package com.ibm.ws.ssl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.logging.IBMConstants;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.config.FIPSManager;
import com.ibm.ws.ssl.config.FIPSUtils;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.provider.IBMJSSE2Provider;
import com.ibm.ws.ssl.provider.IBMJSSEProvider;
import com.ibm.ws.ssl.provider.SunJSSEProvider;
import com.ibm.ws.util.PlatformHelperFactory;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;

/* loaded from: input_file:com/ibm/ws/ssl/JSSEProviderFactory.class */
public class JSSEProviderFactory {
    private static TraceComponent tc = Tr.register(JSSEProviderFactory.class.getName(), "SSL");
    private static JSSEProvider cachedProvider = null;
    private static Boolean USE_FIPS_FLAG = new Boolean(false);
    private static Hashtable providerCache = new Hashtable();
    private static String IBMJSSEFIPS_PROVIDER = Constants.IBMJSSEFIPS_NAME;
    private static String IBMJSSE_PROVIDER = Constants.IBMJSSE_NAME;
    private static String IBMJSSE2_PROVIDER = "IBMJSSE2";
    private static String SUNJSSE_PROVIDER = Constants.SUNJSSE_NAME;
    private static String DEFAULT_PROVIDER = "IBMJSSE2";
    private static String trustManagerFactoryAlgorithm = null;
    private static String keyManagerFactoryAlgorithm = null;
    private static String defaultSSLSocketFactory = null;
    private static String defaultSSLServerSocketFactory = null;
    private static String isFipsEnabled = null;
    private static boolean fipsInitialized = false;
    private static boolean providerListInitialized = false;
    private static List fipsJCEProvidersObjectList = null;
    private static List fipsJSSEProvidersObjectList = null;
    private static String providerFromProviderList = "IBMJSSE2";
    private static final String DEFAULT_PKCS11_PROVIDER_CLASS_NAME = "com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl";

    public static JSSEProvider getInstance() {
        return getInstance(null);
    }

    public static JSSEProvider getInstance(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInstance: " + str);
        }
        if (str == null) {
            str = getProviderFromProviderList();
        }
        if (str == null) {
            str = DEFAULT_PROVIDER;
        }
        if (str != null) {
            if (isFipsEnabled() || str.equalsIgnoreCase(IBMJSSEFIPS_PROVIDER)) {
                str = IBMJSSE2_PROVIDER;
            }
            cachedProvider = (JSSEProvider) providerCache.get(str);
            if (cachedProvider != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getInstance returning cached provider: " + cachedProvider);
                }
                return cachedProvider;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cachedProvider is null, proceeding to determine the provider.");
            }
        }
        final String str2 = str;
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Provider provider = Security.getProvider(str2);
                if (provider != null) {
                    return null;
                }
                if (JSSEProviderFactory.isFipsEnabled() || str2.equalsIgnoreCase(JSSEProviderFactory.IBMJSSE2_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName(Constants.IBMJSSE2).newInstance();
                    } catch (Exception e) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: " + str2);
                        }
                    }
                } else if (str2.equalsIgnoreCase(JSSEProviderFactory.IBMJSSE_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName(Constants.IBMJSSE2).newInstance();
                    } catch (Exception e2) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: " + str2);
                        }
                    }
                } else if (str2.equalsIgnoreCase(JSSEProviderFactory.SUNJSSE_PROVIDER)) {
                    try {
                        provider = (Provider) Class.forName("com.sun.net.ssl.internal.ssl.Provider").newInstance();
                    } catch (Exception e3) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: " + str2);
                        }
                    }
                } else {
                    try {
                        provider = (Provider) Class.forName(Constants.IBMJSSE2).newInstance();
                    } catch (Exception e4) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: " + str2);
                        }
                    }
                }
                if (provider == null || !(provider instanceof Provider)) {
                    return null;
                }
                Security.addProvider(provider);
                return null;
            }
        });
        Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Provider name [" + i + "]: " + providers[i].getName());
            }
            if (cachedProvider == null && providers[i].getName().equalsIgnoreCase(str)) {
                if (str.equalsIgnoreCase(IBMJSSE2_PROVIDER)) {
                    cachedProvider = new IBMJSSE2Provider();
                    providerCache.put(IBMJSSE2_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                } else if (str.equalsIgnoreCase(IBMJSSE_PROVIDER)) {
                    cachedProvider = new IBMJSSEProvider();
                    providerCache.put(IBMJSSE_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                    if (isFipsEnabled()) {
                        Tr.warning(tc, "UseFIPS is enabled but the SSL Configuration is not using FIPS approved JSSE Provider. FIPS approved cryptographic algorithms will not be used in this case.");
                    }
                } else if (str.equalsIgnoreCase(SUNJSSE_PROVIDER)) {
                    cachedProvider = new SunJSSEProvider();
                    providerCache.put(SUNJSSE_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                    if (isFipsEnabled()) {
                        Tr.warning(tc, "UseFIPS is enabled but the SSL Configuration is not using FIPS approved JSSE Provider. FIPS approved cryptographic algorithms will not be used in this case.");
                    }
                } else {
                    cachedProvider = new IBMJSSE2Provider();
                    providerCache.put(IBMJSSE2_PROVIDER, cachedProvider);
                    providerCache.put(str, cachedProvider);
                }
            }
        }
        if (cachedProvider == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "JSSE Provider is not found. Use IBMJSSE2Provider");
            }
            cachedProvider = new IBMJSSE2Provider();
            providerCache.put(IBMJSSE2_PROVIDER, cachedProvider);
            providerCache.put(str, cachedProvider);
        }
        if (!providerListInitialized) {
            if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "On Z/OS need to see if the CMS provider needs reloading.");
                }
                loadCMSProviderForZOS();
            } else {
                try {
                    loadCMSProviderIfNotLoaded();
                    String property = System.getProperty("java.vm.name");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "jvmName=" + property);
                    }
                    if (property != null && property.indexOf(IBMConstants.ibm) >= 0) {
                        loadPKCS11ProviderIfNotLoaded();
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception trying to initialize provider " + e.getMessage());
                    }
                }
            }
            providerListInitialized = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInstance provider = " + cachedProvider);
        }
        return cachedProvider;
    }

