package com.ibm.ws.ssl.commands.ProfileCreation;

import com.ibm.ISecurityUtilityImpl.PasswordUtil;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.util.PkNewCertFactory;
import com.ibm.security.certclient.util.PkNewCertificate;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.AdminCommand;
import com.ibm.websphere.management.cmdframework.CommandMgr;
import com.ibm.websphere.management.cmdframework.CommandResult;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.models.config.ipc.ssl.KeySet;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.LTPA;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.ws.crypto.config.KeySetGroupManager;
import com.ibm.ws.crypto.config.KeySetManager;
import com.ibm.ws.crypto.config.WSKeySetGroup;
import com.ibm.ws.crypto.config.WSScheduler;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeData;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.core.Constants;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/ssl/commands/ProfileCreation/PrepareKeysUtility.class */
public class PrepareKeysUtility {
    private static TraceComponent tc = Tr.register(PrepareKeysUtility.class, "SSL", "com.ibm.ws.ssl.commands.ProfileCreation");
    private static String rootAlias = null;
    private static String defaultAlias = null;
    private static String rootSubjectDN = null;
    private static String defaultSubjectDN = null;
    private static String rootDays = null;
    private static String defaultDays = null;
    private static String rootKeySize = null;
    private static String defaultKeySize = null;
    private static String rootKeyStoreProvider = "IBMJCE";
    private static String defaultKeyStoreProvider = "IBMJCE";

    public PrepareKeysUtility() {
    }

    public PrepareKeysUtility(Security security, String str, String str2, String str3, String str4, String str5, String str6) {
        if (str != null && !str.equals("")) {
            rootSubjectDN = str;
        }
        if (str2 != null && !str2.equals("")) {
            rootDays = str2;
        }
        if (str3 != null && !str3.equals("")) {
            defaultSubjectDN = str3;
        }
        if (str4 != null && !str4.equals("")) {
            defaultDays = str4;
        }
        EList properties = security.getProperties();
        if (properties != null) {
            for (int i = 0; i < properties.size(); i++) {
                Property property = (Property) properties.get(i);
                if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_ALIAS) && defaultAlias == null) {
                    defaultAlias = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_SUBJECTDN) && str3 == null) {
                    defaultSubjectDN = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_DAYS) && str2 == null) {
                    defaultDays = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_DEFAULT_CERTREQ_KEYSIZE) && defaultKeySize == null) {
                    defaultKeySize = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_ROOT_CERT_SUBJECTDN) && str == null) {
                    rootSubjectDN = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_ROOT_CERT_DAYS) && str4 == null) {
                    rootDays = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_ROOT_CERT_KEYSIZE) && rootKeySize == null) {
                    rootKeySize = property.getValue();
                } else if (property.getName().equals(Constants.SSLPROP_ROOT_CERT_ALIAS) && rootAlias == null) {
                    rootAlias = property.getValue();
                }
            }
        }
        if (rootAlias == null) {
            rootAlias = "root";
        }
        if (rootSubjectDN == null) {
            rootSubjectDN = "cn=${hostname},ou=Root Certificate,ou=" + str5 + ",ou=" + str6 + ",o=IBM,c=US";
        }
        if (rootDays == null) {
            rootDays = "7300";
        }
        if (rootKeySize == null) {
            rootKeySize = "1024";
        }
        if (defaultAlias == null) {
            defaultAlias = "default";
        }
        if (defaultSubjectDN == null) {
            defaultSubjectDN = "cn=${hostname},ou=" + str5 + ",ou=" + str6 + ",o=IBM,c=US";
        }
        if (defaultDays == null) {
            defaultDays = "365";
        }
        if (defaultKeySize == null) {
            defaultKeySize = "1024";
        }
    }

