package com.ibm.oti.security.keytool;

import com.ibm.oti.util.BASE64Encoder;
import com.ibm.oti.util.Msg;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.reflect.Modifier;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;

/* loaded from: input_file:local/ive/runtimes/common/ive/lib/jclMax/classes.zip:com/ibm/oti/security/keytool/KeyTool.class */
public final class KeyTool {
    private static final int LENGTH_OF_PASSWORD = 6;
    private static final int NUMBER_OF_ATTEMPTS = 3;
    private String alias = null;
    private KeyStore cacerts = null;
    private String cmd = null;
    private String dest = null;
    private String dname = null;
    private File file = null;
    private String filename = null;
    private String keyalg = null;
    private String keypass = null;
    private int keysize = -1;
    private KeyStore keystore = null;
    private File keystorefile = null;
    private String keystorename = null;
    private boolean noprompt = false;
    private String passnew = null;
    private String provider = null;
    private boolean rfc = false;
    private String sigalg = null;
    private String storepass = null;
    private String storetype = null;
    private boolean trustcacerts = false;
    private int validity = -1;
    private boolean verbose = false;
    private BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
    private PrintStream stdout = System.out;

    private Certificate[] checkCertificateChainReply(Certificate certificate, X509Certificate[] x509CertificateArr) throws KeyToolException {
        int length = x509CertificateArr.length;
        int i = length - 1;
        Principal principal = null;
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= length) {
                break;
            }
            if (isSelfSignedCertificate(x509CertificateArr[i2])) {
                X509Certificate x509Certificate = x509CertificateArr[i];
                x509CertificateArr[i] = x509CertificateArr[i2];
                x509CertificateArr[i2] = x509Certificate;
                principal = x509CertificateArr[i].getSubjectDN();
                z = true;
                break;
            }
            i2++;
        }
        if (!z) {
            throw new KeyToolException(Msg.getString("K0100"));
        }
        for (int i3 = length - 1; i3 >= 0; i3--) {
            int i4 = i3;
            while (true) {
                if (i4 <= 0) {
                    break;
                }
                z = false;
                if (principal.equals(x509CertificateArr[i4].getIssuerDN())) {
                    X509Certificate x509Certificate2 = x509CertificateArr[i3];
                    x509CertificateArr[i3] = x509CertificateArr[i4];
                    x509CertificateArr[i4] = x509Certificate2;
                    principal = x509CertificateArr[i3].getSubjectDN();
                    z = true;
                    break;
                }
                i4--;
            }
            if (!z) {
                throw new KeyToolException(Msg.getString("K0101"));
            }
        }
        if (!Arrays.equals(certificate.getPublicKey().getEncoded(), x509CertificateArr[0].getPublicKey().getEncoded())) {
            throw new KeyToolException(Msg.getString("K0102"));
        }
        try {
            PublicKey publicKey = x509CertificateArr[i].getPublicKey();
            for (int i5 = length - 1; i5 >= 0; i5--) {
                x509CertificateArr[i5].verify(publicKey);
                publicKey = x509CertificateArr[i5].getPublicKey();
            }
            if (this.noprompt) {
                return x509CertificateArr;
            }
            if (!isTrustedCertificate(x509CertificateArr[i])) {
                this.stdout.println(Msg.getString("K0104"));
                printVerboseCertificate(x509CertificateArr[i]);
                this.stdout.println(Msg.getString("K0105"));
                this.stdout.print(Msg.getString("K0106"));
                if (!getYesOrNoReply()) {
                    return null;
                }
            }
            return x509CertificateArr;
        } catch (SignatureException unused) {
            throw new KeyToolException(Msg.getString("K0103"));
        } catch (GeneralSecurityException e) {
            throw new KeyToolException(e.toString());
        }
    }

    private void checkGlobalOptions() throws KeyToolException {
        if (this.provider != null) {
            try {
                Security.addProvider((Provider) Class.forName(this.provider).newInstance());
            } catch (ClassNotFoundException e) {
                throw new KeyToolException(Msg.getString("K0183", this.provider, e));
            } catch (IllegalAccessException e2) {
                throw new KeyToolException(Msg.getString("K0183", this.provider, e2));
            } catch (InstantiationException e3) {
                throw new KeyToolException(Msg.getString("K0183", this.provider, e3));
            }
        }
        if (this.storetype == null) {
            this.storetype = KeyStore.getDefaultType();
        }
        try {
            this.keystore = KeyStore.getInstance(this.storetype);
            if (this.keystorename == null) {
                this.keystorename = ".keystore";
                this.keystorefile = new File(System.getProperty("user.home"), this.keystorename);
            } else {
                this.keystorefile = new File(this.keystorename);
            }
            if (this.storepass == null) {
                this.stdout.print(Msg.getString("K0108"));
                this.storepass = getInputString();
            }
        } catch (KeyStoreException unused) {
            throw new KeyToolException(Msg.getString("K0107", this.storetype));
        }
    }

