package com.ibm.ws.ssl.provider;

import com.ibm.etools.wdt.server.core.WDTConstants;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.JSSEProvider;
import com.ibm.websphere.ssl.SSLConfig;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.util.StreamHandlerUtils;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.ThreadManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.ws.ssl.core.WSPKCSInKeyStore;
import com.ibm.ws.ssl.core.WSPKCSInKeyStoreList;
import com.ibm.ws.ssl.core.WSX509KeyManager;
import com.ibm.ws.ssl.core.WSX509TrustManager;
import com.ibm.ws.ssl.internal.TraceConstants;
import java.net.URLStreamHandler;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.ssl_1.0.3.jar:com/ibm/ws/ssl/provider/AbstractJSSEProvider.class */
public abstract class AbstractJSSEProvider implements JSSEProvider {
    protected static final String URL_HANDLER_PROP = "java.protocol.handler.pkgs";
    private static final String PKGNAME_DELIMITER = "|";
    private String keyManager = null;
    private String trustManager = null;
    private String contextProvider = null;
    private String keyStoreProvider = null;
    private String socketFactory = null;
    private String protocolPackageHandler = null;
    private String defaultProtocol = null;
    private static final TraceComponent tc = Tr.register((Class<?>) AbstractJSSEProvider.class, "SSL", TraceConstants.MESSAGE_BUNDLE);
    private static final WSPKCSInKeyStoreList pkcsStoreList = new WSPKCSInKeyStoreList();
    private static final Map<SSLConfig, SSLContext> sslContextCacheJAVAX = new HashMap();
    private static boolean handlersInitialized = false;
    private static final PrivilegedAction<ClassLoader> getCtxClassLoader = new PrivilegedAction<ClassLoader>() { // from class: com.ibm.ws.ssl.provider.AbstractJSSEProvider.3
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public ClassLoader run() {
            return Thread.currentThread().getContextClassLoader();
        }
    };

    /* JADX INFO: Access modifiers changed from: protected */
    public void initialize(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this.keyManager = str;
        this.trustManager = str2;
        this.contextProvider = str3;
        this.keyStoreProvider = str4;
        this.socketFactory = str5;
        this.protocolPackageHandler = str6;
        this.defaultProtocol = str7;
        if (str6 != null) {
            registerPackage(str6);
            if (handlersInitialized) {
                return;
            }
            addHandlers(str6);
        }
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getSSLProtocolPackageHandler() {
        return this.protocolPackageHandler;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getDefaultProtocol() {
        return this.defaultProtocol;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getKeyManager() {
        return this.keyManager;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getTrustManager() {
        return this.trustManager;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getContextProvider() {
        return this.contextProvider;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String getSocketFactory() {
        return this.socketFactory;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public String[] getCiphersForSecurityLevel(boolean z, String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "getCiphersForSecurityLevel: ", Boolean.valueOf(z), str);
        }
        return Constants.adjustSupportedCiphersToSecurityLevel(z ? ((SSLSocketFactory) SSLSocketFactory.getDefault()).getSupportedCipherSuites() : ((SSLServerSocketFactory) SSLServerSocketFactory.getDefault()).getSupportedCipherSuites(), str);
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public SSLContext getSSLContext(Map<String, Object> map, SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLContext", map);
        }
        SSLContext sSLContext = sslContextCacheJAVAX.get(sSLConfig);
        setOutboundConnectionInfoInternal(map);
        if (sSLContext != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSSLContext -> (from cache)");
            }
            return sSLContext;
        }
        SSLContext sSLContextInstance = getSSLContextInstance(sSLConfig);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        getKeyTrustManagers(map, sSLConfig, arrayList, arrayList2);
        if (arrayList.isEmpty() || arrayList2.isEmpty()) {
            throw new SSLException("Null trust or key managers.");
        }
        sSLContextInstance.init((KeyManager[]) arrayList.toArray(new KeyManager[arrayList.size()]), (TrustManager[]) arrayList2.toArray(new TrustManager[arrayList2.size()]), null);
        if (sslContextCacheJAVAX.size() > 100) {
            Iterator<SSLConfig> it = sslContextCacheJAVAX.keySet().iterator();
            for (SSLConfig sSLConfig2 : new SSLConfig[]{it.next(), it.next(), it.next(), it.next(), it.next()}) {
                sslContextCacheJAVAX.remove(sSLConfig2);
            }
        }
        sslContextCacheJAVAX.put(sSLConfig, sSLContextInstance);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "SSLContext cache size: " + sslContextCacheJAVAX.size(), new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLContext -> (new)");
        }
        return sSLContextInstance;
    }

