package com.ibm.ws.security.core;

import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.ssl.channel.impl.SSLChannelConstants;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.core.WSPKCSInKeyStore;
import com.ibm.ws.ssl.core.WSPKCSInKeyStoreList;
import java.io.File;
import java.security.KeyStore;
import java.security.Security;
import java.util.ArrayList;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/security/core/SSLConfigValidation.class */
public final class SSLConfigValidation {
    static WSPKCSInKeyStoreList pkStoreL = new WSPKCSInKeyStoreList();
    static WSPKCSInKeyStore wspkStore = null;
    private static final TraceComponent tc = Tr.register((Class<?>) SSLConfigValidation.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);

    public static int checkTokenLibFile(String str, String str2, String str3, String str4, String str5, String str6) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTokenLibFile");
        }
        String passwordDecode = PasswordUtil.passwordDecode(str4);
        String resolveInstallRoot = resolveInstallRoot(str2);
        int i = 0;
        String str7 = str3;
        if (str7 == null || str7.equals("")) {
            str7 = "0";
        }
        File file = new File(resolveInstallRoot);
        if (file == null || !file.isFile() || !file.canRead()) {
            i = 1;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "tokenLib file not found.");
            }
        }
        if (i == 0) {
            try {
                wspkStore = pkStoreL.insert(str, resolveInstallRoot + ":" + str7, passwordDecode, true, false);
            } catch (Exception e) {
                i = 2;
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SSLConfigValidation.checkTokenLibFile", "90");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalid password.");
                }
            }
        }
        if (i == 0 && str5 != null && !str5.equals("") && !findTokenAlias(str5)) {
            i = 3;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invalid serverAlias.");
            }
        }
        if (i == 0 && str6 != null && !str6.equals("") && !findTokenAlias(str6)) {
            i = 4;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "invalid clientAlias.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTokenLibFile");
        }
        return i;
    }

    public static int checkKeyFile(String str, String str2, String str3, String str4, String str5) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkKeyFile");
        }
        String passwordDecode = PasswordUtil.passwordDecode(str3);
        String resolveInstallRoot = resolveInstallRoot(str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyFilename: ", resolveInstallRoot);
        }
        int i = 0;
        boolean z = true;
        int i2 = 0;
        KeyStore keyStore = null;
        ArrayList<String> arrayList = new ArrayList<>();
        while (z) {
            try {
                keyStore = KeyStore.getInstance(str);
            } catch (Exception e) {
                i = 2;
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SSLConfigValidation.checkKeyFile", "176");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalid fileType.");
                }
                z = false;
            }
            if (i == 0) {
                try {
                    keyStore.load(WSKeyStore.openKeyStore(resolveInstallRoot), passwordDecode == null ? null : passwordDecode.toCharArray());
                    z = false;
                } catch (Exception e2) {
                    if (e2.getMessage().equalsIgnoreCase("Invalid keystore format") || e2.getMessage().indexOf("DerInputStream.getLength()") != -1) {
                        if (i2 == 0) {
                            Tr.warning(tc, SSLChannelConstants.INVALID_KEYSTORE_TYPE);
                            arrayList = WSKeyStore.getKeyStoreTypes();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Valid keyStore list: " + arrayList.toString());
                            }
                        }
                        if (i2 >= arrayList.size()) {
                            i = 3;
                            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SSLConfigValidation.checkKeyFile", "206");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "checkKeyFile", e2);
                            }
                            z = false;
                        }
                        int i3 = i2;
                        i2++;
                        str = arrayList.get(i3);
                    } else {
                        i = 3;
                        FFDCFilter.processException(e2, "com.ibm.ws.security.core.SSLConfigValidation.checkKeyFile", "219");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "checkKeyFile", e2);
                        }
                        z = false;
                    }
                }
            }
        }
        new WSKeyStore();
        if (i == 0 && str4 != null && !str4.equals("")) {
            boolean z2 = false;
            try {
                z2 = keyStore.containsAlias(str4);
            } catch (Exception e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.core.SSLConfigValidation.checkKeyFile", "242");
            }
            if (!z2) {
                i = 4;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalid serverAlias.");
                }
            }
        }
        if (i == 0 && str5 != null && !str5.equals("")) {
            boolean z3 = false;
            try {
                z3 = keyStore.containsAlias(str5);
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ws.security.core.SSLConfigValidation.checkKeyFile", "266");
            }
            if (!z3) {
                i = 5;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalid clientAlias.");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkKeyFile");
        }
        return i;
    }

    public static int checkTrustFile(String str, String str2, String str3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkTrustFile");
        }
        String passwordDecode = PasswordUtil.passwordDecode(str3);
        String resolveInstallRoot = resolveInstallRoot(str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustFilename: ", resolveInstallRoot);
        }
        int i = 0;
        boolean z = true;
        int i2 = 0;
        KeyStore keyStore = null;
        ArrayList arrayList = new ArrayList();
        while (z) {
            try {
                keyStore = KeyStore.getInstance(str);
            } catch (Exception e) {
                i = 2;
                FFDCFilter.processException(e, "com.ibm.ws.security.core.SSLConfigValidation.checkTrustFile", "320");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "invalid fileType.");
                }
                z = false;
            }
            if (i == 0) {
                try {
                    keyStore.load(WSKeyStore.openKeyStore(resolveInstallRoot), passwordDecode == null ? null : passwordDecode.toCharArray());
                    z = false;
                } catch (Exception e2) {
                    if (e2.getMessage().equalsIgnoreCase("Invalid keystore format") || e2.getMessage().indexOf("DerInputStream.getLength()") != -1) {
                        if (i2 == 0) {
                            Tr.warning(tc, SSLChannelConstants.INVALID_KEYSTORE_TYPE);
                            arrayList = new ArrayList(Security.getAlgorithms("KeyStore"));
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Valid keyStore list: " + arrayList.toString());
                            }
                        }
                        if (i2 >= arrayList.size()) {
                            i = 3;
                            FFDCFilter.processException(e2, "com.ibm.ws.security.core.SSLConfigValidation.checkTrustFile", "351");
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "checkTrustFile", e2);
                            }
                            z = false;
                        }
                        int i3 = i2;
                        i2++;
                        str = (String) arrayList.get(i3);
                    } else {
                        i = 3;
                        FFDCFilter.processException(e2, "com.ibm.ws.security.core.SSLConfigValidation.checkTrustFile", "364");
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "checkTrustFile", e2);
                        }
                        z = false;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkTrustFile");
        }
        return i;
    }

    private static String resolveInstallRoot(String str) {
        String str2 = str;
        int length = SecConstants.USER_INSTALL_ROOT.length();
        if (str.startsWith(SecConstants.USER_INSTALL_ROOT)) {
            String string = SecurityObjectLocator.getAdminData().getString(SecConstants.USER_INSTALL_ROOT);
            StringBuffer stringBuffer = new StringBuffer(str);
            stringBuffer.replace(0, length, string);
            str2 = stringBuffer.toString();
        }
        return str2;
    }

    private static boolean findTokenAlias(String str) {
        boolean z = false;
        try {
            z = wspkStore.getKS().containsAlias(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.core.SSLConfigValidation.findTokenAlias", "380");
        }
        return z;
    }
}
