package com.ibm.ws.security.admintask.audit.certificates;

import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.util.PkNewCertFactory;
import com.ibm.security.certclient.util.PkNewCertificate;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.ras.RasMessage;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.workspace.WorkSpace;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.keyStores.KeyStoreHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeData;
import com.ibm.ws.ssl.config.ManagementScopeManager;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.config.WSKeyStoreHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;
import javax.management.QueryExp;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/admintask/audit/certificates/PersonalCertificateHelper.class */
public class PersonalCertificateHelper {
    private static TraceComponent tc = Tr.register((Class<?>) PersonalCertificateHelper.class, "SSL", "com.ibm.ws.ssl.commands.personalCertificates");
    private static ArrayList replacedCerts = new ArrayList();

    public static KeyStoreInfo getKsInfo(Session session, ConfigService configService, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKsInfo: Audit: keystoreName: " + str + " scope: " + str2);
        }
        try {
            ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
            CommandHelper commandHelper = new CommandHelper();
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, str);
            ObjectName objectName2 = commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, str2);
            Tr.debug(tc, "test1");
            if (objectName2 == null) {
                throw new CommandValidationException(str + " object not found.");
            }
            Tr.debug(tc, "test2");
            AttributeList attributes = configService.getAttributes(session, objectName2, (String[]) null, false);
            Tr.debug(tc, "test3");
            KeyStoreInfo makeKsInfo = KeyStoreHelper.makeKsInfo(attributes, session);
            Tr.debug(tc, "test4");
            String[] unsavedChanges = configService.getUnsavedChanges(session);
            Tr.debug(tc, "test5");
            String genWorkspaceLocation = genWorkspaceLocation(session, makeKsInfo, unsavedChanges);
            Tr.debug(tc, "test6");
            if (genWorkspaceLocation != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Working from the key store file located in " + genWorkspaceLocation);
                }
                makeKsInfo.setLocation(genWorkspaceLocation);
            } else {
                String location = makeKsInfo.getLocation();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "location: " + location);
                }
                String replace = location.replace('\\', '/');
                WorkSpace workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace(session.toString());
                int indexOf = replace.indexOf("cells/" + new ManagementScopeData(makeKsInfo.getScopeNameString()).getCellName());
                if (indexOf != -1) {
                    String substring = replace.substring(indexOf);
                    int lastIndexOf = substring.lastIndexOf("/");
                    String substring2 = substring.substring(lastIndexOf + 1);
                    String substring3 = substring.substring(0, lastIndexOf);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "context: " + substring3 + " fileName: " + substring2);
                    }
                    workSpace.findContext(substring3).extract(substring2, true);
                    String fixLocation = fixLocation(workSpace.getPath(), KeyStoreManager.getInstance().expand(replace));
                    if (fixLocation != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Working from the key store file located in " + fixLocation);
                        }
                        makeKsInfo.setLocation(fixLocation);
                    }
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Working from the key store file located in " + replace);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getKsInfo");
            }
            return makeKsInfo;
        } catch (ConfigServiceException e) {
            throw new CommandValidationException(e.getMessage());
        } catch (Exception e2) {
            throw new CommandValidationException(e2.getMessage());
        }
    }

    public static boolean verifyKeyPassword(KeyStoreInfo keyStoreInfo, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verifyKeyPassword: Audit");
        }
        int checkKeyFile = KeyStoreHelper.checkKeyFile(keyStoreInfo.getType(), KeyStoreManager.getInstance().expand(keyStoreInfo.getLocation()), str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "verifyKeyPassword");
        }
        return checkKeyFile == 0;
    }

    public static AttributeList getCertAttrlist(String str, X509Certificate x509Certificate, Locale locale) throws Exception {
        AttributeList attributeList = new AttributeList();
        attributeList.clear();
        if (str != null) {
            ConfigServiceHelper.setAttributeValue(attributeList, "alias", str);
        }
        try {
            ConfigServiceHelper.setAttributeValue(attributeList, "version", String.valueOf(x509Certificate.getVersion()));
            PublicKey publicKey = x509Certificate.getPublicKey();
            PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
            int bitLength = generatePublic instanceof RSAPublicKey ? ((RSAPublicKey) generatePublic).getModulus().bitLength() : ((DSAPublicKey) generatePublic).getY().bitLength();
            if (bitLength % 2 != 0) {
                bitLength++;
            }
            ConfigServiceHelper.setAttributeValue(attributeList, "size", String.valueOf(bitLength));
            ConfigServiceHelper.setAttributeValue(attributeList, "serialNumber", x509Certificate.getSerialNumber());
            Principal subjectDN = x509Certificate.getSubjectDN();
            if (subjectDN != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "issuedTo", subjectDN.toString());
            }
            Principal issuerDN = x509Certificate.getIssuerDN();
            if (issuerDN != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "issuedBy", issuerDN.toString());
            }
            String generateDigest = KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate);
            if (generateDigest != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "fingerPrint", generateDigest);
            }
            String sigAlgName = x509Certificate.getSigAlgName();
            String sigAlgOID = x509Certificate.getSigAlgOID();
            if (sigAlgName != null && sigAlgOID != null) {
                ConfigServiceHelper.setAttributeValue(attributeList, "signatureAlgorithm", new String(sigAlgName + "(" + sigAlgOID + ")"));
            }
            Date notBefore = x509Certificate.getNotBefore();
            Date notAfter = x509Certificate.getNotAfter();
            if (notBefore != null && notAfter != null) {
                DateFormat dateInstance = DateFormat.getDateInstance(2, locale);
                String format = dateInstance.format(notBefore);
                String format2 = dateInstance.format(notAfter);
                ConfigServiceHelper.setAttributeValue(attributeList, "validity", TraceNLSHelper.getInstance().getFormattedMessage("certificateValidity", new Object[]{format, format2}, "Valid from " + format + " to " + format2 + ".", locale));
            }
            return attributeList;
        } catch (Exception e) {
            throw new CommandValidationException(e.getMessage());
        }
    }

