package com.ibm.ws.collective.utility.tasks;

import com.ibm.security.certclient.util.PkNewCertificate;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.collective.security.CollectiveDNUtil;
import com.ibm.ws.collective.utility.ICertificateUtility;
import com.ibm.ws.collective.utility.IFileUtility;
import com.ibm.ws.collective.utility.TaskErrorException;
import com.ibm.ws.collective.utility.utils.CertificateUtility;
import com.ibm.ws.collective.utility.utils.ConsoleWrapper;
import java.io.File;
import java.io.PrintStream;
import java.lang.reflect.Constructor;
import java.security.KeyStore;
import java.util.Collection;
import java.util.HashSet;
import java.util.UUID;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import org.eclipse.osgi.framework.internal.reliablefile.ReliableFile;

/* loaded from: input_file:wlp/lib/com.ibm.ws.collective.utility_1.0.20.jar:com/ibm/ws/collective/utility/tasks/CreateTask.class */
public class CreateTask extends BaseCommandTask {
    protected Collection<String> pwdArgs;
    private static final TraceComponent tc = Tr.register(CreateTask.class);
    private ICertificateUtility certUtil;

    protected void setCertUtil(ICertificateUtility iCertificateUtility) {
        this.certUtil = iCertificateUtility;
    }

    private ICertificateUtility createCertificateUtility() throws TaskErrorException {
        try {
            Constructor declaredConstructor = CertificateUtility.class.getDeclaredConstructor(PrintStream.class, PrintStream.class);
            declaredConstructor.setAccessible(true);
            return (ICertificateUtility) declaredConstructor.newInstance(System.out, System.err);
        } catch (Throwable th) {
            abort(getMessage("create.certUtil.NotAvailable", th));
            return null;
        }
    }

    private ICertificateUtility certUtil() throws TaskErrorException {
        if (this.certUtil == null) {
            this.certUtil = createCertificateUtility();
        }
        return this.certUtil;
    }

    public CreateTask(String str, IFileUtility iFileUtility) {
        super(tc, str, iFileUtility);
        this.pwdArgs = new HashSet();
        this.pwdArgs.add("--serverIdentityKeystorePassword");
        this.pwdArgs.add("--collectiveTrustKeystorePassword");
        this.pwdArgs.add("--httpsKeystorePassword");
        this.pwdArgs.add("--httpsTruststorePassword");
        this.pwdArgs.add("--rootKeystorePassword");
        this.confirmedArgs.add("--keystorePassword");
        this.confirmedArgs.add("--serverIdentityKeystorePassword");
        this.confirmedArgs.add("--collectiveTrustKeystorePassword");
        this.confirmedArgs.add("--httpsKeystorePassword");
        this.confirmedArgs.add("--httpsTruststorePassword");
        this.confirmedArgs.add("--rootKeystorePassword");
        this.flagArgs.add("--createConfigFile");
        this.knownArgs.addAll(this.reqArgs);
        this.knownArgs.addAll(this.promptableArgs);
        this.knownArgs.addAll(this.confirmedArgs);
        this.knownArgs.addAll(this.flagArgs);
        this.knownArgs.add("--collectiveName");
        this.knownArgs.add("--serverIdentityCertificateValidity");
        this.knownArgs.add("--httpsCertificateSubject");
        this.knownArgs.add("--httpsCertificateValidity");
        this.knownArgs.add("--hostName");
        this.knownArgs.add("--encoding");
        this.knownArgs.add("--key");
    }

    @Override // com.ibm.ws.collective.utility.CollectiveUtilityTask
    public String getTaskName() {
        return "create";
    }

    @Override // com.ibm.ws.collective.utility.CollectiveUtilityTask
    public String getTaskUsage() {
        return getTaskUsage("create.usage.options");
    }

    @Override // com.ibm.ws.collective.utility.CollectiveUtilityTask
    public String getTaskHelp() {
        return getTaskHelp("create.desc", "create.usage.options", "keystore5.option-key.", "keystore5.option-desc.", null, buildScriptOptions("certProps.option-key.s", "certProps.option-desc.s") + buildScriptOptions("certProps.option-key.c", "certProps.option-desc.c") + buildScriptOptions("certProps.option-key.h", "certProps.option-desc.h") + buildScriptOptions("create.option-key.", "create.option-desc.") + buildScriptOptions("encoding.option-key.", "encoding.option-desc.") + buildScriptOptions("common.option-key.", "common.option-desc."), this.scriptName);
    }

    @Override // com.ibm.ws.collective.utility.CollectiveUtilityTask
    public String getTaskDescription() {
        return getOption("create.desc", new Object[0]);
    }