    public void createAllKeyStores(List list, Session session, ConfigService configService, String str, Security security, String str2, String str3, KeyStore keyStore, String str4, String str5, KeyStore keyStore2, String str6, String str7) throws Exception {
        String str8;
        PkSsCertificate newSsCert;
        Certificate[] certificateArr;
        Key key;
        PkSsCertificate newSsCert2;
        Certificate[] certificateArr2;
        Key key2;
        Certificate[] certificateArr3;
        PrivateKey privateKey;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAllKeyStores", new Object[]{list, str, str2, str3});
        }
        Certificate certificate = null;
        Certificate certificate2 = null;
        if (list != null) {
            try {
                if (list.size() > 0) {
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred.", new Object[]{e});
                }
                throw e;
            }
        }
        try {
            str8 = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e2) {
            if (!System.getProperty("os.name").equals("OS/400")) {
                throw e2;
            }
            str8 = "LOOPBACK";
        }
        rootSubjectDN = KeyStoreManager.expandHostNameVariable(rootSubjectDN, str8);
        defaultSubjectDN = KeyStoreManager.expandHostNameVariable(defaultSubjectDN, str8);
        String profileUUID = getProfileUUID(str2, session);
        ArrayList arrayList = new ArrayList();
        arrayList.add("ProfileUUID:" + profileUUID);
        Boolean bool = true;
        if (keyStore != null) {
            certificateArr = keyStore.getCertificateChain(str4);
            key = keyStore.getKey(str4, str5.toCharArray());
            certificate = certificateArr[certificateArr.length - 1];
        } else {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Creating default ssl root certificate using: (keySize: " + rootKeySize + "), (subjectDN: " + rootSubjectDN + "), (validity: " + rootDays + ")");
            }
            Date date = new Date();
            date.setTime(date.getTime() - 86400000);
            try {
                newSsCert = PkSsCertFactory.newSsCert(Integer.parseInt(rootKeySize), rootSubjectDN, Integer.parseInt(rootDays), date, true, true, arrayList, (List) null, (List) null, rootKeyStoreProvider, (KeyPair) null, true);
            } catch (NoSuchMethodError e3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Certificate Signing API's are not available: " + e3.getMessage());
                }
                newSsCert = PkSsCertFactory.newSsCert(Integer.parseInt(rootKeySize), rootSubjectDN, Integer.parseInt(rootDays), date, true, true, arrayList, (List) null, (List) null, rootKeyStoreProvider, (KeyPair) null);
                bool = false;
            }
            Thread.currentThread();
            Thread.sleep(1000L);
            certificateArr = new Certificate[]{newSsCert.getCertificate()};
            key = newSsCert.getKey();
            try {
                Tr.audit(tc, "Self Signed Certificate: notBefore time: " + ((X509Certificate) certificateArr[0]).getNotBefore().toString() + " notAfter time: " + ((X509Certificate) certificateArr[0]).getNotAfter().toString());
            } catch (Throwable th) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "Creating admin root certificate using: (keySize: " + rootKeySize + "), (subjectDN: " + rootSubjectDN + "), (validity: " + rootDays + ")");
        }
        Date date2 = new Date();
        date2.setTime(date2.getTime() - 86400000);
        try {
            newSsCert2 = PkSsCertFactory.newSsCert(Integer.parseInt(rootKeySize), rootSubjectDN, Integer.parseInt(rootDays), date2, true, true, arrayList, (List) null, (List) null, rootKeyStoreProvider, (KeyPair) null, true);
        } catch (NoSuchMethodError e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate Signing API's are not available: " + e4.getMessage());
            }
            newSsCert2 = PkSsCertFactory.newSsCert(Integer.parseInt(rootKeySize), rootSubjectDN, Integer.parseInt(rootDays), date2, true, true, arrayList, (List) null, (List) null, rootKeyStoreProvider, (KeyPair) null);
            bool = false;
        }
        Thread.currentThread();
        Thread.sleep(1000L);
        Certificate[] certificateArr4 = {newSsCert2.getCertificate()};
        PrivateKey key3 = newSsCert2.getKey();
        try {
            Tr.audit(tc, "Self Signed Certificate: notBefore time: " + ((X509Certificate) certificateArr[0]).getNotBefore().toString() + " notAfter time: " + ((X509Certificate) certificateArr[0]).getNotAfter().toString());
        } catch (Throwable th2) {
        }
        if (keyStore2 != null) {
            certificateArr2 = keyStore2.getCertificateChain(str6);
            key2 = keyStore2.getKey(str6, str7.toCharArray());
            certificate2 = certificateArr2[certificateArr2.length - 1];
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Creating default certificate using: (keySize: " + defaultKeySize + "), (subjectDN: " + defaultSubjectDN + "), (validity: " + defaultDays + ")");
            }
            date2 = new Date();
            date2.setTime(date2.getTime() - 86400000);
            if (bool.booleanValue()) {
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
                for (int i = 0; i < certificateArr.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateArr[i];
                }
                PkNewCertificate newCert = PkNewCertFactory.newCert(Integer.parseInt(defaultKeySize), defaultSubjectDN, Integer.parseInt(defaultDays), date2, true, arrayList, (List) null, (List) null, defaultKeyStoreProvider, (KeyPair) null, x509CertificateArr, (PrivateKey) key, false);
                Thread.currentThread();
                Thread.sleep(1000L);
                certificateArr2 = newCert.getCertificateChain();
                if (tc.isDebugEnabled()) {
                    for (List<?> list2 : ((X509Certificate) certificateArr2[certificateArr2.length - 1]).getSubjectAlternativeNames()) {
