package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminConstants;
import com.ibm.websphere.models.config.ipc.ssl.KeyManager;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.ipc.ssl.SSLSecurityLevel;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.ipc.ssl.TrustManager;
import com.ibm.websphere.models.config.orb.securityprotocol.SecurityprotocolPackage;
import com.ibm.websphere.models.config.properties.DescriptiveProperty;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfigChangeEvent;
import com.ibm.websphere.ssl.SSLConfigChangeListener;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.CSIv2ConfigData;
import com.ibm.ws.security.config.CSIv2QOPConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityConfigObjectList;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.ws.ssl.provider.AbstractJSSEProvider;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws.workspace.query.WorkSpaceQueryUtil;
import java.io.File;
import java.io.FileNotFoundException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.eclipse.emf.common.util.EList;
import org.eclipse.wst.common.frameworks.internal.plugin.WTPCommonMessages;
import org.python.apache.commons.compress.archivers.tar.TarConstants;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/ssl/config/SSLConfigManager.class */
public class SSLConfigManager {
    private boolean isServerProcess = false;
    private boolean clientSSLInitializedOnce = false;
    private boolean setSecurityPropsOnce = false;
    private KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
    private Properties globalConfigProperties = new Properties();
    private HashMap sslConfigMap = new HashMap();
    private ArrayList keyManagerArrayList = new ArrayList();
    private ArrayList trustManagerArrayList = new ArrayList();
    private HashMap sslConfigDynamicSelectionMap = new HashMap();
    private TreeSet sslConfigDynamicSelectionCacheMissTreeSet = new TreeSet(new DynamicSSLCacheMissComparator());
    private HashMap sslConfigDynamicLookupCache = new HashMap();
    private HashSet clientFilesAlreadyProcessed = new HashSet();
    private HashMap sslConfigListenerMap = new HashMap();
    private HashMap sslConfigListenerEventMap = new HashMap();
    protected int disableCacheMiss = DISABLE_CACHE_MISS_PROP_NEVER_LOOKED_UP;
    private static final TraceComponent tc = Tr.register((Class<?>) SSLConfigManager.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static SSLConfigManager thisClass = null;
    protected static int DISABLE_CACHE_MISS_PROP_NEVER_LOOKED_UP = 0;
    private static int CACHE_MISS_DISABLED = -1;
    private static int CACHE_MISS_ENABLED = 1;
    private static String[][] SystemSSLCiphers = {new String[]{WTPCommonMessages.ERR_INVALID_CHARS, "TLS_RSA_WITH_AES_256_CBC_SHA"}, new String[]{WTPCommonMessages.DUPLICATE_COMPONENT_NAME, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, new String[]{WTPCommonMessages.MODULE_NOT_SUPPORTED, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, new String[]{WTPCommonMessages.MODULE_EXISTS_ERROR, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, new String[]{WTPCommonMessages.SOURCEFOLDER_EMPTY, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, new String[]{"68", "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, new String[]{"69", "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, new String[]{"6A", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, new String[]{"6B", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, new String[]{"2F", "TLS_RSA_WITH_AES_128_CBC_SHA"}, new String[]{"3C", "TLS_RSA_WITH_AES_128_CBC_SHA256"}, new String[]{"30", "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, new String[]{WTPCommonMessages.PROJECT_ClOSED, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, new String[]{WTPCommonMessages.PROJECT_EXISTS_AT_LOCATION_ERROR, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, new String[]{"33", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, new String[]{"3E", "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, new String[]{"3F", "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, new String[]{WTPCommonMessages.WEBCONTENTFOLDER_EMPTY, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, new String[]{"67", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, new String[]{"9E", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"}, new String[]{"9F", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"}, new String[]{"A0", "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"}, new String[]{"A1", "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"}, new String[]{"A2", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"}, new String[]{"A3", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"}, new String[]{"A4", "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"}, new String[]{"A5", "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"}, new String[]{"0A", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"16", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"13", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, new String[]{WTPCommonMessages.DESTINATION_INVALID, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, new String[]{"0D", "TLS_HD_DSS_WITH_3DES_EDE_CBC_SHA"}, new String[]{"09", "TLS_RSA_WITH_DES_CBC_SHA"}, new String[]{WTPCommonMessages.PROJECT_NAME_EMPTY, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, new String[]{WTPCommonMessages.RESOURCE_EXISTS_ERROR, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, new String[]{"0F", "TLS_DH_RSA_WITH_DES_CBC_SHA"}, new String[]{"0C", "TLS_DH_DSS_WITH_DES_CBC_SHA"}, new String[]{"02", "TLS_RSA_WITH_NULL_SHA"}, new String[]{"3B", "TLS_RSA_WITH_NULL_SHA256"}, new String[]{TarConstants.VERSION_POSIX, "TLS_NULL_WITH_NULL_NULL"}};
    private static String JAVA_TLS_DISABLE_ALGORITHMS = "jdk.tls.disabledAlgorithms";
    private static String JAVA_CERTPATH_DISABLE_ALGORITHMS = "jdk.certpath.disabledAlgorithms";

    private SSLConfigManager() {
        JSSEProviderFactory.getInstance();
    }

    public static SSLConfigManager getInstance() {
        if (thisClass == null) {
            thisClass = new SSLConfigManager();
        }
        return thisClass;
    }

    public synchronized void initializeServerSSL(SecurityConfigObject securityConfigObject, boolean z) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeServerSSL");
        }
        if (securityConfigObject == null) {
            throw new SSLException(TraceNLSHelper.getInstance().getString("ssl.security.object.error.CWPKI0316E", "Cannot get security object from the configuration. This may indicate that the security.xml file for the cell is corrupt. Please validate the integrity of the security.xml file."));
        }
        if (z) {
            try {
                AbstractJSSEProvider.clearSSLContextCache();
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.initializeServerSSL", "312", this);
                throw new SSLException(e);
            }
        }
        this.isServerProcess = true;
        loadGlobalProperties(securityConfigObject);
        if (!this.setSecurityPropsOnce) {
            setSecurityProperties();
        }
        FIPSManager.getInstance().initializeFIPS();
        KeyStoreManager.getInstance().loadKeyStores(securityConfigObject);
        loadKeyManagers(securityConfigObject);
        loadTrustManagers(securityConfigObject);
        String[] strArr = null;
        HashSet hashSet = null;
        if (z) {
            hashSet = new HashSet();
            strArr = (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
        }
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList(CommandConstants.REPERTOIRE);
        for (int i = 0; i < objectList.size(); i++) {
            SecurityConfigObject securityConfigObject2 = objectList.get(i);
            if (securityConfigObject2 != null) {
                String string = securityConfigObject2.getString("alias");
                SSLConfig parseSSLConfig = parseSSLConfig(securityConfigObject2, z);
                if (parseSSLConfig != null && parseSSLConfig.requiredPropertiesArePresent()) {
                    parseSSLConfig.setProperty("com.ibm.ssl.alias", string);
                    parseSSLConfig.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, WorkSpaceQueryUtil.SECURITY_URI);
                    parseSSLConfig.decodePasswords();
                    if (z) {
                        hashSet.add(string);
                        SSLConfig sSLConfig = (SSLConfig) this.sslConfigMap.get(string);
                        if (sSLConfig == null) {
                            addSSLConfigToMap(string, parseSSLConfig, z);
                        } else if (!sSLConfig.equals(parseSSLConfig)) {
                            removeSSLConfigFromMap(string, sSLConfig);
                            addSSLConfigToMap(string, parseSSLConfig, z);
                            notifySSLConfigChangeListener(string, Constants.CONFIG_STATE_CHANGED);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "New SSL config equals old SSL config for alias: " + string);
                        }
                    } else {
                        addSSLConfigToMap(string, parseSSLConfig);
                    }
                }
            }
        }
        if (z) {
            for (String str : strArr) {
                SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigMap.get(str);
                String property = sSLConfig2.getProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM);
                if (sSLConfig2 != null && !hashSet.contains(str) && (property == null || property.equals(WorkSpaceQueryUtil.SECURITY_URI))) {
                    removeSSLConfigFromMap(str, sSLConfig2);
                    notifySSLConfigChangeListener(str, Constants.CONFIG_STATE_DELETED);
                }
            }
        }
        getDefaultSystemProperties(z);
        loadDynamicSSLSelectionInfo(securityConfigObject);
        ManagementScopeManager.getInstance().loadSSLConfigGroups(securityConfigObject, z);
        checkURLHostNameVerificationProperty(z);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Total Number of SSLConfigs: " + this.sslConfigMap.size());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeServerSSL");
        }
    }

    public void initializeClientSSL() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeClientSSL");
        }
        try {
            if (!isServerProcess() && !this.clientSSLInitializedOnce) {
                String property = System.getProperty(CSIv2Config.SAS_CONFIG_URL_PROP);
                if (property != null) {
                    parseConfigURL("IIOP", property, false);
                }
                String property2 = System.getProperty(AdminClient.CONNECTOR_SOAP_CONFIG);
                if (property2 != null) {
                    parseConfigURL("ADMIN_SOAP", property2, false);
                }
                parseSSLConfigURL(System.getProperty("com.ibm.SSL.ConfigURL"), false);
                if (!this.setSecurityPropsOnce) {
                    setSecurityProperties();
                }
                FIPSManager.getInstance().initializeFIPS();
                getDefaultSystemProperties(false);
                checkURLHostNameVerificationProperty(false);
                this.clientSSLInitializedOnce = true;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing SSL properties from ConfigURL.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.reinitializeClientSSL", "%c%", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeClientSSL");
        }
    }

    public void reinitializeClientSSL() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "reinitializeClientSSL");
        }
        try {
            if (!isServerProcess()) {
                AbstractJSSEProvider.clearSSLContextCache();
                FIPSManager.getInstance().initializeFIPS();
                String property = System.getProperty(CSIv2Config.SAS_CONFIG_URL_PROP);
                if (property != null) {
                    parseConfigURL("IIOP", property, true);
                }
                String property2 = System.getProperty(AdminClient.CONNECTOR_SOAP_CONFIG);
                if (property2 != null) {
                    parseConfigURL("ADMIN_SOAP", property2, true);
                }
                parseSSLConfigURL(System.getProperty("com.ibm.SSL.ConfigURL"), true);
                getDefaultSystemProperties(true);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception reinitializing SSL properties from ConfigURL.", new Object[]{e});
            }
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.reinitializeClientSSL", "410", this);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "reinitializeClientSSL");
        }
    }

    public void loadTrustManagers(SecurityConfigObject securityConfigObject) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadTrustManagers");
        }
        this.trustManagerArrayList.clear();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList(CommandConstants.TRUST_MANAGERS);
        if (objectList != null) {
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                SecurityConfigObject object = securityConfigObject2.getObject(CommandConstants.MANAGEMENT_SCOPE);
                String string = object != null ? object.getString(CommandConstants.SCOPE_NAME) : ManagementScopeManager.getInstance().getCellScopeName();
                if (ManagementScopeManager.getInstance().currentScopeContained(string)) {
                    String string2 = securityConfigObject2.getString("name");
                    TrustManagerData trustManagerData = new TrustManagerData(string2, securityConfigObject2.getString("provider"), securityConfigObject2.getString(CommandConstants.ALGORITHM), securityConfigObject2.getString(CommandConstants.TRUST_MANAGER_CLASS), securityConfigObject2.getProperties("additionalTrustManagerAttrs"), string);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding trustManager name: " + string2 + " with values: " + trustManagerData);
                    }
                    this.trustManagerArrayList.add(trustManagerData);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadTrustManagers");
        }
    }

