package com.ibm.ws.security.acme.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.ssl.SSLConfig;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.acme.AcmeCaException;
import com.ibm.ws.security.acme.internal.util.AcmeConstants;
import com.ibm.wsspi.kernel.service.utils.SerializableProtectedString;
import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.naming.ldap.Rdn;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/acme/internal/AcmeConfig.class */
public class AcmeConfig {
    private static final TraceComponent tc = Tr.register(AcmeConfig.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private String directoryURI;
    private List<String> domains;
    private Long validForMs;
    private List<Rdn> subjectDN;
    private Long challengePollTimeoutMs;
    private Long orderPollTimeoutMs;
    private String accountKeyFile;
    private List<String> accountContacts;
    private String domainKeyFile;
    private String protocol;
    private String trustStore;
    private SerializableProtectedString trustStorePassword;
    private String trustStoreType;
    private int httpConnectTimeout;
    private int httpReadTimeout;
    private Long renewBeforeExpirationMs;
    private boolean autoRenewOnExpiration;
    private URI ocspResponderUrl;
    private Boolean revocationCheckerEnabled;
    private Boolean preferCRLs;
    private Boolean disableFallback;
    private Long certCheckerScheduler;
    private Long certCheckerErrorScheduler;
    private boolean disableMinRenewWindow;
    private boolean disableRenewOnNewHistory;
    private Long renewCertMin;
    private Long startReadyTimeout;
    static final long serialVersionUID = 1659105284620069376L;

    public AcmeConfig(Map<String, Object> map) throws AcmeCaException {
        this(map, false);
    }

