package com.tivoli.agentmgr.credentialmgr;

import com.tivoli.agent.utils.ConfigurationConstants;
import com.tivoli.agent.utils.CredentialService;
import com.tivoli.agent.utils.SocketService;
import com.tivoli.agentmgr.client.NotRegisteredException;
import com.tivoli.agentmgr.client.TrustedCertificateQueryClient;
import com.tivoli.agentmgr.client.proxy.AgentManagerQueryProxy;
import com.tivoli.agentmgr.resources.AgentDescription;
import com.tivoli.agentmgr.resources.AgentManagerConfig;
import com.tivoli.agentmgr.resources.AgentManagerDetailLevel;
import com.tivoli.agentmgr.resources.AgentManagerException;
import com.tivoli.agentmgr.resources.AgentManagerProperties;
import com.tivoli.agentmgr.resources.CertManagementException;
import com.tivoli.agentmgr.resources.DescriptionHelper;
import com.tivoli.agentmgr.resources.EndpointDescription;
import com.tivoli.agentmgr.resources.GUIDHelper;
import com.tivoli.agentmgr.resources.ManagerDescription;
import com.tivoli.agentmgr.resources.Property;
import com.tivoli.agentmgr.resources.RegistrationConfiguration;
import com.tivoli.agentmgr.util.security.CertExtensionHelper;
import com.tivoli.agentmgr.util.security.CertProvider;
import com.tivoli.agentmgr.util.security.FileKeyStore;
import com.tivoli.agentmgr.util.security.PasswordFile;
import com.tivoli.agentmgr.util.security.PwdGenerator;
import com.tivoli.agentmgr.wsdl.util.AgentMgrCommException;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Properties;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;

/* loaded from: input_file:installer/IY95287.jar:efixes/IY95287/components/tpm/update.jar:/apps/tcje.ear:lib/epmgr_client.jar:com/tivoli/agentmgr/credentialmgr/CredentialServiceImpl.class */
public class CredentialServiceImpl implements CredentialService, SocketService, CertProvider {
    private static final String CLASSNAME;
    private static final String COPYRIGHT = "\n\nLicensed Materials - Property of IBM\n(C)Copyright IBM Corporation 2004.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication \nor disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n\n";
    private static boolean secure;
    private RegistrationConfiguration config;
    private Properties arsProperties;
    private KeyAndTrustStoreManager m_keyMgr;
    private AbstractPKIClient m_pkiClient;
    static Class class$com$tivoli$agentmgr$credentialmgr$CredentialServiceImpl;

    public CredentialServiceImpl(Properties properties) throws AgentManagerException {
        this.config = null;
        this.config = new RegistrationConfiguration(properties);
        properties.setProperty(AgentManagerConfig.REGISTRATION_HOST, this.config.getRegistrationHost());
        properties.setProperty("Registration.URI", this.config.getRegistrationURI());
        properties.setProperty(AgentManagerConfig.AGENT_CONFIG_PORT, new StringBuffer().append(this.config.getAgentMgrQueryPort()).append("").toString());
        setArsProperties(properties);
        if (secure) {
            try {
                init();
                try {
                    this.m_pkiClient = (AbstractPKIClient) Class.forName(this.config.getPkiClassName()).newInstance();
                    this.m_keyMgr = new KeyAndTrustStoreManager(this.config, this.m_pkiClient, this);
                    this.m_pkiClient.initialize(getSocketFactory(), getArsProperties());
                } catch (Exception e) {
                    throw new AgentManagerException(e);
                }
            } catch (Exception e2) {
                throw new AgentManagerException(e2);
            }
        }
    }

    public X509Certificate[] getCredentials() throws CertManagementException {
        return this.m_keyMgr.getCredentials();
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public X509CRL getCRL() throws CertManagementException {
        return this.m_keyMgr.getCRL();
    }

    @Override // com.tivoli.agent.utils.SocketService
    public SocketFactory getSocketFactory() throws AgentManagerException {
        try {
            return secure ? new DelegateSocketFactory(this.m_keyMgr) : SocketFactory.getDefault();
        } catch (Exception e) {
            throw new AgentMgrCommException(e);
        }
    }

