package com.ibm.ws.security.utility.module;

import com.ibm.websphere.crypto.InvalidPasswordEncodingException;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.ws.crypto.certificateutil.DefaultSSLCertificateCreator;
import com.ibm.ws.crypto.certificateutil.DefaultSubjectDN;
import com.ibm.ws.crypto.util.UnsupportedCryptoAlgorithmException;
import com.ibm.ws.security.utility.ConsoleWrapper;
import com.ibm.ws.security.utility.SecurityUtility;
import com.ibm.ws.security.utility.SecurityUtilityTask;
import com.ibm.ws.ssl.internal.LibertyConstants;
import java.io.File;
import java.io.PrintStream;
import java.security.cert.CertificateException;
import java.text.MessageFormat;

/* loaded from: input_file:resources/server_runtime/lib/com.ibm.ws.security.utility_1.0.jar:com/ibm/ws/security/utility/module/CreateSSLCertificateTask.class */
public class CreateSSLCertificateTask implements SecurityUtilityTask {
    static final String NL = System.getProperty("line.separator");
    static final String SLASH = String.valueOf(File.separatorChar);
    static final String ARG_SERVER = "--server";
    static final String ARG_PASSWORD = "--password";
    static final String ARG_VALIDITY = "--validity";
    static final String ARG_SUBJECT = "--subject";
    private final DefaultSSLCertificateCreator creator;
    private final FileUtility fileUtility;
    private ConsoleWrapper stdin;
    private PrintStream stdout;

    public CreateSSLCertificateTask(DefaultSSLCertificateCreator defaultSSLCertificateCreator, FileUtility fileUtility) {
        this.creator = defaultSSLCertificateCreator;
        this.fileUtility = fileUtility;
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskName() {
        return "createSSLCertificate";
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskUsage() {
        return "--server=" + SecurityUtility.messages.getString("name") + " --password[=pwd] [--validity=" + SecurityUtility.messages.getString("days") + "] [--subject=dn]";
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public String getTaskHelp() {
        return MessageFormat.format(SecurityUtility.messages.getString("sslCert.help"), 6, 365, 365, "default", "RSA", DefaultSSLCertificateCreator.SIGALG);
    }

    @Override // com.ibm.ws.security.utility.SecurityUtilityTask
    public void handleTask(ConsoleWrapper consoleWrapper, PrintStream printStream, PrintStream printStream2, String[] strArr) {
        this.stdin = consoleWrapper;
        this.stdout = printStream;
        validateArgumentList(strArr);
        String argumentValue = getArgumentValue(ARG_SERVER, strArr, null);
        String serversDirectory = this.fileUtility.getServersDirectory();
        String str = serversDirectory + argumentValue + SLASH;
        if (!this.fileUtility.exists(str)) {
            String resolvePath = this.fileUtility.resolvePath(serversDirectory);
            printStream.println(SecurityUtility.messages.getString("sslCert.abort"));
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.serverNotFound"), argumentValue, resolvePath));
            return;
        }
        File file = new File(str + "resources" + SLASH + "security" + SLASH + LibertyConstants.DEFAULT_KEY_STORE_FILE);
        String resolvePath2 = this.fileUtility.resolvePath(file);
        if (!this.fileUtility.createParentDirectory(printStream, file)) {
            printStream.println(SecurityUtility.messages.getString("sslCert.abort"));
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.requiredDirNotCreated"), resolvePath2));
            return;
        }
        String argumentValue2 = getArgumentValue(ARG_PASSWORD, strArr, null);
        int intValue = Integer.valueOf(getArgumentValue(ARG_VALIDITY, strArr, String.valueOf(365))).intValue();
        String argumentValue3 = getArgumentValue(ARG_SUBJECT, strArr, new DefaultSubjectDN(null, argumentValue).getSubjectDN());
        try {
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.createKeyStore"), resolvePath2));
            String encode = PasswordUtil.encode(argumentValue2);
            this.creator.createDefaultSSLCertificate(resolvePath2, argumentValue2, intValue, argumentValue3);
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.serverXML"), argumentValue, encode));
            printStream.println(NL + "    <featureManager>" + NL + "        <feature>ssl-1.0</feature>" + NL + "    </featureManager>" + NL + "    <keyStore id=\"defaultKeyStore\" password=\"" + encode + "\" />" + NL + NL);
        } catch (InvalidPasswordEncodingException e) {
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.errorEncodePassword"), e.getMessage()));
        } catch (UnsupportedCryptoAlgorithmException e2) {
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.errorEncodePassword"), e2.getMessage()));
        } catch (CertificateException e3) {
            printStream.println(MessageFormat.format(SecurityUtility.messages.getString("sslCert.createFailed"), e3.getMessage()));
        }
    }

