package com.ibm.ws.ssl.commands.ProfileCreation;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.icu.impl.CalendarAstronomer;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.ws.crypto.config.KeySetGroupManager;
import com.ibm.ws.crypto.config.KeySetManager;
import com.ibm.ws.crypto.config.WSKeySetGroup;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/ssl/commands/ProfileCreation/PrepareKeysUtility.class */
public class PrepareKeysUtility {
    private static TraceComponent tc;
    static Class class$com$ibm$ws$ssl$commands$ProfileCreation$PrepareKeysUtility;

    public void createAllKeyStores(List list, String str, Security security, String str2, String str3) throws Exception {
        boolean createKeyStoreFile;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAllKeyStores", new Object[]{list, str, str2, str3});
        }
        String str4 = "default";
        String str5 = "cn=${hostname},o=IBM,c=US";
        String str6 = "365";
        String str7 = "1024";
        String str8 = "IBMJCE";
        if (list != null) {
            try {
                if (list.size() > 0) {
                    str8 = ((KeyStore) list.get(0)).getProvider();
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred.", new Object[]{e});
                }
                throw e;
            }
        }
        EList properties = security.getProperties();
        if (properties != null) {
            for (int i = 0; i < properties.size(); i++) {
                Property property = (Property) properties.get(i);
                if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_ALIAS)) {
                    str4 = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_SUBJECTDN)) {
                    str5 = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_DAYS)) {
                    str6 = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_KEYSIZE)) {
                    str7 = property.getValue();
                }
            }
        }
        String expand = KeyStoreManager.getInstance().expand(str5);
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Creating certificate using: (keySize: ").append(str7).append("), (subjectDN: ").append(expand).append("), (validity: ").append(str6).append(")").toString());
        }
        Date date = new Date();
        date.setTime(date.getTime() - CalendarAstronomer.DAY_MS);
        PkSsCertificate newSsCert = PkSsCertFactory.newSsCert(Integer.parseInt(str7), expand, Integer.parseInt(str6), date, true, true, str8);
        X509Certificate certificate = newSsCert.getCertificate();
        PrivateKey key = newSsCert.getKey();
        createClientKeyStores(str2, str3, certificate, key);
        try {
            Tr.audit(tc, new StringBuffer().append("Self Signed Certificate: notBefore time: ").append(certificate.getNotBefore().toString()).append(" notAfter time: ").append(certificate.getNotAfter().toString()).toString());
        } catch (Throwable th) {
        }
        for (int i2 = 0; i2 < list.size(); i2++) {
            KeyStore keyStore = (KeyStore) list.get(i2);
            if (keyStore != null) {
                if (keyStore.getName().endsWith("DefaultTrustStore")) {
                    boolean createKeyStoreFile2 = KeyStoreHelper.createKeyStoreFile(keyStore);
                    if (createKeyStoreFile2) {
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, new StringBuffer().append("KeyStore \"").append(keyStore.getName()).append("\" created -> ").append(createKeyStoreFile2).toString());
                        }
                        new WSKeyStoreRemotable(keyStore).invokeKeyStoreCommand("setCertificateEntry", new Object[]{str4, certificate});
                        if (str3 != null) {
                            copy(new File(keyStore.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore.getLocation())));
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "Signer added to trust store.");
                        }
                    }
                } else if (keyStore.getName().endsWith("DefaultKeyStore") && (createKeyStoreFile = KeyStoreHelper.createKeyStoreFile(keyStore))) {
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("KeyStore \"").append(keyStore.getName()).append("\" created -> ").append(createKeyStoreFile).toString());
                    }
                    new WSKeyStoreRemotable(keyStore).invokeKeyStoreCommand("setKeyEntry", new Object[]{str4, key, keyStore.getPassword().toCharArray(), new X509Certificate[]{certificate}});
                    if (str3 != null) {
                        copy(new File(keyStore.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore.getLocation())));
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "Personal certificate added to key store.");
                    }
                }
                if (keyStore.getName().endsWith("LTPAKeys") && str3 != null) {
                    copy(new File(keyStore.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore.getLocation())));
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAllKeyStores");
        }
    }

