package com.ibm.ecc.connectivity;

import com.ibm.ecc.common.Config;
import com.ibm.ecc.common.ECCException;
import com.ibm.ecc.common.ECCMessage;
import com.ibm.ecc.common.PlatformExtensionIfc;
import com.ibm.ecc.common.Service;
import com.ibm.ecc.common.Trace;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.webservices.WSConstants;
import com.ibm.xml.crypto.IBMXMLCryptoProvider;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.lang.reflect.Array;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Properties;
import java.util.Vector;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/ecc_v2r3m0f010/ConnectivityServices.jar:com/ibm/ecc/connectivity/ConnectivitySecurityManager.class */
public class ConnectivitySecurityManager {
    static final String COPYRIGHT = " Licensed Materials - Property of IBM, (C) COPYRIGHT 2005, 2009 All Rights Reserved. US Government Users restricted Rights -  Use, Duplication or Disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String defaultKeyStoreType = "JKS";
    private static final boolean DEBUG = false;
    static final String className = ConnectivitySecurityManager.class.getName();
    private static File xSPKeyStoreFile = null;
    private static final String defaultKeyStorePass = "qibmservice";
    private static char[] xSPKeyStorePass = defaultKeyStorePass.toCharArray();
    private static String xSPKeyStoreType = null;
    private static String xServiceProvider = null;
    private static final Properties sslProperties = new Properties();

    /* JADX INFO: Access modifiers changed from: protected */
    public static KeyStore getKeyStoreObject() throws ECCException {
        return getKeyStoreObject(getSPKeyStore(), xSPKeyStorePass, getSPKeyStoreType());
    }

    public static int getKeyStoreSize() {
        int i = -1;
        try {
            i = getKeyStoreObject().size();
        } catch (ECCException e) {
        } catch (KeyStoreException e2) {
        }
        return i;
    }

    protected static KeyStore getKeyStoreObject(File file, char[] cArr, String str) {
        KeyStore keyStore;
        Trace.entry(className, "getKeyStoreObject()");
        InputStream inputStream = null;
        try {
            if (file != null) {
                try {
                } catch (Exception e) {
                    Trace.severe(className, "getKeyStoreObject()", "Exception on keystore file ", (Throwable) e);
                    keyStore = null;
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                }
                if (file.exists()) {
                    Trace.info(className, "getKeyStoreObject()", "opening Keystore " + String.valueOf(file) + " type: " + str, (Throwable) null);
                    FileInputStream fileInputStream = new FileInputStream(file);
                    keyStore = KeyStore.getInstance(str);
                    keyStore.load(fileInputStream, cArr);
                    Trace.info(className, "getKeyStoreObject()", "Number of Certs in truststore " + keyStore.size(), (Throwable) null);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e3) {
                        }
                    }
                    Trace.exit(className, "getKeyStoreObject()");
                    return keyStore;
                }
            }
            Trace.severe(className, "getKeyStoreObject()", "Keystore File doesn't Exist", (Throwable) null);
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (Exception e4) {
                }
            }
            return null;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (Exception e5) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private static void storeCert(KeyStore keyStore, Certificate certificate, String str) throws ECCException {
        if (keyStore == null) {
            throw new ECCException("KeyStore is not set");
        }
        if (str == null) {
            throw new ECCException("Alias not specified");
        }
        try {
            keyStore.setCertificateEntry(str, certificate);
            FileOutputStream fileOutputStream = new FileOutputStream(xSPKeyStoreFile);
            keyStore.store(fileOutputStream, xSPKeyStorePass);
            fileOutputStream.close();
        } catch (Exception e) {
            throw new ECCException("Exception caught in storeCert", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSignatureValid(Node node) {
        boolean z;
        Trace.entry(className, "isSignatureValid()");
        try {
            XMLSignatureFactory xMLSignatureFactory = Security.getProvider("XMLDSig") == null ? XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName("com.ibm.xml.crypto.IBMXMLCryptoProvider").newInstance()) : XMLSignatureFactory.getInstance("DOM");
            X509DataKeySelector x509DataKeySelector = new X509DataKeySelector();
            DOMValidateContext dOMValidateContext = new DOMValidateContext(x509DataKeySelector, node);
            z = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
            if (z) {
                Trace.info(className, "isSignatureValid()", "Signature passed core validation", (Throwable) null);
                KeyStore keyStoreObject = getKeyStoreObject(getSPKeyStore(), xSPKeyStorePass, getSPKeyStoreType());
                ArrayList<X509Certificate> intermediateCert = x509DataKeySelector.getIntermediateCert();
                Iterator<int[]> it = Permutations.getPermutations(intermediateCert.size()).iterator();
                while (it.hasNext()) {
                    int[] next = it.next();
                    ArrayList arrayList = new ArrayList();
                    for (int i : next) {
                        arrayList.add(intermediateCert.get(i));
                    }
                    z = isCertificateValid(keyStoreObject, x509DataKeySelector.getSigningCert(), arrayList);
                    if (z) {
                        break;
                    }
                }
            } else {
                Trace.severe(className, "isSignatureValid()", "Signature Failed core validation", (Throwable) null);
            }
        } catch (Exception e) {
            Trace.severe(className, "isSignatureValid()", "Exception validating Signature", (Throwable) new ECCException(ECCMessage.ConnPathPermanentError, e));
            z = false;
        }
        Trace.exit(className, "isSignatureValid()");
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectivitySecurityManager(String str) throws ECCException {
        if (str == null) {
            xServiceProvider = Config.SP_IBM;
        } else {
            xServiceProvider = str;
        }
        Provider[] providers = Security.getProviders();
        String property = System.getProperty("line.separator");
        for (Provider provider : providers) {
            property = property + provider.toString() + System.getProperty("line.separator");
        }
        Trace.info(className, "ConnectivitySecurityManager()", "Security Providers: " + property, (Throwable) null);
        if (Security.getProvider("XMLDSig") == null && Security.getProvider(IBMXMLCryptoProvider.NAME) == null) {
            Trace.info(className, "ConnectivitySecurityManager()", "Adding crypto provider IBMXMLCRYPTO to java.security", (Throwable) null);
            Security.addProvider(new IBMXMLCryptoProvider());
            Trace.info(className, "ConnectivitySecurityManager()", "JSR 105 API Version 0.20051107", (Throwable) null);
        }
    }

