;
        }
        Principal next = it.next();
        return next.getClass().getName().equals("com.ibm.ws.objectgrid.security.plugins.builtins.OGServerPrincipal") && next.getName().equals(ServerPropertiesImpl.DEFAULT_SERVER);
    }

    public static void setSSLConfigURL(final SSLConfiguration sSLConfiguration, final String str) {
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "setSSLConfigURL", new Object[]{sSLConfiguration, str});
        }
        if (!setConfigURL) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setSSLConfigURL", "setConfigURL=false, return.");
                return;
            }
            return;
        }
        if (RuntimeInfo.instance().isWASProcess()) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setSSLConfigURL", "WAS process, return.");
                return;
            }
            return;
        }
        String property = DoPrivUtil.getProperty(Constants.SSL_CONFIG_URL);
        if (property != null && property.trim().length() > 0) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setSSLConfigURL", "com.ibm.SSL.ConfigURL already set to " + property + ", return.");
                return;
            }
            return;
        }
        if (sSLConfiguration == null || sSLConfiguration.getKeyStore() == null) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setSSLConfigURL", "The SSL configuration or key store is null. Skip SSL configuration URL setting");
                return;
            }
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.CoreSecurityUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                boolean z = false;
                ServerSSLConfiguration serverSSLConfiguration = null;
                if (SSLConfiguration.this instanceof ServerSSLConfiguration) {
                    z = true;
                    serverSSLConfiguration = (ServerSSLConfiguration) SSLConfiguration.this;
                }
                String str2 = CoreSecurityUtil.TMP_DIR + (z ? "ssl.server.config." : "ssl.client.config.") + ObjectGridUtil.sanitizeFilename(str) + '.' + new UUID().toString();
                File file = new File(str2);
                if (file.exists()) {
                    file.delete();
                    file = new File(str2);
                }
                file.deleteOnExit();
                PrintWriter printWriter = null;
                try {
                    try {
                        String url = file.toURI().toURL().toString();
                        String keyStorePassword = SSLConfiguration.this.getKeyStorePassword();
                        if (keyStorePassword != null && PasswordUtil.getCryptoAlgorithm(keyStorePassword) == null) {
                            keyStorePassword = PasswordUtil.passwordEncode(keyStorePassword);
                        }
                        String trustStorePassword = SSLConfiguration.this.getTrustStorePassword();
                        if (trustStorePassword != null && PasswordUtil.getCryptoAlgorithm(trustStorePassword) == null) {
                            trustStorePassword = PasswordUtil.passwordEncode(trustStorePassword);
                        }
                        String str3 = "com.ibm.ssl.defaultCertReqSubjectDN=" + (SSLConfiguration.this.getCertReqSubjectDN() == null ? "" : SSLConfiguration.this.getCertReqSubjectDN());
                        String str4 = "com.ibm.ssl.keyStoreServerAlias=" + (SSLConfiguration.this.getAlias() == null ? "" : SSLConfiguration.this.getAlias());
                        String str5 = "com.ibm.ssl.keyStoreClientAlias=" + (SSLConfiguration.this.getAlias() == null ? "" : SSLConfiguration.this.getAlias());
                        String str6 = "com.ibm.ssl.protocol=" + (SSLConfiguration.this.getProtocol() == null ? "" : SSLConfiguration.this.getProtocol());
                        String str7 = "com.ibm.ssl.contextProvider=" + (SSLConfiguration.this.getContextProvider() == null ? "" : SSLConfiguration.this.getContextProvider());
                        String str8 = "com.ibm.ssl.keyStore=" + (SSLConfiguration.this.getKeyStore() == null ? "" : SSLConfiguration.this.getKeyStore());
                        String str9 = "com.ibm.ssl.keyStorePassword=" + (keyStorePassword == null ? "" : keyStorePassword);
                        String str10 = "com.ibm.ssl.keyStoreType=" + (SSLConfiguration.this.getKeyStoreType() == null ? "" : SSLConfiguration.this.getKeyStoreType());
                        String str11 = "com.ibm.ssl.trustStore=" + (SSLConfiguration.this.getTrustStore() == null ? "" : SSLConfiguration.this.getTrustStore());
                        String str12 = "com.ibm.ssl.trustStorePassword=" + (SSLConfiguration.this.getTrustStorePassword() == null ? "" : trustStorePassword);
                        String str13 = "com.ibm.ssl.trustStoreType=" + (SSLConfiguration.this.getTrustStoreType() == null ? "" : SSLConfiguration.this.getTrustStoreType());
                        boolean z2 = SSLConfiguration.this.getFips() || SSLConfiguration.this.getSP800Mode() != null;