    @Override // com.ibm.ws.collective.utility.tasks.BaseCommandTask
    protected void abort(String str) throws TaskErrorException {
        this.stdout.println(getMessage("create.abort", new Object[0]));
        throw new TaskErrorException(str);
    }

    @Override // com.ibm.ws.collective.utility.tasks.BaseCommandTask
    protected void abortAndPerformCleanup(String str, File file) throws TaskErrorException {
        this.stdout.println(getMessage("create.abort", new Object[0]));
        if (!this.fileUtility.recurisveDelete(file)) {
            this.stdout.println(getMessage("create.cleanupFail", file));
        }
        throw new TaskErrorException(str);
    }

    @Override // com.ibm.ws.collective.utility.CollectiveUtilityTask
    public void handleTask(ConsoleWrapper consoleWrapper, PrintStream printStream, PrintStream printStream2, String[] strArr) throws TaskErrorException {
        this.stdin = consoleWrapper;
        this.stdout = printStream;
        this.stderr = printStream2;
        boolean z = false;
        if (strArr.length >= 3) {
            z = isKeystorePwdUsed(strArr, this.pwdArgs);
        }
        if (this.pwdArgs.size() == 5 && !z) {
            this.reqArgs.add("--keystorePassword");
        } else if (!this.pwdArgs.isEmpty() && !z) {
            printMissingPasswordArgs(this.pwdArgs);
        }
        validateArgumentList(strArr, false);
        String taskTarget = getTaskTarget(strArr);
        String userDir = this.fileUtility.getUserDir();
        String str = userDir + "servers/" + taskTarget + "/";
        if (!this.fileUtility.exists(str)) {
            userDir = this.fileUtility.resolvePath(userDir);
            abort(getMessage("serverNotFound", taskTarget, userDir));
        }
        File file = new File(str + "resources/collective");
        if (this.fileUtility.exists(file) && !this.fileUtility.isDirectoryEmpty(file)) {
            abort(getMessage("create.errorAlreadyHasResources", new Object[0]));
        }
        if (isConfigFileInDropins(strArr, true)) {
            abort(getMessage("create.configLocationInDefaults", new Object[0]));
        }
        String argumentValue = getArgumentValue("--keystorePassword", strArr, null);
        String argumentValue2 = getArgumentValue("--rootKeystorePassword", strArr, argumentValue);
        String argumentValue3 = getArgumentValue("--serverIdentityKeystorePassword", strArr, argumentValue);
        String argumentValue4 = getArgumentValue("--collectiveTrustKeystorePassword", strArr, argumentValue);
        String argumentValue5 = getArgumentValue("--httpsKeystorePassword", strArr, argumentValue);
        String argumentValue6 = getArgumentValue("--httpsTruststorePassword", strArr, argumentValue);
        String argumentValue7 = getArgumentValue("--hostName", strArr, getHostName());
        int intValue = Integer.valueOf(getArgumentValue("--serverIdentityCertificateValidity", strArr, String.valueOf(1825))).intValue();
        if (intValue < 365) {
            abort(getMessage("create.validityTooShort", "--serverIdentityCertificateValidity"));
        }
        int i = 9125;
        if (intValue > 9125) {
            i = intValue + 9125;
        }
        String argumentValue8 = getArgumentValue("--httpsCertificateSubject", strArr, "CN=" + argumentValue7 + ",OU=" + taskTarget + ",O=ibm,C=us");
        int intValue2 = Integer.valueOf(getArgumentValue("--httpsCertificateValidity", strArr, String.valueOf(1825))).intValue();
        if (intValue2 < 365) {
            abort(getMessage("create.validityTooShort", "--httpsCertificateValidity"));
        }
        try {
            new LdapName(argumentValue8);
        } catch (InvalidNameException e) {
            abort(getMessage("common.invalidDN", "--httpsCertificateSubject", argumentValue8));
        }
        String argumentValue9 = getArgumentValue("--collectiveName", strArr, null);
        String argumentValue10 = getArgumentValue("--encoding", strArr, "xor");
        String argumentValue11 = getArgumentValue("--key", strArr, null);
        validateEncoding(argumentValue10, argumentValue11);
        if (argumentValue != null && encodePassword(argumentValue, "--keystorePassword", argumentValue10, argumentValue11) == null) {
            abort(null);
        }
        String encodePassword = encodePassword(argumentValue2, "--rootKeystorePassword", argumentValue10, argumentValue11);
        String encodePassword2 = encodePassword(argumentValue3, "--serverIdentityKeystorePassword", argumentValue10, argumentValue11);
        String encodePassword3 = encodePassword(argumentValue4, "--serverIdentityKeystorePassword", argumentValue10, argumentValue11);
        String encodePassword4 = encodePassword(argumentValue5, "--httpsKeystorePassword", argumentValue10, argumentValue11);
        String encodePassword5 = encodePassword(argumentValue6, "--httpsTruststorePassword", argumentValue10, argumentValue11);
        if (encodePassword == null || encodePassword2 == null || encodePassword3 == null || encodePassword4 == null || encodePassword5 == null) {
            abort(null);
        }
        File file2 = new File(str + "resources/collective/collective.uuid");
        File file3 = new File(str + "resources/collective/collective.name");
        File file4 = new File(str + "resources/collective/rootKeys.jks");
        File file5 = new File(str + "resources/collective/serverIdentity.jks");
        File file6 = new File(str + "resources/collective/collectiveTrust.jks");
        if (!this.fileUtility.createParentDirectory(printStream, file2)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file3)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file4)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file5)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file6)) {
            abortAndPerformCleanup(null, file);
        }
        File file7 = new File(str + "resources/security/key.jks");
        File file8 = new File(str + "resources/security/key.jks" + ReliableFile.tmpExt);
        if (file7.exists()) {
            printStream.println(getMessage("common.regenerateKey", file7.getAbsolutePath()));
        }