                        if (list2 != null && list2.size() > 0) {
                            for (int i2 = 0; i2 < list2.size(); i2++) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "The profile UUID from the root certificate is: " + list2.get(i2));
                                }
                            }
                        }
                    }
                }
                key2 = newCert.getKey();
            } else {
                certificateArr2 = certificateArr;
                key2 = key;
            }
        }
        if (bool.booleanValue()) {
            X509Certificate[] x509CertificateArr2 = new X509Certificate[certificateArr4.length];
            for (int i3 = 0; i3 < certificateArr4.length; i3++) {
                x509CertificateArr2[i3] = (X509Certificate) certificateArr4[i3];
            }
            PkNewCertificate newCert2 = PkNewCertFactory.newCert(Integer.parseInt(defaultKeySize), defaultSubjectDN, Integer.parseInt(defaultDays), date2, true, arrayList, (List) null, (List) null, defaultKeyStoreProvider, (KeyPair) null, x509CertificateArr2, key3, false);
            certificateArr3 = newCert2.getCertificateChain();
            if (tc.isDebugEnabled()) {
                for (List<?> list3 : ((X509Certificate) certificateArr3[0]).getSubjectAlternativeNames()) {
                    if (list3 != null && list3.size() > 0) {
                        for (int i4 = 0; i4 < list3.size(); i4++) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "The profile UUID from the personal certificate is: " + list3.get(i4));
                            }
                        }
                    }
                }
            }
            privateKey = newCert2.getKey();
        } else {
            certificateArr3 = certificateArr4;
            privateKey = key3;
        }
        createClientKeyStores(str2, str3, certificateArr2, key2, certificateArr, key);
        for (int i5 = 0; i5 < list.size(); i5++) {
            com.ibm.websphere.models.config.ipc.ssl.KeyStore keyStore3 = (com.ibm.websphere.models.config.ipc.ssl.KeyStore) list.get(i5);
            ManagementScopeData managementScopeData = new ManagementScopeData(keyStore3.getManagementScope().getScopeName());
            String str9 = null;
            String str10 = null;
            String cellName = managementScopeData.getScopeType().equalsIgnoreCase("cell") ? managementScopeData.getCellName() : managementScopeData.getNodeName();
            if (keyStore3 != null && !keyStore3.isReadOnly()) {
                if (keyStore3.getName().endsWith(Constants.DEFAULT_TRUST_STORE)) {
                    String location = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location));
                    boolean createKeyStoreFile = KeyStoreHelper.createKeyStoreFile(keyStore3, rootAlias, null, certificateArr);
                    keyStore3.setLocation(location);
                    if (createKeyStoreFile) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile);
                        }
                        X509CertImpl x509CertImpl = new X509CertImpl(KeyStoreHelper.getDataPowerCert());
                        if (x509CertImpl != null) {
                            KeyStoreHelper.addCertToKeystore(keyStore3, "datapower", x509CertImpl);
                        }
                        if (certificate != null) {
                            KeyStoreHelper.addCertToKeystore(keyStore3, str4, certificate);
                        }
                        if (certificate2 != null) {
                            KeyStoreHelper.addCertToKeystore(keyStore3, str6, certificate2);
                        }
                        if (str3 != null) {
                            copy(new File(keyStore3.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore3.getLocation())));
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("defaultTrustStoreDesc", new Object[]{cellName}, "Default trust store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_SSL;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Root Signer added to trust store.");
                        }
                    }
                } else if (keyStore3.getName().endsWith(Constants.DEFAULT_KEY_STORE)) {
                    String location2 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location2));
                    boolean createKeyStoreFile2 = KeyStoreHelper.createKeyStoreFile(keyStore3, defaultAlias, key2, certificateArr2);
                    keyStore3.setLocation(location2);
                    if (createKeyStoreFile2) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile2);
                        }
                        if (str3 != null) {
                            copy(new File(keyStore3.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore3.getLocation())));
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("defaultKeyStoreDesc", new Object[]{cellName}, "Default key store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_SSL;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Chained certificate added to key store.");
                        }
                    }
                } else if (keyStore3.getName().endsWith(Constants.DEFAULT_ROOT_STORE)) {
                    String location3 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location3));
                    boolean createKeyStoreFile3 = KeyStoreHelper.createKeyStoreFile(keyStore3, rootAlias, key, certificateArr);
                    keyStore3.setLocation(location3);
                    if (createKeyStoreFile3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile3);
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("defaultRootStoreDesc", new Object[]{cellName}, "Root certificate key store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_ROOT;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Root certificate added to root key store.");
                        }
                    }
                } else if (keyStore3.getName().endsWith(Constants.DEFAULT_DELETED_STORE)) {
                    String location4 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location4));
