package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.util.PkNewCertFactory;
import com.ibm.security.certclient.util.PkNewCertificate;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.commands.ProfileCreation.PrepareKeysUtility;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import javax.management.timer.Timer;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/config/WSKeyStoreHelper.class */
public class WSKeyStoreHelper extends WSKeyStoreRemotable {
    private static final TraceComponent tc = Tr.register(WSKeyStoreHelper.class, "SSL", "com.ibm.ws.ssl.resources.ssl");

    public WSKeyStoreHelper(KeyStore keyStore) {
        super(keyStore);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    public WSKeyStoreHelper(WSKeyStore wSKeyStore) {
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        if (propertyNames != null) {
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                if (str != null) {
                    setProperty(str, wSKeyStore.getProperty(str));
                }
            }
        }
    }

    public WSKeyStoreHelper(KeyStoreInfo keyStoreInfo) {
        super(keyStoreInfo);
    }

    public WSKeyStoreHelper() {
    }

    public String createChainedCertificate(CertReqInfo certReqInfo, Certificate[] certificateArr, PrivateKey privateKey, boolean z, boolean z2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createChainedCertificate");
        }
        String subjectDN = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        String profileUUID = certReqInfo.getProfileUUID();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String password = ksInfo.getPassword();
        X509Certificate[] x509CertificateArr = null;
        String type = ksInfo.getType();
        String provider = ksInfo.getProvider();
        String str = null;
        if (certificateArr != null) {
            x509CertificateArr = new X509Certificate[certificateArr.length];
            for (int i = 0; i < certificateArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            }
        }
        if (type != null && (type.equals(Constants.KEYSTORE_TYPE_CMS) || type.equals(Constants.KEYSTORE_TYPE_CMS_OS400))) {
            provider = JSSEProviderFactory.isFipsEnabled() ? Constants.IBMJCEFIPS_NAME : "IBMJCE";
        }
        ArrayList arrayList = new ArrayList();
        if (profileUUID != null) {
            arrayList.add("ProfileUUID:" + profileUUID);
        } else {
            String profileUUID2 = PrepareKeysUtility.getProfileUUID(SecurityObjectLocator.getAdminData().getUserInstallRootPath(), null);
            if (profileUUID2 != null) {
                arrayList.add("ProfileUUID:" + profileUUID2);
            } else {
                arrayList.add("ProfileUUID:" + subjectDN);
            }
        }
        Date date = new Date();
        date.setTime(date.getTime() - Timer.ONE_DAY);
        PkNewCertificate newCert = !JSSEProviderFactory.isFipsEnabled() ? PkNewCertFactory.newCert(size, subjectDN, validDays, date, true, arrayList, null, null, provider, null, x509CertificateArr, privateKey, z) : PkNewCertFactory.newCert(size, subjectDN, validDays, date, true, arrayList, null, null, Constants.IBMJCEFIPS_NAME, null, x509CertificateArr, privateKey, z);
        if (newCert != null) {
            str = (String) invokeKeyStoreCommand(z2 ? "setKeyEntryOverwrite" : "setKeyEntry", new Object[]{label, newCert.getKey(), password.toCharArray(), newCert.getCertificateChain()})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createChainedCertificate", new Object[]{str});
        }
        return str;
    }

    public String createSelfSignedCertificate(CertReqInfo certReqInfo, boolean z, boolean z2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSelfSignedCertificate");
        }
        String subjectDN = certReqInfo.getSubjectDN();
        Object label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        String profileUUID = certReqInfo.getProfileUUID();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String password = ksInfo.getPassword();
        String type = ksInfo.getType();
        String provider = ksInfo.getProvider();
        String str = null;
        if (type != null && (type.equals(Constants.KEYSTORE_TYPE_CMS) || type.equals(Constants.KEYSTORE_TYPE_CMS_OS400))) {
            provider = JSSEProviderFactory.isFipsEnabled() ? Constants.IBMJCEFIPS_NAME : "IBMJCE";
        }
        ArrayList arrayList = new ArrayList();
        if (profileUUID != null) {
            arrayList.add("ProfileUUID:" + profileUUID);
        } else {
            String profileUUID2 = PrepareKeysUtility.getProfileUUID(SecurityObjectLocator.getAdminData().getUserInstallRootPath(), null);
            if (profileUUID2 != null) {
                arrayList.add("ProfileUUID:" + profileUUID2);
            } else {
                arrayList.add("ProfileUUID:" + subjectDN);
            }
        }
        Date date = new Date();
        date.setTime(date.getTime() - Timer.ONE_DAY);
        PkSsCertificate newSsCert = !JSSEProviderFactory.isFipsEnabled() ? PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, arrayList, null, null, provider, null, z) : PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, arrayList, null, null, Constants.IBMJCEFIPS_NAME, null, z);
        if (newSsCert != null) {
            str = (String) invokeKeyStoreCommand(z2 ? "setKeyEntryOverwrite" : "setKeyEntry", new Object[]{label, newSsCert.getKey(), password.toCharArray(), new X509Certificate[]{newSsCert.getCertificate()}})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSelfSignedCertificate", new Object[]{str});
        }
        return str;
    }

