package com.ibm.ws.ssl.core;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfig;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.internal.TraceConstants;
import com.ibm.wsspi.ssl.KeyManagerExtendedInfo;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.ssl_1.0.1.jar:com/ibm/ws/ssl/core/WSX509KeyManager.class */
public final class WSX509KeyManager extends X509ExtendedKeyManager implements X509KeyManager {
    private static final TraceComponent tc = Tr.register((Class<?>) WSX509KeyManager.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private SSLConfig config;
    private KeyStore ks;
    private KeyManager[] kmList;
    private X509KeyManager km;
    private X509KeyManager customKM;
    private CertMappingKeyManager certMappingKeyManager;
    private String clientAlias = null;
    private String serverAlias = null;

    public WSX509KeyManager(KeyStore keyStore, char[] cArr, KeyManagerFactory keyManagerFactory, SSLConfig sSLConfig, X509KeyManager x509KeyManager) {
        this.config = null;
        this.ks = null;
        this.kmList = null;
        this.km = null;
        this.customKM = null;
        this.certMappingKeyManager = null;
        this.ks = keyStore;
        this.kmList = keyManagerFactory.getKeyManagers();
        this.certMappingKeyManager = new CertMappingKeyManager();
        if (this.kmList != null) {
            this.km = (X509KeyManager) this.kmList[0];
        }
        this.config = sSLConfig;
        this.customKM = x509KeyManager;
        if (this.customKM == null || !(this.customKM instanceof KeyManagerExtendedInfo)) {
            return;
        }
        if (sSLConfig != null) {
            ((KeyManagerExtendedInfo) this.customKM).setSSLConfig(sSLConfig);
        }
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        X509KeyManager x509KeyManager2 = null;
        if (keyManagers != null && keyManagers[0] != null) {
            x509KeyManager2 = (X509KeyManager) keyManagers[0];
        }
        if (x509KeyManager2 != null) {
            ((KeyManagerExtendedInfo) this.customKM).setDefaultX509KeyManager(x509KeyManager2);
        }
        if (keyStore != null) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStore(keyStore);
        }
    }

    public void setClientAlias(String str, int i) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "setClientAlias", str, Integer.valueOf(i));
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty(Constants.SSLPROP_KEY_STORE);
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.client.alias.not.found.CWPKI0023E", new Object[]{str, property != null ? property : this.config.getProperty(Constants.SSLPROP_TOKEN_LIBRARY)}, "Client alias " + str + " not found in keystore.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.clientAlias = str;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreClientAlias(str);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "setClientAlias");
        }
    }

    public void setServerAlias(String str, int i) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerAlias", str, Integer.valueOf(i));
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty(Constants.SSLPROP_KEY_STORE);
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.server.alias.not.found.CWPKI0024E", new Object[]{str, property != null ? property : this.config.getProperty(Constants.SSLPROP_TOKEN_LIBRARY)}, "Server alias " + str + " not found in keystore.");
            Tr.error(tc, formattedMessage, new Object[0]);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.serverAlias = str;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreServerAlias(str);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerAlias");
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", strArr, principalArr, socket);
        }
        try {
            if (this.customKM != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseClientAlias -> " + this.customKM.getClass().getName());
                }
                return this.customKM.chooseClientAlias(strArr, principalArr, socket);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias");
            }
            return chooseClientAlias(strArr[0], principalArr);
        } catch (Throwable th) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception in chooseClientAlias.", th);
            }
            FFDCFilter.processException(th, getClass().getName(), "chooseClientAlias", this);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", str, principalArr, socket);
        }
        try {
            if (this.customKM != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseServerAlias -> " + this.customKM.getClass().getName());
                }
                return this.customKM.chooseServerAlias(str, principalArr, socket);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias");
            }
            return chooseServerAlias(str, principalArr);
        } catch (Throwable th) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception in chooseServerAlias.", th);
            }
            FFDCFilter.processException(th, getClass().getName(), "chooseServerAlias", this);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    public String chooseClientAlias(String str, Principal[] principalArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", str, principalArr);
        }
        Map<String, Object> outboundConnectionInfo = JSSEHelper.getInstance().getOutboundConnectionInfo();
        if (outboundConnectionInfo != null && "IIOP".equals(outboundConnectionInfo.get("com.ibm.ssl.endPointName")) && !SSLConfigManager.getInstance().isClientAuthenticationEnabled()) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "chooseClientAlias: null");
            return null;
        }
        if (this.clientAlias == null || this.clientAlias.equals("")) {
            String chooseClientAlias = this.km.chooseClientAlias(new String[]{str}, principalArr, null);
            if (this.ks.getType() != null && !this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) && !this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS) && chooseClientAlias != null) {
                chooseClientAlias = chooseClientAlias.toLowerCase();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias (from JSSE)", new Object[]{chooseClientAlias});
            }
            return chooseClientAlias;
        }
        String[] clientAliases = this.km.getClientAliases(str, principalArr);
        if (clientAliases != null) {
            boolean z = false;
            for (int i = 0; i < clientAliases.length && !z; i++) {
                if (this.clientAlias.equalsIgnoreCase(clientAliases[i])) {
                    z = true;
                }
            }
            if (z) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseClientAlias", new Object[]{this.clientAlias});
                }
                return (this.ks.getType() == null || !(this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) || this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS))) ? this.clientAlias.toLowerCase() : this.clientAlias;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseClientAlias (default)", new Object[]{this.clientAlias});
        }
        return this.clientAlias;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        String chooseServerAlias;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseEngineServerAlias", str, principalArr, sSLEngine);
        }
        if (null == this.customKM || !(this.customKM instanceof X509ExtendedKeyManager)) {
            chooseServerAlias = chooseServerAlias(str, principalArr);
        } else {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "chooseEngineServerAlias, using customKM -> " + this.customKM.getClass().getName(), new Object[0]);
            }
            chooseServerAlias = ((X509ExtendedKeyManager) this.customKM).chooseEngineServerAlias(str, principalArr, sSLEngine);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseEngineServerAlias: " + chooseServerAlias);
        }
        return chooseServerAlias;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        String chooseClientAlias;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseEngineClientAlias", strArr, principalArr, sSLEngine);
        }
        if (null == this.customKM || !(this.customKM instanceof X509ExtendedKeyManager)) {
            chooseClientAlias = chooseClientAlias(strArr[0], principalArr);
        } else {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "chooseEngineClientAlias, using customKM -> " + this.customKM.getClass().getName(), new Object[0]);
            }
            chooseClientAlias = ((X509ExtendedKeyManager) this.customKM).chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseEngineClientAlias");
        }
        return chooseClientAlias;
    }

