package com.ibm.ws.collective.security.internal;

import com.ibm.crypto.provider.IBMJCE;
import com.ibm.security.certclient.base.PkException;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ssl.Constants;
import com.ibm.ws.collective.security.CollectiveCertificateUtility;
import com.ibm.ws.collective.security.CollectiveDNUtil;
import com.ibm.ws.collective.security.CollectiveUUID;
import com.ibm.ws.collective.security.internal.cert.IBMSignedCertificateCreator;
import com.ibm.ws.collective.security.internal.cert.SignedCertificateCreator;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.commons.io.FileUtils;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {CollectiveCertificateUtility.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.collective.security_1.0.14.jar:com/ibm/ws/collective/security/internal/CollectiveCertificateUtilityImpl.class */
public class CollectiveCertificateUtilityImpl implements CollectiveCertificateUtility {
    private static final TraceComponent tc = Tr.register(CollectiveCertificateUtilityImpl.class);
    private static final String JKS_STORE_TYPE = "jks";
    private static final String PFX_STORE_TYPE = "PKCS12";
    static final String CONTROLLER_ROOT_KEYSTORE_ID = "collectiveRootKeys";
    static final String COLLECTIVE_TRUST_KEYSTORE_ID = "collectiveTrust";
    static final String HTTPS_TRUSTSTORE_ID = "defaultTrustStore";
    static final String CONTROLLER_ROOT_KEY_ALIAS = "controllerRoot";
    static final String MEMBER_ROOT_KEY_ALIAS = "memberRoot";
    static final String SERVER_IDENTITY_KEY_ALIAS = "serverIdentity";
    static final String HTTPS_KEY_ALIAS = "default";
    static final String KEY_KEYSTORE_SERVICE_REF = "keyStoreService";
    static final String KEY_COLLECTIVE_UUID_REF = "collectiveUUID";
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef;
    private final AtomicServiceReference<CollectiveUUID> collectiveUUIDRef;
    private final SignedCertificateCreator certCreator;
    static final long serialVersionUID = -8500440426610559294L;

    public CollectiveCertificateUtilityImpl() {
        this.keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE_REF);
        this.collectiveUUIDRef = new AtomicServiceReference<>(KEY_COLLECTIVE_UUID_REF);
        this.certCreator = new IBMSignedCertificateCreator();
    }

    public CollectiveCertificateUtilityImpl(SignedCertificateCreator signedCertificateCreator) {
        this.keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE_REF);
        this.collectiveUUIDRef = new AtomicServiceReference<>(KEY_COLLECTIVE_UUID_REF);
        this.certCreator = signedCertificateCreator;
    }

    @Reference(name = KEY_COLLECTIVE_UUID_REF, service = CollectiveUUID.class)
    protected void setCollectiveUUIDUtil(ServiceReference<CollectiveUUID> serviceReference) {
        this.collectiveUUIDRef.setReference(serviceReference);
    }

    protected void unsetCollectiveUUIDUtil(ServiceReference<CollectiveUUID> serviceReference) {
        this.collectiveUUIDRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_KEYSTORE_SERVICE_REF, service = KeyStoreService.class)
    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    protected void activate(ComponentContext componentContext) {
        this.keyStoreServiceRef.activate(componentContext);
        this.collectiveUUIDRef.activate(componentContext);
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl.1
            static final long serialVersionUID = -4709123181306165390L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Security.addProvider(new IBMJCE());
                return null;
            }
        });
    }

    protected void deactivate(ComponentContext componentContext) {
        this.keyStoreServiceRef.deactivate(componentContext);
        this.collectiveUUIDRef.deactivate(componentContext);
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl.2
            static final long serialVersionUID = 3718399873908956035L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Security.removeProvider(Constants.IBMJCE);
                return null;
            }
        });
    }

    private KeyStore createEmptyKeyStore(@Sensitive String str, String str2) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(null, str.toCharArray());
        return keyStore;
    }

