package com.ibm.ws.ssl.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.wsspi.ssl.KeyManagerExtendedInfo;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:bridge.jar:com/ibm/ws/ssl/core/WSX509KeyManager.class */
public final class WSX509KeyManager implements X509KeyManager {
    private static final TraceComponent tc;
    private SSLConfig config;
    private KeyStore ks;
    private KeyManager[] kmList;
    private X509KeyManager km;
    private X509KeyManager customKM;
    private CertMappingKeyManager certMappingKeyManager;
    private String clientAlias = null;
    private String serverAlias = null;
    private int clientslotnum = 0;
    private int serverslotnum = 0;
    static Class class$com$ibm$ws$ssl$core$WSX509KeyManager;

    public void setClientAlias(String str, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setClientAlias", new Object[]{str, new Integer(i)});
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty("com.ibm.ssl.keyStore");
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.client.alias.not.found.CWPKI0023E", new Object[]{str, property != null ? property : this.config.getProperty("com.ibm.ssl.tokenLibraryFile")}, new StringBuffer().append("Client alias ").append(str).append(" not found in keystore.").toString());
            Tr.error(tc, formattedMessage);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.clientAlias = str;
        this.clientslotnum = i;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreClientAlias(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setClientAlias");
        }
    }

    public void setServerAlias(String str, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerAlias", new Object[]{str, new Integer(i)});
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty("com.ibm.ssl.keyStore");
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.server.alias.not.found.CWPKI0024E", new Object[]{str, property != null ? property : this.config.getProperty("com.ibm.ssl.tokenLibraryFile")}, new StringBuffer().append("Server alias ").append(str).append(" not found in keystore.").toString());
            Tr.error(tc, formattedMessage);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.serverAlias = str;
        this.serverslotnum = i;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreServerAlias(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerAlias");
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", new Object[]{strArr, principalArr, socket});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("chooseClientAlias -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.chooseClientAlias(strArr, principalArr, socket);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseClientAlias");
        }
        return chooseClientAlias(strArr[0], principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", new Object[]{str, principalArr, socket});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("chooseServerAlias -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.chooseServerAlias(str, principalArr, socket);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseServerAlias");
        }
        return chooseServerAlias(str, principalArr);
    }

    public String chooseClientAlias(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", new Object[]{str, principalArr});
        }
        if (this.clientAlias == null || this.clientAlias.equals("")) {
            String chooseClientAlias = this.km.chooseClientAlias(new String[]{str}, principalArr, null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias (from JSSE)", new Object[]{chooseClientAlias});
            }
            if (chooseClientAlias != null) {
                chooseClientAlias = chooseClientAlias.toLowerCase();
            }
            return chooseClientAlias;
        }
        String[] clientAliases = this.km.getClientAliases(str, principalArr);
        String str2 = "";
        if (clientAliases != null) {
            boolean z = false;
            for (int i = 0; i < clientAliases.length; i++) {
                str2 = new StringBuffer().append(str2).append(clientAliases[i]).append(RASFormatter.DEFAULT_SEPARATOR).toString();
                if (this.clientAlias.equalsIgnoreCase(clientAliases[i])) {
                    z = true;
                }
            }
            if (z) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseClientAlias", new Object[]{this.clientAlias});
                }
                return this.clientAlias.toLowerCase();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseClientAlias (default)", new Object[]{this.clientAlias});
        }
        return this.clientAlias;
    }