                        String str14 = "com.ibm.security.useFIPS=" + z2;
                        String str15 = "false";
                        if (z2) {
                            if (SSLConfiguration.this.getSP800Mode() == null || SSLConfiguration.this.getSP800Mode().equalsIgnoreCase(com.ibm.websphere.objectgrid.security.SecurityConstants.SP800_131_OFF)) {
                                str15 = "FIPS140-2";
                            } else if (SSLConfiguration.this.getSP800Mode().equalsIgnoreCase("strict")) {
                                str15 = "SP800-131";
                            } else if (SSLConfiguration.this.getSP800Mode().equalsIgnoreCase("transition")) {
                                str15 = "transition";
                            }
                        }
                        String str16 = "com.ibm.websphere.security.FIPSLevel=" + str15;
                        PrintWriter printWriter2 = new PrintWriter(new BufferedWriter(new FileWriter(file)));
                        printWriter2.println(str14);
                        printWriter2.println(str16);
                        printWriter2.println("com.ibm.ssl.defaultAlias=DefaultSSLSettings");
                        printWriter2.println("com.ibm.ssl.alias=DefaultSSLSettings");
                        printWriter2.println(str4);
                        printWriter2.println(str5);
                        printWriter2.println(str3);
                        printWriter2.println("com.ibm.ssl.securityLevel=HIGH");
                        printWriter2.println(str6);
                        printWriter2.println(str7);
                        printWriter2.println(str8);
                        printWriter2.println(str9);
                        printWriter2.println(str10);
                        printWriter2.println(str11);
                        printWriter2.println(str12);
                        printWriter2.println(str13);
                        if (ObjectGridManagerImpl.isTraceEnabled && CoreSecurityUtil.tc.isDebugEnabled()) {
                            Tr.debug(CoreSecurityUtil.tc, "The SSL properties to be set on the file " + url);
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.ssl.defaultAlias=DefaultSSLSettings");
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.ssl.alias=DefaultSSLSettings");
                            Tr.debug(CoreSecurityUtil.tc, str4);
                            Tr.debug(CoreSecurityUtil.tc, str5);
                            Tr.debug(CoreSecurityUtil.tc, str3);
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.ssl.securityLevel=HIGH");
                            Tr.debug(CoreSecurityUtil.tc, str6);
                            Tr.debug(CoreSecurityUtil.tc, str7);
                            Tr.debug(CoreSecurityUtil.tc, str8);
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.ssl.keyStorePassword=******");
                            Tr.debug(CoreSecurityUtil.tc, str10);
                            Tr.debug(CoreSecurityUtil.tc, str11);
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.ssl.trustStorePassword=******");
                            Tr.debug(CoreSecurityUtil.tc, str13);
                            Tr.debug(CoreSecurityUtil.tc, str14);
                            Tr.debug(CoreSecurityUtil.tc, str16);
                        }
                        if (z) {
                            printWriter2.println("com.ibm.ssl.clientAuthentication=" + serverSSLConfiguration.isClientAuthentication());
                        }
                        printWriter2.close();
                        printWriter = null;
                        DoPrivUtil.setProperty(Constants.SSL_CONFIG_URL, url);
                        if (0 != 0) {
                            printWriter.close();
                        }
                        return null;
                    } catch (FileNotFoundException e) {
                        FFDCFilter.processException(e, CoreSecurityUtil.CLASS_NAME + ".setSSLConfigURL", "358");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.SSL.ConfigURL " + file, e);
                    } catch (MalformedURLException e2) {
                        FFDCFilter.processException(e2, CoreSecurityUtil.CLASS_NAME + ".setSSLConfigURL", "354");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.SSL.ConfigURL " + file, e2);
                    } catch (IOException e3) {
                        FFDCFilter.processException(e3, CoreSecurityUtil.CLASS_NAME + ".setSSLConfigURL", "361");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.SSL.ConfigURL " + file, e3);
                    }
                } catch (Throwable th) {
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    throw th;
                }
            }
        });
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "setSSLConfigURL");
        }
    }

    public static void setClientSASConfigURL(final ClientSecurityConfiguration clientSecurityConfiguration) {
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "setClientSASConfigURL", clientSecurityConfiguration);