    public static boolean signedByWebSphere(X509Certificate x509Certificate, KeyStoreInfo keyStoreInfo) throws Exception {
        X509Certificate x509Certificate2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "signedByWebSphere: Audit");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        try {
            for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                String str = (String) obj;
                if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue() && (x509Certificate2 = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0]) != null && KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate2).equals(KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate))) {
                    if (!tc.isEntryEnabled()) {
                        return true;
                    }
                    Tr.exit(tc, "signedByWebSphere", new Object[]{true});
                    return true;
                }
            }
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "signedByWebSphere", new Object[]{false});
            return false;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred while reading the root key store.", new Object[]{e});
            }
            throw e;
        }
    }

    public static String findRootCertificateAlias(X509Certificate x509Certificate, KeyStoreInfo keyStoreInfo) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "findRootCertificateAlias: Audit");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        try {
            for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
                String str = (String) obj;
                X509Certificate x509Certificate2 = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
                if (x509Certificate2 != null && KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate2).equals(KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate))) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "findRootCertificateAlias", new Object[]{str});
                    }
                    return str;
                }
            }
            throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.root.cert.not.exist.CWPKI0705E", new Object[]{x509Certificate.getSerialNumber().toString(), keyStoreInfo.getName()}, "The root certificate used to sign the certificate with serial number " + x509Certificate.getSerialNumber().toString() + " could not be found in key store " + keyStoreInfo.getName() + "."));
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception occurred while searching the root key store.", new Object[]{e});
            }
            throw e;
        }
    }

    public static String deleteOldCerts(Session session, KeyStoreInfo keyStoreInfo, int i, Locale locale) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "deleteCerts: Audit", new Object[]{session, keyStoreInfo, new Integer(i)});
        }
        StringBuffer stringBuffer = new StringBuffer();
        ConfigService configService = ConfigServiceFactory.getConfigService();
        ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
        String name = keyStoreInfo.getName();
        String scopeNameString = keyStoreInfo.getScopeNameString();
        for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, CommandConstants.KEY_STORES)) {
            String str = (String) ConfigServiceHelper.getAttributeValue(attributeList, "name");
            Boolean bool = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "readOnly");
            Boolean bool2 = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "fileBased");
            String str2 = (String) configService.getAttribute(session, (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList, "managementScope"), CommandConstants.SCOPE_NAME);
            if (!str.equals(scopeNameString) || !str2.equals(scopeNameString)) {
                if (str.equals(name)) {
                    KeyStoreInfo ksInfo = getKsInfo(session, configService, str, str2);
                    WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(ksInfo);
                    String property = System.getProperty("line.separator");
                    try {
                        Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null);
                        if (invokeKeyStoreCommand != null) {
                            for (Object obj : invokeKeyStoreCommand) {
                                String str3 = (String) obj;
                                X509Certificate x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str3})[0];
                                if (x509Certificate != null) {
                                    try {
                                        x509Certificate.checkValidity();
                                    } catch (CertificateExpiredException e) {
                                        Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str3});
                                        if (!bool.booleanValue() && bool2.booleanValue()) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "Keystore is file base, delete the cert!");
                                            }
                                            if (((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                                                wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str3});
                                                String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.delete.CWPKI0647I=", new Object[]{str3, str}, "Personal certificate alias \"" + str3 + "\" was DELETED from KeyStore \"" + str + "\"", locale);
                                                stringBuffer.append(property);
                                                stringBuffer.append(formattedMessage);
                                            } else {
                                                wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str3});
                                                String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.delete.CWPKI0646I", new Object[]{str3, str}, "Signer certificate alias \"" + str3 + "\" was DELETED from KeyStore \"" + str + "\"", locale);
                                                stringBuffer.append(property);
                                                stringBuffer.append(formattedMessage2);
                                            }
                                            setWorkspaceUpdated(session, ksInfo.getLocation());
                                        }
                                    } catch (CertificateNotYetValidException e2) {
                                    }
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Alias list is null for key store " + ksInfo.getName() + " could be that the mbean is not active.");
                        }
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        throw new Exception(e3.getMessage());
                    }
                } else {
                    continue;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "deleteCerts");
        }
        return stringBuffer.toString();
    }

