package com.ibm.ws.ssl.channel.engine;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.jsse2.IBMJSSEProvider2;
import com.ibm.jsse2.SSLContext;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.channel.exception.SSLConfigException;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.swt.custom.StyledTextPrintOptions;

/* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvc.webcontainer_1.0.0.20050921/wwcc/web.httptransport.jar:com/ibm/ws/ssl/channel/engine/SSLEngineFactory.class */
public class SSLEngineFactory {
    protected static final TraceComponent tc;
    private static final String CLASS_NAME = "com.ibm.ws.ssl.channel.engine.SSLEngineFactory";
    private SSLFactoryConfig sslConfig;
    protected SSLContext sslContext = null;
    protected KeyStore keyStore = null;
    protected KeyManagerFactory keyManagerFactory = null;
    protected KeyStore trustStore = null;
    protected TrustManagerFactory trustManagerFactory = null;
    static Class class$com$ibm$ws$ssl$channel$engine$SSLEngineFactory;

    /* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvc.webcontainer_1.0.0.20050921/wwcc/web.httptransport.jar:com/ibm/ws/ssl/channel/engine/SSLEngineFactory$AddProviderAction.class */
    class AddProviderAction implements PrivilegedAction {
        private final SSLEngineFactory this$0;

        public AddProviderAction(SSLEngineFactory sSLEngineFactory) {
            this.this$0 = sSLEngineFactory;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            Security.addProvider(new IBMJSSEProvider2());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:rcp/eclipse/plugins/com.ibm.pvc.webcontainer_1.0.0.20050921/wwcc/web.httptransport.jar:com/ibm/ws/ssl/channel/engine/SSLEngineFactory$OpenKeyStoreAction.class */
    public class OpenKeyStoreAction implements PrivilegedExceptionAction {
        private String file;
        private final SSLEngineFactory this$0;

        public OpenKeyStoreAction(SSLEngineFactory sSLEngineFactory, String str) {
            this.this$0 = sSLEngineFactory;
            this.file = null;
            this.file = str;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws MalformedURLException, IOException {
            if (SSLEngineFactory.tc.isEntryEnabled()) {
                Tr.entry(SSLEngineFactory.tc, "OpenKeyStoreAction.run");
            }
            File file = new File(this.file);
            if (file.exists() && file.length() == 0) {
                throw new IOException(new StringBuffer().append("Keystore file exists, but is empty: ").append(this.file).toString());
            }
            InputStream openStream = (!file.exists() ? new URL(this.file) : new URL(new StringBuffer().append("file:").append(file.getCanonicalPath()).toString())).openStream();
            if (SSLEngineFactory.tc.isEntryEnabled()) {
                Tr.exit(SSLEngineFactory.tc, "OpenKeyStoreAction.run");
            }
            return openStream;
        }
    }

    public SSLEngineFactory(Map map) throws SSLConfigException {
        this.sslConfig = new SSLFactoryConfig(map);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Providers in security:");
            for (Provider provider : Security.getProviders()) {
                Tr.debug(tc, new StringBuffer().append(StyledTextPrintOptions.SEPARATOR).append(provider.getName()).toString());
            }
        }
        this.sslConfig.readProperties();
        if (null == Security.getProvider(SSLFactoryConfig.DEFAULT_JSSE_PROVIDER)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Provider IBMJSSE2 needs tp be added to Security.");
            }
            AccessController.doPrivileged(new AddProviderAction(this));
        }
        if (this.sslConfig.getCryptoEnabled() || this.sslConfig.getTokenLibraryFile() != null) {
            enableHardwareProvider();
        }
        createSSLContext();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "delayedInit");
        }
    }

    protected void enableHardwareProvider() throws SSLConfigException {
        throw new SSLConfigException("Hardware crypto is not supported");
    }