    public static void addCertificate(Certificate certificate, String str) throws ECCException {
        if (certificate == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "certificate");
        }
        if (str == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "certificate alias");
        }
        KeyStore keyStoreObject = getKeyStoreObject(getSPKeyStore(), xSPKeyStorePass, getSPKeyStoreType());
        if (keyStoreObject == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "key store");
        }
        try {
            String certificateAlias = keyStoreObject.getCertificateAlias(certificate);
            if (certificateAlias != null) {
                Trace.info(className, "addCertificate()", "Certificate is already in keystore as " + certificateAlias, (Throwable) null);
            }
            Trace.info(className, "addCertificate()", "Certificate Being Added " + str, (Throwable) null);
            Trace.info(className, "addCertificate()", certificate.toString(), (Throwable) null);
            storeCert(keyStoreObject, certificate, str);
        } catch (Exception e) {
            throw new ECCException(4, e);
        }
    }

    protected void addCertificate(String str, String str2) throws ECCException {
        if (str == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "certificate file");
        }
        if (str2 == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "certificate label");
        }
        KeyStore keyStoreObject = getKeyStoreObject(getSPKeyStore(), xSPKeyStorePass, getSPKeyStoreType());
        if (keyStoreObject == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "key store");
        }
        Certificate certificate = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("x.509");
            while (bufferedInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(bufferedInputStream);
            }
            bufferedInputStream.close();
            fileInputStream.close();
            try {
                if (certificate != null) {
                    String certificateAlias = keyStoreObject.getCertificateAlias(certificate);
                    if (certificateAlias == null) {
                        Trace.info(className, "addCertificate()", "Certificate Being Added " + str2, (Throwable) null);
                        Trace.info(className, "addCertificate()", certificate.toString(), (Throwable) null);
                        storeCert(keyStoreObject, certificate, str2);
                    } else {
                        Trace.info(className, "addCertificate()", "Certificate is already in keystore as " + certificateAlias, (Throwable) null);
                    }
                } else {
                    Trace.severe(className, "addCertificate()", "Certificate Not Created", (Throwable) null);
                }
            } catch (Exception e) {
                throw new ECCException(4, e);
            }
        } catch (Exception e2) {
            throw new ECCException(4, e2);
        }
    }