    private void getKeyTrustManagers(Map<String, Object> map, SSLConfig sSLConfig, List<KeyManager> list, List<TrustManager> list2) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyTrustManagers", map, sSLConfig);
        }
        TrustManagerFactory trustManagerFactory = null;
        KeyManagerFactory keyManagerFactory = null;
        KeyStore keyStore = null;
        KeyStore keyStore2 = null;
        String str = map != null ? (String) map.get("com.ibm.ssl.direction") : "unknown";
        try {
            String sSLContextProperty = getSSLContextProperty(Constants.SSLPROP_TRUST_STORE_NAME, sSLConfig);
            WSKeyStore wSKeyStore = null;
            if (sSLContextProperty != null) {
                wSKeyStore = KeyStoreManager.getInstance().getKeyStore(sSLContextProperty);
            }
            String sSLContextProperty2 = wSKeyStore != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PROVIDER, wSKeyStore) : getSSLContextProperty(Constants.SSLPROP_TRUST_STORE_PROVIDER, sSLConfig);
            String sSLContextProperty3 = wSKeyStore != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE, wSKeyStore) : getSSLContextProperty(Constants.SSLPROP_TRUST_STORE, sSLConfig);
            String sSLContextProperty4 = wSKeyStore != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PASSWORD, wSKeyStore) : getSSLContextProperty(Constants.SSLPROP_TRUST_STORE_PASSWORD, sSLConfig);
            String sSLContextProperty5 = wSKeyStore != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_TYPE, wSKeyStore) : getSSLContextProperty(Constants.SSLPROP_TRUST_STORE_TYPE, sSLConfig);
            String sSLContextProperty6 = getSSLContextProperty(Constants.SSLPROP_KEY_STORE_NAME, sSLConfig);
            WSKeyStore wSKeyStore2 = null;
            if (sSLContextProperty6 != null) {
                wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(sSLContextProperty6);
            }
            String sSLContextProperty7 = wSKeyStore2 != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PROVIDER, wSKeyStore2) : getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PROVIDER, sSLConfig);
            String sSLContextProperty8 = wSKeyStore2 != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE, wSKeyStore2) : getSSLContextProperty(Constants.SSLPROP_KEY_STORE, sSLConfig);
            String sSLContextProperty9 = wSKeyStore2 != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PASSWORD, wSKeyStore2) : getSSLContextProperty(Constants.SSLPROP_KEY_STORE_PASSWORD, sSLConfig);
            String sSLContextProperty10 = wSKeyStore2 != null ? getSSLContextProperty(Constants.SSLPROP_KEY_STORE_TYPE, wSKeyStore2) : getSSLContextProperty(Constants.SSLPROP_KEY_STORE_TYPE, sSLConfig);
            boolean z = false;
            boolean z2 = false;
            String sSLContextProperty11 = getSSLContextProperty(Constants.SSLPROP_CONTEXT_PROVIDER, sSLConfig);
            String sSLContextProperty12 = getSSLContextProperty(Constants.SSLPROP_KEY_MANAGER, sSLConfig);
            String sSLContextProperty13 = getSSLContextProperty(Constants.SSLPROP_TRUST_MANAGER, sSLConfig);
            String sSLContextProperty14 = getSSLContextProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION, sSLConfig);
            String sSLContextProperty15 = getSSLContextProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS, sSLConfig);
            String sSLContextProperty16 = getSSLContextProperty(Constants.SSLPROP_KEY_STORE_SERVER_ALIAS, sSLConfig);
            String sSLContextProperty17 = getSSLContextProperty(Constants.SSLPROP_TOKEN_LIBRARY, sSLConfig);
            String sSLContextProperty18 = getSSLContextProperty(Constants.SSLPROP_TOKEN_PASSWORD, sSLConfig);
            String sSLContextProperty19 = getSSLContextProperty(Constants.SSLPROP_TOKEN_TYPE, sSLConfig);
            String sSLContextProperty20 = getSSLContextProperty(Constants.SSLPROP_TOKEN_SLOT, sSLConfig);
            int intValue = sSLContextProperty20 != null ? Integer.valueOf(sSLContextProperty20).intValue() : 0;
            char[] cArr = null;
            if (sSLContextProperty3 != null && sSLContextProperty4 != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using trust store: " + sSLContextProperty3, new Object[0]);
                }
                keyStore2 = KeyStoreManager.getInstance().getKeyStore(sSLContextProperty, sSLContextProperty5, sSLContextProperty2, sSLContextProperty3, sSLContextProperty4, false, sSLConfig);
            } else if (sSLContextProperty17 != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No trust store specified, but found hardware crypto", new Object[0]);
                }
                WSPKCSInKeyStore insert = pkcsStoreList.insert(sSLContextProperty19, sSLContextProperty17, sSLContextProperty18, false, sSLContextProperty11, false);
                if (insert != null) {
                    keyStore2 = insert.getTS();
                    trustManagerFactory = insert.getTMF();
                    z = true;
                }
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No trust store specified and no hardware crypto defined", new Object[0]);
                }
                if (!str.equals("inbound") || !sSLContextProperty14.equals("false")) {
                    throw new IllegalArgumentException("Invalid trust file name of null");
