package com.ibm.ws.ssl.commands.migrate;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.config.ManagementScopeData;
import com.ibm.ws.ssl.config.WSKeyStoreHelper;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.management.ObjectName;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ws/ssl/commands/migrate/GenCertForNewCellName.class */
public class GenCertForNewCellName extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) ConvertSelfSignedCertificatesToChained.class, "SSL", "com.ibm.ws.ssl.commands.migrate");
    private String newCellName;
    private String rootCertificateAlias;
    String linesep;

    public GenCertForNewCellName(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.newCellName = null;
        this.rootCertificateAlias = null;
        this.linesep = System.getProperty("line.separator");
    }

    public GenCertForNewCellName(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.newCellName = null;
        this.rootCertificateAlias = null;
        this.linesep = System.getProperty("line.separator");
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        try {
            this.newCellName = (String) getParameter("cellName");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cellName=" + this.newCellName);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (Exception e) {
            throw new CommandValidationException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            CommandHelper commandHelper = new CommandHelper();
            String defaultKeyStoreName = commandHelper.getDefaultKeyStoreName(Constants.DEFAULT_ROOT_STORE, configSession, configService);
            KeyStoreInfo ksInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, defaultKeyStoreName, commandHelper.getScopeForNodeKeyStore(configSession, configService, defaultKeyStoreName));
            WSKeyStoreHelper wSKeyStoreHelper = new WSKeyStoreHelper(ksInfo);
            this.rootCertificateAlias = PersonalCertificateHelper.getDefaultRootAlias(ksInfo);
            genNewRootCertificateAndStore(configSession, configService, this.rootCertificateAlias, ksInfo, wSKeyStoreHelper);
            taskCommandResultImpl.setResult(replaceCertInDefaultKeystores(configSession, configService, wSKeyStoreHelper.getCertChainFromKey(this.rootCertificateAlias), (PrivateKey) wSKeyStoreHelper.getKey(this.rootCertificateAlias, ksInfo.getPassword())));
        } catch (Exception e) {
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    private void genNewRootCertificateAndStore(Session session, ConfigService configService, String str, KeyStoreInfo keyStoreInfo, WSKeyStoreHelper wSKeyStoreHelper) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genNewRootCertificateAndStore");
        }
        try {
            X509Certificate signer = wSKeyStoreHelper.getSigner(str);
            CertReqInfo createCertInfoFromCert = createCertInfoFromCert(str, signer, keyStoreInfo);
            createCertInfoFromCert.setSubjectDN(genNewSubjectDN(createCertInfoFromCert.getSubjectDN(), getNodeName(session, configService, keyStoreInfo.getName(), keyStoreInfo.getScopeNameString()), this.newCellName, true));
            wSKeyStoreHelper.createSelfSignedCertificate(createCertInfoFromCert, true, true);
            PersonalCertificateHelper.replaceCerts(session, keyStoreInfo, str, signer, null, wSKeyStoreHelper.getSigner(str), null, null, true, null);
            PersonalCertificateHelper.setWorkspaceUpdated(session, keyStoreInfo.getLocation());
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "genNewRootCertificateAndStore");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while generating an new root certificate.", e.getMessage());
            }
            throw e;
        }
    }

    private String replaceCertInDefaultKeystores(Session session, ConfigService configService, Certificate[] certificateArr, PrivateKey privateKey) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "replaceCertInDefaultKeystores");
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            for (ObjectName objectName : configService.queryConfigObjects(session, configService.resolve(session, "Cell=:Security=")[0], ConfigServiceHelper.createObjectName((ConfigDataId) null, "KeyStore"), null)) {
                String str = (String) configService.getAttribute(session, objectName, "name");
                if (!((Boolean) configService.getAttribute(session, objectName, "readOnly")).booleanValue() && (str.equals("CellDefaultKeyStore") || str.equals("NodeDefaultKeyStore"))) {
                    String replaceDefaultCerts = replaceDefaultCerts(session, configService, PersonalCertificateHelper.getKsInfo(session, configService, str, (String) configService.getAttribute(session, (ObjectName) configService.getAttribute(session, objectName, CommandConstants.MANAGEMENT_SCOPE), CommandConstants.SCOPE_NAME)), certificateArr, privateKey);
                    if (!replaceDefaultCerts.isEmpty()) {
                        stringBuffer.append(replaceDefaultCerts);
                        stringBuffer.append(this.linesep);
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "replaceCertInDefaultKeystores");
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while replacing self-signed certifictates", e.getMessage());
            }
            throw e;
        }
    }