    private Key getKey() throws GeneralSecurityException, KeyToolException {
        Key key = null;
        if (this.keypass == null) {
            try {
                this.keypass = this.storepass;
                key = this.keystore.getKey(this.alias, this.keypass.toCharArray());
            } catch (UnrecoverableKeyException unused) {
                this.stdout.print(Msg.getString("K0109", this.alias));
                this.keypass = getInputString();
                this.stdout.println();
            }
        }
        if (key == null) {
            try {
                key = this.keystore.getKey(this.alias, this.keypass.toCharArray());
            } catch (UnrecoverableKeyException e) {
                throw new KeyToolException(e.toString());
            }
        }
        return key;
    }

    private void cmdDeleteImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, true);
            if (this.alias == null) {
                this.stdout.print(Msg.getString("K010d"));
                this.alias = getInputString();
                this.stdout.println();
            }
            if (!this.keystore.containsAlias(this.alias)) {
                throw new KeyToolException(Msg.getString("K0112", this.alias));
            }
            this.keystore.deleteEntry(this.alias);
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.storepass.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(Msg.getString("K010f", this.keystorefile.getAbsolutePath()));
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdExportImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, false);
            if (this.alias == null) {
                this.alias = "mykey";
            }
            if (!this.keystore.containsAlias(this.alias)) {
                throw new KeyToolException(Msg.getString("K0112", this.alias));
            }
            OutputStream outputStream = this.stdout;
            if (this.filename != null) {
                this.file = new File(this.filename);
                if (!this.file.exists()) {
                    this.file.createNewFile();
                }
                outputStream = new FileOutputStream(this.file);
            }
            Certificate certificate = this.keystore.getCertificate(this.alias);
            if (certificate == null) {
                throw new KeyToolException(Msg.getString("K010a"));
            }
            if (this.rfc) {
                outputStream.write(writeInternetRFC1421Standard(certificate).getBytes());
            } else {
                outputStream.write(certificate.getEncoded());
            }
            if (this.filename != null) {
                outputStream.close();
                if (this.verbose) {
                    this.stdout.println(Msg.getString("K0113", this.file.getAbsolutePath()));
                }
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void inputStorePassword() throws KeyToolException {
        this.stdout.println(Msg.getString("K0114"));
        for (int i = 0; i < 2; i++) {
            this.stdout.print(Msg.getString("K0108"));
            this.storepass = getInputString();
            if (this.storepass.length() >= 6) {
                this.stdout.println();
                return;
            }
            this.stdout.println(Msg.getString("K0114"));
        }
        throw new KeyToolException(Msg.getString("K0115"));
    }

    private void openKeyStore(boolean z, boolean z2) throws IOException, GeneralSecurityException, KeyToolException {
        if (z2 & (this.storepass.length() < 6)) {
            inputStorePassword();
        }
        if (!this.keystorefile.exists()) {
            if (!z) {
                throw new FileNotFoundException();
            }
            this.keystore.load(null, null);
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(this.keystorefile);
        if (z2 || this.storepass.length() != 0) {
            this.keystore.load(fileInputStream, this.storepass.toCharArray());
        } else {
            this.stdout.println(Msg.getString("K0110"));
            this.stdout.println(Msg.getString("K0111"));
            this.stdout.println(Msg.getString("K0110"));
            this.keystore.load(fileInputStream, null);
        }
        fileInputStream.close();
    }

    private String readNewPassword(String str, String str2, String str3, String str4) throws KeyToolException {
        for (int i = 0; i < 3; i++) {
            this.stdout.print(str);
            if (str2 != null) {
                this.stdout.println();
                this.stdout.print(str2);
            }
            String inputString = getInputString();
            if (str2 != null && inputString.length() == 0) {
                this.stdout.println();
                return str3;
            }
            if (inputString.length() < 6) {
                this.stdout.println(Msg.getString("K0114"));
            } else if (str4 == null || !inputString.equals(str4)) {
                this.stdout.print(Msg.getString("K0119"));
                if (inputString.compareTo(getInputString()) == 0) {
                    this.stdout.println();
                    return inputString;
                }
                this.stdout.println(Msg.getString("K011a"));
            } else {
                this.stdout.println(Msg.getString("K0143"));
            }
        }
        throw new KeyToolException(Msg.getString("K0115"));
    }

