package com.ibm.ws.ssl.commands.personalCertificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.SSLCommandsHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.wsspi.ssl.WSPKIClient;
import com.ibm.wsspi.ssl.WSPKIException;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/ssl/commands/personalCertificates/QueryCACertificate.class */
public class QueryCACertificate extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) QueryCACertificate.class, "SSL", "com.ibm.ws.ssl.commands.personalCertificates");
    private String keyStoreName;
    private String keyStoreScope;
    private String certificateAlias;
    private KeyStoreInfo ksInfo;
    private CertReqInfo certInfo;
    private ObjectName caClientObjName;
    private ObjectName keyStoreObjName;
    private ObjectName certRefObj;
    private ConfigService cs;
    private ObjectName security;
    private Session session;

    public QueryCACertificate(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.ksInfo = null;
        this.certInfo = null;
        this.caClientObjName = null;
        this.keyStoreObjName = null;
        this.certRefObj = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    public QueryCACertificate(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.ksInfo = null;
        this.certInfo = null;
        this.caClientObjName = null;
        this.keyStoreObjName = null;
        this.certRefObj = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        try {
            this.cs = SSLCommandsHelper.getConfigService(getName());
            this.session = getConfigSession();
            this.security = SSLCommandsHelper.getSecurityObjectName(this.session, this.cs);
            this.keyStoreName = (String) getParameter("keyStoreName");
            this.keyStoreScope = (String) getParameter(CommandConstants.KEY_STORE_SCOPE);
            this.certificateAlias = (String) getParameter("certificateAlias");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreName=" + this.keyStoreName + " keyStoreScope=" + this.keyStoreScope + " certificateRequestAlias=" + this.certificateAlias);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultScope();
                Tr.debug(tc, "Default cell scopeName: " + this.keyStoreScope);
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(this.session, this.cs, this.keyStoreName, this.keyStoreScope);
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultScope();
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(this.session, this.cs, this.keyStoreName, this.keyStoreScope);
            if (this.ksInfo.getReadOnly().booleanValue()) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.readonly.keystore.CWPKI0699E", new Object[]{this.keyStoreName}, this.keyStoreName + " is marked as a read only key store.  Unable to perform write operations to the key store file."));
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, "name", this.keyStoreName);
            this.keyStoreObjName = commandHelper.getObjectName(this.cs, this.session, this.security, CommandConstants.KEY_STORES, attributeList, this.keyStoreScope);
            attributeList.clear();
            this.certRefObj = PersonalCertificateHelper.getCertificateObj(this.session, this.cs, this.security, this.certificateAlias, this.ksInfo);
            if (this.certRefObj != null) {
                ObjectName objectName = (ObjectName) this.cs.getAttribute(this.session, this.certRefObj, CommandConstants.KEY_STORE);
                if (objectName == null || !objectName.equals(this.keyStoreObjName)) {
                    this.certRefObj = null;
                }
                String str = (String) this.cs.getAttribute(this.session, this.certRefObj, CommandConstants.CACERTIFICATE_STATUS);
                if (str != null && !str.equals(CommandConstants.PENDING)) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.pending.CWPKI0692E", new Object[]{str}, "Certificate reference is in the \"" + str + "\" state.  The certificate needs to be in the \"PENDING\" state to query the Certificate Authority for a completed certificate."));
                }
            }
            if (this.certRefObj == null) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.object.CWPKI0688E", new Object[]{this.certificateAlias, this.keyStoreName, this.keyStoreScope}, "There is no Certificate Authority (CA) reference object for certificate alias\"" + this.certificateAlias + "\" in key store \"" + this.keyStoreName + "\" in management scope \"" + this.keyStoreScope + "\".  One must exist to perform this action."));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (ConfigServiceException e) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e.getMessage());
            }
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.ssl.commands.RequestCACertificate.validate", "%c%", this);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error processing parameters: ", e2.getMessage());
            }
            throw new CommandValidationException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            taskCommandResultImpl.setResult(caCertificateQuery(this.session, this.cs, this.certificateAlias, this.ksInfo, (ObjectName) this.cs.getAttribute(this.session, this.certRefObj, CommandConstants.CACLIENT), this.certRefObj) ? TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.certComplete.CWPKI0708I", new Object[]{this.certificateAlias}, "Certificate " + this.certificateAlias + " is COMPLETE.") : TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.certComplete.CWPKI0709I", new Object[]{this.certificateAlias}, "Certificate " + this.certificateAlias + " is PENDING."));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.QueryCACertificate.validate", "250", this);
