package com.ibm.ws.ssl.core;

import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.MBeanFactory;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.models.config.serverindex.DistinguishedEndpointConstants;
import com.ibm.websphere.models.config.serverindex.ServerTypeConstants;
import com.ibm.ws.crypto.config.KeySetGroupManager;
import com.ibm.ws.exception.ConfigurationError;
import com.ibm.ws.exception.ConfigurationWarning;
import com.ibm.ws.exception.RuntimeError;
import com.ibm.ws.exception.RuntimeWarning;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.AdminHelper;
import com.ibm.ws.management.collaborator.DefaultRuntimeCollaborator;
import com.ibm.ws.management.service.Admin;
import com.ibm.ws.management.service.ConfigChangeListener;
import com.ibm.ws.profile.WSProfileConstants;
import com.ibm.ws.runtime.component.ComponentImpl;
import com.ibm.ws.runtime.service.ConfigRoot;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.runtime.service.Repository;
import com.ibm.ws.runtime.service.VariableMap;
import com.ibm.ws.runtime.util.StreamHandlerUtils;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.AuthMechanismConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.sm.validation.CompositeValidator;
import com.ibm.ws.ssl.config.FIPSManager;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.service.SSLService;
import com.ibm.ws.ssl.service.SSLServiceEvent;
import com.ibm.ws.ssl.service.SSLServiceListener;
import com.ibm.ws.ssl.utils.CertificateExpirationMonitor;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.runtime.config.ConfigObject;
import com.ibm.wsspi.runtime.config.ConfigScope;
import com.ibm.wsspi.runtime.config.ConfigService;
import com.ibm.wsspi.runtime.service.WsServiceRegistry;
import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.eclipse.jst.j2ee.internal.web.operations.CreateServletTemplateModel;
import org.eclipse.wst.common.internal.emf.utilities.EtoolsCopyUtility;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/core/SSLComponentImpl.class */
public class SSLComponentImpl extends ComponentImpl implements SSLService {
    private ConfigChangeListener configListener = null;
    private EndPointMgr endPointMgr = null;
    private ArrayList listeners = new ArrayList(32);
    private boolean expandedVariables = false;
    private Properties topLevelProps = null;
    private int componentState = 2;
    private Repository repository = null;
    private ConfigRoot cfgRoot = null;
    private static final TraceComponent tc = Tr.register((Class<?>) SSLComponentImpl.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static HashMap configProps = new HashMap();
    private static SSLConfigManager sslConfigManager = SSLConfigManager.getInstance();
    private static KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
    private static KeySetGroupManager keySetGroupManager = KeySetGroupManager.getInstance();
    private static FIPSManager fipsManager = FIPSManager.getInstance();
    private static ManagementScopeManager scopeManager = null;
    private static VariableMap vMap = null;
    private static boolean isServerProcess = false;

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void initialize(Object obj) throws ConfigurationWarning, ConfigurationError {
        AuthMechanismConfig authMechanism;
        Tr.info(tc, "ssl.init.startinit.CWPKI0001I");
        isServerProcess = true;
        try {
            this.repository = getRepositoryService();
            this.cfgRoot = getConfigRoot();
            addService(SSLService.class);
            vMap = (VariableMap) getService(VariableMap.class);
            scopeManager = ManagementScopeManager.getInstance();
            SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
            SecurityConfigObject object = securityConfigManager.getObject("security");
            sslConfigManager.initializeServerSSL(object, false);
            securityConfigManager.getDomain();
            keySetGroupManager.initializeKeySetGroups(object, false);
            SecurityConfigObject keyStore = KeyStoreManager.getKeyStore(KeyStoreManager.getDefaultKeyStoreName(Constants.RSA_TOKEN_KEY_STORE), null);
            if (keyStore != null) {
                String unexpandedString = keyStore.getUnexpandedString("location");
                Boolean bool = keyStore.getBoolean("fileBased");
                if (unexpandedString != null && bool != null && bool.booleanValue() && !new File(KeyStoreManager.getInstance().expand(unexpandedString)).exists() && (authMechanism = SecurityObjectLocator.getSecurityConfig().getAuthMechanism(AuthMechanismConfig.TYPE_RSATOKEN)) != null) {
                    authMechanism.initializeRSAProperties();
                }
            }
            new SSLDiagnosticModule().registerWithFFDCService();
            if (ManagementScopeManager.getInstance().getProcessType().equals("DeploymentManager")) {
                WSKeyStoreRemotable.setConnectorMap(getNodeAdminProps());
            }
            if ((!PlatformHelperFactory.getPlatformHelper().isZOS() || (PlatformHelperFactory.getPlatformHelper().isZOS() && PlatformHelperFactory.getPlatformHelper().isControlJvm())) && (ManagementScopeManager.getInstance().getProcessType().equals("DeploymentManager") || ((ManagementScopeManager.getInstance().getProcessType().equals("UnManagedProcess") && !AdminHelper.getInstance().isCellRegistered()) || ManagementScopeManager.getInstance().getProcessType().equals("JobManager") || ManagementScopeManager.getInstance().getProcessType().equals("AdminAgent")))) {
                CertificateExpirationMonitor.getInstance(object.getObject("wsCertificateExpirationMonitor"));
            }
            Tr.info(tc, "ssl.init.startcomplete.CWPKI0002I");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.initialize", "200", this);
            Tr.audit(tc, "ssl.init.svcstartfail.CWPKI0007I");
            if (e instanceof ConfigurationError) {
                throw ((ConfigurationError) e);
            }
            if (!(e instanceof ConfigurationWarning)) {
                throw new ConfigurationError(e);
            }
            throw ((ConfigurationWarning) e);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void destroy() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, CreateServletTemplateModel.DESTROY);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, CreateServletTemplateModel.DESTROY);
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void start() throws RuntimeError, RuntimeWarning {
        Tr.info(tc, "ssl.init.svcstart.CWPKI0003I");
        try {
            registerListenerWithAdminService();
            initializeSSLMBean();
            fireStartedEvent();
            Tr.info(tc, "ssl.init.svcstartcomplete.CWPKI0004I");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.start", "243", this);
            Tr.error(tc, "ssl.init.error.CWPKI0008E", new Object[]{e});
            Tr.audit(tc, "ssl.init.svcstartfail.CWPKI0007I");
            throw new RuntimeError(e);
        }
    }