    private void cmdGenKeyImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(true, true);
            if (this.alias == null) {
                this.alias = "mykey";
            }
            if (this.keystore.containsAlias(this.alias)) {
                throw new KeyToolException(Msg.getString("K0116", this.alias));
            }
            if (this.keyalg == null) {
                this.keyalg = "DSA";
            }
            if (this.keysize == -1) {
                this.keysize = Modifier.ABSTRACT;
            }
            if (this.sigalg == null) {
                if (this.keyalg.equalsIgnoreCase("DSA")) {
                    this.sigalg = "SHA1withDSA";
                } else if (this.keyalg.equalsIgnoreCase("RSA")) {
                    this.sigalg = "MD5withRSA";
                }
            }
            if (this.dname == null) {
                this.dname = getDistinguishedName();
            }
            if (this.validity == -1) {
                this.validity = 90;
            }
            if (this.keypass == null) {
                this.keypass = readNewPassword(Msg.getString("K0117", this.alias), Msg.getString("K0118"), this.storepass, null);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyalg);
            keyPairGenerator.initialize(this.keysize, new SecureRandom());
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            PublicKey publicKey = genKeyPair.getPublic();
            PrivateKey privateKey = genKeyPair.getPrivate();
            long currentTimeMillis = System.currentTimeMillis();
            this.keystore.setKeyEntry(this.alias, privateKey, this.keypass.toCharArray(), new Certificate[]{CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((com.ibm.oti.security.provider.X509Certificate) com.ibm.oti.security.provider.X509Certificate.certificateFromData(publicKey, this.dname, new Date(currentTimeMillis), new Date(currentTimeMillis + (this.validity * 86400000)))).getSignedAndEncoded(this.sigalg, privateKey)))});
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.storepass.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(Msg.getString("K010f", this.keystorefile.getAbsolutePath()));
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K011b", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdHelpImpl() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n(c) Copyright IBM Corp. 2001 All Rights Reserved\n");
        stringBuffer.append("US Government Users Restricted Rights - Use, duplication or disclosure\n");
        stringBuffer.append("restricted by GSA ADP Schedule Contract with IBM Corp.\n\n");
        stringBuffer.append(Msg.getString("K011f"));
        stringBuffer.append(Msg.getString("K0120"));
        stringBuffer.append(Msg.getString("K0125"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0126"));
        stringBuffer.append(Msg.getString("K0127"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0128"));
        stringBuffer.append(Msg.getString("K0129"));
        stringBuffer.append(Msg.getString("K012a"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K012b"));
        stringBuffer.append(Msg.getString("K012d"));
        stringBuffer.append(Msg.getString("K012e"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K012f"));
        stringBuffer.append(Msg.getString("K0130"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0131"));
        stringBuffer.append(Msg.getString("K0132"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0133"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0134"));
        stringBuffer.append(Msg.getString("K0135"));
        stringBuffer.append(Msg.getString("K0136"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        stringBuffer.append(Msg.getString("K0137"));
        stringBuffer.append(Msg.getString("K0123"));
        stringBuffer.append(Msg.getString("K0124"));
        this.stdout.print(stringBuffer.toString());
    }

    private InputStream openCertificate() throws IOException, KeyToolException {
        InputStream fileInputStream;
        if (this.filename == null) {
            fileInputStream = System.in;
            if (fileInputStream.available() == 0) {
                fileInputStream = new ByteArrayInputStream(new byte[0]);
            }
        } else {
            this.file = new File(this.filename);
            if (!this.file.exists()) {
                throw new KeyToolException(Msg.getString("K013a", this.filename));
            }
            fileInputStream = new FileInputStream(this.file);
        }
        return fileInputStream;
    }

    private void cmdImportImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(true, true);
            if (this.alias == null) {
                this.alias = "mykey";
            }
            boolean z = true;
            Key key = null;
            if (this.keystore.containsAlias(this.alias)) {
                if (this.keystore.isCertificateEntry(this.alias)) {
                    throw new KeyToolException(Msg.getString("K0116", this.alias));
                }
                key = getKey();
                z = false;
            }
            InputStream openCertificate = openCertificate();
            if (this.trustcacerts) {
                try {
                    this.cacerts = KeyStore.getInstance(KeyStore.getDefaultType());
                    FileInputStream fileInputStream = new FileInputStream(new File(System.getProperty("java.home"), "\\lib\\security\\cacerts"));
                    this.cacerts.load(fileInputStream, null);
                    fileInputStream.close();
                } catch (KeyStoreException e) {
                    throw new KeyToolException(Msg.getString("K013b", e));
                } catch (Exception e2) {
                    throw new KeyToolException(e2.toString());
                }
            }
            if (z ? importTrustedCertificate(this.alias, openCertificate) : importCertificateReply(this.alias, openCertificate, (PrivateKey) key, this.keypass)) {
                FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
                this.keystore.store(fileOutputStream, this.storepass.toCharArray());
                fileOutputStream.close();
                if (this.verbose && z) {
                    this.stdout.println(Msg.getString("K013c", this.alias));
                } else {
                    if (!this.verbose || z) {
                        return;
                    }
                    this.stdout.println(Msg.getString("K013d", this.alias));
                }
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e3) {
            throw new KeyToolException(e3.toString());
        } catch (GeneralSecurityException e4) {
            throw new KeyToolException(e4.toString());
        }
    }