    public void loadKeyManagers(SecurityConfigObject securityConfigObject) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyManagers");
        }
        this.keyManagerArrayList.clear();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList(CommandConstants.KEY_MANAGERS);
        if (objectList != null) {
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                SecurityConfigObject object = securityConfigObject2.getObject(CommandConstants.MANAGEMENT_SCOPE);
                String string = object != null ? object.getString(CommandConstants.SCOPE_NAME) : ManagementScopeManager.getInstance().getCellScopeName();
                if (ManagementScopeManager.getInstance().currentScopeContained(string)) {
                    String string2 = securityConfigObject2.getString("name");
                    KeyManagerData keyManagerData = new KeyManagerData(string2, securityConfigObject2.getString("provider"), securityConfigObject2.getString(CommandConstants.ALGORITHM), securityConfigObject2.getString(CommandConstants.KEY_MANAGER_CLASS), securityConfigObject2.getProperties("additionalKeyManagerAttrs"), string);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding KeyManager name: " + string2 + " with values: " + keyManagerData);
                    }
                    this.keyManagerArrayList.add(keyManagerData);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyManagers");
        }
    }

    public TrustManagerData getTrustManagerData(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTrustManagerData", new Object[]{str});
        }
        for (int i = 0; i < this.trustManagerArrayList.size(); i++) {
            TrustManagerData trustManagerData = (TrustManagerData) this.trustManagerArrayList.get(i);
            if (trustManagerData != null && trustManagerData.getName().equalsIgnoreCase(str) && ManagementScopeManager.getInstance().currentScopeContained(trustManagerData.getManagementScope())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getTrustManagerData (" + str + ")");
                }
                return trustManagerData;
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getTrustManagerData (null)");
        return null;
    }

    public KeyManagerData getKeyManagerData(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyManagerData", new Object[]{str});
        }
        for (int i = 0; i < this.keyManagerArrayList.size(); i++) {
            KeyManagerData keyManagerData = (KeyManagerData) this.keyManagerArrayList.get(i);
            if (keyManagerData != null && keyManagerData.getName().equalsIgnoreCase(str) && ManagementScopeManager.getInstance().currentScopeContained(keyManagerData.getManagementScope())) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getKeyManagerData (" + str + ")");
                }
                return keyManagerData;
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getKeyManagerData (null)");
        return null;
    }

    public synchronized void loadDynamicSSLSelectionInfo(SecurityConfigObject securityConfigObject) {
        String string;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadDynamicSSLSelectionInfo");
        }
        this.sslConfigDynamicSelectionMap.clear();
        if (isCacheMissEnabled()) {
            synchronized (this.sslConfigDynamicSelectionCacheMissTreeSet) {
                this.sslConfigDynamicSelectionCacheMissTreeSet.clear();
            }
        }
        this.sslConfigDynamicLookupCache.clear();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList(CommandConstants.DYNAMIC_SSL_CONFIG_SELECTIONS);
        if (objectList != null) {
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                if (securityConfigObject2 != null) {
                    SecurityConfigObject object = securityConfigObject2.getObject(CommandConstants.MANAGEMENT_SCOPE);
                    if (object == null || (string = object.getString(CommandConstants.SCOPE_NAME)) == null || string.equals("") || ManagementScopeManager.getInstance().currentScopeContained(string)) {
                        String string2 = securityConfigObject2.getString("dynamicSelectionInfo");
                        String string3 = securityConfigObject2.getObject("sslConfig").getString("alias");
                        String string4 = securityConfigObject2.getString("certificateAlias");
                        if (string2 != null && string3 != null) {
                            if (string4 != null) {
                                this.sslConfigDynamicSelectionMap.put(string2, string3 + ":" + string4);
                            } else {
                                this.sslConfigDynamicSelectionMap.put(string2, string3);
                            }
                        }
                    } else if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "Scope \"" + string + "\" is out of scope for this process.");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadDynamicSSLSelectionInfo", new Object[]{this.sslConfigDynamicSelectionMap});
        }
    }

    public SSLConfig parseSSLConfig(SecurityConfigObject securityConfigObject, boolean z) throws Exception {
        String string;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfig");
        }
        if (securityConfigObject == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "parseSSLConfig -> null");
            return null;
        }
        String string2 = securityConfigObject.getString("alias");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Parsing SSLConfig with alias: " + string2);
        }
        SecurityConfigObject object = securityConfigObject.getObject(CommandConstants.MANAGEMENT_SCOPE);
        if (object == null || (string = object.getString(CommandConstants.SCOPE_NAME)) == null || string.equals("") || ManagementScopeManager.getInstance().currentScopeContained(string)) {
            SSLConfig parseSecureSocketLayer1 = parseSecureSocketLayer1(string2, securityConfigObject.getString("type", Constants.SSLTYPE_JSSE), securityConfigObject.getObject(CommandConstants.SETTING), z);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "parseSSLConfig");
            }
            return parseSecureSocketLayer1;
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "SSLConfig with alias \"" + string2 + "\" and scope (\"" + string + "\") is not in the current process scope");
        return null;
    }

    public SSLConfig parseSSLConfig(com.ibm.websphere.models.config.security.SSLConfig sSLConfig, boolean z) throws Exception {
        String scopeName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfig");
        }
        if (sSLConfig == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "parseSSLConfig -> null");
            return null;
        }
        String alias = sSLConfig.getAlias();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Parsing SSLConfig with alias: " + alias);
        }
        if (sSLConfig.getManagementScope() != null && (scopeName = sSLConfig.getManagementScope().getScopeName()) != null && !scopeName.equals("") && !ManagementScopeManager.getInstance().currentScopeContained(scopeName)) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "SSLConfig with alias \"" + alias + "\" and scope (\"" + scopeName + "\") is not in the current process scope");
            return null;
        }
        String str = null;
        if (null != sSLConfig.getType()) {
            str = sSLConfig.getType().getName();
        }
        SSLConfig parseSecureSocketLayer = parseSecureSocketLayer(alias, str, sSLConfig.getSetting(), z);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSSLConfig");
        }
        return parseSecureSocketLayer;
    }

    public SSLConfig parseSecureSocketLayer(String str, String str2, SecureSocketLayer secureSocketLayer, boolean z) throws Exception {
        String securityLevel;
        String bool;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSecureSocketLayer");
        }
        SSLConfig sSLConfig = new SSLConfig();
        if (secureSocketLayer != null) {
            KeyStore keyStore = secureSocketLayer.getKeyStore();
            WSKeyStore wSKeyStore = null;
            String str3 = null;
            if (keyStore != null) {
                str3 = keyStore.getName();
                wSKeyStore = KeyStoreManager.getInstance().getKeyStore(str3);
            }
            Certificate certificate = null;
            if (wSKeyStore != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding keystore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, str3);
                addSSLPropertiesFromKeyStore(wSKeyStore, sSLConfig);
                certificate = KeyStoreManager.getInstance().checkIfKeyStoreExistsAndCreateIfNot(wSKeyStore, sSLConfig);
                wSKeyStore.initializeKeyStore(z);
            }
            KeyStore trustStore = secureSocketLayer.getTrustStore();
            WSKeyStore wSKeyStore2 = null;
            String str4 = null;
            if (trustStore != null) {
                str4 = trustStore.getName();
                wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(str4);
            }
            if (wSKeyStore2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding truststore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, str4);
                addSSLPropertiesFromTrustStore(wSKeyStore2, sSLConfig);
                KeyStoreManager.getInstance().checkIfTrustStoreExistsAndCreateIfNot(wSKeyStore2, sSLConfig, certificate);
                wSKeyStore2.initializeKeyStore(z);
            }
        }
        WSKeyStore[] loadOldWCCMKeyStores = KeyStoreManager.getInstance().loadOldWCCMKeyStores(str, str2, secureSocketLayer);
        if (loadOldWCCMKeyStores != null) {
            for (int i = 0; i < loadOldWCCMKeyStores.length; i++) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding key/trust store properties from old attributes.");
                }
                WSKeyStore wSKeyStore3 = loadOldWCCMKeyStores[i];
                if (wSKeyStore3 != null) {
                    String property = wSKeyStore3.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                    if (property.endsWith("_trust")) {
                        sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, property);
                        addSSLPropertiesFromTrustStore(wSKeyStore3, sSLConfig);
                    }
                    if (property.endsWith("_key")) {
                        sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, property);
                        addSSLPropertiesFromKeyStore(wSKeyStore3, sSLConfig);
                    }
                }
                loadOldWCCMKeyStores[i].initializeKeyStore(z);
            }
        }
        KeyManager keyManager = secureSocketLayer != null ? secureSocketLayer.getKeyManager() : null;
        if (keyManager == null) {
            String keyManagerFactoryAlgorithm = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm);
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm);
            }
        } else if (keyManager.getAlgorithm() != null && (keyManager.getAlgorithm().equalsIgnoreCase("IbmPKIX") || keyManager.getAlgorithm().equalsIgnoreCase("IbmX509"))) {
            String algorithm = (keyManager.getAlgorithm() == null || keyManager.getProvider() == null) ? keyManager.getAlgorithm() : keyManager.getAlgorithm() + CommandSecurityUtil.PARAM_DELIM + keyManager.getProvider();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting KeyManager: " + algorithm);
            }
            sSLConfig.setProperty("com.ibm.ssl.keyManager", algorithm);
        } else if ((keyManager.getAlgorithm() == null || keyManager.getProvider() == null) && keyManager.getKeyManagerClass() == null) {
            String keyManagerFactoryAlgorithm2 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm2);
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm2);
            }
        } else {
            String name = keyManager.getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting custom KeyManager: " + name);
            }
            sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_KEY_MANAGER, name);
            String keyManagerFactoryAlgorithm3 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm3 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm3);
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm3);
            }
        }
        EList trustManager = secureSocketLayer != null ? secureSocketLayer.getTrustManager() : null;
        if (trustManager == null || trustManager.size() <= 0) {
            String trustManagerFactoryAlgorithm = JSSEProviderFactory.getTrustManagerFactoryAlgorithm();
            if (trustManagerFactoryAlgorithm != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default TrustManager: " + trustManagerFactoryAlgorithm);
                }
                sSLConfig.setProperty("com.ibm.ssl.trustManager", trustManagerFactoryAlgorithm);
            }
        } else {
            String str5 = null;
            for (int i2 = 0; i2 < trustManager.size(); i2++) {
                final TrustManager trustManager2 = (TrustManager) trustManager.get(i2);
                if (i2 == 0 && trustManager2 != null && trustManager2.getAlgorithm() != null && (trustManager2.getAlgorithm().equalsIgnoreCase("IbmX509") || trustManager2.getAlgorithm().equalsIgnoreCase("IbmPKIX"))) {
                    String algorithm2 = trustManager2.getProvider() != null ? trustManager2.getAlgorithm() + CommandSecurityUtil.PARAM_DELIM + trustManager2.getProvider() : trustManager2.getAlgorithm();
                    if (trustManager2.getAlgorithm().equalsIgnoreCase("IbmPKIX")) {
                        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.1
                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                SSLConfigManager.this.processIbmPKIXTrustManagerProperties(trustManager2);
                                return null;
                            }
                        });
                        if (tc.isDebugEnabled()) {
                            printTrustManagerProperties();
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting TrustManager: " + algorithm2);
                    }
                    sSLConfig.setProperty("com.ibm.ssl.trustManager", algorithm2);
                } else if (i2 > 0 && trustManager2 != null) {
                    str5 = str5 != null ? str5 + "," + trustManager2.getName() : trustManager2.getName();
                }
            }
            if (str5 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting custom TrustManager(s): " + str5);
                }
                sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_TRUST_MANAGERS, str5);
            }
        }
        if (secureSocketLayer != null) {
            String sslProtocol = secureSocketLayer.getSslProtocol();
            if (sslProtocol != null && !sslProtocol.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.protocol", sslProtocol);
            }
            String jsseProvider = secureSocketLayer.getJsseProvider();
            if (jsseProvider != null && !jsseProvider.equals("")) {
                if (jsseProvider.equalsIgnoreCase(Constants.IBMJSSE_NAME) || jsseProvider.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                    jsseProvider = "IBMJSSE2";
                }
                sSLConfig.setProperty("com.ibm.ssl.contextProvider", jsseProvider);
            }
            if (secureSocketLayer.isSetClientAuthentication() && (bool = Boolean.toString(secureSocketLayer.isClientAuthentication())) != null) {
                sSLConfig.setProperty("com.ibm.ssl.clientAuthentication", bool);
            }
            String bool2 = Boolean.toString(secureSocketLayer.isClientAuthenticationSupported());
            if (bool2 != null) {
                sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, bool2);
            }
            if (secureSocketLayer.isSetSecurityLevel() && (securityLevel = getSecurityLevel(secureSocketLayer.getSecurityLevel())) != null && !securityLevel.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.securityLevel", securityLevel);
            }
            String clientKeyAlias = secureSocketLayer.getClientKeyAlias();
            if (clientKeyAlias != null && !clientKeyAlias.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreClientAlias", clientKeyAlias);
            }
            String serverKeyAlias = secureSocketLayer.getServerKeyAlias();
            if (serverKeyAlias != null && !serverKeyAlias.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreServerAlias", serverKeyAlias);
            }
            String enabledCiphers = secureSocketLayer.getEnabledCiphers();
            if (enabledCiphers != null && !enabledCiphers.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.enabledCipherSuites", enabledCiphers);
            }
            for (int i3 = 0; i3 < secureSocketLayer.getProperties().size(); i3++) {
                Property property2 = (Property) secureSocketLayer.getProperties().get(i3);
                if (property2 != null && property2.getValue() != null && !property2.getValue().equals("")) {
                    String value = property2.getValue();
                    if (property2.getName().equals("com.ibm.ssl.contextProvider") && (value.equalsIgnoreCase(Constants.IBMJSSE_NAME) || value.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME))) {
                        value = "IBMJSSE2";
                    }
                    sSLConfig.setProperty(property2.getName(), value);
                }
            }
        } else {
            String property3 = System.getProperty("com.ibm.ssl.protocol");
            if (property3 != null && !property3.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.protocol", property3);
            }
            String property4 = System.getProperty("com.ibm.ssl.contextProvider");
            if (property4 != null && !property4.equals("")) {
                if (property4.equalsIgnoreCase(Constants.IBMJSSE_NAME) || property4.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                    property4 = "IBMJSSE2";
                }
                sSLConfig.setProperty("com.ibm.ssl.contextProvider", property4);
            }
            String property5 = System.getProperty("com.ibm.CSI.performTLClientAuthenticationRequired");
            if (property5 != null && !property5.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.clientAuthentication", property5);
            }
            String property6 = System.getProperty("com.ibm.CSI.performTLClientAuthenticationSupported");
            if (property6 != null && !property6.equals("")) {
                sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, property6);
            }
            String property7 = System.getProperty("com.ibm.ssl.securityLevel");
            if (property7 != null && !property7.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.securityLevel", property7);
            }
            String property8 = System.getProperty("com.ibm.ssl.keyStoreClientAlias");
            if (property8 != null && !property8.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreClientAlias", property8);
            }
            String property9 = System.getProperty("com.ibm.ssl.keyStoreServerAlias");
            if (property9 != null && !property9.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreServerAlias", property9);
            }
            String property10 = System.getProperty("com.ibm.ssl.enabledCipherSuites");
            if (property10 != null && !property10.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.enabledCipherSuites", property10);
            }
        }
        if (FIPSManager.getInstance().isFIPSEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "FIPS enabled, setting SSL protocol to TLS.");
            }
            sSLConfig.put("com.ibm.ssl.protocol", "TLS");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Saving SSLConfig.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSecureSocketLayer");
        }
        return sSLConfig;
    }

