package com.ibm.ws.ssl.commands.keyStores;

import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.sm.workspace.WorkSpace;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.io.File;
import java.security.Key;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/ssl/commands/keyStores/DeleteKeyStore.class */
public class DeleteKeyStore extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register(DeleteKeyStore.class, "SSL", "com.ibm.ws.ssl.commands.keyStores");
    private String keyStoreName;
    private String scopeName;
    private Boolean removeKeyStoreFile;
    KeyStoreInfo ksInfo;
    private ObjectName keyStoreObjName;
    private String cellFromPath;
    private String node;
    private String server;

    public DeleteKeyStore(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.scopeName = null;
        this.removeKeyStoreFile = null;
        this.ksInfo = null;
        this.keyStoreObjName = null;
        this.cellFromPath = null;
        this.node = null;
        this.server = null;
    }

    public DeleteKeyStore(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.scopeName = null;
        this.removeKeyStoreFile = null;
        this.ksInfo = null;
        this.keyStoreObjName = null;
        this.cellFromPath = null;
        this.node = null;
        this.server = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        ObjectName objectName = null;
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security");
            ObjectName objectName2 = configService.resolve(configSession, "Cell=")[0];
            if (objectName2 != null) {
                objectName = configService.queryConfigObjects(configSession, objectName2, createObjectName, null)[0];
            }
            this.keyStoreName = (String) getParameter(CommandConstants.KEY_STORE_NAME);
            this.scopeName = (String) getParameter(CommandConstants.SCOPE_NAME);
            this.removeKeyStoreFile = (Boolean) getParameter(CommandConstants.REMOVE_KEY_STORE_FILE);
            CommandHelper commandHelper = new CommandHelper();
            if (this.scopeName == null) {
                this.scopeName = commandHelper.defaultCellScope(objectName2);
                Tr.debug(tc, "Default cell scopeName: " + this.scopeName);
            }
            if (this.keyStoreName.endsWith("DmgrDefaultRootStore") || this.keyStoreName.equals("NodeDefaultRootStore")) {
                throw new CommandValidationException(this.keyStoreName + " can not be removed.");
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, this.keyStoreName);
            if (!commandHelper.exists(configService, configSession, objectName, CommandConstants.KEY_STORES, attributeList, this.scopeName)) {
                throw new CommandValidationException(this.keyStoreName + "object name not found.");
            }
            this.keyStoreObjName = commandHelper.getObjectName(configService, configSession, objectName, CommandConstants.KEY_STORES, attributeList, this.scopeName);
            this.ksInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.keyStoreName, this.scopeName);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (ConfigServiceException e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteKeyStore.validate", "158", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ConfigService exception is" + e.getMessage());
            }
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.ssl.commands.DeleteKeyStore.validate", "162", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception is" + e2.getMessage());
            }
            throw new CommandValidationException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        ConfigService configService;
        Session configSession;
        ObjectName objectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "beforeStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "beforeStepsExecuted");
                return;
            }
            return;
        }
        try {
            configService = ConfigServiceFactory.getConfigService();
            configSession = getConfigSession();
            objectName = configService.resolve(configSession, "Cell=:Security=")[0];
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteKeyStore.validate", "204", this);
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (keyStoreIsReferenced(configSession, configService, objectName, this.keyStoreObjName)) {
            throw new ConfigServiceException("KeyStore " + this.keyStoreName + " is still being referenced by other objects.");
        }
        if (deleteKeyStore(configSession, configService, this.keyStoreObjName, objectName)) {
            taskCommandResultImpl.setResult("KeyStore successfully deleted.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    private boolean deleteKeyStore(Session session, ConfigService configService, ObjectName objectName, ObjectName objectName2) throws Exception {
        boolean z;
        String str = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.DELETE_KEY_STORE);
        }
        String expand = KeyStoreManager.getInstance().expand((String) configService.getAttribute(session, objectName, "location"));
        String expand2 = KeyStoreManager.getInstance().expand(this.ksInfo.getLocation());
        Boolean bool = (Boolean) configService.getAttribute(session, objectName, "readOnly");
        Boolean bool2 = (Boolean) configService.getAttribute(session, objectName, "createStashFileForCMS");
        String str2 = (String) configService.getAttribute(session, objectName, "type");
        if (!bool.booleanValue()) {
            moveCertsToDeleted(session, configService, this.ksInfo);
        }
        try {
            configService.deleteConfigData(session, objectName);
            if (str2.equals(Constants.KEYSTORE_TYPE_JCERACFKS) || str2.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Keystore is RACF type, look for CR/SR keystore objects to delete");
                }
                CommandHelper commandHelper = new CommandHelper();
                for (AttributeList attributeList : (List) configService.getAttribute(session, objectName2, CommandConstants.KEY_STORES)) {
                    String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "usage");
                    String str4 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "type");
                    if (str3 == null) {
                        str3 = CommandConstants.KS_USAGE_SSL;
                    }
                    if (this.keyStoreName == null || this.keyStoreName.equalsIgnoreCase(str3)) {
                        if (str4.equals(Constants.KEYSTORE_TYPE_JCERACFKS) || str4.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS)) {
                            if (this.scopeName != null && commandHelper.withInScope(configService, session, attributeList, this.scopeName)) {
                                ObjectName[] queryConfigObjects = configService.queryConfigObjects(session, null, ConfigServiceHelper.createObjectName(attributeList), null);
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Removing keystore object " + queryConfigObjects[0]);
                                }
                                configService.deleteConfigData(session, queryConfigObjects[0]);
                            }
                        }
                    }
                }
            }
            if (bool2.booleanValue()) {
                int lastIndexOf = expand2.lastIndexOf(".");
                str = lastIndexOf != -1 ? expand2.substring(0, lastIndexOf + 1) + "sth" : expand2 + ".sth";
            }
            if (bool.booleanValue() || !this.removeKeyStoreFile.booleanValue()) {
                z = true;
            } else {
                try {
                    boolean fileInRepositoryContext = fileInRepositoryContext(KeyStoreManager.getInstance().expand("${CONFIG_ROOT}"), expand);
                    if (!fileInRepositoryContext) {
                        File file = new File(expand);
                        if (file.isFile() && file.canWrite()) {
                            file.delete();
                        }
                    }
                    z = true;
                    if (bool2.booleanValue()) {
                        if (!fileInRepositoryContext) {
                            int lastIndexOf2 = expand.lastIndexOf(".");
                            String str5 = lastIndexOf2 != -1 ? expand.substring(0, lastIndexOf2 + 1) + "sth" : expand + ".sth";
                            if (str5 != null) {
                                File file2 = new File(str5);
                                if (file2.isFile() && file2.canWrite()) {
                                    file2.delete();
                                }
                            }
                        }
                        if (str != null) {
                            File file3 = new File(str);
                            if (file3.isFile() && file3.canWrite() && this.removeKeyStoreFile.booleanValue()) {
                                setWorkspaceUpdated(session, str);
                            }
                        }
                    }
                    setWorkspaceUpdated(session, expand2);
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.DeleteKeyStore", "293", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception recieved is " + e.getMessage());
                    }
                    throw e;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AuditConstants.DELETE_KEY_STORE);
            }
            return z;
        } catch (Exception e2) {
            throw new ConfigServiceException(e2.getMessage());
        }
    }

