package com.buildforge.services.common.ssl.provider;

import com.buildforge.services.client.ssl.config.ClientFIPSController;
import com.buildforge.services.common.dbo.MessageDBO;
import com.buildforge.services.common.dbo.SSLDBO;
import com.buildforge.services.common.security.PasswordManager;
import com.buildforge.services.common.util.Memoizer;
import com.buildforge.services.server.ssl.config.ServerFIPSController;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;

/* loaded from: input_file:lib/com.ibm.rational.buildforge.services.client.java_7.1.3.4110010.jar:com/buildforge/services/common/ssl/provider/JSSEProviderFactory.class */
public class JSSEProviderFactory {
    private static final Logger log = Logger.getLogger(JSSEProviderFactory.class.getName());
    private static final String IBMCMS_PROVIDER_NAME = "IBMCMSProvider";
    private static final String IBMJCEFIPS_PROVIDER_NAME = "IBMJCEFIPS";
    private static final String IBMJSSE2_PROVIDER_NAME = "IBMJSSE2";
    private static final String SUN_PROVIDER_NAME = "SUN";
    private static final String SUNJSSE_PROVIDER_NAME = "SunJSSE";
    private static final String DEFAULT_PROVIDER_NAME = "IBMJSSE2";
    private static final String IBMCMS_PROVIDER_CLASS = "com.ibm.security.cmskeystore.CMSProvider";
    private static final String IBMJCEFIPS_PROVIDER_CLASS = "com.ibm.crypto.fips.provider.IBMJCEFIPS";
    private static final String IBMJSSE2_PROVIDER_CLASS = "com.ibm.jsse2.IBMJSSEProvider2";
    private static final String SUNJSSE_PROVIDER_CLASS = "com.sun.net.ssl.internal.ssl.Provider";
    private static final String SECURITY_PROPERTY_SSL_TRUST_MANAGER_FACTORY = "ssl.TrustManagerFactory.algorithm";
    private static final String SECURITY_PROPERTY_SSL_KEY_MANAGER_FACTORY = "ssl.KeyManagerFactory.algorithm";
    private static final String SECURITY_PROPERTY_SSL_SERVER_SOCKET_FACTORY = "ssl.ServerSocketFactory.provider";
    private static final String SECURITY_PROPERTY_SSL_SOCKET_FACTORY = "ssl.SocketFactory.provider";
    private static final String SYSTEM_PROPERTY_IBMJSSE2_FIPS = "com.ibm.jsse2.JSSEFIPS";
    private static final List<String> FIPS_JCE_PROVIDERS;
    private static boolean fipsInitialized;
    private static final AtomicReference<String> DEFAULT_CONTEXT_PROVIDER_NAME;
    private static final Memoizer<String, JSSEProvider> PROVIDERS;

    public static JSSEProvider getInstance() {
        return getInstance(null);
    }

    public static JSSEProvider getInstance(String str) {
        if (str == null) {
            str = getDefaultContextProvider();
        }
        if (isFipsEnabled()) {
            str = "IBMJSSE2";
        }
        try {
            return PROVIDERS.get(str);
        } catch (Exception e) {
            log.log(Level.SEVERE, "Unable to initialize JSSE provider [" + str + ']', (Throwable) e);
            return null;
        }
    }

    static JSSEProvider getProvider(String str) throws Exception {
        initializeRequestedProvider(str);
        initializeIBMCMSProvider();
        log.fine("Tring to find a suitable provider for [" + str + ']');
        boolean z = true;
        JSSEProvider jSSEProvider = null;
        Provider[] providers = Security.getProviders();
        int length = providers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Provider provider = providers[i];
            if (log.isLoggable(Level.FINER)) {
                log.finer("  Provider: " + provider.getName());
            }
            if (provider.getName().equalsIgnoreCase(str)) {
                if (!str.equalsIgnoreCase("IBMJSSE2") || !validateProvider("IBMJSSE2")) {
                    if (str.equalsIgnoreCase(SUNJSSE_PROVIDER_NAME) && validateProvider(SUNJSSE_PROVIDER_NAME)) {
                        log.finest("    -> SUNJSSE");
                        jSSEProvider = new SunJSSEProvider();
                        z = false;
                        break;
                    }
                } else {
                    log.finest("    -> IBMJSSE2");
                    jSSEProvider = new IBMJSSE2Provider();
                    break;
                }
            }
            i++;
        }
        if (jSSEProvider == null) {
            jSSEProvider = new IBMJSSE2Provider();
        } else if (!z && log.isLoggable(Level.WARNING) && isFipsEnabled()) {
            log.warning(new MessageDBO(MessageDBO.Severity.WARNING, "SSLProviderNotFIPSCompliant", new String[0]).translate());
        }
        return jSSEProvider;
    }

    private static void initializeRequestedProvider(String str) {
        if (Security.getProvider(str) == null) {
            try {
                Security.addProvider((Provider) Class.forName((!str.equalsIgnoreCase(SUNJSSE_PROVIDER_NAME) || isFipsEnabled()) ? IBMJSSE2_PROVIDER_CLASS : SUNJSSE_PROVIDER_CLASS).newInstance());
            } catch (Exception e) {
                if (log.isLoggable(Level.WARNING)) {
                    log.warning(new MessageDBO(MessageDBO.Severity.WARNING, "SSLProviderLoadFailed", str).translate());
                }
            }
        }
    }

    private static boolean validateProvider(String str) {
        try {
            SSLContext.getInstance(isFipsEnabled() ? "TLS" : SSLDBO.TYPE_KEY, str);
            return true;
        } catch (Exception e) {
            log.log(Level.FINE, "Error validating provider: " + str, (Throwable) e);
            return false;
        }
    }