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "trust store permitted to be null since this is inbound and client auth is false", new Object[0]);
                }
            }
            if (!z) {
                trustManagerFactory = getTrustManagerFactoryInstance(sSLContextProperty13, sSLContextProperty11);
                String property = System.getProperty(Constants.SSLPROP_LDAP_CERT_STORE_HOST);
                String property2 = System.getProperty(Constants.SSLPROP_LDAP_CERT_STORE_PORT);
                int parseInt = property2 == null ? 389 : Integer.parseInt(property2);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "certStoreHost: " + property, new Object[0]);
                    Tr.debug(tc, "certStorePort: " + parseInt, new Object[0]);
                    Tr.debug(tc, "trustManagerAlgorithm: " + trustManagerFactory.getAlgorithm(), new Object[0]);
                }
                if (property != null && trustManagerFactory != null && trustManagerFactory.getAlgorithm().equals("IbmPKIX")) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding ldap cert store " + property + ":" + parseInt + " ", new Object[0]);
                    }
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore2, new X509CertSelector());
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("LDAP", new LDAPCertStoreParameters(property, parseInt)));
                    pKIXBuilderParameters.setRevocationEnabled(true);
                    trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                } else if (null != trustManagerFactory) {
                    trustManagerFactory.init(keyStore2);
                }
            }
            if (sSLContextProperty8 != null && sSLContextProperty9 != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using software keystore: " + sSLContextProperty8, new Object[0]);
                }
                if (sSLContextProperty10.equals(sSLContextProperty5) && sSLContextProperty8.equals(sSLContextProperty3) && sSLContextProperty9.equals(sSLContextProperty4)) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Reusing key store from Trust Manager", new Object[0]);
                    }
                    keyStore = keyStore2;
                } else {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating new key store for Key Manager", new Object[0]);
                    }
                    keyStore = KeyStoreManager.getInstance().getKeyStore(sSLContextProperty6, sSLContextProperty10, sSLContextProperty7, sSLContextProperty8, sSLContextProperty9, false, sSLConfig);
                }
                cArr = WSKeyStore.decodePassword(sSLContextProperty9).toCharArray();
            } else {
                if (sSLContextProperty17 == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "No key store specified and no hardware crypto defined", new Object[0]);
                    }
                    throw new IllegalArgumentException("No key store specified and no hardware crypto defined");
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "No key store specified, but found hardware crypto", new Object[0]);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Reusing key store from Trust Manager", new Object[0]);
                }
                WSPKCSInKeyStore insert2 = pkcsStoreList.insert(sSLContextProperty19, sSLContextProperty17, sSLContextProperty18, true, sSLContextProperty11, false);
                if (insert2 != null) {
                    keyStore = insert2.getKS();
                    keyManagerFactory = insert2.getKMF();
                    z2 = true;
                }
            }
            if (!z2) {
                keyManagerFactory = getKeyManagerFactoryInstance(sSLContextProperty12, sSLContextProperty11);
                try {
                    keyManagerFactory.init(keyStore, cArr);
                } catch (UnrecoverableKeyException e) {
                    throw new UnrecoverableKeyException(e.getMessage() + ": invalid password for file '" + sSLContextProperty8 + "'");
                }
            }
            WSX509KeyManager wSX509KeyManager = new WSX509KeyManager(keyStore, cArr, keyManagerFactory, sSLConfig, null);
            if (sSLContextProperty16 != null && sSLContextProperty16.length() > 0) {
                wSX509KeyManager.setServerAlias(sSLContextProperty16, intValue);
            }
            if (sSLContextProperty15 != null && sSLContextProperty15.length() > 0) {
                wSX509KeyManager.setClientAlias(sSLContextProperty15, intValue);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing WSX509KeyManager.", sSLContextProperty16, sSLContextProperty15, sSLContextProperty20);
            }
            list.add(wSX509KeyManager);
            list2.add(new WSX509TrustManager(trustManagerFactory.getTrustManagers(), map, sSLConfig, keyStore2, sSLContextProperty3, sSLContextProperty4));
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getKeyTrustManagers");
            }
        } catch (Exception e2) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught during init, " + e2, new Object[0]);
            }
            FFDCFilter.processException(e2, getClass().getName(), "getKeyTrustManagers", this);
            throw e2;
        }
    }

