package weblogic.security.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.AccessController;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import weblogic.kernel.T3SrvrLogger;
import weblogic.logging.Loggable;
import weblogic.management.bootstrap.BootStrap;
import weblogic.management.configuration.ConfigurationException;
import weblogic.management.configuration.NetworkAccessPointMBean;
import weblogic.management.configuration.SSLMBean;
import weblogic.management.provider.CommandLine;
import weblogic.management.provider.ManagementService;
import weblogic.management.provider.RuntimeAccess;
import weblogic.protocol.ServerChannel;
import weblogic.security.SSL.SSLClientInfo;
import weblogic.security.SSL.SSLEngineFactory;
import weblogic.security.SSL.TrustManager;
import weblogic.security.SSL.jsseadapter.JaSSLEngineFactoryBuilder;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.KeyManager;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.server.channels.ServerChannelImpl;

/* loaded from: input_file:weblogic/security/utils/SSLContextManager.class */
public final class SSLContextManager {
    private static final int ONE_DAY = 86400000;
    private static final int WARNING_PERIOD = 30;
    private static AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static SSLSocketFactory defaultFactory = null;
    private static SSLSocketFactory defaultNioFactory = null;
    private static SSLContextWrapper defaultContext = null;
    private static Map channelContexts = new HashMap();
    private static Map sslIdentities = new Hashtable();
    private static X509Certificate[] trustedCACerts = null;
    private static char[] keyFilePwd = null;
    private boolean debug = SSLSetup.isDebugEnabled(3);
    private RuntimeAccess runtimeAccess;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/utils/SSLContextManager$SSLIdentity.class */
    public static class SSLIdentity {
        public PrivateKey key;
        public X509Certificate[] certChain;
        private char[] ksPwd;
        private char[] keyPwd;

        public SSLIdentity(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this(privateKey, x509CertificateArr, null, null);
        }

        public SSLIdentity(PrivateKey privateKey, X509Certificate[] x509CertificateArr, char[] cArr, char[] cArr2) {
            this.key = privateKey;
            this.certChain = x509CertificateArr;
            this.ksPwd = cArr;
            this.keyPwd = cArr2;
        }

        public boolean verify(char[] cArr, char[] cArr2) {
            return Arrays.equals(this.ksPwd, cArr) && Arrays.equals(this.keyPwd, cArr2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/utils/SSLContextManager$SSLIdentityKey.class */
    public static class SSLIdentityKey {
        public File ksFile;
        public String ksType;
        public String alias;
        static final /* synthetic */ boolean $assertionsDisabled;

        public SSLIdentityKey(File file, String str, String str2) {
            if (!$assertionsDisabled && file == null) {
                throw new AssertionError("null keystore file");
            }
            if (!$assertionsDisabled && str == null) {
                throw new AssertionError("null keystore type");
            }
            if (!$assertionsDisabled && str2 == null) {
                throw new AssertionError("null key alias");
            }
            this.ksFile = file;
            this.ksType = str.toUpperCase(Locale.ENGLISH);
            this.alias = str2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof SSLIdentityKey)) {
                return false;
            }
            SSLIdentityKey sSLIdentityKey = (SSLIdentityKey) obj;
            return this.alias.equals(sSLIdentityKey.alias) && this.ksType.equals(sSLIdentityKey.ksType) && this.ksFile.equals(sSLIdentityKey.ksFile);
        }

        public int hashCode() {
            return (31 * ((31 * this.ksFile.hashCode()) + this.ksType.hashCode())) + this.alias.hashCode();
        }

        static {
            $assertionsDisabled = !SSLContextManager.class.desiredAssertionStatus();
        }
    }

    public static SSLServerSocketFactory getSSLServerSocketFactory(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        return getChannelSSLContext(serverChannel, authenticatedSubject).getSSLServerSocketFactory();
    }

    public static SSLServerSocketFactory getSSLNioServerSocketFactory(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        return getChannelSSLContext(serverChannel, authenticatedSubject).getSSLNioServerSocketFactory();
    }

    public static SSLSocketFactory getSSLSocketFactory(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        return getChannelSSLContext(serverChannel, authenticatedSubject).getSSLSocketFactory();
    }

