package com.ibm.ws.security.admintask.audit.certificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.configservice.ConfigServiceProxy;
import com.ibm.websphere.ras.RasMessage;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.profiletask.MessageFormatHelper;
import com.ibm.ws.security.role.RoleBasedAuthorizer;
import com.ibm.ws.security.role.RoleBasedConfiguratorFactory;
import com.ibm.ws.security.util.Constants;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.ws.webservices.wssecurity.KRBConstants;
import java.security.Key;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.management.AttributeList;
import javax.management.ObjectName;
import javax.management.QueryExp;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/admintask/audit/certificates/ImportAuditCertificate.class */
public class ImportAuditCertificate extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register(ImportAuditCertificate.class, RasMessage.AUDIT, "com.ibm.ws.security.admintask.audit.certificates");
    private static String BUNDLE_NAME = "com.ibm.ejs.resources.security";
    private static ResourceBundle resBundle = ResourceBundle.getBundle(BUNDLE_NAME, Locale.getDefault());
    private String keyStoreName;
    private String fromKeyStoreName;
    private String keyFilePath;
    private String keyFilePathExpanded;
    private String keyFilePassword;
    private String keyFileType;
    private String certAliasFromKeyFile;
    private String certAlias;
    private String keyStoreScope;
    private String fromKeyStoreScope;
    private String fromKeyStorePassword;
    private KeyStoreInfo ksInfo;
    private KeyStoreInfo fromKsInfo;
    private String certAliasFromKeyStore;
    private String msgLocation;

    public ImportAuditCertificate(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.fromKeyStoreName = null;
        this.keyFilePath = null;
        this.keyFilePathExpanded = null;
        this.keyFilePassword = null;
        this.keyFileType = null;
        this.certAliasFromKeyFile = null;
        this.certAlias = null;
        this.keyStoreScope = null;
        this.fromKeyStoreScope = null;
        this.fromKeyStorePassword = null;
        this.ksInfo = null;
        this.fromKsInfo = null;
        this.certAliasFromKeyStore = null;
        this.msgLocation = null;
    }

    public ImportAuditCertificate(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.fromKeyStoreName = null;
        this.keyFilePath = null;
        this.keyFilePathExpanded = null;
        this.keyFilePassword = null;
        this.keyFileType = null;
        this.certAliasFromKeyFile = null;
        this.certAlias = null;
        this.keyStoreScope = null;
        this.fromKeyStoreScope = null;
        this.fromKeyStorePassword = null;
        this.ksInfo = null;
        this.fromKsInfo = null;
        this.certAliasFromKeyStore = null;
        this.msgLocation = null;
    }

    private String getMsg(ResourceBundle resourceBundle, String str, Object[] objArr) {
        return MessageFormatHelper.getFormattedMessage(resourceBundle, str, objArr);
    }

