package weblogic.security.service;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.Collection;
import javax.security.cert.X509Certificate;
import weblogic.management.Admin;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SSLMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.internal.BootStrap;
import weblogic.management.security.ProviderMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityService;
import weblogic.security.utils.KeyStoreConfigurationHelper;
import weblogic.security.utils.KeyStoreInfo;
import weblogic.security.utils.KeyStoreUtils;
import weblogic.security.utils.MBeanKeyStoreConfiguration;
import weblogic.security.utils.SSLCertUtility;
import weblogic.security.utils.SSLContextWrapper;
import weblogic.security.utils.SSLSetup;
import weblogic.server.Server;

/* loaded from: input_file:weblogic.jar:weblogic/security/service/SSLManager.class */
public class SSLManager implements SecurityService {
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static char[] keyFilePwd = null;
    private String realmName;
    private String serverName;

    public SSLManager() {
        this.realmName = null;
        this.serverName = null;
    }

    public SSLManager(String str) {
        this.realmName = null;
        this.serverName = null;
        this.serverName = Server.getConfig().getName();
        this.realmName = str;
        SSLSetup.debug(3, new StringBuffer().append("SSLManager(server=").append(this.serverName).append(", realm=").append(str).append(")").toString());
    }

    @Override // weblogic.security.service.SecurityService
    public void initialize(String str, ProviderMBean[] providerMBeanArr) {
    }

    public synchronized void initialize() throws InvalidParameterException {
    }

    @Override // weblogic.security.service.SecurityService
    public void start() {
    }

    @Override // weblogic.security.service.SecurityService
    public void suspend() {
    }

    @Override // weblogic.security.service.SecurityService
    public void shutdown() {
    }

    public X509Certificate[] getTrustedCAs(SSLContextWrapper sSLContextWrapper) {
        if (usePerServerKeyStores(Server.getConfig().getSSL())) {
            return getTrustedCAs(new KeyStoreConfigurationHelper(MBeanKeyStoreConfiguration.getInstance()).getTrustKeyStores());
        }
        String property = System.getProperty("weblogic.security.SSL.trustedCAKeyStore");
        if (property != null) {
            SSLSetup.debug(3, new StringBuffer().append("SSLManager, getting trusted CAs from cmd line keystore: ").append(property).toString());
            File findFile = findFile(property);
            Collection trustedCAs = getTrustedCAs(findFile == null ? property : findFile.getAbsolutePath(), "jks", null);
            r7 = trustedCAs != null ? (X509Certificate[]) trustedCAs.toArray(new X509Certificate[trustedCAs.size()]) : null;
            SecurityLogger.logTrustedCAsLoadedFromCmdLnKeyStore(r7 == null ? "0" : String.valueOf(r7.length), property);
            return r7;
        }
        KeyManager keyManager = (KeyManager) getService(SecurityService.ServiceType.KEYMANAGER);
        if (keyManager != null) {
            KeyStore[] rootCAKeyStore = keyManager.getRootCAKeyStore();
            boolean z = false;
            if (rootCAKeyStore != null) {
                for (int i = 0; i < rootCAKeyStore.length && !z; i++) {
                    if (rootCAKeyStore[i] != null) {
                        z = true;
                    }
                }
            }
            if (z) {
                SSLSetup.debug(3, "SSLManager, getting trusted CAs from RootCAKeyStore");
                ArrayList arrayList = new ArrayList();
                for (int i2 = 0; i2 < rootCAKeyStore.length; i2++) {
                    if (rootCAKeyStore[i2] != null) {
                        try {
                            arrayList.addAll(SSLCertUtility.getXCertificates(rootCAKeyStore[i2]));
                        } catch (KeyStoreException e) {
                            SSLSetup.debug(2, e, new StringBuffer().append("Unable to load trusted CAs KeyStore file (").append(i2).append(")").toString());
                        }
                    }
                }
                X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                SecurityLogger.logTrustedCAsLoadedFromKeyStore(String.valueOf(x509CertificateArr.length));
                return x509CertificateArr;
            }
        } else {
            SecurityLogger.logCannotFindKeyManager(this.serverName, this.realmName);
        }
        String trustedCAFileName = Server.getConfig().getSSL().getTrustedCAFileName();
        if (trustedCAFileName != null) {
            SSLSetup.debug(3, new StringBuffer().append("SSLManager, getting trusted CAs from TrustedCAFile: ").append(trustedCAFileName).toString());
            File findFile2 = findFile(trustedCAFileName);
            if (findFile2 != null) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(findFile2);
                    r7 = SSLCertUtility.inputCertificateChain(sSLContextWrapper, fileInputStream);
                    fileInputStream.close();
                } catch (FileNotFoundException e2) {
                    SecurityLogger.logTrustedCAFileNotFound(trustedCAFileName, this.serverName);
                    SSLSetup.debug(3, new StringBuffer().append("Cannot find the specified trusted CA file ").append(trustedCAFileName).toString());
                } catch (IOException e3) {
                    SecurityLogger.logCannotAccessTrustedCAFile(trustedCAFileName, this.serverName);
                    SSLSetup.debug(3, e3, new StringBuffer().append("The Server was not able to read trusted CA file ").append(trustedCAFileName).toString());
                } catch (KeyManagementException e4) {
                    SecurityLogger.logInvalidTrustedCAFileFormat(trustedCAFileName, this.serverName);
                    SSLSetup.debug(3, e4, new StringBuffer().append("The Server was not able to read certificate from trusted CA file ").append(trustedCAFileName).toString());
                }
                SecurityLogger.logTrustedCAsLoadedFromTrustedCAFile(r7 == null ? "0" : String.valueOf(r7.length));
                return r7;
            }
            SecurityLogger.logTrustedCAFileNotFound(trustedCAFileName, this.serverName);
            SSLSetup.debug(3, new StringBuffer().append("Cannot find the specified trusted CA file ").append(trustedCAFileName).toString());
        }
        String stringBuffer = new StringBuffer().append(BootStrap.getWebLogicHome()).append(File.separator).append("lib").append(File.separator).append("cacerts").toString();
        SSLSetup.debug(3, new StringBuffer().append("SSLManager, getting trusted CAs from default key store: ").append(stringBuffer).toString());
        Collection trustedCAs2 = getTrustedCAs(stringBuffer, "jks", null);
        r7 = trustedCAs2 != null ? (X509Certificate[]) trustedCAs2.toArray(new X509Certificate[trustedCAs2.size()]) : null;
        SecurityLogger.logTrustedCAsLoadedFromDefaultKeyStore(r7 == null ? "0" : String.valueOf(r7.length), stringBuffer);
        return r7;
    }

