package com.ibm.ws.ssl.commands.SSLConfig;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.protocol.SSLSocketFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.commands.ManagementScope.ManagementScopeHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.SSLCommandsHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.core.Constants;
import java.util.HashMap;
import java.util.Properties;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/ssl/commands/SSLConfig/ListSSLCiphers.class */
public class ListSSLCiphers extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) ListSSLCiphers.class, "SSL", "com.ibm.ws.ssl.commands");
    private String sslConfigAliasName;
    private String scopeName;
    private String securityLevel;
    private String sslCfgType;
    private ObjectName sslConfigObjName;
    private ConfigService cs;
    private ObjectName security;
    private Session session;

    public ListSSLCiphers(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.sslConfigAliasName = null;
        this.scopeName = null;
        this.securityLevel = null;
        this.sslCfgType = Constants.SSLTYPE_JSSE;
        this.sslConfigObjName = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    public ListSSLCiphers(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.sslConfigAliasName = null;
        this.scopeName = null;
        this.securityLevel = null;
        this.sslCfgType = Constants.SSLTYPE_JSSE;
        this.sslConfigObjName = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        boolean z = false;
        try {
            this.cs = SSLCommandsHelper.getConfigService(getName());
            this.session = getConfigSession();
            this.security = SSLCommandsHelper.getSecurityObjectName(this.session, this.cs);
            this.sslConfigAliasName = (String) getParameter(CommandConstants.SSL_CONFIG_ALIAS_NAME);
            this.scopeName = (String) getParameter(CommandConstants.SCOPE_NAME);
            this.securityLevel = (String) getParameter(CommandConstants.SECURITY_LEVEL);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "sslConfigAliasName: " + this.sslConfigAliasName);
                Tr.debug(tc, "scopeName: " + this.scopeName);
                Tr.debug(tc, "securityLevel: " + this.securityLevel);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.sslConfigAliasName != null) {
                if (this.scopeName == null || this.scopeName.equals("")) {
                    this.scopeName = commandHelper.defaultScope();
                    z = true;
                } else if (!ManagementScopeHelper.validScopeName(this.session, this.cs, this.scopeName)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Not a valid management scope name: " + this.scopeName);
                    }
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.scope.not.valid.CWPKI0604E", new Object[]{this.scopeName}, "The following Management scope is not valid: " + this.scopeName));
                }
                AttributeList attributeList = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList, "alias", this.sslConfigAliasName);
                try {
                    this.sslConfigObjName = commandHelper.getObjectName(this.cs, this.session, this.security, CommandConstants.REPERTOIRE, attributeList, this.scopeName);
                } catch (Exception e) {
                    if (!z) {
                        throw e;
                    }
                    this.sslConfigObjName = commandHelper.getObjectName(this.cs, this.session, this.security, CommandConstants.REPERTOIRE, attributeList, (String) null);
                }
                if (this.sslConfigObjName != null) {
                    this.sslCfgType = (String) this.cs.getAttribute(this.session, this.sslConfigObjName, "type");
                }
            }
            if (this.securityLevel != null && !commandHelper.contains(CommandConstants.SSLSecurityLevel, this.securityLevel)) {
                throw new CommandValidationException("SSLSecurityLevel is not valid.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (ConfigServiceException e2) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e2.getMessage());
            }
            throw new CommandValidationException(e2.getMessage());
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.ssl.commands.getSSLConfig.validate", "133", this);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e3.getMessage());
            }
            throw new CommandValidationException(e3.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void beforeStepsExecuted() {
        SSLSocketFactory sSLSocketFactory;
        String property;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "beforeStepsExecuted");
        }
        super.beforeStepsExecuted();
        String[] strArr = null;
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "beforeStepsExecuted");
                return;
            }
            return;
        }
        try {
            if (this.sslCfgType.equals(Constants.SSLTYPE_JSSE)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting JSSE ciphers");
                }
                if (this.sslConfigAliasName == null) {
                    sSLSocketFactory = new SSLSocketFactory();
                } else {
                    HashMap hashMap = new HashMap();
                    hashMap.put("com.ibm.ssl.direction", "outbound");
                    Properties properties = JSSEHelper.getInstance().getProperties(this.sslConfigAliasName, hashMap, null);
                    String str = null;
                    String str2 = null;
                    if (properties != null && (property = properties.getProperty("com.ibm.ssl.keyStoreType")) != null && (Constants.KEYSTORE_TYPE_JCERACFKS.equals(property) || Constants.KEYSTORE_TYPE_JCECCARACFKS.equals(property))) {
                        str = properties.getProperty("com.ibm.ssl.keyStoreClientAlias");
                        str2 = properties.getProperty("com.ibm.ssl.keyStoreServerAlias");
                    }
                    if (str != null || str.length() > 0 || str2 != null || str2.length() > 0) {
                        if (str != null || str.length() > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "client certificate alias found, remove it. : " + str);
                            }
                            properties.remove("com.ibm.ssl.keyStoreClientAlias");
                        }
                        if (str2 != null || str2.length() > 0) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "server certificate alias found, remove it. : " + str2);
                            }
                            properties.remove("com.ibm.ssl.keyStoreServerAlias");
                        }
                        sSLSocketFactory = new SSLSocketFactory(properties);
                    } else {
                        sSLSocketFactory = new SSLSocketFactory(this.sslConfigAliasName);
                    }
                }
                strArr = sSLSocketFactory.getSupportedCipherSuites();
            } else if (this.sslCfgType.equals(Constants.SSLTYPE_SSSL)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting SSSL ciphers");
                }
                strArr = SSLConfigManager.getInstance().getSystemSSLCiphers();
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Try to get the Cipher list from the default SSL config");
            }
            strArr = new SSLSocketFactory().getSupportedCipherSuites();
        }
        try {
            String[] adjustSupportedCiphersToSecurityLevel = SSLConfigManager.getInstance().adjustSupportedCiphersToSecurityLevel(strArr, this.securityLevel);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ciphers: " + adjustSupportedCiphersToSecurityLevel);
            }
            taskCommandResultImpl.setResult(adjustSupportedCiphersToSecurityLevel);
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception is: " + e2.getMessage());
            }
            taskCommandResultImpl.setException(new CommandException(e2, e2.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "beforeStepsExecuted");
        }
    }
}