        }
        if (!setConfigURL) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setClientSASConfigURL", "setConfigURL=false, return.");
                return;
            }
            return;
        }
        if (RuntimeInfo.instance().isWASProcess()) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setClientSASConfigURL", "WAS process, return.");
                return;
            }
            return;
        }
        String property = DoPrivUtil.getProperty(Constants.CORBA_CONFIG_URL);
        if (property != null && property.trim().length() > 0) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setClientSASConfigURL", "com.ibm.CORBA.ConfigURL already set to " + property + ", return.");
                return;
            }
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.CoreSecurityUtil.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                boolean z = ClientSecurityConfiguration.this.getSSLConfiguration() != null;
                String str = CoreSecurityUtil.TMP_DIR + "sas.client.config." + new UUID().toString();
                File file = new File(str);
                if (file.exists()) {
                    file.delete();
                    file = new File(str);
                }
                file.deleteOnExit();
                PrintWriter printWriter = null;
                try {
                    try {
                        try {
                            try {
                                String url = file.toURI().toURL().toString();
                                PrintWriter printWriter2 = new PrintWriter(new BufferedWriter(new FileWriter(file)));
                                if (ObjectGridManagerImpl.isTraceEnabled && CoreSecurityUtil.tc.isDebugEnabled()) {
                                    Tr.debug(CoreSecurityUtil.tc, "The client side SAS properties to be set on file " + url);
                                    Tr.debug(CoreSecurityUtil.tc, "com.ibm.CORBA.securityEnabled=true");
                                    Tr.debug(CoreSecurityUtil.tc, "com.ibm.CORBA.authenticationTarget=basicauth");
                                }
                                printWriter2.println("com.ibm.CORBA.securityEnabled=true");
                                printWriter2.println("com.ibm.CORBA.authenticationTarget=basicauth");
                                CoreSecurityUtil.setCSIv2Props(printWriter2, z, ClientSecurityConfiguration.this.getTransportType());
                                printWriter2.flush();
                                printWriter2.close();
                                printWriter = null;
                                DoPrivUtil.setProperty(Constants.CORBA_CONFIG_URL, url);
                                if (0 != 0) {
                                    printWriter.close();
                                }
                                return null;
                            } catch (IOException e) {
                                FFDCFilter.processException(e, CoreSecurityUtil.CLASS_NAME + ".setClientSASConfigURL", "447");
                                throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e);
                            }
                        } catch (MalformedURLException e2) {
                            FFDCFilter.processException(e2, CoreSecurityUtil.CLASS_NAME + ".setClientSASConfigURL", "441");
                            throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e2);
                        }
                    } catch (FileNotFoundException e3) {
                        FFDCFilter.processException(e3, CoreSecurityUtil.CLASS_NAME + ".setClientSASConfigURL", "444");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e3);
                    }
                } catch (Throwable th) {
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    throw th;
                }
            }
        });
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "setClientSASConfigURL");
        }
    }

    public static void setServerSASConfigURL(final ServerSecurityConfiguration serverSecurityConfiguration, final String str) {
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerSASConfigURL", new Object[]{serverSecurityConfiguration, str});
        }
        if (!setConfigURL) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setServerSASConfigURL", "setConfigURL=false, return.");
                return;
            }
            return;
        }
        if (RuntimeInfo.instance().isWASProcess()) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setServerSASConfigURL", "WAS process, return.");
                return;
            }
            return;
        }
        String property = DoPrivUtil.getProperty(Constants.CORBA_CONFIG_URL);
        if (property != null && property.trim().length() > 0) {
            if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "setServerSASConfigURL", "com.ibm.CORBA.ConfigURL already set to " + property + ", return.");
                return;
            }
            return;