    public AcmeConfig(Map<String, Object> map, boolean z) throws AcmeCaException {
        this.directoryURI = null;
        this.domains = null;
        this.validForMs = null;
        this.subjectDN = new ArrayList();
        this.challengePollTimeoutMs = 120000L;
        this.orderPollTimeoutMs = 120000L;
        this.accountKeyFile = null;
        this.accountContacts = null;
        this.domainKeyFile = null;
        this.protocol = null;
        this.trustStore = null;
        this.trustStorePassword = null;
        this.trustStoreType = null;
        this.httpConnectTimeout = AcmeConstants.HTTP_CONNECT_TIMEOUT_DEFAULT.intValue();
        this.httpReadTimeout = AcmeConstants.HTTP_READ_TIMEOUT_DEFAULT.intValue();
        this.renewBeforeExpirationMs = AcmeConstants.RENEW_DEFAULT_MS;
        this.autoRenewOnExpiration = true;
        this.ocspResponderUrl = null;
        this.revocationCheckerEnabled = null;
        this.preferCRLs = false;
        this.disableFallback = false;
        this.certCheckerScheduler = AcmeConstants.SCHEDULER_MS;
        this.certCheckerErrorScheduler = AcmeConstants.SCHEDULER_ERROR_MS;
        this.disableMinRenewWindow = false;
        this.disableRenewOnNewHistory = false;
        this.renewCertMin = Long.valueOf(AcmeConstants.RENEW_CERT_MIN_DEFAULT);
        this.startReadyTimeout = AcmeConstants.START_READY_TIMEOUT_DEFAULT;
        this.directoryURI = getStringValue(map, AcmeConstants.DIR_URI);
        if (this.directoryURI == null || this.directoryURI.trim().isEmpty()) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2008E", new Object[]{this.directoryURI}));
        }
        this.domains = new ArrayList();
        List<String> stringList = getStringList(map, "domain");
        if (stringList != null && !stringList.isEmpty()) {
            for (String str : stringList) {
                if (str != null && !str.trim().isEmpty()) {
                    this.domains.add(str);
                }
            }
        }
        if (this.domains.isEmpty()) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2037E", new Object[0]));
        }
        Long longValue = getLongValue(map, AcmeConstants.RENEW_CERT_MIN, Long.valueOf(AcmeConstants.RENEW_CERT_MIN_DEFAULT));
        this.renewCertMin = Long.valueOf(longValue.longValue() <= 0 ? AcmeConstants.RENEW_CERT_MIN_DEFAULT : longValue.longValue());
        setValidFor(getLongValue(map, AcmeConstants.VALID_FOR));
        processSubjectDN(getStringValue(map, AcmeConstants.SUBJECT_DN));
        Long longValue2 = getLongValue(map, AcmeConstants.CHALL_POLL_TIMEOUT);
        this.challengePollTimeoutMs = Long.valueOf(Math.max(0L, longValue2 == null ? 120000L : longValue2.longValue()));
        Long longValue3 = getLongValue(map, AcmeConstants.ORDER_POLL_TIMEOUT);
        this.orderPollTimeoutMs = Long.valueOf(Math.max(0L, longValue3 == null ? 120000L : longValue3.longValue()));
        this.accountContacts = getStringList(map, AcmeConstants.ACCOUNT_CONTACT);
        if (this.accountContacts == null && z) {
            Tr.warning(tc, "CWPKI2073W", new Object[0]);
        }
        setCertCheckerScheduler(getLongValue(map, AcmeConstants.CERT_CHECKER_SCHEDULE));
        setCertCheckerErrorScheduler(getLongValue(map, AcmeConstants.CERT_CHECKER_ERROR_SCHEDULE));
        this.accountKeyFile = getStringValue(map, AcmeConstants.ACCOUNT_KEY_FILE);
        validateKeyFilePath(this.accountKeyFile, AcmeConstants.ACCOUNT_TYPE);
        this.domainKeyFile = getStringValue(map, AcmeConstants.DOMAIN_KEY_FILE);
        validateKeyFilePath(this.domainKeyFile, "domain");
        List<Map<String, Object>> nest = Nester.nest(AcmeConstants.TRANSPORT_CONFIG, map);
        if (!nest.isEmpty()) {
            Map<String, Object> map2 = nest.get(0);
            this.protocol = getStringValue(map2, AcmeConstants.TRANSPORT_PROTOCOL);
            this.trustStore = getStringValue(map2, AcmeConstants.TRANSPORT_TRUST_STORE);
            this.trustStorePassword = getSerializableProtectedStringValue(map2, AcmeConstants.TRANSPORT_TRUST_STORE_PASSWORD);
            this.trustStoreType = getStringValue(map2, AcmeConstants.TRANSPORT_TRUST_STORE_TYPE);
            Long longValue4 = getLongValue(map2, AcmeConstants.HTTP_CONNECT_TIMEOUT);
            this.httpConnectTimeout = (int) Math.min(Long.valueOf(Math.max(0L, longValue4 == null ? AcmeConstants.HTTP_CONNECT_TIMEOUT_DEFAULT.intValue() : longValue4.longValue())).longValue(), 2147483647L);
            Long longValue5 = getLongValue(map2, AcmeConstants.HTTP_READ_TIMEOUT);
            this.httpReadTimeout = (int) Math.min(Long.valueOf(Math.max(0L, longValue5 == null ? AcmeConstants.HTTP_READ_TIMEOUT_DEFAULT.intValue() : longValue5.longValue())).longValue(), 2147483647L);
        }
        setRenewBeforeExpirationMs(getLongValue(map, AcmeConstants.RENEW_BEFORE_EXPIRATION), true);
        this.disableMinRenewWindow = getBooleanValue(map, AcmeConstants.DISABLE_MIN_RENEW_WINDOW, false).booleanValue();
        this.disableRenewOnNewHistory = getBooleanValue(map, AcmeConstants.DISABLE_RENEW_ON_NEW_HISTORY, false).booleanValue();
        Long longValue6 = getLongValue(map, AcmeConstants.START_READY_TIMEOUT, AcmeConstants.START_READY_TIMEOUT_DEFAULT);
        this.startReadyTimeout = longValue6.longValue() <= 0 ? AcmeConstants.START_READY_TIMEOUT_DEFAULT : longValue6;
        List<Map<String, Object>> nest2 = Nester.nest(AcmeConstants.REVOCATION_CHECKER, map);
        if (nest2.isEmpty()) {
            return;
        }
        Map<String, Object> map3 = nest2.get(0);
        String stringValue = getStringValue(map3, AcmeConstants.REVOCATION_OCSP_RESPONDER_URL);
        if (stringValue != null) {
            try {
                this.ocspResponderUrl = URI.create(stringValue);
            } catch (IllegalArgumentException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.acme.internal.AcmeConfig", "216", this, new Object[]{map, Boolean.valueOf(z)});
                throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2062E", new Object[]{stringValue}));
            }
        }
        this.revocationCheckerEnabled = getBooleanValue(map3, AcmeConstants.REVOCATION_CHECKER_ENABLED);
        this.preferCRLs = getBooleanValue(map3, AcmeConstants.REVOCATION_PREFER_CRLS);
        this.disableFallback = getBooleanValue(map3, AcmeConstants.REVOCATION_DISABLE_FALLBACK);
    }