    private void registerListenerWithAdminService() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerListenerWithAdminService");
        }
        Admin admin = null;
        try {
            try {
                admin = (Admin) getService(Admin.class);
                if (admin != null) {
                    this.configListener = new SSLConfigChangeListener(this);
                    admin.addConfigChangeListener(this.configListener);
                }
                if (admin != null) {
                    releaseService(admin);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.core.ServerSecurityComponentImpl.registerListenerWithAdminService", "271", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "attempt to register ConfigChangeListener failed", e);
                }
                if (admin != null) {
                    releaseService(admin);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "registerListenerWithAdminService");
            }
        } catch (Throwable th) {
            if (admin != null) {
                releaseService(admin);
            }
            throw th;
        }
    }

    @Override // com.ibm.ws.runtime.component.ComponentImpl, com.ibm.wsspi.runtime.component.WsComponentImpl, com.ibm.wsspi.runtime.component.WsComponent
    public void stop() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stop");
        }
        fireStoppedEvent();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stop");
        }
    }

    protected Security loadSecurityXMLFromConfig() throws ConfigurationWarning, ConfigurationError {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadSecurityXMLFromConfig");
        }
        try {
            try {
                Security security = (Security) new EtoolsCopyUtility().copy((Security) this.cfgRoot.getResource(0, "security.xml").getContents().get(0));
                if (security == null) {
                    Tr.error(tc, "ssl.init.nullsecobject.CWPKI0009E");
                    throw new ConfigurationError("Cannot get WCCM Security object.  security.xml might be corrupt or missing.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "loadSecurityXMLFromConfig");
                }
                return security;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.initialize", "310", this);
                Tr.error(tc, "ssl.loadresource.error.CWPKI0011E", new Object[]{"security.xml", e});
                throw new ConfigurationError(e);
            }
        } catch (ConfigurationError e2) {
            throw e2;
        }
    }

    void initializeSSLMBean() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSSLMBean");
        }
        try {
            SSLAdmin sSLAdmin = new SSLAdmin();
            MBeanFactory mBeanFactory = AdminServiceFactory.getMBeanFactory();
            mBeanFactory.activateMBean("SSLAdmin", new DefaultRuntimeCollaborator(sSLAdmin, "SSLAdmin"), mBeanFactory.getConfigId("SSLAdmin"), "com/ibm/ws/management/descriptor/xml/SSLAdmin.xml");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeSSLMBean");
            }
        } catch (Exception e) {
            Tr.error(tc, "ssl.init.mbeanerror.CWPKI0006E", new Object[]{"SSLAdmin", e});
            throw e;
        }
    }

    public void addListener(SSLServiceListener sSLServiceListener) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addListener", sSLServiceListener);
        }
        synchronized (this.listeners) {
            if (!this.listeners.contains(sSLServiceListener)) {
                this.listeners.add(sSLServiceListener);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addListener");
        }
    }