    protected Certificate getIssuer(KeyStore keyStore, Certificate certificate) {
        Trace.entry(className, "getIssuer()");
        boolean z = false;
        Certificate certificate2 = null;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            Trace.info(className, "getIssuer()", "Number of Aliases = " + keyStore.size(), (Throwable) null);
            javax.security.cert.X509Certificate x509Certificate = javax.security.cert.X509Certificate.getInstance(certificate.getEncoded());
            int i = 0;
            while (aliases.hasMoreElements() && !z) {
                try {
                    String nextElement = aliases.nextElement();
                    Certificate certificate3 = keyStore.getCertificate(nextElement);
                    javax.security.cert.X509Certificate x509Certificate2 = javax.security.cert.X509Certificate.getInstance(certificate3.getEncoded());
                    if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                        z = true;
                        Trace.info(className, "getIssuer()", nextElement + " CA Cert matches " + String.valueOf(x509Certificate2.getSubjectDN()), (Throwable) null);
                        certificate2 = certificate3;
                    }
                } catch (Exception e) {
                    Trace.severe(className, "getIssuer()", "Exception searching issuer ", (Throwable) e);
                }
                i++;
            }
            return certificate2;
        } catch (Exception e2) {
            Trace.severe(className, "getIssuer()", "No CA Certificates Found to Validate", (Throwable) null);
            return null;
        }
    }

    protected Certificate getCertificate(KeyStore keyStore, String str) throws ECCException {
        Certificate certificate = null;
        if (str == null) {
            throw new ECCException(ECCMessage.ConnNullParameter, Messages.getString(ECCMessage.ConnNullParameter) + "certificate label");
        }
        try {
            if (keyStore.size() > 0) {
                certificate = keyStore.getCertificate(str);
            } else {
                Trace.severe(className, "getCertificate()", "KeyStore has no Certs", (Throwable) null);
            }
            if (certificate == null) {
                Trace.severe(className, "getCertificate()", "No Certificate stored for " + str, (Throwable) null);
                printTrustCerts(keyStore, false);
            }
            return certificate;
        } catch (Exception e) {
            throw new ECCException(4, e);
        }
    }

    protected static File getSPKeyStore() throws ECCException {
        Trace.entry(className, "getSPKeyStore()");
        if (xSPKeyStoreFile == null) {
            try {
                String str = ConnectivityService.getConnectivityDirectory() + File.separator;
                Config config = new Config(Config.CONNECT);
                String property = config.getProperty(Config.SP_IBM, Config.SP_SSL_TRUSTLIST_LOCATION);
                if (property != null) {
                    xSPKeyStoreFile = new File(str, property);
                }
                xSPKeyStoreType = config.getProperty(Config.SP_IBM, Config.SP_SSL_TRUSTLIST_TYPE);
            } catch (ECCException e) {
                Trace.severe(className, "getSPKeyStore()", e.toString(), (Throwable) e);
                xSPKeyStoreFile = null;
                throw e;
            }
        }
        if (xSPKeyStoreFile == null || !xSPKeyStoreFile.exists()) {
            Trace.severe(className, "getSPKeyStore()", "KeyStore " + xSPKeyStoreFile + " not found", (Throwable) null);
            return null;
        }
        Trace.info(className, "getSPKeyStore()", "Keystore file returned " + xSPKeyStoreFile + " - last modified date: " + new SimpleDateFormat("yyyy.MM.dd").format(new Date(xSPKeyStoreFile.lastModified())), (Throwable) null);
        Trace.exit(className, "getSPKeyStore()");
        return xSPKeyStoreFile;
    }