    private void checkKeyEntry() throws GeneralSecurityException, KeyToolException {
        if (this.alias == null) {
            this.alias = "mykey";
        }
        if (!this.keystore.containsAlias(this.alias)) {
            throw new KeyToolException(Msg.getString("K0112", this.alias));
        }
        if (!this.keystore.isKeyEntry(this.alias)) {
            throw new KeyToolException(Msg.getString("K0145", this.alias));
        }
    }

    private void cmdKeyCloneImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, true);
            checkKeyEntry();
            if (this.dest == null) {
                this.stdout.print(Msg.getString("K013f"));
                this.dest = getInputString();
                this.stdout.println();
            }
            if (this.keystore.containsAlias(this.dest)) {
                throw new KeyToolException(Msg.getString("K0140", this.dest));
            }
            Key key = getKey();
            if (this.passnew == null) {
                this.passnew = readNewPassword(Msg.getString("K0141", this.dest), Msg.getString("K0142", this.alias), this.keypass, this.keypass);
            }
            this.keystore.setKeyEntry(this.dest, key, this.passnew.toCharArray(), this.keystore.getCertificateChain(this.alias));
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.storepass.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(new StringBuffer(String.valueOf(Msg.getString("K010f", this.keystorefile.getAbsolutePath()))).append("]").toString());
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdKeyPasswdImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, true);
            checkKeyEntry();
            Key key = getKey();
            if (this.passnew == null) {
                this.passnew = readNewPassword(Msg.getString("K0117", this.alias), null, null, this.keypass);
            }
            this.keystore.setKeyEntry(this.alias, key, this.passnew.toCharArray(), this.keystore.getCertificateChain(this.alias));
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.storepass.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(new StringBuffer(String.valueOf(Msg.getString("K010f", this.keystorefile.getAbsolutePath()))).append("]").toString());
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException unused2) {
        }
    }

    private void cmdListImpl() throws KeyToolException {
        try {
            if (this.verbose && this.rfc) {
                throw new KeyToolException(Msg.getString("K0146"));
            }
            checkGlobalOptions();
            openKeyStore(false, false);
            if (this.alias != null) {
                if (!this.keystore.containsAlias(this.alias)) {
                    throw new KeyToolException(Msg.getString("K0112", this.alias));
                }
                printAlias(this.alias);
                return;
            }
            this.stdout.println(Msg.getString("K0147", this.keystore.getType()));
            this.stdout.println(Msg.getString("K0148", this.keystore.getProvider().getName()));
            this.stdout.println();
            int size = this.keystore.size();
            if (size == 1) {
                this.stdout.println(Msg.getString("K014a"));
            } else {
                this.stdout.println(Msg.getString("K014b", size));
            }
            this.stdout.println();
            Enumeration aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                this.alias = (String) aliases.nextElement();
                printAlias(this.alias);
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdPrintCertImpl() throws KeyToolException {
        try {
            InputStream openCertificate = openCertificate();
            Collection generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(openCertificate);
            openCertificate.close();
            int i = 1;
            Iterator it = generateCertificates.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                this.stdout.println(Msg.getString("K017e", i2));
                printVerboseCertificate((X509Certificate) it.next());
            }
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (CertificateException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdSelfCertImpl() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, true);
            checkKeyEntry();
            if (this.keysize == -1) {
                this.keysize = Modifier.ABSTRACT;
            }
            if (this.validity == -1) {
                this.validity = 90;
            }
            Key key = getKey();
            X509Certificate x509Certificate = (X509Certificate) this.keystore.getCertificateChain(this.alias)[0];
            PublicKey publicKey = x509Certificate.getPublicKey();
            PrivateKey privateKey = (PrivateKey) key;
            if (this.sigalg == null) {
                if (publicKey.getAlgorithm().equalsIgnoreCase("DSA")) {
                    this.sigalg = "SHA1withDSA";
                } else if (publicKey.getAlgorithm().equalsIgnoreCase("RSA")) {
                    this.sigalg = "MD5withRSA";
                }
            }
            long currentTimeMillis = System.currentTimeMillis();
            com.ibm.oti.security.provider.X509Certificate x509Certificate2 = (com.ibm.oti.security.provider.X509Certificate) com.ibm.oti.security.provider.X509Certificate.certificateFromData(publicKey, this.dname, new Date(currentTimeMillis), new Date(currentTimeMillis + (this.validity * 86400000)));
            if (this.dname == null) {
                x509Certificate2.setIssuerDN(x509Certificate.getIssuerDN());
                x509Certificate2.setSubjectDN(x509Certificate.getSubjectDN());
            }
            this.keystore.setKeyEntry(this.alias, privateKey, this.keypass.toCharArray(), new Certificate[]{CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate2.getSignedAndEncoded(this.sigalg, privateKey)))});
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.storepass.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(Msg.getString("K010f", this.keystorefile.getAbsolutePath()));
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    private void cmdStorePasswd() throws KeyToolException {
        try {
            checkGlobalOptions();
            openKeyStore(false, true);
            if (this.passnew == null) {
                this.passnew = readNewPassword(Msg.getString("K014e"), null, null, this.storepass);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystorefile);
            this.keystore.store(fileOutputStream, this.passnew.toCharArray());
            fileOutputStream.close();
            if (this.verbose) {
                this.stdout.println(Msg.getString("K010f", this.keystorefile.getAbsolutePath()));
            }
        } catch (FileNotFoundException unused) {
            throw new KeyToolException(Msg.getString("K010c", this.keystorename));
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (GeneralSecurityException e2) {
            throw new KeyToolException(e2.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean createCertificateChain(X509Certificate x509Certificate, Hashtable hashtable, Vector vector) {
        if (isSelfSignedCertificate(x509Certificate)) {
            vector.addElement(x509Certificate);
            return true;
        }
        Vector vector2 = (Vector) hashtable.get(x509Certificate.getIssuerDN());
        if (vector2 == null) {
            return false;
        }
        Enumeration elements = vector2.elements();
        while (elements.hasMoreElements()) {
            X509Certificate x509Certificate2 = (X509Certificate) elements.nextElement();
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception unused) {
            }
            if (createCertificateChain(x509Certificate2, hashtable, vector)) {
                vector.addElement(x509Certificate);
                return true;
            }
            continue;
        }
        return false;
    }