    private static void loadCMSProviderForZOS() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "reloadCMSProvider");
        }
        if (SecurityObjectLocator.getSecurityConfig() != null) {
            SecurityObjectLocator.getSecurityConfig().getPropertyBool(SecurityConfig.USE_CMS_DEFAULT, false);
        }
        if (0 == 0) {
            Provider provider = Security.getProvider(Constants.IBMCMS_NAME);
            try {
                Provider provider2 = (Provider) Class.forName(Constants.IBMCMS).getConstructor(String.class).newInstance("V3");
                if (provider != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CMS provider found, reloading with V3");
                    }
                    Security.removeProvider(Constants.IBMCMS_NAME);
                }
                Security.addProvider(provider2);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception loading provider: " + e);
                }
            }
        } else {
            loadCMSProviderIfNotLoaded();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "reloadCMSProvider");
        }
    }

    private static void loadCMSProviderIfNotLoaded() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadCMSProviderIfNotLoaded");
        }
        if (Security.getProvider(Constants.IBMCMS_NAME) == null) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "CMS provider found, reloading with V3");
                }
                Security.addProvider((Provider) Class.forName(Constants.IBMCMS).newInstance());
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception loading provider: " + e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadCMSProviderIfNotLoaded");
        }
    }

    private static void loadPKCS11ProviderIfNotLoaded() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadPKCS11ProviderIfNotLoaded");
        }
        if (Security.getProvider("com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl") == null) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HW provider not found insert it before IBMJCE");
                }
                Security.insertProviderAt((Provider) Class.forName("com.ibm.crypto.pkcs11impl.provider.IBMPKCS11Impl").newInstance(), findJCEPosition() + 1);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception loading provider: " + e);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadPKCS11ProviderIfNotLoaded");
        }
    }

    private static int findJCEPosition() {
        int i = 0;
        Provider[] providers = Security.getProviders();
        int i2 = 0;
        while (true) {
            if (i2 >= providers.length) {
                break;
            }
            if (providers[i2].getName().equals("IBMJCE")) {
                i = i2;
                break;
            }
            i2++;
        }
        return i;
    }