    private void printTrustManagerProperties() {
        Tr.debug(tc, "Trust Manager Properties:");
        Tr.debug(tc, " com.ibm.jsse2.checkRevocation - " + System.getProperty(Constants.SSLPROP_JSSE2_CHECK_REVOCATION));
        Tr.debug(tc, " com.ibm.security.enableCRLDP - " + System.getProperty(Constants.SSLPROP_ENABLE_CRLDP));
        Tr.debug(tc, " com.ibm.security.enableNULLCRLDP - " + System.getProperty(Constants.SSLPROP_NULL_ENABLE_CRLDP));
        Tr.debug(tc, " ocsp.enable - " + Security.getProperty(Constants.SSLPROP_OCSP_ENABLE));
        Tr.debug(tc, " ocsp.responderURL - " + Security.getProperty(Constants.SSLPROP_OCSP_RESPONDER_URL));
        Tr.debug(tc, " ocsp.responderCertSubjectName - " + Security.getProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_SUBJECT_NAME));
        Tr.debug(tc, " ocsp.responderCertIssuerName - " + Security.getProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_ISSUER_NAME));
        Tr.debug(tc, " ocsp.responderCertSerialNumber - " + Security.getProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_SERIAL_NUMBER));
        Tr.debug(tc, " com.ibm.security.ldap.certstore.host - " + System.getProperty(Constants.SSLPROP_LDAP_CERT_STORE_HOST));
        Tr.debug(tc, " com.ibm.security.ldap.certstore.port - " + System.getProperty(Constants.SSLPROP_LDAP_CERT_STORE_PORT));
    }

    public SSLConfig parseSecureSocketLayer1(String str, String str2, SecurityConfigObject securityConfigObject, boolean z) throws Exception {
        String string;
        String bool;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSecureSocketLayer");
        }
        SSLConfig sSLConfig = new SSLConfig();
        if (securityConfigObject != null) {
            SecurityConfigObject object = securityConfigObject.getObject(CommandConstants.KEY_STORE);
            WSKeyStore wSKeyStore = null;
            String str3 = null;
            if (object != null) {
                str3 = object.getString("name");
                wSKeyStore = KeyStoreManager.getInstance().getKeyStore(str3);
            }
            Certificate certificate = null;
            if (wSKeyStore != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding keystore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, str3);
                addSSLPropertiesFromKeyStore(wSKeyStore, sSLConfig);
                certificate = KeyStoreManager.getInstance().checkIfKeyStoreExistsAndCreateIfNot(wSKeyStore, sSLConfig);
                wSKeyStore.initializeKeyStore(z);
            }
            SecurityConfigObject object2 = securityConfigObject.getObject(CommandConstants.TRUST_STORE);
            WSKeyStore wSKeyStore2 = null;
            String str4 = null;
            if (object2 != null) {
                str4 = object2.getString("name");
                wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(str4);
            }
            if (wSKeyStore2 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding truststore properties from KeyStore object.");
                }
                sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, str4);
                addSSLPropertiesFromTrustStore(wSKeyStore2, sSLConfig);
                KeyStoreManager.getInstance().checkIfTrustStoreExistsAndCreateIfNot(wSKeyStore2, sSLConfig, certificate);
                wSKeyStore2.initializeKeyStore(z);
            }
        }
        WSKeyStore[] loadOldWCCMKeyStores = KeyStoreManager.getInstance().loadOldWCCMKeyStores(str, str2, securityConfigObject);
        if (loadOldWCCMKeyStores != null) {
            for (int i = 0; i < loadOldWCCMKeyStores.length; i++) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Adding key/trust store properties from old attributes.");
                }
                WSKeyStore wSKeyStore3 = loadOldWCCMKeyStores[i];
                if (wSKeyStore3 != null) {
                    String property = wSKeyStore3.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                    if (property.endsWith("_trust")) {
                        sSLConfig.setProperty(Constants.SSLPROP_TRUST_STORE_NAME, property);
                        addSSLPropertiesFromTrustStore(wSKeyStore3, sSLConfig);
                    }
                    if (property.endsWith("_key")) {
                        sSLConfig.setProperty(Constants.SSLPROP_KEY_STORE_NAME, property);
                        addSSLPropertiesFromKeyStore(wSKeyStore3, sSLConfig);
                    }
                }
                loadOldWCCMKeyStores[i].initializeKeyStore(z);
            }
        }
        SecurityConfigObject object3 = securityConfigObject != null ? securityConfigObject.getObject(CommandConstants.KEY_MANAGER) : null;
        if (object3 != null) {
            String string2 = object3.getString(CommandConstants.ALGORITHM);
            String string3 = object3.getString("provider");
            if (string2 != null && (string2.equalsIgnoreCase("IbmPKIX") || string2.equalsIgnoreCase("IbmX509"))) {
                String str5 = (string2 == null || string3 == null) ? string2 : string2 + CommandSecurityUtil.PARAM_DELIM + string3;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting KeyManager: " + str5);
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", str5);
            } else if ((string2 == null || string3 == null) && object3.getString(CommandConstants.KEY_MANAGER_CLASS) == null) {
                String keyManagerFactoryAlgorithm = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
                if (keyManagerFactoryAlgorithm != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm);
                    }
                    sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm);
                }
            } else {
                String string4 = object3.getString("name");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting custom KeyManager: " + string4);
                }
                sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_KEY_MANAGER, string4);
                String keyManagerFactoryAlgorithm2 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
                if (keyManagerFactoryAlgorithm2 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm2);
                    }
                    sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm2);
                }
            }
        } else {
            String keyManagerFactoryAlgorithm3 = JSSEProviderFactory.getKeyManagerFactoryAlgorithm();
            if (keyManagerFactoryAlgorithm3 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default KeyManager: " + keyManagerFactoryAlgorithm3);
                }
                sSLConfig.setProperty("com.ibm.ssl.keyManager", keyManagerFactoryAlgorithm3);
            }
        }
        SecurityConfigObjectList objectList = securityConfigObject != null ? securityConfigObject.getObjectList(CommandConstants.TRUST_MANAGER) : null;
        if (objectList == null || objectList.size() <= 0) {
            String trustManagerFactoryAlgorithm = JSSEProviderFactory.getTrustManagerFactoryAlgorithm();
            if (trustManagerFactoryAlgorithm != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting default TrustManager: " + trustManagerFactoryAlgorithm);
                }
                sSLConfig.setProperty("com.ibm.ssl.trustManager", trustManagerFactoryAlgorithm);
            }
        } else {
            String str6 = null;
            for (int i2 = 0; i2 < objectList.size(); i2++) {
                final SecurityConfigObject securityConfigObject2 = objectList.get(i2);
                String string5 = securityConfigObject2.getString(CommandConstants.ALGORITHM);
                if (i2 == 0 && securityConfigObject2 != null && string5 != null && (string5.equalsIgnoreCase("IbmX509") || string5.equalsIgnoreCase("IbmPKIX"))) {
                    String str7 = securityConfigObject2.getString("provider") != null ? string5 + CommandSecurityUtil.PARAM_DELIM + securityConfigObject2.getString("provider") : string5;
                    if (string5.equalsIgnoreCase("IbmPKIX")) {
                        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.2
                            @Override // java.security.PrivilegedAction
                            public Object run() {
                                SecurityConfigObjectList objectList2 = securityConfigObject2.getObjectList("additionalTrustManagerAttrs");
                                for (int i3 = 0; i3 < objectList2.size(); i3++) {
                                    SecurityConfigObject securityConfigObject3 = objectList2.get(i3);
                                    String string6 = securityConfigObject3.getString("value");
                                    if (string6 != null && !string6.equalsIgnoreCase("")) {
                                        SSLConfigManager.this.setCheckRevocationProperties(securityConfigObject3.getString("name"), string6);
                                    }
                                }
                                return null;
                            }
                        });
                        if (tc.isDebugEnabled()) {
                            printTrustManagerProperties();
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Setting TrustManager: " + str7);
                    }
                    sSLConfig.setProperty("com.ibm.ssl.trustManager", str7);
                } else if (i2 > 0 && securityConfigObject2 != null) {
                    str6 = str6 != null ? str6 + "," + securityConfigObject2.getString("name") : securityConfigObject2.getString("name");
                }
            }
            if (str6 != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting custom TrustManager(s): " + str6);
                }
                sSLConfig.setProperty(Constants.SSLPROP_CUSTOM_TRUST_MANAGERS, str6);
            }
        }
        if (securityConfigObject != null) {
            String string6 = securityConfigObject.getString(CommandConstants.SSL_PROTOCOL);
            if (string6 != null && !string6.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.protocol", string6);
            }
            String string7 = securityConfigObject.getString(CommandConstants.JSSE_PROVIDER);
            if (string7 != null && !string7.equals("")) {
                if (string7.equalsIgnoreCase(Constants.IBMJSSE_NAME) || string7.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME)) {
                    string7 = "IBMJSSE2";
                }
                sSLConfig.setProperty("com.ibm.ssl.contextProvider", string7);
            }
            if (securityConfigObject.isSet(CommandConstants.CLIENT_AUTHENTICATION) && (bool = securityConfigObject.getBoolean(CommandConstants.CLIENT_AUTHENTICATION).toString()) != null) {
                sSLConfig.setProperty("com.ibm.ssl.clientAuthentication", bool);
            }
            String bool2 = securityConfigObject.getBoolean(CommandConstants.CLIENT_AUTHENTICATION_SUPPORTED).toString();
            if (bool2 != null) {
                sSLConfig.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, bool2);
            }
            if (securityConfigObject.isSet(CommandConstants.SECURITY_LEVEL) && (string = securityConfigObject.getString(CommandConstants.SECURITY_LEVEL, Constants.SECURITY_LEVEL_HIGH)) != null && !string.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.securityLevel", string);
            }
            String string8 = securityConfigObject.getString(CommandConstants.CLIENT_KEY_ALIAS);
            if (string8 != null && !string8.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreClientAlias", string8);
            }
            String string9 = securityConfigObject.getString(CommandConstants.SERVER_KEY_ALIAS);
            if (string9 != null && !string9.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.keyStoreServerAlias", string9);
            }
            String string10 = securityConfigObject.getString(CommandConstants.ENABLED_CIPHERS);
            if (string10 != null && !string10.equals("")) {
                sSLConfig.setProperty("com.ibm.ssl.enabledCipherSuites", string10);
            }
            SecurityConfigObjectList objectList2 = securityConfigObject.getObjectList("properties");
            for (int i3 = 0; i3 < objectList2.size(); i3++) {
                SecurityConfigObject securityConfigObject3 = objectList2.get(i3);
                if (securityConfigObject3 != null) {
                    String string11 = securityConfigObject3.getString("value");
                    if (string11 != null && !string11.equals("")) {
                        String string12 = securityConfigObject3.getString("name");
                        if (string12.equals("com.ibm.ssl.contextProvider") && (string11.equalsIgnoreCase(Constants.IBMJSSE_NAME) || string11.equalsIgnoreCase(Constants.IBMJSSEFIPS_NAME))) {
                            string11 = "IBMJSSE2";
                        }
                        sSLConfig.setProperty(string12, string11);
                    }
                }
            }
        }
        if (FIPSManager.getInstance().isFIPSEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "FIPS enabled, setting SSL protocol to TLS.");
            }
            sSLConfig.put("com.ibm.ssl.protocol", getSSLProtocolForFipsLevel(sSLConfig));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Saving SSLConfig.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSecureSocketLayer");
        }
        return sSLConfig;
    }

