package com.ibm.ws.ssl.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.ThreadManager;
import com.ibm.wsspi.ssl.KeyManagerExtendedInfo;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/ssl/core/WSX509KeyManager.class */
public final class WSX509KeyManager extends X509ExtendedKeyManager implements X509KeyManager {
    private static final TraceComponent tc = Tr.register((Class<?>) WSX509KeyManager.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private KeyManagerHelper helper;
    private SSLConfig config;
    private KeyStore ks;
    private KeyManager[] kmList;
    private X509KeyManager km;
    private X509KeyManager customKM;
    private CertMappingKeyManager certMappingKeyManager;
    private String clientAlias = null;
    private String serverAlias = null;
    private int clientslotnum = 0;
    private int serverslotnum = 0;

    public void setClientAlias(String str, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setClientAlias", new Object[]{str, new Integer(i)});
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty("com.ibm.ssl.keyStore");
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.client.alias.not.found.CWPKI0023E", new Object[]{str, property != null ? property : this.config.getProperty("com.ibm.ssl.tokenLibraryFile")}, "Client alias " + str + " not found in keystore.");
            Tr.error(tc, formattedMessage);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.clientAlias = str;
        this.clientslotnum = i;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreClientAlias(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setClientAlias");
        }
    }

    public void setServerAlias(String str, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setServerAlias", new Object[]{str, new Integer(i)});
        }
        if (!this.ks.containsAlias(str)) {
            String property = this.config.getProperty("com.ibm.ssl.keyStore");
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.server.alias.not.found.CWPKI0024E", new Object[]{str, property != null ? property : this.config.getProperty("com.ibm.ssl.tokenLibraryFile")}, "Server alias " + str + " not found in keystore.");
            Tr.error(tc, formattedMessage);
            throw new IllegalArgumentException(formattedMessage);
        }
        this.serverAlias = str;
        this.serverslotnum = i;
        if (this.customKM != null && (this.customKM instanceof KeyManagerExtendedInfo)) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStoreServerAlias(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setServerAlias");
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", new Object[]{strArr, principalArr, socket});
        }
        try {
            if (this.customKM != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseClientAlias -> " + this.customKM.getClass().getName());
                }
                return this.customKM.chooseClientAlias(strArr, principalArr, socket);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias");
            }
            return chooseClientAlias(strArr[0], principalArr);
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception in chooseClientAlias.", new Object[]{th});
            }
            Manager.Ffdc.log(th, this, "com.ibm.ws.ssl.core.WSX509KeyManager.chooseClientAlias", "127", this);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", new Object[]{str, principalArr, socket});
        }
        try {
            if (this.customKM != null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "chooseServerAlias -> " + this.customKM.getClass().getName());
                }
                return this.customKM.chooseServerAlias(str, principalArr, socket);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias");
            }
            return chooseServerAlias(str, principalArr);
        } catch (Throwable th) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception in chooseServerAlias.", new Object[]{th});
            }
            Manager.Ffdc.log(th, this, "com.ibm.ws.ssl.core.WSX509KeyManager.chooseServerAlias", "161", this);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    public String chooseClientAlias(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseClientAlias", new Object[]{str, principalArr});
        }
        Map outboundConnectionInfoInternal = ThreadManager.getInstance().getOutboundConnectionInfoInternal();
        if (outboundConnectionInfoInternal != null && outboundConnectionInfoInternal.get("com.ibm.ssl.endPointName") != null && outboundConnectionInfoInternal.get("com.ibm.ssl.endPointName").equals("IIOP") && !SSLConfigManager.getInstance().isClientAuthenticationEnabled()) {
            return null;
        }
        if (this.clientAlias == null || this.clientAlias.equals("")) {
            String normalizeAliasName = this.helper.normalizeAliasName(this.km.chooseClientAlias(new String[]{str}, principalArr, null), this.ks);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias (from JSSE)", new Object[]{normalizeAliasName});
            }
            return normalizeAliasName;
        }
        String alias = this.helper.getAlias(this.clientAlias, this.km.getClientAliases(str, principalArr));
        if (alias == null || alias.equals("")) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseClientAlias (default)", new Object[]{this.clientAlias});
            }
            return this.clientAlias;
        }
        String normalizeAliasName2 = this.helper.normalizeAliasName(alias, this.ks);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseClientAlias  (alias name match)", new Object[]{normalizeAliasName2});
        }
        return normalizeAliasName2;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        String chooseServerAlias;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseEngineServerAlias", new Object[]{str, principalArr, sSLEngine});
        }
        if (null == this.customKM || !(this.customKM instanceof X509ExtendedKeyManager)) {
            chooseServerAlias = chooseServerAlias(str, principalArr);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "chooseEngineServerAlias, using customKM -> " + this.customKM.getClass().getName());
            }
            chooseServerAlias = ((X509ExtendedKeyManager) this.customKM).chooseEngineServerAlias(str, principalArr, sSLEngine);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseEngineServerAlias");
        }
        return chooseServerAlias;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        String chooseClientAlias;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseEngineClientAlias", new Object[]{strArr, principalArr, sSLEngine});
        }
        if (null == this.customKM || !(this.customKM instanceof X509ExtendedKeyManager)) {
            chooseClientAlias = chooseClientAlias(strArr[0], principalArr);
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "chooseEngineClientAlias, using customKM -> " + this.customKM.getClass().getName());
            }
            chooseClientAlias = ((X509ExtendedKeyManager) this.customKM).chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseEngineClientAlias");
        }
        return chooseClientAlias;
    }