    private String getSSLContextProperty(String str, Properties properties) {
        String property;
        if (properties != null) {
            property = properties.getProperty(str);
        } else {
            property = System.getProperty(str);
            if (property == null) {
                property = SSLConfigManager.getInstance().getGlobalProperty(str);
            }
        }
        return property;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public URLStreamHandler getURLStreamHandler(SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getURLStreamHandler", new Object[0]);
        }
        Properties properties = null;
        try {
            try {
                properties = ThreadManager.getInstance().getPropertiesOnThread();
                ThreadManager.getInstance().setPropertiesOnThread(sSLConfig);
                URLStreamHandler handler = getHandler();
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "getURLStreamHandler");
                }
                ThreadManager.getInstance().setPropertiesOnThread(properties);
                return handler;
            } catch (Exception e) {
                FFDCFilter.processException(e, getClass().getName(), "getURLStreamHandler", this);
                if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                    Tr.exit(tc, "The following exception occurred in getURLStreamHandler().", new Object[]{e});
                }
                if (e instanceof SSLException) {
                    throw ((SSLException) e);
                }
                throw new SSLException(e);
            }
        } catch (Throwable th) {
            ThreadManager.getInstance().setPropertiesOnThread(properties);
            throw th;
        }
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public SSLServerSocketFactory getSSLServerSocketFactory(SSLConfig sSLConfig) throws SSLException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLServerSocketFactory", new Object[0]);
        }
        try {
            SSLContext sSLContext = getSSLContext(null, sSLConfig);
            if (sSLContext == null) {
                throw new SSLException("SSLContext could not be created to return an SSLServerSocketFactory.");
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSSLServerSocketFactory");
            }
            return sSLContext.getServerSocketFactory();
        } catch (Exception e) {
            FFDCFilter.processException(e, getClass().getName(), "getSSLServerSocketFactory", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "The following exception occurred in getSSLServerSocketFactory().", new Object[]{e});
            }
            if (e instanceof SSLException) {
                throw ((SSLException) e);
            }
            throw new SSLException(e);
        }
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public SSLSocketFactory getSSLSocketFactory(Map<String, Object> map, SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLSocketFactory", map);
        }
        SSLContext sSLContext = getSSLContext(map, sSLConfig);
        if (sSLContext == null) {
            throw new SSLException("SSLContext could not be created to return an SSLSocketFactory.");
        }
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLSocketFactory -> " + socketFactory.getClass().getName());
        }
        return socketFactory;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public SSLContext getSSLContextInstance(SSLConfig sSLConfig) throws SSLException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLContextInstance", new Object[0]);
        }
        final String property = sSLConfig.getProperty(Constants.SSLPROP_CONTEXT_PROVIDER);
        final String property2 = sSLConfig.getProperty(Constants.SSLPROP_PROTOCOL);
        String property3 = sSLConfig.getProperty(Constants.SSLPROP_ALIAS);
        String property4 = sSLConfig.getProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM);
        if (property2 == null) {
            throw new IllegalArgumentException("Protocol is not specified.");
        }
        try {
            SSLContext sSLContext = (SSLContext) AccessController.doPrivileged(new PrivilegedExceptionAction<SSLContext>() { // from class: com.ibm.ws.ssl.provider.AbstractJSSEProvider.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SSLContext run() throws NoSuchAlgorithmException, NoSuchProviderException {
                    return property != null ? SSLContext.getInstance(property2, property) : SSLContext.getInstance(property2);
                }
            });
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "getSSLContextInstance");
            }
            return sSLContext;
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting SSL context.", exception);
            }
            if (exception instanceof NoSuchAlgorithmException) {
                String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.no.such.algorithm.CWPKI0028E", new Object[]{property2, property3, property4, exception.getMessage()}, "CWPKI0028E: SSL handshake protocol " + property2 + " is not valid.  This protocol is specified in the SSL configuration alias " + property3 + " loaded from SSL configuration file " + property4 + ".  The extended error message is: " + exception.getMessage() + ".");
                Tr.error(tc, "ssl.no.such.algorithm.CWPKI0028E", property2, property3, property4, exception.getMessage());
                throw new SSLException(formattedMessage, exception);
            }
            if (!(exception instanceof NoSuchProviderException)) {
                throw new SSLException(exception);
            }
            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.invalid.context.provider.CWPKI0029E", new Object[]{Constants.IBMJSSE2_NAME, property3, property4, exception.getMessage()}, "CWPKI0029E: SSL context provider IBMJSSE2 is not valid.  This provider is specified in the SSL configuration alias " + property3 + " loaded from SSL configuration file " + property4 + ".  The extended error message is: " + exception.getMessage() + ".");
            Tr.error(tc, "ssl.invalid.context.provider.CWPKI0029E", Constants.IBMJSSE2_NAME, property3, property4, exception.getMessage());
            throw new SSLException(formattedMessage2, exception);
        }
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public TrustManagerFactory getTrustManagerFactoryInstance() throws NoSuchAlgorithmException, NoSuchProviderException {
        return getTrustManagerFactoryInstance(getTrustManager(), getContextProvider());
    }