    private boolean isKnownArgument(String str) {
        return str.startsWith(ARG_SERVER) || str.startsWith(ARG_PASSWORD) || str.startsWith(ARG_VALIDITY) || str.startsWith(ARG_SUBJECT);
    }

    private void checkRequiredArguments(String[] strArr) {
        String string = strArr.length < 3 ? SecurityUtility.messages.getString("insufficientArgs") : "";
        boolean z = false;
        boolean z2 = false;
        for (String str : strArr) {
            if (str.startsWith(ARG_SERVER)) {
                z = true;
            }
            if (str.startsWith(ARG_PASSWORD)) {
                z2 = true;
            }
        }
        if (!z) {
            string = string + " " + MessageFormat.format(SecurityUtility.messages.getString("missingArg"), ARG_SERVER);
        }
        if (!z2) {
            string = string + " " + MessageFormat.format(SecurityUtility.messages.getString("missingArg"), ARG_PASSWORD);
        }
        if (!string.isEmpty()) {
            throw new IllegalArgumentException(string);
        }
    }

    private String getValue(String str) {
        String[] split = str.split("=");
        if (split.length == 1) {
            return null;
        }
        if (split.length == 2) {
            return split[1];
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 1; i < split.length; i++) {
            stringBuffer.append(split[i]);
            if (i < split.length - 1) {
                stringBuffer.append("=");
            }
        }
        return stringBuffer.toString();
    }

    private void validateArgumentList(String[] strArr) {
        checkRequiredArguments(strArr);
        for (int i = 1; i < strArr.length; i++) {
            String str = strArr[i];
            String value = getValue(str);
            if (!isKnownArgument(str)) {
                throw new IllegalArgumentException(MessageFormat.format(SecurityUtility.messages.getString("invalidArg"), str));
            }
            if (!str.equals(ARG_PASSWORD) && value == null) {
                throw new IllegalArgumentException(MessageFormat.format(SecurityUtility.messages.getString("missingValue"), str));
            }
        }
    }

    private String promptForText() {
        String readMaskedText = this.stdin.readMaskedText(SecurityUtility.messages.getString("password.enterText") + " ");
        String readMaskedText2 = this.stdin.readMaskedText(SecurityUtility.messages.getString("password.reenterText") + " ");
        if (readMaskedText == null && readMaskedText2 == null) {
            throw new IllegalArgumentException("Unable to read either entry. Aborting prompt.");
        }
        if (readMaskedText == null || readMaskedText2 == null) {
            this.stdout.println(SecurityUtility.messages.getString("password.readError"));
            return promptForText();
        }
        if (readMaskedText.equals(readMaskedText2)) {
            return readMaskedText;
        }
        this.stdout.println(SecurityUtility.messages.getString("password.entriesDidNotMatch"));
        return promptForText();
    }

    private String getArgumentValue(String str, String[] strArr, String str2) {
        for (int i = 1; i < strArr.length; i++) {
            if (strArr[i].startsWith(str)) {
                String value = getValue(strArr[i]);
                return (str.equals(ARG_PASSWORD) && value == null) ? promptForText() : value;
            }
        }
        return str2;
    }
}