                    boolean createKeyStoreFile4 = KeyStoreHelper.createKeyStoreFile(keyStore3, null, null, null);
                    keyStore3.setLocation(location4);
                    if (createKeyStoreFile4) {
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("defaultDeletedStoreDesc", new Object[]{cellName}, "Key store containing deleted certificates for " + cellName);
                        str10 = CommandConstants.KS_USAGE_DELETED;
                    }
                } else if (keyStore3.getName().endsWith(Constants.DEFAULT_SIGNERS_STORE)) {
                    String location5 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location5));
                    boolean createKeyStoreFile5 = KeyStoreHelper.createKeyStoreFile(keyStore3, "root", null, certificateArr);
                    keyStore3.setLocation(location5);
                    if (createKeyStoreFile5) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile5);
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("defaultSignersStoreDesc", new Object[]{cellName}, "Key store containing default signers for " + cellName);
                        str10 = CommandConstants.KS_USAGE_SIGNERS;
                    }
                } else if (keyStore3.getName().endsWith(Constants.RSA_TOKEN_KEY_STORE)) {
                    String location6 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location6));
                    boolean createKeyStoreFile6 = KeyStoreHelper.createKeyStoreFile(keyStore3, defaultAlias, privateKey, certificateArr3);
                    keyStore3.setLocation(location6);
                    if (createKeyStoreFile6) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile6);
                        }
                        if (str3 != null) {
                            copy(new File(keyStore3.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore3.getLocation())));
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("rsaTokenKeyStoreDesc", new Object[]{cellName}, "RSAToken key store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_RSA;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Chained certificate added to RSAToken key store.");
                        }
                    }
                } else if (keyStore3.getName().endsWith(Constants.RSA_TOKEN_TRUST_STORE)) {
                    String location7 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location7));
                    boolean createKeyStoreFile7 = KeyStoreHelper.createKeyStoreFile(keyStore3, rootAlias, null, certificateArr4);
                    keyStore3.setLocation(location7);
                    if (createKeyStoreFile7) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile7);
                        }
                        if (str3 != null) {
                            copy(new File(keyStore3.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore3.getLocation())));
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("rsaTokenKeyStoreDesc", new Object[]{cellName}, "RSAToken trust store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_RSA;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Root Signer added to RSAToken trust store.");
                        }
                    }
                } else if (keyStore3.getName().endsWith(Constants.RSA_TOKEN_ROOT_STORE)) {
                    String location8 = keyStore3.getLocation();
                    keyStore3.setLocation(fixupLocationWithRepositoryRoot(str2, location8));
                    boolean createKeyStoreFile8 = KeyStoreHelper.createKeyStoreFile(keyStore3, rootAlias, key3, certificateArr4);
                    keyStore3.setLocation(location8);
                    if (createKeyStoreFile8) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "KeyStore \"" + keyStore3.getName() + "\" created -> " + createKeyStoreFile8);
                        }
                        str9 = TraceNLSHelper.getInstance().getFormattedMessage("rsaTokenRootStoreDesc", new Object[]{cellName}, "RSAToken root certificate key store for " + cellName);
                        str10 = CommandConstants.KS_USAGE_RSA;
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Root certificate added to RSAToken root key store.");
                        }
                    }
                }
                if (keyStore3.getName().endsWith(Constants.LTPA_KEYS)) {
                    if (str3 != null) {
                        copy(new File(keyStore3.getLocation()), new File(fixupLocationWithRepositoryRoot(str3, keyStore3.getLocation())));
                    }
                    str9 = TraceNLSHelper.getInstance().getFormattedMessage("", new Object[0], "LTPA key store for " + cellName);
                    str10 = CommandConstants.KS_USAGE_KEYSET;
                    EList keySets = security.getKeySets();
                    for (int i6 = 0; i6 < keySets.size(); i6++) {
                        KeySet keySet = (KeySet) keySets.get(i6);
                        if (keySet.getKeyStore().getName().equals(keyStore3.getName())) {
                            ObjectName createObjectName = MOFUtil.createObjectName(keySet);
                            AttributeList attributeList = new AttributeList();
                            attributeList.add(new Attribute("password", keyStore3.getPassword()));
                            configService.setAttributes(session, createObjectName, attributeList);
                        }
                    }
                }
                ObjectName createObjectName2 = MOFUtil.createObjectName(keyStore3);
                AttributeList attributeList2 = new AttributeList();
                attributeList2.add(new Attribute("description", str9));
                attributeList2.add(new Attribute("password", keyStore3.getPassword()));
                attributeList2.add(new Attribute("usage", str10));
                configService.setAttributes(session, createObjectName2, attributeList2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAllKeyStores");
        }
    }