    public static String replaceCerts(Session session, KeyStoreInfo keyStoreInfo, String str, X509Certificate x509Certificate, String str2, X509Certificate x509Certificate2, Certificate[] certificateArr, Key key, boolean z, Locale locale) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "replaceCerts: Audit");
        }
        ArrayList arrayList = new ArrayList();
        String name = keyStoreInfo.getName();
        String scopeNameString = keyStoreInfo.getScopeNameString();
        String property = System.getProperty("line.separator");
        StringBuffer stringBuffer = new StringBuffer();
        ConfigService configService = ConfigServiceFactory.getConfigService();
        ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        String generateDigest = KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate);
        for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, CommandConstants.KEY_STORES)) {
            String str3 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "name");
            Boolean bool = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "readOnly");
            Boolean bool2 = (Boolean) ConfigServiceHelper.getAttributeValue(attributeList, "fileBased");
            ObjectName objectName2 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList, "managementScope");
            String str4 = (String) ConfigServiceHelper.getAttributeValue(attributeList, "password");
            String str5 = (String) configService.getAttribute(session, objectName2, CommandConstants.SCOPE_NAME);
            if (!str3.equals(name) || !str5.equals(scopeNameString)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Reading keystore: " + str3);
                }
                ObjectName[] queryConfigObjects = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName(attributeList), (QueryExp) null);
                KeyStoreInfo ksInfo = getKsInfo(session, configService, str3, str5);
                WSKeyStoreHelper wSKeyStoreHelper = new WSKeyStoreHelper(ksInfo);
                try {
                    if (!bool.booleanValue() && bool2.booleanValue()) {
                        for (String str6 : wSKeyStoreHelper.getCertAliases()) {
                            boolean isCertEntry = wSKeyStoreHelper.isCertEntry(str6);
                            boolean isCertKeyEntry = wSKeyStoreHelper.isCertKeyEntry(str6);
                            X509Certificate signer = wSKeyStoreHelper.getSigner(str6);
                            if (str2 == null) {
                                str2 = str6;
                            }
                            if (signer != null && x509Certificate.getSerialNumber().compareTo(serialNumber) == 0 && KeyStoreManager.getInstance().generateDigest("SHA-1", signer).equals(generateDigest)) {
                                if (isCertEntry) {
                                    if (z) {
                                        wSKeyStoreHelper.deleteCertificate(str6);
                                    }
                                    String signerCert = wSKeyStoreHelper.setSignerCert(str6, x509Certificate2);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Signer certificate " + signerCert + " is added to " + str3);
                                    }
                                    String formattedMessage = !z ? TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.added.CWPKI0711I", new Object[]{signerCert, str3}, "Signer certificate alias \"" + signerCert + "\" was ADDED to KeyStore \"" + str3 + "\"", locale) : TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.signer.replace.CWPKI0644I", new Object[]{signerCert, str3}, "Signer certificate alias \"" + signerCert + "\" in KeyStore \"" + str3 + "\" was REPLACED.", locale);
                                    stringBuffer.append(property);
                                    stringBuffer.append(formattedMessage);
                                    arrayList.add(queryConfigObjects[0]);
                                    setWorkspaceUpdated(session, ksInfo.getLocation());
                                }
                                if (isCertKeyEntry && key != null && certificateArr[0] != null) {
                                    String str7 = ksInfo.getName() + "|" + ksInfo.getScopeNameString() + "|" + str6;
                                    if (!isCertAlreadyReplaced(str7) && CertificateRequestHelper.isKeyCertReq(signer, str6) == null) {
                                        String personalCertOverwrite = z ? wSKeyStoreHelper.setPersonalCertOverwrite(str6, str4, certificateArr, (PrivateKey) key) : wSKeyStoreHelper.setPersonalCert(str6, str4, certificateArr, (PrivateKey) key);
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Personal certificate " + personalCertOverwrite + " is added to " + str3);
                                        }
                                        if (z) {
                                            TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.replace.CWPKI0645I", new Object[]{personalCertOverwrite, str3}, "Personal certificate alias \"" + personalCertOverwrite + "\" in KeyStore \"" + str3 + "\" was REPLACED.", locale);
                                        } else {
                                            TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.monitor.personal.added.CWPKI0712I", new Object[]{personalCertOverwrite, str3}, "Personal certificate alias \"" + personalCertOverwrite + "\" was ADDED to KeyStore \"" + str3 + "\"", locale);
                                        }
                                        if (!replacedCerts.contains(str7)) {
                                            replacedCerts.add(str7);
                                        }
                                        if (!str6.equals(personalCertOverwrite)) {
                                            String str8 = ksInfo.getName() + "|" + ksInfo.getScopeNameString() + "|" + personalCertOverwrite;
                                            if (!replacedCerts.contains(str8)) {
                                                replacedCerts.add(str8);
                                            }
                                            changeAliasReferences(session, ksInfo, str6, personalCertOverwrite);
                                        }
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Personal certificate " + personalCertOverwrite + " is added to " + str3);
                                        }
                                        arrayList.add(queryConfigObjects[0]);
                                        setWorkspaceUpdated(session, ksInfo.getLocation());
                                    }
                                }
                            }
                        }
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception occurred replacing signers.", new Object[]{e});
                    }
                    throw e;
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Skipping keystore: " + str3);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "replaceCerts");
        }
        return stringBuffer.toString();
    }

    public static boolean isAliasInKeyStore(String str, KeyStore keyStore) throws KeyException {
        boolean z = false;
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStore);
        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue() && CertificateRequestHelper.isKeyCertReq((X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0], str) == null) {
            z = true;
        }
        return z;
    }