    @Override // com.tivoli.agent.utils.SocketService
    public ServerSocketFactory getServerSocketFactory() throws AgentManagerException {
        try {
            return secure ? this.m_keyMgr.getServerSocketFactory() : ServerSocketFactory.getDefault();
        } catch (Exception e) {
            throw new AgentMgrCommException(e);
        }
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void hasValidCredentials() throws AgentManagerException {
        X509Certificate[] credentials = this.m_keyMgr.getCredentials();
        if (credentials == null || credentials.length < 1) {
            throw new NotRegisteredException();
        }
        X509Certificate x509Certificate = credentials[0];
        try {
            x509Certificate.checkValidity();
            String instanceID = CertExtensionHelper.getInstanceID(x509Certificate);
            String hostID = CertExtensionHelper.getHostID(x509Certificate);
            String makeNamePart = GUIDHelper.makeNamePart(GUIDHelper.getInstanceId());
            try {
                String hostId = GUIDHelper.getHostId();
                if (!instanceID.equals(makeNamePart)) {
                    throw new NotRegisteredException(new StringBuffer().append(instanceID).append(" != ").append(makeNamePart).toString());
                }
                if (!hostID.equals(hostId)) {
                    throw new NotRegisteredException(new StringBuffer().append(hostID).append(" != ").append(hostId).toString());
                }
            } catch (Exception e) {
                throw new NotRegisteredException(e);
            }
        } catch (Exception e2) {
            throw new AgentManagerException(e2);
        }
    }

    public boolean isCredentialExpiring() throws CertManagementException {
        boolean z = false;
        X509Certificate[] credentials = this.m_keyMgr.getCredentials();
        if (credentials == null || credentials.length < 1) {
            throw new CertManagementException();
        }
        X509Certificate x509Certificate = credentials[0];
        Date notBefore = x509Certificate.getNotBefore();
        if (x509Certificate.getNotAfter().getTime() - new Date().getTime() <= ((long) (this.config.getExpireTolerance() * (r0.getTime() - notBefore.getTime())))) {
            z = true;
        }
        return z;
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void importTrustedCertificates(String str, char[] cArr) throws AgentManagerException {
        this.m_keyMgr.importTrustedCertificates(str, cArr);
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public boolean isCertificateTrusted(X509Certificate x509Certificate) throws AgentManagerException {
        return this.m_keyMgr.isCertificateTrusted(x509Certificate);
    }

    @Override // com.tivoli.agent.utils.CredentialService, com.tivoli.agent.security.SecurityService
    public boolean isSecurityEnabled() {
        return secure;
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void registerAgent(AgentDescription agentDescription) throws AgentManagerException {
        registerAgent(null, this.config.getRegistrationPW().toCharArray(), agentDescription);
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void registerAgent(String str, char[] cArr, AgentDescription agentDescription) throws AgentManagerException {
        registerAgent(str, cArr, agentDescription, DescriptionHelper.getEndpointDescription(this.m_keyMgr.getEndpointGUID()));
    }

    void registerAgent(AgentDescription agentDescription, EndpointDescription endpointDescription) throws AgentManagerException {
        registerAgent(null, this.config.getRegistrationPW().toCharArray(), agentDescription, endpointDescription);
    }

    private void registerAgent(String str, char[] cArr, AgentDescription agentDescription, EndpointDescription endpointDescription) throws AgentManagerException {
        downloadTrustStore();
        getServerConfig();
        KeyPair keyPair = this.m_keyMgr.getKeyPair();
        this.m_keyMgr.setKeyAndCertificate(keyPair.getPrivate(), this.m_pkiClient.registerAgent(str, cArr, keyPair.getPublic(), endpointDescription, agentDescription));
    }