    public boolean createClientKeyStores(String str, String str2, Certificate[] certificateArr, Key key, Certificate[] certificateArr2, Key key2) throws Exception {
        KeyStore keyStore;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createClientKeyStores");
        }
        try {
            SSLConfigManager.getInstance().initializeClientSSL();
            String[] keyStoreAliases = KeyStoreManager.getInstance().getKeyStoreAliases();
            for (int i = 0; i < keyStoreAliases.length; i++) {
                if (keyStoreAliases[i] != null) {
                    WSKeyStore keyStore2 = KeyStoreManager.getInstance().getKeyStore(keyStoreAliases[i]);
                    boolean z = (keyStore2 == null || keyStore2.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY) == null || (!keyStore2.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY).equalsIgnoreCase("true") && !keyStore2.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY).equalsIgnoreCase("yes"))) ? false : true;
                    if (keyStore2 != null && !z && ((keyStoreAliases[i].endsWith("ClientDefaultKeyStore") || keyStoreAliases[i].endsWith("ClientDefaultTrustStore")) && (keyStore = keyStore2.getKeyStore(false, false)) != null)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "aliases[" + i + "]: " + keyStoreAliases[i]);
                        }
                        if (keyStoreAliases[i].endsWith(Constants.DEFAULT_TRUST_STORE)) {
                            Enumeration<String> aliases = keyStore.aliases();
                            while (aliases.hasMoreElements()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Setting root signer for trust store: " + keyStoreAliases[i]);
                                }
                                String nextElement = aliases.nextElement();
                                addSignerToDummyClientTrustFile(str, nextElement, certificateArr2[0]);
                                keyStore.deleteEntry(nextElement);
                                keyStore.setCertificateEntry(nextElement, certificateArr2[0]);
                                keyStore2.store();
                                if (str2 != null) {
                                    addSignerToDummyClientTrustFile(str2, nextElement, certificateArr2[0]);
                                    String property = keyStore2.getProperty("com.ibm.ssl.keyStore");
                                    String property2 = keyStore2.getProperty("com.ibm.ssl.keyStore");
                                    File file = new File(fixupClientLocationWithRepositoryRoot(str, property));
                                    File file2 = new File(fixupClientLocationWithRepositoryRoot(str2, property));
                                    if (property2.equals(file.getPath())) {
                                        copy(file, file2);
                                    } else {
                                        copy(file2, file);
                                    }
                                }
                            }
                        } else if (keyStoreAliases[i].endsWith(Constants.DEFAULT_KEY_STORE)) {
                            Enumeration<String> aliases2 = keyStore.aliases();
                            while (aliases2.hasMoreElements()) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Setting chained certificate for key store: " + keyStoreAliases[i]);
                                }
                                String nextElement2 = aliases2.nextElement();
                                keyStore.deleteEntry(nextElement2);
                                String property3 = keyStore2.getProperty("com.ibm.ssl.keyStorePassword");
                                if (property3 == null) {
                                    property3 = Constants.DEFAULT_KEYSTORE_PASSWORD;
                                    keyStore2.setProperty("com.ibm.ssl.keyStorePassword", property3);
                                }
                                keyStore.setKeyEntry(nextElement2, key, property3.toCharArray(), certificateArr);
                                keyStore2.store();
                                if (str2 != null) {
                                    String property4 = keyStore2.getProperty("com.ibm.ssl.keyStore");
                                    String property5 = keyStore2.getProperty("com.ibm.ssl.keyStore");
                                    File file3 = new File(fixupClientLocationWithRepositoryRoot(str, property4));
                                    File file4 = new File(fixupClientLocationWithRepositoryRoot(str2, property4));
                                    if (property5.equals(file3.getPath())) {
                                        copy(file3, file4);
                                    } else {
                                        copy(file4, file3);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "createClientKeyStores");
            return true;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
            throw e;
        }
    }