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    public boolean caCertificateQuery(Session session, ConfigService configService, String str, KeyStoreInfo keyStoreInfo, ObjectName objectName, ObjectName objectName2) throws Exception {
        boolean z = false;
        String password = keyStoreInfo.getPassword();
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        if (!((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.CWPKI0689E", new Object[]{str}, "Certificate \"" + str + "\" does not exist.  Unable to query the certificate"));
        }
        wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str});
        String isKeyCertReq = CertificateRequestHelper.isKeyCertReq(null, str);
        if (isKeyCertReq == null) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.not.cert.request.CWPKI0651E", new Object[]{str}, "Certificate alias \"" + str + "\" is not a certificate request."));
        }
        byte[] certReqBytes = getCertReqBytes(isKeyCertReq);
        String str2 = (String) configService.getAttribute(session, objectName, CommandConstants.CACLIENT_IMPL_CLASS);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Implentation class is " + str2);
        }
        HashMap customAttrs = getCustomAttrs(configService, session, objectName);
        try {
            WSPKIClient wSPKIClient = (WSPKIClient) Class.forName(str2).newInstance();
            if (wSPKIClient == null) {
                try {
                    wSPKIClient = (WSPKIClient) Class.forName(str2, true, ExtClassLoader.getInstance()).newInstance();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.personalCertificates.caCertificateQuery", "305", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception getting WSPKIClient implementation with ExtClassLoader.", new Object[]{e});
                    }
                    throw e;
                }
            }
            try {
                wSPKIClient.init(customAttrs);
                X509Certificate[] queryCertificate = wSPKIClient.queryCertificate(certReqBytes, customAttrs);
                if (queryCertificate[0] != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "cert returned now set it in the key store.");
                    }
                    Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("getKey", new Object[]{str, password.toCharArray()});
                    if (invokeKeyStoreCommand != null) {
                        wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntryOverwrite", new Object[]{str, (Key) invokeKeyStoreCommand[0], password.toCharArray(), queryCertificate});
                        z = true;
                    }
                    if (z) {
                        makeCACertObjComplete(configService, session, objectName2);
                    }
                }
                return z;
            } catch (WSPKIException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.ssl.commands.personalCertificates.queryCertificate", "342", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception calling WSPKIClient implementation.", new Object[]{e2});
                }
                throw e2;
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.ssl.commands.personalCertificates.QueryCertificate", "287", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting WSPKIClient implementation.", new Object[]{e3});
            }
            throw e3;
        }
    }

    private byte[] getCertReqBytes(String str) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertReqBytes");
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        fileInputStream.read(new byte[fileInputStream.available()]);
        byte[] encode = new CertificationRequest(str, true).encode();
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertReqBytes");
        }
        return encode;
    }

    private HashMap getCustomAttrs(ConfigService configService, Session session, ObjectName objectName) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomAttrs");
        }
        HashMap hashMap = new HashMap();
        AttributeList attributes = configService.getAttributes(session, objectName, new String[]{"properties"}, false);
        if (attributes != null) {
            for (ObjectName objectName2 : (List) ((Attribute) attributes.get(0)).getValue()) {
                String str = (String) configService.getAttribute(session, objectName2, "name");
                String str2 = (String) configService.getAttribute(session, objectName2, "value");
                if (str != null && str2 != null) {
                    hashMap.put(str, str2);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomAttrs");
        }
        return hashMap;
    }

    private void makeCACertObjComplete(ConfigService configService, Session session, ObjectName objectName) throws Exception {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Modify the caCertificate object.");
        }
        AttributeList attributeList = new AttributeList();
        ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.CACERTIFICATE_STATUS, CommandConstants.COMPLETE);
        configService.setAttributes(session, objectName, attributeList);
    }
}