    private static String genWorkspaceLocation(Session session, KeyStoreInfo keyStoreInfo, String[] strArr) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "genWorkspaceLocation: Audit");
        }
        String str = null;
        String location = keyStoreInfo.getLocation();
        String path = WorkSpaceManagerFactory.getManager().getWorkSpace(session.toString()).getPath();
        String replace = location.replace('\\', '/');
        int indexOf = replace.indexOf("cells/" + ManagementScopeManager.getInstance().getCellName());
        if (indexOf != -1) {
            String substring = replace.substring(indexOf);
            for (String str2 : strArr) {
                if (str2.replace("//", "/").endsWith(substring)) {
                    str = path + substring;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "genWorkspaceLocation -->" + str);
        }
        return str;
    }

    public static void setWorkspaceUpdated(Session session, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setWorkspaceUpdated: Audit");
        }
        try {
            String expand = KeyStoreManager.getInstance().expand(str.replace(SecConstants.STRING_ESCAPE_CHARACTER, "/"));
            WorkSpace workSpace = WorkSpaceManagerFactory.getManager().getWorkSpace(session.toString());
            int indexOf = expand.indexOf("cells/" + ManagementScopeManager.getInstance().getCellName());
            if (indexOf != -1) {
                String substring = expand.substring(indexOf);
                int lastIndexOf = substring.lastIndexOf("/");
                workSpace.findContext(substring.substring(0, lastIndexOf)).notifyChanged(1, substring.substring(lastIndexOf + 1));
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception updating workspace " + e.getMessage());
            }
        }
    }

    private static String fixLocation(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixLocation", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/cells/");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = str + replace.substring(indexOf);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixLocation -> " + str3);
        }
        return str3;
    }

    public static void changeAliasReferences(Session session, KeyStoreInfo keyStoreInfo, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "changeAliasReferences: Audit");
        }
        ArrayList<ObjectName> arrayList = new ArrayList();
        AttributeList attributeList = new AttributeList();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Replacing all references to certificate alias " + str + " with " + str2 + " in key store " + keyStoreInfo.getName());
        }
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
            String name = keyStoreInfo.getName();
            String str3 = (String) configService.getAttribute(session, keyStoreInfo.getScopeName(), "scopeName");
            CommandHelper commandHelper = new CommandHelper();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, name);
            ObjectName objectName2 = commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, str3);
            AttributeList attributes = configService.getAttributes(session, objectName, new String[]{CommandConstants.REPERTOIRE}, false);
            List<ObjectName> list = (List) ((Attribute) attributes.get(0)).getValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Looking at the repertoires.");
            }
            for (ObjectName objectName3 : list) {
                AttributeList attributeList2 = (AttributeList) configService.getAttribute(session, objectName3, "setting");
                ObjectName objectName4 = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName(attributeList2), (QueryExp) null)[0];
                ObjectName objectName5 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList2, "keyStore");
                if (objectName5 != null) {
                    AttributeList attributeList3 = new AttributeList();
                    if (objectName5.equals(objectName2)) {
                        String str4 = (String) ConfigServiceHelper.getAttributeValue(attributeList2, "serverKeyAlias");
                        if (str4 != null && str4.equals(str)) {
                            ConfigServiceHelper.setAttributeValue(attributeList3, "serverKeyAlias", str2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replacing serverKeyAlias");
                            }
                        }
                        String str5 = (String) ConfigServiceHelper.getAttributeValue(attributeList2, "clientKeyAlias");
                        if (str5 != null && str5.equals(str)) {
                            ConfigServiceHelper.setAttributeValue(attributeList3, "clientKeyAlias", str2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replacing clientKeyAlias");
                            }
                        }
                    }
                    if (!attributeList3.isEmpty()) {
                        configService.setAttributes(session, objectName4, attributeList3);
                        arrayList.add(objectName3);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Modify the alias in the config and save repertoire in list.");
                        }
                    }
                    attributeList3.clear();
                }
            }
            attributes.clear();
            if (!arrayList.isEmpty()) {
                AttributeList attributes2 = configService.getAttributes(session, objectName, new String[]{CommandConstants.DYNAMIC_SSL_CONFIG_SELECTIONS}, false);
                for (ObjectName objectName6 : (List) ((Attribute) attributes2.get(0)).getValue()) {
                    ObjectName objectName7 = (ObjectName) configService.getAttribute(session, objectName6, "sslConfig");
                    for (ObjectName objectName8 : arrayList) {
                        AttributeList attributeList4 = new AttributeList();
                        if (objectName8.equals(objectName7)) {
                            attributeList4.clear();
                            String str6 = (String) configService.getAttribute(session, objectName6, "certificateAlias");
                            if (str6 != null && str6.equals(str)) {
                                ConfigServiceHelper.setAttributeValue(attributeList4, "certificateAlias", str2);
                                configService.setAttributes(session, objectName6, attributeList4);
                            }
                        }
                    }
                }
                attributes2.clear();
                for (ObjectName objectName9 : (List) ((Attribute) configService.getAttributes(session, objectName, new String[]{CommandConstants.SSL_CONFIG_GROUPS}, false).get(0)).getValue()) {
                    ObjectName objectName10 = (ObjectName) configService.getAttribute(session, objectName9, "sslConfig");
                    for (ObjectName objectName11 : arrayList) {
                        AttributeList attributeList5 = new AttributeList();
                        if (objectName11.equals(objectName10)) {
                            attributeList5.clear();
                            String str7 = (String) configService.getAttribute(session, objectName9, "certificateAlias");
                            if (str7 != null && str7.equals(str)) {
                                ConfigServiceHelper.setAttributeValue(attributeList5, "certificateAlias", str2);
                                configService.setAttributes(session, objectName9, attributeList5);
                            }
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Certificate " + str + " is not used in the configuration.");
            }
            arrayList.clear();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "replaceAliasReferences");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception changing certificate references: " + e.getMessage());
            }
            throw e;
        }
    }

