package com.ibm.iaccess.base;

import com.ibm.iaccess.Copyright;
import com.ibm.iaccess.baselite.AcsBoolean;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.iaccess.baselite.AcsMessage;
import com.ibm.iaccess.baselite.AcsSslNoAuthSocketFactory;
import com.ibm.iaccess.baselite.AcsStringUtil;
import com.ibm.iaccess.baselite.exception.AcsException;
import com.ibm.iaccess.launch.AcsProperties;
import com.ibm.iaccess.mri.current.AcsMriKeys_acsmsg;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.Cipher;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
/* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider.class */
public class AcsSSLSecurityProvider extends Provider implements AcsConstants {
    private static final long serialVersionUID = 1;
    private static Provider m_wrappedSSLProvider;
    private static Provider m_wrappedTLSProvider;
    private static X509TrustManager m_jreTrustMgr;
    public static final boolean m_isFIPSProviderExplicitlyInitialized;
    public static AcsBoolean m_isFIPSOn = AcsBoolean.MAYBE;
    public static AcsBoolean m_isFIPSCapable = AcsBoolean.MAYBE;
    private static final boolean m_isIbmVm = ManagementFactory.getRuntimeMXBean().getVmVendor().toLowerCase(LOC_US).contains("ibm");
    private static String g_lastTLSProto = null;
    private static List<String> g_lastTLSProtoSearchList = null;

    /* JADX INFO: Access modifiers changed from: private */
    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$AcsFIPSNotAvailableException.class */
    public static class AcsFIPSNotAvailableException extends AcsException {
        private static final long serialVersionUID = 1;

        public AcsFIPSNotAvailableException() {
            super(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_FIPS_NOT_AVAILABLE));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$DummySSLContext.class */
    public static class DummySSLContext extends SSLContext {
        public DummySSLContext(SSLContextSpi sSLContextSpi, Provider provider, String str) {
            super(sSLContextSpi, provider, str);
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$FIPSVerifyingSSLSocketFactory.class */
    private static class FIPSVerifyingSSLSocketFactory extends SSLSocketFactory {
        private final SSLSocketFactory m_wrapped;

        private FIPSVerifyingSSLSocketFactory(SSLSocketFactory sSLSocketFactory) {
            this.m_wrapped = sSLSocketFactory;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket(socket, str, i, z);
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            return this.m_wrapped.getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            return this.m_wrapped.getSupportedCipherSuites();
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket(str, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket(inetAddress, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket(str, i, inetAddress, i2);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket(inetAddress, i, inetAddress2, i2);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            AcsSSLSecurityProvider.verifyFIPS();
            return this.m_wrapped.createSocket();
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$ProviderServiceDefault.class */
    public class ProviderServiceDefault extends Provider.Service {
        public ProviderServiceDefault(Provider provider) {
            super(provider, "SSLContext", "Default", TLSContextS.class.getName(), new LinkedList(), new Hashtable(0));
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            return new TLSContextS();
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$ProviderServiceSSL.class */
    public class ProviderServiceSSL extends Provider.Service {
        public ProviderServiceSSL(Provider provider) {
            super(provider, "SSLContext", "SSL", SSLContextS.class.getName(), new LinkedList(), new Hashtable(0));
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            return new SSLContextS();
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$ProviderServiceTLS.class */
    public class ProviderServiceTLS extends Provider.Service {
        public ProviderServiceTLS(Provider provider) {
            super(provider, "SSLContext", "TLS", TLSContextS.class.getName(), new LinkedList(), new Hashtable(0));
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            return new TLSContextS();
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$SSLContextS.class */
    public class SSLContextS extends SSLContextSpi {
        private volatile boolean m_hasBeenInitted = false;
        private final SSLContext m_wrappedSSL = getSslContext();

        public SSLContextS() throws NoSuchAlgorithmException {
            AcsLogUtil.logFine("Constructed SSL context");
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLEngine engineCreateSSLEngine() {
            initIfNeeded();
            return this.m_wrappedSSL.createSSLEngine();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
            initIfNeeded();
            return this.m_wrappedSSL.createSSLEngine(str, i);
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSessionContext engineGetClientSessionContext() {
            initIfNeeded();
            return this.m_wrappedSSL.getClientSessionContext();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSessionContext engineGetServerSessionContext() {
            initIfNeeded();
            return this.m_wrappedSSL.getServerSessionContext();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLServerSocketFactory engineGetServerSocketFactory() {
            initIfNeeded();
            return this.m_wrappedSSL.getServerSocketFactory();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSocketFactory engineGetSocketFactory() {
            initIfNeeded();
            return new FIPSVerifyingSSLSocketFactory(this.m_wrappedSSL.getSocketFactory());
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            this.m_wrappedSSL.init(keyManagerArr, AcsSSLSecurityProvider.isLegitTrustManagerArray(trustManagerArr) ? trustManagerArr : new X509TrustManager[]{AcsSSLSecurityProvider.getNewX509TrustManager()}, secureRandom);
            this.m_hasBeenInitted = true;
        }