    public boolean createClientKeyStores(String str, String str2, X509Certificate x509Certificate, Key key) throws Exception {
        WSKeyStore keyStore;
        java.security.KeyStore keyStore2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createClientKeyStores");
        }
        try {
            SSLConfigManager.getInstance().initializeClientSSL();
            String[] keyStoreAliases = KeyStoreManager.getInstance().getKeyStoreAliases();
            for (int i = 0; i < keyStoreAliases.length; i++) {
                if (keyStoreAliases[i] != null && (keyStore = KeyStoreManager.getInstance().getKeyStore(keyStoreAliases[i])) != null && (keyStore2 = keyStore.getKeyStore(false, false)) != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("aliases[").append(i).append("]: ").append(keyStoreAliases[i]).toString());
                    }
                    if (keyStoreAliases[i].endsWith("DefaultTrustStore")) {
                        Enumeration<String> aliases = keyStore2.aliases();
                        while (aliases.hasMoreElements()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Setting signer for trust store: ").append(keyStoreAliases[i]).toString());
                            }
                            String nextElement = aliases.nextElement();
                            addSignerToDummyClientTrustFile(str, nextElement, x509Certificate);
                            keyStore2.deleteEntry(nextElement);
                            keyStore2.setCertificateEntry(nextElement, x509Certificate);
                            keyStore.store();
                            if (str2 != null) {
                                addSignerToDummyClientTrustFile(str2, nextElement, x509Certificate);
                                String property = keyStore.getProperty("com.ibm.ssl.keyStore");
                                String property2 = keyStore.getProperty("com.ibm.ssl.keyStore");
                                File file = new File(fixupClientLocationWithRepositoryRoot(str, property));
                                File file2 = new File(fixupClientLocationWithRepositoryRoot(str2, property));
                                if (property2.equals(file.getPath())) {
                                    copy(file, file2);
                                } else {
                                    copy(file2, file);
                                }
                            }
                        }
                    } else if (keyStoreAliases[i].endsWith("DefaultKeyStore")) {
                        Enumeration<String> aliases2 = keyStore2.aliases();
                        while (aliases2.hasMoreElements()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, new StringBuffer().append("Setting signer for key store: ").append(keyStoreAliases[i]).toString());
                            }
                            String nextElement2 = aliases2.nextElement();
                            keyStore2.deleteEntry(nextElement2);
                            String property3 = keyStore.getProperty("com.ibm.ssl.keyStorePassword");
                            if (property3 == null) {
                                property3 = Constants.DEFAULT_KEYSTORE_PASSWORD;
                                keyStore.setProperty("com.ibm.ssl.keyStorePassword", property3);
                            }
                            keyStore2.setKeyEntry(nextElement2, key, property3.toCharArray(), new Certificate[]{x509Certificate});
                            keyStore.store();
                            if (str2 != null) {
                                String property4 = keyStore.getProperty("com.ibm.ssl.keyStore");
                                String property5 = keyStore.getProperty("com.ibm.ssl.keyStore");
                                File file3 = new File(fixupClientLocationWithRepositoryRoot(str, property4));
                                File file4 = new File(fixupClientLocationWithRepositoryRoot(str2, property4));
                                if (property5.equals(file3.getPath())) {
                                    copy(file3, file4);
                                } else {
                                    copy(file4, file3);
                                }
                            }
                        }
                    }
                }
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "createClientKeyStores");
            return true;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
            throw e;
        }
    }

    public void addSignerToDummyClientTrustFile(String str, String str2, X509Certificate x509Certificate) {
        try {
            String stringBuffer = new StringBuffer().append(str).append("/etc/DummyClientTrustFile.jks").toString();
            java.security.KeyStore keyStore = KeyStoreManager.getInstance().getKeyStore(null, "JKS", "IBMJCE", stringBuffer, Constants.DEFAULT_KEYSTORE_PASSWORD, null, true, null);
            if (keyStore != null) {
                keyStore.setCertificateEntry(str2, x509Certificate);
                keyStore.store(new FileOutputStream(stringBuffer), Constants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
        }
    }

    public boolean checkForProfileExistance(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkForProfileExistance", new Object[]{str, str2});
        }
        boolean z = false;
        if (str == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("checkForProfileExistance -> ").append(false).toString());
            }
            return false;
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("config");
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("cells");
        stringBuffer.append(File.separatorChar);
        stringBuffer.append(str2);
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("security.xml");
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("securityxmlpath -> ").append(stringBuffer2).toString());
        }
        if (new File(stringBuffer2).exists()) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("checkForProfileExistance -> ").append(z).toString());
        }
        return z;
    }