    public void addSignerToDummyClientTrustFile(String str, String str2, Certificate certificate) {
        try {
            String str3 = str + "/etc/DummyClientTrustFile.jks";
            KeyStore keyStore = KeyStoreManager.getInstance().getKeyStore(null, "JKS", "IBMJCE", str3, Constants.DEFAULT_KEYSTORE_PASSWORD, null, true, null);
            if (keyStore != null) {
                keyStore.setCertificateEntry(str2, certificate);
                keyStore.store(new FileOutputStream(str3), Constants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
        }
    }

    public boolean checkForProfileExistance(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkForProfileExistance", new Object[]{str, str2});
        }
        boolean z = false;
        if (str == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkForProfileExistance -> false");
            }
            return false;
        }
        StringBuffer stringBuffer = new StringBuffer(str);
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("config");
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("cells");
        stringBuffer.append(File.separatorChar);
        stringBuffer.append(str2);
        stringBuffer.append(File.separatorChar);
        stringBuffer.append("security.xml");
        String stringBuffer2 = stringBuffer.toString();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "securityxmlpath -> " + stringBuffer2);
        }
        if (new File(stringBuffer2).exists()) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkForProfileExistance -> " + z);
        }
        return z;
    }

    public String getNodeURIFromPath(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellURIFromPath", new Object[]{str});
        }
        int indexOf = str.indexOf("nodes/");
        String substring = indexOf != -1 ? str.substring(indexOf) : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellURIFromPath");
        }
        return substring;
    }

    public String getScopeFromURI(String str) throws Exception {
        String replace = str.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getScopeFromURI", new Object[]{replace});
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            int indexOf = replace.indexOf("/cells/") + "/cells/".length();
            int indexOf2 = replace.indexOf("/nodes/");
            int indexOf3 = replace.indexOf("/servers/");
            String substring = replace.substring(indexOf, indexOf2);
            String substring2 = replace.substring(indexOf2 + "/nodes/".length(), indexOf3);
            String substring3 = replace.substring(indexOf3 + "/servers/".length(), replace.lastIndexOf("/"));
            stringBuffer.append("(cell):");
            stringBuffer.append(substring);
            stringBuffer.append(":(node):");
            stringBuffer.append(substring2);
            stringBuffer.append(":(server):");
            stringBuffer.append(substring3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getScopeFromURI -> " + stringBuffer.toString());
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getScopeFromURI exception is" + e.getMessage());
            }
            throw e;
        }
    }