    private Certificate[] generateCertificateChain(Certificate certificate, Certificate certificate2) throws KeyToolException {
        if (certificate != null) {
            try {
                if (!Arrays.equals(certificate.getPublicKey().getEncoded(), certificate2.getPublicKey().getEncoded())) {
                    throw new KeyToolException(Msg.getString("K0151"));
                }
                if (certificate.equals(certificate2)) {
                    throw new KeyToolException(Msg.getString("K0152"));
                }
            } catch (KeyStoreException e) {
                throw new KeyToolException(e.toString());
            }
        }
        Hashtable hashtable = new Hashtable();
        if (this.keystore.size() > 0) {
            generateKeystoreDictionary(this.keystore, hashtable);
        }
        if (this.trustcacerts && this.cacerts != null && this.cacerts.size() > 0) {
            generateKeystoreDictionary(this.cacerts, hashtable);
        }
        Vector vector = new Vector();
        createCertificateChain((X509Certificate) certificate2, hashtable, vector);
        if (vector.size() <= 0) {
            return null;
        }
        Iterator it = vector.iterator();
        Certificate[] certificateArr = new Certificate[vector.size()];
        int i = 0;
        while (it.hasNext()) {
            certificateArr[i] = (Certificate) it.next();
            i++;
        }
        return certificateArr;
    }

    private void generateKeystoreDictionary(KeyStore keyStore, Hashtable hashtable) throws KeyToolException {
        try {
            Enumeration aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate((String) aliases.nextElement());
                Principal subjectDN = x509Certificate.getSubjectDN();
                Vector vector = (Vector) hashtable.get(subjectDN);
                if (vector == null) {
                    vector = new Vector();
                    vector.addElement(x509Certificate);
                }
                if (!vector.contains(x509Certificate)) {
                    vector.addElement(x509Certificate);
                }
                hashtable.put(subjectDN, vector);
            }
        } catch (KeyStoreException e) {
            throw new KeyToolException(e.toString());
        }
    }

    private String getDistinguishedName() throws KeyToolException {
        String inputString;
        String inputString2;
        String inputString3;
        String inputString4;
        String inputString5;
        String inputString6;
        boolean yesOrNoReply;
        do {
            this.stdout.println(Msg.getString("K0153"));
            this.stdout.print(Msg.getString("K0154"));
            inputString = getInputString();
            if (inputString.length() == 0) {
                inputString = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K0156"));
            this.stdout.print(Msg.getString("K0154"));
            inputString2 = getInputString();
            if (inputString2.length() == 0) {
                inputString2 = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K0158"));
            this.stdout.print(Msg.getString("K0154"));
            inputString3 = getInputString();
            if (inputString3.length() == 0) {
                inputString3 = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K015a"));
            this.stdout.print(Msg.getString("K0154"));
            inputString4 = getInputString();
            if (inputString4.length() == 0) {
                inputString4 = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K015c"));
            this.stdout.print(Msg.getString("K0154"));
            inputString5 = getInputString();
            if (inputString5.length() == 0) {
                inputString5 = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K015e"));
            this.stdout.print(Msg.getString("K0154"));
            inputString6 = getInputString();
            if (inputString6.length() == 0) {
                inputString6 = Msg.getString("K0155");
            }
            this.stdout.println(Msg.getString("K0160", (Object[]) new String[]{inputString, inputString2, inputString3, inputString4, inputString5, inputString6}));
            this.stdout.print(Msg.getString("K0161"));
            yesOrNoReply = getYesOrNoReply();
            this.stdout.println();
        } while (!yesOrNoReply);
        return Msg.getString("CN={0}, OU={1}, O={2}, L={3}, ST={4}, C={5}", (Object[]) new String[]{inputString, inputString2, inputString3, inputString4, inputString5, inputString6});
    }

