package com.ibm.ws.ssl.commands.FIPS;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.ssl.commands.WSCertExpMonitor.StartCertificateExpMonitorHelper;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.FIPSUtils;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.WSKeyStoreHelper;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/ssl/commands/FIPS/ListCertStatusForSecurityStandard.class */
public class ListCertStatusForSecurityStandard extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) ListCertStatusForSecurityStandard.class, "SSL", "com.ibm.ws.ssl.resources.sslCommandTask");
    private String fipsLevel;
    private String suiteBLevel;
    private HashMap digestCacheMap;
    private ConfigService cs;
    private Session session;
    private StartCertificateExpMonitorHelper scemHelper;

    public ListCertStatusForSecurityStandard(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.fipsLevel = null;
        this.suiteBLevel = null;
        this.digestCacheMap = null;
        this.cs = ConfigServiceFactory.getConfigService();
        this.session = null;
        this.scemHelper = new StartCertificateExpMonitorHelper();
    }

    public ListCertStatusForSecurityStandard(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.fipsLevel = null;
        this.suiteBLevel = null;
        this.digestCacheMap = null;
        this.cs = ConfigServiceFactory.getConfigService();
        this.session = null;
        this.scemHelper = new StartCertificateExpMonitorHelper();
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        FIPSCommandHelper fIPSCommandHelper = new FIPSCommandHelper();
        this.session = getConfigSession();
        try {
            String str = (String) getParameter(CommandConstants.FIPS_LEVEL);
            String str2 = (String) getParameter(CommandConstants.SUITE_B_LEVEL);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Input fipsLevel: " + str);
                Tr.debug(tc, "Input suiteBLevel: " + str2);
            }
            if (str != null && !str.isEmpty()) {
                this.fipsLevel = fIPSCommandHelper.validateFipsLevel(str);
            }
            if (str2 != null && !str2.isEmpty()) {
                this.suiteBLevel = fIPSCommandHelper.validateSuiteBLevel(str2);
            }
            if (this.fipsLevel != null && this.suiteBLevel != null) {
                throw new CommandValidationException("Both fipsLevel and suiteBLevel parameters can not be specified at the same time when listing certificate status.");
            }
            if (this.fipsLevel == null && this.suiteBLevel == null) {
                throw new CommandValidationException("Either the fipsLevel or suiteBLevel parameters must be specified when listing certificate status.");
            }
        } catch (Exception e) {
            throw new CommandValidationException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void beforeStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "beforeStepsExecuted");
        }
        super.beforeStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "beforeStepsExecuted");
                return;
            }
            return;
        }
        try {
            AttributeList listCertStatus = listCertStatus(this.fipsLevel, this.suiteBLevel);
            taskCommandResultImpl.setResult(listCertStatus);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ListCertStatusForSecurityLevel\n" + printAllAttrList(listCertStatus));
            }
        } catch (Exception e) {
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "beforeStepsExecuted");
        }
    }

    public AttributeList listCertStatus(String str, String str2) throws Exception {
        AttributeList attributeList = new AttributeList();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Iterator it = ((List) this.cs.getAttribute(this.session, this.cs.resolve(this.session, "Cell=:Security=")[0], CommandConstants.KEY_STORES)).iterator();
        while (it.hasNext()) {
            checkCertsInKeyStoreForFips((AttributeList) it.next(), str, str2, arrayList2, arrayList, arrayList3);
        }
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_STATUS_CAN_CONVERT, arrayList2);
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_STATUS_CAN_NOT_CONVERT, arrayList);
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_STATUS_MEET_SECURITY_STANDARD, arrayList3);
        return attributeList;
    }

    void checkCertsInKeyStoreForFips(AttributeList attributeList, String str, String str2, List<AttributeList> list, List<AttributeList> list2, List<AttributeList> list3) throws Exception {
        String keyStoreName = getKeyStoreName(attributeList);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertsInKeyStoreForFips keyStore name=" + keyStoreName);
        }
        if (evaluateKeyStoreForFips(keyStoreName)) {
            checkCertsInKeyStoreForFips(PersonalCertificateHelper.getKsInfo(this.session, this.cs, keyStoreName, getManagementScopeName(attributeList)), str, str2, list, list2, list3);
        } else if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCertsInKeyStoreForFips");
        }
    }

