package com.ibm.ws.crypto.commands.aes;

import com.ibm.ISecurityUtilityImpl.aes.DefaultEncryptionKeyManager;
import com.ibm.ISecurityUtilityImpl.aes.EncryptionKeyManagerFactory;
import com.ibm.ISecurityUtilityImpl.aes.PropertyManager;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.workspace.WorkSpaceException;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.core.Constants;
import java.util.Locale;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/crypto/commands/aes/EnablePasswordEncryption.class */
public class EnablePasswordEncryption extends AbstractPasswordUtilTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) EnablePasswordEncryption.class, "PasswordUtil", "com.ibm.ws.crypto.commands.aes");
    private String defaultAlgorithm;
    private String aesKeystorePassword;
    private String aesCurrentAlias;
    private String aesAlias;
    private Boolean aesGenerateKeystore;
    private String aesCustomKeyManager;
    private Boolean updatePws;
    private Boolean forceGeneration;
    private Boolean alterUpdatePws;

    public EnablePasswordEncryption(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.defaultAlgorithm = null;
        this.aesKeystorePassword = null;
        this.aesCurrentAlias = null;
        this.aesAlias = null;
        this.aesGenerateKeystore = null;
        this.aesCustomKeyManager = null;
        this.updatePws = null;
        this.forceGeneration = null;
        this.alterUpdatePws = Boolean.FALSE;
    }

    public EnablePasswordEncryption(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.defaultAlgorithm = null;
        this.aesKeystorePassword = null;
        this.aesCurrentAlias = null;
        this.aesAlias = null;
        this.aesGenerateKeystore = null;
        this.aesCustomKeyManager = null;
        this.updatePws = null;
        this.forceGeneration = null;
        this.alterUpdatePws = Boolean.FALSE;
    }

    @Override // com.ibm.ws.crypto.commands.aes.AbstractPasswordUtilTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        MetadataUtils.isAesSupportedByAllNodes(configSession, configService);
        super.validate();
        this.defaultAlgorithm = (String) getParameter("defaultAlgorithm");
        this.aesKeystore = (String) getParameter("aesKeystore");
        this.aesKeystorePassword = (String) getParameter("aesKeystorePassword");
        this.aesCurrentAlias = (String) getParameter("aesCurrentAlias");
        this.aesAlias = (String) getParameter("aesAlias");
        this.aesGenerateKeystore = (Boolean) getParameter("aesGenerateKeystore");
        this.aesCustomKeyManager = (String) getParameter("aesCustomKeyManager");
        this.updatePws = (Boolean) getParameter("updatePws");
        this.forceGeneration = (Boolean) getParameter("forceGeneration");
        dumpParameters();
        if (this.aesCurrentAlias != null) {
            this.aesCurrentAlias = this.aesCurrentAlias.toLowerCase(Locale.ENGLISH);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the value of aesCurrentAlias is converted to all lowercase : " + this.aesCurrentAlias);
            }
        }
        if (this.aesAlias != null) {
            this.aesAlias = this.aesAlias.toLowerCase(Locale.ENGLISH);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the value of aesAlias is converted to all lowercase : " + this.aesAlias);
            }
        }
        if (this.aesCustomKeyManager != null) {
            this.aesGenerateKeystore = Boolean.FALSE;
            this.aesAlias = null;
        } else {
            initializeKeystoreLocation();
            if (this.aesGenerateKeystore == null) {
                this.aesGenerateKeystore = Boolean.TRUE;
            }
        }
        if (this.forceGeneration == null) {
            this.forceGeneration = Boolean.FALSE;
        }
        if (this.aesKeystorePassword == null) {
            this.aesKeystorePassword = Constants.DEFAULT_KEYSTORE_PASSWORD;
        }
        if (this.location != null) {
            if (this.updatePws != null && this.updatePws.booleanValue()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "the warning message will be logged.");
                }
                this.alterUpdatePws = Boolean.TRUE;
            }
            this.updatePws = Boolean.FALSE;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "updatePws is disabled because the location value is set.");
