package com.ibm.ws.ssl.commands.dynamicSSLConfigSelections;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.ssl.commands.ManagementScope.ManagementScopeHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.ManagementScopeData;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import java.io.InputStream;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/ssl/commands/dynamicSSLConfigSelections/CreateDynamicSSLConfigSelection.class */
public class CreateDynamicSSLConfigSelection extends AbstractTaskCommand {
    private static TraceComponent tc;
    private String dynSSLName;
    private String description;
    private String info;
    private String sslCfg;
    private String sslCfgScope;
    private String certAlias;
    private String scopeName;
    private ObjectName mgmScopeObjName;
    private ObjectName sslCfgObjName;
    private boolean createMgmScope;
    static Class class$com$ibm$ws$ssl$commands$dynamicSSLConfigSelections$CreateDynamicSSLConfigSelection;

    public CreateDynamicSSLConfigSelection(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.dynSSLName = null;
        this.description = null;
        this.info = null;
        this.sslCfg = null;
        this.sslCfgScope = null;
        this.certAlias = null;
        this.scopeName = null;
        this.mgmScopeObjName = null;
        this.sslCfgObjName = null;
        this.createMgmScope = false;
    }

    public CreateDynamicSSLConfigSelection(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.dynSSLName = null;
        this.description = null;
        this.info = null;
        this.sslCfg = null;
        this.sslCfgScope = null;
        this.certAlias = null;
        this.scopeName = null;
        this.mgmScopeObjName = null;
        this.sslCfgObjName = null;
        this.createMgmScope = false;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        ObjectName objectName = null;
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName(null, CommandConstants.SECURITY);
            ObjectName objectName2 = configService.resolve(configSession, "Cell=")[0];
            if (objectName2 != null) {
                objectName = configService.queryConfigObjects(configSession, objectName2, createObjectName, null)[0];
            }
            this.dynSSLName = (String) getParameter(CommandConstants.DYN_SSL_CFG_NAME);
            this.description = (String) getParameter(CommandConstants.DYN_SSL_CFG_DESCRIPTION);
            this.info = (String) getParameter(CommandConstants.DYN_SSL_CFG_INFO);
            this.sslCfg = (String) getParameter(CommandConstants.DYN_SSL_CFG_SSL_CFG);
            this.certAlias = (String) getParameter(CommandConstants.DYN_SSL_CFG_CERT_ALIAS);
            this.sslCfgScope = (String) getParameter(CommandConstants.DYN_SSL_CFG_SSL_CFG_SCOPE);
            this.scopeName = (String) getParameter(CommandConstants.SCOPE_NAME);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("name=").append(this.dynSSLName).append(" description=").append(this.description).append(" info=").append(this.info).append(" sslCfg=").append(this.sslCfg).append(" certAlias=").append(this.certAlias).append(" scopeName=").append(this.scopeName).toString());
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.scopeName == null) {
                this.scopeName = commandHelper.defaultCellScope(objectName2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Default cell scopeName: ").append(this.scopeName).toString());
                }
            } else if (!ManagementScopeHelper.validScopeName(configSession, configService, this.scopeName)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Not a valid management scope name: ").append(this.scopeName).toString());
                }
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.scope.not.valid.CWPKI0604E", new Object[]{this.scopeName}, new StringBuffer().append("The following Management scope is not valid: ").append(this.scopeName).toString()));
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, this.dynSSLName);
            if (commandHelper.exists(configService, configSession, objectName, CommandConstants.DYNAMIC_SSL_CONFIG_SELECTIONS, attributeList, this.scopeName)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.already.exists.CWPKI0601E", new Object[]{this.dynSSLName, this.scopeName}, new StringBuffer().append(this.dynSSLName).append(" in the management scope ").append(this.scopeName).append(" already exists.").toString()));
            }
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.ALIAS, this.sslCfg);
            this.sslCfgObjName = commandHelper.getObjectName(configService, configSession, objectName, CommandConstants.REPERTOIRE, attributeList, this.sslCfgScope);
            if (this.sslCfgObjName == null) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.not.found.CWPKI0600E", new Object[]{this.sslCfg, this.sslCfgScope}, new StringBuffer().append(this.sslCfg).append(" does not exists within scope ").append(this.sslCfgScope).toString()));
            }
            AttributeList attributes = configService.getAttributes(configSession, this.sslCfgObjName, null, true);
            if (attributes != null && !commandHelper.withInScope(configService, configSession, attributes, this.scopeName)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getString("ssl.command.createDynSSLConfigSel.CWPKI0657E", "SSL Config is not within Dynamic SSL Configuration Selection management scope."));
            }
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_NAME, this.scopeName);
            if (commandHelper.exists(configService, configSession, objectName, CommandConstants.MANAGEMENT_SCOPES, attributeList, null)) {
                this.mgmScopeObjName = commandHelper.getObjectName(configService, configSession, objectName, CommandConstants.MANAGEMENT_SCOPES, attributeList, (String) null);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("mgmScopeObjName: ").append(this.mgmScopeObjName).toString());
                }
            } else {
                this.createMgmScope = true;
            }
            if (!goodInfoFormat(this.info)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Information parameter is not formatted correctly.");
                }
                throw new CommandValidationException(TraceNLSHelper.getInstance().getString("ssl.command.cert.information.format.check.CWPKI0681E", "Dynamic SSL configuration selection information parameter is not in the correct format. It should be in the format protocol,host,port."));
            }
            if (this.certAlias != null && !this.certAlias.equals("") && !checkCertAlias(configSession, configService, this.sslCfgObjName, this.certAlias)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "SSLConfig of certificate alias did not verify");
                }
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.not.SSLConfig.CWPKI0617E", new Object[]{this.certAlias, this.sslCfg}, new StringBuffer().append("Certificate ").append(this.certAlias).append(" is not in SSL configuration ").append(this.sslCfg).append(".").toString()));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (ConfigServiceException e) {
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            throw new CommandValidationException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        ObjectName objectName = null;
        ObjectName objectName2 = null;
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "beforeStepsExecuted");
                return;
            }
            return;
        }
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName(null, CommandConstants.SECURITY);
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            AttributeList attributeList = new AttributeList();
            ObjectName objectName3 = configService.resolve(configSession, "Cell=")[0];
            if (objectName3 != null) {
                objectName = configService.queryConfigObjects(configSession, objectName3, createObjectName, null)[0];
            }
            if (this.createMgmScope) {
                ManagementScopeData managementScopeData = new ManagementScopeData(this.scopeName);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_NAME, this.scopeName);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_TYPE, managementScopeData.getScopeType());
                this.mgmScopeObjName = configService.createConfigData(configSession, objectName, CommandConstants.MANAGEMENT_SCOPES, null, attributeList);
                attributeList.clear();
            }
            ConfigServiceHelper.setAttributeValue(attributeList, "name", this.dynSSLName);
            ConfigServiceHelper.setAttributeValue(attributeList, "description", this.description);
            ConfigServiceHelper.setAttributeValue(attributeList, "dynamicSelectionInfo", this.info);
            ConfigServiceHelper.setAttributeValue(attributeList, "sslConfig", this.sslCfgObjName);
            if (this.certAlias != null && !this.certAlias.equals("")) {
                ConfigServiceHelper.setAttributeValue(attributeList, "certificateAlias", this.certAlias);
            }
            ConfigServiceHelper.setAttributeValue(attributeList, "managementScope", this.mgmScopeObjName);
            objectName2 = configService.createConfigData(configSession, objectName, "dynamicSSLConfigSelections", "DynamicSSLConfigSelection", attributeList);
        } catch (Exception e) {
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        taskCommandResultImpl.setResult(objectName2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    private boolean checkCertAlias(Session session, ConfigService configService, ObjectName objectName, String str) throws Exception {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertAlias");
        }
        try {
            AttributeList attributeList = (AttributeList) configService.getAttribute(session, objectName, "setting");
            ObjectName objectName2 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.KEY_STORE);
            if (objectName2 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Old style SSL config.");
                }
                if (verifyCertInKeyStore(str, (String) ConfigServiceHelper.getAttributeValue(attributeList, "keyFileName"), (String) ConfigServiceHelper.getAttributeValue(attributeList, "keyFilePassword"), (String) ConfigServiceHelper.getAttributeValue(attributeList, "keyFileFormat"))) {
                    z = true;
                }
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "New SSLConfig.");
                }
                if (verifyCertInKeyStore(str, (KeyStore) MOFUtil.convertToEObject(session, objectName2))) {
                    z = true;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkCertAlias");
            }
            return z;
        } catch (ConfigServiceException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception is ").append(e.getMessage()).toString());
            }
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception is ").append(e2.getMessage()).toString());
            }
            throw new CommandValidationException(e2.getMessage());
        }
    }