    public static String fixupLocationWithRepositoryRoot(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupLocationWithRepositoryRoot", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/config/cells");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = str + replace.substring(indexOf);
        } else {
            int indexOf2 = replace.indexOf("/cells/");
            if (indexOf2 != -1) {
                str3 = str + "/config" + replace.substring(indexOf2);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixupLocationWithRepositoryRoot -> " + str3);
        }
        return str3;
    }

    public static String fixupClientLocationWithRepositoryRoot(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupClientLocationWithRepositoryRoot", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/etc/");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = str + replace.substring(indexOf);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixupClientLocationWithRepositoryRoot -> " + str3);
        }
        return str3;
    }

    public void createLTPAKeysIfNecessary(Security security, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createLTPAKeysIfNecessary");
        }
        if (str != null) {
            try {
                EList keyStores = security.getKeyStores();
                for (int i = 0; i < keyStores.size(); i++) {
                    com.ibm.websphere.models.config.ipc.ssl.KeyStore keyStore = (com.ibm.websphere.models.config.ipc.ssl.KeyStore) keyStores.get(i);
                    if (keyStore.getName().endsWith(Constants.LTPA_KEYS)) {
                        keyStore.setPassword(str);
                    }
                }
                EList keySets = security.getKeySets();
                for (int i2 = 0; i2 < keySets.size(); i2++) {
                    ((KeySet) keySets.get(i2)).setPassword(str);
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception creating LTPA keys: ", new Object[]{e});
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createLTPAKeysIfNecessary -> failed");
                }
                throw e;
            }
        }
        if (!(security.getActiveAuthMechanism() instanceof LTPA)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "createLTPAKeysIfNecessary -> LTPA not enabled.");
                return;
            }
            return;
        }
        KeyStoreManager.getInstance().loadKeyStores(security);
        KeySetManager.getInstance().initializeKeySets(security, true);
        KeySetGroupManager.getInstance().initializeKeySetGroups(security, true);
        WSKeySetGroup keySetGroup = KeySetGroupManager.getInstance().getKeySetGroup(((LTPA) security.getActiveAuthMechanism()).getKeySetGroup().getName());
        if (keySetGroup != null) {
            keySetGroup.getLatestKeys();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createLTPAKeysIfNecessary -> success");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void copy(File file, File file2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "copy");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "source = " + file.getPath() + " destination = " + file2.getPath());
        }
        if (file.compareTo(file2) == 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "copy: source and destination equal");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "copy");
                return;
            }
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        byte[] bArr = new byte[1024];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read <= 0) {
                break;
            } else {
                fileOutputStream.write(bArr, 0, read);
            }
        }
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        if (fileOutputStream != null) {
            fileOutputStream.close();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "copy");
        }
    }

    public static void setSecurityProperties(Session session, ConfigService configService, ObjectName objectName, String str, String str2) {
        boolean z = false;
        try {
            AttributeList attributeList = new AttributeList();
            attributeList.add(new Attribute("name", str));
            attributeList.add(new Attribute("value", str2));
            AttributeList attributes = configService.getAttributes(session, objectName, new String[]{"properties"}, false);
            if (attributes != null) {
                List list = (List) ((Attribute) attributes.get(0)).getValue();
                int i = 0;
                while (true) {
                    if (i >= list.size()) {
                        break;
                    }
                    ObjectName objectName2 = (ObjectName) list.get(i);
                    if (((String) configService.getAttribute(session, objectName2, "name")).equals(str)) {
                        configService.deleteConfigData(session, objectName2);
                        if (str2 != null && str2.length() > 0) {
                            configService.createConfigData(session, objectName, "properties", null, attributeList);
                        }
                        z = true;
                    } else {
                        i++;
                    }
                }
                if (!z && str2 != null && str2.length() > 0) {
                    configService.createConfigData(session, objectName, "properties", null, attributeList);
                }
            }
        } catch (Exception e) {
        }
    }