    public String getNodeURIFromPath(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellURIFromPath", new Object[]{str});
        }
        int indexOf = str.indexOf("nodes/");
        String substring = indexOf != -1 ? str.substring(indexOf) : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellURIFromPath");
        }
        return substring;
    }

    public String getScopeFromURI(String str) throws Exception {
        String replace = str.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getScopeFromURI", new Object[]{replace});
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            int indexOf = replace.indexOf("/cells/") + "/cells/".length();
            int indexOf2 = replace.indexOf("/nodes/");
            int indexOf3 = replace.indexOf("/servers/");
            String substring = replace.substring(indexOf, indexOf2);
            String substring2 = replace.substring(indexOf2 + "/nodes/".length(), indexOf3);
            String substring3 = replace.substring(indexOf3 + "/servers/".length(), replace.lastIndexOf("/"));
            stringBuffer.append("(cell):");
            stringBuffer.append(substring);
            stringBuffer.append(":(node):");
            stringBuffer.append(substring2);
            stringBuffer.append(":(server):");
            stringBuffer.append(substring3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, new StringBuffer().append("getScopeFromURI -> ").append(stringBuffer.toString()).toString());
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("getScopeFromURI exception is").append(e.getMessage()).toString());
            }
            throw e;
        }
    }

    public static String fixupLocationWithRepositoryRoot(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupLocationWithRepositoryRoot", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/config/cells");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = new StringBuffer().append(str).append(replace.substring(indexOf)).toString();
        } else {
            int indexOf2 = replace.indexOf("/cells/");
            if (indexOf2 != -1) {
                str3 = new StringBuffer().append(str).append("/config").append(replace.substring(indexOf2)).toString();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("fixupLocationWithRepositoryRoot -> ").append(str3).toString());
        }
        return str3;
    }

    public static String fixupClientLocationWithRepositoryRoot(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupClientLocationWithRepositoryRoot", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/etc/");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = new StringBuffer().append(str).append(replace.substring(indexOf)).toString();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("fixupClientLocationWithRepositoryRoot -> ").append(str3).toString());
        }
        return str3;
    }

    public void createLTPAKeysIfNecessary(Security security) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createLTPAKeysIfNecessary");
        }
        try {
            if (!(security.getActiveAuthMechanism() instanceof LTPA)) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createLTPAKeysIfNecessary -> LTPA not enabled.");
                    return;
                }
                return;
            }
            KeyStoreManager.getInstance().loadKeyStores(security);
            KeySetManager.getInstance().initializeKeySets(security, true);
            KeySetGroupManager.getInstance().initializeKeySetGroups(security, true);
            WSKeySetGroup keySetGroup = KeySetGroupManager.getInstance().getKeySetGroup(((LTPA) security.getActiveAuthMechanism()).getKeySetGroup().getName());
            if (keySetGroup != null) {
                keySetGroup.getLatestKeys();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createLTPAKeysIfNecessary -> success");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating LTPA keys: ", new Object[]{e});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createLTPAKeysIfNecessary -> failed");
            }
            throw e;
        }
    }

    void copy(File file, File file2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "copy");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("source = ").append(file.getPath()).append(" destination = ").append(file2.getPath()).toString());
        }
        if (file.compareTo(file2) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "copy: source and destination equal");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "copy");
                return;
            }
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        byte[] bArr = new byte[1024];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read <= 0) {
                break;
            } else {
                fileOutputStream.write(bArr, 0, read);
            }
        }
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        if (fileOutputStream != null) {
            fileOutputStream.close();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "copy");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$commands$ProfileCreation$PrepareKeysUtility == null) {
            cls = class$("com.ibm.ws.ssl.commands.ProfileCreation.PrepareKeysUtility");
            class$com$ibm$ws$ssl$commands$ProfileCreation$PrepareKeysUtility = cls;
        } else {
            cls = class$com$ibm$ws$ssl$commands$ProfileCreation$PrepareKeysUtility;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.commands.ProfileCreation");
    }
}