    @Trivial
    private static Boolean getBooleanValue(Map<String, Object> map, String str, boolean z) {
        Object obj = map.get(str);
        return obj == null ? Boolean.valueOf(z) : (Boolean) obj;
    }

    @Trivial
    private static Boolean getBooleanValue(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return (Boolean) obj;
    }

    @Trivial
    private static Integer getIntegerValue(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return (Integer) obj;
    }

    @Trivial
    private static Long getLongValue(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return (Long) obj;
    }

    @Trivial
    private static Long getLongValue(Map<String, Object> map, String str, Long l) {
        Object obj = map.get(str);
        return obj == null ? l : (Long) obj;
    }

    @Trivial
    private static List<String> getStringList(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null || !(obj instanceof String[])) {
            return null;
        }
        String[] strArr = (String[]) obj;
        if (strArr.length == 0) {
            return null;
        }
        ArrayList arrayList = null;
        for (String str2 : strArr) {
            if (str2 != null && !str2.trim().isEmpty()) {
                if (arrayList == null) {
                    arrayList = new ArrayList();
                }
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    @Trivial
    private static SerializableProtectedString getSerializableProtectedStringValue(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return (SerializableProtectedString) obj;
    }

    @Trivial
    private static String getStringValue(Map<String, Object> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return (String) obj;
    }

    public String getDirectoryURI() {
        return this.directoryURI;
    }

    public Boolean isDisableFallback() {
        return Boolean.valueOf(this.disableFallback == null ? false : this.disableFallback.booleanValue());
    }

    public List<String> getDomains() {
        return this.domains;
    }

    public Long getValidForMs() {
        return this.validForMs;
    }

    public Long getChallengePollTimeoutMs() {
        return this.challengePollTimeoutMs;
    }

    public URI getOcspResponderUrl() {
        return this.ocspResponderUrl;
    }

    public Long getOrderPollTimeoutMs() {
        return this.orderPollTimeoutMs;
    }

    public Boolean isPreferCrls() {
        return Boolean.valueOf(this.preferCRLs == null ? false : this.preferCRLs.booleanValue());
    }

    public String getAccountKeyFile() {
        return this.accountKeyFile;
    }

    public List<String> getAccountContacts() {
        return this.accountContacts;
    }

    public String getDomainKeyFile() {
        return this.domainKeyFile;
    }

    public Boolean isRevocationCheckerEnabled() {
        return Boolean.valueOf(this.revocationCheckerEnabled == null ? true : this.revocationCheckerEnabled.booleanValue());
    }

    public SSLConfig getSSLConfig() {
        SSLConfig sSLConfig = new SSLConfig();
        if (this.protocol != null) {
            sSLConfig.setProperty("com.ibm.ssl.protocol", this.protocol);
        }
        if (this.trustStore != null) {
            sSLConfig.setProperty("com.ibm.ssl.trustStore", this.trustStore);
        }
        if (this.trustStorePassword != null) {
            sSLConfig.setProperty("com.ibm.ssl.trustStorePassword", String.valueOf(this.trustStorePassword.getChars()));
        }
        if (this.trustStoreType != null) {
            sSLConfig.setProperty("com.ibm.ssl.trustStoreType", this.trustStoreType);
        }
        sSLConfig.setProperty("com.ibm.ws.ssl.trustDefaultCerts", "true");
        return sSLConfig;
    }