    public static SSLSocketFactory getSSLNioSocketFactory(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        return getChannelSSLContext(serverChannel, authenticatedSubject).getSSLNioSocketFactory();
    }

    public static SSLClientInfo getChannelSSLClientInfo(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        SSLIdentity serverSSLIdentity = new SSLContextManager(authenticatedSubject).getServerSSLIdentity(((ServerChannelImpl) serverChannel).getConfig(), getChannelSSLContext(serverChannel, authenticatedSubject), true);
        SSLClientInfo sSLClientInfo = new SSLClientInfo();
        sSLClientInfo.loadLocalIdentity(serverSSLIdentity.certChain, serverSSLIdentity.key);
        return sSLClientInfo;
    }

    public static SSLClientInfo getNioChannelSSLClientInfo(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        SSLIdentity serverSSLIdentity = new SSLContextManager(authenticatedSubject).getServerSSLIdentity(((ServerChannelImpl) serverChannel).getConfig(), getChannelSSLContext(serverChannel, authenticatedSubject), true);
        SSLClientInfo sSLClientInfo = new SSLClientInfo(true);
        sSLClientInfo.loadLocalIdentity(serverSSLIdentity.certChain, serverSSLIdentity.key);
        return sSLClientInfo;
    }

    public static synchronized SSLSocketFactory getDefaultSSLSocketFactory(AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        if (defaultFactory == null) {
            defaultFactory = getDefaultServerSSLContext(authenticatedSubject).getSSLSocketFactory();
        } else {
            ManagementService.getRuntimeAccess(authenticatedSubject);
        }
        return defaultFactory;
    }

    public static synchronized SSLSocketFactory getDefaultNioSSLSocketFactory(AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        if (defaultNioFactory == null) {
            defaultNioFactory = getDefaultServerSSLContext(authenticatedSubject).getSSLNioSocketFactory();
        } else {
            ManagementService.getRuntimeAccess(authenticatedSubject);
        }
        return defaultNioFactory;
    }

    public static SSLSocketFactory getSSLSocketFactory(AuthenticatedSubject authenticatedSubject, TrustManager trustManager) throws ConfigurationException, CertificateException {
        SSLContextWrapper createServerSSLContext = new SSLContextManager(authenticatedSubject).createServerSSLContext((ServerChannel) null);
        createServerSSLContext.getTrustManager().setTrustManager(trustManager);
        return createServerSSLContext.getSSLSocketFactory();
    }

    public static SSLSocketFactory getSSLNioSocketFactory(AuthenticatedSubject authenticatedSubject, TrustManager trustManager) throws ConfigurationException, CertificateException {
        SSLContextWrapper createServerSSLContext = new SSLContextManager(authenticatedSubject).createServerSSLContext((ServerChannel) null);
        createServerSSLContext.getTrustManager().setTrustManager(trustManager);
        return createServerSSLContext.getSSLNioSocketFactory();
    }

    public static synchronized X509Certificate[] getServerTrustedCAs() throws ConfigurationException, CertificateException {
        if (trustedCACerts == null) {
            return getDefaultServerSSLContext(kernelId).getTrustedCAs();
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[trustedCACerts.length];
        System.arraycopy(trustedCACerts, 0, x509CertificateArr, 0, trustedCACerts.length);
        return x509CertificateArr;
    }

    public static synchronized void clearSSLContextCache() {
        trustedCACerts = null;
        defaultFactory = null;
        defaultNioFactory = null;
        defaultContext = null;
        channelContexts.clear();
        sslIdentities.clear();
    }

    public static X509Certificate[] getTrustedCAs(KeyStoreInfo[] keyStoreInfoArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; keyStoreInfoArr != null && i < keyStoreInfoArr.length; i++) {
            Collection trustedCAs = getTrustedCAs(keyStoreInfoArr[i].getFileName(), keyStoreInfoArr[i].getType(), keyStoreInfoArr[i].getPassPhrase());
            if (trustedCAs != null) {
                arrayList.addAll(trustedCAs);
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public static final SSLEngineFactory getSSLEngineFactory(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        return JaSSLEngineFactoryBuilder.getFactoryInstance(getChannelSSLContext(serverChannel, authenticatedSubject));
    }