    public TrustManagerFactory getTrustManagerFactoryInstance(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        String[] split;
        String str3 = str;
        String str4 = str2;
        if (str3.indexOf(124) != -1 && (split = str3.split("\\|")) != null && split.length == 2) {
            str3 = split[0];
            str4 = split[1];
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str3, str4);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "getTrustManagerFactory.getInstance(" + str3 + ", " + str4 + ")" + trustManagerFactory, new Object[0]);
        }
        return trustManagerFactory;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public KeyManagerFactory getKeyManagerFactoryInstance() throws NoSuchAlgorithmException, NoSuchProviderException {
        return getKeyManagerFactoryInstance(getKeyManager(), getContextProvider());
    }

    public KeyManagerFactory getKeyManagerFactoryInstance(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        String[] split;
        String str3 = str;
        String str4 = str2;
        if (str3.indexOf(124) != -1 && (split = str3.split("\\|")) != null && split.length == 2) {
            str3 = split[0];
            str4 = split[1];
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str3, str4);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "getKeyManagerFactory.getInstance(" + str3 + ", " + str4 + ") " + keyManagerFactory, new Object[0]);
        }
        return keyManagerFactory;
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public KeyStore getKeyStoreInstance(String str, String str2) throws KeyStoreException, NoSuchProviderException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyStore.getInstance(" + str + ", " + str2 + ")", new Object[0]);
        }
        String str3 = str2;
        if (null == str3) {
            str3 = getKeyStoreProvider();
        }
        return null == str3 ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str3);
    }