    public List<Rdn> getSubjectDN() {
        return this.subjectDN;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:30:0x00ef. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0114  */
    /* JADX WARN: Removed duplicated region for block: B:52:0x01ae A[FALL_THROUGH] */
    /* JADX WARN: Removed duplicated region for block: B:54:0x01b1 A[SYNTHETIC] */
    @com.ibm.ws.ffdc.annotation.FFDCIgnore({javax.naming.InvalidNameException.class})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void processSubjectDN(java.lang.String r12) throws com.ibm.ws.security.acme.AcmeCaException {
        /*
            Method dump skipped, instructions count: 634
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.acme.internal.AcmeConfig.processSubjectDN(java.lang.String):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Trivial
    public void setRenewBeforeExpirationMs(Long l, boolean z) {
        this.autoRenewOnExpiration = true;
        if (l != null) {
            if (l.longValue() <= 0) {
                this.renewBeforeExpirationMs = 0L;
                this.autoRenewOnExpiration = false;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Auto renewal of the certificate is disabled, renewBeforeExpirationMs was configured to " + l, new Object[0]);
                    return;
                }
                return;
            }
            if (l.longValue() < this.renewCertMin.longValue()) {
                this.renewBeforeExpirationMs = this.renewCertMin;
                Tr.warning(tc, "CWPKI2051W", new Object[]{l + "ms", this.renewCertMin + "ms"});
                return;
            }
            this.renewBeforeExpirationMs = l;
            if (!z || l.longValue() >= AcmeConstants.RENEW_CERT_MIN_WARN_LEVEL.longValue()) {
                return;
            }
            Tr.warning(tc, "CWPKI2055W", new Object[]{this.renewBeforeExpirationMs + "ms"});
        }
    }

    @Trivial
    private void setValidFor(Long l) {
        if (l == null || l.longValue() < 0) {
            return;
        }
        this.validForMs = l;
    }

    public Long getRenewBeforeExpirationMs() {
        return this.renewBeforeExpirationMs;
    }

    public boolean isAutoRenewOnExpiration() {
        return this.autoRenewOnExpiration;
    }

    private static void validateKeyFilePath(String str, String str2) throws AcmeCaException {
        if (str == null || str.trim().isEmpty()) {
            throw new AcmeCaException(Tr.formatMessage(tc, "CWPKI2027E", new Object[]{str2, str}));
        }
        File file = new File(str);
        if (file.exists() && !file.canRead()) {
            throw new AcmeCaException(Tr.formatMessage(tc, "domain".equals(str2) ? "CWPKI2020E" : "CWPKI2021E", new Object[]{str, Tr.formatMessage(tc, "FILE_NOT_READABLE", new Object[0])}));
        }
        if (file.exists()) {
            return;
        }
        File file2 = file;
        do {
            File parentFile = file2.getParentFile();
            file2 = parentFile;
            if (parentFile == null) {
                return;
            }
            if (file2.exists() && !file2.canWrite()) {
                throw new AcmeCaException(Tr.formatMessage(tc, "domain".equals(str2) ? "CWPKI2022E" : "CWPKI2023E", new Object[]{str, Tr.formatMessage(tc, "FILE_NOT_WRITABLE", new Object[0])}));
            }
        } while (!file2.exists());
    }

    @Trivial
    public Long getCertCheckerScheduler() {
        return this.certCheckerScheduler;
    }

    public void setCertCheckerScheduler(Long l) {
        if (l != null) {
            if (l.longValue() <= 0) {
                this.certCheckerScheduler = 0L;
            } else if (l.longValue() >= this.renewCertMin.longValue()) {
                this.certCheckerScheduler = l;
            } else {
                this.certCheckerScheduler = this.renewCertMin;
                Tr.warning(tc, "CWPKI2070W", new Object[]{l, this.certCheckerScheduler + "ms"});
            }
        }
    }