        File file9 = new File(str + "resources/security/trust.jks");
        File file10 = new File(str + "resources/security/trust.jks" + ReliableFile.tmpExt);
        if (file9.exists()) {
            printStream.println(getMessage("common.regenerateTrust", file9.getAbsolutePath()));
        }
        if (!this.fileUtility.createParentDirectory(printStream, file7)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file8)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file9)) {
            abortAndPerformCleanup(null, file);
        }
        if (!this.fileUtility.createParentDirectory(printStream, file10)) {
            abortAndPerformCleanup(null, file);
        }
        printStream.println(getMessage("create.start", new Object[0]));
        KeyStore createKeystore = certUtil().createKeystore(file4, argumentValue2.toCharArray());
        KeyStore createKeystore2 = certUtil().createKeystore(file5, argumentValue3.toCharArray());
        KeyStore createKeystore3 = certUtil().createKeystore(file6, argumentValue3.toCharArray());
        KeyStore createKeystore4 = certUtil().createKeystore(file8, argumentValue5.toCharArray());
        KeyStore createKeystore5 = certUtil().createKeystore(file10, argumentValue6.toCharArray());
        String uuid = UUID.randomUUID().toString();
        if (!this.fileUtility.writeToFile(printStream2, uuid, file2)) {
            abortAndPerformCleanup(null, file);
        }
        if (argumentValue9 != null && !this.fileUtility.writeToFile(printStream2, argumentValue9, file3)) {
            abortAndPerformCleanup(null, file);
        }
        String buildControllerRootCertificateDN = CollectiveDNUtil.buildControllerRootCertificateDN(uuid);
        PkSsCertificate createSelfSignedCACert = certUtil().createSelfSignedCACert(buildControllerRootCertificateDN, i);
        if (createSelfSignedCACert == null) {
            abortAndPerformCleanup(null, file);
        } else {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Generated controller root certificate: " + buildControllerRootCertificateDN, new Object[0]);
            }
            printStream.println(getMessage("create.genCertControllerRoot", new Object[0]));
        }
        String buildMemberRootCertificateDN = CollectiveDNUtil.buildMemberRootCertificateDN(uuid);
        PkSsCertificate createSelfSignedCACert2 = certUtil().createSelfSignedCACert(buildMemberRootCertificateDN, i);
        if (createSelfSignedCACert2 == null) {
            abortAndPerformCleanup(null, file);
        } else {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Generated member root certificate: " + buildMemberRootCertificateDN, new Object[0]);
            }
            printStream.println(getMessage("create.genCertMemberRoot", new Object[0]));
        }
        String buildControllerDN = CollectiveDNUtil.buildControllerDN(taskTarget, userDir, argumentValue7, uuid);
        PkNewCertificate createSignedCert = certUtil().createSignedCert(buildControllerDN, intValue, createSelfSignedCACert);
        if (createSignedCert == null) {
            abortAndPerformCleanup(null, file);
        } else {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Generated server identity certificate: " + buildControllerDN, new Object[0]);
            }
            printStream.println(getMessage("create.genCertServerIdentity", buildControllerDN));
        }
        PkNewCertificate createSignedCert2 = certUtil().createSignedCert(argumentValue8, intValue2, createSelfSignedCACert);
        if (createSignedCert2 == null) {
            abortAndPerformCleanup(null, file);
        } else {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Generated HTTPS certificate: " + argumentValue8, new Object[0]);
            }
            printStream.println(getMessage("create.genCertHTTPS", new Object[0]));
        }
        if (!certUtil().setToKeyStore(createSelfSignedCACert, createKeystore, argumentValue2, CollectiveDNUtil.CONTROLLER_ROLE_COLLECTIVE_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setToKeyStore(createSelfSignedCACert2, createKeystore, argumentValue2, CollectiveDNUtil.COLLECTIVE_ROLE_MEMBER_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setToKeyStore(createSignedCert, createKeystore2, argumentValue3, "serverIdentity")) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setToKeyStore(createSignedCert2, createKeystore4, argumentValue5, "default")) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setCertToKeyStore(createSelfSignedCACert.getCertificate(), createKeystore3, CollectiveDNUtil.CONTROLLER_ROLE_COLLECTIVE_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setCertToKeyStore(createSelfSignedCACert2.getCertificate(), createKeystore3, CollectiveDNUtil.COLLECTIVE_ROLE_MEMBER_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setCertToKeyStore(createSelfSignedCACert.getCertificate(), createKeystore5, CollectiveDNUtil.CONTROLLER_ROLE_COLLECTIVE_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().setCertToKeyStore(createSelfSignedCACert2.getCertificate(), createKeystore5, CollectiveDNUtil.COLLECTIVE_ROLE_MEMBER_ROOT_CERT)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().saveKeyStore(createKeystore, file4, argumentValue2)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().saveKeyStore(createKeystore2, file5, argumentValue3)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().saveKeyStore(createKeystore3, file6, argumentValue3)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().saveKeyStore(createKeystore4, file8, argumentValue5)) {
            abortAndPerformCleanup(null, file);
        }
        if (!certUtil().saveKeyStore(createKeystore5, file10, argumentValue6)) {
            abortAndPerformCleanup(null, file);
        }
        updateExistingSSLKeys(file7, file8, file9, file10, file);
        printStream.println();
        printStream.println(getMessage("create.successful", taskTarget));
        handleConfigXML(printStream, strArr, str, getConfigXML(argumentValue7, argumentValue10, argumentValue11, encodePassword, encodePassword2, encodePassword3, encodePassword4, encodePassword5));
        printStream.println(getMessage("create.configureSecurity", new Object[0]));
    }