    protected void printTrustCerts(KeyStore keyStore, boolean z) {
        if (keyStore == null) {
            return;
        }
        try {
            if (z) {
                Enumeration<String> aliases = keyStore.aliases();
                int i = 0;
                while (aliases.hasMoreElements()) {
                    Trace.info(className, "printTrustCerts()", aliases.nextElement().toString(), (Throwable) null);
                    i++;
                }
            } else {
                Enumeration<String> aliases2 = keyStore.aliases();
                String str = "";
                int i2 = 0;
                while (aliases2.hasMoreElements()) {
                    str = str + aliases2.nextElement() + " || ";
                    i2++;
                }
                Trace.info(className, "printTrustCerts()", "Alias List of truststore:  " + str, (Throwable) null);
            }
        } catch (Exception e) {
            Trace.severe(className, "printTrustCerts()", "key store object exception", (Throwable) e);
        }
    }

    private static String getSPKeyStoreType() {
        String str = null;
        try {
            str = new Config(Config.CONNECT).getProperty(Config.SP_IBM, Config.SP_SSL_TRUSTLIST_TYPE);
        } catch (ECCException e) {
            Trace.info(className, "getSPKeyStoreType()", "SP_SSL_TRUSTLIST_TYPE not in Connectivity config properties", (Throwable) e);
        }
        if (str == null) {
            str = "JKS";
        }
        return str;
    }

    public static ProxyCredentials[] getServerProxyCredentialsList() throws ECCException {
        Trace.entry(className, "getServerProxyCredentialsList()");
        int i = 0;
        Vector vector = new Vector();
        boolean z = false;
        try {
            new Config().load("THIS", false);
        } catch (Exception e) {
            StackTraceElement[] stackTrace = e.getStackTrace();
            for (int i2 = 0; i2 < stackTrace.length && !z; i2++) {
                String className2 = stackTrace[i2].getClassName();
                Trace.info(className, "getServerProxyCredentialsList()", className2, (Throwable) null);
                if (className2.startsWith("com.ibm.ecc.connectivity.proxy")) {
                    z = true;
                }
            }
        }
        try {
            if (z) {
                Config config = new Config(Config.CONNECT);
                PlatformExtensionIfc commonPlatformExtensionClass = getCommonPlatformExtensionClass(new Config(Config.BASE));
                boolean z2 = false;
                while (!z2) {
                    String property = config.getProperty(null, Config.LOCAL_HTTP_PROXY_USERID_ + (i + 1));
                    String property2 = config.getProperty(null, Config.LOCAL_HTTP_PROXY_PASSWORD_HANDLE_ + (i + 1));
                    if (property == null || property2 == null) {
                        z2 = true;
                    } else {
                        String retrieveSecurely = commonPlatformExtensionClass.retrieveSecurely(property2);
                        if (retrieveSecurely == null) {
                            z2 = true;
                        } else {
                            i++;
                            vector.add(new ProxyCredentials(property, retrieveSecurely));
                        }
                    }
                }
            } else {
                Trace.severe(className, "getServerProxyCredentialsList()", "Caller Not valid user of this method", (Throwable) null);
            }
            int size = vector.size();
            Trace.info(className, "getServerProxyCredentialsList()", "Number of Credentials " + size, (Throwable) null);
            if (size == 0) {
                size = 1;
            }
            ProxyCredentials[] proxyCredentialsArr = new ProxyCredentials[size];
            vector.copyInto(proxyCredentialsArr);
            Trace.exit(className, "getServerProxyCredentialsList()");
            return proxyCredentialsArr;
        } catch (Exception e2) {
            Trace.severe(className, "getServerProxyCredentialsList()", "Exception on finding credentials list", (Throwable) e2);
            throw new ECCException(ECCMessage.ConnServerProxyCredentialsError, e2);
        }
    }

