package weblogic.nodemanager.server;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.security.utils.keystore.CSSKeyStoreFactory;
import com.bea.security.utils.keystore.KssAccessor;
import java.io.IOException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import weblogic.nodemanager.NodeManagerTextTextFormatter;
import weblogic.nodemanager.common.Config;
import weblogic.nodemanager.common.ConfigException;
import weblogic.security.internal.encryption.ClearOrEncryptedService;
import weblogic.security.utils.BaseKeyStoreConfigurationHelper;
import weblogic.security.utils.KeyStoreConfiguration;
import weblogic.security.utils.KeyStoreInfo;
import weblogic.security.utils.WLSKeyStoreConstants;

/* loaded from: input_file:weblogic/nodemanager/server/SSLConfig.class */
public class SSLConfig extends Config {
    private String keyStores;
    private String customIdentityKeyStoreFileName;
    private String customIdentityKeyStoreType;
    private String customIdentityKeyStorePassPhrase;
    private String customIdentityAlias;
    private String customIdentityPrivateKeyPassPhrase;
    private String[] cipherSuites;
    private String keyFile;
    private String keyPassword;
    private String certificateFile;
    private PrivateKey privateKey;
    private Certificate[] certChain;
    private ClearOrEncryptedService ces;
    private KeyStore keyStore;
    private char[] privateKeyPassPhrase;
    private boolean useKssForDemo;
    public static final String KEY_STORES_PROP = "KeyStores";
    public static final String CUSTOM_IDENTITY_KEY_STORE_FILE_NAME_PROP = "CustomIdentityKeyStoreFileName";
    public static final String CUSTOM_IDENTITY_KEY_STORE_TYPE_PROP = "CustomIdentityKeyStoreType";
    public static final String CUSTOM_IDENTITY_KEY_STORE_PASS_PHRASE_PROP = "CustomIdentityKeyStorePassPhrase";
    public static final String CUSTOM_IDENTITY_ALIAS_PROP = "CustomIdentityAlias";
    public static final String CUSTOM_IDENTITY_PRIVATE_KEY_PASS_PHRASE_PROP = "CustomIdentityPrivateKeyPassPhrase";
    public static final String CUSTOM_TRUST_KEY_STORE_PASS_PHRASE_PROP = "CustomTrustKeyStorePassPhrase";
    public static final String JAVA_STANDARD_TRUST_KEY_STORE_PASS_PHRASE_PROP = "JavaStandardTrustKeyStorePassPhrase";
    public static final String IS_USE_KSS_FOR_DEMO_PROP = "UseKSSForDemo";
    public static final String CIPHER_SUITE_PROP = "CipherSuite";
    public static final String CIPHER_SUITES_PROP = "CipherSuites";
    public static final String CIPHER_SUITES_SEPARATOR = ",";
    public static final String KEY_FILE_PROP = "keyFile";
    public static final String KEY_PASSWORD_PROP = "keyPassword";
    public static final String CERTIFICATE_FILE_PROP = "certificateFile";
    public static final String DEMO_IDENTITY = "DemoIdentity";
    public static final String CUSTOM_IDENTITY = "CustomIdentity";
    private static final NodeManagerTextTextFormatter nmText = NodeManagerTextTextFormatter.getInstance();
    private static final Logger nmLog = Logger.getLogger("weblogic.nodemanager");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/nodemanager/server/SSLConfig$KeyStoreConfig.class */
    public class KeyStoreConfig implements KeyStoreConfiguration {
        private KeyStoreConfig() {
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getKeyStores() {
            return SSLConfig.this.keyStores;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomIdentityKeyStoreFileName() {
            return SSLConfig.this.customIdentityKeyStoreFileName;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomIdentityKeyStoreType() {
            return SSLConfig.this.customIdentityKeyStoreType;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomIdentityKeyStorePassPhrase() {
            return SSLConfig.this.ces.decrypt(SSLConfig.this.customIdentityKeyStorePassPhrase);
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomIdentityAlias() {
            return SSLConfig.this.customIdentityAlias;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomIdentityPrivateKeyPassPhrase() {
            return SSLConfig.this.ces.decrypt(SSLConfig.this.customIdentityPrivateKeyPassPhrase);
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomTrustKeyStoreFileName() {
            return null;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomTrustKeyStoreType() {
            return null;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getCustomTrustKeyStorePassPhrase() {
            return null;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getJavaStandardTrustKeyStorePassPhrase() {
            return null;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getOutboundPrivateKeyAlias() {
            return null;
        }