    @Trivial
    public Long getCertCheckerErrorScheduler() {
        return this.certCheckerErrorScheduler;
    }

    public void setCertCheckerErrorScheduler(Long l) {
        if (l != null) {
            if (l.longValue() >= this.renewCertMin.longValue()) {
                this.certCheckerErrorScheduler = l;
            } else {
                this.certCheckerErrorScheduler = this.renewCertMin;
                Tr.warning(tc, "CWPKI2071W", new Object[]{l, this.certCheckerErrorScheduler + "ms"});
            }
        }
    }

    @Trivial
    public boolean isDisableMinRenewWindow() {
        return this.disableMinRenewWindow;
    }

    @Trivial
    public boolean isDisableRenewOnNewHistory() {
        return this.disableRenewOnNewHistory;
    }

    @Trivial
    public long getRenewCertMin() {
        return this.renewCertMin.longValue();
    }

    @Trivial
    public Integer getHTTPConnectTimeout() {
        return Integer.valueOf(this.httpConnectTimeout);
    }

    @Trivial
    public Integer getHTTPReadTimeout() {
        return Integer.valueOf(this.httpReadTimeout);
    }

    @Trivial
    public Long getStartReadyTimeout() {
        return this.startReadyTimeout;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(getClass().getName()).append(":{");
        stringBuffer.append("directoryURI=").append(this.directoryURI).append("\n");
        stringBuffer.append(", domains=").append(this.domains).append("\n");
        stringBuffer.append(", validForMs=").append(this.validForMs).append("\n");
        stringBuffer.append(", subjectDN=").append(this.subjectDN).append("\n");
        stringBuffer.append(", challengePollTimeoutMs=").append(this.challengePollTimeoutMs).append("\n");
        stringBuffer.append(", orderPollTimeoutMs=").append(this.orderPollTimeoutMs).append("\n");
        stringBuffer.append(", accountKeyFile=").append(this.accountKeyFile).append("\n");
        stringBuffer.append(", accountContacts=").append(this.accountContacts).append("\n");
        stringBuffer.append(", domainKeyFile=").append(this.domainKeyFile).append("\n");
        stringBuffer.append(", renewBeforeExpirationMs=").append(this.renewBeforeExpirationMs).append("\n");
        stringBuffer.append(", autoRenewOnExpiration=").append(this.autoRenewOnExpiration).append("\n");
        stringBuffer.append(", certCheckerScheduler=").append(this.certCheckerScheduler).append("\n");
        stringBuffer.append(", certCheckerErrorScheduler=").append(this.certCheckerErrorScheduler).append("\n");
        stringBuffer.append(", disableMinRenewWindow=").append(this.disableMinRenewWindow).append("\n");
        stringBuffer.append(", disableRenewOnNewHistory=").append(this.disableRenewOnNewHistory).append("\n");
        stringBuffer.append(", renewCertMin=").append(this.renewCertMin).append("\n");
        stringBuffer.append(", startReadyTimeout=").append(this.startReadyTimeout).append("\n");
        stringBuffer.append(" }");
        stringBuffer.append(", acmeTransportConfig{ protocol=").append(this.protocol).append("\n");
        stringBuffer.append(", trustStore=").append(this.trustStore).append("\n");
        stringBuffer.append(", trustStoreType=").append(this.trustStoreType).append("\n");
        stringBuffer.append(", httpConnectTimeout=").append(this.httpConnectTimeout).append("\n");
        stringBuffer.append(", httpReadTimeout=").append(this.httpReadTimeout).append("\n");
        stringBuffer.append(" }");
        stringBuffer.append(", acmeRevocationChecker{ ocspResponderUrl=").append(this.ocspResponderUrl).append("\n");
        stringBuffer.append(", revocationCheckerEnabled=").append(this.revocationCheckerEnabled).append("\n");
        stringBuffer.append(", preferCRLs=").append(this.preferCRLs).append("\n");
        stringBuffer.append(", disableFallback=").append(this.disableFallback).append("\n");
        stringBuffer.append(" }");
        stringBuffer.append("}");
        return stringBuffer.toString();
    }
}