    void checkCertsInKeyStoreForFips(KeyStoreInfo keyStoreInfo, String str, String str2, List<AttributeList> list, List<AttributeList> list2, List<AttributeList> list3) throws Exception {
        String name = keyStoreInfo.getName();
        String scopeNameString = keyStoreInfo.getScopeNameString();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCertsInKeyStoreForFips keyStore name=" + name);
        }
        if (!evaluateKeyStoreForFips(name)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkCertsInKeyStoreForFips");
                return;
            }
            return;
        }
        HashMap listPersonalCertificates = new WSKeyStoreHelper(keyStoreInfo).listPersonalCertificates();
        boolean booleanValue = keyStoreInfo.getReadOnly().booleanValue();
        boolean z = keyStoreInfo.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) || keyStoreInfo.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "--- There are " + listPersonalCertificates.size() + " personal certificates in keyStore:" + name + " in scope:" + scopeNameString);
            Tr.debug(tc, "    readOnly=" + booleanValue + " racfKeyStore=" + z);
        }
        if (listPersonalCertificates != null && listPersonalCertificates.size() > 0) {
            for (String str3 : listPersonalCertificates.keySet()) {
                Certificate[] certificateArr = (Certificate[]) listPersonalCertificates.get(str3);
                Tr.debug(tc, "--- Evaluating " + str3 + " in keyStore:" + name);
                FIPSEvalResult evaluateCertForFips = evaluateCertForFips(certificateArr, str3, str, str2, booleanValue, z);
                AttributeList createCertInfo = createCertInfo(name, scopeNameString, str3, evaluateCertForFips.getReason());
                switch (evaluateCertForFips.getReturnCode()) {
                    case 1:
                        list2.add(createCertInfo);
                        break;
                    case 2:
                        list.add(createCertInfo);
                        break;
                    case 3:
                        list3.add(createCertInfo);
                        break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCertsInKeyStoreForFips keyStore name" + name);
        }
    }

    protected String getKeyStoreName(AttributeList attributeList) throws Exception {
        try {
            return (String) ConfigServiceHelper.getAttributeValue(attributeList, "name");
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught while checking keystore name. " + e.getMessage());
            }
            throw e;
        }
    }

    protected boolean evaluateKeyStoreForFips(String str) {
        boolean z = true;
        if (str.endsWith(Constants.DEFAULT_DELETED_STORE) || str.endsWith(Constants.DEFAULT_SIGNERS_STORE) || str.endsWith(Constants.RSA_TOKEN_KEY_STORE) || str.endsWith(Constants.RSA_TOKEN_ROOT_STORE) || str.endsWith(Constants.RSA_TOKEN_ROOT_STORE) || str.endsWith(Constants.LTPA_KEYS)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "--- KeyStore: " + str + " is not evaluated for FIPS compliance Keystores that are not evaluated are: Siners, Deleted, RSA-related and LTPA-related keystores.");
            }
            z = false;
        }
        return z;
    }

    protected String getManagementScopeName(AttributeList attributeList) throws Exception {
        try {
            return (String) this.cs.getAttribute(this.session, (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.MANAGEMENT_SCOPE), CommandConstants.SCOPE_NAME);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught while getting managementeScopeName. " + e.getMessage());
            }
            throw e;
        }
    }