        @Override // weblogic.security.utils.KeyStoreConfiguration
        public String getOutboundPrivateKeyPassPhrase() {
            return null;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("CustomIdentityKeyStoreType").append("=");
            stringBuffer.append(getCustomIdentityKeyStoreType()).append("\n");
            stringBuffer.append("KeyStores").append("=");
            stringBuffer.append(getKeyStores()).append("\n");
            stringBuffer.append(SSLConfig.CUSTOM_IDENTITY_ALIAS_PROP).append("=");
            stringBuffer.append(getCustomIdentityAlias()).append("\n");
            stringBuffer.append("CustomIdentityKeyStoreFileName").append("=");
            stringBuffer.append(getCustomIdentityKeyStoreFileName()).append("\n");
            stringBuffer.append("CustomIdentityKeyStorePassPhrase").append("=");
            stringBuffer.append(getCustomIdentityKeyStorePassPhrase()).append("\n");
            stringBuffer.append("CustomIdentityPrivateKeyPassPhrase").append("=");
            stringBuffer.append(getCustomIdentityPrivateKeyPassPhrase()).append("\n");
            return stringBuffer.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/nodemanager/server/SSLConfig$KeyStoreConfigHelper.class */
    public class KeyStoreConfigHelper extends BaseKeyStoreConfigurationHelper {
        private boolean useKssForDemo;

        protected KeyStoreConfigHelper(KeyStoreConfiguration keyStoreConfiguration, boolean z) {
            super(keyStoreConfiguration);
            this.useKssForDemo = z;
        }

        @Override // weblogic.security.utils.BaseKeyStoreConfigurationHelper
        protected boolean isUseKssForDemo() {
            return this.useKssForDemo;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/nodemanager/server/SSLConfig$PluggableLoggerForSecurityAPI.class */
    public static class PluggableLoggerForSecurityAPI implements LoggerSpi {
        private final Logger nmLog;

        private PluggableLoggerForSecurityAPI() {
            this.nmLog = Logger.getLogger("weblogic.nodemanager");
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public boolean isDebugEnabled() {
            return this.nmLog.isLoggable(Level.FINE);
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void debug(Object obj) {
            this.nmLog.log(Level.FINE, obj.toString());
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void debug(Object obj, Throwable th) {
            this.nmLog.log(Level.FINE, obj.toString(), th);
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void info(Object obj) {
            this.nmLog.info(obj.toString());
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void info(Object obj, Throwable th) {
            this.nmLog.log(Level.INFO, obj.toString(), th);
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void warn(Object obj) {
            this.nmLog.log(Level.WARNING, obj.toString());
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void warn(Object obj, Throwable th) {
            this.nmLog.log(Level.WARNING, obj.toString(), th);
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void error(Object obj) {
            this.nmLog.log(Level.SEVERE, obj.toString());
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void error(Object obj, Throwable th) {
            this.nmLog.log(Level.SEVERE, obj.toString(), th);
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void severe(Object obj) {
            this.nmLog.log(Level.SEVERE, obj.toString());
        }

        @Override // com.bea.common.logger.spi.LoggerSpi
        public void severe(Object obj, Throwable th) {
            this.nmLog.log(Level.SEVERE, obj.toString(), th);
        }
    }

    public SSLConfig(Properties properties, ClearOrEncryptedService clearOrEncryptedService) throws IOException, ConfigException {
        super(properties);
        this.keyStores = WLSKeyStoreConstants.DEMO_IDENTITY_AND_DEMO_TRUST;
        this.keyFile = "config/demokey.pm";
        this.keyPassword = "password";
        this.certificateFile = "config/democert.pm";
        this.useKssForDemo = KssAccessor.isKssAvailable();
        this.ces = clearOrEncryptedService;
        loadProperties();
        properties.remove("CustomIdentityKeyStorePassPhrase");
        properties.remove("CustomIdentityPrivateKeyPassPhrase");
        if (this.keyFile != null && this.keyPassword != null && this.certificateFile != null) {
            throw new ConfigException("keyFile and certificateFile are no longer supported properties.");
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: weblogic.nodemanager.server.SSLConfig.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException, ConfigException {
                    SSLConfig.this.loadKeyStoreConfig();
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            if (!(exception instanceof ConfigException)) {
                throw new RuntimeException("Unexpected exception.", exception);
            }
            throw ((ConfigException) exception);
        }
    }

