package com.ibm.ws.crypto.commands.aes;

import com.ibm.ISecurityUtilityImpl.aes.AesEncryptionException;
import com.ibm.ISecurityUtilityImpl.aes.DefaultEncryptionKeyManager;
import com.ibm.ISecurityUtilityImpl.aes.EncryptionKeyManagerFactory;
import com.ibm.ISecurityUtilityImpl.aes.PropertyManager;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.wsspi.security.crypto.aes.EncryptionKeyManagerException;
import java.io.IOException;
import java.util.Locale;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/crypto/commands/aes/RegenPasswordEncryptionKey.class */
public class RegenPasswordEncryptionKey extends AbstractPasswordUtilTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) RegenPasswordEncryptionKey.class, "PasswordUtil", "com.ibm.ws.crypto.commands.aes");
    private String aesAlias;
    private Boolean deleteOldKey;
    private Boolean updatePws;
    private Boolean alterUpdatePws;

    public RegenPasswordEncryptionKey(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.aesAlias = null;
        this.deleteOldKey = null;
        this.updatePws = null;
        this.alterUpdatePws = Boolean.FALSE;
    }

    public RegenPasswordEncryptionKey(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.aesAlias = null;
        this.deleteOldKey = null;
        this.updatePws = null;
        this.alterUpdatePws = Boolean.FALSE;
    }

    @Override // com.ibm.ws.crypto.commands.aes.AbstractPasswordUtilTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        this.aesAlias = (String) getParameter("aesAlias");
        this.deleteOldKey = (Boolean) getParameter("deleteOldKey");
        this.updatePws = (Boolean) getParameter("updatePws");
        dumpParameters();
        if (this.aesAlias != null) {
            this.aesAlias = this.aesAlias.toLowerCase(Locale.ENGLISH);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "the value of aesAlias is converted to all lowercase : " + this.aesAlias);
            }
        }
        if (this.location != null) {
            if (this.updatePws != null && this.updatePws.booleanValue()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "the warning message will be logged.");
                }
                this.alterUpdatePws = Boolean.TRUE;
            }
            this.updatePws = Boolean.FALSE;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "updatePws is disabled because the location value is set.");
            }
        } else if (this.updatePws == null) {
            this.updatePws = Boolean.TRUE;
        }
        if (this.deleteOldKey == null) {
            this.deleteOldKey = Boolean.FALSE;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The value of deleteOldKey is set as : " + this.deleteOldKey);
            }
        }
        if (!this.existsPropFile && !this.existsPropFileInWS) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionFileDoesNotExist", new Object[]{this.fqPropFile}, "CWPKI0772E:  The " + this.fqPropFile + " file does not exist. Ensure that the location is correct, and then retry the operation."));
        }
        Session configSession = getConfigSession();
        initilizeWorkspacePathForValidate(configSession, this.fqLocation);
        String propLocation = getPropLocation();
        if (existCustomKeyManager(propLocation)) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.NoOpCustomKeyManager", null, "CWPKI0779E:  The deleteEncryptionKey command and the regenEncryptionKey command are disabled because the custom EncryptionKeyManager class is used."));
        }
        if (!"aes".equals(getDefaultAlgorithm(propLocation))) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.NoOpNotAes", null, "CWPKI0780E:  The regenEncryptionKey command is disabled because the AES encryption is not set as the default encryption."));
        }
        this.aesKeystore = getKeystoreLocation(propLocation);
        initializeKeystoreLocation();
        if (!this.existsKeystoreFile && !this.existsKeystoreFileInWS) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionFileDoesNotExist", new Object[]{this.fqKeystoreFile}, "CWPKI0772E:  The " + this.fqKeystoreFile + " file does not exist. Ensure that the location is correct, and then retry the operation."));
        }
        validateAliasesForDefaultKeyManager(getFileForValidate(configSession, this.existsKeystoreFileInWS, this.fqKeystoreFile), getPassword(propLocation), null, this.aesAlias, false);
        if (!this.updatePws.booleanValue() && this.deleteOldKey.booleanValue() && this.location == null) {
            validateAliasIsNotUsed(configSession, propLocation, this.fqKeystoreFile);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted TaskCommandResult indicates failure.");
                return;
            }
            return;
        }
        Session configSession = getConfigSession();
        try {
            if (this.existsPropFile || this.existsPropFileInWS) {
                extractToWS(configSession, this.fqPropFile);
            }
            if (this.existsKeystoreFile || this.existsKeystoreFileInWS) {
                extractToWS(configSession, this.fqKeystoreFile);
            }
            this.workspacePath = fixupLocation(configSession, this.fqLocation);
            PropertyManager propertyManager = new PropertyManager(this.workspacePath + PropertyManager.PROP_FILE_NAME);
            String fixupLocation = fixupLocation(configSession, this.fqKeystoreFile);
            DefaultEncryptionKeyManager createDefaultEncryptionKeyManager = EncryptionKeyManagerFactory.createDefaultEncryptionKeyManager(fixupLocation, propertyManager.getPassword(), propertyManager);
            String str = null;
            String currentAlias = propertyManager.getCurrentAlias();
            if (this.deleteOldKey.booleanValue()) {
                str = createDefaultEncryptionKeyManager.computeCurrentKeyAlias(currentAlias);
            }
            createDefaultEncryptionKeyManager.addNewKey(this.aesAlias);
            createDefaultEncryptionKeyManager.storeToFile(fixupLocation);
            notifyWS(configSession, this.fqKeystoreFile, 1);
            if (currentAlias != null || this.aesAlias != null) {
                propertyManager.setCurrentAlias(this.aesAlias);
                propertyManager.saveProperties();
                notifyWS(configSession, this.fqPropFile, 1);
            }
            if (this.updatePws.booleanValue()) {
                updatePasswords(configSession, this.workspacePath, "aes", false, taskCommandResultImpl);
            }
            if (this.deleteOldKey.booleanValue()) {
                createDefaultEncryptionKeyManager.deleteKey(str);
                createDefaultEncryptionKeyManager.storeToFile(fixupLocation);
                notifyWS(configSession, this.fqKeystoreFile, 1);
                if (propertyManager.getCurrentAlias() != null && createDefaultEncryptionKeyManager.getAllKeyAliases().size() == 1) {
                    propertyManager.setCurrentAlias(null);
                    propertyManager.saveProperties();
                    notifyWS(configSession, this.fqPropFile, 1);
                }
            }
            if (this.updatePws.booleanValue()) {
                taskCommandResultImpl.setResult(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.PasswordUpdated", new Object[]{"aes"}, "CWPKI0790I:  The passwords in the configuration directory were updated by the aes algorithm."));
            } else if (this.alterUpdatePws.booleanValue()) {
                taskCommandResultImpl.setResult(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.NoPasswordUpdate", new Object[]{this.location}, "CWPKI0791W:  The true value of the updatePws parameter was ignored because the " + this.location + " clientPropsLocation parameter is set. The passwords in the configuration directory were not updated."));
            }
        } catch (CommandException e) {
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.crypto.commands.aes.RegenPasswordEncryptionKey.afterStepsExecuted", "217", this);
            Throwable rootCause = getRootCause(th);
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionAesAdminTask", new Object[]{"regenPasswordEncryptionKey", rootCause.getMessage()}, "CWPKI0763E:  The regenPasswordEncryptionKey command did not complete. The error message is " + rootCause.getMessage());
            taskCommandResultImpl.addWarnings(formattedMessage);
            taskCommandResultImpl.setResult(new Boolean(false));
            taskCommandResultImpl.setException(new CommandException(formattedMessage));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    private void dumpParameters() {
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("validate : parameters :");
            stringBuffer.append(" location : ").append(this.location);
            stringBuffer.append(", aesAlias : ").append(this.aesAlias);
            stringBuffer.append(", deleteOldKey : ").append(this.deleteOldKey);
            Tr.debug(tc, stringBuffer.toString());
        }
    }