    public static String getDefaultSSLSocketFactory() {
        return Security.getProperty(SECURITY_PROPERTY_SSL_SOCKET_FACTORY);
    }

    public static String getDefaultSSLServerSocketFactory() {
        return Security.getProperty(SECURITY_PROPERTY_SSL_SERVER_SOCKET_FACTORY);
    }

    public static String getKeyManagerFactoryAlgorithm() {
        return Security.getProperty(SECURITY_PROPERTY_SSL_KEY_MANAGER_FACTORY);
    }

    public static String getTrustManagerFactoryAlgorithm() {
        return Security.getProperty(SECURITY_PROPERTY_SSL_TRUST_MANAGER_FACTORY);
    }

    public static boolean isFipsEnabled() {
        try {
            return PasswordManager.isServer() ? ServerFIPSController.getInstance().isFIPSEnabled() : ClientFIPSController.getInstance().isFIPSEnabled();
        } catch (SSLException e) {
            return false;
        }
    }

    private static void initializeIBMCMSProvider() {
        if (Security.getProvider(IBMCMS_PROVIDER_NAME) != null) {
            return;
        }
        try {
            Security.addProvider((Provider) Class.forName(IBMCMS_PROVIDER_CLASS).newInstance());
        } catch (Exception e) {
            if (log.isLoggable(Level.WARNING)) {
                log.warning(new MessageDBO(MessageDBO.Severity.WARNING, "SSLProviderLoadFailed", IBMCMS_PROVIDER_CLASS).translate());
            }
        }
    }

    public static synchronized void initializeFips() throws SSLException {
        if (fipsInitialized) {
            return;
        }
        log.fine("Initializing FIPS");
        Provider provider = null;
        Provider provider2 = null;
        try {
            boolean isLoggable = log.isLoggable(Level.FINE);
            Provider[] providers = Security.getProviders();
            log.fine("Searching for IBMJCEFIPS security provider");
            for (int i = 0; i < providers.length; i++) {
                Provider provider3 = providers[i];
                if (isLoggable) {
                    log.fine("  Provider[" + i + "]: " + provider3.getName());
                }
                if (provider3.getName().equals(IBMJCEFIPS_PROVIDER_NAME)) {
                    log.finer("    -> IBMJCEFIPS");
                    provider2 = provider3;
                } else if (provider3.getName().equals(SUN_PROVIDER_NAME)) {
                    log.finer("    -> SUN");
                    provider = provider3;
                }
            }
            if (provider2 == null) {
                provider2 = (Provider) Class.forName(IBMJCEFIPS_PROVIDER_CLASS).newInstance();
            } else {
                Security.removeProvider(provider2.getName());
            }
            Security.insertProviderAt(provider2, 1);
            if (provider != null) {
                Security.removeProvider(provider.getName());
                Security.insertProviderAt(provider, 1);
            }
            if (log.isLoggable(Level.FINER)) {
                log.finer("Reordered providers:");
                Provider[] providers2 = Security.getProviders();
                for (int i2 = 0; i2 < providers2.length; i2++) {
                    log.finer("  Provider[" + i2 + "]: " + providers2[i2].getName() + ", info: " + providers2[i2].getInfo());
                }
            }
            System.setProperty(SYSTEM_PROPERTY_IBMJSSE2_FIPS, "true");
            DEFAULT_CONTEXT_PROVIDER_NAME.set("IBMJSSE2");
            fipsInitialized = true;
        } catch (Exception e) {
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "SSLJCEFIPSProviderFailed", new String[0]).translate(), (Throwable) e);
            }
            throw new SSLException(e);
        }
    }

    public static List<String> fipsJCEProviders() {
        return isFipsEnabled() ? FIPS_JCE_PROVIDERS : Collections.emptyList();
    }

    private static String getDefaultContextProvider() {
        String str = DEFAULT_CONTEXT_PROVIDER_NAME.get();
        if (str != null) {
            return str;
        }
        log.fine("Choosing default context provider ...");
        Provider[] providers = Security.getProviders();
        int length = providers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Provider provider = providers[i];
            if (log.isLoggable(Level.FINE)) {
                log.fine("  Provider: " + provider.getName());
            }
            if (provider.getName().equalsIgnoreCase("IBMJSSE2")) {
                str = "IBMJSSE2";
                log.finer("    -> IBMJSSE2");
                break;
            }
            if (provider.getName().equalsIgnoreCase(SUNJSSE_PROVIDER_NAME)) {
                str = SUNJSSE_PROVIDER_NAME;
                log.finer("    -> SUNJSSE");
                break;
            }
            i++;
        }
        if (str == null) {
            log.fine("Using default provider");
            str = "IBMJSSE2";
        }
        DEFAULT_CONTEXT_PROVIDER_NAME.compareAndSet(null, str);
        return str;
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(IBMJCEFIPS_PROVIDER_NAME);
        FIPS_JCE_PROVIDERS = Collections.unmodifiableList(arrayList);
        fipsInitialized = false;
        DEFAULT_CONTEXT_PROVIDER_NAME = new AtomicReference<>();
        PROVIDERS = new Memoizer<String, JSSEProvider>() { // from class: com.buildforge.services.common.ssl.provider.JSSEProviderFactory.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.buildforge.services.common.util.Memoizer
            public JSSEProvider compute(String str) throws Exception {
                return JSSEProviderFactory.getProvider(str);
            }
        };
    }
}
