package com.ibm.ws.ssl.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ssl.Constants;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Properties;
import javax.crypto.SecretKey;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;

@Component(service = {KeyStoreService.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM"})
/* loaded from: input_file:com/ibm/ws/ssl/internal/KeyStoreServiceImpl.class */
public class KeyStoreServiceImpl implements KeyStoreService {
    KeyStoreManager ksMgr;
    private static final TraceComponent tc = Tr.register(KeyStoreServiceImpl.class);

    public KeyStoreServiceImpl() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "<init>", new Object[0]);
        }
    }

    @Reference(service = KeystoreConfig.class, cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC, target = "(id=*)")
    protected void setKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "set KeystoreConfig: " + keystoreConfig, new Object[0]);
        }
    }

    protected void unsetKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Unset KeystoreConfig: " + keystoreConfig, new Object[0]);
        }
    }

    protected void updateKeyStore(KeystoreConfig keystoreConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "update KeystoreConfig: " + keystoreConfig, new Object[0]);
        }
    }

    protected void activate() {
        this.ksMgr = KeyStoreManager.getInstance();
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "activate", new Object[0]);
        }
    }

    protected void deactivate() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "deactivate", new Object[0]);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public String getKeyStoreLocation(String str) throws KeyStoreException {
        WSKeyStore keyStore = this.ksMgr.getKeyStore(str);
        if (keyStore != null) {
            return keyStore.getLocation();
        }
        throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public Collection<String> getTrustedCertEntriesInKeyStore(String str) throws KeyStoreException {
        try {
            KeyStore javaKeyStore = this.ksMgr.getJavaKeyStore(str);
            if (javaKeyStore == null) {
                throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
            }
            HashSet hashSet = new HashSet();
            Enumeration<String> aliases = javaKeyStore.aliases();
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (javaKeyStore.isCertificateEntry(nextElement)) {
                        hashSet.add(nextElement);
                    }
                }
            }
            return hashSet;
        } catch (KeyStoreException e) {
            throw e;
        } catch (Exception e2) {
            throw new KeyStoreException("Unexpected error while loading the request trusted certificate entries from keystore: " + str, e2);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public Certificate getCertificateFromKeyStore(String str, String str2) throws KeyStoreException, CertificateException {
        try {
            KeyStore javaKeyStore = this.ksMgr.getJavaKeyStore(str);
            if (javaKeyStore == null) {
                throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
            }
            if (javaKeyStore.isCertificateEntry(str2) || javaKeyStore.isKeyEntry(str2)) {
                return javaKeyStore.getCertificate(str2);
            }
            throw new CertificateException("The alias [" + str2 + "] is not present in the KeyStore as a certificate entry");
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while loading the request Certificate for alias [" + str2 + "] from keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public X509Certificate getX509CertificateFromKeyStore(String str, String str2) throws KeyStoreException, CertificateException {
        try {
            KeyStore javaKeyStore = this.ksMgr.getJavaKeyStore(str);
            if (javaKeyStore == null) {
                throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
            }
            if (!javaKeyStore.isCertificateEntry(str2) && !javaKeyStore.isKeyEntry(str2)) {
                throw new CertificateException("The alias [" + str2 + "] is not present in the KeyStore as a certificate entry");
            }
            Certificate certificate = javaKeyStore.getCertificate(str2);
            if (certificate instanceof X509Certificate) {
                return (X509Certificate) certificate;
            }
            throw new CertificateException("The alias [" + str2 + "] is not an instance of X509Certificate");
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while loading the request X509Certificate for alias [" + str2 + "] from keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public PrivateKey getPrivateKeyFromKeyStore(String str, String str2, @Sensitive String str3) throws KeyStoreException, CertificateException {
        try {
            WSKeyStore keyStore = this.ksMgr.getKeyStore(str);
            if (keyStore == null) {
                throw new KeyStoreException("The WSKeyStore [" + str + "] is not present in the configuration");
            }
            Key key = keyStore.getKey(str2, str3);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new CertificateException("The alias [" + str2 + "] is not an instance of PrivateKey");