    public static void markSSLConfigChanged(List list, Session session, ConfigService configService, ObjectName objectName) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markSSLConfigChanged: Audit");
        }
        for (int i = 0; i < list.size(); i++) {
            ObjectName objectName2 = (ObjectName) list.get(i);
            try {
                Iterator it = ((List) ((Attribute) configService.getAttributes(session, objectName, new String[]{CommandConstants.REPERTOIRE}, false).get(0)).getValue()).iterator();
                while (it.hasNext()) {
                    String str = null;
                    r18 = null;
                    ObjectName objectName3 = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((AttributeList) configService.getAttribute(session, (ObjectName) it.next(), CommandConstants.SETTING)), (QueryExp) null)[0];
                    ObjectName objectName4 = (ObjectName) configService.getAttribute(session, objectName3, CommandConstants.KEY_STORE);
                    ObjectName objectName5 = (ObjectName) configService.getAttribute(session, objectName3, CommandConstants.TRUST_STORE);
                    if ((objectName4 != null && objectName4.equals(objectName2)) || (objectName5 != null && objectName5.equals(objectName2))) {
                        AttributeList attributes = configService.getAttributes(session, objectName3, new String[]{CommandConstants.PROPERTIES}, false);
                        if (attributes != null && attributes.size() > 0) {
                            for (ObjectName objectName6 : (List) ((Attribute) attributes.get(0)).getValue()) {
                                if (((String) configService.getAttribute(session, objectName6, "name")).equals("com.ibm.ssl.changed")) {
                                    str = (String) configService.getAttribute(session, objectName6, "value");
                                }
                            }
                        }
                        int i2 = 0;
                        if (str != null) {
                            i2 = Integer.valueOf(str).intValue() + 1;
                            configService.deleteConfigData(session, objectName6);
                        }
                        AttributeList attributeList = new AttributeList();
                        attributeList.add(new Attribute(CommandConstants.NAME, "com.ibm.ssl.changed"));
                        attributeList.add(new Attribute(CommandConstants.VALUE, String.valueOf(i2)));
                        configService.createConfigData(session, objectName3, CommandConstants.PROPERTIES, (String) null, attributeList);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper.markSSLConfigChanged", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception while marking ssl config changed: " + e.getMessage());
                }
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markSSLConfigChanged");
        }
    }

    public static void markSSLConfigChanged(KeyStoreInfo keyStoreInfo, Session session) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markSSLConfigChanged: Audit");
        }
        ConfigService configService = ConfigServiceFactory.getConfigService();
        String name = keyStoreInfo.getName();
        String scopeNameString = keyStoreInfo.getScopeNameString();
        ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
        CommandHelper commandHelper = new CommandHelper();
        if (!keyStoreInfo.getReadOnly().booleanValue() && (keyStoreInfo.getType().equals(Constants.KEYSTORE_TYPE_JCERACFKS) || keyStoreInfo.getType().equals(Constants.KEYSTORE_TYPE_JCECCARACFKS))) {
            name = keyStoreInfo.getUsage();
        }
        AttributeList attributeList = new AttributeList();
        ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, name);
        ObjectName objectName2 = commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, scopeNameString);
        if (objectName2 != null) {
            try {
                for (ObjectName objectName3 : (List) ((Attribute) configService.getAttributes(session, objectName, new String[]{CommandConstants.REPERTOIRE}, false).get(0)).getValue()) {
                    String str = null;
                    r22 = null;
                    String str2 = (String) configService.getAttribute(session, objectName3, "alias");
                    AttributeList attributeList2 = (AttributeList) configService.getAttribute(session, objectName3, CommandConstants.SETTING);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Looking at ssl config " + str2);
                    }
                    ObjectName objectName4 = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName(attributeList2), (QueryExp) null)[0];
                    ObjectName objectName5 = (ObjectName) configService.getAttribute(session, objectName4, CommandConstants.KEY_STORE);
                    ObjectName objectName6 = (ObjectName) configService.getAttribute(session, objectName4, CommandConstants.TRUST_STORE);
                    if ((objectName5 != null && objectName5.equals(objectName2)) || (objectName6 != null && objectName6.equals(objectName2))) {
                        AttributeList attributes = configService.getAttributes(session, objectName4, new String[]{CommandConstants.PROPERTIES}, false);
                        if (attributes != null && attributes.size() > 0) {
                            for (ObjectName objectName7 : (List) ((Attribute) attributes.get(0)).getValue()) {
                                if (((String) configService.getAttribute(session, objectName7, "name")).equals("com.ibm.ssl.changed")) {
                                    str = (String) configService.getAttribute(session, objectName7, "value");
                                }
                            }
                        }
                        int i = 0;
                        if (str != null) {
                            i = Integer.valueOf(str).intValue() + 1;
                            configService.deleteConfigData(session, objectName7);
                        }
                        AttributeList attributeList3 = new AttributeList();
                        attributeList3.add(new Attribute(CommandConstants.NAME, "com.ibm.ssl.changed"));
                        attributeList3.add(new Attribute(CommandConstants.VALUE, String.valueOf(i)));
                        configService.createConfigData(session, objectName4, CommandConstants.PROPERTIES, (String) null, attributeList3);
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper.markSSLConfigChanged", "%c%");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception while marking ssl config changed: " + e.getMessage());
                }
                throw e;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markSSLConfigChanged");
        }
    }