            }
        } else if (this.updatePws == null) {
            this.updatePws = Boolean.TRUE;
        }
        if ((this.existsPropFile || this.existsPropFileInWS) && !this.forceGeneration.booleanValue()) {
            String str = this.fqPropFile;
            if (this.existsPropFileInWS) {
                str = fixupLocationForValidate(configSession, this.fqPropFile);
            }
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionFileExists", new Object[]{str}, "CWPKI0765E:  The file " + str + " already exists."));
        }
        if (this.aesCustomKeyManager == null) {
            if (this.existsKeystoreFile || this.existsKeystoreFileInWS) {
                if (!this.forceGeneration.booleanValue() && this.aesGenerateKeystore.booleanValue()) {
                    String str2 = this.fqKeystoreFile;
                    if (this.existsKeystoreFileInWS) {
                        str2 = fixupLocationForValidate(configSession, this.fqKeystoreFile);
                    }
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionFileExists", new Object[]{str2}, "CWPKI0765E:  The file " + str2 + " already exists."));
                }
                validateAliasesForDefaultKeyManager(getFileForValidate(configSession, this.existsKeystoreFileInWS, this.fqKeystoreFile), this.aesKeystorePassword.toCharArray(), this.aesCurrentAlias, this.aesAlias, false);
            } else {
                if (!this.aesGenerateKeystore.booleanValue()) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionFileDoesNotExist", new Object[]{this.fqKeystoreFile}, "CWPKI0772E:  The " + this.fqKeystoreFile + " file does not exist. Ensure that the location is correct, and then retry the operation."));
                }
                if (this.aesCurrentAlias != null && !this.aesCurrentAlias.equals(this.aesAlias)) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.NotMatchCurrentKeyAlias", new Object[]{this.aesCurrentAlias, this.aesAlias}, "CWPKI0775E:  The " + this.aesCurrentAlias + " value of the aesCurrentAlias parameter does not match the " + this.aesAlias + " value of the aesAlias parameter. Ensure that these values match."));
                }
            }
        } else {
            if (!validateCustomEncryptionKeyManager(this.aesCustomKeyManager)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.InvalidCustomKeyManager", new Object[]{this.aesCustomKeyManager}, "CWPKI0774E:  The " + this.aesCustomKeyManager + " EncryptionKeyManager class was not found."));
            }
            validateAliasesForCustomKeyManager(this.aesCustomKeyManager, this.aesCurrentAlias);
        }
        if (this.defaultAlgorithm == null) {
            this.defaultAlgorithm = "aes";
        } else if (!this.defaultAlgorithm.equals(PropertyManager.ALGO_XOR) && !this.defaultAlgorithm.equals("aes") && !this.defaultAlgorithm.equals("custom")) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionInvalidDefault", new Object[]{this.defaultAlgorithm}, "CWPKI0767E:  The value of the " + this.defaultAlgorithm + " defaultAlgorithm parameter is not valid. The value must be custom if the value is available, xor, or aes."));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        String formattedMessage;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted TaskCommandResult indicates failure.");
                return;
            }
            return;
        }
        boolean z = false;
        Session configSession = getConfigSession();
        try {
            boolean z2 = false;
            boolean z3 = false;
            if (this.existsPropFile || this.existsPropFileInWS) {
                z2 = true;
                extractToWS(configSession, this.fqPropFile);
            }
            if (this.existsKeystoreFile || this.existsKeystoreFileInWS) {
                z3 = true;
                extractToWS(configSession, this.fqKeystoreFile);
            }
            this.workspacePath = fixupLocation(configSession, this.fqLocation);
            if (this.updatePws.booleanValue() && (this.existsPropFileInWS || this.existsPropFile)) {
                updatePasswords(configSession, (!this.existsPropFile || this.existsPropFileInWS) ? this.workspacePath : this.fqLocation, null, true, taskCommandResultImpl);
                z = true;
            }
            if (this.aesGenerateKeystore.booleanValue()) {