    protected void setCheckRevocationProperties(String str, String str2) {
        if (str == null || str.length() <= 0 || str2 == null || str2.length() <= 0) {
            return;
        }
        if (str.equals(Constants.SSLPROP_JSSE2_CHECK_REVOCATION)) {
            System.setProperty(Constants.SSLPROP_JSSE2_CHECK_REVOCATION, str2);
            return;
        }
        if (str.equals(Constants.SSLPROP_ENABLE_CRLDP)) {
            System.setProperty(Constants.SSLPROP_ENABLE_CRLDP, str2);
            if (System.getProperty(Constants.SSLPROP_NULL_ENABLE_CRLDP) == null) {
                System.setProperty(Constants.SSLPROP_NULL_ENABLE_CRLDP, "true");
                return;
            }
            return;
        }
        if (str.equals(Constants.SSLPROP_NULL_ENABLE_CRLDP)) {
            System.setProperty(Constants.SSLPROP_NULL_ENABLE_CRLDP, str2);
            return;
        }
        if (str.equals(Constants.SSLPROP_LDAP_CERT_STORE_HOST)) {
            System.setProperty(Constants.SSLPROP_LDAP_CERT_STORE_HOST, str2);
            if (System.getProperty(Constants.SSLPROP_LDAP_CERT_STORE_PORT) == null) {
                System.setProperty(Constants.SSLPROP_LDAP_CERT_STORE_PORT, "389");
                return;
            }
            return;
        }
        if (str.equals(Constants.SSLPROP_LDAP_CERT_STORE_PORT)) {
            System.setProperty(Constants.SSLPROP_LDAP_CERT_STORE_PORT, str2);
            return;
        }
        if (str.equals(Constants.SSLPROP_OCSP_ENABLE)) {
            Security.setProperty(Constants.SSLPROP_OCSP_ENABLE, str2);
            return;
        }
        if (str.equals(Constants.SSLPROP_OCSP_RESPONDER_URL)) {
            Security.setProperty(Constants.SSLPROP_OCSP_RESPONDER_URL, str2);
            return;
        }
        if (str.equals(Constants.SSLPROP_OCSP_RESPONDER_CERT_SUBJECT_NAME)) {
            Security.setProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_SUBJECT_NAME, str2);
        } else if (str.equals(Constants.SSLPROP_OCSP_RESPONDER_CERT_ISSUER_NAME)) {
            Security.setProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_ISSUER_NAME, str2);
        } else if (str.equals(Constants.SSLPROP_OCSP_RESPONDER_CERT_SERIAL_NUMBER)) {
            Security.setProperty(Constants.SSLPROP_OCSP_RESPONDER_CERT_SERIAL_NUMBER, str2);
        }
    }

    public void addSSLPropertiesFromKeyStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromKeyStore");
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            sSLConfig.setProperty(str, wSKeyStore.getProperty(str));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromKeyStore");
        }
    }

    public void addSSLPropertiesFromTrustStore(WSKeyStore wSKeyStore, SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLPropertiesFromTrustStore");
        }
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            String property = wSKeyStore.getProperty(str);
            String str2 = null;
            if (str.startsWith("com.ibm.ssl.keyStore")) {
                int indexOf = str.indexOf("com.ibm.ssl.keyStore");
                String str3 = null;
                if (indexOf + "com.ibm.ssl.keyStore".length() < str.length()) {
                    str3 = str.substring(indexOf + "com.ibm.ssl.keyStore".length());
                }
                str2 = str3 != null ? "com.ibm.ssl.trustStore" + str3 : "com.ibm.ssl.trustStore";
            }
            if (str2 != null && property != null) {
                sSLConfig.setProperty(str2, property);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLPropertiesFromKeyStore");
        }
    }

    public String[] getSSLConfigAliases() {
        return (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
    }

    public SSLConfig getSSLConfig(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLConfig", str);
        }
        if (str == null || str.equals("")) {
            return getDefaultSSLConfig();
        }
        SSLConfig sSLConfig = (SSLConfig) this.sslConfigMap.get(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLConfig", sSLConfig);
        }
        return sSLConfig;
    }

    public void loadGlobalProperties(SecurityConfigObject securityConfigObject) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadGlobalProperties");
        }
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("properties");
        if (this.globalConfigProperties != null && objectList != null) {
            this.globalConfigProperties.clear();
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                String string = securityConfigObject2.getString("name");
                if (string.startsWith("com.ibm.ssl") || string.startsWith("com.ibm.security") || string.startsWith("com.ibm.websphere") || string.startsWith("was.com.ibm.websphere.security.zos.csiv2")) {
                    String unexpandedString = string.equals(Constants.SSLPROP_DEFAULT_CERTREQ_SUBJECTDN) ? securityConfigObject2.getUnexpandedString("value") : securityConfigObject2.getString("value");
                    if (unexpandedString != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting global property: " + string + "=" + unexpandedString);
                        }
                        this.globalConfigProperties.setProperty(string, unexpandedString);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Value is null, skip setting global property: " + string);
                    }
                }
            }
        }
        loadCSIv2SSLProperties(securityConfigObject);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadGlobalProperties");
        }
    }

    public void setSecurityProperties() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSecurityProperties");
        }
        String property = this.globalConfigProperties.getProperty(SecurityConfig.CERTPATH_DISABLE_ALGORITHMS, SecurityConfig.CERTPATH_DISABLE_ALGORITHMS_DEFAULT);
        String property2 = this.globalConfigProperties.getProperty(SecurityConfig.TLS_DISABLE_ALGORITHMS, SecurityConfig.TLS_DISABLE_ALGORITHMS_DEFAULT);
        String javaSecurityProperty = getJavaSecurityProperty(JAVA_CERTPATH_DISABLE_ALGORITHMS);
        String javaSecurityProperty2 = getJavaSecurityProperty(JAVA_TLS_DISABLE_ALGORITHMS);
        if (property.equalsIgnoreCase("none")) {
            if (javaSecurityProperty != null && !javaSecurityProperty.isEmpty()) {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0050I", new Object[]{JAVA_CERTPATH_DISABLE_ALGORITHMS, javaSecurityProperty});
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not setting " + JAVA_CERTPATH_DISABLE_ALGORITHMS);
            }
        } else {
            setJavaSecurityProperty(JAVA_CERTPATH_DISABLE_ALGORITHMS, property);
            if (javaSecurityProperty == null || javaSecurityProperty.isEmpty()) {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0052I", new Object[]{JAVA_CERTPATH_DISABLE_ALGORITHMS, property});
            } else {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0051I", new Object[]{JAVA_CERTPATH_DISABLE_ALGORITHMS, javaSecurityProperty, JAVA_CERTPATH_DISABLE_ALGORITHMS, property});
            }
        }
        if (property2.equalsIgnoreCase("none")) {
            if (javaSecurityProperty2 != null && !javaSecurityProperty2.isEmpty()) {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0050I", new Object[]{JAVA_TLS_DISABLE_ALGORITHMS, javaSecurityProperty2});
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not setting " + JAVA_TLS_DISABLE_ALGORITHMS);
            }
        } else {
            setJavaSecurityProperty(JAVA_TLS_DISABLE_ALGORITHMS, property2);
            if (javaSecurityProperty2 == null || javaSecurityProperty2.isEmpty()) {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0052I", new Object[]{JAVA_TLS_DISABLE_ALGORITHMS, property2});
            } else {
                Tr.info(tc, "ssl.java.security.setting.CWPKI0051I", new Object[]{JAVA_TLS_DISABLE_ALGORITHMS, javaSecurityProperty2, JAVA_TLS_DISABLE_ALGORITHMS, property2});
            }
        }
        this.setSecurityPropsOnce = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSecurityProperties");
        }
    }

    public void setJavaSecurityProperty(final String str, final String str2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting java security property  " + str + " to " + str2);
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                Security.setProperty(str, str2);
                return null;
            }
        });
    }

    public String getJavaSecurityProperty(final String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Getting java security property  " + str + ".");
        }
        String str2 = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Security.getProperty(str);
            }
        });
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returning property value  " + str2 + ".");
        }
        return str2;
    }

