package weblogic.management.configuration;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.management.InvalidAttributeValueException;
import javax.net.ssl.SSLContext;
import weblogic.logging.Loggable;
import weblogic.security.SecurityLogger;
import weblogic.security.utils.SSLSetupLogging;
import weblogic.utils.Debug;

/* loaded from: input_file:weblogic/management/configuration/ServerLegalHelper.class */
public final class ServerLegalHelper {
    public static final int DEFAULT_THREAD_POOL_SIZE = 15;
    public static final int PRODUCTION_MODE_THREAD_POOL_SIZE = 25;
    public static final String TLSv1_1 = "TLSv1.1";
    public static final String[] SUPPORTED_PROTOCOLS;
    private static String minimumTLSProtocolFromSysProperty = System.getProperty("weblogic.security.SSL.minimumProtocolVersion");

    public static boolean isSSLListenPortEnabled(ServerTemplateMBean serverTemplateMBean) {
        if (Boolean.getBoolean("weblogic.mbeanLegalClause.ByPass") || serverTemplateMBean.getSSL().isEnabled()) {
            return true;
        }
        Debug.assertion(serverTemplateMBean.getParent() != null);
        if (((DomainMBean) serverTemplateMBean.getParent()).isAdministrationPortEnabled()) {
            return true;
        }
        for (NetworkAccessPointMBean networkAccessPointMBean : serverTemplateMBean.getNetworkAccessPoints()) {
            if (networkAccessPointMBean.isEnabled()) {
                return true;
            }
        }
        return false;
    }

    public static boolean isListenPortEnabled(SSLMBean sSLMBean) {
        if (Boolean.getBoolean("weblogic.mbeanLegalClause.ByPass")) {
            return true;
        }
        ServerTemplateMBean serverTemplateMBean = (ServerTemplateMBean) sSLMBean.getParent();
        Debug.assertion(serverTemplateMBean != null);
        if (serverTemplateMBean.isListenPortEnabled()) {
            return true;
        }
        return isSSLListenPortEnabled(serverTemplateMBean);
    }

    public static void validateSSL(SSLMBean sSLMBean) throws IllegalArgumentException {
        ServerTemplateMBean serverTemplateMBean;
        int listenPort;
        if (!sSLMBean.isEnabled() && !isListenPortEnabled(sSLMBean)) {
            throw new IllegalArgumentException("Either ListenPort or SSLListenPort must be enabled");
        }
        if (sSLMBean.isEnabled() && (serverTemplateMBean = (ServerTemplateMBean) sSLMBean.getParent()) != null && (listenPort = serverTemplateMBean.getListenPort()) == sSLMBean.getListenPort()) {
            Loggable logSSLListenPortSameAsServerListenPortLoggable = SecurityLogger.logSSLListenPortSameAsServerListenPortLoggable(Integer.toString(listenPort));
            logSSLListenPortSameAsServerListenPortLoggable.log();
            throw new IllegalArgumentException(logSSLListenPortSameAsServerListenPortLoggable.getMessage());
        }
    }

    public static void validateServer(ServerTemplateMBean serverTemplateMBean) throws IllegalArgumentException {
        ClusterMBean cluster;
        if (!serverTemplateMBean.isListenPortEnabled() && !isSSLListenPortEnabled(serverTemplateMBean)) {
            throw new IllegalArgumentException("Either ListenPort or SSLListenPort must be enabled");
        }
        String name = serverTemplateMBean.getName();
        try {
            if (!LegalHelper.serverMBeanSetNameLegalCheck(name, serverTemplateMBean)) {
                throw new IllegalArgumentException("ServerName " + name + " is invalid");
            }
            CoherenceClusterSystemResourceMBean coherenceClusterSystemResource = serverTemplateMBean.getCoherenceClusterSystemResource();
            if (coherenceClusterSystemResource != null && (cluster = serverTemplateMBean.getCluster()) != null && cluster.getCoherenceClusterSystemResource() != null && !cluster.getCoherenceClusterSystemResource().getName().equals(coherenceClusterSystemResource.getName())) {
                throw new IllegalArgumentException("Server " + name + " is part of WLS Cluster " + cluster.getName() + " which is part of Coherence cluster " + cluster.getCoherenceClusterSystemResource().getName() + ". So Server cannot be part of another Coherence cluster " + coherenceClusterSystemResource.getName());
            }
        } catch (InvalidAttributeValueException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    @Deprecated
    public static void checkListenAddress(ServerMBean serverMBean, Object obj) throws InvalidAttributeValueException {
        if (obj == null) {
            throw new InvalidAttributeValueException("null port");
        }
        if (!(obj instanceof Integer)) {
            throw new InvalidAttributeValueException("port not integer:" + obj);
        }
        if (serverMBean.getSSL().getListenPort() == ((Integer) obj).intValue()) {
            throw new InvalidAttributeValueException("Listen port cannot be the same as SSL port");
        }
    }

    public static void validateFederationServices(FederationServicesMBean federationServicesMBean) throws IllegalArgumentException {
    }

    public static void validateSingleSignOnServices(SingleSignOnServicesMBean singleSignOnServicesMBean) throws IllegalArgumentException {
    }

    public static void validateMinimumSSLProtocol(String str) throws InvalidAttributeValueException {
        boolean z = false;
        if (str != null && str.trim().length() > 0) {
            if (SUPPORTED_PROTOCOLS != null && SUPPORTED_PROTOCOLS.length > 0) {
                String[] strArr = SUPPORTED_PROTOCOLS;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = strArr[i];
                    if (str2.equalsIgnoreCase(str)) {
                        z = true;
                        if (str2.startsWith("SSLv2")) {
                            throw new InvalidAttributeValueException("Minimum protocol version must be SSLv3 or higher.  TLSv1.1 or later is recommended.");
                        }
                        if (str2.equalsIgnoreCase("SSLv3")) {
                            SSLSetupLogging.info("TLSv1.1 is recommended as the minimum TLS protocol.");
                        }
                    } else {
                        i++;
                    }
                }
            } else {
                throw new IllegalStateException("Cannot obtain the supported protocols by the configured JSSE provider.");
            }
        }
        if (!z) {
            throw new InvalidAttributeValueException("SSL/TLS protocol [" + str + "] is not valid.");
        }
    }

    public static String getDerivedMinimumTLSProtocol() {
        return minimumTLSProtocolFromSysProperty;
    }

    static {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            sSLContext.init(null, null, null);
            SUPPORTED_PROTOCOLS = sSLContext.getSupportedSSLParameters().getProtocols();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to get the supported SSL/TLS protocols from the default SSLContext: " + e.getMessage());
        }
    }
}
