package com.ibm.ws.ssl.ca;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.PkEeCertReq10Factory;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.PkEeReqTransaction;
import com.ibm.security.certclient.PkEeRevokeFactory;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.validation.CompositeValidator;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.wsspi.ssl.WSPKIClient;
import com.ibm.wsspi.ssl.WSPKIException;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.security.auth.x500.X500Principal;
import org.eclipse.jst.j2ee.internal.web.operations.CreateServletTemplateModel;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/ca/CMPClientImpl.class */
public final class CMPClientImpl implements WSPKIClient {
    private static TraceComponent tc = Tr.register(CMPClientImpl.class, "SSL", "com.ibm.ws.ssl.ca");
    private static final String USER_INSTALL_ROOT = System.getProperty(CompositeValidator.USER_INSTALL_ROOT_PROPERTY);
    private String BYTE_ENCODING = "UTF8";
    private String host = null;
    private int port = 0;
    private String userName = null;
    private byte[] password = null;

    @Override // com.ibm.wsspi.ssl.WSPKIClient
    public void init(HashMap hashMap) throws WSPKIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, CreateServletTemplateModel.INIT, new Object[]{hashMap, this});
        }
        Object obj = hashMap.get("CAHostname");
        if (obj == null || !(obj instanceof String)) {
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.attribute", new Object[]{"CAHostname", "java.lang.String"}, "Attribute \"CAHostname\" is missing or of an incorrect type.  Correct type is \"java.lang.String\"");
            Tr.error(tc, formattedMessage);
            throw new WSPKIException(formattedMessage);
        }
        this.host = (String) obj;
        Object obj2 = hashMap.get("CAPort");
        if (obj2 == null || !(obj2 instanceof Integer)) {
            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.attribute", new Object[]{"CAPort", "java.lang.Integer"}, "Attribute \"CAPort\" is missing or of an incorrect type.  Correct type is \"java.lang.Integer\"");
            Tr.error(tc, formattedMessage2);
            throw new WSPKIException(formattedMessage2);
        }
        this.port = ((Integer) obj2).intValue();
        Object obj3 = hashMap.get("AuthenticationID");
        if (obj3 == null || !(obj3 instanceof String)) {
            String formattedMessage3 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.attribute", new Object[]{"AuthenticationID", "java.lang.String"}, "Attribute \"AuthenticationID\" is missing or of an incorrect type.  Correct type is \"java.lang.String\"");
            Tr.error(tc, formattedMessage3);
            throw new WSPKIException(formattedMessage3);
        }
        this.userName = (String) obj3;
        Object obj4 = hashMap.get("AuthenticationPWD");
        if (obj4 == null || !(obj4 instanceof byte[])) {
            String formattedMessage4 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.attribute", new Object[]{"AuthenticationPWD", "java.lang.String"}, "Attribute \"AuthenticationPWD\" is missing or of an incorrect type.  Correct type is \"java.lang.String\"");
            Tr.error(tc, formattedMessage4);
            throw new WSPKIException(formattedMessage4);
        }
        this.password = (byte[]) obj4;
        PkEeFactory.setCaDn(this.host);
        PkEeFactory.setCaPort(this.port);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, CreateServletTemplateModel.INIT);
        }
    }