        }
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.objectgrid.security.CoreSecurityUtil.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                String str2 = CoreSecurityUtil.TMP_DIR + "sas.server.config." + ObjectGridUtil.sanitizeFilename(str) + '.' + new UUID().toString();
                File file = new File(str2);
                if (file.exists()) {
                    file.delete();
                    file = new File(str2);
                }
                file.deleteOnExit();
                PrintWriter printWriter = null;
                try {
                    try {
                        String url = file.toURI().toURL().toString();
                        PrintWriter printWriter2 = new PrintWriter(new BufferedWriter(new FileWriter(file)));
                        boolean z = serverSecurityConfiguration.getSSLConfiguration() != null;
                        String str3 = "com.ibm.CORBA.securityEnabled=" + serverSecurityConfiguration.isGlobalSecurityEnabled();
                        printWriter2.println(str3);
                        printWriter2.println("com.ibm.CORBA.authenticationTarget=basicauth");
                        if (ObjectGridManagerImpl.isTraceEnabled && CoreSecurityUtil.tc.isDebugEnabled()) {
                            Tr.debug(CoreSecurityUtil.tc, "The server side SAS properties to be set on file " + url);
                            Tr.debug(CoreSecurityUtil.tc, str3);
                            Tr.debug(CoreSecurityUtil.tc, "com.ibm.CORBA.authenticationTarget=basicauth");
                        }
                        CoreSecurityUtil.setCSIv2Props(printWriter2, z, serverSecurityConfiguration.getTransportType());
                        printWriter2.close();
                        printWriter2.flush();
                        printWriter = null;
                        System.setProperty(Constants.CORBA_CONFIG_URL, url);
                        if (0 == 0) {
                            return null;
                        }
                        printWriter.close();
                        return null;
                    } catch (FileNotFoundException e) {
                        FFDCFilter.processException(e, CoreSecurityUtil.CLASS_NAME + ".setServerSASConfigURL", "570");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e);
                    } catch (MalformedURLException e2) {
                        FFDCFilter.processException(e2, CoreSecurityUtil.CLASS_NAME + ".setServerSASConfigURL", "565");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e2);
                    } catch (IOException e3) {
                        FFDCFilter.processException(e3, CoreSecurityUtil.CLASS_NAME + ".setServerSASConfigURL", "575");
                        throw new ObjectGridRuntimeException("Cannot set com.ibm.CORBA.ConfigURL " + file, e3);
                    }
                } catch (Throwable th) {
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    throw th;
                }
            }
        });
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerSASConfigURL");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setCSIv2Props(PrintWriter printWriter, boolean z, int i) {
        String str = "com.ibm.CSI.performTransportAssocSSLTLSRequired=" + (z && i == 22);
        String str2 = "com.ibm.CSI.performTransportAssocSSLTLSSupported=" + (z && i == 21);
        String str3 = "com.ibm.CSI.claimTransportAssocSSLTLSRequired=" + (z && i == 22);
        String str4 = "com.ibm.CSI.claimTransportAssocSSLTLSSupported=" + (z && i == 21);
        String str5 = isServerClientCertAuth() ? "com.ibm.CSI.performTLClientAuthenticationSupported=true" : "com.ibm.CSI.performTLClientAuthenticationSupported=false";
        printWriter.println(str);
        printWriter.println(str2);
        printWriter.println(str3);
        printWriter.println(str4);
        printWriter.println("com.ibm.CSI.claimMessageSupportedAuthMechList=");
        printWriter.println("com.ibm.CSI.performClientAuthenticationRequired=false");
        printWriter.println("com.ibm.CSI.performClientAuthenticationSupported=false");
        printWriter.println("com.ibm.CSI.performTLClientAuthenticationRequired=false");
        printWriter.println(str5);
        printWriter.println("com.ibm.CSI.claimClientAuthenticationRequired=false");
        printWriter.println("com.ibm.CSI.claimClientAuthenticationSupported=false");
        printWriter.println("com.ibm.CSI.claimTLClientAuthenticationRequired=false");
        printWriter.println("com.ibm.CSI.claimTLClientAuthenticationSupported=false");
        if (ObjectGridManagerImpl.isTraceEnabled && tc.isDebugEnabled()) {
            Tr.debug(tc, str);
            Tr.debug(tc, str2);
            Tr.debug(tc, str3);
            Tr.debug(tc, str4);
            Tr.debug(tc, "com.ibm.CSI.performClientAuthenticationRequired=false");
            Tr.debug(tc, "com.ibm.CSI.performClientAuthenticationSupported=false");
            Tr.debug(tc, "com.ibm.CSI.performTLClientAuthenticationRequired=false");
