package com.ibm.rational.test.lt.models.wscore.datamodel.security.util.ssl;

import com.ibm.rational.test.lt.models.ws.LoggingUtil;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.KeyConfiguration;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.SSLConfiguration;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.util.KeyStoreUtil;
import com.ibm.rational.test.lt.models.wscore.datamodel.security.xmlsec.impl.KeyStoreTypeUtil;
import com.ibm.rational.test.lt.models.wscore.transport.noblck.impl.PemAccess;
import com.ibm.rational.test.lt.models.wscore.transport.noblck.impl.PemConverter;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/datamodel/security/util/ssl/SSLContextUtil.class */
public class SSLContextUtil {

    /* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/datamodel/security/util/ssl/SSLContextUtil$SSLCreationUtil.class */
    public static final class SSLCreationUtil {

        /* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/datamodel/security/util/ssl/SSLContextUtil$SSLCreationUtil$AlwaysTrueTrustManager.class */
        public static final class AlwaysTrueTrustManager implements X509TrustManager {
            public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
                return true;
            }

            public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
                return true;
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        }

        public static KeyStore createKeyStore(KeyConfiguration keyConfiguration) throws Exception {
            String[] defaultSupportedTypes = KeyStoreUtil.getDefaultSupportedTypes();
            String typeKeyStoreOrNull = KeyStoreTypeUtil.getTypeKeyStoreOrNull(keyConfiguration.getResourceProxy());
            if (typeKeyStoreOrNull != null) {
                try {
                    return loadKeyStore(typeKeyStoreOrNull, keyConfiguration);
                } catch (Throwable unused) {
                }
            }
            for (String str : defaultSupportedTypes) {
                try {
                    return loadKeyStore(str, keyConfiguration);
                } catch (Throwable unused2) {
                }
            }
            LoggingUtil.INSTANCE.error(KeyStoreUtil.class, new UnsupportedOperationException("Cannot load keystore " + keyConfiguration.getResourceProxy().getPortablePath()));
            throw new UnsupportedOperationException();
        }

        private static KeyStore loadKeyStore(String str, KeyConfiguration keyConfiguration) throws Exception {
            KeyStore keyStore;
            char[] cArr = null;
            if (keyConfiguration.getPassWord() != null && keyConfiguration.getPassWord().length() > 0) {
                cArr = keyConfiguration.getPassWord().toCharArray();
            }
            if (str.equals(KeyStoreUtil.PEM)) {
                keyStore = KeyStore.getInstance("JKS");
                if (PemAccess.CanPerformPEMTransformation()) {
                    try {
                        return PemConverter.createKeyStoreFromSingleCertAndPotentialKeyPair(new InputStreamReader(keyConfiguration.getInputStream()), cArr);
                    } catch (Exception unused) {
                        return null;
                    }
                }
            } else {
                keyStore = KeyStore.getInstance(str);
            }
            InputStream inputStream = keyConfiguration.getInputStream();
            keyStore.load(inputStream, cArr);
            inputStream.close();
            return keyStore;
        }

        public static KeyManagerFactory getDefaultKeyManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            try {
                keyStore.load(null, null);
            } catch (Exception e) {
                LoggingUtil.INSTANCE.error(SSLContextUtil.class, e);
            }
            keyManagerFactory.init(keyStore, null);
            return keyManagerFactory;
        }

        private static KeyManagerFactory getKeyManagerFactory(KeyConfiguration keyConfiguration) throws Exception {
            KeyManagerFactory defaultKeyManagerFactory = getDefaultKeyManagerFactory();
            char[] cArr = null;
            if (keyConfiguration.getPassWord() != null && keyConfiguration.getPassWord().length() > 0) {
                cArr = keyConfiguration.getPassWord().toCharArray();
            }
            defaultKeyManagerFactory.init(createKeyStore(keyConfiguration), cArr);
            return defaultKeyManagerFactory;
        }

        private static TrustManager[] getTrustManagers(KeyConfiguration keyConfiguration) throws Exception {
            TrustManagerFactory defaultTrustManagerFactory = getDefaultTrustManagerFactory();
            defaultTrustManagerFactory.init(createKeyStore(keyConfiguration));
            return defaultTrustManagerFactory.getTrustManagers();
        }

        private static TrustManagerFactory getDefaultTrustManagerFactory() {
            try {
                return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            } catch (NoSuchAlgorithmException unused) {
                return null;
            }
        }

        public static TrustManager[] getAlwaysTrueTrustManagers() {
            return new TrustManager[]{new AlwaysTrueTrustManager()};
        }

        private static SSLContext getSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws Exception {
            if (FIPSContextUtil.isSp800_131() || FIPSContextUtil.isSuiteB()) {
                SSLContext sSLContext = SSLContext.getInstance(FIPSContextUtil.getSSLAlgorithmForNIPSMode(), FIPSContextUtil.IBMJSSE2);
                sSLContext.init(keyManagerArr, trustManagerArr, null);
                return sSLContext;
            }
            if (FIPSContextUtil.isFips()) {
                SSLContext sSLContext2 = SSLContext.getInstance(FIPSContextUtil.getSSLAlgorithmForFIPSMode(), FIPSContextUtil.IBMJSSE2);
                sSLContext2.init(keyManagerArr, trustManagerArr, null);
                return sSLContext2;
            }
            SSLContext sSLContext3 = SSLContext.getInstance(FIPSContextUtil.getSSLAlgoritmForNonFipsMode());
            sSLContext3.init(keyManagerArr, trustManagerArr, null);
            return sSLContext3;
        }

        public static SSLContext getSSLContext(SSLConfiguration sSLConfiguration) throws Exception {
            if (sSLConfiguration == null) {
                return getSSLContext(getDefaultKeyManagerFactory().getKeyManagers(), getAlwaysTrueTrustManagers());
            }
            return getSSLContext(SSLContextUtil.filterOutAsRequired(sSLConfiguration, (!sSLConfiguration.getUseKeyStore().booleanValue() || sSLConfiguration.getKey() == null) ? getDefaultKeyManagerFactory() : getKeyManagerFactory(sSLConfiguration.getKey())), sSLConfiguration.getAlwaysTrueTrustStore().booleanValue() ? getAlwaysTrueTrustManagers() : getTrustManagers(sSLConfiguration.getTrust()));
        }

        public static SSLSocketFactory getSocketFactory(SSLConfiguration sSLConfiguration) throws Exception {
            return getSSLContext(sSLConfiguration).getSocketFactory();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyManager[] filterOutAsRequired(SSLConfiguration sSLConfiguration, KeyManagerFactory keyManagerFactory) {
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        return sSLConfiguration.isUseTrustAlias() ? new KeyManager[]{new AliasKeyManager(sSLConfiguration.getSelectedTrustAlias().getValue(), keyManagers)} : keyManagers;
    }
}