    @Override // com.ibm.wsspi.ssl.WSPKIClient
    public X509Certificate[] requestCertificate(byte[] bArr, X500Principal x500Principal, byte[] bArr2, HashMap hashMap) throws WSPKIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createCertificate", new Object[]{bArr, x500Principal, bArr2, hashMap, this});
        }
        String str = null;
        String str2 = null;
        if (x500Principal != null) {
            PkEeFactory.setCA_DN(x500Principal.getName());
        }
        if (bArr == null) {
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.certificate.request", null, "The certificate request is null");
            Tr.error(tc, formattedMessage);
            throw new WSPKIException(formattedMessage);
        }
        if (bArr2 == null) {
            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.revocation.password", null, "The revocation password for this certificate request is null");
            Tr.error(tc, formattedMessage2);
            throw new WSPKIException(formattedMessage2);
        }
        OutputStreamWriter outputStreamWriter = null;
        try {
            try {
                File createTemporaryFile = createTemporaryFile("iaFile", null);
                if (createTemporaryFile != null) {
                    str = createTemporaryFile.getAbsolutePath();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating temporary initial authentication file \"" + str + "\".");
                }
                outputStreamWriter = new OutputStreamWriter(new FileOutputStream(createTemporaryFile));
                outputStreamWriter.write(this.userName);
                outputStreamWriter.write(10);
                outputStreamWriter.write(new String(this.password, this.BYTE_ENCODING));
                try {
                    outputStreamWriter.close();
                } catch (IOException e) {
                    Tr.error(tc, "ssl.ca.cmp.impl.general.error", new Object[]{e});
                }
                try {
                    File createTemporaryFile2 = createTemporaryFile("certReq", null);
                    if (createTemporaryFile2 != null) {
                        str2 = createTemporaryFile2.getAbsolutePath();
                    }
                    new CertificationRequest(bArr).writeBASE64(str2);
                    try {
                        try {
                            PkEeReqTransaction newCertRequestPKCS10 = PkEeCertReq10Factory.newCertRequestPKCS10(str2, str, new String(bArr2));
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Certificate request generated.");
                            }
                            newCertRequestPKCS10.actionRequest();
                            X509Certificate[] certificateChain = newCertRequestPKCS10.getCertificateChain();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Deleting temporary iaFile: " + createTemporaryFile.getName());
                            }
                            if (createTemporaryFile != null) {
                                createTemporaryFile.delete();
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Deleting temporary certificate request file: " + createTemporaryFile2.getName());
                            }
                            if (createTemporaryFile2 != null) {
                                createTemporaryFile2.delete();
                            }
                            PkEeFactory.setCA_DN("");
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "createCert", certificateChain);
                            }
                            return certificateChain;
                        } catch (PkException e2) {
                            FFDCFilter.processException(e2, "com.ibm.ws.ssl.ca.CMPClientImpl.createCertificate", "265", this);
                            Tr.error(tc, "ssl.ca.cmp.impl.create.error", new Object[]{e2});
                            throw new WSPKIException(e2.getMessage() == null ? e2.getWrappedException().getMessage() : e2.getMessage(), e2);
                        }
                    } catch (Throwable th) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Deleting temporary iaFile: " + createTemporaryFile.getName());
                        }
                        if (createTemporaryFile != null) {
                            createTemporaryFile.delete();
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Deleting temporary certificate request file: " + createTemporaryFile2.getName());
                        }
                        if (createTemporaryFile2 != null) {
                            createTemporaryFile2.delete();
                        }
                        PkEeFactory.setCA_DN("");
                        throw th;
                    }
                } catch (IOException e3) {
                    String formattedMessage3 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.tempfile.error", new Object[]{str2}, "Unable to create temporary file \"" + str2 + "\"");
                    FFDCFilter.processException(e3, "com.ibm.ws.ssl.ca.CMPClientImpl.createCertificate", "243", this);
                    Tr.error(tc, "ssl.ca.cmp.impl.tempfile.error", new Object[]{str2});
                    throw new WSPKIException(formattedMessage3, e3);
                }
            } catch (Throwable th2) {
                try {
                    outputStreamWriter.close();
                } catch (IOException e4) {
                    Tr.error(tc, "ssl.ca.cmp.impl.general.error", new Object[]{e4});
                }
                throw th2;
            }
        } catch (IOException e5) {
            String formattedMessage4 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.tempfile.error", new Object[]{str}, "Unable to create temporary file \"" + str + "\"");
            Tr.error(tc, formattedMessage4);
            throw new WSPKIException(formattedMessage4, e5);
        }
    }

