package com.ibm.ws.security.utility.utils;

import com.ibm.ws.kernel.service.util.JavaInfo;
import java.io.InputStream;
import java.net.URL;
import java.net.URLStreamHandler;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;

/* loaded from: input_file:com/ibm/ws/security/utility/utils/SAFEncryptionKey.class */
public class SAFEncryptionKey {
    private String keyring;
    private String type;
    private String label;
    private static final String racfPass = "password";
    private static final String PREFIX_SAFKEYRING = "safkeyring:";
    private static final String PREFIX_SAFKEYRINGHYBRID = "safkeyringhybrid:";
    private static final String PREFIX_SAFKEYRINGHW = "safkeyringhw:";
    private static final String PREFIX_SAFKEYRINGJCE = "safkeyringjce:";
    private static final String PREFIX_SAFKEYRINGJCEHYBRID = "safkeyringjcehybrid:";
    private static final String PREFIX_SAFKEYRINGJCECCA = "safkeyringjcecca:";
    private KeyStore keystore = null;
    Pattern safKeyringPatternTwoSlashes = Pattern.compile("(safkeyring|(safkeyringhw|safkeyringhybrid|safkeyringjce|safkeyringjcehybrid|safkeyringjcecca))://\\w.*");
    Pattern safKeyringPatternThreeSlashes = Pattern.compile("(safkeyring|(safkeyringhw|safkeyringhybrid|safkeyringjce|safkeyringjcehybrid|safkeyringjcecca))://.*/\\w.*");
    private final Map<String, String> handlers = new HashMap();

    public SAFEncryptionKey(String str, String str2, String str3) throws Exception {
        if (str != null) {
            this.keyring = str;
        }
        if (str2 != null) {
            this.type = str2;
        }
        if (str3 != null) {
            this.label = str3;
        }
        if (JavaInfo.majorVersion() < 11) {
            setSAFHandlers();
        }
        validateConfig();
    }

    protected String getMessage(String str, Object... objArr) {
        return CommandUtils.getMessage(str, objArr);
    }

    public void setSAFHandlers() {
        this.handlers.put("safkeyring", "com.ibm.crypto.provider.safkeyring.Handler");
        this.handlers.put("safkeyringhw", "com.ibm.crypto.hdwrCCA.provider.safkeyring.Handler");
        this.handlers.put("safkeyringhybrid", "com.ibm.crypto.ibmjcehybrid.provider.safkeyring.Handler");
    }

    private void validateConfig() throws Exception {
        try {
            this.keystore = loadKeyStore();
            if (this.keystore == null) {
                throw new Exception(getMessage("saf.keyring.does.not.exist", this.keyring));
            }
            if (!this.keystore.containsAlias(this.label)) {
                throw new Exception(getMessage("saf.label.does.not.exist", this.label, this.keyring));
            }
            if (!this.keystore.isKeyEntry(this.label)) {
                throw new Exception("The " + this.label + " certificate is not a key entry.  The certificate needs to be a key entry for use as an AES password encryption key.");
            }
            if (!checkIfCertDateIsGood((X509Certificate) this.keystore.getCertificate(this.label))) {
                throw new Exception(getMessage("saf.cert.expired", this.label));
            }
        } catch (KeyStoreException e) {
            throw e;
        }
    }

    private boolean checkIfCertDateIsGood(X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            return x509Certificate.getNotAfter().getTime() >= System.currentTimeMillis();
        }
        return false;
    }

    private InputStream openKeyStoreURL() throws Exception {
        URL url;
        URLStreamHandler uRLStreamHandler = null;
        String processKeyringURL = processKeyringURL(this.keyring);
        if (JavaInfo.majorVersion() < 11) {
            if (processKeyringURL != null) {
                try {
                    uRLStreamHandler = (URLStreamHandler) Class.forName(this.handlers.get(processKeyringURL.substring(0, processKeyringURL.indexOf(":")).toLowerCase())).newInstance();
                } catch (Exception e) {
                    throw new Exception("Failed to set SAF handler associated with the keyring: " + processKeyringURL + ".  Extended error: " + e.getMessage());
                }
            }
            url = new URL((URL) null, processKeyringURL, uRLStreamHandler);
        } else {
            url = new URL(processKeyringURL);
        }
        return url.openStream();
    }

    private KeyStore loadKeyStore() throws Exception {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.type);
            keyStore.load(openKeyStoreURL(), racfPass.toCharArray());
            return keyStore;
        } catch (Exception e) {
            throw new Exception("An exception occured when loading the " + this.keyring + " SAF key ring.  No key can be retrieved to use as the AES password encryption key.  Extended error is: " + e.getMessage());
        }
    }

    private String processKeyringURL(String str) {
        String str2 = null;
        if (str != null) {
            if (this.safKeyringPatternThreeSlashes.matcher(str).matches()) {
                str2 = str;
            } else if (this.safKeyringPatternTwoSlashes.matcher(str).matches()) {
                int indexOf = str.indexOf("//");
                StringBuffer stringBuffer = new StringBuffer(str);
                stringBuffer.insert(indexOf, "/");
                str2 = stringBuffer.toString();
            }
            String str3 = null;
            if (str2 != null) {
                if (JavaInfo.majorVersion() >= 11) {
                    if (str2.startsWith(PREFIX_SAFKEYRING)) {
                        str3 = PREFIX_SAFKEYRINGJCE;
                    } else if (str2.startsWith(PREFIX_SAFKEYRINGHYBRID)) {
                        str3 = PREFIX_SAFKEYRINGJCEHYBRID;
                    } else if (str2.startsWith(PREFIX_SAFKEYRINGHW)) {
                        str3 = PREFIX_SAFKEYRINGJCECCA;
                    }
                } else if (str2.startsWith(PREFIX_SAFKEYRINGJCE)) {
                    str3 = PREFIX_SAFKEYRING;
                } else if (str2.startsWith(PREFIX_SAFKEYRINGJCEHYBRID)) {
                    str3 = PREFIX_SAFKEYRINGHYBRID;
                } else if (str2.startsWith(PREFIX_SAFKEYRINGJCECCA)) {
                    str3 = PREFIX_SAFKEYRINGHW;
                }
                if (str3 != null) {
                    str2 = str3 + str2.substring(str2.indexOf(":") + 1);
                }
            }
        }
        return str2;
    }

    public String getKey() throws Exception {
        PrivateKey privateKey = null;
        try {
            if (this.keystore != null && this.label != null) {
                Key key = this.keystore.getKey(this.label, racfPass.toCharArray());
                if (key instanceof PrivateKey) {
                    privateKey = (PrivateKey) key;
                }
            }
            return new String(privateKey.getEncoded());
        } catch (Exception e) {
            throw new Exception("An exception occurred during the " + this.label + " private key access.  No key can be retrieved for use as the AES password encryption key.  Extended error: " + e.getMessage());
        }
    }
}