        private SSLContext getSslContext() throws NoSuchAlgorithmException {
            return new DummySSLContext((SSLContextSpi) AcsSSLSecurityProvider.m_wrappedSSLProvider.getService("SSLContext", "SSL").newInstance(null), AcsSSLSecurityProvider.m_wrappedTLSProvider, "SSL");
        }

        private synchronized void initIfNeeded() {
            if (this.m_hasBeenInitted) {
                return;
            }
            AcsLogUtil.logFine("Implicitly initializing SSL context");
            try {
                engineInit(null, null, null);
            } catch (KeyManagementException e) {
                AcsLogUtil.logSevere(e);
            }
        }
    }

    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$TLSContextS.class */
    public class TLSContextS extends SSLContextSpi {
        private final String[] m_protosToTryWithV2 = (String[]) AcsSSLSecurityProvider.getAutoDetectedTLSProtos().toArray(new String[0]);
        private final String[] m_protosToTryWithoutV2 = {"TLS"};
        private volatile boolean m_hasBeenInitted = false;
        private final SSLContext m_wrappedTLS = getTlsContext();

        public TLSContextS() throws NoSuchAlgorithmException {
        }

        private SSLContext getTlsContext() throws NoSuchAlgorithmException {
            Provider.Service service;
            DummySSLContext dummySSLContext = null;
            String[] strArr = AcsSSLSecurityProvider.isFIPS() ? this.m_protosToTryWithoutV2 : this.m_protosToTryWithV2;
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(Arrays.asList(strArr));
            String tLSProtocolList = AcsProperties.getProperties().getTLSProtocolList();
            if (AcsStringUtil.isValidNonEmptyString(tLSProtocolList)) {
                List asList = Arrays.asList(tLSProtocolList.split(",[\\s]*"));
                if (asList.contains("-")) {
                    linkedList.clear();
                }
                Collections.reverse(asList);
                Iterator it = asList.iterator();
                while (it.hasNext()) {
                    linkedList.addFirst(((String) it.next()).trim());
                }
            }
            List unused = AcsSSLSecurityProvider.g_lastTLSProtoSearchList = linkedList;
            AcsLogUtil.logFine("Searching for one of these protocols: " + linkedList);
            Iterator it2 = linkedList.iterator();
            while (it2.hasNext()) {
                String str = (String) it2.next();
                try {
                    service = AcsSSLSecurityProvider.m_wrappedTLSProvider.getService("SSLContext", str);
                } catch (NoSuchAlgorithmException e) {
                }
                if (null != service) {
                    dummySSLContext = new DummySSLContext((SSLContextSpi) service.newInstance(null), AcsSSLSecurityProvider.m_wrappedTLSProvider, str);
                    String unused2 = AcsSSLSecurityProvider.g_lastTLSProto = str;
                    AcsLogUtil.logFine("Constructed TLS context with protocol: " + str);
                    break;
                }
                continue;
            }
            if (null == dummySSLContext) {
                throw new NoSuchAlgorithmException("TLS");
            }
            return dummySSLContext;
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLEngine engineCreateSSLEngine() {
            initIfNeeded();
            return this.m_wrappedTLS.createSSLEngine();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLEngine engineCreateSSLEngine(String str, int i) {
            initIfNeeded();
            return this.m_wrappedTLS.createSSLEngine(str, i);
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSessionContext engineGetClientSessionContext() {
            initIfNeeded();
            return this.m_wrappedTLS.getClientSessionContext();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSessionContext engineGetServerSessionContext() {
            initIfNeeded();
            return this.m_wrappedTLS.getServerSessionContext();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLServerSocketFactory engineGetServerSocketFactory() {
            initIfNeeded();
            return this.m_wrappedTLS.getServerSocketFactory();
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized SSLSocketFactory engineGetSocketFactory() {
            initIfNeeded();
            return new FIPSVerifyingSSLSocketFactory(this.m_wrappedTLS.getSocketFactory());
        }

        private synchronized void initIfNeeded() {
            if (this.m_hasBeenInitted) {
                return;
            }
            AcsLogUtil.logFine("Implicitly initializing TLS context");
            try {
                engineInit(null, null, null);
            } catch (KeyManagementException e) {
                AcsLogUtil.logSevere(e);
            }
        }

