package com.ibm.ws.ssl.utils;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.management.configservice.MOFUtil;
import com.ibm.ws.management.webserver.WebServerConstant;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/utils/ProfileKeystoreUtils.class */
public class ProfileKeystoreUtils {
    private static TraceComponent tc = Tr.register(ProfileKeystoreUtils.class, "SSL", "com.ibm.ws.ssl.utils");

    public static boolean checkKeyStoreInfo(String str, String str2, String str3) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkKeyStoreInfo");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkKeyStoreInfo");
        }
        return checkKeyFileInfo(str, str2, str3);
    }

    public static AttributeList getCertificateInfo(String str, String str2, String str3, String str4) throws Exception {
        KeyStore loadKeyStore;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificateInfo");
        }
        AttributeList attributeList = null;
        if (checkKeyFileInfo(str, str2, str3) && (loadKeyStore = WSKeyStore.loadKeyStore(str2, str, str3)) != null) {
            if (!loadKeyStore.containsAlias(str4) || !loadKeyStore.isKeyEntry(str4)) {
                throw new KeyException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.CWPKI0696E", new Object[]{str4}, "Certificate alias \"" + str4 + "\" either does not exist or is not a personal certificate."));
            }
            attributeList = getCertAttrlist(str4, (X509Certificate) loadKeyStore.getCertificate(str4));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificateInfo");
        }
        return attributeList;
    }

    public static ArrayList getKeyStoreTypes() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStoreTypes");
        }
        ArrayList keyStoreTypes = WSKeyStore.getKeyStoreTypes();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStoreTypes");
        }
        return keyStoreTypes;
    }

    public static ArrayList getKeyStoreAliases(String str, String str2, String str3) throws Exception {
        X509Certificate x509Certificate;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStoreAlias");
        }
        ArrayList arrayList = new ArrayList();
        KeyStore loadKeyStore = WSKeyStore.loadKeyStore(str2, str, str3);
        if (loadKeyStore != null) {
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (loadKeyStore.isKeyEntry(nextElement) && (x509Certificate = (X509Certificate) loadKeyStore.getCertificate(nextElement)) != null && CertificateRequestHelper.isKeyCertReq(x509Certificate, nextElement) == null) {
                    arrayList.add(nextElement);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStoreAiases");
        }
        return arrayList;
    }

    public static boolean checkDNString(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkDNString");
        }
        boolean z = true;
        try {
            new X500Principal(str);
        } catch (Exception e) {
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkDNString");
        }
        return z;
    }

    public static String getDefaultSignerDN() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSignerDN");
        }
        String hostName = getHostName("cn=${hostname} Root Certificate,ou=WebSphere,o=IBM,c=US");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSignerDN");
        }
        return hostName;
    }

    public static String getDefaultSignerDN(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSignerDN");
        }
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("null cell name or node name");
        }
        String hostName = getHostName("cn=${hostname},ou=Root Certificate,ou=" + str + ",ou=" + str2 + ",o=IBM,c=US");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSignerDN");
        }
        return hostName;
    }

    public static String getDefaultCertDN() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultCertDN");
        }
        String hostName = getHostName("cn=${hostname},ou=WebSphere,o=IBM,c=US");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultCertDN");
        }
        return hostName;
    }

    public static String getDefaultCertDN(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultSignerDN");
        }
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("null cell name or node name");
        }
        String hostName = getHostName("cn=${hostname},ou=" + str + ",ou=" + str2 + ",o=IBM,c=US");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultSignerDN");
        }
        return hostName;
    }