    private static synchronized SSLContextWrapper getDefaultServerSSLContext(AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        if (defaultContext == null) {
            defaultContext = new SSLContextManager(authenticatedSubject).createServerSSLContext((ServerChannel) null);
        } else {
            ManagementService.getRuntimeAccess(authenticatedSubject);
        }
        return defaultContext;
    }

    private static synchronized SSLContextWrapper getChannelSSLContext(ServerChannel serverChannel, AuthenticatedSubject authenticatedSubject) throws ConfigurationException, CertificateException {
        boolean isDebugEnabled = SSLSetup.isDebugEnabled(3);
        String name = ((ServerChannelImpl) serverChannel).getConfig().getName();
        SSLContextWrapper sSLContextWrapper = (SSLContextWrapper) channelContexts.get(name);
        if (sSLContextWrapper == null) {
            if (isDebugEnabled) {
                SSLSetup.info("SSLContextManager: initializing SSL context for channel " + name);
            }
            sSLContextWrapper = new SSLContextManager(authenticatedSubject).createServerSSLContext(serverChannel);
            channelContexts.put(name, sSLContextWrapper);
        } else {
            if (isDebugEnabled) {
                SSLSetup.info("SSLContextManager: reusing SSL context of channel " + name);
            }
            ManagementService.getRuntimeAccess(authenticatedSubject);
        }
        return sSLContextWrapper;
    }

    private SSLContextManager(AuthenticatedSubject authenticatedSubject) {
        this.runtimeAccess = null;
        checkLicense();
        if (authenticatedSubject == null) {
            throw new NullPointerException("null privileged subject");
        }
        this.runtimeAccess = ManagementService.getRuntimeAccess(authenticatedSubject);
    }

    private SSLContextWrapper createServerSSLContext(ServerChannel serverChannel) throws ConfigurationException, CertificateException {
        X509Certificate findDemoCert;
        SSLContextWrapper sSLContextWrapper = SSLContextWrapper.getInstance();
        SSLMBean ssl = this.runtimeAccess.getServer().getSSL();
        if (ssl != null) {
            sSLContextWrapper.enableUnencryptedNullCipher(ssl.isAllowUnencryptedNullCipher());
        }
        NetworkAccessPointMBean config = serverChannel == null ? null : ((ServerChannelImpl) serverChannel).getConfig();
        SSLIdentity sSLIdentity = null;
        try {
            sSLIdentity = getServerSSLIdentity(config, sSLContextWrapper, false);
        } catch (ConfigurationException e) {
            if (this.debug) {
                SSLSetup.info(e, "SSLContextManager: couldnot get server SSL identity");
            }
            if (serverChannel != null) {
                throw e;
            }
        }
        if (sSLIdentity != null) {
            checkIdentity(sSLContextWrapper, sSLIdentity);
            sSLContextWrapper.addIdentity(sSLIdentity.certChain, sSLIdentity.key);
        }
        X509Certificate[] x509CertificateArr = trustedCACerts;
        if (x509CertificateArr == null) {
            x509CertificateArr = getServerTrustedCAs(sSLContextWrapper);
            synchronized (SSLContextManager.class) {
                trustedCACerts = x509CertificateArr;
            }
            if (x509CertificateArr != null && x509CertificateArr.length > 0 && this.runtimeAccess.getDomain().isProductionModeEnabled() && (findDemoCert = findDemoCert(x509CertificateArr)) != null) {
                SecurityLogger.logDemoTrustCertificateUsed(findDemoCert.toString());
            }
        }
        boolean isClientCertificateEnforced = config != null ? config.isClientCertificateEnforced() : ssl.isClientCertificateEnforced();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            if (isClientCertificateEnforced) {
                fail(SecurityLogger.logClientCertEnforcedNoTrustedCALoggable(), null);
            }
            SecurityLogger.logNoTrustedCAsLoaded();
        }
        if (x509CertificateArr != null) {
            sSLContextWrapper.addTrustedCA(x509CertificateArr);
        }
        SSLTrustValidator trustManager = sSLContextWrapper.getTrustManager();
        trustManager.setPeerCertsRequired(isClientCertificateEnforced);
        trustManager.setAllowOverride(false);
        sSLContextWrapper.setTrustManager(trustManager);
        int exportKeyLifespan = ssl.getExportKeyLifespan();
        sSLContextWrapper.setExportRefreshCount(exportKeyLifespan);
        T3SrvrLogger.logExportableKeyMaxLifespan(exportKeyLifespan);
        return sSLContextWrapper;
    }