    private String getFingerprintOfCertificate(Certificate certificate, String str) throws KeyToolException {
        try {
            try {
                return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
            } catch (NoSuchAlgorithmException unused) {
                return Msg.getString("K0162", str);
            }
        } catch (CertificateEncodingException e) {
            throw new KeyToolException(e.toString());
        }
    }

    private String getInputString() throws KeyToolException {
        try {
            String readLine = this.stdin.readLine();
            if (readLine == null) {
                throw new KeyToolException(Msg.getString("K0163"));
            }
            return readLine;
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        }
    }

    private boolean getYesOrNoReply() throws KeyToolException {
        String inputString = getInputString();
        while (true) {
            String str = inputString;
            if (str.equalsIgnoreCase(Msg.getString("K0164_1")) || str.equalsIgnoreCase(Msg.getString("K0164_2"))) {
                return true;
            }
            if (str.equalsIgnoreCase(Msg.getString("K0164_3")) || str.equalsIgnoreCase(Msg.getString("K0164_4")) || str.length() == 0) {
                return false;
            }
            inputString = getInputString();
        }
    }

    private boolean importCertificateReply(String str, InputStream inputStream, PrivateKey privateKey, String str2) throws KeyToolException {
        try {
            Certificate certificate = this.keystore.getCertificate(str);
            Collection generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
            inputStream.close();
            if (generateCertificates.isEmpty()) {
                throw new KeyToolException(Msg.getString("K0165"));
            }
            Iterator it = generateCertificates.iterator();
            X509Certificate[] x509CertificateArr = new X509Certificate[generateCertificates.size()];
            int i = 0;
            while (it.hasNext()) {
                x509CertificateArr[i] = (X509Certificate) it.next();
                i++;
            }
            Certificate[] generateCertificateChain = x509CertificateArr.length == 1 ? generateCertificateChain(certificate, x509CertificateArr[0]) : checkCertificateChainReply(certificate, x509CertificateArr);
            if (generateCertificateChain == null) {
                return false;
            }
            this.keystore.setKeyEntry(str, privateKey, str2.toCharArray(), generateCertificateChain);
            return true;
        } catch (IOException e) {
            throw new KeyToolException(e.toString());
        } catch (KeyStoreException e2) {
            throw new KeyToolException(e2.toString());
        } catch (CertificateException e3) {
            throw new KeyToolException(e3.toString());
        }
    }

    private boolean importTrustedCertificate(String str, InputStream inputStream) throws KeyToolException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            inputStream.close();
            try {
                if (this.noprompt) {
                    this.keystore.setCertificateEntry(str, x509Certificate);
                    return true;
                }
                String certificateAlias = this.keystore.getCertificateAlias(x509Certificate);
                if (certificateAlias != null) {
                    this.stdout.println(Msg.getString("K0168", certificateAlias));
                    this.stdout.print(Msg.getString("K0169"));
                    if (!getYesOrNoReply()) {
                        return false;
                    }
                    this.stdout.println();
                } else if (this.cacerts != null) {
                    certificateAlias = this.cacerts.getCertificateAlias(x509Certificate);
                    if (certificateAlias != null) {
                        this.stdout.println(Msg.getString("K016a"));
                        this.stdout.print(Msg.getString("K016b"));
                        if (!getYesOrNoReply()) {
                            return false;
                        }
                        this.stdout.println();
                    }
                }
                if (certificateAlias == null) {
                    Certificate[] certificateArr = null;
                    if (isSelfSignedCertificate(x509Certificate)) {
                        x509Certificate.verify(x509Certificate.getPublicKey());
                    } else {
                        certificateArr = generateCertificateChain(null, x509Certificate);
                    }
                    if (certificateArr == null) {
                        printVerboseCertificate(x509Certificate);
                        this.stdout.print(Msg.getString("K016c"));
                        if (!getYesOrNoReply()) {
                            return false;
                        }
                        this.stdout.println();
                    }
                }
                this.keystore.setCertificateEntry(str, x509Certificate);
                return true;
            } catch (GeneralSecurityException e) {
                throw new KeyToolException(e.toString());
            }
        } catch (IOException e2) {
            throw new KeyToolException(e2.toString());
        } catch (ClassCastException unused) {
            throw new KeyToolException(Msg.getString("K0166"));
        } catch (CertificateException unused2) {
            throw new KeyToolException(Msg.getString("K0166"));
        }
    }