    protected FIPSEvalResult evaluateCertForFips(Certificate[] certificateArr, String str, String str2, String str3, boolean z, boolean z2) throws Exception {
        int i;
        FIPSEvalResult mergeResult;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "evaluateCertForFips. alias=" + str);
        }
        FIPSEvalResult fIPSEvalResult = new FIPSEvalResult();
        new FIPSEvalResult();
        int i2 = Constants.CERT_TYPE_NOT_EVALUATED;
        String property = Security.getProperty("DEFAULT_JCE_PROVIDER");
        if (property == null) {
            property = "IBMJCE";
        }
        if (certificateArr == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Personal certificate is unavailable.  Certificate:" + str + " is not Fips evaluation (private or secret key)");
            }
            FIPSEvalResult fIPSEvalResult2 = new FIPSEvalResult(0, "Not evaluated for FIPS compliance. (private or secret key)");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "evaluateCert", fIPSEvalResult2);
            }
            return fIPSEvalResult2;
        }
        if (CertificateRequestHelper.isKeyCertReq((X509Certificate) certificateArr[0], str) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate:" + str + " is certificate request. Not for Fips evaluation. ");
            }
            FIPSEvalResult fIPSEvalResult3 = new FIPSEvalResult(0, "CertificateRequest is not evaluated for FIPS compliance");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "evaluateCert", fIPSEvalResult3);
            }
            return fIPSEvalResult3;
        }
        if (str2 != null && str2.equalsIgnoreCase(Constants.TRANSITION)) {
            fIPSEvalResult.setReturnCode(3);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "evaluateCertForFips for transition mode", fIPSEvalResult);
            }
            return fIPSEvalResult;
        }
        try {
            certificateArr[0].verify(certificateArr[0].getPublicKey(), property);
            i = Constants.CERT_TYPE_SELF_SIGNED;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate:" + str + " is self-signed. ");
            }
            mergeResult = evaluateSignatureAlgorithmForFips(certificateArr[0], str2, str3).mergeResult(evaluateKeySizeForFips(certificateArr[0], str2, str3));
        } catch (Exception e) {
            i = Constants.CERT_TYPE_CHAINED;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate:" + str + " is chained cert. ");
            }
            mergeResult = evaluateSignatureAlgorithmForFips(certificateArr[certificateArr.length - 1], str2, str3).mergeResult(evaluateKeySizeForFips(certificateArr[0], str2, str3));
        }
        int returnCode = mergeResult.getReturnCode();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Certificate:" + str + " was evaluated. Evaluation result is " + FIPSEvalResult.RETURNCODE_STRING[returnCode]);
        }
        if (returnCode == 3) {
            Tr.debug(tc, "Certificate:" + str + " meets the security standard.  Returning.");
            return mergeResult;
        }
        Tr.debug(tc, "Certificate:" + str + " is not meeting security standard. Checking some more");
        if (z) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is read only.");
            }
            if (mergeResult.getReturnCode() != 3) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Certificate does not meet security standard and read-only.  Update reason to CANNOT_CONVERT");
                }
                mergeResult = mergeResult.mergeResult(new FIPSEvalResult(1, TraceNLSHelper.getInstance().getString("cannotConvertCertificateReadOnly", "WebSphere cannot convert this certificate because keystore is read-only.")));
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate meets security standard even though it is read-only.");
            }
        }
        if (z2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is RACF keystore.  Setting CAN_NOT_CONVERT");
            }
            mergeResult = mergeResult.mergeResult(new FIPSEvalResult(1, TraceNLSHelper.getInstance().getString("cannotConvertCertificateRACFKeyStore", "WebSphere does not support conversion of RACF keystore for Fips compliance. ")));
        }
        if (i == Constants.CERT_TYPE_CHAINED && !signedByWASRoot(certificateArr)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The certificate is chained and not signed by WebSphere. Setting CAN_NOT_CONVERT");
            }
            mergeResult = mergeResult.mergeResult(new FIPSEvalResult(1, TraceNLSHelper.getInstance().getString("cannotConvertCertificateNotSignedByWAS", "WebSphere cannot convert this certificate because it is not signed by WebSphere.")));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "evaluateCertForFips", mergeResult);
        }
        return mergeResult;
    }

    protected AttributeList createCertInfo(String str, String str2, String str3, String str4) {
        AttributeList attributeList = new AttributeList();
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_INFO_KEYSTORE_NAME, str);
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_INFO_MANAGEMENT_SCOPE, str2);
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_INFO_ALIAS, str3);
        ConfigServiceHelper.setAttributeValue(attributeList, Constants.CERT_INFO_REASON, str4);
        return attributeList;
    }

    protected FIPSEvalResult evaluateSignatureAlgorithmForFips(Certificate certificate, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "evaluateSignatureAlgirhtimForFips. fipsLevel=" + str + " suiteBLevel=" + str2);
        }
        FIPSEvalResult fIPSEvalResult = new FIPSEvalResult();
        String sigAlgName = ((X509Certificate) certificate).getSigAlgName();
        List<String> signatureAlgorithms = FIPSUtils.getSignatureAlgorithms(true, str, str2);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "signatureAlgorithm in the cert is:" + sigAlgName + ". compliantAlgorithms:" + signatureAlgorithms);
        }
        if (signatureAlgorithms.contains(sigAlgName)) {
            fIPSEvalResult.setReturnCode(3);
        } else {
            fIPSEvalResult.setReturnCode(2);
            fIPSEvalResult.setReason(TraceNLSHelper.getInstance().getFormattedMessage("signatureAlgorithmNotCompliant", new Object[]{sigAlgName, signatureAlgorithms, Constants.securityModeName[FIPSUtils.getFipsSecurityMode(true, str, str2)]}, "Current SignatureAlgorithm is " + sigAlgName + ". SignatureAlgorithm needs to be one of " + signatureAlgorithms + " to be compliant with [" + Constants.securityModeName[FIPSUtils.getFipsSecurityMode(true, str, str2)] + "]. "));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "evaluateSignatureAlgirhtimForFips: " + fIPSEvalResult);
        }
        return fIPSEvalResult;
    }