    private static boolean validateProvider(final String str) {
        boolean z = true;
        try {
            try {
                final String str2 = isFipsEnabled() ? isFips140_2Enabled() ? "TLS" : Constants.TLSV1_2 : "SSL";
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error validating provider: " + str + ", Exception: " + exception.getMessage(), new Object[]{exception});
                }
                z = false;
            }
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error validating provider: " + str + ", Exception: " + th.getMessage(), new Object[]{th});
            }
            z = false;
        }
        return z;
    }

    public static String getDefaultSSLSocketFactory() {
        if (defaultSSLSocketFactory == null) {
            defaultSSLSocketFactory = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty(SecurityHelper.FIPSProvider);
                }
            });
        }
        return defaultSSLSocketFactory;
    }

    public static String getDefaultSSLServerSocketFactory() {
        if (defaultSSLServerSocketFactory == null) {
            defaultSSLServerSocketFactory = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.4
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.ServerSocketFactory.provider");
                }
            });
        }
        return defaultSSLServerSocketFactory;
    }

    public static String getKeyManagerFactoryAlgorithm() {
        if (keyManagerFactoryAlgorithm == null) {
            keyManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.5
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.KeyManagerFactory.algorithm");
                }
            });
        }
        return keyManagerFactoryAlgorithm;
    }

    public static String getTrustManagerFactoryAlgorithm() {
        if (trustManagerFactoryAlgorithm == null) {
            trustManagerFactoryAlgorithm = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.6
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("ssl.TrustManagerFactory.algorithm");
                }
            });
        }
        return trustManagerFactoryAlgorithm;
    }

    public static boolean isFipsEnabled() {
        return FIPSManager.getInstance().isFIPSEnabled();
    }

    public static String getFipsLevel() {
        return FIPSManager.getInstance().getFipsLevel();
    }

    public static String getSuiteBLevel() {
        return FIPSManager.getInstance().getSuiteBLevel();
    }

    public static boolean isFips140_2Enabled() {
        return FIPSUtils.isFips140_2Enabled(isFipsEnabled(), getFipsLevel(), getSuiteBLevel());
    }

    public static void initializeIBMCMSProvider() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeIBMCMSProvider");
        }
        if (PlatformHelperFactory.getPlatformHelper().isOS400()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeIBMCMSProvider (iSeries platform)");
            }
        } else if (Security.getProvider(Constants.IBMCMS_NAME) != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeIBMCMSProvider (already present)");
            }
        } else {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.7
                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        Provider provider = (Provider) Class.forName(Constants.IBMCMS).newInstance();
                        if (provider != null) {
                            Security.addProvider(provider);
                        }
                        return null;
                    } catch (Exception e) {
                        if (!JSSEProviderFactory.tc.isDebugEnabled()) {
                            return null;
                        }
                        Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: com.ibm.security.cmskeystore.CMSProvider");
                        return null;
                    }
                }
            });
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeIBMCMSProvider (provider initialized)");
            }
        }
    }

    public static void initializeFips() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeFips");
        }
        if (!fipsInitialized) {
            int i = 0;
            int i2 = 0;
            Provider provider = null;
            try {
                Provider[] providers = Security.getProviders();
                for (int i3 = 0; i3 < providers.length; i3++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Provider[" + i3 + "]: " + providers[i3].getName());
                    }
                    if (providers[i3].getName().equals("IBMJCE")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "IBMJCE provider at position " + i3);
                        }
                        i = i3;
                        Provider provider2 = providers[i3];
                    } else if (providers[i3].getName().equals(Constants.IBMJCEFIPS_NAME)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "IBMJCEFIPS provider at position " + i3);
                        }
                        i2 = i3;
                        provider = providers[i3];
                    }
                }
                if (provider == null) {
                    Security.getProviders();
                    try {
                        Provider provider3 = (Provider) Class.forName("com.ibm.crypto.fips.provider.IBMJCEFIPS").newInstance();
                        int i4 = i > 1 ? i - 1 : 1;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Adding IBMJCEFIPS to position " + i4);
                        }
                        insertProviderAt(provider3, i4);
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception loading provider: com.ibm.crypto.fips.provider.IBMJCEFIPS");
                        }
                    }
                } else if (provider != null && i2 != 0) {
                    Security.getProviders();
                    int i5 = i > 1 ? i - 1 : 1;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding IBMJCEFIPS to position " + i5);
                    }
                    insertProviderAt(provider, i5);
                }
                positionSunProvider();
                Provider[] providers2 = Security.getProviders();
                if (tc.isDebugEnabled()) {
                    for (int i6 = 0; i6 < providers2.length; i6++) {
                        Tr.debug(tc, "Provider[" + i6 + "]: " + providers2[i6].getName() + ", info: " + providers2[i6].getInfo());
                    }
                }
                fipsInitialized = true;
            } catch (Exception e2) {
                Tr.warning(tc, "security.addprovider.error", new Object[]{e2});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught adding IBMJCEFIPS provider.", new Object[]{e2});
                }
                throw e2;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeFips");
        }
    }