    private String computeCurrentAlias(String str, String str2) throws IOException, EncryptionKeyManagerException, AesEncryptionException {
        PropertyManager propertyManager = new PropertyManager(str + PropertyManager.PROP_FILE_NAME);
        String computeCurrentKeyAlias = EncryptionKeyManagerFactory.createDefaultEncryptionKeyManager(str2, propertyManager.getPassword(), propertyManager).computeCurrentKeyAlias(propertyManager.getCurrentAlias());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "currentAlias : " + computeCurrentKeyAlias);
        }
        return computeCurrentKeyAlias;
    }

    private void validateAliasIsNotUsed(Session session, String str, String str2) throws CommandValidationException {
        String str3 = str2;
        if (this.existsKeystoreFileInWS) {
            str3 = fixupLocationForValidate(session, str2);
        }
        try {
            String computeCurrentAlias = computeCurrentAlias(str, str3);
            String property = System.getProperty("user.install.root");
            if (property != null && scanAesPasswords(session, computeCurrentAlias, property + "/config") != null) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.cannotDeleteOldKey", new Object[]{computeCurrentAlias}, "CWPKI0792E:  The key cannot be deleted because it is associated with the " + computeCurrentAlias + " value of the current alias that is used for encrypting the passwords in the config directory. The updatePws parameter is set to false and the deleteOldKey parameter is set to true, but the deleteOldKey parameter must be set to false because the key is in use."));
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.crypto.commands.aes.RegenPasswordEncryptionKey.validateAliasIsNotUsed", "256", this);
            Throwable rootCause = getRootCause(th);
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.aes.ExceptionAesAdminTask", new Object[]{"regenPasswordEncryptionKey", rootCause.getMessage()}, "CWPKI0763E:  The regenPasswordEncryptionKey command did not complete. The error message is " + rootCause.getMessage()));
        }
    }
}
