package com.ibm.ws.security.csiv2.config.ssl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLConfigurationNotAvailableException;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.transport.iiop.security.config.tss.OptionsKey;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.List;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import org.eclipse.persistence.jpa.jpql.parser.Expression;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/security/csiv2/config/ssl/SSLConfig.class */
public class SSLConfig {
    private final JSSEHelper jsseHelper;
    private static final int SSL_INDEX = 1;
    private static final int TLS_INDEX = 2;
    private static final int KEY_NEGOTIATION_PROTOCOL_INDEX = 3;
    private static final int KEY_NEGOTIATION_PROTOCOL_ANON_INDEX = 4;
    private static final int KEY_NEGOTIATION_PROTOCOL_OTHER_INDEX = 5;
    private static final int KEY_NEGOTIATION_PROTOCOL_EXPORT_INDEX = 6;
    private static final int ENCRYPTION_ALGORITHM_INDEX = 7;
    private static final int ENCRYPTION_ALGORITHM_KEY_LENGTH_INDEX = 8;
    private static final int ENCRYPTION_ALGORITHM_OTHER_INDEX = 9;
    private static final int SHA_ALGORITHM_INDEX = 10;
    private static final int SHA_KEY_LENGTH_INDEX = 11;
    private static final int MD5_ALGORITHM_INDEX = 12;
    private static final int MINIMUM_STRONG_KEY_LENGTH = 128;
    static final long serialVersionUID = 5989230381140236994L;
    private static final TraceComponent tc = Tr.register(SSLConfig.class);
    private static final OptionsKey NO_PROTECTION = new OptionsKey(1, 1);
    static final Pattern p = Pattern.compile("(?:(SSL)|(TLS))_([A-Z0-9]*)(_anon)?(_[a-zA-Z0-9]*)??(_EXPORT)?_WITH_([A-Z0-9]*)(?:_(\\d*))?([_a-zA-Z0-9]*)?_(?:(?:(SHA)(\\d*))|(MD5))");

    @InjectedFFDC
    @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
    /* loaded from: input_file:wlp/lib/com.ibm.ws.security.csiv2.common_1.0.14.jar:com/ibm/ws/security/csiv2/config/ssl/SSLConfig$Options.class */
    public enum Options {
        integrity,
        confidentiality,
        establishTrustInTarget,
        strong,
        noexport,
        tls;

        static final long serialVersionUID = -9172372947566076322L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(Options.class);
    }

    public SSLConfig(JSSEHelper jSSEHelper) {
        this.jsseHelper = jSSEHelper;
    }

    public SSLServerSocketFactory createSSLServerFactory(String str) throws SSLConfigurationNotAvailableException, SSLException {
        return this.jsseHelper.getSSLContext(str, null, null, false).getServerSocketFactory();
    }

    public SSLSocketFactory createSSLFactory(String str) throws SSLConfigurationNotAvailableException, SSLException {
        return this.jsseHelper.getSSLContext(str, null, null, false).getSocketFactory();
    }

    public String[] getCipherSuites(String str, String[] strArr) throws SSLException {
        return getCipherSuites(str, strArr, this.jsseHelper.getProperties(str));
    }

    String[] getCipherSuites(String str, String[] strArr, Properties properties) throws SSLException {
        String property = properties.getProperty("com.ibm.ssl.enabledCipherSuites");
        return property != null ? filter(strArr, property.split("[,\\s]+"), getAssociationOptions(str, properties)) : Constants.adjustSupportedCiphersToSecurityLevel(strArr, properties.getProperty(Constants.SSLPROP_SECURITY_LEVEL));
    }

    private String[] filter(String[] strArr, String[] strArr2, OptionsKey optionsKey) {
        List asList = Arrays.asList(strArr);
        EnumSet<Options> options = toOptions(optionsKey.supports, true);
        EnumSet<Options> options2 = toOptions(optionsKey.requires, false);
        ArrayList arrayList = new ArrayList(strArr2.length);
        for (String str : strArr2) {
            if (!matches(options, options2, str)) {
                Tr.warning(tc, "CSIv2_COMMON_CIPHER_SUITE_MISMATCH", str, getOptions(str), options, options2);
            }
            if (asList.contains(str)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @FFDCIgnore({PrivilegedActionException.class})
    public OptionsKey getAssociationOptions(final String str) throws SSLException {
        if (str == null) {
            return NO_PROTECTION;
        }
        try {
            return getAssociationOptions(str, (Properties) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.csiv2.config.ssl.SSLConfig.1
                static final long serialVersionUID = 2167381914607886493L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return SSLConfig.this.jsseHelper.getProperties(str);
                }
            }));
        } catch (PrivilegedActionException e) {
            throw ((SSLException) e.getCause());
        }
    }

    OptionsKey getAssociationOptions(String str, Properties properties) throws SSLException {
        if (properties == null) {
            throw new SSLException("unknown ssl name: " + str);
        }
        boolean equalsIgnoreCase = "true".equalsIgnoreCase(properties.getProperty("com.ibm.ssl.clientAuthentication"));
        int i = equalsIgnoreCase ? 64 : 0;
        int i2 = ("true".equalsIgnoreCase(properties.getProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED)) || equalsIgnoreCase) ? 64 : 0;
        return Constants.SECURITY_LEVEL_LOW.equals(properties.getProperty(Constants.SSLPROP_SECURITY_LEVEL)) ? new OptionsKey((short) (34 | i2), (short) (2 | i)) : new OptionsKey((short) (38 | i2), (short) (6 | i));
    }

    private EnumSet<Options> toOptions(short s, boolean z) {
        EnumSet<Options> of = z ? EnumSet.of(Options.noexport, Options.tls) : EnumSet.noneOf(Options.class);
        if ((s & 2) == 2) {
            of.add(Options.integrity);
        }
        if ((s & 4) == 4) {
            of.add(Options.confidentiality);
        }
        if ((s & 32) == 32) {
            of.add(Options.establishTrustInTarget);
        }
        return of;
    }

    public static EnumSet<Options> getOptions(String str) {
        EnumSet<Options> noneOf = EnumSet.noneOf(Options.class);
        Matcher matcher = p.matcher(str);
        if (matcher.matches()) {
            noneOf.add(Options.integrity);
            if (matcher.group(2) != null) {
                noneOf.add(Options.tls);
            }
            if (matcher.group(4) == null) {
                noneOf.add(Options.establishTrustInTarget);
            }
            if (matcher.group(6) == null) {
                noneOf.add(Options.noexport);
            }
            if (!matcher.group(7).equals(Expression.NULL)) {
                noneOf.add(Options.confidentiality);
                if (matcher.group(8) != null && matcher.group(8).length() > 0 && Integer.parseInt(matcher.group(8)) >= 128 && matcher.group(11) != null && matcher.group(11).length() > 0 && Integer.parseInt(matcher.group(11)) >= 128) {
                    noneOf.add(Options.strong);
                }
            }
        }
        return noneOf;
    }

    public static String[] getCompatibleCipherSuites(String[] strArr, EnumSet<Options> enumSet, EnumSet<Options> enumSet2) {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            if (matches(enumSet, enumSet2, str)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static boolean matches(EnumSet<Options> enumSet, EnumSet<Options> enumSet2, String str) {
        EnumSet<Options> options = getOptions(str);
        return options.containsAll(enumSet2) && enumSet.containsAll(options);
    }
}