    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.VALIDATE);
        }
        super.validate();
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            ObjectName objectName = configService.resolve(configSession, "Cell=")[0];
            ObjectName objectName2 = configService.queryConfigObjects(configSession, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
            if (getName().equals("importAuditCertificate")) {
                this.keyFilePath = (String) getParameter(CommandConstants.KEY_FILE_PATH);
                this.keyFilePassword = (String) getParameter(CommandConstants.KEY_FILE_PASSWORD);
                this.keyFileType = (String) getParameter(CommandConstants.KEY_FILE_TYPE);
                this.certAliasFromKeyFile = (String) getParameter(CommandConstants.CERT_ALIAS_FROM_KEY_FILE);
                if (isManagedKeyStore(this.keyFilePath)) {
                    RoleBasedAuthorizer roleBasedAuthorizer = RoleBasedConfiguratorFactory.getConfigurator().getRoleBasedAuthorizer(Constants.ADMIN_APP, "domain");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Got the RoleBasedAuthorizer object.");
                    }
                    if (!roleBasedAuthorizer.isCallerInRole(Constants.ADMIN_ROLE)) {
                        throw new CommandValidationException(getMsg(resBundle, "security.admintask.UserNotInRole", new Object[]{Constants.ADMIN_ROLE}));
                    }
                }
            } else {
                this.fromKeyStoreName = (String) getParameter(CommandConstants.FROM_KEY_STORE_NAME);
                this.fromKeyStoreScope = (String) getParameter(CommandConstants.FROM_KEY_STORE_SCOPE);
                this.fromKeyStorePassword = (String) getParameter(CommandConstants.FROM_KEY_STORE_PASSWORD);
                this.certAliasFromKeyStore = (String) getParameter(CommandConstants.FROM_KEY_STORE_OBJ);
            }
            this.keyStoreName = (String) getParameter(CommandConstants.KEY_STORE_NAME);
            this.keyStoreScope = (String) getParameter(CommandConstants.KEY_STORE_SCOPE);
            this.certAlias = (String) getParameter(CommandConstants.CERT_ALIAS);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreName=" + this.keyStoreName + " keyFileName=" + ((String) null) + " keyFileType=" + this.keyFileType + " certAliasFromKeyFile=" + this.certAliasFromKeyFile + " certAlias=" + this.certAlias);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultCellScope(objectName);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Default cell scopeName: " + this.keyStoreScope);
                }
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.keyStoreName, this.keyStoreScope);
            if (this.ksInfo.getReadOnly().booleanValue()) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.readonly.keystore.CWPKI0699E", new Object[]{this.ksInfo.getName()}, this.ksInfo.getName() + " is marked as a read only key store.  Unable to perform write operations to the key store file."));
            }
            if (this.fromKeyStoreName != null) {
                if (this.fromKeyStoreScope == null) {
                    this.fromKeyStoreScope = commandHelper.defaultScope();
                }
                this.fromKsInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.fromKeyStoreName, this.fromKeyStoreScope);
                if (this.ksInfo.getFileBased().booleanValue() && KeyStoreHelper.checkKeyFile(this.fromKsInfo.getType(), this.fromKsInfo.getLocation(), this.fromKeyStorePassword) != 0) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyStore.check.key.file.CWPKI0663E", new Object[]{this.fromKsInfo.getLocation()}, "Key store file \"" + this.fromKsInfo.getLocation() + "\" did not verify, make sure the file exists, check key store type and password."));
                }
                if (this.ksInfo.getType().equals(com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_JCERACFKS) || this.ksInfo.getType().equals(com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_JCECCARACFKS)) {
                    try {
                        new WSKeyStoreRemotable(this.ksInfo).invokeKeyStoreCommand("load", new Object[]{this.ksInfo.getLocation(), this.ksInfo.getType(), this.fromKeyStorePassword});
                    } catch (Exception e) {
                        throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyStore.check.key.file.CWPKI0663E", new Object[]{this.ksInfo.getLocation()}, "Key store file \"" + this.ksInfo.getLocation() + "\" did not verify, make sure the file or keyring exists, check key store type and password."));
                    }
                }
                this.msgLocation = this.fromKsInfo.getName();
            } else {
                this.keyFilePathExpanded = KeyStoreManager.getInstance().expand(this.keyFilePath);
                if (this.ksInfo.getFileBased().booleanValue() && KeyStoreHelper.checkKeyFile(this.keyFileType, this.keyFilePathExpanded, this.keyFilePassword) != 0) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyStore.check.key.file.CWPKI0663E", new Object[]{this.keyFilePath}, "Key store file \"" + this.keyFilePath + "\" did not verify, make sure the file exits, check key store type and password."));
                }
                this.msgLocation = this.ksInfo.getLocation();
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AuditConstants.VALIDATE);
            }
        } catch (Exception e2) {
            throw new CommandValidationException(e2.getMessage());
        }
    }