    public String chooseServerAlias(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", new Object[]{str, principalArr});
        }
        Map inboundConnectionInfo = JSSEHelper.getInstance().getInboundConnectionInfo();
        String property = this.certMappingKeyManager.getProperty(CertMappingKeyManager.PROTOCOL_HTTPS_CERT_MAPPING_FILE);
        String str2 = null;
        if (inboundConnectionInfo != null && ((Boolean) inboundConnectionInfo.get(JSSEHelper.CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND)).booleanValue() && property != null) {
            str2 = this.certMappingKeyManager.chooseServerAlias(str, principalArr, null);
        }
        if (str2 != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias", new Object[]{str2});
            }
            return str2;
        }
        if (this.serverAlias == null || this.serverAlias.equals("")) {
            String chooseServerAlias = this.km.chooseServerAlias(str, principalArr, null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias (from JSSE)", new Object[]{chooseServerAlias});
            }
            if (chooseServerAlias != null) {
                chooseServerAlias = chooseServerAlias.toLowerCase();
            }
            return chooseServerAlias;
        }
        String[] serverAliases = this.km.getServerAliases(str, principalArr);
        String str3 = "";
        if (serverAliases != null) {
            boolean z = false;
            for (int i = 0; i < serverAliases.length; i++) {
                str3 = new StringBuffer().append(str3).append(serverAliases[i]).append(RASFormatter.DEFAULT_SEPARATOR).toString();
                if (this.serverAlias.equalsIgnoreCase(serverAliases[i])) {
                    z = true;
                }
            }
            if (z) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseServerAlias", new Object[]{this.serverAlias});
                }
                return this.serverAlias.toLowerCase();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseServerAlias (default)", new Object[]{this.serverAlias});
        }
        return this.serverAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getClientAliases", new Object[]{str, principalArr});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getClientAliases -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.getClientAliases(str, principalArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getClientAliases -> ").append(this.km.getClass().getName()).toString());
        }
        return this.km.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerAliases", new Object[]{str, principalArr});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getServerAliases -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.getServerAliases(str, principalArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getServerAliases -> ").append(this.km.getClass().getName()).toString());
        }
        return this.km.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateKey", new Object[]{str});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getPrivateKey -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.getPrivateKey(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getPrivateKey -> ").append(this.km.getClass().getName()).toString());
        }
        return this.km.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateChain", new Object[]{str});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getCertificateChain -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM.getCertificateChain(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getCertificateChain -> ").append(this.km.getClass().getName()).toString());
        }
        return this.km.getCertificateChain(str);
    }

    public X509KeyManager getX509KeyManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getX509KeyManager");
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getX509KeyManager -> ").append(this.customKM.getClass().getName()).toString());
            }
            return this.customKM;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("getX509KeyManager -> ").append(this.km.getClass().getName()).toString());
        }
        return this.km;
    }

    public WSX509KeyManager(KeyStore keyStore, char[] cArr, KeyManagerFactory keyManagerFactory, SSLConfig sSLConfig, X509KeyManager x509KeyManager) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        this.config = null;
        this.ks = null;
        this.kmList = null;
        this.km = null;
        this.customKM = null;
        this.certMappingKeyManager = null;
        this.ks = keyStore;
        this.kmList = keyManagerFactory.getKeyManagers();
        this.certMappingKeyManager = new CertMappingKeyManager();
        if (this.kmList != null) {
            this.km = (X509KeyManager) this.kmList[0];
        }
        this.config = sSLConfig;
        this.customKM = x509KeyManager;
        if (this.customKM == null || !(this.customKM instanceof KeyManagerExtendedInfo)) {
            return;
        }
        if (sSLConfig != null) {
            ((KeyManagerExtendedInfo) this.customKM).setSSLConfig(sSLConfig);
        }
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        X509KeyManager x509KeyManager2 = null;
        if (keyManagers != null && keyManagers[0] != null) {
            x509KeyManager2 = (X509KeyManager) keyManagers[0];
        }
        if (x509KeyManager2 != null) {
            ((KeyManagerExtendedInfo) this.customKM).setDefaultX509KeyManager(x509KeyManager2);
        }
        if (keyStore != null) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStore(keyStore);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$core$WSX509KeyManager == null) {
            cls = class$("com.ibm.ws.ssl.core.WSX509KeyManager");
            class$com$ibm$ws$ssl$core$WSX509KeyManager = cls;
        } else {
            cls = class$com$ibm$ws$ssl$core$WSX509KeyManager;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.resources.ssl");
    }
}
