package com.ibm.ws.ssl.core;

import com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.JSSEProvider;
import com.ibm.ws.ssl.JSSEProviderFactory;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.StringReader;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.Security;
import java.util.Stack;
import java.util.prefs.Preferences;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:runtimes/com.ibm.ws.webservices.thinclient_6.1.0.jar:com/ibm/ws/ssl/core/WSPKCSInKeyStore.class */
public final class WSPKCSInKeyStore {
    private static final TraceComponent tc;
    private static final String LINE_SEPARATOR;
    private KeyManagerFactory kmf;
    private KeyStore ks;
    private TrustManagerFactory tmf;
    private KeyStore ts;
    private static Provider hwProvider;
    private String tokenLib_key;
    private String tokenType_key;
    private String tokenLib_trust;
    private String tokenType_trust;
    private static String pkcsType;
    private static String pkcsProvider;
    public static final int DEFAULT_SLOT = 0;
    public static final int SLOT_NOT_SPECIFIED = -1;
    static Class class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl;
    static Class class$com$ibm$ws$ssl$core$WSPKCSInKeyStore;
    private JSSEProvider jsseProvider = null;
    private Stack providerInstancePool = new Stack();
    private int noOfWorkerThreads = 0;
    private int noOfProvidersCreated = 0;
    private BufferedReader fileReader = null;
    private StringBuffer tokenConfigBuffer = new StringBuffer();
    private String nameAttribute = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:runtimes/com.ibm.ws.webservices.thinclient_6.1.0.jar:com/ibm/ws/ssl/core/WSPKCSInKeyStore$AddHardwareProviderAction.class */
    public static class AddHardwareProviderAction implements PrivilegedAction {
        @Override // java.security.PrivilegedAction
        public Object run() {
            Security.addProvider(new IBMPKCS11Impl());
            return null;
        }
    }

    public WSPKCSInKeyStore(String str, String str2) throws Exception {
        initializePKCS11ImplProvider(str, str2);
    }

    public WSPKCSInKeyStore(String str) throws Exception {
        initializePKCS11ImplProvider(str);
    }

    public void asKeyStore(String str, String str2, String str3, String str4, boolean z) throws Exception {
        if ("IBMPKCS11Impl".equalsIgnoreCase(str4)) {
            str4 = hwProvider.getName();
        }
        this.jsseProvider = JSSEProviderFactory.getInstance(str4);
        try {
            if (this.tokenLib_key == null || this.tokenLib_key.compareToIgnoreCase(str2) != 0 || this.ks == null) {
                if (this.tokenLib_trust == null || str2.compareTo(this.tokenLib_trust) != 0 || this.ts == null) {
                    this.kmf = this.jsseProvider.getKeyManagerFactoryInstance();
                    this.ks = KeyStore.getInstance(pkcsType, hwProvider.getName());
                    if (!z) {
                        this.ks.load(null, str3.toCharArray());
                        this.kmf.init(this.ks, str3.toCharArray());
                    }
                } else {
                    this.kmf = this.jsseProvider.getKeyManagerFactoryInstance();
                    this.ks = this.ts;
                    if (!z) {
                        this.kmf.init(this.ts, str3.toCharArray());
                    }
                }
                this.tokenLib_key = new String(str2);
                this.tokenType_key = new String(str);
            }
        } catch (Exception e) {
            this.kmf = null;
            this.ks = null;
            this.tokenLib_key = null;
            this.tokenType_key = null;
            throw e;
        }
    }

    public void asTrustStore(String str, String str2, String str3, String str4, boolean z) throws Exception {
        this.jsseProvider = JSSEProviderFactory.getInstance(str4);
        try {
            if (this.tokenLib_trust == null || this.tokenLib_trust.compareToIgnoreCase(str2) != 0 || this.ts == null) {
                if (this.tokenLib_key == null || str2.compareTo(this.tokenLib_key) != 0 || this.ks == null) {
                    this.tmf = this.jsseProvider.getTrustManagerFactoryInstance();
                    this.ts = KeyStore.getInstance(pkcsType, hwProvider.getName());
                    if (!z) {
                        this.ts.load(null, str3.toCharArray());
                        this.tmf.init(this.ts);
                    }
                } else {
                    this.tmf = this.jsseProvider.getTrustManagerFactoryInstance();
                    this.ts = this.ks;
                    if (!z) {
                        this.tmf.init(this.ks);
                    }
                }
                this.tokenLib_trust = new String(str2);
                this.tokenType_trust = new String(str);
            }
        } catch (Exception e) {
            this.tmf = null;
            this.ts = null;
            this.tokenLib_trust = null;
            this.tokenType_trust = null;
            throw e;
        }
    }