    public String chooseServerAlias(String str, Principal[] principalArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", str, principalArr);
        }
        Map<String, Object> inboundConnectionInfo = JSSEHelper.getInstance().getInboundConnectionInfo();
        String property = this.certMappingKeyManager.getProperty(CertMappingKeyManager.PROTOCOL_HTTPS_CERT_MAPPING_FILE);
        String str2 = null;
        Boolean bool = inboundConnectionInfo != null ? (Boolean) inboundConnectionInfo.get("com.ibm.ssl.isWebContainerInbound") : null;
        if (bool != null && bool.booleanValue() && property != null) {
            str2 = this.certMappingKeyManager.chooseServerAlias(str, principalArr, null);
        }
        if (str2 != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias", new Object[]{str2});
            }
            return str2;
        }
        if (this.serverAlias == null || this.serverAlias.equals("")) {
            String chooseServerAlias = this.km.chooseServerAlias(str, principalArr, null);
            if (this.ks.getType() != null && !this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) && !this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS) && chooseServerAlias != null) {
                chooseServerAlias = chooseServerAlias.toLowerCase();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias (from JSSE)", new Object[]{chooseServerAlias});
            }
            return chooseServerAlias;
        }
        String[] serverAliases = this.km.getServerAliases(str, principalArr);
        if (serverAliases != null) {
            boolean z = false;
            for (int i = 0; i < serverAliases.length && !z; i++) {
                if (this.serverAlias.equalsIgnoreCase(serverAliases[i])) {
                    z = true;
                }
            }
            if (z) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseServerAlias", new Object[]{this.serverAlias});
                }
                return (this.ks.getType() == null || !(this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) || this.ks.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS))) ? this.serverAlias.toLowerCase() : this.serverAlias;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseServerAlias (default)", new Object[]{this.serverAlias});
        }
        return this.serverAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getClientAliases", str, principalArr);
        }
        String[] clientAliases = getX509KeyManager().getClientAliases(str, principalArr);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getClientAliases", clientAliases);
        }
        return clientAliases;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerAliases", str, principalArr);
        }
        String[] serverAliases = getX509KeyManager().getServerAliases(str, principalArr);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerAliases", serverAliases);
        }
        return serverAliases;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateKey", str);
        }
        PrivateKey privateKey = getX509KeyManager().getPrivateKey(str);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateKey -> " + (null != privateKey));
        }
        return privateKey;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateChain: " + str, new Object[0]);
        }
        X509Certificate[] certificateChain = getX509KeyManager().getCertificateChain(str);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificateChain", certificateChain);
        }
        return certificateChain;
    }

    public X509KeyManager getX509KeyManager() {
        if (this.customKM != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "getX509KeyManager -> " + this.customKM.getClass().getName(), new Object[0]);
            }
            return this.customKM;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "getX509KeyManager -> " + this.km.getClass().getName(), new Object[0]);
        }
        return this.km;
    }
}
