package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.core.Constants;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:com/ibm/ws/ssl/config/FIPSUtils.class */
public class FIPSUtils {
    static TraceComponent tc = Tr.register(FIPSUtils.class, "SSL", "com.ibm.ws.ssl.resources.sslCommandTask");
    private static final Class thisClass = FIPSUtils.class;

    public static boolean checkFipsEnabled() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkFipsEnabled");
        }
        boolean z = false;
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.ssl.config.FIPSUtils.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                String globalProperty = SSLConfigManager.getInstance().getGlobalProperty("com.ibm.security.useFIPS");
                if (globalProperty == null) {
                    globalProperty = SSLConfigManager.getInstance().getGlobalProperty(Constants.COM_IBM_JSSE2_USEFIPS);
                }
                if (globalProperty == null) {
                    globalProperty = Security.getProperty(Constants.USEFIPS_ENABLED);
                }
                if (globalProperty == null) {
                    globalProperty = Security.getProperty("com.ibm.websphere.security.fips.enabled");
                }
                return globalProperty;
            }
        });
        if (str != null && str.equalsIgnoreCase("true")) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, CommandConstants.FIPS_ENABLED, Boolean.valueOf(z));
        }
        return z;
    }

    public static String checkFipsLevel() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkFipsLevel");
        }
        String globalProperty = SSLConfigManager.getInstance().getGlobalProperty(Constants.COM_IBM_WEBSPHERE_SECURITY_FIPS_LEVEL);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkFipsLevel", globalProperty);
        }
        return globalProperty;
    }

    public static String checkSuiteBLevel() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkSuiteBLevel");
        }
        String globalProperty = SSLConfigManager.getInstance().getGlobalProperty(Constants.COM_IBM_WEBSPHERE_SECURITY_SUITEB);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkFipsLevel", globalProperty);
        }
        return globalProperty;
    }

    public static int getFipsSecurityMode() {
        return getFipsSecurityMode(checkFipsEnabled(), checkFipsLevel(), checkSuiteBLevel());
    }

    public static int getFipsSecurityMode(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getFipsSecurityMode fipsEnabled=" + z + " fipsLevel=" + str + " suiteBLevel=" + str2);
        }
        int i = 0;
        if (z) {
            i = 1;
            if (str == null || str.isEmpty()) {
                if (str2 != null && str2.equalsIgnoreCase(Constants.SUITEB_128)) {
                    i = 4;
                } else if (str2 != null && str2.equalsIgnoreCase(Constants.SUITEB_192)) {
                    i = 5;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid suiteBlevel=" + str2 + " is specified. Ignoring");
                }
            } else if (str.equalsIgnoreCase(Constants.FIPS140_2)) {
                i = 1;
            } else if (str.equalsIgnoreCase(Constants.TRANSITION)) {
                i = 2;
            } else if (str.equalsIgnoreCase(Constants.SP800_131)) {
                i = 3;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initFipsecurityMode", Constants.securityModeName[i]);
        }
        return i;
    }

    public static void setJavaPropsForFips(boolean z, String str, String str2) {
        setJavaPropsForPostFips800_131(z, str, str2);
    }

    public static void setJavaPropsForPreFips800_131(boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setJavaPropsForPreFips800_131");
        }
        if (z) {
            Security.setProperty(Constants.USEFIPS_ENABLED, "true");
            Security.setProperty("com.ibm.websphere.security.fips.enabled", "true");
        } else {
            Security.setProperty(Constants.USEFIPS_ENABLED, "false");
            Security.setProperty("com.ibm.websphere.security.fips.enabled", "false");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setJavaPropsForPreFips800-131");
        }
    }

    public static void setJavaPropsForPostFips800_131(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setJavaPropsForPostFips800-131");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "First, clear Java System Properties that are FIPS related");
        }
        setJavaSystemProperty(Constants.COM_IBM_JSSE2_USEFIPSPROVIDER, "false");
        setJavaSystemProperty(Constants.COM_IBM_JSSE_SP800_131, "");
        setJavaSystemProperty(Constants.COM_IBM_JSSE_SUITEB, "");
        int fipsSecurityMode = getFipsSecurityMode(z, str, str2);
        if (fipsSecurityMode != 0) {
            if (fipsSecurityMode == 1) {
                setJavaPropsForPreFips800_131(z);
                setJavaSystemProperty(Constants.COM_IBM_JSSE2_USEFIPSPROVIDER, "true");
            } else if (fipsSecurityMode == 2) {
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SP800_131, Constants.TRANSITION);
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SUITEB, "false");
            } else if (fipsSecurityMode == 3) {
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SP800_131, Constants.STRICT);
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SUITEB, "false");
            } else if (fipsSecurityMode == 4) {
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SUITEB, Constants.SUITEB_128);
            } else if (fipsSecurityMode == 5) {
                setJavaSystemProperty(Constants.COM_IBM_JSSE_SUITEB, Constants.SUITEB_192);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setJavaPropsForPostFips800-131");
        }
    }