    private String replaceDefaultCerts(Session session, ConfigService configService, KeyStoreInfo keyStoreInfo, Certificate[] certificateArr, PrivateKey privateKey) throws Exception {
        String[] certAliases;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "replaceDefaultCerts");
        }
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        String str = "default";
        if (Security.getProperty("DEFAULT_JCE_PROVIDER") == null) {
        }
        try {
            WSKeyStoreHelper wSKeyStoreHelper = new WSKeyStoreHelper(keyStoreInfo);
            if ((!wSKeyStoreHelper.containsAlias(str) || !wSKeyStoreHelper.isCertKeyEntry(str)) && (certAliases = wSKeyStoreHelper.getCertAliases()) != null) {
                int i = 0;
                while (true) {
                    if (i >= certAliases.length) {
                        break;
                    }
                    String str2 = certAliases[i];
                    if (wSKeyStoreHelper.containsAlias(str) && wSKeyStoreHelper.isCertKeyEntry(str)) {
                        str = str2;
                        break;
                    }
                    i++;
                }
            }
            X509Certificate x509Certificate = (X509Certificate) wSKeyStoreHelper.getCertChainFromKey(str)[0];
            if (x509Certificate != null && CertificateRequestHelper.isKeyCertReq(x509Certificate, str) == null) {
                CertReqInfo createCertInfoFromCert = createCertInfoFromCert(str, x509Certificate, keyStoreInfo);
                if (x509Certificate.getBasicConstraints() != -1) {
                    z = true;
                }
                createCertInfoFromCert.setSubjectDN(genNewSubjectDN(createCertInfoFromCert.getSubjectDN(), getNodeName(session, configService, keyStoreInfo.getName(), keyStoreInfo.getScopeNameString()), this.newCellName, false));
                wSKeyStoreHelper.createChainedCertificate(createCertInfoFromCert, certificateArr, privateKey, z, true);
                PersonalCertificateHelper.replaceCerts(session, keyStoreInfo, str, x509Certificate, null, (X509Certificate) certificateArr[certificateArr.length - 1], null, null, true, null);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate \"" + str + "\" is not a personal certificate.");
            }
            PersonalCertificateHelper.setWorkspaceUpdated(session, keyStoreInfo.getLocation());
            PersonalCertificateHelper.markSSLConfigChanged(keyStoreInfo, session);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "replaceDefaultCerts");
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception while replacing self-signed certifictates", e.getMessage());
            }
            throw e;
        }
    }

    private CertReqInfo createCertInfoFromCert(String str, X509Certificate x509Certificate, KeyStoreInfo keyStoreInfo) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCertInfoFromCert");
        }
        CertReqInfo certReqInfo = new CertReqInfo(str, PersonalCertificateHelper.getKeySizeFromPublicKey(x509Certificate.getPublicKey()), x509Certificate.getSubjectX500Principal().getName(), Long.valueOf((x509Certificate.getNotAfter().getTime() - x509Certificate.getNotBefore().getTime()) / 86400000).intValue(), keyStoreInfo, null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCertInfoFromCert " + certReqInfo);
        }
        return certReqInfo;
    }

    private String getCNFromDN(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCNFromDN " + str);
        }
        String str2 = "";
        String[] split = str.split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str3 = split[i];
            if (str3.contains("CN=") || str3.contains("cn=")) {
                String[] split2 = str3.trim().split("=");
                if (split2[1] != null) {
                    str2 = split2[1].trim();
                    break;
                }
            }
            i++;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCNFromDN " + str2);
        }
        return str2;
    }

    private String genNewSubjectDN(String str, String str2, String str3, boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genNewSubjectDN", new Object[]{str, str2, str3, Boolean.valueOf(z)});
        }
        String cNFromDN = getCNFromDN(str);
        String str4 = z ? "cn=" + cNFromDN + ",ou=Root Certificate,ou=" + str3 + ",ou=" + str2 + ",o=IBM,c=US" : "cn=" + cNFromDN + ",ou=" + str3 + ",ou=" + str2 + ",o=IBM,c=US";
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "genNewSubjectDN " + str4);
        }
        return str4;
    }

    private String getNodeName(Session session, ConfigService configService, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNodeName", new Object[]{str, str2});
        }
        String nodeName = new ManagementScopeData(str2).getNodeName();
        if (nodeName == null && str.equals("CellDefaultKeyStore")) {
            for (ObjectName objectName : configService.resolve(session, "Cell=:Node=")) {
                for (ObjectName objectName2 : configService.queryConfigObjects(session, objectName, ConfigServiceHelper.createObjectName((ConfigDataId) null, "ServerEntry"), null)) {
                    nodeName = ConfigServiceHelper.getDisplayName(objectName);
                    String str3 = (String) configService.getAttribute(session, objectName2, "serverType");
                    if (tc.isEntryEnabled()) {
                        Tr.debug(tc, "serverType: " + str3);
                    }
                    if (str3.equals("DEPLOYMENT_MANAGER")) {
                        break;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNodeName " + nodeName);
        }
        return nodeName;
    }
}