            Tr.debug(tc, str5);
            Tr.debug(tc, "com.ibm.CSI.claimClientAuthenticationRequired=false");
            Tr.debug(tc, "com.ibm.CSI.claimClientAuthenticationSupported=false");
            Tr.debug(tc, "com.ibm.CSI.claimTLClientAuthenticationRequired=false");
            Tr.debug(tc, "com.ibm.CSI.claimTLClientAuthenticationSupported=false");
        }
    }

    private static boolean isServerClientCertAuth() {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.objectgrid.security.CoreSecurityUtil.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return System.getProperty("com.ibm.websphere.objectgrid.server.clientCertAuth");
            }
        });
        return str != null && str.equals("true");
    }

    public static String dumpPrincipals(Subject subject) {
        StringBuilder sb = new StringBuilder("Dump principal set using toString():");
        StringBuilder sb2 = new StringBuilder("Dump principal set using getName():");
        Set<Principal> principals = subject.getPrincipals();
        sb.append(Constants.EOLN);
        sb2.append(Constants.EOLN);
        if (principals != null && principals.size() > 0) {
            for (Principal principal : principals) {
                sb.append(principal.getClass()).append(":[").append(principal.toString()).append(']').append(Constants.EOLN);
                sb2.append(principal.getClass()).append(":[").append(principal.getName()).append(']').append(Constants.EOLN);
            }
        }
        sb.append(sb2.toString());
        return new String(sb);
    }

    public static SSLContext getSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, String str, String str2, boolean z) throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sSLContext;
        SecureRandom secureRandom;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLContext", new Object[]{str});
        }
        try {
            try {
                if (str2 != null) {
                    try {
                        sSLContext = SSLContext.getInstance(str, str2);
                    } catch (NoSuchProviderException e) {
                        FFDCFilter.processException(e, CLASS_NAME + "getSSLContext", "769");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SSLContext init failed ", e);
                        }
                        sSLContext = SSLContext.getInstance(str);
                    }
                } else {
                    sSLContext = SSLContext.getInstance(str);
                }
            } catch (NoSuchAlgorithmException e2) {
                FFDCFilter.processException(e2, CLASS_NAME + "getSSLContext", "778");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SSLContext init failed ", e2);
                }
                try {
                    sSLContext = SSLContext.getInstance("SSL_TLS");
                } catch (NoSuchAlgorithmException e3) {
                    FFDCFilter.processException(e2, CLASS_NAME + "getSSLContext", "783");
                    Tr.debug(tc, "SSLContext init failed ", e3);
                    sSLContext = SSLContext.getInstance("TLS");
                }
            }
            if (z) {
                String name = sSLContext.getProvider().getName();
                boolean booleanValue = Boolean.valueOf(System.getProperty("com.ibm.jsse2.usefipsprovider")).booleanValue();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Current provider is: " + name, " FipsEnable = " + booleanValue);
                }
                if (booleanValue) {
                    try {
                        Tr.debug(tc, "get Secure random with: SHA1PRNG and IBMJCE");
                        secureRandom = SecureRandom.getInstance(SHA1PRNG, "IBMJCE");
                    } catch (NoSuchProviderException e4) {
                        FFDCFilter.processException(e4, CLASS_NAME + "getSSLContext", "797");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "SSLContext init failed ", e4);
                        }
                        secureRandom = new SecureRandom();
                    }
                } else {
                    secureRandom = new SecureRandom();
                }
                sSLContext.init(keyManagerArr, trustManagerArr, secureRandom);
            } else {
                sSLContext.init(keyManagerArr, trustManagerArr, null);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSSLContext", sSLContext);
            }
            return sSLContext;
        } catch (KeyManagementException e5) {
            FFDCFilter.processException(e5, CLASS_NAME + "getSSLContext", "809");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SSLContext init failed ", e5);
            }
            throw e5;
        }
    }

    static {
        String replace = DoPrivUtil.getProperty("java.io.tmpdir", File.separator + "tmp" + File.separator).replace('\\', File.separatorChar).replace('/', File.separatorChar);
        if (!replace.endsWith(File.separator)) {
            replace = replace + File.separator;
        }
        TMP_DIR = replace;
    }
}