    public void loadCSIv2SSLProperties(SecurityConfigObject securityConfigObject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadCSIv2SSLProperties");
        }
        SecurityConfigObject object = securityConfigObject.getObject("CSI");
        if (object != null) {
            SecurityConfigObjectList objectList = object.getObject(CSIv2ConfigData.CLAIMS).getObjectList("layers");
            SecurityConfigObject securityConfigObject2 = null;
            int i = 0;
            while (true) {
                if (i >= objectList.size()) {
                    break;
                }
                SecurityConfigObject securityConfigObject3 = objectList.get(i);
                if (securityConfigObject3.instanceOf(SecurityprotocolPackage.eNS_URI, "TransportLayer")) {
                    securityConfigObject2 = securityConfigObject3;
                    break;
                }
                i++;
            }
            if (securityConfigObject2 != null) {
                SecurityConfigObject object2 = securityConfigObject2.getObject(CSIv2ConfigData.SUPPORTED_QOP);
                if (object2.getBoolean(CSIv2QOPConfig.ENABLE_PROTECTION).booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_SUPPORTED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_SUPPORTED, "false");
                }
                if (object2.getBoolean(CSIv2QOPConfig.ESTABLISH_TRUST_IN_CLIENT).booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_SUPPORTED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_SUPPORTED, "false");
                }
                if (object2.getBoolean("integrity").booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_SUPPORTED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_SUPPORTED, "false");
                }
                if (object2.getBoolean("confidentiality").booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_SUPPORTED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_SUPPORTED, "false");
                }
                SecurityConfigObject object3 = securityConfigObject2.getObject(CSIv2ConfigData.REQUIRED_QOP);
                if (object3.getBoolean(CSIv2QOPConfig.ENABLE_PROTECTION).booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_REQUIRED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_REQUIRED, "false");
                }
                if (object3.getBoolean(CSIv2QOPConfig.ESTABLISH_TRUST_IN_CLIENT).booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED, "false");
                }
                if (object3.getBoolean("integrity").booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_REQUIRED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_REQUIRED, "false");
                }
                if (object3.getBoolean("confidentiality").booleanValue()) {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_REQUIRED, "true");
                } else {
                    this.globalConfigProperties.setProperty(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_REQUIRED, "false");
                }
                SecurityConfigObject object4 = securityConfigObject2.getObject("serverAuthentication");
                String str = null;
                if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                    str = this.globalConfigProperties.getProperty("was.com.ibm.websphere.security.zos.csiv2.inbound.transport.sslconfig");
                }
                if (str == null) {
                    str = object4.getString("sslConfig");
                }
                if (str != null) {
                    this.globalConfigProperties.setProperty(CSIv2Config.SSL_INBOUND_ALIAS, str);
                }
            }
            SecurityConfigObjectList objectList2 = object.getObject(CSIv2ConfigData.PERFORMS).getObjectList("layers");
            SecurityConfigObject securityConfigObject4 = null;
            int i2 = 0;
            while (true) {
                if (i2 >= objectList2.size()) {
                    break;
                }
                SecurityConfigObject securityConfigObject5 = objectList2.get(i2);
                if (securityConfigObject5.instanceOf(SecurityprotocolPackage.eNS_URI, "TransportLayer")) {
                    securityConfigObject4 = securityConfigObject5;
                    break;
                }
                i2++;
            }
            if (securityConfigObject4 != null) {
                SecurityConfigObject object5 = securityConfigObject4.getObject(CSIv2ConfigData.SUPPORTED_QOP);
                if (object5.getBoolean(CSIv2QOPConfig.ENABLE_PROTECTION).booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTransportAssocSSLTLSSupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTransportAssocSSLTLSSupported", "false");
                }
                if (object5.getBoolean("integrity").booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageIntegritySupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageIntegritySupported", "false");
                }
                if (object5.getBoolean("confidentiality").booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageConfidentialitySupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageConfidentialitySupported", "false");
                }
                if (object5.getBoolean(CSIv2QOPConfig.ESTABLISH_TRUST_IN_CLIENT).booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTLClientAuthenticationSupported", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTLClientAuthenticationSupported", "false");
                }
                SecurityConfigObject object6 = securityConfigObject4.getObject(CSIv2ConfigData.REQUIRED_QOP);
                if (object6.getBoolean(CSIv2QOPConfig.ENABLE_PROTECTION).booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTransportAssocSSLTLSRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTransportAssocSSLTLSRequired", "false");
                }
                if (object6.getBoolean("integrity").booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageIntegrityRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageIntegrityRequired", "false");
                }
                if (object6.getBoolean("confidentiality").booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageConfidentialityRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performMessageConfidentialityRequired", "false");
                }
                if (object6.getBoolean(CSIv2QOPConfig.ESTABLISH_TRUST_IN_CLIENT).booleanValue()) {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTLClientAuthenticationRequired", "true");
                } else {
                    this.globalConfigProperties.setProperty("com.ibm.CSI.performTLClientAuthenticationRequired", "false");
                }
                SecurityConfigObject object7 = securityConfigObject4.getObject("serverAuthentication");
                String str2 = null;
                if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                    str2 = this.globalConfigProperties.getProperty("was.com.ibm.websphere.security.zos.csiv2.outbound.transport.sslconfig");
                }
                if (str2 == null) {
                    str2 = object7.getString("sslConfig");
                }
                if (str2 != null) {
                    this.globalConfigProperties.setProperty(CSIv2Config.SSL_OUTBOUND_ALIAS, str2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadCSIv2SSLProperties");
        }
    }

    public Properties determineIfCSIv2SettingsApply(Properties properties, Map map) throws SSLException {
        Properties properties2;
        Properties properties3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "determineIfCSIv2SettingsApply", new Object[]{map});
        }
        Properties properties4 = null;
        if (map != null) {
            String str = (String) map.get("com.ibm.ssl.endPointName");
            String str2 = (String) map.get("com.ibm.ssl.direction");
            if (str != null && ((str.equals("ORB_SSL_LISTENER_ADDRESS") || str.equals("CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS") || str.equals("CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS")) && str2 != null && str2.equals("inbound"))) {
                String property = this.globalConfigProperties.getProperty(CSIv2Config.SSL_INBOUND_ALIAS);
                if (property != null && property.length() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting inbound SSL config with alias: " + property);
                    }
                    properties4 = getProperties(property);
                }
                if (properties4 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.");
                    }
                    properties3 = (Properties) properties4.clone();
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.");
                    }
                    properties3 = (Properties) properties.clone();
                }
                if (properties3 != null) {
                    String property2 = this.globalConfigProperties.getProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_SUPPORTED);
                    String property3 = this.globalConfigProperties.getProperty(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED);
                    if (property2 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting client auth supported: " + property2);
                        }
                        properties3.setProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED, property2);
                    }
                    if (property3 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Setting client auth required: " + property3);
                        }
                        properties3.setProperty("com.ibm.ssl.clientAuthentication", property3);
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties3;
                }
            } else if ("IIOP".equals(str) && "outbound".equals(str2)) {
                String property4 = this.globalConfigProperties.getProperty(CSIv2Config.SSL_OUTBOUND_ALIAS);
                if (property4 != null && property4.length() > 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting outbound SSL config with alias: " + property4);
                    }
                    properties4 = getProperties(property4);
                }
                if (properties4 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning CSIv2 alias reference configuration.");
                    }
                    properties2 = (Properties) properties4.clone();
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cloning JSSEHelper configuration.");
                    }
                    properties2 = (Properties) properties.clone();
                }
                if (properties2 != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "determineIfCSIv2SettingsApply (settings applied)");
                    }
                    return properties2;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "determineIfCSIv2SettingsApply (original settings)");
        }
        return properties;
    }

    public Properties getDefaultSystemProperties(boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSystemProperties");
        }
        if (!z && this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS) != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getDefaultSystemProperties -> already present.");
            }
            return (Properties) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS);
        }
        SSLConfig parseSecureSocketLayer = parseSecureSocketLayer(Constants.DEFAULT_SYSTEM_ALIAS, Constants.SSLTYPE_JSSE, null, z);
        if (parseSecureSocketLayer == null || !parseSecureSocketLayer.requiredPropertiesArePresent()) {
            setDefaultSystemPropertiesIfNecessary();
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDefaultSystemProperties -> null");
            return null;
        }
        parseSecureSocketLayer.setProperty("com.ibm.ssl.alias", Constants.DEFAULT_SYSTEM_ALIAS);
        parseSecureSocketLayer.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, "System Properties");
        parseSecureSocketLayer.decodePasswords();
        SSLConfig sSLConfig = (SSLConfig) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS);
        if (sSLConfig == null) {
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseSecureSocketLayer, z);
        } else if (!sSLConfig.equals(parseSecureSocketLayer)) {
            removeSSLConfigFromMap(Constants.DEFAULT_SYSTEM_ALIAS, sSLConfig);
            addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, parseSecureSocketLayer, z);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "New SSL config equals old SSL config for alias: DefaultSystemProperties");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSystemProperties -> found valid system properties");
        }
        return parseSecureSocketLayer;
    }

    public void setDefaultSystemPropertiesIfNecessary() {
        final SSLConfig defaultSSLConfig;
        String defaultSSLSocketFactory = JSSEProviderFactory.getDefaultSSLSocketFactory();
        String defaultSSLServerSocketFactory = JSSEProviderFactory.getDefaultSSLServerSocketFactory();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setDefaultSystemPropertiesIfNecessary", new Object[]{defaultSSLSocketFactory, defaultSSLServerSocketFactory});
        }
        if ((defaultSSLSocketFactory == null || defaultSSLServerSocketFactory == null || ((defaultSSLSocketFactory != null && !defaultSSLSocketFactory.equals(Constants.SOCKET_FACTORY_WAS_DEFAULT)) || (defaultSSLServerSocketFactory != null && !defaultSSLServerSocketFactory.equals(Constants.SERVER_SOCKET_FACTORY_WAS_DEFAULT)))) && ((SSLConfig) this.sslConfigMap.get(Constants.DEFAULT_SYSTEM_ALIAS)) == null && (defaultSSLConfig = getDefaultSSLConfig()) != null) {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    String property = defaultSSLConfig.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                    WSKeyStore wSKeyStore = null;
                    if (property != null) {
                        wSKeyStore = KeyStoreManager.getInstance().getKeyStore(property);
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStore") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.keyStore") != null) {
                        System.setProperty("javax.net.ssl.keyStore", wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStore") : defaultSSLConfig.getProperty("com.ibm.ssl.keyStore"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.keyStorePassword") != null) {
                        System.setProperty("javax.net.ssl.keyStorePassword", wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword") : defaultSSLConfig.getProperty("com.ibm.ssl.keyStorePassword"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStoreType") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.keyStoreType") != null) {
                        System.setProperty("javax.net.ssl.keyStoreType", wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStoreType") : defaultSSLConfig.getProperty("com.ibm.ssl.keyStoreType"));
                    }
                    if ((wSKeyStore != null && wSKeyStore.getProperty("com.ibm.ssl.keyStoreProvider") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.keyStoreProvider") != null) {
                        System.setProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PROVIDER, wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.keyStoreProvider") : defaultSSLConfig.getProperty("com.ibm.ssl.keyStoreProvider"));
                    }
                    String property2 = defaultSSLConfig.getProperty(Constants.SSLPROP_TRUST_STORE_NAME);
                    WSKeyStore wSKeyStore2 = null;
                    if (property2 != null) {
                        wSKeyStore2 = KeyStoreManager.getInstance().getKeyStore(property2);
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStore") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.trustStore") != null) {
                        System.setProperty("javax.net.ssl.trustStore", wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStore") : defaultSSLConfig.getProperty("com.ibm.ssl.trustStore"));
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStorePassword") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.trustStorePassword") != null) {
                        System.setProperty("javax.net.ssl.trustStorePassword", wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStorePassword") : defaultSSLConfig.getProperty("com.ibm.ssl.trustStorePassword"));
                    }
                    if ((wSKeyStore2 != null && wSKeyStore2.getProperty("com.ibm.ssl.keyStoreType") != null) || defaultSSLConfig.getProperty("com.ibm.ssl.trustStoreType") != null) {
                        System.setProperty("javax.net.ssl.trustStoreType", wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStoreType") : defaultSSLConfig.getProperty("com.ibm.ssl.trustStoreType"));
                    }
                    if ((wSKeyStore2 == null || wSKeyStore2.getProperty("com.ibm.ssl.keyStoreProvider") == null) && defaultSSLConfig.getProperty("com.ibm.ssl.trustStoreProvider") == null) {
                        return null;
                    }
                    System.setProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PROVIDER, wSKeyStore2 != null ? wSKeyStore2.getProperty("com.ibm.ssl.keyStoreProvider") : defaultSSLConfig.getProperty("com.ibm.ssl.trustStoreProvider"));
                    return null;
                }
            });
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Set System JSSE properties using the following SSL config: " + defaultSSLConfig.toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setDefaultSystemPropertiesIfNecessary");
        }
    }