        @Override // javax.net.ssl.SSLContextSpi
        protected synchronized void engineInit(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr, SecureRandom secureRandom) throws KeyManagementException {
            this.m_wrappedTLS.init(keyManagerArr, AcsSSLSecurityProvider.isLegitTrustManagerArray(trustManagerArr) ? trustManagerArr : new X509TrustManager[]{AcsSSLSecurityProvider.getNewX509TrustManager()}, secureRandom);
            this.m_hasBeenInitted = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
    /* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsSSLSecurityProvider$TlsProtoComparator.class */
    public static class TlsProtoComparator implements Comparator<String> {
        private TlsProtoComparator() {
        }

        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            boolean startsWith = str.startsWith("SSL_");
            boolean startsWith2 = str2.startsWith("SSL_");
            if (startsWith && !startsWith2) {
                return -1;
            }
            if (!startsWith && startsWith2) {
                return 1;
            }
            int compareTo = str.compareTo(str2);
            if (compareTo == 0) {
                return 0;
            }
            return compareTo < 0 ? 1 : -1;
        }
    }

    private static Provider getFIPSProvider() {
        Provider provider = null;
        AcsLogUtil.logFine("Trying to init FIPs provider");
        try {
            if (m_isIbmVm) {
                System.setProperty("com.ibm.jsse2.JSSEFIPS", "true");
                Security.insertProviderAt((Provider) Class.forName("com.ibm.crypto.fips.provider.IBMJCEFIPS").newInstance(), 1);
                provider = m_wrappedTLSProvider;
            }
        } catch (Exception e) {
            AcsLogUtil.logSevere(e);
        }
        if (null == provider && isProviderSunJSSEWithFIPS(m_wrappedTLSProvider)) {
            provider = m_wrappedTLSProvider;
        }
        AcsLogUtil.logFine("FIPS provider found: " + provider);
        return provider;
    }

    private static boolean isProviderSunJSSEWithFIPS(Provider provider) {
        if (!callMagicFIPSCheckMethod()) {
            return false;
        }
        try {
            return Class.forName("sun.security.ssl.SunJSSE").isAssignableFrom(provider.getClass());
        } catch (Exception e) {
            AcsLogUtil.logFine(e);
            return false;
        }
    }

    private static boolean callMagicFIPSCheckMethod() {
        try {
            boolean booleanValue = ((Boolean) Class.forName("com.sun.net.ssl.internal.ssl.Provider").getMethod("isFIPS", new Class[0]).invoke(null, new Object[0])).booleanValue();
            AcsLogUtil.logFine("fips check complete. Result=" + booleanValue);
            return booleanValue;
        } catch (Exception e) {
            AcsLogUtil.logFine(e);
            return false;
        }
    }

    public static String getLastTLSProto() {
        return g_lastTLSProto;
    }

    public static List<String> getLastTLSProtoSearchList() {
        return g_lastTLSProtoSearchList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isFIPS() {
        if (m_isFIPSOn == AcsBoolean.MAYBE) {
            m_isFIPSOn = AcsBoolean.valueOf(m_isFIPSProviderExplicitlyInitialized);
        }
        return m_isFIPSOn.toBool();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static synchronized boolean isFIPSCapable() {
        if (m_isFIPSCapable == AcsBoolean.MAYBE) {
            if (m_isFIPSProviderExplicitlyInitialized) {
                m_isFIPSCapable = AcsBoolean.TRUE;
            } else {
                m_isFIPSCapable = AcsBoolean.valueOf(null != getFIPSProvider());
            }
        }
        return m_isFIPSCapable.toBool();
    }

    protected static X509TrustManager getNewX509TrustManager() {
        return new X509TrustManager() { // from class: com.ibm.iaccess.base.AcsSSLSecurityProvider.1
            public static final String COPYRIGHT = "Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n";

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                checkTrust(x509CertificateArr, str, true);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                checkTrust(x509CertificateArr, str, false);
            }