    private void moveCertsToDeleted(Session session, ConfigService configService, KeyStoreInfo keyStoreInfo) throws Exception {
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        try {
            KeyStoreInfo deletedKeyStore = new CommandHelper().getDeletedKeyStore(session, configService, keyStoreInfo.getName());
            if (deletedKeyStore == null || deletedKeyStore.getReadOnly().booleanValue()) {
                return;
            }
            WSKeyStoreRemotable wSKeyStoreRemotable2 = new WSKeyStoreRemotable(deletedKeyStore);
            for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                String str = (String) obj;
                if (wSKeyStoreRemotable2 != null) {
                    try {
                        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue()) {
                            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificateChain", new Object[]{str});
                            Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("getKey", new Object[]{str, keyStoreInfo.getPassword().toCharArray()});
                            if (!(invokeKeyStoreCommand2[0] instanceof SecretKeySpec)) {
                                String str2 = keyStoreInfo.getName() + "_" + str;
                                Object[] objArr = new Object[4];
                                objArr[0] = str2;
                                objArr[1] = (Key) invokeKeyStoreCommand2[0];
                                objArr[2] = deletedKeyStore.getPassword() != null ? deletedKeyStore.getPassword().toCharArray() : null;
                                objArr[3] = (Certificate[]) invokeKeyStoreCommand[0];
                                wSKeyStoreRemotable2.invokeKeyStoreCommand("setKeyEntry", objArr);
                            }
                        } else {
                            wSKeyStoreRemotable2.invokeKeyStoreCommand("setCertificateEntry", new Object[]{keyStoreInfo.getName() + "_" + str, (Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0]});
                        }
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception while trying to move " + str + " in " + keyStoreInfo.getName() + " to the deleted keystore. Exception: " + e.getMessage());
                        }
                    }
                }
                PersonalCertificateHelper.handleCACertReference(session, keyStoreInfo, str);
            }
            PersonalCertificateHelper.setWorkspaceUpdated(session, deletedKeyStore.getLocation());
        } catch (Exception e2) {
            throw e2;
        }
    }