    public static boolean isCertAlreadyReplaced(String str) {
        return replacedCerts.size() > 0 && replacedCerts.contains(str);
    }

    public static void markCertReplaced(String str) {
        if (replacedCerts.contains(str)) {
            return;
        }
        replacedCerts.add(str);
    }

    public static void clearCertReplaced() {
        if (replacedCerts.isEmpty()) {
            return;
        }
        replacedCerts.clear();
    }

    public static String makeSubjectDN(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws CommandValidationException {
        if (str == null || str.length() == 0) {
            throw new CommandValidationException("CommonName is missing, unable to create the Certificate.");
        }
        String str8 = "CN=" + str;
        if (str3 != null && str3.length() != 0) {
            str8 = str8 + ", OU=" + str3;
        }
        if (str2 != null && str2.length() != 0) {
            str8 = str8 + ", O=" + str2;
        }
        if (str4 != null && str4.length() != 0) {
            str8 = str8 + ", L=" + str4;
        }
        if (str5 != null && str5.length() != 0) {
            str8 = str8 + ", ST=" + str5;
        }
        if (str6 != null && str6.length() != 0) {
            str8 = str8 + ", POSTALCODE=" + str6;
        }
        if (str7 != null && str7.length() != 0) {
            str8 = str8 + ", C=" + str7;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "DN is " + str8);
        }
        return str8;
    }

    public static void handleCACertReference(Session session, KeyStoreInfo keyStoreInfo, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCACertReference: Audit");
        }
        AttributeList attributeList = new AttributeList();
        CommandHelper commandHelper = new CommandHelper();
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            ObjectName objectName = configService.queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, keyStoreInfo.getName());
            ObjectName objectName2 = commandHelper.getObjectName(configService, session, objectName, CommandConstants.KEY_STORES, attributeList, keyStoreInfo.getScopeNameString());
            for (AttributeList attributeList2 : (List) configService.getAttribute(session, objectName, CommandConstants.CACERTIFICATES)) {
                ObjectName objectName3 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList2, CommandConstants.KEY_STORE);
                if (str.equalsIgnoreCase((String) ConfigServiceHelper.getAttributeValue(attributeList2, CommandConstants.ALIAS)) && objectName3.equals(objectName2)) {
                    configService.deleteConfigData(session, ConfigServiceHelper.createObjectName(attributeList2));
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleCACertReference");
            }
        } catch (Exception e) {
            throw e;
        }
    }

    public static String getCACertStatus(Session session, KeyStoreInfo keyStoreInfo, String str) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCACertStatus: Audit, alias: " + str);
        }
        AttributeList attributeList = new AttributeList();
        String str2 = null;
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            ObjectName objectName = configService.resolve(session, "Cell=:Security=")[0];
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, keyStoreInfo.getName());
            ObjectName certificateObj = getCertificateObj(session, configService, objectName, str, keyStoreInfo);
            if (certificateObj != null) {
                str2 = (String) configService.getAttribute(session, certificateObj, CommandConstants.CACERTIFICATE_STATUS);
                if (str2 != null) {
                    Tr.debug(tc, "status = " + str2);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getCACertStatus");
            }
            return str2;
        } catch (Exception e) {
            throw e;
        }
    }

    public static X509Certificate personalCertificateCreate(CertReqInfo certReqInfo, Session session) throws Exception {
        boolean z = false;
        String subjectDN = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String provider = ksInfo.getProvider();
        String type = ksInfo.getType();
        String password = ksInfo.getPassword();
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(ksInfo);
        X509Certificate x509Certificate = null;
        ObjectName objectName = ConfigServiceFactory.getConfigService().queryConfigObjects(session, (ObjectName) null, ConfigServiceHelper.createObjectName((ConfigDataId) null, RasMessage.AUDIT), (QueryExp) null)[0];
        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{label})[0]).booleanValue()) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.alias.already.exists.CWPKI0630E", new Object[]{label, ksInfo.getName()}, "Alias \"" + label + " already exists in key store \"" + ksInfo.getName() + "\"."));
        }
        if (type != null && type.equals(Constants.KEYSTORE_TYPE_CMS)) {
            provider = JSSEProviderFactory.isFipsEnabled() ? Constants.IBMJCEFIPS_NAME : "IBMJCE";
        }
        try {
            Date date = new Date();
            date.setTime(date.getTime() - 86400000);
            boolean z2 = false;
            if (certReqInfo.getKsInfo().getName().endsWith(Constants.DEFAULT_ROOT_STORE)) {
                z2 = true;
            }
            PkSsCertificate newSsCert = PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, null, null, null, provider, null, z2);
            if (newSsCert != null) {
                x509Certificate = newSsCert.getCertificate();
                wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntry", new Object[]{label, newSsCert.getKey(), password.toCharArray(), new X509Certificate[]{x509Certificate}});
                z = true;
                try {
                    Tr.audit(tc, "Self Signed Certificate: notBefore time: " + x509Certificate.getNotBefore().toString() + " notAfter time: " + x509Certificate.getNotAfter().toString());
                } catch (Throwable th) {
                }
            }
            if (z) {
                if (certReqInfo.getKsInfo().getFileBased().booleanValue()) {
                    setWorkspaceUpdated(session, certReqInfo.getKsInfo().getLocation());
                }
                markSSLConfigChanged(certReqInfo.getKsInfo(), session);
            }
            if (z) {
                return x509Certificate;
            }
            return null;
        } catch (Exception e) {
            throw e;
        }
    }