    @Override // com.ibm.websphere.ssl.JSSEProvider
    public void setServerDefaultSSLContext(SSLConfig sSLConfig) throws Exception {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerDefaultSSLContext", new Object[0]);
        }
        SSLContext sSLContext = getSSLContext(null, sSLConfig);
        if (sSLContext != null) {
            SSLContext.setDefault(sSLContext);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerDefaultSSLContext");
        }
    }

    protected static void registerPackage(String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "registerPackage -> " + str, new Object[0]);
        }
        ArrayList arrayList = new ArrayList();
        String property = System.getProperty(URL_HANDLER_PROP);
        if (property != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Current package list: " + property, new Object[0]);
            }
            StringTokenizer stringTokenizer = new StringTokenizer(property, PKGNAME_DELIMITER);
            while (stringTokenizer.hasMoreTokens()) {
                arrayList.add(stringTokenizer.nextToken());
            }
        }
        if (arrayList.contains(str)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "registerPackage");
                return;
            }
            return;
        }
        arrayList.add(str);
        final StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            if (it.hasNext()) {
                sb.append('|');
            }
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.ssl.provider.AbstractJSSEProvider.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                System.setProperty(AbstractJSSEProvider.URL_HANDLER_PROP, sb.toString());
                return null;
            }
        });
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "registerPackage");
        }
    }

    public URLStreamHandler getHandler() throws Exception {
        String str = getSSLProtocolPackageHandler() + ".https.Handler";
        try {
            ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(getCtxClassLoader);
            return classLoader != null ? (URLStreamHandler) classLoader.loadClass(str).newInstance() : (URLStreamHandler) Class.forName(str).newInstance();
        } catch (Exception e) {
            FFDCFilter.processException(e, getClass().getName(), "getHandler", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception loading https stream handler.", e);
            }
            Tr.error(tc, "ssl.load.https.stream.handler.CWPKI0025E", str, e.getMessage());
            throw e;
        }
    }