    public SSLConfig getDefaultSSLConfig() throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSSLConfig");
        }
        if (getGlobalProperty(Constants.IGNORE_JVM_KEYSTORES, "false").equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDefaultSSLConfig -> null as com.ibm.websphere.ssl.ignore.jvm.keystores is set.");
            return null;
        }
        SSLConfig sSLConfig = null;
        String globalProperty = getGlobalProperty(Constants.SSLPROP_DEFAULT_ALIAS);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "defaultAlias: " + globalProperty);
        }
        if (globalProperty != null) {
            sSLConfig = (SSLConfig) this.sslConfigMap.get(globalProperty);
            if (sSLConfig != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "defaultAlias not null, getDefaultSSLConfig for: " + globalProperty);
                }
                return sSLConfig;
            }
        }
        if (sSLConfig == null) {
            if (ManagementScopeManager.getInstance().getProcessType().equals(AdminConstants.DEPLOYMENT_MANAGER_PROCESS)) {
                for (Map.Entry entry : this.sslConfigMap.entrySet()) {
                    SSLConfig sSLConfig2 = (SSLConfig) entry.getValue();
                    String str = (String) entry.getKey();
                    if (sSLConfig2 != null) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "getDefaultSSLConfig: " + str);
                        }
                        if (str.equals("CellDefaultSSLSettings")) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "defaultSSLConfig: " + sSLConfig2.toString());
                            }
                            return sSLConfig2;
                        }
                    }
                }
            } else {
                for (Map.Entry entry2 : this.sslConfigMap.entrySet()) {
                    SSLConfig sSLConfig3 = (SSLConfig) entry2.getValue();
                    String str2 = (String) entry2.getKey();
                    if (sSLConfig3 != null) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "getDefaultSSLConfig: " + str2);
                        }
                        if (str2.equals("NodeDefaultSSLSettings")) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "defaultSSLConfig: " + sSLConfig3.toString());
                            }
                            return sSLConfig3;
                        }
                    }
                }
            }
        }
        if (sSLConfig == null) {
            SSLConfig sSLConfig4 = new SSLConfig();
            sSLConfig4.setProperty("com.ibm.ssl.alias", Constants.DEFAULT_SYSTEM_ALIAS);
            String property = System.getProperty("javax.net.ssl.keyStore");
            if (property != null) {
                sSLConfig4.setProperty("com.ibm.ssl.keyStore", property);
            }
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            if (property2 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.keyStorePassword", property2);
            }
            String property3 = System.getProperty("javax.net.ssl.keyStoreType");
            if (property3 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.keyStoreType", property3);
            }
            String property4 = System.getProperty(Constants.SYSTEM_SSLPROP_KEY_STORE_PROVIDER);
            if (property4 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.keyStoreProvider", property4);
            }
            String property5 = System.getProperty("javax.net.ssl.trustStore");
            if (property5 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.trustStore", property5);
            }
            String property6 = System.getProperty("javax.net.ssl.trustStorePassword");
            if (property6 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.trustStorePassword", property6);
            }
            String property7 = System.getProperty("javax.net.ssl.trustStoreType");
            if (property7 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.trustStoreType", property7);
            }
            String property8 = System.getProperty(Constants.SYSTEM_SSLPROP_TRUST_STORE_PROVIDER);
            if (property8 != null) {
                sSLConfig4.setProperty("com.ibm.ssl.trustStoreProvider", property8);
            }
            try {
                if (sSLConfig4.requiredPropertiesArePresent()) {
                    addSSLConfigToMap(Constants.DEFAULT_SYSTEM_ALIAS, sSLConfig4);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception adding default System properties to configuration.", new Object[]{e});
                }
                Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.getDefaultSSLConfig", "2058", this);
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getDefaultSSLConfig -> null");
        return null;
    }

    public Properties getPropertiesFromDynamicSelectionInfo(Map map) {
        String[] split;
        String property;
        SSLConfig sSLConfig;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPropertiesFromDynamicSelectionInfo", new Object[]{map});
        }
        if (map == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (no connection info)");
            return null;
        }
        if (this.sslConfigDynamicSelectionMap.size() == 0) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (no dynamic selections configured)");
            return null;
        }
        if (isCacheMissEnabled()) {
            synchronized (this.sslConfigDynamicSelectionCacheMissTreeSet) {
                if (this.sslConfigDynamicSelectionCacheMissTreeSet.contains(map)) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> previous cache miss.");
                    }
                    return null;
                }
            }
        }
        SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigDynamicLookupCache.get(map);
        if (sSLConfig2 != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> cached.");
            }
            return sSLConfig2;
        }
        String str = (String) map.get("com.ibm.ssl.direction");
        if (str != null && str.equals("inbound")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (direction inbound).");
            return null;
        }
        String str2 = (String) map.get("com.ibm.ssl.endPointName");
        String str3 = (String) map.get("com.ibm.ssl.remoteHost");
        String str4 = (String) map.get("com.ibm.ssl.remotePort");
        if (str2 != null && str2.equals("ADMIN_SOAP") && (sSLConfig = getSSLConfig("ADMIN_SOAP")) != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> returning old soap config.");
            }
            this.sslConfigDynamicLookupCache.put(map, sSLConfig);
            return sSLConfig;
        }
        Set keySet = this.sslConfigDynamicSelectionMap.keySet();
        Iterator it = null;
        if (keySet != null && keySet.size() > 0) {
            it = keySet.iterator();
        }
        if (it != null) {
            while (it.hasNext()) {
                String str5 = (String) it.next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SSLConfig dynamic selection info: " + str5);
                }
                if (str5 != null && (split = str5.split("\\|")) != null && split.length > 0) {
                    for (int i = 0; i < split.length; i++) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Parsing entry " + i + " of " + split.length + ": " + split[i]);
                        }
                        String[] split2 = split[i].split(",");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "This entry has " + split2.length + " attributes.");
                        }
                        if (split2 != null && split2.length == 3) {
                            String str6 = split2[0];
                            String str7 = split2[1];
                            String str8 = split2[2];
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Protocol: " + str6 + ", Host: " + str7 + ", Port: " + str8);
                            }
                            if (str6 == null || str7 == null || str8 == null) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Ending evaluation, one of the values is null.");
                                }
                            } else if (str6.equals("*") || (str2 != null && str6.equalsIgnoreCase(str2))) {
                                if (doesHostMatch(str7, str3)) {
                                    if (str8.equals("*") || (str4 != null && str8.equalsIgnoreCase(str4))) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Found a dynamic selection match!");
                                        }
                                        String str9 = (String) this.sslConfigDynamicSelectionMap.get(str5);
                                        String str10 = null;
                                        String str11 = null;
                                        if (str9 != null && str9.indexOf(":") != -1) {
                                            String[] split3 = str9.split(":");
                                            if (split3 != null && split3.length == 2) {
                                                str10 = split3[0];
                                                str11 = split3[1];
                                            }
                                        } else if (str9 != null) {
                                            str10 = str9;
                                        }
                                        SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(str10);
                                        if (sSLConfig3 != null) {
                                            if (str11 != null && ((property = sSLConfig3.getProperty("com.ibm.ssl.keyStoreClientAlias")) == null || !property.equals(str10))) {
                                                sSLConfig3 = new SSLConfig(sSLConfig3);
                                                sSLConfig3.setProperty("com.ibm.ssl.keyStoreClientAlias", str11);
                                            }
                                            this.sslConfigDynamicLookupCache.put(map, sSLConfig3);
                                            if (tc.isEntryEnabled()) {
                                                Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> found.");
                                            }
                                            return sSLConfig3;
                                        }
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Could not find the associated SSL configuration.");
                                        }
                                    } else if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Port does not match.");
                                    }
                                } else if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Host does not match.");
                                }
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Protocol does not match.");
                            }
                        }
                    }
                }
            }
        }
        if (isCacheMissEnabled()) {
            synchronized (this.sslConfigDynamicSelectionCacheMissTreeSet) {
                if (this.sslConfigDynamicSelectionCacheMissTreeSet.size() > 50) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cache miss tree set size is > 50, clearing the TreeSet.");
                    }
                    this.sslConfigDynamicSelectionCacheMissTreeSet.clear();
                }
                this.sslConfigDynamicSelectionCacheMissTreeSet.add(map);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cache miss tree set size is " + this.sslConfigDynamicSelectionCacheMissTreeSet.size() + " entries.");
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getPropertiesFromDynamicSelectionInfo -> null (not found).");
        return null;
    }

    boolean doesHostMatch(String str, String str2) {
        if (str.equals("*")) {
            return true;
        }
        if (str2 != null) {
            return str2.equalsIgnoreCase(str) || str2.toLowerCase().endsWith(str.toLowerCase());
        }
        return false;
    }

    public Properties getProperties(String str) throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProperties", str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProperties");
        }
        return getSSLConfig(str);
    }

    public String getGlobalProperty(String str) {
        if (this.globalConfigProperties == null) {
            String property = System.getProperty(str);
            if (tc.isDebugEnabled() && property != null) {
                Tr.debug(tc, "getGlobalProperties -> " + property);
            }
            return property;
        }
        String property2 = System.getProperty(str);
        if (property2 == null) {
            property2 = this.globalConfigProperties.getProperty(str);
        }
        if (tc.isDebugEnabled() && property2 != null) {
            Tr.debug(tc, "getGlobalProperties -> " + property2);
        }
        return property2;
    }

    public String getGlobalProperty(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getGlobalProperty", new Object[]{str, str2});
        }
        String globalProperty = getGlobalProperty(str);
        if (globalProperty == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getGlobalProperty -> " + str2);
            }
            return str2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getGlobalProperty -> " + globalProperty);
        }
        return globalProperty;
    }

    public String[] parseEnabledCiphers(String str) {
        if (str != null) {
            return str.split("\\s");
        }
        return null;
    }

    public String[] adjustSupportedCiphersToSecurityLevel(String[] strArr, String str) {
        return Constants.adjustSupportedCiphersToSecurityLevel(strArr, str);
    }

    public String convertCipherListToString(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (String str : strArr) {
            stringBuffer.append(str);
            stringBuffer.append(" ");
        }
        return stringBuffer.toString();
    }