    public static boolean isFips140_2Enabled(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isFips140_2Enabled");
        }
        boolean z2 = false;
        if (getFipsSecurityMode(z, str, str2) == 1) {
            z2 = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isFips140_2Enabled", Boolean.valueOf(z2));
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setSecurityProviders(boolean z, String str, String str2) {
        if (isFips140_2Enabled(z, str, str2)) {
            Security.setProperty("DEFAULT_JCE_PROVIDER", Constants.IBMJCEFIPS_NAME);
        } else {
            Security.setProperty("DEFAULT_JCE_PROVIDER", "IBMJCE");
        }
        Security.setProperty("com.ibm.websphere.security.fips.jsseProviders", "IBMJSSE2");
        Security.setProperty("com.ibm.websphere.security.fips.jceProviders", Constants.IBMJCEFIPS_NAME);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static List<String> getProtocolTypes(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProtocolTypes");
        }
        List arrayList = new ArrayList();
        int fipsSecurityMode = getFipsSecurityMode(z, str, str2);
        if (fipsSecurityMode <= 0) {
            arrayList = Constants.ALL_PROTOCOLS;
        } else if (fipsSecurityMode == 1) {
            arrayList = isFIPSJarCertifiedForTLSv1_2() ? Constants.FIPS_140_2_PROTOCOLS_AFTER_CERTIFICATION : Constants.FIPS_140_2_PROTOCOLS;
        } else if (fipsSecurityMode == 2) {
            arrayList = Constants.TLS_PROTOCOLS;
        } else if (2 < fipsSecurityMode && fipsSecurityMode <= 5) {
            arrayList = Constants.FIPS_STRICT_PROTOCOLS;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getProtocolTypes", arrayList);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static List<String> getSignatureAlgorithms(boolean z, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignatureAlgorithms");
        }
        List arrayList = new ArrayList();
        int fipsSecurityMode = getFipsSecurityMode(z, str, str2);
        if (fipsSecurityMode == 0 || fipsSecurityMode == 2) {
            arrayList = Constants.ALL_SIGNATURE_ALGORITHMS;
        } else if (fipsSecurityMode == 1) {
            arrayList = Constants.FIPS_140_2_SIGNATURE_ALGORITHMS;
        } else if (fipsSecurityMode == 3) {
            arrayList = Constants.FIPS_STRICT_ALGORITHMS;
        } else if (fipsSecurityMode == 4) {
            arrayList = Constants.FIPS_SUITEB_128_192_ALGORITHMS;
        } else if (fipsSecurityMode == 5) {
            arrayList = Constants.FIPS_SUITEB_192_ALGORITHMS;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignatureAlgorithms", arrayList);
        }
        return arrayList;
    }

    public static String getKeyTypeFromSignatureAlgorithm(String str) {
        return Constants.signatureAlgorithmToKeyType.get(str);
    }

    public static int getMinimumSupportedKeySize(String str, String str2, String str3) {
        int fipsSecurityMode = getFipsSecurityMode(true, str, str2);
        int i = -1;
        if (fipsSecurityMode >= 0 && fipsSecurityMode < 2) {
            if (str3.equals("RSA")) {
                i = 1024;
            } else if (str3.equals(Constants.DSA)) {
                i = 1024;
            } else if (str3.equals(Constants.EC)) {
                i = 256;
            }
        }
        if (fipsSecurityMode == 2) {
            if (str3.equals("RSA")) {
                i = 1024;
            } else if (str3.equals(Constants.DSA)) {
                i = 1024;
            } else if (str3.equals(Constants.EC)) {
                i = 256;
            }
        }
        if (fipsSecurityMode > 2) {
            if (str3.equals("RSA")) {
                i = 2048;
            } else if (str3.equals(Constants.DSA)) {
                i = 2048;
            } else if (str3.equals(Constants.EC) && (fipsSecurityMode == 4 || fipsSecurityMode == 3)) {
                i = 256;
            } else if (str3.equals(Constants.EC) && fipsSecurityMode == 5) {
                i = 384;
            }
        }
        return i;
    }

    static void setJavaSystemProperty(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting Java System property:" + str + " to " + str2);
        }
        System.setProperty(str, str2);
    }

    private static boolean isFIPSJarCertifiedForTLSv1_2() {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isFIPSJarCertifiedForTLSv1_2");
        }
        boolean z = false;
        try {
            if (((String) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.ssl.config.FIPSUtils.2
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    try {
                        String implementationVersion = Class.forName("com.ibm.crypto.fips.provider.IBMJCEFIPS").getPackage().getImplementationVersion();
                        if (FIPSUtils.tc.isDebugEnabled()) {
                            Tr.debug(FIPSUtils.tc, "versionInfo=" + implementationVersion);
                        }
                        String substring = implementationVersion.substring(implementationVersion.indexOf("_") + 1);
                        if (FIPSUtils.tc.isDebugEnabled()) {
                            Tr.debug(FIPSUtils.tc, "versionDate=" + substring);
                        }
                        return substring;
                    } catch (Exception e) {
                        return null;
                    }
                }
            })).compareTo(Constants.FIPS_JAR_CERTIFICATION_DATE_FOR_TLSV1_2) >= 0) {
                z = true;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "IBMJCEFIPS is at certified level");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IBMJCEFIPS is not supported");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "isFIPSJarCertifiedForTLSv1_2", Boolean.valueOf(z));
            }
            return z;
        } catch (PrivilegedActionException e) {
            Manager.Ffdc.log(e, thisClass, "com.ibm.ws.ssl.config.AdminContextHelper.pushAdminContext", "462");
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "isFIPSJarCertifiedForTLSv1_2 exception: ", new Object[]{e.getException()});
            return false;
        }
    }
}