            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Type inference failed for: r24v0, types: [java.lang.Object, java.lang.Exception] */
            private void checkTrust(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
                int maxAllowedKeyLength;
                int keyLength;
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(x509Certificate.getPublicKey().getAlgorithm());
                        keyLength = AcsSSLUtils.getKeyLength(x509Certificate);
                    } catch (NoSuchAlgorithmException e) {
                        AcsLogUtil.logWarning(e);
                    }
                    if (keyLength > maxAllowedKeyLength) {
                        throw new CertificateException(new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_KEYLEN_DISALLOWED, "" + keyLength, "" + maxAllowedKeyLength)));
                        break;
                    }
                }
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(AcsSSLSecurityProvider.getTrustManagerAlgorithm());
                    trustManagerFactory.init(AcsSSLUtils.getCaKeyStoreInstance());
                    RuntimeException runtimeException = null;
                    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                        if (trustManager instanceof X509TrustManager) {
                            try {
                                if (z) {
                                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                                } else {
                                    ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                                }
                                return;
                            } catch (Exception e2) {
                                AcsLogUtil.logFine(e2);
                                runtimeException = e2;
                            }
                        }
                    }
                    AcsSSLSecurityProvider.checkJRETrust(x509CertificateArr, str, z, null == runtimeException ? new RuntimeException() : runtimeException);
                } catch (Exception e3) {
                    throw new AcsCertificateException(x509CertificateArr, str, e3);
                }
            }
        };
    }

    protected static void checkJRETrust(X509Certificate[] x509CertificateArr, String str, boolean z, Exception exc) throws AcsCertificateException {
        if (null == m_jreTrustMgr) {
            throw new AcsCertificateException(x509CertificateArr, str, exc);
        }
        try {
            if (z) {
                m_jreTrustMgr.checkServerTrusted(x509CertificateArr, str);
            } else {
                m_jreTrustMgr.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (Exception e) {
            AcsLogUtil.logFine(e);
            throw new AcsCertificateException(x509CertificateArr, str, exc instanceof RuntimeException ? e : exc);
        }
    }

    protected static String getTrustManagerAlgorithm() {
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        if (m_isIbmVm && isFIPS()) {
            return "IbmX509";
        }
        if (!isFIPS()) {
            return defaultAlgorithm;
        }
        for (String str : new String[]{"SunX509", "X509", "PKIX"}) {
            try {
                TrustManagerFactory.getInstance(str);
                return str;
            } catch (NoSuchAlgorithmException e) {
            }
        }
        return defaultAlgorithm;
    }

    public static List<String> getAutoDetectedTLSProtos() {
        LinkedList linkedList = new LinkedList();
        for (Provider.Service service : m_wrappedTLSProvider.getServices()) {
            String type = service.getType();
            String algorithm = service.getAlgorithm();
            if (type.equals(SSLContext.class.getSimpleName()) && algorithm.contains("TLS")) {
                linkedList.add(algorithm);
            }
        }
        if (!AcsProperties.getProperties().isTLSProviderOrder()) {
            Collections.sort(linkedList, new TlsProtoComparator());
        }
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isLegitTrustManagerArray(TrustManager[] trustManagerArr) {
        if (null != trustManagerArr && 0 < trustManagerArr.length) {
            return trustManagerArr[0] instanceof AcsSslNoAuthSocketFactory.AcsNoAuthTrustManager;
        }
        return false;
    }

    public AcsSSLSecurityProvider() {
        super("ACS SSL Provider", 1.0d, "ACS SSL Provider");
        super.putService(new ProviderServiceSSL(this));
        super.putService(new ProviderServiceTLS(this));
        super.putService(new ProviderServiceDefault(this));
    }

    @Override // java.security.Provider
    public synchronized Provider.Service getService(String str, String str2) {
        return super.getService(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void verifyFIPS() throws IOException {
        if (AcsGlobalConfig.getGlobalConfig().isFIPSRequested() && !isFIPS()) {
            throw new IOException(new AcsFIPSNotAvailableException());
        }
    }

    static {
        try {
            m_wrappedSSLProvider = SSLContext.getInstance("SSL").getProvider();
            m_wrappedTLSProvider = SSLContext.getInstance("TLS").getProvider();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            AcsLogUtil.logSevere(e);
        }
        Provider provider = null;
        if (AcsGlobalConfig.getGlobalConfig().isFIPSRequested()) {
            provider = getFIPSProvider();
        }
        if (null == provider) {
            AcsLogUtil.logFine("FIPs provider not found or not used. Using " + m_wrappedTLSProvider + " and " + m_wrappedSSLProvider);
            m_isFIPSProviderExplicitlyInitialized = false;
        } else {
            AcsLogUtil.logFine("Using FIPs provider: " + provider);
            Security.addProvider(provider);
            Provider provider2 = provider;
            m_wrappedTLSProvider = provider2;
            m_wrappedSSLProvider = provider2;
            m_isFIPSProviderExplicitlyInitialized = true;
        }
        X509TrustManager x509TrustManager = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(getTrustManagerAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (Exception e2) {
            AcsLogUtil.logFine(e2);
        }
        m_jreTrustMgr = x509TrustManager;
    }
}
