package com.ibm.ws.ssl.commands.WSCertExpMonitor;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/ssl/commands/WSCertExpMonitor/StartCertificateExpMonitor.class */
public class StartCertificateExpMonitor extends AbstractTaskCommand {
    private static TraceComponent tc;
    List personalCerts;
    List signerCerts;
    static Class class$com$ibm$ws$ssl$commands$WSCertExpMonitor$StartCertificateExpMonitor;

    public StartCertificateExpMonitor(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.personalCerts = new ArrayList();
        this.signerCerts = new ArrayList();
    }

    public StartCertificateExpMonitor(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.personalCerts = new ArrayList();
        this.signerCerts = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void beforeStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "beforeStepsExecuted");
        }
        super.beforeStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "beforeStepsExecuted");
                return;
            }
            return;
        }
        try {
            taskCommandResultImpl.setResult(startExpMonitor());
        } catch (Exception e) {
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        setCommandResult(taskCommandResultImpl);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "beforeStepsExecuted");
        }
    }

    public String startExpMonitor() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "startExpMonitor");
        }
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName(null, CommandConstants.SECURITY);
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            ObjectName objectName = configService.resolve(configSession, "Cell=")[0];
            ObjectName objectName2 = objectName != null ? configService.queryConfigObjects(configSession, objectName, createObjectName, null)[0] : null;
            AttributeList attributeList = (AttributeList) configService.getAttribute(configSession, objectName2, CommandConstants.WS_CERT_EXP_MONITOR);
            if (attributeList == null) {
                throw new Exception("certifcate expiration monitor object does not exist.");
            }
            Boolean bool = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.DELETE_OLD);
            Integer num = (Integer) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.DAYS_BEFORE_NOTIFICATION);
            Boolean bool2 = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.AUTO_REPLACE);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("deleteOld=").append(bool).append(" daysBeforeNotify=").append(num).append(" autoReplace=").append(bool2).toString());
            }
            String string = TraceNLSHelper.getInstance().getString("scanExpiration", "Checking for expired certificate and certificates about to expire");
            stringBuffer.append(property);
            stringBuffer.append(string);
            stringBuffer.append(property);
            List list = (List) configService.getAttribute(configSession, objectName2, CommandConstants.KEY_STORES);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String checkCertsInKeyStore = checkCertsInKeyStore(KeyStoreHelper.makeKsInfo((AttributeList) it.next()), num.intValue());
                if (checkCertsInKeyStore != null) {
                    stringBuffer.append(checkCertsInKeyStore);
                }
            }
            if (bool2.booleanValue() && this.personalCerts.size() > 0) {
                String string2 = TraceNLSHelper.getInstance().getString("replaceCertificate", "Replacing expired certificates");
                stringBuffer.append(property);
                stringBuffer.append(string2);
                stringBuffer.append(property);
                for (int i = 0; i < this.personalCerts.size(); i++) {
                    String genNewCertsAndReplace = genNewCertsAndReplace((CertReqInfo) this.personalCerts.get(i), bool.booleanValue());
                    if (genNewCertsAndReplace != null) {
                        stringBuffer.append(genNewCertsAndReplace);
                    }
                }
            }
            if (bool.booleanValue()) {
                String string3 = TraceNLSHelper.getInstance().getString("deleteCertificate", "Deleting expired certificates");
                stringBuffer.append(property);
                stringBuffer.append(string3);
                stringBuffer.append(property);
                Iterator it2 = list.iterator();
                while (it2.hasNext()) {
                    String deleteOldCertificates = deleteOldCertificates(KeyStoreHelper.makeKsInfo((AttributeList) it2.next()), num.intValue());
                    if (deleteOldCertificates != null) {
                        stringBuffer.append(deleteOldCertificates);
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "startExpMonitor");
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            e.printStackTrace();
            throw new Exception(e.getMessage());
        }
    }

    private String checkCertsInKeyStore(KeyStoreInfo keyStoreInfo, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertsInKeyStore");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        String name = keyStoreInfo.getName();
        System.currentTimeMillis();
        long j = 86400000 * i;
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        try {
            for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                String str = (String) obj;
                X509Certificate x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
                if (x509Certificate != null) {
                    Date notAfter = x509Certificate.getNotAfter();
                    x509Certificate.getNotBefore();
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e) {
                        Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
                        String format = DateFormat.getDateTimeInstance().format(notAfter);
                        if (((Boolean) invokeKeyStoreCommand[0]).booleanValue()) {
                            this.personalCerts.add(createCertInfo(str, x509Certificate, keyStoreInfo));
                            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.expired.CWPKI0680I", new Object[]{str, name, format}, new StringBuffer().append("Personal certificate alias \"").append(str).append("\" in KeyStore \"").append(name).append("\" expired on ").append(format).toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage);
                        } else {
                            this.signerCerts.add(createCertInfo(str, x509Certificate, keyStoreInfo));
                            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.expired.CWPKI0679I", new Object[]{str, name, format}, new StringBuffer().append("Signer certificate alias \"").append(str).append("\" in KeyStore \"").append(name).append("\" expired on ").append(format).toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage2);
                        }
                    } catch (CertificateNotYetValidException e2) {
                    }
                    if (notAfter.getTime() - System.currentTimeMillis() <= j) {
                        Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
                        String format2 = DateFormat.getDateTimeInstance().format(notAfter);
                        if (((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                            this.personalCerts.add(createCertInfo(str, x509Certificate, keyStoreInfo));
                            String formattedMessage3 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.expires.CWPKI0643I", new Object[]{str, name, format2}, new StringBuffer().append("Personal certificate alias \"").append(str).append("\" in KeyStore \"").append(name).append("\" expires on ").append(format2).toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage3);
                        } else {
                            this.signerCerts.add(createCertInfo(str, x509Certificate, keyStoreInfo));
                            String formattedMessage4 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.expires.CWPKI0642I", new Object[]{str, name, format2}, new StringBuffer().append("Signer certificate alias \"").append(str).append("\" in KeyStore \"").append(name).append("\" expires on ").append(format2).toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage4);
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkCertsInKeyStore");
            }
            return stringBuffer.toString();
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new Exception(e3.getMessage());
        }
    }