    private X509Certificate[] getServerTrustedCAs(SSLContextWrapper sSLContextWrapper) {
        return usePerServerKeyStores() ? getTrustedCAs(new KeyStoreConfigurationHelper(MBeanKeyStoreConfiguration.getInstance()).getTrustKeyStores()) : getOldConfigServerTrustedCAs(sSLContextWrapper);
    }

    private static void checkLicense() {
        try {
            SSLSetup.getLicenseLevel();
        } catch (RuntimeException e) {
            throw e;
        }
    }

    private final boolean usePerServerKeyStores() {
        return "KeyStores".equals(this.runtimeAccess.getServer().getSSL().getIdentityAndTrustLocations());
    }

    private static X509Certificate findDemoCert(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return null;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (isDemoCertificate(x509CertificateArr[i])) {
                return x509CertificateArr[i];
            }
        }
        return null;
    }

    private static boolean isDemoCertificate(X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerDN().getName();
        int lastIndexOf = name.lastIndexOf("CN=CACERT");
        return lastIndexOf >= 0 && (lastIndexOf + "CN=CACERT".length() >= name.length() || !Character.isLetter(name.charAt(lastIndexOf + "CN=CACERT".length())));
    }

    private void checkIdentity(SSLContextWrapper sSLContextWrapper, SSLIdentity sSLIdentity) throws ConfigurationException {
        X509Certificate findDemoCert;
        X509Certificate[] x509CertificateArr = sSLIdentity.certChain;
        PrivateKey privateKey = sSLIdentity.key;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new ConfigurationException(new Loggable(T3SrvrLogger.logNoCertificatesSpecified(), null).getMessageText());
        }
        X509Certificate x509Certificate = null;
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509Certificate = x509CertificateArr[i];
                x509Certificate.checkValidity();
                if (i + 1 < x509CertificateArr.length) {
                    x509Certificate.verify(x509CertificateArr[i + 1].getPublicKey());
                } else if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                }
                long time = (x509Certificate.getNotAfter().getTime() - System.currentTimeMillis()) / 86400000;
                if (time <= 30) {
                    T3SrvrLogger.logCertificateExpiresSoon(time, x509Certificate.toString());
                }
            } catch (SignatureException e) {
                fail(SecurityLogger.logIdentityCertificateNotValidLoggable(x509Certificate.toString()), e);
            } catch (CertificateExpiredException e2) {
                fail(SecurityLogger.logIdentityCertificateExpiredLoggable(x509Certificate.toString()), e2);
            } catch (CertificateNotYetValidException e3) {
                fail(SecurityLogger.logIdentityCertificateNotYetValidLoggable(x509Certificate.toString()), e3);
            } catch (Exception e4) {
                fail(SecurityLogger.logUnableToVerifyIdentityCertificateLoggable(x509Certificate.toString()), e4);
            }
        }
        if (this.runtimeAccess.getDomain().isProductionModeEnabled() && (findDemoCert = findDemoCert(x509CertificateArr)) != null) {
            SecurityLogger.logDemoIdentityCertificateUsed(findDemoCert.toString());
        }
        try {
            if (!sSLContextWrapper.doKeysMatch(x509CertificateArr[0].getPublicKey(), privateKey)) {
                fail(SecurityLogger.logCertificateAndPrivateKeyMismatchedLoggable(), null);
            }
        } catch (KeyManagementException e5) {
            if (this.debug) {
                SSLSetup.info(e5, "Key match check failed with exception, may not have access to private key data to perform this check");
            }
            SecurityLogger.logCantCheckKeyMatch();
        }
        if ("RSA".equalsIgnoreCase(privateKey.getAlgorithm())) {
            return;
        }
        SecurityLogger.logUnsupportedKeyAlgorithm(privateKey.getAlgorithm());
    }

