package com.ibm.ws.objectgrid.security.access;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.security.config.SSLConfiguration;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.security.CoreSecurityUtil;
import com.ibm.ws.objectgrid.security.SecurityConstants;
import com.ibm.ws.objectgrid.security.util.SecurityUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.Security;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/access/SSLClientPropsWithContext.class */
public class SSLClientPropsWithContext implements SSLClientProps {
    private static final TraceComponent TC = Tr.register(SSLClientPropsWithContext.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    SSLConfiguration sslConfig;
    private KeyStore clientKeyStore;
    private KeyStore clientTrustStore;
    private SSLContext sslContext;

    public SSLClientPropsWithContext(SSLConfiguration sSLConfiguration) throws GeneralSecurityException, IOException {
        this.sslConfig = null;
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.entry(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, sSLConfiguration);
        }
        this.sslConfig = sSLConfiguration;
        SecurityUtil.checkSSLConfig(this.sslConfig, true);
        setupClientTrustStore();
        setupClientKeyStore();
        setupSSLContext();
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.exit(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, this);
        }
    }

    private void setupClientTrustStore() throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = null;
        this.clientTrustStore = KeyStore.getInstance(this.sslConfig.getTrustStoreType());
        try {
            fileInputStream = new FileInputStream(this.sslConfig.getTrustStore());
            this.clientTrustStore.load(fileInputStream, this.sslConfig.getTrustStorePassword().toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                Tr.debug(TC, "setupClientTrustStore", "Trust store has been setup successfully!");
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void setupClientKeyStore() throws GeneralSecurityException, IOException {
        if (this.sslConfig.getKeyStore() != null) {
            this.clientKeyStore = KeyStore.getInstance(this.sslConfig.getKeyStoreType());
            FileInputStream fileInputStream = null;
            try {
                KeyStore keyStore = this.clientKeyStore;
                FileInputStream fileInputStream2 = new FileInputStream(this.sslConfig.getKeyStore());
                fileInputStream = fileInputStream2;
                keyStore.load(fileInputStream2, this.sslConfig.getKeyStorePassword().toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                    Tr.debug(TC, "setupClientKeyStore", "Key store has been setup successfully!");
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
    }

    private void setupSSLContext() throws GeneralSecurityException {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.access.SSLClientPropsWithContext.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Security.getProperty(SecurityConstants.TRUST_MANAGER_FACTORY_ALG_KEY);
            }
        });
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
            Tr.debug(TC, "The trust manager factory algorithm is " + str);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(this.clientTrustStore);
        String str2 = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.access.SSLClientPropsWithContext.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Security.getProperty(SecurityConstants.KEY_MANAGER_FACTORY_ALG_KEY);
            }
        });
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
            Tr.debug(TC, "The key manager factory algorithm is " + str2);
        }
        KeyManager[] keyManagerArr = null;
        if (this.clientKeyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
            keyManagerFactory.init(this.clientKeyStore, this.sslConfig.getKeyStorePassword().toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                Tr.debug(TC, "Number of key managers: " + keyManagers.length);
            }
            keyManagerArr = new KeyManager[keyManagers.length];
            for (int i = 0; i < keyManagers.length; i++) {
                if (keyManagers[i] instanceof X509KeyManager) {
                    keyManagerArr[i] = new X509KeyManagerWrapper((X509KeyManager) keyManagers[i], this.sslConfig.getAlias());
                    if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                        Tr.debug(TC, "convert " + keyManagers[i] + " to " + keyManagerArr[i]);
                    }
                } else {
                    if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                        Tr.debug(TC, "Keep " + keyManagers[i] + " as it is");
                    }
                    keyManagerArr[i] = keyManagers[i];
                }
            }
        }
        this.sslContext = CoreSecurityUtil.getSSLContext(keyManagerArr, trustManagerFactory.getTrustManagers(), this.sslConfig.getProtocol(), this.sslConfig.getContextProvider(), true);
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
            Tr.debug(TC, "setupSSLContext", "SSL Context has been setup successfully!");
        }
    }

    @Override // com.ibm.ws.objectgrid.security.access.SSLClientProps
    public SSLConfiguration getSSLConfig() {
        return this.sslConfig;
    }

    @Override // com.ibm.ws.objectgrid.security.access.SSLClientProps
    public SocketFactory getSocketFactory() {
        return this.sslContext.getSocketFactory();
    }
}