    protected FIPSEvalResult evaluateKeySizeForFips(Certificate certificate, String str, String str2) throws Exception {
        FIPSEvalResult fIPSEvalResult = new FIPSEvalResult();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "evaluateKeySizeForFips. fipsLevel=" + str + " suiteBLevel=" + str2);
        }
        PublicKey publicKey = certificate.getPublicKey();
        String keyTypeFromPublicKey = PersonalCertificateHelper.getKeyTypeFromPublicKey(publicKey);
        int keySizeFromPublicKey = PersonalCertificateHelper.getKeySizeFromPublicKey(publicKey);
        int minimumSupportedKeySize = FIPSUtils.getMinimumSupportedKeySize(str, str2, keyTypeFromPublicKey);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "keyType:" + keyTypeFromPublicKey + " keySize:" + keySizeFromPublicKey + ". Minimum compliant keySize:" + minimumSupportedKeySize);
        }
        if (keySizeFromPublicKey >= minimumSupportedKeySize) {
            fIPSEvalResult.setReturnCode(3);
        } else {
            fIPSEvalResult.setReturnCode(2);
            fIPSEvalResult.setReason(TraceNLSHelper.getInstance().getFormattedMessage("keySizeNotCompliant", new Object[]{Integer.valueOf(keySizeFromPublicKey), Integer.valueOf(minimumSupportedKeySize), Constants.securityModeName[FIPSUtils.getFipsSecurityMode(true, str, str2)]}, "Current key size is " + keySizeFromPublicKey + ". Minimum required keySize is " + minimumSupportedKeySize + " to be compliant with [" + Constants.securityModeName[FIPSUtils.getFipsSecurityMode(true, str, str2)] + "]. "));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "evaluateKeySizeForFips: " + fIPSEvalResult);
        }
        return fIPSEvalResult;
    }

    String printAllAttrList(AttributeList attributeList) {
        String attributeList2;
        try {
            attributeList2 = formatCertList((List) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_STATUS_CAN_CONVERT), Constants.CERT_STATUS_CAN_CONVERT) + formatCertList((List) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_STATUS_CAN_NOT_CONVERT), Constants.CERT_STATUS_CAN_NOT_CONVERT) + formatCertList((List) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_STATUS_MEET_SECURITY_STANDARD), Constants.CERT_STATUS_MEET_SECURITY_STANDARD);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception when trying to format allAttrList for printing.  Ignore and print without format." + e.getMessage());
            }
            attributeList2 = attributeList.toString();
        }
        return attributeList2;
    }

    String formatCertList(List<AttributeList> list, String str) throws Exception {
        String str2 = "\n===" + str + "===\n";
        if (list == null || (list != null && list.isEmpty())) {
            str2 = str2 + "  No entry found.";
        } else {
            for (AttributeList attributeList : list) {
                if (attributeList != null) {
                    try {
                        String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_INFO_KEYSTORE_NAME);
                        String str4 = (String) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_INFO_MANAGEMENT_SCOPE);
                        String str5 = (String) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_INFO_ALIAS);
                        String str6 = (String) ConfigServiceHelper.getAttributeValue(attributeList, Constants.CERT_INFO_REASON);
                        if (!str2.endsWith("===\n")) {
                            str2 = str2 + "-----\n";
                        }
                        str2 = str2 + "  " + Constants.CERT_INFO_KEYSTORE_NAME + "=" + str3 + "\n  " + Constants.CERT_INFO_MANAGEMENT_SCOPE + "=" + str4 + "\n  " + Constants.CERT_INFO_ALIAS + "=" + str5 + "\n";
                        if (!str.equals(Constants.CERT_STATUS_MEET_SECURITY_STANDARD)) {
                            str2 = str2 + "  " + Constants.CERT_INFO_REASON + "=" + str6 + "\n";
                        }
                    } catch (Exception e) {
                        throw e;
                    }
                }
            }
        }
        return str2;
    }

    boolean signedByWASRoot(Certificate[] certificateArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "signedByWASRoot");
        }
        try {
            if (this.digestCacheMap == null || (this.digestCacheMap != null && this.digestCacheMap.size() == 0)) {
                String nodeScopeName = ManagementScopeManager.getInstance().getNodeScopeName();
                String defaultKeyStoreName = KeyStoreManager.getDefaultKeyStoreName(Constants.DEFAULT_ROOT_STORE);
                KeyStoreInfo ksInfo = PersonalCertificateHelper.getKsInfo(this.session, this.cs, defaultKeyStoreName, nodeScopeName);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking if the certificate is signed by " + defaultKeyStoreName + " in Scope=" + nodeScopeName);
                }
                this.digestCacheMap = this.scemHelper.populateDigestCacheMap(null, ksInfo);
            }
            boolean signedByWebSphere = this.scemHelper.signedByWebSphere(certificateArr, this.digestCacheMap);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "signedByWASRoot " + signedByWebSphere);
            }
            return signedByWebSphere;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception caught while checking if certificate is signed by WebSphere" + e.getMessage());
            }
            throw e;
        }
    }
}