    public static X509Certificate chainedCertificateCreate(CertReqInfo certReqInfo, String str, KeyStoreInfo keyStoreInfo, Session session) throws Exception {
        boolean z = false;
        String subjectDN = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String provider = ksInfo.getProvider();
        String type = ksInfo.getType();
        String password = ksInfo.getPassword();
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(ksInfo);
        if (((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{label})[0]).booleanValue()) {
            throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.alias.already.exists.CWPKI0630E", new Object[]{label, ksInfo.getName()}, "Alias \"" + label + " already exists in key store \"" + ksInfo.getName() + "\"."));
        }
        if (type != null && type.equals(Constants.KEYSTORE_TYPE_CMS)) {
            provider = JSSEProviderFactory.isFipsEnabled() ? Constants.IBMJCEFIPS_NAME : "IBMJCE";
        }
        X509Certificate[] x509CertificateArr = null;
        X509Certificate[] x509CertificateArr2 = null;
        try {
            WSKeyStoreRemotable wSKeyStoreRemotable2 = new WSKeyStoreRemotable(keyStoreInfo);
            if (wSKeyStoreRemotable2 == null) {
                throw new SSLException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.keyfile.CWPKI0693E", new Object[]{keyStoreInfo.getLocation()}, "CWPKI0693E: Key store file \"" + keyStoreInfo.getLocation() + "\" does not exist"));
            }
            Object[] invokeKeyStoreCommand = wSKeyStoreRemotable2.invokeKeyStoreCommand("containsAlias", new Object[]{str});
            Object[] invokeKeyStoreCommand2 = wSKeyStoreRemotable2.invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
            if (!((Boolean) invokeKeyStoreCommand[0]).booleanValue()) {
                throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.does.not.exist.CWPKI0655E", new Object[]{str, keyStoreInfo.getName()}, "Certificate alias \\" + label + "\" does not exist in key store \\" + keyStoreInfo.getName() + "\"."));
            }
            if (!((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
                throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.cert.CWPKI0666E", new Object[]{str}, "Certificate \"" + label + "\" is not a personal certificate."));
            }
            Certificate[] certificateArr = (Certificate[]) wSKeyStoreRemotable2.invokeKeyStoreCommand("getCertificateChain", new Object[]{str})[0];
            if (certificateArr != null) {
                x509CertificateArr = new X509Certificate[certificateArr.length];
                for (int i = 0; i < certificateArr.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateArr[i];
                }
            }
            PrivateKey privateKey = (PrivateKey) wSKeyStoreRemotable2.invokeKeyStoreCommand("getKey", new Object[]{str, SSLConfig.decodePassword(keyStoreInfo.getPassword()).toCharArray()})[0];
            Date date = new Date();
            date.setTime(date.getTime() - 86400000);
            PkNewCertificate newCert = PkNewCertFactory.newCert(size, subjectDN, validDays, date, true, null, null, null, provider, null, x509CertificateArr, privateKey, certReqInfo.getKsInfo().getName().endsWith(Constants.DEFAULT_ROOT_STORE));
            if (newCert != null) {
                x509CertificateArr2 = newCert.getCertificateChain();
                wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntry", new Object[]{label, newCert.getKey(), password.toCharArray(), x509CertificateArr2});
                z = true;
                try {
                    Tr.audit(tc, "Chained Certificate\n\tOwner: " + x509CertificateArr2[0].getSubjectDN() + "\n\tIssuer: " + x509CertificateArr2[0].getIssuerDN() + "\n\tNot Before: " + x509CertificateArr2[0].getNotBefore().toString() + "\n\tNot After: " + x509CertificateArr2[0].getNotAfter().toString() + "\n\tSerial: " + x509CertificateArr2[0].getSerialNumber());
                } catch (Throwable th) {
                }
            }
            if (z) {
                if (certReqInfo.getKsInfo().getFileBased().booleanValue()) {
                    setWorkspaceUpdated(session, certReqInfo.getKsInfo().getLocation());
                }
                markSSLConfigChanged(certReqInfo.getKsInfo(), session);
            }
            if (z) {
                return x509CertificateArr2[0];
            }
            return null;
        } catch (Exception e) {
            throw e;
        }
    }

    public static boolean checkIfCertificateExists(X509Certificate x509Certificate, WSKeyStoreRemotable wSKeyStoreRemotable) {
        String generateDigest;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfCertificateExists: Audit");
        }
        try {
            generateDigest = KeyStoreManager.getInstance().generateDigest("MD5", x509Certificate);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception checking if the certificate already exists.", new Object[]{e});
            }
        }
        if (generateDigest == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "checkIfCertificateExists -> false (could not generate digest)");
            return false;
        }
        for (Object obj : wSKeyStoreRemotable.invokeKeyStoreCommand("aliases", null)) {
            String str = (String) obj;
            if (new Boolean(((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()).booleanValue() && generateDigest.equals(KeyStoreManager.getInstance().generateDigest("MD5", (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0]))) {
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.entry(tc, "checkIfCertificateExists -> true (digest matches)");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "checkIfCertificateExists -> false (no digest matches)");
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0073, code lost:
    