    private CertReqInfo createCertInfo(String str, X509Certificate x509Certificate, KeyStoreInfo keyStoreInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCertInfo");
        }
        CertReqInfo certReqInfo = new CertReqInfo(str, 0, x509Certificate.getSubjectX500Principal().toString(), 365, keyStoreInfo, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCertInfo");
        }
        return certReqInfo;
    }

    private String genNewCertsAndReplace(CertReqInfo certReqInfo, boolean z) throws Exception {
        String subjectDN = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String password = ksInfo.getPassword();
        String provider = ksInfo.getProvider();
        String name = ksInfo.getName();
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(ksInfo);
        Session configSession = getConfigSession();
        String property = System.getProperty("line.separator");
        StringBuffer stringBuffer = new StringBuffer();
        try {
            X509Certificate x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{label})[0];
            Date date = new Date();
            date.setTime(date.getTime() - 86400000);
            PkSsCertificate newSsCert = PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, provider);
            if (newSsCert == null) {
                return new StringBuffer().append("Unable to create the new self-signed certificate for ").append(label).append(".").toString();
            }
            X509Certificate certificate = newSsCert.getCertificate();
            wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntry", new Object[]{label, newSsCert.getKey(), password.toCharArray(), new X509Certificate[]{certificate}});
            try {
                Tr.audit(tc, new StringBuffer().append("Self Signed Certificate: notBefore time: ").append(certificate.getNotBefore().toString()).append(" notAfter time: ").append(certificate.getNotAfter().toString()).toString());
            } catch (Throwable th) {
            }
            X509Certificate x509Certificate2 = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{label})[0];
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.replace.CWPKI0645I", new Object[]{label, name}, new StringBuffer().append("Personal certificate alias \"").append(label).append("\" in KeyStore \"").append(name).append("\" was REPLACED").toString());
            stringBuffer.append(property);
            stringBuffer.append(formattedMessage);
            String replaceSigners = PersonalCertificateHelper.replaceSigners(configSession, label, x509Certificate, null, x509Certificate2, z);
            if (replaceSigners != null) {
                stringBuffer.append(property);
                stringBuffer.append(replaceSigners);
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            e.printStackTrace();
            throw new Exception(e.getMessage());
        }
    }

    private String deleteOldCertificates(KeyStoreInfo keyStoreInfo, int i) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertsInKeyStore");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        String name = keyStoreInfo.getName();
        System.currentTimeMillis();
        long j = 86400000 * i;
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        try {
            for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                String str = (String) obj;
                X509Certificate x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
                if (x509Certificate != null) {
                    x509Certificate.getNotAfter();
                    x509Certificate.getNotBefore();
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e) {
                        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue()) {
                            wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str});
                            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.delete.CWPKI0647I=", new Object[]{str, name}, new StringBuffer().append("Personal certificate alias \"").append(str).append("\" was DELETED from KeyStore \"").append(name).append("\"").toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage);
                        } else {
                            wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str});
                            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.delete.CWPKI0646I", new Object[]{str, name}, new StringBuffer().append("Signer certificate alias \"").append(str).append("\" was DELETED from KeyStore \"").append(name).append("\"").toString());
                            stringBuffer.append(property);
                            stringBuffer.append(formattedMessage2);
                        }
                    } catch (CertificateNotYetValidException e2) {
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkCertsInKeyStore");
            }
            return stringBuffer.toString();
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new Exception(e3.getMessage());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$commands$WSCertExpMonitor$StartCertificateExpMonitor == null) {
            cls = class$("com.ibm.ws.ssl.commands.WSCertExpMonitor.StartCertificateExpMonitor");
            class$com$ibm$ws$ssl$commands$WSCertExpMonitor$StartCertificateExpMonitor = cls;
        } else {
            cls = class$com$ibm$ws$ssl$commands$WSCertExpMonitor$StartCertificateExpMonitor;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.commands.certificateRequests");
    }
}