    private static Collection getTrustedCAs(String str, String str2, char[] cArr) {
        boolean isDebugEnabled = SSLSetup.isDebugEnabled(3);
        File file = str == null ? null : new File(str);
        if (file == null) {
            SecurityLogger.logTrustedCAKeyStoreNotFound(str, ManagementService.getRuntimeAccess(kernelId).getServer().getName());
            return null;
        }
        SecurityLogger.logLoadTrustedCAsFromKeyStore(file.getAbsolutePath(), str2);
        KeyStore load = KeyStoreUtils.load(file, cArr, str2);
        if (load == null) {
            SecurityLogger.logTrustedCAFromKeyStoreLoadFailed(file.getAbsolutePath(), str2);
            return null;
        }
        try {
            Collection x509Certificates = SSLCertUtility.getX509Certificates(load);
            if (isDebugEnabled) {
                SSLSetup.info("SSLContextManager: loaded " + x509Certificates.size() + " trusted CAs from " + file.getAbsolutePath());
                debugCerts(x509Certificates);
            }
            return x509Certificates;
        } catch (KeyStoreException e) {
            SecurityLogger.logKeyStoreException(str, ManagementService.getRuntimeAccess(kernelId).getServer().getName());
            return null;
        }
    }

    private SSLIdentity getServerSSLIdentity(NetworkAccessPointMBean networkAccessPointMBean, SSLContextWrapper sSLContextWrapper, boolean z) throws ConfigurationException {
        String identityAlias;
        char[] identityPrivateKeyPassPhrase;
        if (this.debug) {
            SSLSetup.info("SSLContextManager: loading server SSL identity, forOutboundSSL=" + z);
        }
        if (!usePerServerKeyStores()) {
            return getOldConfigServerSSLIdentity(sSLContextWrapper);
        }
        KeyStoreConfigurationHelper keyStoreConfigurationHelper = new KeyStoreConfigurationHelper(MBeanKeyStoreConfiguration.getInstance(), networkAccessPointMBean);
        KeyStoreInfo identityKeyStore = keyStoreConfigurationHelper.getIdentityKeyStore();
        if (identityKeyStore == null) {
            fail(SecurityLogger.logInvalidServerSSLConfigurationLoggable(getServerName()), null);
        }
        File findFile = findFile(identityKeyStore.getFileName());
        if (findFile == null) {
            fail(SecurityLogger.logIdentityKeyStoreFileNotFoundLoggable(getServerName(), identityKeyStore.getFileName()), null);
        }
        String type = identityKeyStore.getType();
        char[] passPhrase = identityKeyStore.getPassPhrase();
        if (z) {
            identityAlias = keyStoreConfigurationHelper.getOutboundPrivateKeyAlias();
            identityPrivateKeyPassPhrase = keyStoreConfigurationHelper.getOutboundPrivateKeyPassPhrase();
        } else {
            identityAlias = keyStoreConfigurationHelper.getIdentityAlias();
            identityPrivateKeyPassPhrase = keyStoreConfigurationHelper.getIdentityPrivateKeyPassPhrase();
        }
        if (this.debug) {
            SSLSetup.info("forOutboundSSL=" + z + ", resolved alias=" + identityAlias);
        }
        if (identityAlias == null) {
            fail(SecurityLogger.logIdentityKeyStoreAliasNotSpecifiedLoggable(getServerName()), null);
        }
        SSLIdentityKey sSLIdentityKey = new SSLIdentityKey(findFile, type, identityAlias);
        SSLIdentity sSLIdentity = (SSLIdentity) sslIdentities.get(sSLIdentityKey);
        if (sSLIdentity != null && sSLIdentity.verify(passPhrase, identityPrivateKeyPassPhrase)) {
            if (this.debug) {
                SSLSetup.info("Reusing cached identity certs for keystore " + findFile.getAbsolutePath() + ", and alias " + identityAlias);
            }
            return sSLIdentity;
        }
        SecurityLogger.logLoadIdentityCertificateFromKeyStore(findFile.getAbsolutePath(), type, identityAlias);
        KeyStore load = KeyStoreUtils.load(findFile, passPhrase, type);
        if (load == null) {
            fail(SecurityLogger.logIdentityKeyStoreLoadFailedLoggable(getServerName(), findFile.getAbsolutePath(), type), null);
        }
        if (identityPrivateKeyPassPhrase == null) {
            SecurityLogger.logSSLDidNotFindPrivateKeyPassPhrase(getServerName(), getRealmName());
        }
        Key key = null;
        Certificate[] certificateArr = null;
        try {
            key = load.getKey(identityAlias, identityPrivateKeyPassPhrase);
            certificateArr = load.getCertificateChain(identityAlias);
        } catch (Exception e) {
            fail(SecurityLogger.logFailedReadingIdentityEntryLoggable(getServerName(), findFile.getAbsolutePath(), identityAlias), e);
        }
        if (!(key instanceof PrivateKey) || !(certificateArr instanceof Certificate[])) {
            fail(SecurityLogger.logIdentityEntryNotFoundUnderAliasLoggable(getServerName(), findFile.getAbsolutePath(), identityAlias), null);
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        if (this.debug) {
            SSLSetup.info("Loaded public identity certificate chain:");
            debugCerts(x509CertificateArr);
        }
        SSLIdentity sSLIdentity2 = new SSLIdentity((PrivateKey) key, x509CertificateArr, passPhrase, identityPrivateKeyPassPhrase);
        sslIdentities.put(sSLIdentityKey, sSLIdentity2);
        return sSLIdentity2;
    }