    private boolean isSelfSignedCertificate(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    private boolean isTrustedCertificate(Certificate certificate) throws KeyToolException {
        try {
            if (this.keystore.getCertificateAlias(certificate) != null) {
                return true;
            }
            if (!this.trustcacerts || this.cacerts == null) {
                return false;
            }
            return this.cacerts.getCertificateAlias(certificate) != null;
        } catch (KeyStoreException e) {
            throw new KeyToolException(e.toString());
        }
    }

    private void parser(String[] strArr) throws KeyToolException {
        if (strArr[0].equals("-help")) {
            this.cmd = "help";
        } else if (strArr[0].equals("-delete")) {
            this.cmd = "delete";
        } else if (strArr[0].equals("-export")) {
            this.cmd = "export";
        } else if (strArr[0].equals("-genkey")) {
            this.cmd = "genkey";
        } else if (strArr[0].equals("-import")) {
            this.cmd = "import";
        } else if (strArr[0].equals("-keyclone")) {
            this.cmd = "keyclone";
        } else if (strArr[0].equals("-keypasswd")) {
            this.cmd = "keypasswd";
        } else if (strArr[0].equals("-list")) {
            this.cmd = "list";
        } else if (strArr[0].equals("-printcert")) {
            this.cmd = "printcert";
        } else if (strArr[0].equals("-selfcert")) {
            this.cmd = "selfcert";
        } else {
            if (!strArr[0].equals("-storepasswd")) {
                throw new KeyToolException(Msg.getString("K016d", strArr[0]));
            }
            this.cmd = "storepasswd";
        }
        int i = 1;
        while (i < strArr.length) {
            if (strArr[i].equals("-alias")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.alias = strArr[i];
            } else if (strArr[i].equals("-dest")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.dest = strArr[i];
            } else if (strArr[i].equals("-dname")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.dname = strArr[i];
            } else if (strArr[i].equals("-file")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.filename = strArr[i];
            } else if (strArr[i].equals("-keyalg")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.keyalg = strArr[i];
            } else if (strArr[i].equals("-keypass")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.keypass = strArr[i];
                if (this.keypass.length() < 6) {
                    throw new KeyToolException(Msg.getString("K016e"));
                }
            } else if (strArr[i].equals("-keysize")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                try {
                    this.keysize = Integer.parseInt(strArr[i]);
                } catch (NumberFormatException unused) {
                    cmdHelpImpl();
                    System.exit(0);
                }
            } else if (strArr[i].equals("-keystore")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.keystorename = strArr[i];
            } else if (strArr[i].equals("-new")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.passnew = strArr[i];
                if (this.passnew.length() < 6) {
                    throw new KeyToolException(Msg.getString("K016f"));
                }
            } else if (strArr[i].equals("-noprompt")) {
                this.noprompt = true;
            } else if (strArr[i].equals("-rfc")) {
                this.rfc = true;
            } else if (strArr[i].equals("-provider")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.provider = strArr[i];
            } else if (strArr[i].equals("-sigalg")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.sigalg = strArr[i];
            } else if (strArr[i].equals("-storetype")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.storetype = strArr[i];
            } else if (strArr[i].equals("-storepass")) {
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                this.storepass = strArr[i];
                if (this.storepass.length() < 6) {
                    throw new KeyToolException(Msg.getString("K0170"));
                }
            } else if (strArr[i].equals("-trustcacerts")) {
                this.trustcacerts = true;
            } else if (strArr[i].equals("-v")) {
                this.verbose = true;
            } else {
                if (!strArr[i].equals("-validity")) {
                    throw new KeyToolException(Msg.getString("K0171", strArr[i]));
                }
                i++;
                if (i == strArr.length) {
                    cmdHelpImpl();
                    System.exit(0);
                }
                try {
                    this.validity = Integer.parseInt(strArr[i]);
                } catch (NumberFormatException unused2) {
                    cmdHelpImpl();
                    System.exit(0);
                }
            }
            i++;
        }
    }

    private void printVerboseCertificate(X509Certificate x509Certificate) throws KeyToolException {
        Integer.toHexString(x509Certificate.getSerialNumber().intValue());
        this.stdout.println(Msg.getString("K0172", x509Certificate.getSubjectDN()));
        this.stdout.println(Msg.getString("K0173", x509Certificate.getIssuerDN()));
        this.stdout.println(Msg.getString("K0174", Integer.toHexString(x509Certificate.getSerialNumber().intValue())));
        this.stdout.print(Msg.getString("K0175", x509Certificate.getNotBefore()));
        this.stdout.println(Msg.getString("K0176", x509Certificate.getNotAfter()));
        this.stdout.println(Msg.getString("K0177"));
        this.stdout.println(Msg.getString("K0178", getFingerprintOfCertificate(x509Certificate, "MD5")));
        this.stdout.println(Msg.getString("K0179", getFingerprintOfCertificate(x509Certificate, "SHA")));
        this.stdout.println();
    }