    private byte[] getSavedKeyStoreBytes(KeyStore keyStore, @Sensitive String str) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, str.toCharArray());
        byteArrayOutputStream.flush();
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getControllerServerIdentityJKSBytes(String str, String str2, String str3, int i, @Sensitive String str4) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str4, JKS_STORE_TYPE);
            this.certCreator.createSignedCert(CollectiveDNUtil.buildControllerDN(str3, str2, str, this.collectiveUUIDRef.getService().getCollectiveUUID().toString()), i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot", null)).setToKeyStore(SERVER_IDENTITY_KEY_ALIAS, str4, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str4);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "224", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create controller server identity keystore", e);
            }
            throw new KeyStoreException("Error creating controller's server identity keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "219", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create controller server identity keystore", e2);
            }
            throw new KeyStoreException("Error creating controller's server identity keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "209", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create controller server identity keystore", e3);
            }
            throw new KeyStoreException("Error creating controller's server identity keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "214", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create controller server identity keystore", e4);
            }
            throw new KeyStoreException("Error creating controller's server identity keystore. Exception: " + message);
        }
    }

    private void addAllTrustedCertEntries(KeyStoreService keyStoreService, String str, KeyStore keyStore) throws KeyStoreException, CertificateException {
        for (String str2 : keyStoreService.getTrustedCertEntriesInKeyStore(str)) {
            keyStore.setCertificateEntry(str2, keyStoreService.getCertificateFromKeyStore(str, str2));
        }
    }

    private byte[] getCommonControllerTrustJKSBytes(String str, String str2, @Sensitive String str3) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str3, JKS_STORE_TYPE);
            addAllTrustedCertEntries(service, str2, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str3);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "267", this, new Object[]{str, str2, "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create " + str, e);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        } catch (NoSuchAlgorithmException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "262", this, new Object[]{str, str2, "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create " + str, e2);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getControllerCollectiveTrustJKSBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonControllerTrustJKSBytes("controller collective trust keystore", COLLECTIVE_TRUST_KEYSTORE_ID, str);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getControllerKeyJKSBytes(String str, int i, @Sensitive String str2) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, JKS_STORE_TYPE);
            this.certCreator.createSignedCert(str, i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot", null)).setToKeyStore("default", str2, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "319", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create controller HTTPS keystore", e);
            }
            throw new KeyStoreException("Error creating controller HTTPS keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "314", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create controller HTTPS keystore", e2);
            }
            throw new KeyStoreException("Error creating controller HTTPS keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "304", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create controller HTTPS keystore", e3);
            }
            throw new KeyStoreException("Error creating controller HTTPS keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "309", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create controller HTTPS keystore", e4);
            }
            throw new KeyStoreException("Error creating controller HTTPS keystore. Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getControllerTrustJKSBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonControllerTrustJKSBytes("controller HTTPS truststore", HTTPS_TRUSTSTORE_ID, str);
    }

    private byte[] getFileBytes(KeyStoreService keyStoreService, String str) throws KeyStoreException {
        try {
            return FileUtils.readFileToByteArray(new File(keyStoreService.getKeyStoreLocation(str)));
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "351", this, new Object[]{keyStoreService, str});
            throw new KeyStoreException("Unable to read keystore " + str, e);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getRootKeystoreJKSBytes() throws KeyStoreException {
        return getFileBytes(this.keyStoreServiceRef.getService(), CONTROLLER_ROOT_KEYSTORE_ID);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberServerIdentityJKSBytes(String str, String str2, String str3, int i, @Sensitive String str4) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str4, JKS_STORE_TYPE);
            this.certCreator.createSignedCert(CollectiveDNUtil.buildMemberDN(str3, str2, str, this.collectiveUUIDRef.getService().getCollectiveUUID().toString()), i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot", null)).setToKeyStore(SERVER_IDENTITY_KEY_ALIAS, str4, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str4);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "400", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create member server identity keystore", e);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "395", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create member server identity keystore", e2);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "385", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create member server identity keystore", e3);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "390", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create member server identity keystore", e4);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberServerIdentityPFXBytes(String str, String str2, String str3, int i, @Sensitive String str4) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str4, "PKCS12");
            this.certCreator.createSignedCert(CollectiveDNUtil.buildMemberDN(str3, str2, str, this.collectiveUUIDRef.getService().getCollectiveUUID().toString()), i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot", null)).setToKeyStore(SERVER_IDENTITY_KEY_ALIAS, str4, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str4);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "447", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create member server identity keystore", e);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "442", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create member server identity keystore", e2);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "432", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create member server identity keystore", e3);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "437", this, new Object[]{str, str2, str3, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create member server identity keystore", e4);
            }
            throw new KeyStoreException("Error creating member server identity keystore. Exception: " + message);
        }
    }