    private void loadProperties() throws ConfigException {
        this.keyStores = getProperty("KeyStores", this.keyStores);
        if ("DemoIdentity".equals(this.keyStores)) {
            this.keyStores = WLSKeyStoreConstants.DEMO_IDENTITY_AND_DEMO_TRUST;
        } else if (CUSTOM_IDENTITY.equals(this.keyStores)) {
            this.keyStores = WLSKeyStoreConstants.CUSTOM_IDENTITY_AND_CUSTOM_TRUST;
        }
        this.customIdentityKeyStoreFileName = getProperty("CustomIdentityKeyStoreFileName");
        this.customIdentityKeyStoreType = getProperty("CustomIdentityKeyStoreType");
        this.customIdentityAlias = getProperty(CUSTOM_IDENTITY_ALIAS_PROP);
        if (getProperty("CustomIdentityKeyStorePassPhrase") != null) {
            this.customIdentityKeyStorePassPhrase = this.ces.encrypt(getProperty("CustomIdentityKeyStorePassPhrase"));
        }
        if (getProperty("CustomIdentityPrivateKeyPassPhrase") != null) {
            this.customIdentityPrivateKeyPassPhrase = this.ces.encrypt(getProperty("CustomIdentityPrivateKeyPassPhrase"));
        }
        this.cipherSuites = parseStringWithSeparator(getCipherSuitesString(getProperty(CIPHER_SUITE_PROP), getProperty(CIPHER_SUITES_PROP)), ",");
        this.keyFile = getProperty(KEY_FILE_PROP);
        this.keyPassword = getProperty("keyPassword");
        this.certificateFile = getProperty(CERTIFICATE_FILE_PROP);
        this.useKssForDemo = getBooleanProperty(IS_USE_KSS_FOR_DEMO_PROP, this.useKssForDemo);
    }

    protected static String getCipherSuitesString(String str, String str2) throws ConfigException {
        if (str == null || str.trim().isEmpty()) {
            if (str2 == null || str2.trim().isEmpty()) {
                return null;
            }
            return str2.trim();
        }
        if (str2 != null && !str2.trim().isEmpty()) {
            throw new ConfigException(nmText.cannotSpecifyBoth(CIPHER_SUITE_PROP, CIPHER_SUITES_PROP));
        }
        nmLog.warning(nmText.propertyDeprecated(CIPHER_SUITE_PROP, CIPHER_SUITES_PROP));
        return str.trim();
    }

    public static String[] parseStringWithSeparator(String str, String str2) {
        if (str == null || str.trim().isEmpty()) {
            return null;
        }
        String[] split = str.split(str2);
        ArrayList arrayList = new ArrayList();
        for (String str3 : split) {
            if (str3 != null && !str3.trim().isEmpty()) {
                arrayList.add(str3.trim());
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loadKeyStoreConfig() throws IOException, ConfigException {
        KeyStoreConfigHelper keyStoreConfigHelper = new KeyStoreConfigHelper(new KeyStoreConfig(), this.useKssForDemo);
        KeyStoreInfo identityKeyStore = keyStoreConfigHelper.getIdentityKeyStore();
        NMServer.nmLog.info(nmText.getLoadingIDStore(identityKeyStore.toString()));
        this.keyStore = CSSKeyStoreFactory.getKeyStoreInstance(identityKeyStore.getType(), identityKeyStore.getFileName(), identityKeyStore.getPassPhrase(), new PluggableLoggerForSecurityAPI());
        if (this.keyStore == null) {
            throw new ConfigException(nmText.getIDStoreNotFound(identityKeyStore.getFileName()));
        }
        String identityAlias = keyStoreConfigHelper.getIdentityAlias();
        this.privateKeyPassPhrase = keyStoreConfigHelper.getIdentityPrivateKeyPassPhrase();
        this.privateKey = obtainPrivateKey(keyStoreConfigHelper, identityAlias);
        if (this.privateKey == null) {
            throw new ConfigException(nmText.getUnknownKeyStoreID(identityAlias));
        }
        this.certChain = obtainCertificateChain(identityAlias);
        if (this.certChain == null || this.certChain.length == 0) {
            throw new ConfigException(nmText.getNoCertificate(identityAlias));
        }
    }