    public KeyManagerFactory getKMF() {
        return this.kmf;
    }

    public KeyStore getKS() {
        return this.ks;
    }

    public TrustManagerFactory getTMF() {
        return this.tmf;
    }

    public KeyStore getTS() {
        return this.ts;
    }

    public String getlibName_key() {
        return this.tokenLib_key;
    }

    public String getlibName_trust() {
        return this.tokenLib_trust;
    }

    public String gettokType_key() {
        return this.tokenType_key;
    }

    public String gettokType_trust() {
        return this.tokenType_trust;
    }

    public void initializePKCS11ImplProvider(String str, String str2) throws Exception {
        Class cls;
        if (Security.getProvider("IBMPKCS11Impl") != null || str == null || str2 == null) {
            return;
        }
        if (class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl == null) {
            cls = class$(Constants.IBMPKCS11Impl);
            class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl = cls;
        } else {
            cls = class$com$ibm$crypto$pkcs11impl$provider$IBMPKCS11Impl;
        }
        Preferences userNodeForPackage = Preferences.userNodeForPackage(cls);
        userNodeForPackage.put("IBMPKCSImpl DLL", str);
        userNodeForPackage.put("IBMPKCSImpl password", str2);
        try {
            try {
                AccessController.doPrivileged(new AddHardwareProviderAction());
                if (userNodeForPackage != null) {
                    userNodeForPackage.remove("IBMPKCSImpl DLL");
                    userNodeForPackage.remove("IBMPKCSImpl password");
                }
                Security.getProvider("IBMPKCS11Impl");
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "249");
                throw e;
            }
        } catch (Throwable th) {
            if (userNodeForPackage != null) {
                userNodeForPackage.remove("IBMPKCSImpl DLL");
                userNodeForPackage.remove("IBMPKCSImpl password");
            }
            throw th;
        }
    }

    public void initializePKCS11ImplProvider(String str) throws Exception {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(this, str) { // from class: com.ibm.ws.ssl.core.WSPKCSInKeyStore.1
                private final String val$configFile;
                private final WSPKCSInKeyStore this$0;

                {
                    this.this$0 = this;
                    this.val$configFile = str;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Provider unused = WSPKCSInKeyStore.hwProvider = new IBMPKCS11Impl(this.val$configFile);
                    Security.addProvider(WSPKCSInKeyStore.hwProvider);
                    if (!WSPKCSInKeyStore.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(WSPKCSInKeyStore.tc, new StringBuffer().append("The provider: ").append(WSPKCSInKeyStore.hwProvider).append("is added at the end of the provider list").toString());
                    return null;
                }
            });
            convertFileToBuffer(str);
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot initialize IBMPKCS11Impl provider: ", new Object[]{exception});
            }
            FFDCFilter.processException(exception, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "259");
            throw exception;
        }
    }

    public Provider getHWCryptoProviderInstance(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHWCryptoProviderInstance(String)");
        }
        synchronized (this.providerInstancePool) {
            if (!this.providerInstancePool.empty()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "try to get the HW crypto provider instance from pool");
                }
                Provider provider = (Provider) this.providerInstancePool.pop();
                if (provider != null) {
                    return provider;
                }
            }
            this.noOfProvidersCreated++;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "continue creating new HW crypto provider instance");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(this.nameAttribute).append(this.noOfProvidersCreated).append(LINE_SEPARATOR).append(this.tokenConfigBuffer);
            try {
                return new IBMPKCS11Impl(new BufferedReader(new StringReader(stringBuffer.toString())));
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Cannot get the HW crypto provider instance").append(new Object[]{e}).toString());
                }
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.WSPKCSInKeyStore.getHWCryptoProviderInstance", "273", this);
                Tr.error(tc, "Cannot get the HW crypto provider instance", new Object[]{str, e.getMessage()});
                throw e;
            }
        }
    }