    public boolean containsAlias(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "containsAlias");
        }
        Boolean bool = (Boolean) invokeKeyStoreCommand("containsAlias", new Object[]{str})[0];
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "containsAlias", new Object[]{bool});
        }
        return bool.booleanValue();
    }

    public Certificate getSignerFromKey(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignerFromKey");
        }
        Certificate certificate = null;
        if (str != null) {
            Object[] invokeKeyStoreCommand = invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (((Boolean) invokeKeyStoreCommand[0]).booleanValue() && ((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                certificate = (Certificate) invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignerFromKey");
        }
        return certificate;
    }

    public Certificate[] getCertChainFromKey(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertChainFromKey");
        }
        Certificate[] certificateArr = null;
        if (str != null) {
            Object[] invokeKeyStoreCommand = invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (((Boolean) invokeKeyStoreCommand[0]).booleanValue() && ((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                certificateArr = (Certificate[]) invokeKeyStoreCommand("getCertificateChain", new Object[]{str})[0];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertChainFromKey");
        }
        return certificateArr;
    }

    public Key getKey(String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey");
        }
        Key key = null;
        if (str != null) {
            Object[] invokeKeyStoreCommand = invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (((Boolean) invokeKeyStoreCommand[0]).booleanValue() && ((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                key = (Key) invokeKeyStoreCommand("getKey", new Object[]{str, str2.toCharArray()})[0];
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKey");
        }
        return key;
    }

    public X509Certificate getSigner(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSigner");
        }
        X509Certificate x509Certificate = null;
        if (str != null && ((Boolean) invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
            x509Certificate = (X509Certificate) invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSigner");
        }
        return x509Certificate;
    }

    public void deleteCertificate(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteCertificate");
        }
        if (str != null && ((Boolean) invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
            invokeKeyStoreCommand("deleteEntry", new Object[]{str});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteCertificate");
        }
    }

    public boolean isCertSignedWithThisRoot(X509Certificate x509Certificate, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCertSignedWithThisRoot");
        }
        boolean z = false;
        if (str != null) {
            Object[] invokeKeyStoreCommand = invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (((Boolean) invokeKeyStoreCommand[0]).booleanValue() && ((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                Object[] invokeKeyStoreCommand3 = invokeKeyStoreCommand("getCertificateChain", new Object[]{str});
                if (invokeKeyStoreCommand3[0] != null) {
                    X509Certificate x509Certificate2 = null;
                    Certificate[] certificateArr = (Certificate[]) invokeKeyStoreCommand3[0];
                    if (certificateArr.length > 1) {
                        x509Certificate2 = (X509Certificate) certificateArr[1];
                    }
                    if (x509Certificate2 != null && KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate2).equals(KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate))) {
                        z = true;
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isCertSignedWithThisRoot");
        }
        return z;
    }

    public String[] getCertAliases() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertAliases");
        }
        Object[] invokeKeyStoreCommand = invokeKeyStoreCommand("aliases", null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertAliases");
        }
        return (String[]) invokeKeyStoreCommand;
    }

    public String setPersonalCert(String str, String str2, Certificate[] certificateArr, PrivateKey privateKey) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPersonalCert");
        }
        String str3 = null;
        if (certificateArr[0] != null && privateKey != null) {
            str3 = (String) invokeKeyStoreCommand("setKeyEntry", new Object[]{str, privateKey, str2.toCharArray(), certificateArr})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPersonalCert");
        }
        return str3;
    }

    public String setPersonalCertOverwrite(String str, String str2, Certificate[] certificateArr, PrivateKey privateKey) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setPersonalCertOverwrite");
        }
        String str3 = null;
        if (certificateArr[0] != null && privateKey != null) {
            str3 = (String) invokeKeyStoreCommand("setKeyEntryOverwrite", new Object[]{str, privateKey, str2.toCharArray(), certificateArr})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setPersonalCertOverwrite");
        }
        return str3;
    }

    public String setSignerCert(String str, Certificate certificate) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSignerCert");
        }
        String str2 = null;
        if (certificate != null) {
            str2 = (String) invokeKeyStoreCommand("setCertificateEntry", new Object[]{str, certificate})[0];
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSignerCert");
        }
        return str2;
    }

    public boolean isCertKeyEntry(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCertKeyEntry");
        }
        Boolean bool = Boolean.FALSE;
        Boolean bool2 = (Boolean) invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0];
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isCertKeyEntry");
        }
        return bool2.booleanValue();
    }

    public boolean isCertEntry(String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isCertEntry");
        }
        Boolean bool = Boolean.FALSE;
        Boolean bool2 = (Boolean) invokeKeyStoreCommand("isCertificateEntry", new Object[]{str})[0];
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isCertEntry");
        }
        return bool2.booleanValue();
    }

    @Override // com.ibm.ws.ssl.config.WSKeyStoreRemotable, com.ibm.ws.ssl.config.WSKeyStore, com.ibm.ws.ssl.config.WSKeyStoreRemotableInterface
    public Object[] invokeKeyStoreCommand(String str, Object[] objArr) throws KeyException {
        return invokeKeyStoreCommand(str, objArr, Boolean.FALSE);
    }
}