    protected void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResult = getTaskCommandResult();
        if (!taskCommandResult.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            if (this.fromKeyStoreName != null) {
                personalCertificateImport(this.ksInfo, this.fromKsInfo, this.certAlias, this.certAliasFromKeyStore);
            } else {
                personalCertificateImport(this.ksInfo, this.keyFilePath, this.keyFileType, this.keyFilePassword, this.certAlias, this.certAliasFromKeyFile);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.admintask.audit.ImportAuditCertificate.afterStepsExecuted", "176", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred.", new Object[]{e});
            }
            taskCommandResult.setException(new CommandException(e, e.getMessage()));
        }
        taskCommandResult.setResult(new Boolean(true));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    public void personalCertificateImport(KeyStoreInfo keyStoreInfo, String str, String str2, String str3, String str4, String str5) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "personalCertificateImport");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        String str6 = str4;
        String expand = KeyStoreManager.getInstance().expand(str);
        if (str6 == null || (str6 != null && str6.length() == 0)) {
            str6 = str5;
        }
        try {
            Object[] objArr = new Object[4];
            objArr[0] = expand;
            objArr[1] = str2;
            objArr[2] = str3 != null ? str3.toCharArray() : null;
            objArr[3] = str5;
            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificateChainFromUnManagedKeyStore", objArr);
            Object[] objArr2 = new Object[4];
            objArr2[0] = expand;
            objArr2[1] = str2;
            objArr2[2] = str3 != null ? str3.toCharArray() : null;
            objArr2[3] = str5;
            Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("getKeyFromUnManagedKeyStore", objArr2);
            if (invokeKeyStoreCommand[0] == null || invokeKeyStoreCommand2[0] == null) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.in.keystore.CWPKI0672E", new Object[]{str5, str}, "Alias \"" + str5 + "\" is not a personal certificate in key store \"" + str + "\"."));
            }
            setPersonalCertificate(keyStoreInfo, str6, invokeKeyStoreCommand2, invokeKeyStoreCommand);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "personalCertificateImport");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.ImportCertificate.personalCertificateImport", "225", this);
            throw e;
        }
    }

    public void personalCertificateImport(KeyStoreInfo keyStoreInfo, KeyStoreInfo keyStoreInfo2, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "personalCertificateImport");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo2);
        String str3 = str;
        if (str3 == null || (str3 != null && str3.length() == 0)) {
            str3 = str2;
        }
        try {
            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificateChain", new Object[]{str2});
            Object[] objArr = new Object[2];
            objArr[0] = str2;
            objArr[1] = keyStoreInfo2.getPassword() != null ? keyStoreInfo2.getPassword().toCharArray() : null;
            Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("getKey", objArr);
            if (invokeKeyStoreCommand[0] == null || invokeKeyStoreCommand2[0] == null) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.in.keystore.CWPKI0672E", new Object[]{str2, keyStoreInfo2.getLocation()}, "Alias \"" + str2 + "\" is not a personal certificate in key store \"" + keyStoreInfo2.getLocation() + "\"."));
            }
            setPersonalCertificate(keyStoreInfo, str3, invokeKeyStoreCommand2, invokeKeyStoreCommand);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.ImportCertificate.personalCertificateImport", "266", this);
            throw e;
        }
    }

    private void setPersonalCertificate(KeyStoreInfo keyStoreInfo, String str, Object[] objArr, Object[] objArr2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPersonalCertificate");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        try {
            if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.alias.already.exists.CWPKI0630E", new Object[]{str, this.msgLocation}, "Alias \"" + str + "\" already exists in key store \"" + this.msgLocation + "\"."));
            }
            Object[] objArr3 = new Object[4];
            objArr3[0] = str;
            objArr3[1] = (Key) objArr[0];
            objArr3[2] = keyStoreInfo.getPassword() != null ? keyStoreInfo.getPassword().toCharArray() : null;
            objArr3[3] = (Certificate[]) objArr2[0];
            wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntry", objArr3);
            Session configSession = getConfigSession();
            if (keyStoreInfo.getFileBased().booleanValue()) {
                PersonalCertificateHelper.setWorkspaceUpdated(configSession, keyStoreInfo.getLocation());
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "setPersonalCertificate");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    public boolean isManagedKeyStore(String str) throws Exception {
        try {
            ConfigServiceHelper.createObjectName((ConfigDataId) null, KRBConstants.ELM_SECURITY);
            ConfigServiceProxy configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            if (configService == null) {
                configService = new ConfigServiceProxy(AdminServiceFactory.getAdminService().getDeploymentManagerAdminClient());
            }
            ObjectName objectName = configService.resolve(configSession, "Cell=:Security=")[0];
            new CommandHelper();
            List list = (List) configService.getAttribute(configSession, objectName, CommandConstants.KEY_STORES);
            String expand = KeyStoreManager.getInstance().expand(str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "searching for keyFilePath: " + expand);
            }
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String expand2 = KeyStoreManager.getInstance().expand((String) ConfigServiceHelper.getAttributeValue((AttributeList) it.next(), "location"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "keyFilePathExpanded: " + expand2);
                }
                if (expand.equalsIgnoreCase(expand2)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw e;
        }
    }
}