    public String getSecurityLevel(SSLSecurityLevel sSLSecurityLevel) {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSecurityLevel");
        }
        switch (sSLSecurityLevel.getValue()) {
            case 0:
            default:
                str = Constants.SECURITY_LEVEL_HIGH;
                break;
            case 1:
                str = Constants.SECURITY_LEVEL_MEDIUM;
                break;
            case 2:
                str = Constants.SECURITY_LEVEL_LOW;
                break;
            case 3:
                str = "CUSTOM";
                break;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSecurityLevel -> " + str);
        }
        return str;
    }

    public static String mask(String str) {
        String str2 = null;
        if (str != null) {
            char[] cArr = new char[str.length()];
            for (int i = 0; i < str.length(); i++) {
                cArr[i] = '*';
            }
            str2 = new String(cArr);
        }
        return str2;
    }

    public void parseConfigURL(String str, String str2, boolean z) {
        SSLConfig sSLConfig;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseConfigURL", new Object[]{str2});
        }
        if (str2 != null && (!this.clientFilesAlreadyProcessed.contains(str2) || z)) {
            try {
                SSLConfig sSLConfig2 = new SSLConfig(str2);
                String property = sSLConfig2.getProperty("com.ibm.ssl.alias");
                if (property == null) {
                    property = str;
                    sSLConfig2.setProperty("com.ibm.ssl.alias", property);
                }
                if (str2.indexOf("soap.client.props") != -1) {
                    if (sSLConfig2.getProperty("com.ibm.ssl.keyStoreType") == null) {
                        sSLConfig2.setProperty("com.ibm.ssl.keyStoreType", "JKS");
                    }
                    if (sSLConfig2.getProperty("com.ibm.ssl.trustStoreType") == null) {
                        sSLConfig2.setProperty("com.ibm.ssl.trustStoreType", "JKS");
                    }
                }
                if (str2.indexOf("sas.client.props") != -1) {
                    this.globalConfigProperties.put("com.ibm.CSI.performTLClientAuthenticationRequired", sSLConfig2.getProperty("com.ibm.CSI.performTLClientAuthenticationRequired"));
                    this.globalConfigProperties.put("com.ibm.CSI.performTLClientAuthenticationSupported", sSLConfig2.getProperty("com.ibm.CSI.performTLClientAuthenticationSupported"));
                }
                if (sSLConfig2.requiredPropertiesArePresent()) {
                    sSLConfig2.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, str2);
                    sSLConfig2.decodePasswords();
                    if (z) {
                        SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(property);
                        if (sSLConfig3 == null) {
                            addSSLConfigToMap(property, sSLConfig2, z);
                        } else if (!sSLConfig3.equals(sSLConfig2)) {
                            removeSSLConfigFromMap(property, sSLConfig2);
                            addSSLConfigToMap(property, sSLConfig2, z);
                            notifySSLConfigChangeListener(property, Constants.CONFIG_STATE_CHANGED);
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "New SSL config equals old SSL config for alias: " + property);
                        }
                    } else {
                        addSSLConfigToMap(property, sSLConfig2);
                    }
                } else if (z && (sSLConfig = (SSLConfig) this.sslConfigMap.get(property)) != null) {
                    removeSSLConfigFromMap(property, sSLConfig);
                    notifySSLConfigChangeListener(property, Constants.CONFIG_STATE_DELETED);
                }
                this.clientFilesAlreadyProcessed.add(str2);
            } catch (Exception e) {
                TraceComponent traceComponent = tc;
                Object[] objArr = new Object[2];
                objArr[0] = str2;
                objArr[1] = e.getMessage() != null ? e.getClass().getName() + ":" + e.getMessage() : e.getClass().getName();
                Tr.error(traceComponent, "ssl.client.config.parse.CWPKI0019E", objArr);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception parsing SSL properties from ConfigURL.", new Object[]{e});
                }
                Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.parseConfigURL", "2567", this);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseConfigURL");
        }
    }

    public void parseSSLConfigURL(String str, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseSSLConfigURL", new Object[]{str, new Boolean(z)});
        }
        if (str != null && (!this.clientFilesAlreadyProcessed.contains(str) || z)) {
            String[] strArr = null;
            HashSet hashSet = null;
            if (z) {
                try {
                    hashSet = new HashSet();
                    strArr = (String[]) this.sslConfigMap.keySet().toArray(new String[0]);
                } catch (Exception e) {
                    TraceComponent traceComponent = tc;
                    Object[] objArr = new Object[2];
                    objArr[0] = str;
                    objArr[1] = e.getMessage() != null ? e.getClass().getName() + ":" + e.getMessage() : e.getClass().getName();
                    Tr.error(traceComponent, "ssl.client.config.parse.CWPKI0019E", objArr);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception parsing SSL properties from ssl.client.props.", new Object[]{e});
                    }
                    Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.core.SSLConfigManager.parseSSLConfigURL", "2765", this);
                }
            }
            SSLConfig[] loadPropertiesFile = new SSLConfig().loadPropertiesFile(str, true);
            if (loadPropertiesFile != null) {
                for (int i = 0; i < loadPropertiesFile.length; i++) {
                    if (i == 0 && loadPropertiesFile[0] != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting global SSL properties.");
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, loadPropertiesFile[i].toString());
                        }
                        this.globalConfigProperties.putAll(loadPropertiesFile[0]);
                        Enumeration<?> propertyNames = this.globalConfigProperties.propertyNames();
                        while (propertyNames.hasMoreElements()) {
                            String str2 = (String) propertyNames.nextElement();
                            setCheckRevocationProperties(str2, (String) this.globalConfigProperties.get(str2));
                        }
                        if (tc.isDebugEnabled()) {
                            printTrustManagerProperties();
                        }
                    } else if (loadPropertiesFile[i] != null && loadPropertiesFile[i].requiredPropertiesArePresent()) {
                        SSLConfig sSLConfig = loadPropertiesFile[i];
                        String property = sSLConfig.getProperty("com.ibm.ssl.alias");
                        sSLConfig.setProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM, str);
                        sSLConfig.decodePasswords();
                        if (z) {
                            hashSet.add(property);
                            SSLConfig sSLConfig2 = (SSLConfig) this.sslConfigMap.get(property);
                            if (sSLConfig2 == null) {
                                addSSLConfigToMap(property, sSLConfig, z);
                            } else if (!sSLConfig2.equals(sSLConfig)) {
                                removeSSLConfigFromMap(property, sSLConfig);
                                addSSLConfigToMap(property, sSLConfig, z);
                                notifySSLConfigChangeListener(property, Constants.CONFIG_STATE_CHANGED);
                            } else if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "New SSL config equals old SSL config for alias: " + property);
                            }
                        } else {
                            addSSLConfigToMap(property, sSLConfig);
                        }
                    }
                }
            } else {
                new File(str);
                if (!new File(str).exists()) {
                    throw new FileNotFoundException(str);
                }
            }
            this.clientFilesAlreadyProcessed.add(str);
            if (z) {
                for (String str3 : strArr) {
                    SSLConfig sSLConfig3 = (SSLConfig) this.sslConfigMap.get(str3);
                    String property2 = sSLConfig3.getProperty(Constants.SSLPROP_CONFIGURL_LOADED_FROM);
                    if (sSLConfig3 != null && !hashSet.contains(str3) && property2.equals(str)) {
                        removeSSLConfigFromMap(str3, sSLConfig3);
                        notifySSLConfigChangeListener(str3, Constants.CONFIG_STATE_DELETED);
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "parseSSLConfigURL");
        }
    }

    public void removeSSLConfigFromMap(String str, SSLConfig sSLConfig) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeSSLConfigFromMap", new Object[]{str});
        }
        String dynamicSelectionProperty = sSLConfig.getDynamicSelectionProperty();
        if (dynamicSelectionProperty != null && !dynamicSelectionProperty.equals("")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing old SSL properties from dynamic selection info list.");
            }
            this.sslConfigDynamicSelectionMap.remove(dynamicSelectionProperty);
        }
        this.sslConfigMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeSSLConfigFromMap");
        }
    }

    public void addSSLConfigToMap(String str, SSLConfig sSLConfig) throws Exception {
        addSSLConfigToMap(str, sSLConfig, false);
    }

    public void addSSLConfigToMap(String str, SSLConfig sSLConfig, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addSSLConfigToMap");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding SSL properties for alias: " + str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, sSLConfig.toString());
        }
        sSLConfig.expandPaths();
        if (validationEnabled()) {
            sSLConfig.validateSSLConfig();
        }
        if (!this.isServerProcess) {
            if (z) {
                KeyStoreManager.getInstance().refreshClientKeyStoreAndTrustStore(sSLConfig);
            } else {
                KeyStoreManager.getInstance().checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot(sSLConfig);
            }
        }
        this.sslConfigMap.put(str, sSLConfig);
        String dynamicSelectionProperty = sSLConfig.getDynamicSelectionProperty();
        if (dynamicSelectionProperty != null && !dynamicSelectionProperty.equals("")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding SSL properties to dynamic selection list with value: " + dynamicSelectionProperty);
            }
            this.sslConfigDynamicSelectionMap.put(dynamicSelectionProperty, str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addSSLConfigToMap");
        }
    }

    public String toString() {
        if (this.sslConfigMap.size() <= 0) {
            return "SSLConfigManager does not contain any SSL configurations.";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("SSLConfigManager configuration: \n");
        for (Map.Entry entry : this.sslConfigMap.entrySet()) {
            SSLConfig sSLConfig = (SSLConfig) entry.getValue();
            stringBuffer.append((String) entry.getKey());
            stringBuffer.append("===");
            stringBuffer.append(sSLConfig.toString());
        }
        return stringBuffer.toString();
    }

    public boolean validationEnabled() {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_VALIDATION_ENABLED);
        if (globalProperty != null) {
            return globalProperty.equalsIgnoreCase("true") || globalProperty.equalsIgnoreCase("yes");
        }
        return false;
    }

    public boolean isCacheMissEnabled() {
        if (this.disableCacheMiss == DISABLE_CACHE_MISS_PROP_NEVER_LOOKED_UP) {
            String globalProperty = getGlobalProperty(Constants.DISABLE_CACHE_MISS);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "value = " + globalProperty);
            }
            if (globalProperty == null || !(globalProperty.equalsIgnoreCase("true") || globalProperty.equalsIgnoreCase("yes"))) {
                this.disableCacheMiss = CACHE_MISS_ENABLED;
            } else {
                this.disableCacheMiss = CACHE_MISS_DISABLED;
            }
        }
        if (this.disableCacheMiss == CACHE_MISS_DISABLED) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Cached miss is disabled");
            return false;
        }
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Cached miss is enabled");
        return true;
    }

    public void checkURLHostNameVerificationProperty(boolean z) {
        String globalProperty = getGlobalProperty(Constants.SSLPROP_URL_HOSTNAME_VERIFICATION);
        if (globalProperty == null || globalProperty.equalsIgnoreCase("false") || globalProperty.equalsIgnoreCase("no")) {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: com.ibm.ws.ssl.config.SSLConfigManager.6
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            if (z) {
                return;
            }
            Tr.info(tc, "ssl.disable.url.hostname.verification.CWPKI0027I");
        }
    }