    private byte[] getCommonMemberTrustJKSBytes(String str, @Sensitive String str2) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, JKS_STORE_TYPE);
            createEmptyKeyStore.setCertificateEntry("controllerRoot", service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot"));
            createEmptyKeyStore.setCertificateEntry("memberRoot", service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"));
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "484", this, new Object[]{str, "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create " + str, e);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        } catch (NoSuchAlgorithmException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "479", this, new Object[]{str, "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create " + str, e2);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        }
    }

    private byte[] getCommonMemberTrustPFXBytes(String str, @Sensitive String str2) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, "PKCS12");
            createEmptyKeyStore.setCertificateEntry("controllerRoot", service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot"));
            createEmptyKeyStore.setCertificateEntry("memberRoot", service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"));
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "521", this, new Object[]{str, "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create " + str, e);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        } catch (NoSuchAlgorithmException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "516", this, new Object[]{str, "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create " + str, e2);
            }
            throw new KeyStoreException("Error creating " + str + ". Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberCollectiveTrustJKSBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonMemberTrustJKSBytes("member collective trust keystore", str);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberCollectiveTrustPFXBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonMemberTrustPFXBytes("member collective trust keystore", str);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberKeyJKSBytes(String str, int i, @Sensitive String str2) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, JKS_STORE_TYPE);
            this.certCreator.createSignedCert(str, i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot", null)).setToKeyStore("default", str2, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "578", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create member HTTPS keystore", e);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "573", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create member HTTPS keystore", e2);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "563", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create member HTTPS keystore", e3);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "568", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create member HTTPS keystore", e4);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberKeyPFXBytes(String str, int i, @Sensitive String str2) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, "PKCS12");
            this.certCreator.createSignedCert(str, i, service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot"), service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot", null)).setToKeyStore("default", str2, createEmptyKeyStore);
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "621", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create member HTTPS keystore", e);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "616", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create member HTTPS keystore", e2);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "606", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create member HTTPS keystore", e3);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "611", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>"});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create member HTTPS keystore", e4);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        }
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberTrustJKSBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonMemberTrustJKSBytes("member HTTPS truststore", str);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getMemberTrustPFXBytes(@Sensitive String str) throws CertificateException, KeyStoreException {
        return getCommonMemberTrustPFXBytes("member HTTPS truststore", str);
    }

    @Override // com.ibm.ws.collective.security.CollectiveCertificateUtility
    public byte[] getClientKeysJKSBytes(String str, int i, @Sensitive String str2, boolean z) throws CertificateException, KeyStoreException {
        String message;
        KeyStoreService service = this.keyStoreServiceRef.getService();
        try {
            KeyStore createEmptyKeyStore = createEmptyKeyStore(str2, JKS_STORE_TYPE);
            X509Certificate x509CertificateFromKeyStore = service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot");
            Certificate x509CertificateFromKeyStore2 = service.getX509CertificateFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "controllerRoot");
            this.certCreator.createSignedCert(str, i, x509CertificateFromKeyStore, service.getPrivateKeyFromKeyStore(CONTROLLER_ROOT_KEYSTORE_ID, "memberRoot", null)).setToKeyStore("default", str2, createEmptyKeyStore);
            createEmptyKeyStore.setCertificateEntry("controllerRoot", x509CertificateFromKeyStore2);
            if (z) {
                createEmptyKeyStore.setCertificateEntry("memberRoot", x509CertificateFromKeyStore);
            }
            return getSavedKeyStoreBytes(createEmptyKeyStore, str2);
        } catch (PkException e) {
            FFDCFilter.processException(e, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "685", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>", Boolean.valueOf(z)});
            message = e.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "PkException caught while trying to create member HTTPS keystore", e);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (IOException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "680", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>", Boolean.valueOf(z)});
            message = e2.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "IOException caught while trying to create member HTTPS keystore", e2);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (NoSuchAlgorithmException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "670", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>", Boolean.valueOf(z)});
            message = e3.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "NoSuchAlgorithmException caught while trying to create member HTTPS keystore", e3);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        } catch (CertificateException e4) {
            FFDCFilter.processException(e4, "com.ibm.ws.collective.security.internal.CollectiveCertificateUtilityImpl", "675", this, new Object[]{str, Integer.valueOf(i), "<sensitive java.lang.String>", Boolean.valueOf(z)});
            message = e4.getMessage();
            if (tc.isEventEnabled()) {
                Tr.event(tc, "CertificateException caught while trying to create member HTTPS keystore", e4);
            }
            throw new KeyStoreException("Error creating member HTTPS keystore. Exception: " + message);
        }
    }
}