    @Override // com.ibm.wsspi.ssl.WSPKIClient
    public X509Certificate[] queryCertificate(byte[] bArr, HashMap hashMap) throws WSPKIException {
        Tr.error(tc, "ssl.ca.cmp.impl.action.not.supported", "query");
        throw new WSPKIException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.action.not.supported", new Object[]{"query"}, "Action \"query\" not supported by this implementation"));
    }

    @Override // com.ibm.wsspi.ssl.WSPKIClient
    public void revokeCertificate(X509Certificate[] x509CertificateArr, byte[] bArr, String str, HashMap hashMap) throws WSPKIException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "revokeCertificate", new Object[]{x509CertificateArr, bArr, str, hashMap, this});
        }
        File file = null;
        if (x509CertificateArr == null || x509CertificateArr[0] == null) {
            throw new WSPKIException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.certificate.chain", null, "The certificate chain is null."));
        }
        if (bArr == null) {
            throw new WSPKIException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.cmp.impl.invalid.revocation.password", null, "The revocation password for this certificate request is null"));
        }
        if (str == null) {
            str = "unspecified";
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating temporary keystore file and storing certificate to be revoked.");
                }
                File createTemporaryFile = createTemporaryFile("certKS", null);
                String absolutePath = createTemporaryFile.getAbsolutePath();
                createTemporaryFile.delete();
                KeyStore keyStore = KeyStoreManager.getInstance().getKeyStore("revocationKeyStore", Constants.KEYSTORE_TYPE_PKCS12, Constants.KEYSTORE_TYPE_JCEKS, absolutePath, Constants.DEFAULT_KEYSTORE_PASSWORD, null, true, null);
                PkEeFactory.setKeystoreFilename(createTemporaryFile.getCanonicalPath());
                PkEeFactory.setKeystorePwd(new String(Constants.DEFAULT_KEYSTORE_PASSWORD).toCharArray());
                PkEeFactory.setKeyStoreType(Constants.KEYSTORE_TYPE_PKCS12);
                if (keyStore == null) {
                    throw new KeyStoreException("Unable to revoke certificate, keyStore is null.");
                }
                keyStore.load(null, Constants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                keyStore.setCertificateEntry("toBeRevoked", x509CertificateArr[0]);
                FileOutputStream fileOutputStream = new FileOutputStream(absolutePath);
                keyStore.store(fileOutputStream, Constants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Successfully stored certificate to be revoked in temporary keystore: " + absolutePath);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Revoking Certificate\n Owner: " + x509Certificate.getSubjectDN().getName() + ", Issuer: " + x509Certificate.getIssuerDN() + ", Serial Number: " + x509Certificate.getSerialNumber());
                }
                PkEeRevokeFactory.newRevoke("toBeRevoked", Constants.DEFAULT_KEYSTORE_PASSWORD, str, new String(bArr, this.BYTE_ENCODING)).actionRequest();
                if (createTemporaryFile.exists()) {
                    createTemporaryFile.delete();
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "revokeCertificate");
                }
            } catch (PkException e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.ca.CMPClientImpl.revokeCertificate", "419", this);
                Tr.error(tc, "ssl.ca.cmp.impl.revoke.error", new Object[]{e});
                throw new WSPKIException(e.getMessage() == null ? e.getWrappedException().getMessage() : e.getMessage(), e);
            } catch (Exception e2) {
                throw new WSPKIException(e2);
            }
        } catch (Throwable th) {
            if (file.exists()) {
                file.delete();
            }
            throw th;
        }
    }

    private File createTemporaryFile(String str, String str2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTemporaryFile");
        }
        File file = new File(USER_INSTALL_ROOT + File.separator + "temp");
        File createTempFile = File.createTempFile(str, str2, file.exists() ? file : null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTemporaryFile");
        }
        return createTempFile;
    }
}