    public synchronized void notifySSLConfigChangeListener(String str, String str2) {
        List list;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "notifySSLConfigChangeListener", new Object[]{str, str2});
        }
        if (str != null && (list = (List) this.sslConfigListenerMap.get(str)) != null && list.size() > 0) {
            SSLConfigChangeListener[] sSLConfigChangeListenerArr = (SSLConfigChangeListener[]) list.toArray(new SSLConfigChangeListener[list.size()]);
            for (int i = 0; i < sSLConfigChangeListenerArr.length; i++) {
                SSLConfigChangeEvent sSLConfigChangeEvent = (SSLConfigChangeEvent) this.sslConfigListenerEventMap.get(sSLConfigChangeListenerArr[i]);
                if (sSLConfigChangeEvent != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Notifying listener[" + i + "]: " + sSLConfigChangeListenerArr[i].getClass().getName());
                    }
                    sSLConfigChangeEvent.setState(str2);
                    sSLConfigChangeEvent.setChangedSSLConfig((SSLConfig) this.sslConfigMap.get(str));
                    sSLConfigChangeListenerArr[i].stateChanged(sSLConfigChangeEvent);
                    if (str2.equals(Constants.CONFIG_STATE_DELETED)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Deregistering event for listener.");
                        }
                        this.sslConfigListenerEventMap.remove(sSLConfigChangeListenerArr[i]);
                    }
                }
            }
            if (str2.equals(Constants.CONFIG_STATE_DELETED)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Deregistering all listeners for this alias due to alias deletion.");
                }
                this.sslConfigListenerMap.remove(str);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "notifySSLConfigChangeListener");
        }
    }

    public synchronized void registerSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener, SSLConfigChangeEvent sSLConfigChangeEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "registerSSLConfigChangeListener", new Object[]{sSLConfigChangeListener, sSLConfigChangeEvent});
        }
        List list = (List) this.sslConfigListenerMap.get(sSLConfigChangeEvent.getAlias());
        if (list != null) {
            list.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), list);
        } else {
            ArrayList arrayList = new ArrayList();
            arrayList.add(sSLConfigChangeListener);
            this.sslConfigListenerMap.put(sSLConfigChangeEvent.getAlias(), arrayList);
        }
        this.sslConfigListenerEventMap.put(sSLConfigChangeListener, sSLConfigChangeEvent);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "registerSSLConfigChangeListener");
        }
    }

    public synchronized void deregisterSSLConfigChangeListener(SSLConfigChangeListener sSLConfigChangeListener) {
        List list;
        int indexOf;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deregisterSSLConfigChangeListener", new Object[]{sSLConfigChangeListener});
        }
        SSLConfigChangeEvent sSLConfigChangeEvent = null;
        if (sSLConfigChangeListener != null && this.sslConfigListenerEventMap.containsKey(sSLConfigChangeListener)) {
            sSLConfigChangeEvent = (SSLConfigChangeEvent) this.sslConfigListenerEventMap.get(sSLConfigChangeListener);
        }
        if (sSLConfigChangeEvent != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing listener: " + sSLConfigChangeListener.getClass().getName());
            }
            String alias = sSLConfigChangeEvent.getAlias();
            if (this.sslConfigListenerMap.containsKey(alias) && (list = (List) this.sslConfigListenerMap.get(alias)) != null && (indexOf = list.indexOf(sSLConfigChangeListener)) != -1) {
                list.remove(indexOf);
            }
            this.sslConfigListenerEventMap.remove(sSLConfigChangeListener);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deregisterSSLConfigChangeListener");
        }
    }

    public boolean isServerProcess() {
        return this.isServerProcess;
    }

    public String[] getSystemSSLCiphers() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSystemSSLCiphers");
        }
        ArrayList arrayList = new ArrayList();
        boolean z = isExtendedPolicy();
        for (int i = 0; i < SystemSSLCiphers.length; i++) {
            if (SystemSSLCiphers[i][1].indexOf("AES_256") == -1) {
                arrayList.add(SystemSSLCiphers[i][1]);
            } else if (z) {
                arrayList.add(SystemSSLCiphers[i][1]);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSystemSSLCiphers");
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    public String convertCiphersList(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "convertCiphersList", new Object[]{str});
        }
        String[] strArr = new String[SystemSSLCiphers.length];
        for (String str2 : str.split(" ")) {
            int i = 0;
            while (true) {
                if (i >= SystemSSLCiphers.length) {
                    break;
                }
                if (SystemSSLCiphers[i][1].equals(str2)) {
                    strArr[i] = SystemSSLCiphers[i][0];
                    break;
                }
                i++;
            }
        }
        String str3 = "";
        for (int i2 = 0; i2 < strArr.length; i2++) {
            if (strArr[i2] != null) {
                str3 = str3 + strArr[i2];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "convertCiphersList");
        }
        return str3;
    }

    public String getSystemSSLList(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSystemSSLList", new Object[]{str});
        }
        StringBuffer stringBuffer = new StringBuffer();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= str.length()) {
                break;
            }
            String substring = str.substring(i2, i2 + 2);
            for (int i3 = 0; i3 < SystemSSLCiphers.length; i3++) {
                if (SystemSSLCiphers[i3][0].equals(substring)) {
                    stringBuffer.append(SystemSSLCiphers[i3][1]);
                    stringBuffer.append(" ");
                }
            }
            i = i2 + 2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSystemSSLList");
        }
        return stringBuffer.toString();
    }

    public boolean isExtendedPolicy() throws Exception {
        String[] strArr;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isExtendedPolicy");
        }
        boolean z = false;
        String[] strArr2 = {"SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"};
        String[] strArr3 = {Constants.SSL_RSA_WITH_AES_256_CBC_SHA};
        String property = System.getProperty(Constants.COM_IBM_JSSE_SUITEB);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "JDK System Property:com.ibm.jsse2.suiteB is " + property);
        }
        if (property == null || !(property.equalsIgnoreCase(Constants.SUITEB_128) || property.equalsIgnoreCase(Constants.SUITEB_192))) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using non-suiteB ciphers to check policy");
            }
            strArr = strArr3;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using suiteB ciphers to check policy");
            }
            strArr = strArr2;
        }
        try {
            ((SSLServerSocket) JSSEHelper.getInstance().getSSLContext(null, null, null).getServerSocketFactory().createServerSocket()).setEnabledCipherSuites(strArr);
            z = true;
        } catch (IllegalArgumentException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Extened policy is not availible");
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while checking restricted/unrestricted policy");
            }
            throw e2;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isExtendedPolicy", Boolean.valueOf(z));
        }
        return z;
    }

    public SSLSocket setCipherListOnSocket(Properties properties, SSLSocket sSLSocket) {
        String[] adjustSupportedCiphersToSecurityLevel;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCipherListOnSocket");
        }
        if (properties == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setCipherListOnSocket props == null");
            }
            return sSLSocket;
        }
        String property = properties != null ? properties.getProperty("com.ibm.ssl.enabledCipherSuites") : null;
        if (sSLSocket != null) {
            try {
                if (property != null) {
                    adjustSupportedCiphersToSecurityLevel = property.split("\\s");
                } else {
                    String property2 = properties.getProperty("com.ibm.ssl.securityLevel");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "securityLevel from properties is " + property2);
                    }
                    if (property2 == null) {
                        property2 = Constants.SECURITY_LEVEL_HIGH;
                    }
                    adjustSupportedCiphersToSecurityLevel = getInstance().adjustSupportedCiphersToSecurityLevel(sSLSocket.getSupportedCipherSuites(), property2);
                }
                if (adjustSupportedCiphersToSecurityLevel != null) {
                    sSLSocket.setEnabledCipherSuites(adjustSupportedCiphersToSecurityLevel);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting ciphers in SSL Socket Factory.", new Object[]{e});
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCipherListOnSocket");
        }
        return sSLSocket;
    }

    public SSLServerSocket setCipherListOnServerSocket(Properties properties, SSLServerSocket sSLServerSocket) {
        String[] adjustSupportedCiphersToSecurityLevel;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setCipherListOnServerSocket");
        }
        if (properties == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setCipherListOnServerSocket props == null");
            }
            return sSLServerSocket;
        }
        String property = properties.getProperty("com.ibm.ssl.enabledCipherSuites");
        if (sSLServerSocket != null) {
            try {
                if (property != null) {
                    adjustSupportedCiphersToSecurityLevel = property.split("\\s");
                } else {
                    String property2 = properties.getProperty("com.ibm.ssl.securityLevel");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "securityLevel from properties is " + property2);
                    }
                    if (property2 == null) {
                        property2 = Constants.SECURITY_LEVEL_HIGH;
                    }
                    adjustSupportedCiphersToSecurityLevel = getInstance().adjustSupportedCiphersToSecurityLevel(sSLServerSocket.getSupportedCipherSuites(), property2);
                }
                if (adjustSupportedCiphersToSecurityLevel != null) {
                    sSLServerSocket.setEnabledCipherSuites(adjustSupportedCiphersToSecurityLevel);
                }
                String property3 = properties.getProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED);
                if (property3 != null && property3.equals("true")) {
                    sSLServerSocket.setWantClientAuth(true);
                }
                String property4 = properties.getProperty("com.ibm.ssl.clientAuthentication");
                if (property4 != null && property4.equals("true")) {
                    sSLServerSocket.setNeedClientAuth(true);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception setting ciphers in SSL Socket Factory.", new Object[]{e});
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setCipherListOnServerSocket");
        }
        return sSLServerSocket;
    }

    public boolean isClientAuthenticationEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isClientAuthenticationEnabled");
        }
        boolean z = false;
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (cSIv2Config != null) {
            boolean z2 = cSIv2Config.getBoolean("com.ibm.CSI.performTLClientAuthenticationRequired");
            boolean z3 = cSIv2Config.getBoolean("com.ibm.CSI.performTLClientAuthenticationSupported");
            z = z2 || z3;
            Tr.debug(tc, "isClientAuthenticationEnabled - from CSIv2Config - performs TL client auth required is " + z2 + " and supported is " + z3);
        } else {
            Tr.debug(tc, "is ClientAuthenticationEnabled - CSIv2Config is null so use global properties");
            String globalProperty = getGlobalProperty("com.ibm.CSI.performTLClientAuthenticationSupported");
            String globalProperty2 = getGlobalProperty("com.ibm.CSI.performTLClientAuthenticationRequired");
            Tr.debug(tc, "Global properties for supported is " + globalProperty + " and required is " + globalProperty2);
            if (globalProperty2 != null && globalProperty != null && (globalProperty2.equalsIgnoreCase("true") || globalProperty.equalsIgnoreCase("true"))) {
                z = true;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isClientAuthenticationEnabled", new Boolean(z));
        }
        return z;
    }

    void processIbmPKIXTrustManagerProperties(TrustManager trustManager) {
        EList additionalTrustManagerAttrs = trustManager.getAdditionalTrustManagerAttrs();
        for (int i = 0; i < additionalTrustManagerAttrs.size(); i++) {
            DescriptiveProperty descriptiveProperty = (DescriptiveProperty) additionalTrustManagerAttrs.get(i);
            String value = descriptiveProperty.getValue();
            if (value != null && !value.equalsIgnoreCase("")) {
                setCheckRevocationProperties(descriptiveProperty.getName(), value);
            }
        }
    }

    public String getSSLProtocolForFipsLevel(SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLProtocolForFipsLevel");
        }
        String property = sSLConfig.getProperty("com.ibm.ssl.protocol");
        boolean isFIPSEnabled = FIPSManager.getInstance().isFIPSEnabled();
        String fipsLevel = FIPSManager.getInstance().getFipsLevel();
        String suiteBLevel = FIPSManager.getInstance().getSuiteBLevel();
        List<String> protocolTypes = FIPSUtils.getProtocolTypes(isFIPSEnabled, fipsLevel, suiteBLevel);
        int fipsSecurityMode = FIPSUtils.getFipsSecurityMode(isFIPSEnabled, fipsLevel, suiteBLevel);
        if (!protocolTypes.contains(property)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid SSL Protocol:" + property + " found in the configuration. Valid protocols for FipsLevel:" + Constants.securityModeName[fipsSecurityMode] + " is " + protocolTypes + " Setting protocol to " + protocolTypes.get(0));
            }
            property = protocolTypes.get(0);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLProtocolForFipsLevel", property);
        }
        return property;
    }
}
