package com.ibm.ws.ssl.commands.personalCertificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.ssl.channel.impl.SSLChannelData;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.text.DateFormat;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:cryptoimpl.jar:com/ibm/ws/ssl/commands/personalCertificates/PersonalCertificateHelper.class */
public class PersonalCertificateHelper {
    private static TraceComponent tc;
    static Class class$com$ibm$ws$ssl$commands$personalCertificates$PersonalCertificateHelper;

    public static KeyStoreInfo getKsInfo(Session session, ConfigService configService, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKsInfo");
        }
        try {
            ConfigServiceHelper.createObjectName(null, "Security");
            ObjectName objectName = configService.resolve(session, "Cell=:Security=")[0];
            CommandHelper commandHelper = new CommandHelper();
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, str);
            ObjectName objectName2 = commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, str2);
            if (objectName2 == null) {
                throw new CommandValidationException(new StringBuffer().append(str).append(" object not found.").toString());
            }
            KeyStoreInfo makeKsInfo = KeyStoreHelper.makeKsInfo(configService.getAttributes(session, objectName2, null, false));
            String genWorkspaceLocation = genWorkspaceLocation(session, makeKsInfo, configService.getUnsavedChanges(session));
            if (genWorkspaceLocation != null) {
                makeKsInfo.setLocation(genWorkspaceLocation);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getKsInfo");
            }
            return makeKsInfo;
        } catch (ConfigServiceException e) {
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            throw new CommandValidationException(e2.getMessage());
        }
    }

    public static boolean verifyKeyPassword(KeyStoreInfo keyStoreInfo, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifyKeyPassword");
        }
        String type = keyStoreInfo.getType();
        String location = keyStoreInfo.getLocation();
        keyStoreInfo.getProvider();
        int checkKeyFile = KeyStoreHelper.checkKeyFile(type, KeyStoreManager.getInstance().expand(location), str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifyKeyPassword");
        }
        return checkKeyFile == 0;
    }

    public static AttributeList getCertAttrlist(String str, X509Certificate x509Certificate) throws Exception {
        AttributeList attributeList = new AttributeList();
        attributeList.clear();
        if (str != null) {
            ConfigServiceHelper.setAttributeValue(attributeList, SSLChannelData.ALIAS_KEY, str);
        }
        try {
            ConfigServiceHelper.setAttributeValue(attributeList, "version", String.valueOf(x509Certificate.getVersion()));
            PublicKey publicKey = x509Certificate.getPublicKey();
            PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
            int bitLength = generatePublic instanceof RSAPublicKey ? ((RSAPublicKey) generatePublic).getModulus().bitLength() : ((DSAPublicKey) generatePublic).getY().bitLength();
            if (bitLength % 2 != 0) {
                bitLength++;
            }
            ConfigServiceHelper.setAttributeValue(attributeList, "size", String.valueOf(bitLength));
            ConfigServiceHelper.setAttributeValue(attributeList, "serialNumber", x509Certificate.getSerialNumber());
            Principal subjectDN = x509Certificate.getSubjectDN();
            if (subjectDN != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "issuedTo", subjectDN.toString());
            }
            Principal issuerDN = x509Certificate.getIssuerDN();
            if (issuerDN != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "issuedBy", issuerDN.toString());
            }
            String generateDigest = KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate);
            if (generateDigest != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "fingerPrint", generateDigest);
            }
            String sigAlgName = x509Certificate.getSigAlgName();
            String sigAlgOID = x509Certificate.getSigAlgOID();
            if (sigAlgName != null && sigAlgOID != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "signatureAlgorithm", new String(new StringBuffer().append(sigAlgName).append("(").append(sigAlgOID).append(")").toString()));
            }
            Date notBefore = x509Certificate.getNotBefore();
            Date notAfter = x509Certificate.getNotAfter();
            if (notBefore != null && notAfter != null) {
                DateFormat dateInstance = DateFormat.getDateInstance(1, Locale.getDefault());
                String format = dateInstance.format(notBefore);
                String format2 = dateInstance.format(notAfter);
                ConfigServiceHelper.setAttributeValue(attributeList, "validity", TraceNLSHelper.getInstance().getFormattedMessage("certificateValidity", new Object[]{format, format2}, new StringBuffer().append("Valid from ").append(format).append(" to ").append(format2).append(".").toString()));
            }
            return attributeList;
        } catch (Exception e) {
            throw new CommandValidationException(e.getMessage());
        }
    }

    public static String replaceSigners(Session session, String str, X509Certificate x509Certificate, String str2, X509Certificate x509Certificate2, boolean z) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "replaceSigners");
        }
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        ConfigService configService = ConfigServiceFactory.getConfigService();
        ConfigServiceHelper.createObjectName(null, "Security");
        ObjectName objectName = configService.resolve(session, "Cell=:Security=")[0];
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        String generateDigest = KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate);
        for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, CommandConstants.KEY_STORES)) {
            String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "name");
            Boolean bool = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "readOnly");
            Boolean bool2 = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "fileBased");
            WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(MOFUtil.convertToEObject(session, configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName(attributeList), null)[0]));
            try {
                if (!bool.booleanValue() && bool2.booleanValue()) {
                    for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                        String str4 = (String) obj;
                        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isCertificateEntry", new Object[]{str4})[0]).booleanValue()) {
                            X509Certificate x509Certificate3 = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str4})[0];
                            if (x509Certificate3.getSerialNumber().compareTo(serialNumber) == 0 && KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate3).equals(generateDigest)) {
                                if (str2 == null) {
                                    str2 = str4;
                                }
                                if (z || str4.equals(str2)) {
                                    wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str4});
                                }
                                wSKeyStoreRemotable.invokeKeyStoreCommand("setCertificateEntry", new Object[]{str2, x509Certificate2});
                                String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.replace.CWPKI0644I", new Object[]{str4, str3}, new StringBuffer().append("Signer certificate alias \"").append(str4).append("\" in KeyStore \"").append(str3).append("\" was REPLACED.").toString());
                                stringBuffer.append(property);
                                stringBuffer.append(formattedMessage);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception occurred replacing signers.", new Object[]{e});
                }
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "replaceSigners");
        }
        return stringBuffer.toString();
    }

    public static boolean isAliasInKeyStore(String str, KeyStore keyStore) throws KeyException {
        boolean z = false;
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStore);
        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue() && CertificateRequestHelper.isKeyCertReq((X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0], str) == null) {
            z = true;
        }
        return z;
    }

    private static String genWorkspaceLocation(Session session, KeyStoreInfo keyStoreInfo, String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genWorkspaceLocation");
        }
        String str = null;
        String location = keyStoreInfo.getLocation();
        String expand = KeyStoreManager.getInstance().expand(new StringBuffer().append("${WORKSPACE_ROOT}/").append(session.toString()).append("/workspace/").toString());
        String replace = location.replace('\\', '/');
        int indexOf = replace.indexOf("cells/");
        if (indexOf != -1) {
            String substring = replace.substring(indexOf);
            for (String str2 : strArr) {
                if (str2.replace("//", "/").endsWith(substring)) {
                    str = new StringBuffer().append(expand).append(substring).toString();
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, new StringBuffer().append("genWorkspaceLocation -->").append(str).toString());
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$commands$personalCertificates$PersonalCertificateHelper == null) {
            cls = class$("com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper");
            class$com$ibm$ws$ssl$commands$personalCertificates$PersonalCertificateHelper = cls;
        } else {
            cls = class$com$ibm$ws$ssl$commands$personalCertificates$PersonalCertificateHelper;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.commands.personalCertificates");
    }
}
