package com.ibm.ws.security.admintask.audit.certificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/admintask/audit/certificates/DeleteAuditCertificate.class */
public class DeleteAuditCertificate extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register(DeleteAuditCertificate.class, "SSL", "com.ibm.ws.ssl.commands.personalCertificates");
    private String keyStoreName;
    private String certAlias;
    private String keyStoreScope;
    private KeyStoreInfo ksInfo;
    private KeyStoreInfo deletedKsInfo;

    public DeleteAuditCertificate(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.certAlias = null;
        this.keyStoreScope = null;
        this.ksInfo = null;
        this.deletedKsInfo = null;
    }

    public DeleteAuditCertificate(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.certAlias = null;
        this.keyStoreScope = null;
        this.ksInfo = null;
        this.deletedKsInfo = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            this.keyStoreName = (String) getParameter(CommandConstants.KEY_STORE_NAME);
            this.keyStoreScope = (String) getParameter(CommandConstants.KEY_STORE_SCOPE);
            this.certAlias = (String) getParameter(CommandConstants.CERT_ALIAS);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreName=" + this.keyStoreName + " keyStoreScope=" + this.keyStoreScope + " certAlias=" + this.certAlias);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultScope();
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.keyStoreName, this.keyStoreScope);
            this.deletedKsInfo = commandHelper.getDeletedKeyStore(configSession, configService, this.keyStoreName);
            if (this.ksInfo.getName().endsWith(Constants.DEFAULT_ROOT_STORE) && isLastCert(configSession, configService, this.ksInfo)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.last.cert.CWPKI0707E", new Object[]{this.ksInfo.getName()}, "Can not remove the last certificate form " + this.ksInfo.getName() + "."));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteCAClient.validate", "118", this);
            throw new CommandValidationException(e.getMessage());
        }
    }

    private boolean isLastCert(Session session, ConfigService configService, KeyStoreInfo keyStoreInfo) throws Exception {
        int i = 0;
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null);
        if (invokeKeyStoreCommand != null) {
            for (Object obj : invokeKeyStoreCommand) {
                if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{(String) obj})[0]).booleanValue()) {
                    i++;
                }
            }
        }
        return i == 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            certificateDelete(this.ksInfo, this.deletedKsInfo, this.certAlias);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteCertificate.validate", "%c%", this);
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    public void certificateDelete(KeyStoreInfo keyStoreInfo, KeyStoreInfo keyStoreInfo2, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "certificateDelete");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = null;
        WSKeyStoreRemotable wSKeyStoreRemotable2 = new WSKeyStoreRemotable(keyStoreInfo);
        if (keyStoreInfo2 != null && !keyStoreInfo2.getReadOnly().booleanValue()) {
            wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo2);
        }
        try {
            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable2.invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable2.invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (!((Boolean) invokeKeyStoreCommand[0]).booleanValue() || !((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.CWPKI0696E", new Object[]{str}, "Certificate alias " + str + " either does not exist of is not a personal certificate."));
            }
            Session configSession = getConfigSession();
            if (CertificateRequestHelper.isKeyCertReq((X509Certificate) wSKeyStoreRemotable2.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0], str) == null) {
                if (wSKeyStoreRemotable != null && !keyStoreInfo2.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) && !keyStoreInfo2.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS)) {
                    Object[] invokeKeyStoreCommand3 = wSKeyStoreRemotable2.invokeKeyStoreCommand("getCertificateChain", new Object[]{str});
                    Object[] invokeKeyStoreCommand4 = wSKeyStoreRemotable2.invokeKeyStoreCommand("getKey", new Object[]{str, keyStoreInfo.getPassword().toCharArray()});
                    Object[] objArr = new Object[4];
                    objArr[0] = keyStoreInfo.getName() + "_" + str;
                    objArr[1] = (Key) invokeKeyStoreCommand4[0];
                    objArr[2] = keyStoreInfo2.getPassword() != null ? keyStoreInfo2.getPassword().toCharArray() : null;
                    objArr[3] = (Certificate[]) invokeKeyStoreCommand3[0];
                    wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntry", objArr);
                    PersonalCertificateHelper.setWorkspaceUpdated(configSession, keyStoreInfo2.getLocation());
                }
                wSKeyStoreRemotable2.invokeKeyStoreCommand("deleteEntry", new Object[]{str});
            }
            PersonalCertificateHelper.handleCACertReference(configSession, keyStoreInfo, str);
            if (this.ksInfo.getFileBased().booleanValue()) {
                PersonalCertificateHelper.setWorkspaceUpdated(configSession, keyStoreInfo.getLocation());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "certificateDelete");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteCertificate", "267", this);
            throw e;
        }
    }
}