    public static X509Certificate[] getTrustedCAs(KeyStoreInfo[] keyStoreInfoArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; keyStoreInfoArr != null && i < keyStoreInfoArr.length; i++) {
            Collection trustedCAs = getTrustedCAs(keyStoreInfoArr[i].getFileName(), keyStoreInfoArr[i].getType(), keyStoreInfoArr[i].getPassPhrase());
            if (trustedCAs != null) {
                arrayList.addAll(trustedCAs);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private static Collection getTrustedCAs(String str, String str2, char[] cArr) {
        File file = str == null ? null : new File(str);
        if (file == null) {
            SecurityLogger.logTrustedCAKeyStoreNotFound(str, Server.getConfig().getName());
            return null;
        }
        SecurityLogger.logLoadTrustedCAsFromKeyStore(file.getAbsolutePath(), str2);
        KeyStore load = KeyStoreUtils.load(file, cArr, str2);
        if (load == null) {
            SecurityLogger.logTrustedCAFromKeyStoreLoadFailed(file.getAbsolutePath(), str2);
            return null;
        }
        try {
            Collection xCertificates = SSLCertUtility.getXCertificates(load);
            SSLSetup.debug(3, new StringBuffer().append("SSLManager: loaded ").append(xCertificates.size()).append(" trusted CAs from ").append(file.getAbsolutePath()).toString());
            return xCertificates;
        } catch (KeyStoreException e) {
            SecurityLogger.logKeyStoreException(str, Server.getConfig().getName());
            return null;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:39:0x012d
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public javax.security.cert.X509Certificate[] getServerCertificate(weblogic.security.utils.SSLContextWrapper r6) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 334
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.service.SSLManager.getServerCertificate(weblogic.security.utils.SSLContextWrapper):javax.security.cert.X509Certificate[]");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:99:0x0338
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public java.security.PrivateKey getServerPrivateKey(weblogic.security.utils.SSLContextWrapper r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 852
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.service.SSLManager.getServerPrivateKey(weblogic.security.utils.SSLContextWrapper):java.security.PrivateKey");
    }

    private File findFile(String str) {
        File file = null;
        if (str != null) {
            file = new File(str);
            if (!file.exists()) {
                file = new File(Admin.getInstance().getLocalServer().getRootDirectory(), str);
                if (!file.exists()) {
                    file = null;
                }
            }
        }
        return file;
    }

    private void checkSSLConfig() throws InvalidParameterException {
        SSLMBean sSLMBean = null;
        boolean z = false;
        try {
            ServerMBean localServer = Admin.getInstance().getLocalServer();
            sSLMBean = localServer.getSSL();
            z = ((DomainMBean) localServer.getParent()).getSecurity().isRealmSetup();
        } catch (Throwable th) {
        }
        if (sSLMBean == null || sSLMBean.isEnabled()) {
            return;
        }
        if (z) {
            SSLSetup.debug(3, "found a 7.0 configuration for Security");
        } else {
            SSLSetup.debug(3, "found a 6.x configuration for Security");
        }
    }

    private static SecurityService getService(SecurityService.ServiceType serviceType) {
        SSLSetup.debug(3, new StringBuffer().append("SSLManager.getService(").append(serviceType).append(")").toString());
        SecurityService securityService = null;
        try {
            securityService = SecurityServiceManager.getSecurityService(kernelID, SecurityServiceManager.defaultRealmName, serviceType);
        } catch (InvalidParameterException e) {
            SSLSetup.debug(1, true, "InvalidParameterException");
        } catch (NotYetInitializedException e2) {
            SSLSetup.debug(1, "SSLManager.getService(); service not yet initialized");
        }
        if (securityService == null) {
            SecurityLogger.logSSLCouldNotGetSecurityService();
        }
        return securityService;
    }

    private boolean usePerServerKeyStores(SSLMBean sSLMBean) {
        return SSLMBean.IDENTITY_AND_TRUST_LOCATIONS_KEYSTORES.equals(sSLMBean.getIdentityAndTrustLocations());
    }
}