    private static PlatformExtensionIfc getCommonPlatformExtensionClass(Config config) throws ECCException {
        return Service.loadPlatformExtensionClass(config);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ProxyCredentials getClientProxyCredentials(String str, String str2, Config config) {
        Config config2;
        String str3;
        Trace.info(className, "getClientProxyCredentials()", str + " " + str2, (Throwable) null);
        if (str2 == null) {
            Trace.info(className, "getClientProxyCredentials()", "NO proxy Password Handle ", (Throwable) null);
            str3 = null;
        } else {
            if (config == null) {
                try {
                    config2 = new Config(Config.BASE);
                } catch (Exception e) {
                    Trace.info(className, "getClientProxyCredentials()", "Exception getting secure info", (Throwable) e);
                    str3 = null;
                }
            } else {
                config2 = config;
            }
            str3 = getCommonPlatformExtensionClass(config2).retrieveSecurely(str2);
        }
        if (str3 == null) {
            Trace.info(className, "getClientProxyCredentials()", "No password found for UID " + str + " & handle " + str2, (Throwable) null);
        }
        return new ProxyCredentials(str, str3);
    }

    public static ProxyCredentials getClientProxyCredentials(String str, String str2) {
        return getClientProxyCredentials(str, str2, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SSLSocketFactory getSPSSLSocketFactory(KeyStore keyStore) throws ECCException {
        SSLSocketFactory sSLSocketFactory;
        Trace.entry(className, "getSPSSLSocketFactory()");
        if (keyStore == null) {
            Trace.severe(className, "getSPSSLSocketFactory()", "Keystore is null ", (Throwable) null);
            return null;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance(Config.getSecurityModeProtocol());
            sSLContext.init(null, trustManagers, Config.getSecureRandom());
            sSLSocketFactory = sSLContext.getSocketFactory();
        } catch (Exception e) {
            Trace.severe(className, "getSPSSLSocketFactory()", "Exception building socket factory", (Throwable) e);
            sSLSocketFactory = null;
        }
        Trace.exit(className, "getSPSSLSocketFactory()");
        return sSLSocketFactory;
    }

    public static Properties getWebServiceSSLProperties() {
        Trace.entry(className, "getWebServiceSSLProperties()");
        Trace.exit(className, "getWebServiceSSLProperties()");
        return sslProperties;
    }

    public static void prepareSSL() throws ECCException {
        String property = System.getProperty(WSConstants.URL_HANDLER_PROP);
        Trace.info(className, "prepareSSL()", "\n\t=== Current JVM Properties ===\n\tjava.vendor.................: " + System.getProperty("java.vendor") + "\n\tjava.version................: " + System.getProperty("java.version") + "\n\tjava.home...................: " + System.getProperty("java.home") + "\n\tjava.protocol.handler.pkgs..: " + System.getProperty(WSConstants.URL_HANDLER_PROP), (Throwable) null);
        Config config = new Config(Config.CONNECT);
        String property2 = config.getProperty(null, Config.JAVA_PROTOCOL_HANDLER_PKGS, "com.ibm.net.ssl.www.protocol|com.ibm.net.ssl.internal.www.protocol|com.ibm.net.ssl.www2.protocol");
        if (property == null) {
            System.setProperty(WSConstants.URL_HANDLER_PROP, property2);
        } else if (config.getProperty(null, Config.JAVA_PROTOCOL_HANDLER_PKGS_TRY_FIRST, Config.NO).equals("YES")) {
            System.setProperty(WSConstants.URL_HANDLER_PROP, property2 + CommandSecurityUtil.PARAM_DELIM + property);
        } else {
            System.setProperty(WSConstants.URL_HANDLER_PROP, property + CommandSecurityUtil.PARAM_DELIM + property2);
        }
        File sPKeyStore = getSPKeyStore();
        if (getKeyStoreObject(sPKeyStore, xSPKeyStorePass, getSPKeyStoreType()) != null) {
            setWebServiceSSLProperties(String.valueOf(sPKeyStore), xSPKeyStoreType == null ? "JKS" : xSPKeyStoreType, defaultKeyStorePass);
        } else {
            Trace.severe(className, "prepareSSL()", "TrustStore-related properties not defined for web service calls; check previous errors.", (Throwable) null);
        }
        HttpsURLConnection.setDefaultHostnameVerifier(new ConnectivityHostnameVerifier(Config.isHostnameVerification()));
        Trace.info(className, "prepareSSL()", "\n\t=== New JVM Properties ===\n\tjava.vendor.................: " + System.getProperty("java.vendor") + "\n\tjava.version................: " + System.getProperty("java.version") + "\n\tjava.home...................: " + System.getProperty("java.home") + "\n\tjava.protocol.handler.pkgs..: " + System.getProperty(WSConstants.URL_HANDLER_PROP), (Throwable) null);
    }