    public void createSSLContext() throws SSLConfigException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSSLContext");
        }
        try {
            String contextProvider = this.sslConfig.getContextProvider();
            String trustStoreProvider = this.sslConfig.getTrustStoreProvider();
            String trustStore = this.sslConfig.getTrustStore();
            String trustStorePassword = this.sslConfig.getTrustStorePassword();
            String keyStore = this.sslConfig.getKeyStore();
            String keyStorePassword = this.sslConfig.getKeyStorePassword();
            String tokenLibraryFile = this.sslConfig.getTokenLibraryFile();
            char[] cArr = null;
            boolean z = false;
            if (contextProvider == null) {
                this.sslContext = SSLContext.getInstance(this.sslConfig.getProtocol());
            } else {
                this.sslContext = SSLContext.getInstance(this.sslConfig.getProtocol(), contextProvider);
            }
            if (trustStore != null && trustStorePassword != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Using trust store: ").append(trustStore).toString());
                }
                this.trustStore = getKeyStore(this.sslConfig.getTrustStoreType(), trustStoreProvider, trustStore, trustStorePassword);
            } else if (tokenLibraryFile != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No trust store specified, but found hardware crypto");
                }
                this.trustStore = getKeyStore("PKCS11IMPLKS", null, null, "");
                z = true;
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No trust store specified and no hardware crypto defined");
                }
                if (false != this.sslConfig.getClientAuthentication()) {
                    throw new SSLConfigException("Invalid trust file name of null");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "trust store permitted to be null since this is inbound and client auth is false");
                }
            }
            if (contextProvider != null) {
                this.trustManagerFactory = TrustManagerFactory.getInstance(this.sslConfig.getTrustManager(), contextProvider);
            } else {
                this.trustManagerFactory = TrustManagerFactory.getInstance(this.sslConfig.getTrustManager());
            }
            this.trustManagerFactory.init(this.trustStore);
            if (keyStore != null && keyStorePassword != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Using software keystore: ").append(keyStore).toString());
                }
                if (this.sslConfig.getKeyStoreType().equals(this.sslConfig.getTrustStoreType()) && this.sslConfig.getKeyStoreProvider().equals(this.sslConfig.getTrustStoreProvider()) && keyStore.equals(trustStore) && this.sslConfig.getKeyStorePassword().equals(this.sslConfig.getTrustStorePassword())) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Reusing key store from Trust Manager");
                    }
                    this.keyStore = this.trustStore;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating new key store for Key Manager");
                    }
                    this.keyStore = getKeyStore(this.sslConfig.getKeyStoreType(), this.sslConfig.getKeyStoreProvider(), keyStore, this.sslConfig.getKeyStorePassword());
                }
                if (keyStorePassword != null) {
                    cArr = keyStorePassword.toCharArray();
                }
            } else {
                if (tokenLibraryFile == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No key store specified and no hardware crypto defined");
                    }
                    throw new SSLConfigException("No key store specified and no hardware crypto defined");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No key store specified, but found hardware crypto");
                }
                if (z) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Reusing key store from Trust Manager");
                    }
                    this.keyStore = this.trustStore;
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating new key store for Key Manager");
                    }
                    this.keyStore = getKeyStore("PKCS11IMPLKS", null, null, "");
                }
                cArr = "".toCharArray();
            }
            if (contextProvider == null) {
                this.keyManagerFactory = KeyManagerFactory.getInstance(this.sslConfig.getKeyManager());
            } else {
                this.keyManagerFactory = KeyManagerFactory.getInstance(this.sslConfig.getKeyManager(), contextProvider);
            }
            try {
                this.keyManagerFactory.init(this.keyStore, cArr);
                initSSLContext();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createSSLContext");
                }
            } catch (UnrecoverableKeyException e) {
                throw new UnrecoverableKeyException(new StringBuffer().append(e.getMessage()).append(": invalid password for file '").append(keyStore).append("'").toString());
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception caught during init, ").append(e2).toString());
            }
            FFDCFilter.processException(e2, CLASS_NAME, "168", this);
            throw new SSLConfigException(e2);
        }
    }

    protected void initSSLContext() throws Exception {
        this.sslContext.init(this.keyManagerFactory.getKeyManagers(), this.trustManagerFactory.getTrustManagers(), (SecureRandom) null);
    }

    private KeyStore getKeyStore(String str, String str2, String str3, String str4) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStore");
        }
        KeyStore keyStore = null;
        boolean z = true;
        int i = 0;
        while (z) {
            keyStore = str2 == null ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
            char[] cArr = null;
            if (str4 != null) {
                cArr = str4.toCharArray();
            }
            if (null == str3) {
                try {
                    keyStore.load(null, cArr);
                    z = false;
                } catch (IOException e) {
                    if (!e.getMessage().equalsIgnoreCase("Invalid keystore format") && e.getMessage().indexOf("DerInputStream.getLength()") == -1) {
                        throw e;
                    }
                    Tr.warning(tc, SSLChannelConstants.INVALID_KEYSTORE_TYPE);
                    if (str.equalsIgnoreCase("JKS")) {
                        str = "JCEKS";
                    } else if (str.equalsIgnoreCase("JCEKS")) {
                        str = "PKCS12";
                    } else if (str.equalsIgnoreCase("PKCS12")) {
                        str = "JCEKS";
                    }
                    int i2 = i;
                    i++;
                    if (i2 > 1) {
                        throw e;
                    }
                }
            } else {
                InputStream openKeyStore = openKeyStore(str3);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("getKeyStore created a new inputStream: ").append(str3).toString());
                }
                keyStore.load(openKeyStore, cArr);
                z = false;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStore");
        }
        return keyStore;
    }

    protected InputStream openKeyStore(String str) throws MalformedURLException, IOException {
        try {
            return (InputStream) AccessController.doPrivileged(new OpenKeyStoreAction(this, str));
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            FFDCFilter.processException(exception, CLASS_NAME, "432", new Object[]{exception});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", new Object[]{exception});
            }
            if (exception instanceof MalformedURLException) {
                throw ((MalformedURLException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw new IOException(exception.getMessage());
        }
    }

    public SSLEngine getEngine(Socket socket, InputStream inputStream) throws IOException {
        return new SSLEngineImpl(socket, inputStream, this.sslConfig, this.sslContext);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$channel$engine$SSLEngineFactory == null) {
            cls = class$(CLASS_NAME);
            class$com$ibm$ws$ssl$channel$engine$SSLEngineFactory = cls;
        } else {
            cls = class$com$ibm$ws$ssl$channel$engine$SSLEngineFactory;
        }
        tc = Tr.register(cls, SSLChannelConstants.SSL_TRACE_NAME, SSLChannelConstants.SSL_BUNDLE);
    }
}