    private boolean verifyCertInKeyStore(String str, String str2, String str3, String str4) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifyCertInKeyStore");
        }
        boolean z = false;
        InputStream inputStream = null;
        try {
            try {
                java.security.KeyStore keyStore = java.security.KeyStore.getInstance(str4, "IBMJCE");
                inputStream = WSKeyStore.openKeyStore(str2);
                keyStore.load(inputStream, str3.toCharArray());
                if (keyStore.containsAlias(str)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "keyAlias found");
                    }
                    z = true;
                }
                inputStream.close();
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "verifyCertInKeyStore");
                }
                return z;
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception is ", e.getMessage());
                }
                throw new Exception(e.getMessage());
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    private boolean verifyCertInKeyStore(String str, KeyStore keyStore) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifyCertInKeyStore");
        }
        boolean z = false;
        try {
            if (((Boolean) new WSKeyStoreRemotable(keyStore).invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "keyAlias found");
                }
                z = true;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "verifyCertInKeyStore");
            }
            return z;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception is ", e.getMessage());
            }
            throw new Exception(e.getMessage());
        }
    }

    private boolean goodInfoFormat(String str) {
        for (String str2 : str.split("\\|")) {
            String[] split = str2.split(",");
            if (split.length != 3) {
                return false;
            }
            String str3 = split[0];
            String str4 = split[1];
            String str5 = split[2];
            if (str3.equals("") || str4.equals("") || str5.equals("")) {
                return false;
            }
        }
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$commands$dynamicSSLConfigSelections$CreateDynamicSSLConfigSelection == null) {
            cls = class$("com.ibm.ws.ssl.commands.dynamicSSLConfigSelections.CreateDynamicSSLConfigSelection");
            class$com$ibm$ws$ssl$commands$dynamicSSLConfigSelections$CreateDynamicSSLConfigSelection = cls;
        } else {
            cls = class$com$ibm$ws$ssl$commands$dynamicSSLConfigSelections$CreateDynamicSSLConfigSelection;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.commands.dynamicSSLConfigSelection");
    }
}