    private static void fail(Loggable loggable, Throwable th) throws ConfigurationException {
        loggable.log();
        ConfigurationException configurationException = new ConfigurationException(loggable.getMessageText());
        if (th != null) {
            configurationException.initCause(th);
        }
        throw configurationException;
    }

    private File findFile(String str) {
        File file = null;
        if (str != null) {
            file = new File(str);
            if (!file.exists()) {
                file = new File(this.runtimeAccess.getServer().getRootDirectory(), str);
                if (!file.exists()) {
                    file = null;
                }
            }
        }
        return file;
    }

    private final String getServerName() {
        return this.runtimeAccess.getServer().getName();
    }

    private final String getRealmName() {
        return this.runtimeAccess.getDomain().getSecurity().getRealm().getName();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:90:0x0289
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private weblogic.security.utils.SSLContextManager.SSLIdentity getOldConfigServerSSLIdentity(weblogic.security.utils.SSLContextWrapper r7) throws weblogic.management.configuration.ConfigurationException {
        /*
            Method dump skipped, instructions count: 844
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.utils.SSLContextManager.getOldConfigServerSSLIdentity(weblogic.security.utils.SSLContextWrapper):weblogic.security.utils.SSLContextManager$SSLIdentity");
    }

    private X509Certificate[] getOldConfigServerTrustedCAs(SSLContextWrapper sSLContextWrapper) {
        String keyStoreFileName = CommandLine.getCommandLine().getKeyStoreFileName();
        if (keyStoreFileName != null) {
            if (this.debug) {
                SSLSetup.info("SSLContextManager, loading trusted CAs from cmd line keystore: " + keyStoreFileName);
            }
            File findFile = findFile(keyStoreFileName);
            Collection trustedCAs = getTrustedCAs(findFile == null ? keyStoreFileName : findFile.getAbsolutePath(), "jks", null);
            r7 = trustedCAs != null ? (X509Certificate[]) trustedCAs.toArray(new X509Certificate[trustedCAs.size()]) : null;
            SecurityLogger.logTrustedCAsLoadedFromCmdLnKeyStore(r7 == null ? "0" : String.valueOf(r7.length), keyStoreFileName);
            if (this.debug) {
                debugCerts(r7);
            }
            return r7;
        }
        KeyManager keyManager = getKeyManager();
        if (keyManager != null) {
            KeyStore[] rootCAKeyStore = keyManager.getRootCAKeyStore();
            boolean z = false;
            if (rootCAKeyStore != null) {
                for (int i = 0; i < rootCAKeyStore.length && !z; i++) {
                    if (rootCAKeyStore[i] != null) {
                        z = true;
                    }
                }
            }
            if (z) {
                if (this.debug) {
                    SSLSetup.info("SSLContextManager, loading trusted CAs from RootCAKeyStore");
                }
                ArrayList arrayList = new ArrayList();
                for (int i2 = 0; i2 < rootCAKeyStore.length; i2++) {
                    if (rootCAKeyStore[i2] != null) {
                        try {
                            arrayList.addAll(SSLCertUtility.getX509Certificates(rootCAKeyStore[i2]));
                        } catch (KeyStoreException e) {
                            SSLSetup.debug(2, e, "Unable to load trusted CAs KeyStore file (" + i2 + ")");
                        }
                    }
                }
                X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                SecurityLogger.logTrustedCAsLoadedFromKeyStore(String.valueOf(x509CertificateArr.length));
                if (this.debug) {