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while loading the requested private key for alias [" + str2 + "] from keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public PrivateKey getPrivateKeyFromKeyStore(String str) throws KeyStoreException, CertificateException {
        try {
            WSKeyStore keyStore = this.ksMgr.getKeyStore(str);
            if (keyStore == null) {
                throw new KeyStoreException("The WSKeyStore [" + str + "] is not present in the configuration");
            }
            String str2 = null;
            Enumeration<String> aliases = keyStore.aliases();
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        if (str2 != null) {
                            return null;
                        }
                        str2 = nextElement;
                    }
                }
            }
            if (str2 == null) {
                return null;
            }
            Key key = keyStore.getKey(str2, null);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new CertificateException("The alias [" + str2 + "] is not an instance of PrivateKey");
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while loading the private key for alias from keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public X509Certificate getX509CertificateFromKeyStore(String str) throws KeyStoreException, CertificateException {
        try {
            KeyStore javaKeyStore = this.ksMgr.getJavaKeyStore(str);
            if (javaKeyStore == null) {
                throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
            }
            String str2 = null;
            Enumeration<String> aliases = javaKeyStore.aliases();
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (javaKeyStore.isKeyEntry(nextElement)) {
                        if (str2 != null) {
                            return null;
                        }
                        str2 = nextElement;
                    }
                }
            }
            if (str2 == null) {
                return null;
            }
            if (this.ksMgr.getKeyStore(str) == null) {
                throw new CertificateException("The WSKeyStore [" + str + "] is not present in the configuration");
            }
            Certificate certificate = javaKeyStore.getCertificate(str2);
            if (certificate instanceof X509Certificate) {
                return (X509Certificate) certificate;
            }
            throw new CertificateException("The alias [" + str2 + "] is not an instance of X509Certificate");
        } catch (SSLException e) {
            throw new KeyStoreException(e.getLocalizedMessage(), e);
        } catch (KeyStoreException e2) {
            throw e2;
        } catch (CertificateException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new KeyStoreException("Unexpected error while loading the private key for alias from keystore: " + str, e4);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public void addCertificateToKeyStore(String str, String str2, Certificate certificate) throws KeyStoreException, CertificateException {
        try {
            WSKeyStore keyStore = this.ksMgr.getKeyStore(str);
            if (keyStore == null) {
                throw new KeyStoreException("The keystore [" + str + "] is not present in the configuration");
            }
            keyStore.setCertificateEntry(str2, certificate);
            keyStore.store();
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while adding the Certificate for alias [" + str2 + "] to keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public SecretKey getSecretKeyFromKeyStore(String str, String str2, @Sensitive String str3) throws KeyStoreException, CertificateException {
        try {
            WSKeyStore keyStore = this.ksMgr.getKeyStore(str);
            if (keyStore == null) {
                throw new KeyStoreException("The WSKeyStore [" + str + "] is not present in the configuration");
            }
            Key key = keyStore.getKey(str2, str3);
            if (key instanceof SecretKey) {
                return (SecretKey) key;
            }
            throw new CertificateException("The alias [" + str2 + "] is not an instance of SecretKey");
        } catch (KeyStoreException e) {
            throw e;
        } catch (CertificateException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new KeyStoreException("Unexpected error while loading the requested secret key for alias [" + str2 + "] from keystore: " + str, e3);
        }
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public X509Certificate getClientKeyCert(String str) throws KeyStoreException, CertificateException, SSLException {
        return getClientKeyCert(JSSEHelper.getInstance().getProperties(str));
    }

    @Override // com.ibm.ws.ssl.KeyStoreService
    public X509Certificate getClientKeyCert(Properties properties) throws KeyStoreException, CertificateException {
        if (properties == null || properties.isEmpty()) {
            return null;
        }
        String property = properties.getProperty(Constants.SSLPROP_KEY_STORE_NAME);
        String property2 = properties.getProperty(Constants.SSLPROP_KEY_STORE_CLIENT_ALIAS);
        return property2 != null ? getX509CertificateFromKeyStore(property, property2) : getX509CertificateFromKeyStore(property);
    }
}