    private Certificate[] obtainCertificateChain(final String str) {
        try {
            return (Certificate[]) AccessController.doPrivileged(new PrivilegedExceptionAction<Certificate[]>() { // from class: weblogic.nodemanager.server.SSLConfig.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Certificate[] run() throws KeyStoreException {
                    return SSLConfig.this.keyStore.getCertificateChain(str);
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof KeyStoreException) {
                throw new IllegalStateException(nmText.getIdentityStoreNotInit());
            }
            throw new RuntimeException("Unexpected exception.", exception);
        }
    }

    private PrivateKey obtainPrivateKey(final BaseKeyStoreConfigurationHelper baseKeyStoreConfigurationHelper, final String str) throws ConfigException {
        try {
            return (PrivateKey) AccessController.doPrivileged(new PrivilegedExceptionAction<PrivateKey>() { // from class: weblogic.nodemanager.server.SSLConfig.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public PrivateKey run() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
                    return (PrivateKey) SSLConfig.this.keyStore.getKey(str, baseKeyStoreConfigurationHelper.getIdentityPrivateKeyPassPhrase());
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof KeyStoreException) {
                throw new InternalError("Identity key store not initialized");
            }
            if (exception instanceof NoSuchAlgorithmException) {
                throw new ConfigException(nmText.getIDAlgorithmNotFound(), exception);
            }
            if (exception instanceof UnrecoverableKeyException) {
                throw new ConfigException(nmText.getIncorrectIDPassword());
            }
            throw new RuntimeException("Unexpected exception.", exception);
        }
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public Certificate[] getCertificateChain() {
        return this.certChain;
    }

    public char[] getPrivateKeyPassPhrase() {
        return this.privateKeyPassPhrase;
    }

    public static boolean checkUpgrade(Properties properties, Encryptor encryptor, boolean z, ClearOrEncryptedService clearOrEncryptedService) {
        boolean z2 = false;
        String property = properties.getProperty("CustomIdentityKeyStorePassPhrase");
        String property2 = properties.getProperty("CustomIdentityPrivateKeyPassPhrase");
        String property3 = properties.getProperty("CustomTrustKeyStorePassPhrase");
        String property4 = properties.getProperty("JavaStandardTrustKeyStorePassPhrase");
        String str = null;
        String str2 = null;
        if (encryptor != null) {
            String decrypt = encryptor.decrypt(property);
            String decrypt2 = encryptor.decrypt(property2);
            if (decrypt != null) {
                str = clearOrEncryptedService.encrypt(decrypt);
            }
            if (decrypt2 != null) {
                str2 = clearOrEncryptedService.encrypt(decrypt2);
            }
        } else {
            if (property != null) {
                str = clearOrEncryptedService.encrypt(property);
            }
            if (property2 != null) {
                str2 = clearOrEncryptedService.encrypt(property2);
            }
        }
        if (property != null && !property.equals(str)) {
            properties.setProperty("CustomIdentityKeyStorePassPhrase", str);
            if (z) {
                Upgrader.log(Level.INFO, nmText.getEncryptingProp("CustomIdentityKeyStorePassPhrase"));
            }
            z2 = true;
        }
        if (property2 != null && !property2.equals(str2)) {
            properties.setProperty("CustomIdentityPrivateKeyPassPhrase", str2);
            if (z) {
                Upgrader.log(Level.INFO, nmText.getEncryptingProp("CustomIdentityPrivateKeyPassPhrase"));
            }
            z2 = true;
        }
        if (property3 != null) {
            properties.remove("CustomTrustKeyStorePassPhrase");
            if (z) {
                Upgrader.log(Level.INFO, nmText.getRemovingProp("CustomTrustKeyStorePassPhrase"));
            }
            z2 = true;
        }
        if (property4 != null) {
            properties.remove("JavaStandardTrustKeyStorePassPhrase");
            if (z) {
                Upgrader.log(Level.INFO, nmText.getRemovingProp("JavaStandardTrustKeyStorePassPhrase"));
            }
            z2 = true;
        }
        return z2;
    }
}