    protected static void addHandlers(String str) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "addHandlers", str);
        }
        if (!handlersInitialized) {
            setDefaultSocketFactories();
            try {
                StreamHandlerUtils.create();
                if (!queryProvider(WDTConstants.HTTPS_PROTOCOL)) {
                    String str2 = str + ".https.Handler";
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding handler: " + str2, new Object[0]);
                    }
                    addProvider(WDTConstants.HTTPS_PROTOCOL, str2);
                }
                if (System.getProperty(org.eclipse.osgi.framework.internal.core.Constants.JVM_OS_NAME).equalsIgnoreCase("z/OS")) {
                    if (!queryProvider("safkeyring")) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding handler:  com.ibm.crypto.provider.safkeyring.Handler", new Object[0]);
                        }
                        addProvider("safkeyring", "com.ibm.crypto.provider.safkeyring.Handler");
                    }
                    if (!queryProvider("safkeyringhw")) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding handler: com.ibm.crypto.hdwrCCA.provider.safkeyring.Handler", new Object[0]);
                        }
                        addProvider("safkeyringhw", "com.ibm.crypto.hdwrCCA.provider.safkeyring.Handler");
                    }
                    if (!queryProvider("safkeyringhybrid")) {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding handler: com.ibm.crypto.ibmjcehybrid.provider.safkeyring.Handler", new Object[0]);
                        }
                        addProvider("safkeyringhybrid", "com.ibm.crypto.ibmjcehybrid.provider.safkeyring.Handler");
                    }
                }
                handlersInitialized = true;
            } catch (Throwable th) {
                FFDCFilter.processException(th, AbstractJSSEProvider.class.getName(), "addHandlers");
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to set safkeyring stream handler", th);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "addHandlers");
        }
    }

    protected static void setDefaultSocketFactories() {
    }

    private X509KeyManager loadCustomKeyManager(String str) throws Exception {
        X509KeyManager x509KeyManager = null;
        try {
            ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(getCtxClassLoader);
            if (classLoader != null) {
                try {
                    x509KeyManager = (X509KeyManager) classLoader.loadClass(str).newInstance();
                } catch (Exception e) {
                }
            }
            if (x509KeyManager == null) {
                x509KeyManager = (X509KeyManager) Class.forName(str).newInstance();
            }
            return x509KeyManager;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, getClass().getName(), "loadCustomKeyManager", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception loading custom KeyManager.", e2);
            }
            Tr.error(tc, "ssl.load.keymanager.error.CWPKI0021E", str, e2.getMessage());
            throw e2;
        }
    }

    private X509TrustManager loadCustomTrustManager(String str) throws Exception {
        X509TrustManager x509TrustManager = null;
        try {
            ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(getCtxClassLoader);
            if (classLoader != null) {
                try {
                    x509TrustManager = (X509TrustManager) classLoader.loadClass(str).newInstance();
                } catch (Exception e) {
                }
            }
            if (x509TrustManager == null) {
                x509TrustManager = (X509TrustManager) Class.forName(str).newInstance();
            }
            return x509TrustManager;
        } catch (Exception e2) {
            FFDCFilter.processException(e2, getClass().getName(), "loadCustomTrustManager", this);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception loading custom TrustManager.", e2);
            }
            Tr.error(tc, "ssl.load.trustmanager.error.CWPKI0020E", str, e2.getMessage());
            throw e2;
        }
    }

    private static boolean queryProvider(String str) {
        return StreamHandlerUtils.queryProvider(str);
    }

    private static void addProvider(String str, String str2) {
        try {
            StreamHandlerUtils.addProvider(str, str2);
        } catch (Exception e) {
            FFDCFilter.processException(e, AbstractJSSEProvider.class.getName(), "addProvider");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception: " + e, new Object[0]);
            }
        }
    }

    public static void clearSSLContextCache() {
        if (sslContextCacheJAVAX == null || sslContextCacheJAVAX.size() <= 0) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Clearing standard javax.net.ssl.SSLContext cache.", new Object[0]);
        }
        sslContextCacheJAVAX.clear();
    }

    private void setOutboundConnectionInfoInternal(Map<String, Object> map) {
        String str;
        Map<String, Object> map2 = null;
        if (map != null && (str = (String) map.get("com.ibm.ssl.direction")) != null && str.length() > 0 && str.equalsIgnoreCase("outbound")) {
            map2 = map;
        }
        ThreadManager.getInstance().setOutboundConnectionInfoInternal(map2);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "outboundConnectionInfo: " + map2, new Object[0]);
        }
    }
}