    private static boolean checkKeyFileInfo(String str, String str2, String str3) throws KeyException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkKeyFileInfo");
        }
        File file = new File(str2);
        boolean z = true;
        if (file == null || !file.isFile() || !file.canRead()) {
            throw new KeyException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.keyfile.CWPKI0693E", new Object[]{str2}, "Key store file " + str2 + " does not exist"));
        }
        try {
            KeyStore.getInstance(str);
            try {
                if (WSKeyStore.loadKeyStore(str2, str, str3) == null) {
                    z = false;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkKeyFileInfo");
                }
                return z;
            } catch (Exception e) {
                throw new KeyException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.bad.password.CWPKI0695E", new Object[]{str2}, "Error loading the key store file \"" + str2 + "\".  Check to the password and make sure the type matches the key store file."));
            }
        } catch (Exception e2) {
            throw new KeyException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.bad.type.CWPKI0694E", new Object[]{str}, "\"" + str + "\" is not a valid key store type."));
        }
    }

    private static AttributeList getCertAttrlist(String str, X509Certificate x509Certificate) throws Exception {
        AttributeList attributeList = new AttributeList();
        attributeList.clear();
        if (str != null) {
            attributeList.add(new Attribute("alias", str));
        }
        try {
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            if (subjectX500Principal != null) {
                attributeList.add(new Attribute("issuedTo", subjectX500Principal.getName()));
            }
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (subjectX500Principal != null) {
                attributeList.add(new Attribute("issuedBy", issuerX500Principal.getName()));
            }
            return attributeList;
        } catch (Exception e) {
            throw e;
        }
    }

    public static String getHostName(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHostName");
        }
        try {
            String canonicalHostName = InetAddress.getLocalHost().getCanonicalHostName();
            if (canonicalHostName != null) {
                str = str.replaceAll("\\$\\{hostname\\}", canonicalHostName);
            }
        } catch (UnknownHostException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting canonical hostname.", new Object[]{e});
            }
            if (System.getProperty("os.name").equalsIgnoreCase(WebServerConstant.DISP_PLAT_OS400)) {
                str = str.replaceAll("\\$\\{hostname\\}", "LOOPBACK");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHostName -> " + str);
        }
        return str;
    }

    public static WSKeyStore getWSKeyStoreFromConfig(String str, String str2, Object obj) {
        String cellScopeName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSKeyStoreFromConfig", new Object[]{str});
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session session = (Session) obj;
        ObjectName objectName = null;
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security");
            ObjectName objectName2 = configService.resolve(session, "Cell=")[0];
            if (objectName2 != null) {
                objectName = configService.queryConfigObjects(session, objectName2, createObjectName, null)[0];
            }
            CommandHelper commandHelper = new CommandHelper();
            if (str2 == null || str2.length() <= 0) {
                cellScopeName = ManagementScopeManager.getInstance().getProcessType().equals("DeploymentManager") ? ManagementScopeManager.getInstance().getCellScopeName() : ManagementScopeManager.getInstance().getNodeScopeName();
                if (cellScopeName == null) {
                    cellScopeName = commandHelper.defaultCellScope(objectName2);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Default cell scopeName: " + cellScopeName);
                    }
                }
            } else {
                cellScopeName = str2;
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, str);
            if (!commandHelper.exists(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, cellScopeName)) {
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "getWSKeyStoreFromConfig -> NULL");
                return null;
            }
            WSKeyStore wSKeyStore = new WSKeyStore((com.ibm.websphere.models.config.ipc.ssl.KeyStore) MOFUtil.convertToEObject(session, commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, cellScopeName)));
            if (wSKeyStore != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "Creating a keystore at location: " + wSKeyStore.getLocation());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getWSKeyStoreFromConfig");
            }
            return wSKeyStore;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating WSKeyStore: ", new Object[]{e});
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getWSKeyStoreFromConfig -> NULL");
            return null;
        }
    }

    public static String getDefaultDN(String str, String str2, String str3, Boolean bool) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultDN");
        }
        String str4 = null;
        if (str != null && !str.equals("") && str2 != null && !str2.equals("") && str3 != null && !str3.equals("")) {
            str4 = bool.booleanValue() ? "cn=" + str3 + ",ou=Root Certificate,ou=" + str + ",ou=" + str2 + ",o=IBM,c=US" : "cn=" + str3 + ",ou=" + str + ",ou=" + str2 + ",o=IBM,c=US";
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultDN", new Object[]{str4});
        }
        return str4;
    }
}