    private void printAlias(String str) throws KeyToolException {
        try {
            if (!this.verbose && !this.rfc) {
                this.stdout.print(new StringBuffer(String.valueOf(str)).append(", ").toString());
                X509Certificate x509Certificate = (X509Certificate) this.keystore.getCertificate(str);
                this.stdout.print(new StringBuffer().append(this.keystore.getCreationDate(str)).append(", ").toString());
                if (this.keystore.isKeyEntry(str)) {
                    this.stdout.println(Msg.getString("K0180"));
                } else {
                    this.stdout.println(Msg.getString("K0181"));
                }
                this.stdout.println(Msg.getString("K0182"));
                this.stdout.println(Msg.getString("K0178", getFingerprintOfCertificate(x509Certificate, "MD5")));
                this.stdout.println();
                return;
            }
            this.stdout.println(Msg.getString("K017a", str));
            if (this.keystore.isKeyEntry(str)) {
                Certificate[] certificateChain = this.keystore.getCertificateChain(str);
                this.stdout.println(Msg.getString("K017b", this.keystore.getCreationDate(str)));
                this.stdout.println(Msg.getString("K017c"));
                int length = certificateChain.length;
                this.stdout.println(Msg.getString("K017d", length));
                this.stdout.println();
                if (this.verbose) {
                    for (int i = 0; i < length; i++) {
                        this.stdout.println(Msg.getString("K017e", i + 1));
                        printVerboseCertificate((X509Certificate) certificateChain[i]);
                    }
                } else {
                    for (int i2 = 0; i2 < length; i2++) {
                        this.stdout.println(Msg.getString("K017e", i2 + 1));
                        this.stdout.println(writeInternetRFC1421Standard(certificateChain[i2]));
                        this.stdout.println();
                    }
                }
            } else {
                Certificate certificate = this.keystore.getCertificate(str);
                this.stdout.println(Msg.getString("K017b", this.keystore.getCreationDate(str)));
                this.stdout.println(Msg.getString("K017f"));
                this.stdout.println();
                if (this.verbose) {
                    printVerboseCertificate((X509Certificate) certificate);
                } else {
                    this.stdout.println(writeInternetRFC1421Standard(certificate));
                    this.stdout.println();
                }
            }
            this.stdout.println("------------------------------------------------");
            this.stdout.println();
        } catch (KeyStoreException e) {
            throw new KeyToolException(e.toString());
        }
    }

    public static void main(String[] strArr) {
        new KeyTool().run(strArr);
    }

    public void run(String[] strArr) {
        if (strArr.length == 0) {
            cmdHelpImpl();
            System.exit(0);
        }
        try {
            parser(strArr);
            if (this.cmd.equals("help")) {
                cmdHelpImpl();
                return;
            }
            if (this.cmd.equals("delete")) {
                cmdDeleteImpl();
                return;
            }
            if (this.cmd.equals("export")) {
                cmdExportImpl();
                return;
            }
            if (this.cmd.equals("genkey")) {
                cmdGenKeyImpl();
                return;
            }
            if (this.cmd.equals("import")) {
                cmdImportImpl();
                return;
            }
            if (this.cmd.equals("keyclone")) {
                cmdKeyCloneImpl();
                return;
            }
            if (this.cmd.equals("keypasswd")) {
                cmdKeyPasswdImpl();
                return;
            }
            if (this.cmd.equals("list")) {
                cmdListImpl();
                return;
            }
            if (this.cmd.equals("printcert")) {
                cmdPrintCertImpl();
                return;
            }
            if (this.cmd.equals("selfcert")) {
                cmdSelfCertImpl();
            } else if (this.cmd.equals("storepasswd")) {
                cmdStorePasswd();
            } else {
                cmdHelpImpl();
            }
        } catch (KeyToolException e) {
            this.stdout.println(Msg.getString("K0184", e.getMessage()));
        }
    }

    private String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int i = 0;
        while (i < bArr.length - 1) {
            if ((bArr[i] & 255) < 16) {
                stringBuffer.append('0');
            }
            stringBuffer.append(Integer.toHexString(bArr[i] & 255));
            stringBuffer.append(':');
            i++;
        }
        if ((bArr[i] & 255) < 16) {
            stringBuffer.append('0');
        }
        stringBuffer.append(Integer.toHexString(bArr[i] & 255));
        return stringBuffer.toString();
    }

    private String writeInternetRFC1421Standard(Certificate certificate) throws KeyToolException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("-----BEGIN CERTIFICATE-----\n");
        try {
            byte[] encode = BASE64Encoder.encode(certificate.getEncoded());
            int i = 0;
            while (i < encode.length) {
                int length = i + 76 > encode.length ? encode.length - i : 76;
                stringBuffer.append(new String(encode, i, length));
                stringBuffer.append('\n');
                i += length;
            }
            stringBuffer.append("-----END CERTIFICATE-----\n");
            return stringBuffer.toString();
        } catch (CertificateEncodingException e) {
            throw new KeyToolException(e.toString());
        }
    }
}