    public void removeListener(SSLServiceListener sSLServiceListener) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeListener", sSLServiceListener);
        }
        synchronized (this.listeners) {
            this.listeners.remove(sSLServiceListener);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeListener");
        }
    }

    private void fireStartedEvent() {
        List list;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fireStartedEvent");
        }
        synchronized (this.listeners) {
            list = (List) this.listeners.clone();
        }
        if (list != null) {
            int size = list.size();
            SSLServiceEvent sSLServiceEvent = new SSLServiceEvent(1);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list size = " + size);
            }
            for (int i = 0; i < size; i++) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("Invoking stateChanged(), Listener.hashCode() = ");
                    stringBuffer.append(list.get(i).hashCode());
                    stringBuffer.append("Listener.toString()");
                    stringBuffer.append(list.get(i).toString());
                    Tr.debug(tc, stringBuffer.toString());
                }
                try {
                    ((SSLServiceListener) list.get(i)).stateChanged(sSLServiceEvent);
                } catch (Exception e) {
                    Tr.error(tc, "ssl.init.error.CWPKI0008E", new Object[]{e});
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.fireStartedEvent", "436", this);
                }
            }
        }
        this.componentState = 1;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fireStartedEvent");
        }
    }

    private void fireStoppedEvent() {
        List list;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fireStoppedEvent");
        }
        synchronized (this.listeners) {
            list = (List) this.listeners.clone();
        }
        if (list != null) {
            int size = list.size();
            SSLServiceEvent sSLServiceEvent = new SSLServiceEvent(2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "list size = " + size);
            }
            for (int i = 0; i < size; i++) {
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("Invoking stateChanged(), Listener.hashCode() = ");
                    stringBuffer.append(list.get(i).hashCode());
                    stringBuffer.append("Listener.toString()");
                    stringBuffer.append(list.get(i).toString());
                    Tr.debug(tc, stringBuffer.toString());
                }
                try {
                    ((SSLServiceListener) list.get(i)).stateChanged(sSLServiceEvent);
                } catch (Exception e) {
                    Tr.error(tc, "ssl.stop.error.CWPKI0015E", new Object[]{e});
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.fireStoppedEvent", "6/24/08", this);
                }
            }
        }
        this.componentState = 2;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fireStoppedEvent");
        }
    }

    @Override // com.ibm.ws.ssl.service.SSLService
    public Properties getSecureSocketLayer(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecureSocketLayer", str);
        }
        if (str == null || str.equals("")) {
            throw new IllegalArgumentException("Alias is null or empty string.");
        }
        SSLConfig sSLConfig = sslConfigManager.getSSLConfig(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecureSocketLayer");
        }
        return sSLConfig;
    }

    public ConfigRoot getConfigRoot() {
        try {
            this.cfgRoot = this.repository.getConfigRoot();
            return this.cfgRoot;
        } catch (Exception e) {
            return null;
        }
    }

    public Repository getRepositoryService() {
        try {
            return (Repository) getService(Repository.class);
        } catch (Exception e) {
            return null;
        }
    }

    public void releaseRepositoryService(Repository repository) {
        if (repository != null) {
            releaseService(repository);
        }
    }

    private void expandVariables() {
        String property;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expandVariables");
        }
        VariableMap variableMap = (VariableMap) getService(VariableMap.class);
        try {
            property = variableMap.expand(SecConstants.WAS_INSTALL_ROOT);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_INSTALL_ROOT}");
            }
            property = System.getProperty("was.install.root");
        }
        try {
            variableMap.expand(SecConstants.USER_INSTALL_ROOT);
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${USER_INSTALL_ROOT}");
            }
            System.getProperty(CompositeValidator.USER_INSTALL_ROOT_PROPERTY, System.getProperty("was.install.root"));
        }
        try {
            variableMap.expand(SecConstants.WAS_TEMP_DIR);
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_TEMP_DIR}");
            }
            String str = property + File.separator + "tmp";
        }
        try {
            variableMap.expand(SecConstants.WAS_PROPS_DIR);
        } catch (Exception e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_PROPS_DIR}");
            }
            String str2 = property + File.separator + "properties";
        }
        try {
            variableMap.expand(SecConstants.APP_INSTALL_ROOT);
        } catch (Exception e5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${APP_INSTALL_ROOT}");
            }
            String str3 = property + File.separator + "installedApps";
        }
        try {
            variableMap.expand(SecConstants.WAS_ETC_DIR);
        } catch (Exception e6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cannot expand ${WAS_ETC_DIR}");
            }
            String str4 = property + File.separator + "etc";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expandVariables");
        }
    }