    private String getConfigXML(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        return "    <featureManager>" + NL + "        <feature>collectiveController-1.0</feature>" + NL + "    </featureManager>" + NL + NL + insertHostNameVariable(str) + NL + "    <!-- TODO: Set the security configuration for Administrative access -->" + NL + "    <quickStartSecurity userName=\"\" userPassword=\"\" />" + NL + NL + insertEncodingKey(str2, str3) + "    <!-- clientAuthenticationSupported set to enable bidirectional trust -->" + NL + "    <ssl id=\"defaultSSLConfig\"" + NL + "         keyStoreRef=\"defaultKeyStore\"" + NL + "         trustStoreRef=\"defaultTrustStore\"" + NL + "         clientAuthenticationSupported=\"true\" />" + NL + NL + "    <!-- inbound (HTTPS) keystore -->" + NL + "    <keyStore id=\"defaultKeyStore\" password=\"" + str7 + "\"" + NL + "              location=\"${server.config.dir}/resources/security/key.jks\" />" + NL + NL + "    <!-- inbound (HTTPS) truststore -->" + NL + "    <keyStore id=\"defaultTrustStore\" password=\"" + str8 + "\"" + NL + "              location=\"${server.config.dir}/resources/security/trust.jks\" />" + NL + NL + "    <!-- server identity keystore -->" + NL + "    <keyStore id=\"serverIdentity\" password=\"" + str5 + "\"" + NL + "              location=\"${server.config.dir}/resources/collective/serverIdentity.jks\" />" + NL + NL + "    <!-- collective trust keystore -->" + NL + "    <keyStore id=\"collectiveTrust\" password=\"" + str6 + "\"" + NL + "              location=\"${server.config.dir}/resources/collective/collectiveTrust.jks\" />" + NL + NL + "    <!-- collective root signers keystore -->" + NL + "    <keyStore id=\"collectiveRootKeys\" password=\"" + str4 + "\"" + NL + "              location=\"${server.config.dir}/resources/collective/rootKeys.jks\" />" + NL;
    }
}