                    debugCerts(x509CertificateArr);
                }
                return x509CertificateArr;
            }
        } else {
            SecurityLogger.logCannotFindKeyManager(getServerName(), getRealmName());
        }
        String trustedCAFileName = this.runtimeAccess.getServer().getSSL().getTrustedCAFileName();
        if (trustedCAFileName != null) {
            if (this.debug) {
                SSLSetup.info("SSLContextManager, loading trusted CAs from TrustedCAFile: " + trustedCAFileName);
            }
            File findFile2 = findFile(trustedCAFileName);
            if (findFile2 != null) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(findFile2);
                    r7 = SSLCertUtility.inputCertificateChain(sSLContextWrapper, fileInputStream);
                    fileInputStream.close();
                } catch (FileNotFoundException e2) {
                    SecurityLogger.logTrustedCAFileNotFound(trustedCAFileName, getServerName());
                    if (this.debug) {
                        SSLSetup.info("Cannot find the specified trusted CA file " + trustedCAFileName);
                    }
                } catch (IOException e3) {
                    SecurityLogger.logCannotAccessTrustedCAFile(trustedCAFileName, getServerName());
                    if (this.debug) {
                        SSLSetup.info(e3, "The Server was not able to read trusted CA file " + trustedCAFileName);
                    }
                } catch (KeyManagementException e4) {
                    SecurityLogger.logInvalidTrustedCAFileFormat(trustedCAFileName, getServerName());
                    if (this.debug) {
                        SSLSetup.info(e4, "The Server was not able to read certificate from trusted CA file " + trustedCAFileName);
                    }
                }
                SecurityLogger.logTrustedCAsLoadedFromTrustedCAFile(r7 == null ? "0" : String.valueOf(r7.length));
                if (this.debug) {
                    debugCerts(r7);
                }
                return r7;
            }
            SecurityLogger.logTrustedCAFileNotFound(trustedCAFileName, getServerName());
            if (this.debug) {
                SSLSetup.info("Cannot find the specified trusted CA file " + trustedCAFileName);
            }
        }
        String str = BootStrap.getWebLogicHome() + File.separator + "lib" + File.separator + "cacerts";
        if (this.debug) {
            SSLSetup.info("SSLContextManager, loading trusted CAs from default key store: " + str);
        }
        Collection trustedCAs2 = getTrustedCAs(str, "jks", null);
        r7 = trustedCAs2 != null ? (X509Certificate[]) trustedCAs2.toArray(new X509Certificate[trustedCAs2.size()]) : null;
        SecurityLogger.logTrustedCAsLoadedFromDefaultKeyStore(r7 == null ? "0" : String.valueOf(r7.length), str);
        if (this.debug) {
            debugCerts(r7);
        }
        return r7;
    }

    private static KeyManager getKeyManager() {
        try {
            return (KeyManager) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.KEYMANAGER);
        } catch (Exception e) {
            SSLSetup.debug(1, e, "Failed to get key manager");
            SecurityLogger.logSSLCouldNotGetSecurityService();
            return null;
        }
    }

    private static void debugCerts(Collection collection) {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            SSLSetup.info(toString((X509Certificate) it.next()));
        }
    }

    private static void debugCerts(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            SSLSetup.info(toString(x509Certificate));
        }
    }

    private static String toString(X509Certificate x509Certificate) {
        return "Subject: " + x509Certificate.getSubjectDN() + "; Issuer: " + x509Certificate.getIssuerDN();
    }
}