    private static void positionSunProvider() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "positionSunProvider");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.JSSEProviderFactory.8
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    Provider provider = Security.getProvider(Constants.SUN_PROVIDER_NAME);
                    if (provider != null) {
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "Valid sunProvider found.");
                        }
                        Security.removeProvider(Constants.SUN_PROVIDER_NAME);
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "sunProvider removed from current position.");
                        }
                        Security.insertProviderAt(provider, 1);
                        if (JSSEProviderFactory.tc.isDebugEnabled()) {
                            Tr.debug(JSSEProviderFactory.tc, "sunProvider added back to the top position.");
                        }
                    } else if (JSSEProviderFactory.tc.isDebugEnabled()) {
                        Tr.debug(JSSEProviderFactory.tc, "No valid sunProvider found.");
                    }
                    return null;
                } catch (Exception e) {
                    if (!JSSEProviderFactory.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(JSSEProviderFactory.tc, "Exception loading provider: " + e);
                    return null;
                }
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "positionSunProvider");
        }
    }

    public static void insertProviderAt(Provider provider, int i) {
        Provider[] providers = Security.getProviders();
        Provider[] providerArr = null;
        if (providers != null && providers.length > 0) {
            providerArr = new Provider[providers.length + 2];
            providerArr[i] = provider;
        }
        int i2 = 1;
        for (Provider provider2 : providers) {
            if (provider2 != null && provider2.getName() != provider.getName()) {
                while (providerArr[i2] != null) {
                    i2++;
                }
                providerArr[i2] = provider2;
                i2++;
            }
        }
        removeAllProviders();
        Security.getProviders();
        for (int i3 = 0; i3 < providerArr.length; i3++) {
            Provider provider3 = providerArr[i3];
            if (provider3 != null) {
                int insertProviderAt = Security.insertProviderAt(provider3, i3 + 1);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, provider3.getName() + " provider added at position " + insertProviderAt);
                }
            }
        }
    }

    public static void removeAllProviders() {
        String name;
        Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            if (providers[i] != null && (name = providers[i].getName()) != null) {
                Security.removeProvider(name);
            }
        }
    }

    public static List fipsJCEProviders() {
        String[] strArr = {Constants.IBMJCEFIPS_NAME};
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fipsJCEProviders");
        }
        if (fipsJCEProvidersObjectList == null) {
            fipsJCEProvidersObjectList = new ArrayList(strArr.length);
            if (isFips140_2Enabled()) {
                for (String str : strArr) {
                    fipsJCEProvidersObjectList.add(str);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fipsJCEProviders: " + fipsJCEProvidersObjectList);
        }
        return fipsJCEProvidersObjectList;
    }

    private static String getProviderFromProviderList() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProviderFromProviderList");
        }
        Provider[] providers = Security.getProviders();
        int i = 0;
        while (true) {
            if (i >= providers.length) {
                break;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Provider name [" + i + "]: " + providers[i].getName());
            }
            if (providers[i].getName().equalsIgnoreCase(IBMJSSE2_PROVIDER)) {
                providerFromProviderList = IBMJSSE2_PROVIDER;
                break;
            }
            if (providers[i].getName().equalsIgnoreCase(IBMJSSE_PROVIDER)) {
                providerFromProviderList = IBMJSSE_PROVIDER;
                break;
            }
            if (providers[i].getName().equalsIgnoreCase(SUNJSSE_PROVIDER)) {
                providerFromProviderList = SUNJSSE_PROVIDER;
                break;
            }
            i++;
        }
        if (providerFromProviderList == null) {
            providerFromProviderList = IBMJSSE2_PROVIDER;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProviderFromProviderList -> " + providerFromProviderList);
        }
        return providerFromProviderList;
    }
}