                String fixupLocation = fixupLocation(configSession, this.fqKeystoreFile);
                DefaultEncryptionKeyManager createDefaultEncryptionKeyManager = EncryptionKeyManagerFactory.createDefaultEncryptionKeyManager(this.aesKeystorePassword.toCharArray());
                createDefaultEncryptionKeyManager.addNewKey(this.aesAlias);
                createDefaultEncryptionKeyManager.storeToFile(fixupLocation);
                notifyWS(configSession, this.fqKeystoreFile, z3 ? 1 : 0);
            }
            PropertyManager.createProperties(this.workspacePath + PropertyManager.PROP_FILE_NAME, this.defaultAlgorithm, this.aesKeystore, this.aesKeystorePassword.toCharArray(), this.aesCurrentAlias, this.aesCustomKeyManager);
            notifyWS(configSession, this.fqPropFile, z2 ? 1 : 0);
            if (this.updatePws.booleanValue()) {
                if (!this.existsPropFileInWS || (z && !PropertyManager.ALGO_XOR.equals(this.defaultAlgorithm))) {
                    updatePasswords(configSession, this.workspacePath, this.defaultAlgorithm, false, taskCommandResultImpl);
                }
                taskCommandResultImpl.setResult(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.PasswordUpdated", new Object[]{this.defaultAlgorithm}, "CWPKI0790I:  The passwords in the configuration directory were updated by the " + this.defaultAlgorithm + " algorithm."));
            } else if (this.alterUpdatePws.booleanValue()) {
                taskCommandResultImpl.setResult(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.NoPasswordUpdate", new Object[]{this.location}, "CWPKI0791W:  The true value of the updatePws parameter was ignored because the " + this.location + " clientPropsLocation parameter is set. The passwords in the configuration directory were not updated."));
            }
        } catch (CommandException e) {
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.crypto.commands.aes.EnablePasswordEncryption.afterStepsExecuted", "278", this);
            Throwable rootCause = getRootCause(th);
            if (0 != 0) {
                try {
                    WorkSpaceManagerFactory.getManager().getWorkSpace(configSession.toString()).release();
                } catch (WorkSpaceException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.crypto.commands.aes.EnablePasswordEncryption.afterStepsExecuted", "287", this);
                }
                formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionAesAdminTaskDiscardWS", new Object[]{"enablePasswordEncryption", rootCause.getMessage()}, "CWPKI0764E:  The enablePasswordEncryption command did not complete. The unsaved files were discarded. The error message is " + rootCause.getMessage());
            } else {
                formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionAesAdminTask", new Object[]{"enablePasswordEncryption", rootCause.getMessage()}, "CWPKI0763E:  The enablePasswordEncryption command did not complete. The error message is " + rootCause.getMessage());
            }
            taskCommandResultImpl.addWarnings(formattedMessage);
            taskCommandResultImpl.setResult(new Boolean(false));
            taskCommandResultImpl.setException(new CommandException(formattedMessage));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    private void dumpParameters() {
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("validate : parameters : ");
            stringBuffer.append("location : ").append(this.location);
            stringBuffer.append(", defaultAlgorithm : ").append(this.defaultAlgorithm);
            stringBuffer.append(", aesKeystore : ").append(this.aesKeystore);
            stringBuffer.append(", aesKeystorePassword : ").append(this.aesKeystorePassword == null ? "<null>" : "****");
            stringBuffer.append(", aesCurrentAlias : ").append(this.aesCurrentAlias);
            stringBuffer.append(", aesAlias : ").append(this.aesAlias);
            stringBuffer.append(", aesGenerateKeystore : ").append(this.aesGenerateKeystore);
            stringBuffer.append(", aesCustomKeyManager : ").append(this.aesCustomKeyManager);
            stringBuffer.append(", updatePws : ").append(this.updatePws);
            stringBuffer.append(", forceGeneration : ").append(this.forceGeneration);
            Tr.debug(tc, stringBuffer.toString());
        }
    }
}