    private static void setWebServiceSSLProperties(String str, String str2, String str3) {
        Trace.entry(className, "setWebServiceSSLProperties()");
        Trace.info(className, "setWebServiceSSLProperties()", "Adjusting web service SSL properties (keyStore=" + str + "; keyStoreType=" + str2 + ").", (Throwable) null);
        synchronized (sslProperties) {
            sslProperties.clear();
            if (str != null) {
                sslProperties.put("com.ibm.ssl.trustStore", str);
                sslProperties.put("com.ibm.ssl.keyStore", str);
            }
            if (str2 != null) {
                sslProperties.put("com.ibm.ssl.trustStoreType", str2);
                sslProperties.put("com.ibm.ssl.keyStoreType", str2);
            }
            if (str3 != null) {
                sslProperties.put("com.ibm.ssl.trustStorePassword", str3);
                sslProperties.put("com.ibm.ssl.keyStorePassword", str3);
            }
            sslProperties.put("com.ibm.ssl.protocol", Config.getSecurityModeProtocol());
            sslProperties.put(Constants.SSLPROP_CUSTOM_TRUST_MANAGERS, "com.ibm.ecc.connectivity.ConnectivityX509TrustManager");
            String secureRandomProperty = Config.getSecureRandomProperty();
            if (secureRandomProperty != null) {
                sslProperties.put("com.ibm.websphere.ssl.provider.customSecureRandom", secureRandomProperty);
            }
        }
        Trace.exit(className, "setWebServiceSSLProperties()");
    }

    private boolean isCertificateValid(KeyStore keyStore, Certificate certificate, ArrayList arrayList) {
        Trace.entry(className, "isCertificateValid()");
        boolean z = false;
        try {
            javax.security.cert.X509Certificate x509Certificate = javax.security.cert.X509Certificate.getInstance(certificate.getEncoded());
            String obj = x509Certificate.getSubjectDN().toString();
            Trace.info(className, "isCertificateValid()", "\n\t=== XML Signature Certificate Information ===\n\tSubject DN    : " + String.valueOf(obj) + "\n\tIssuer DN     : " + x509Certificate.getIssuerDN() + "\n\tnotBefore date: " + x509Certificate.getNotBefore() + "\n\tnotAfter date : " + x509Certificate.getNotAfter(), (Throwable) null);
            if (obj.indexOf("CN=IBM") < 0 || obj.indexOf("C=US") < 0) {
                Trace.severe(className, "isCertificateValid()", "Certificate is not eCC signing Cert", (Throwable) null);
                return false;
            }
            try {
                Certificate[] certificateArr = (Certificate[]) Array.newInstance(Class.forName("java.security.cert.Certificate"), arrayList.size() + 1);
                for (int i = 0; i < arrayList.size(); i++) {
                    certificateArr[i + 1] = (Certificate) arrayList.get(i);
                    Trace.info(className, "isCertificateValid()", "Intermediate CA Subject DN: " + String.valueOf(javax.security.cert.X509Certificate.getInstance(certificateArr[i + 1].getEncoded()).getSubjectDN()), (Throwable) null);
                }
                certificateArr[0] = certificate;
                CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(certificateArr));
                PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
                pKIXParameters.setRevocationEnabled(false);
                ((PKIXCertPathValidatorResult) CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert();
                z = true;
                Trace.info(className, "isCertificateValid()", "Certificate is Valid", (Throwable) null);
            } catch (CertPathValidatorException e) {
                Trace.info(className, "isCertificateValid()", "Cert Path with Not Valid ", (Throwable) null);
            } catch (Exception e2) {
                Trace.severe(className, "isCertificateValid()", "cert validation exception ", (Throwable) e2);
            }
            return z;
        } catch (Exception e3) {
            Trace.warning(className, "isCertificateValid()", "Unable to encode certificate ", (Throwable) e3);
            return false;
        }
    }
}