    public String chooseServerAlias(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chooseServerAlias", new Object[]{str, principalArr});
        }
        Map inboundConnectionInfo = JSSEHelper.getInstance().getInboundConnectionInfo();
        String property = this.certMappingKeyManager.getProperty(CertMappingKeyManager.PROTOCOL_HTTPS_CERT_MAPPING_FILE);
        String str2 = null;
        Boolean bool = null;
        if (inboundConnectionInfo != null) {
            bool = (Boolean) inboundConnectionInfo.get(JSSEHelper.CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND);
        }
        if (bool != null && bool.booleanValue() && property != null) {
            str2 = this.certMappingKeyManager.chooseServerAlias(str, principalArr, null);
        }
        if (str2 != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias", new Object[]{str2});
            }
            return str2;
        }
        if (this.serverAlias == null || this.serverAlias.equals("")) {
            String normalizeAliasName = this.helper.normalizeAliasName(this.km.chooseServerAlias(str, principalArr, null), this.ks);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias (from JSSE)", new Object[]{normalizeAliasName});
            }
            return normalizeAliasName;
        }
        String alias = this.helper.getAlias(this.serverAlias, this.km.getServerAliases(str, principalArr));
        if (alias == null || alias.equals("")) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "chooseServerAlias (default)", new Object[]{this.serverAlias});
            }
            return this.serverAlias;
        }
        String normalizeAliasName2 = this.helper.normalizeAliasName(alias, this.ks);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chooseServerAlias (alias name match)", new Object[]{normalizeAliasName2});
        }
        return normalizeAliasName2;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getClientAliases", new Object[]{str, principalArr});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getClientAliases -> " + this.customKM.getClass().getName());
            }
            return this.customKM.getClientAliases(str, principalArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getClientAliases -> " + this.km.getClass().getName());
        }
        return this.km.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerAliases", new Object[]{str, principalArr});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getServerAliases -> " + this.customKM.getClass().getName());
            }
            return this.customKM.getServerAliases(str, principalArr);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerAliases -> " + this.km.getClass().getName());
        }
        return this.km.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateKey", new Object[]{str});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getPrivateKey -> " + this.customKM.getClass().getName());
            }
            return this.customKM.getPrivateKey(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateKey -> " + this.km.getClass().getName());
        }
        return this.km.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateChain", new Object[]{str});
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCertificateChain -> " + this.customKM.getClass().getName());
            }
            return this.customKM.getCertificateChain(str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificateChain -> " + this.km.getClass().getName());
        }
        return this.km.getCertificateChain(str);
    }

    public X509KeyManager getX509KeyManager() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getX509KeyManager");
        }
        if (this.customKM != null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getX509KeyManager -> " + this.customKM.getClass().getName());
            }
            return this.customKM;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getX509KeyManager -> " + this.km.getClass().getName());
        }
        return this.km;
    }

    public WSX509KeyManager(KeyStore keyStore, char[] cArr, KeyManagerFactory keyManagerFactory, SSLConfig sSLConfig, X509KeyManager x509KeyManager) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        this.helper = null;
        this.config = null;
        this.ks = null;
        this.kmList = null;
        this.km = null;
        this.customKM = null;
        this.certMappingKeyManager = null;
        this.helper = new KeyManagerHelper();
        this.ks = keyStore;
        this.kmList = keyManagerFactory.getKeyManagers();
        this.certMappingKeyManager = new CertMappingKeyManager();
        if (this.kmList != null) {
            this.km = (X509KeyManager) this.kmList[0];
        }
        this.config = sSLConfig;
        this.customKM = x509KeyManager;
        if (this.customKM == null || !(this.customKM instanceof KeyManagerExtendedInfo)) {
            return;
        }
        if (sSLConfig != null) {
            ((KeyManagerExtendedInfo) this.customKM).setSSLConfig(sSLConfig);
        }
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        X509KeyManager x509KeyManager2 = null;
        if (keyManagers != null && keyManagers[0] != null) {
            x509KeyManager2 = (X509KeyManager) keyManagers[0];
        }
        if (x509KeyManager2 != null) {
            ((KeyManagerExtendedInfo) this.customKM).setDefaultX509KeyManager(x509KeyManager2);
        }
        if (keyStore != null) {
            ((KeyManagerExtendedInfo) this.customKM).setKeyStore(keyStore);
        }
    }
}