    public static void updateProperyFile(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "updatePropertyFile", new Object[]{str});
        }
        if (str == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "updatePropertyFile (null props file)");
                return;
            }
            return;
        }
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                try {
                    URL url = new URL(str);
                    InputStream openStream = url.openStream();
                    FileOutputStream fileOutputStream2 = new FileOutputStream(url.getFile() + ".tmp");
                    PrintStream printStream = new PrintStream(fileOutputStream2);
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(openStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        if (readLine.trim().startsWith("#") || readLine.trim().length() <= 0) {
                            printStream.println(readLine);
                        } else if (readLine.trim().startsWith("com.ibm.ssl.keyStorePassword")) {
                            printStream.println("com.ibm.ssl.keyStorePassword=" + PasswordUtil.encode(str2));
                        } else if (readLine.trim().startsWith("com.ibm.ssl.trustStorePassword")) {
                            printStream.println("com.ibm.ssl.trustStorePassword=" + PasswordUtil.encode(str2));
                        } else {
                            printStream.println(readLine);
                        }
                    }
                    bufferedReader.close();
                    printStream.close();
                    if (openStream != null) {
                        openStream.close();
                    }
                    if (fileOutputStream2 != null) {
                        fileOutputStream2.close();
                    }
                    URL url2 = new URL(str);
                    File file = new File(url2.getPath());
                    file.delete();
                    new File(url2.getPath() + ".tmp").renameTo(file);
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "updatePropertyFile");
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred in updatePropertyFile: ", new Object[]{e});
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "updatePropertyFile");
                    }
                }
            } catch (Exception e2) {
                throw e2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                inputStream.close();
            }
            if (0 != 0) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    public static String getProfileUUID(String str, Object obj) throws Exception {
        return getProfileUUID(str, (Session) obj);
    }

    public static String getProfileUUID(String str, Session session) throws Exception {
        ConfigService configService;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getProfileUUID");
        }
        boolean z = false;
        if (session == null) {
            z = true;
            session = new Session();
        }
        AdminCommand createCommand = CommandMgr.getCommandMgr().createCommand("getProfileKey");
        createCommand.setConfigSession(session);
        createCommand.setParameter("profilePath", str);
        createCommand.execute();
        CommandResult commandResult = createCommand.getCommandResult();
        try {
            if (!commandResult.isSuccessful()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getProfileUUID returned exception.", new Object[]{commandResult.getException()});
                }
                throw ((Exception) commandResult.getException());
            }
            String str2 = (String) commandResult.getResult();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getProfileUUID: " + str2);
            }
            return str2;
        } finally {
            if (z && (configService = ConfigServiceFactory.getConfigService()) != null && session != null) {
                configService.discard(session);
            }
        }
    }

    public void setNextStartDate(Session session, ConfigService configService, ObjectName objectName) {
        Long l;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNextStartDate");
        }
        if (configService != null && session != null) {
            try {
                for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, CommandConstants.WS_SCHEDULES)) {
                    if (((String) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.NAME)).equals("ExpirationMonitorSchedule") && ((l = (Long) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.NEXT_START_DATE)) == null || (l != null && l.longValue() <= 0))) {
                        Long l2 = new Long(new WSScheduler(((Integer) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.FREQUENCY)).intValue(), ((Integer) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.DAY_OF_WEEK)).intValue(), ((Integer) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.HOUR)).intValue(), ((Integer) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.MINUTE)).intValue()).getNextEventDateFromNow().getTime());
                        ObjectName objectName2 = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName(attributeList), null)[0];
                        if (objectName2 != null) {
                            AttributeList attributeList2 = new AttributeList();
                            ConfigServiceHelper.setAttributeValue(attributeList2, CommandConstants.NEXT_START_DATE, l2);
                            configService.setAttributes(session, objectName2, attributeList2);
                        }
                    }
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception in setNextStartDate: ", new Object[]{e});
                    return;
                }
                return;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNextStartDate");
        }
    }
}