    private BufferedReader convertFileToBuffer(String str) throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            if (this.fileReader == null) {
                this.fileReader = new BufferedReader(new FileReader(str));
                while (true) {
                    try {
                        try {
                            String readLine = this.fileReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            String trim = readLine.trim();
                            if (trim.startsWith("name")) {
                                this.nameAttribute = trim;
                            } else {
                                this.tokenConfigBuffer.append(trim).append(LINE_SEPARATOR);
                            }
                        } catch (Throwable th) {
                            if (this.fileReader != null) {
                                try {
                                    this.fileReader.close();
                                } catch (IOException e) {
                                    FFDCFilter.processException(e, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "342");
                                    throw e;
                                }
                            }
                            throw th;
                        }
                    } catch (IOException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "333");
                        throw e2;
                    }
                }
                if (this.fileReader != null) {
                    try {
                        this.fileReader.close();
                    } catch (IOException e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "342");
                        throw e3;
                    }
                }
            }
            stringBuffer.append(this.nameAttribute).append(this.noOfProvidersCreated).append(LINE_SEPARATOR).append(this.tokenConfigBuffer);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Name attribute and other card related info: ").append(this.nameAttribute).append(":").append(this.tokenConfigBuffer.toString()).toString());
            }
            return new BufferedReader(new StringReader(stringBuffer.toString()));
        } catch (FileNotFoundException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.security.orbssl.WSPKCSInKeyStore", "352");
            throw e4;
        }
    }

    public Provider getHWCryptoProviderInstance(String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHWCryptoProviderInstance(String, String)");
        }
        synchronized (this.providerInstancePool) {
            if (!this.providerInstancePool.empty()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "try to get the HW crypto provider instance from pool");
                }
                Provider provider = (Provider) this.providerInstancePool.pop();
                if (provider != null) {
                    return provider;
                }
            }
            this.noOfProvidersCreated++;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "continue creating new HW provider instance");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(new StringBuffer().append("name=").append(new StringBuffer().append("thread-").append(this.noOfProvidersCreated).toString()).toString());
            stringBuffer.append(LINE_SEPARATOR);
            stringBuffer.append(new StringBuffer().append("library=").append(str).toString());
            stringBuffer.append(LINE_SEPARATOR);
            stringBuffer.append(new StringBuffer().append("slotListIndex=").append(str2).toString());
            stringBuffer.append(LINE_SEPARATOR);
            BufferedReader bufferedReader = new BufferedReader(new StringReader(stringBuffer.toString()));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getting new HW crypto provider instance : ").append(stringBuffer.toString()).toString());
            }
            try {
                return new IBMPKCS11Impl(bufferedReader);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Cannot get the HW crypto provider instance").append(new Object[]{e}).toString());
                }
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.WSPKCSInKeyStore.getHWCryptoProviderInstance", "273", this);
                Tr.error(tc, "Cannot get the HW crypto provider instance", new Object[]{str, str2, e.getMessage()});
                throw e;
            }
        }
    }

    public void returnHWCryptoProviderInstance(Provider provider) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "returnHWCryptoProviderInstance()");
        }
        if (provider != null) {
            this.providerInstancePool.push(provider);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "returnHWCryptoProviderInstance()");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$core$WSPKCSInKeyStore == null) {
            cls = class$("com.ibm.ws.ssl.core.WSPKCSInKeyStore");
            class$com$ibm$ws$ssl$core$WSPKCSInKeyStore = cls;
        } else {
            cls = class$com$ibm$ws$ssl$core$WSPKCSInKeyStore;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.resources.ssl");
        LINE_SEPARATOR = System.getProperty("line.separator");
        hwProvider = null;
        pkcsType = "PKCS11IMPLKS";
        pkcsProvider = "IBMPKCS11Impl";
    }
}