        r12 = r8.getAttribute(r9, r0, "value");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.Object getCustomProperty(com.ibm.websphere.management.configservice.ConfigService r8, com.ibm.websphere.management.Session r9, javax.management.ObjectName r10, java.lang.String r11) {
        /*
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.admintask.audit.certificates.PersonalCertificateHelper.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L12
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.admintask.audit.certificates.PersonalCertificateHelper.tc
            java.lang.String r1 = "getCustomProperty: Audit"
            com.ibm.ejs.ras.Tr.entry(r0, r1)
        L12:
            r0 = 0
            r12 = r0
            r0 = r8
            r1 = r9
            r2 = r10
            r3 = 1
            java.lang.String[] r3 = new java.lang.String[r3]     // Catch: java.lang.Exception -> L8a
            r4 = r3
            r5 = 0
            java.lang.String r6 = "properties"
            r4[r5] = r6     // Catch: java.lang.Exception -> L8a
            r4 = 0
            javax.management.AttributeList r0 = r0.getAttributes(r1, r2, r3, r4)     // Catch: java.lang.Exception -> L8a
            r13 = r0
            r0 = r13
            r1 = 0
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Exception -> L8a
            javax.management.Attribute r0 = (javax.management.Attribute) r0     // Catch: java.lang.Exception -> L8a
            java.lang.Object r0 = r0.getValue()     // Catch: java.lang.Exception -> L8a
            java.util.List r0 = (java.util.List) r0     // Catch: java.lang.Exception -> L8a
            r14 = r0
            r0 = r14
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Exception -> L8a
            r15 = r0
        L44:
            r0 = r15
            boolean r0 = r0.hasNext()     // Catch: java.lang.Exception -> L8a
            if (r0 == 0) goto L87
            r0 = r15
            java.lang.Object r0 = r0.next()     // Catch: java.lang.Exception -> L8a
            javax.management.ObjectName r0 = (javax.management.ObjectName) r0     // Catch: java.lang.Exception -> L8a
            r16 = r0
            r0 = r8
            r1 = r9
            r2 = r16
            java.lang.String r3 = "name"
            java.lang.Object r0 = r0.getAttribute(r1, r2, r3)     // Catch: java.lang.Exception -> L8a
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L8a
            r17 = r0
            r0 = r17
            r1 = r11
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L8a
            if (r0 == 0) goto L84
            r0 = r8
            r1 = r9
            r2 = r16
            java.lang.String r3 = "value"
            java.lang.Object r0 = r0.getAttribute(r1, r2, r3)     // Catch: java.lang.Exception -> L8a
            r12 = r0
            goto L87
        L84:
            goto L44
        L87:
            goto L8c
        L8a:
            r13 = move-exception
        L8c:
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.admintask.audit.certificates.PersonalCertificateHelper.tc
            boolean r0 = r0.isEntryEnabled()
            if (r0 == 0) goto L9e
            com.ibm.ejs.ras.TraceComponent r0 = com.ibm.ws.security.admintask.audit.certificates.PersonalCertificateHelper.tc
            java.lang.String r1 = "getCustomProperty"
            com.ibm.ejs.ras.Tr.exit(r0, r1)
        L9e:
            r0 = r12
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.admintask.audit.certificates.PersonalCertificateHelper.getCustomProperty(com.ibm.websphere.management.configservice.ConfigService, com.ibm.websphere.management.Session, javax.management.ObjectName, java.lang.String):java.lang.Object");
    }

    public static ObjectName getCertificateObj(Session session, ConfigService configService, ObjectName objectName, String str, KeyStoreInfo keyStoreInfo) throws Exception {
        ObjectName objectName2 = null;
        int i = 0;
        for (AttributeList attributeList : (List) configService.getAttribute(session, objectName, CommandConstants.CACERTIFICATES)) {
            i++;
            Tr.debug(tc, "entrynum: " + i);
            Iterator it = attributeList.iterator();
            while (it.hasNext()) {
                Attribute attribute = (Attribute) it.next();
                Tr.debug(tc, "ATTRIBUTE, Name = " + attribute.getName() + " Value = " + attribute.getValue().toString());
            }
            if (((String) ConfigServiceHelper.getAttributeValue(attributeList, "_Websphere_Config_Data_Type")).equals("CACertificate")) {
                String str2 = (String) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.ALIAS);
                Tr.debug(tc, "alias = " + str2 + " certAlias = " + str);
                if (str2.equalsIgnoreCase(str)) {
                    ObjectName objectName3 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList, CommandConstants.KEY_STORE);
                    String str3 = (String) configService.getAttribute(session, objectName3, CommandConstants.NAME);
                    ObjectName objectName4 = (ObjectName) configService.getAttribute(session, objectName3, CommandConstants.MANAGEMENT_SCOPE);
                    if (str3.equals(keyStoreInfo.getName()) && objectName4.equals(keyStoreInfo.getScopeName())) {
                        objectName2 = ConfigServiceHelper.createObjectName(attributeList);
                    }
                }
            }
        }
        return objectName2;
    }
}