    public static Properties getProperties(List list) {
        Properties properties = new Properties();
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                Property property = (Property) list.get(i);
                properties.put(property.getName(), property.getValue());
            }
        }
        return properties;
    }

    public static String expand(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expand <- " + str);
        }
        String expand = vMap.expand(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expand -> " + expand);
        }
        return expand;
    }

    public static boolean isServerProcess() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AdminData.IS_SERVER_PROCESS);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isServerProcess -> " + isServerProcess);
        }
        return isServerProcess;
    }

    public static String dumpConfigForFFDC() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(sslConfigManager.toString());
        stringBuffer.append(scopeManager.toString());
        return stringBuffer.toString();
    }

    public static Boolean queryProvider(String str) {
        return new Boolean(StreamHandlerUtils.queryProvider(str));
    }

    public static void addProvider(String str, String str2) {
        try {
            StreamHandlerUtils.addProvider(str, str2);
        } catch (Throwable th) {
        }
    }

    public static Boolean queryHandler() {
        return new Boolean(StreamHandlerUtils.queryHandler());
    }

    public static void createStreamHandler() {
        try {
            StreamHandlerUtils.createStreamHandler();
        } catch (Throwable th) {
        }
    }

    private static Map getNodeAdminProps() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNodeAdminProps");
        }
        HashMap hashMap = new HashMap();
        String cellName = ManagementScopeManager.getInstance().getCellName();
        try {
            ConfigService configService = (ConfigService) WsServiceRegistry.getService(SSLComponentImpl.class, ConfigService.class);
            String[] list = configService.createScope(0).list("nodes");
            if (list != null) {
                for (int i = 0; i < list.length; i++) {
                    String str = list[i];
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Node name: " + str);
                    }
                    ConfigScope createScope = configService.createScope(3);
                    createScope.set(3, list[i]);
                    List objectList = ((ConfigObject) configService.getDocumentObjects(createScope, "serverindex.xml").get(0)).getObjectList("serverEntries");
                    for (int i2 = 0; i2 < objectList.size(); i2++) {
                        Properties properties = null;
                        ConfigObject configObject = (ConfigObject) objectList.get(i2);
                        String str2 = null;
                        if (configObject != null) {
                            properties = new Properties();
                            properties.setProperty("queryString", "WebSphere:type=SSLAdmin,cell=" + cellName + ",node=" + str + ",*");
                            if (configObject.getString(WSProfileConstants.S_SERVER_TYPE_ARG, null).equals(ServerTypeConstants.NODE_AGENT)) {
                                ConfigObject configObject2 = null;
                                ConfigObject configObject3 = null;
                                List objectList2 = configObject.getObjectList("specialEndpoints");
                                for (int i3 = 0; i3 < objectList2.size(); i3++) {
                                    ConfigObject configObject4 = (ConfigObject) objectList2.get(i3);
                                    if (configObject4.getString("endPointName", null).equals("SOAP_CONNECTOR_ADDRESS")) {
                                        configObject2 = configObject4.getObject("endPoint");
                                    }
                                    if (configObject4.getString("endPointName", null).equals(DistinguishedEndpointConstants.BOOTSTRAP_ADDRESS)) {
                                        configObject3 = configObject4.getObject("endPoint");
                                        if (configObject3 != null) {
                                            String num = new Integer(configObject3.getInt("port", 0)).toString();
                                            str2 = configObject3.getString("host", null);
                                            properties.setProperty("java.naming.provider.url", "corbaloc:iiop:" + str2 + ":" + num + "/WsnAdminNameService");
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "PROVIDER_URL: corbaloc:iiop:" + str2 + ":" + num);
                                            }
                                        }
                                    }
                                }
                                if (configObject2 != null) {
                                    if (str2 == null) {
                                        str2 = configObject2.getString("host", null);
                                    }
                                    properties.setProperty("SOAP HOST|PORT", configObject2.getString("host", null) + "|" + new Integer(configObject2.getInt("port", 0)).toString());
                                }
                                if (configObject3 != null) {
                                    if (str2 == null) {
                                        str2 = configObject3.getString("host", null);
                                    }
                                    properties.setProperty("RMI HOST|PORT", configObject3.getString("host", null) + "|" + new Integer(configObject3.getInt("port", 0)).toString());
                                }
                            }
                        }
                        if (properties != null && str2 != null) {
                            hashMap.put(str2.toLowerCase(), properties);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Set connector props for hostname \"" + str2.toLowerCase() + "\" with prop values: " + properties.toString());
                            }
                        }
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.core.SSLComponentImpl.getNodeAdminProps", "799");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred getting Connector props for Node.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNodeAdminProps");
        }
        return hashMap;
    }
}