    private boolean keyStoreIsReferenced(Session session, ConfigService configService, ObjectName objectName, ObjectName objectName2) throws Exception {
        CommandHelper commandHelper = new CommandHelper();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "keyStoreIsReferenced");
        }
        try {
            if (commandHelper.getReference(configService, session, objectName, CommandConstants.KEY_SETS, CommandConstants.KEY_STORE, objectName2).size() > 0) {
                return true;
            }
            Iterator it = ((List) ((Attribute) configService.getAttributes(session, objectName, new String[]{CommandConstants.REPERTOIRE}, false).get(0)).getValue()).iterator();
            while (it.hasNext()) {
                ObjectName objectName3 = (ObjectName) ConfigServiceHelper.getAttributeValue((AttributeList) configService.getAttribute(session, (ObjectName) it.next(), CommandConstants.SETTING), CommandConstants.KEY_STORE);
                if (objectName3 != null && objectName3.equals(objectName2)) {
                    return true;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "keyStoreIsRefenced");
            }
            return false;
        } catch (ConfigServiceException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ConfigServiceException recieved is " + e.getMessage());
            }
            throw new Exception(e.getMessage());
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception recieved is " + e2.getMessage());
            }
            throw new Exception(e2.getMessage());
        }
    }

    private void setWorkspaceUpdated(Session session, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setWorkspaceUpdated");
        }
        try {
            String str2 = null;
            String expand = KeyStoreManager.getInstance().expand(str.replace(SecConstants.STRING_ESCAPE_CHARACTER, "/"));
            WorkSpace workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace(session.toString());
            if (this.cellFromPath != null) {
                str2 = this.cellFromPath;
            }
            if (this.node != null) {
                str2 = str2 + "/" + this.node;
            }
            if (this.server != null) {
                str2 = str2 + "/" + this.server;
            }
            String substring = expand.substring(expand.lastIndexOf("/") + 1);
            if (str2 != null) {
                workSpace.findContext(str2).notifyChanged(2, substring);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while setting a workspace file to delete " + e.getMessage());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setWorkspaceUpdated");
        }
    }

    private boolean fileInRepositoryContext(String str, String str2) {
        if (!str2.startsWith(str)) {
            return false;
        }
        String substring = str2.substring(str.length() + 1);
        String[] split = substring.substring(0, substring.lastIndexOf("/")).split("/");
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= split.length) {
                return true;
            }
            if (split[i2].equals("cells")) {
                if (split.length <= i2 + 1) {
                    return false;
                }
                this.cellFromPath = "cells/" + split[i2 + 1];
            } else if (split[i2].equals(AppConstants.APPDEPL_NODES)) {
                if (split.length <= i2 + 1) {
                    return false;
                }
                this.node = "nodes/" + split[i2 + 1];
            } else {
                if (!split[i2].equals("servers") || split.length <= i2 + 1) {
                    return false;
                }
                this.server = "servers/" + split[i2 + 1];
            }
            i = i2 + 2;
        }
    }
}