    private void downloadTrustStore() throws AgentManagerException {
        if (this.config.isTruststoreDownloadable()) {
            TrustedCertificateQueryClient trustedCertificateQueryClient = new TrustedCertificateQueryClient();
            trustedCertificateQueryClient.initialize(SocketFactory.getDefault(), getArsProperties());
            this.m_keyMgr.setTrustStore(trustedCertificateQueryClient.queryTrustedCertificates().certificateChain());
        }
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void registerManager(String str, char[] cArr, ManagerDescription managerDescription) throws AgentManagerException {
        downloadTrustStore();
        getServerConfig();
        KeyPair keyPair = this.m_keyMgr.getKeyPair();
        this.m_keyMgr.setKeyAndCertificate(keyPair.getPrivate(), this.m_pkiClient.registerManager(str, cArr, keyPair.getPublic(), DescriptionHelper.getEndpointDescription(this.m_keyMgr.getEndpointGUID()), managerDescription));
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void renewCRL() throws AgentManagerException {
        this.m_keyMgr.renewCRL();
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void renewCertificate() throws AgentManagerException {
        renewCerts();
    }

    @Override // com.tivoli.agentmgr.util.security.CertProvider
    public X509Certificate[] renewCerts() throws AgentManagerException {
        KeyPair keyPair = this.m_keyMgr.getKeyPair();
        X509Certificate[] credentials = this.m_keyMgr.getCredentials();
        if (credentials == null || credentials.length < 1) {
            throw new NotRegisteredException();
        }
        X509Certificate[] renewCertificate = this.m_pkiClient.renewCertificate(credentials[0], null, keyPair.getPublic());
        this.m_keyMgr.setKeyAndCertificate(keyPair.getPrivate(), renewCertificate);
        return renewCertificate;
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void resetCredentials() throws AgentManagerException {
        this.m_keyMgr.resetCredentials();
    }

    @Override // com.tivoli.agent.utils.CredentialService
    public void setKeyAndCertificate(PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws AgentManagerException {
        this.m_keyMgr.setKeyAndCertificate(privateKey, x509CertificateArr);
    }

    protected Property[] getServerConfig() throws AgentManagerException {
        String agentMgrQueryHost = this.config.getAgentMgrQueryHost();
        int agentMgrQueryPort = this.config.getAgentMgrQueryPort();
        String agentMgrQueryURI = this.config.getAgentMgrQueryURI();
        if (agentMgrQueryURI == null) {
            agentMgrQueryURI = "/AgentMgr/AgentManagerQuery";
        }
        try {
            AgentManagerDetailLevel agentManagerDetailLevel = new AgentManagerDetailLevel();
            agentManagerDetailLevel.increaseDetail(AgentManagerDetailLevel.URLS);
            agentManagerDetailLevel.increaseDetail(AgentManagerDetailLevel.CONFIG);
            AgentManagerProperties queryAgentManagerProperties = new AgentManagerQueryProxy("wsdl/AgentManagerQuery.wsdl", getSocketFactory(), agentMgrQueryHost, agentMgrQueryPort, agentMgrQueryURI).queryAgentManagerProperties(agentManagerDetailLevel.getDetails());
            getArsProperties().setProperty(AgentManagerConfig.AGENT_MANAGER_ID, queryAgentManagerProperties.getAgentManagerName());
            Property[] properties = queryAgentManagerProperties.getProperties();
            if (properties != null) {
                int length = properties.length;
                for (int i = 0; i < length; i++) {
                    if (properties[i] != null) {
                        getArsProperties().setProperty(properties[i].getName(), properties[i].getValue());
                    }
                }
            }
            return properties;
        } catch (Exception e) {
            throw new AgentManagerException(e);
        }
    }

    private void init() throws KeyStoreException, FileNotFoundException, CertificateException, CertManagementException, IOException, NoSuchAlgorithmException {
        if (new File(ConfigurationConstants.getPasswordFile()).exists()) {
            return;
        }
        String registrationPW = this.config.getRegistrationPW();
        try {
            String createPassword = PwdGenerator.createPassword();
            try {
                PasswordFile.storePwd(ConfigurationConstants.getPasswordFile(), createPassword.toCharArray());
                if (new File(ConfigurationConstants.getKeystoreFile()).exists()) {
                    FileKeyStore fileKeyStore = new FileKeyStore(this.config.getKeyRingName(), registrationPW.toCharArray());
                    fileKeyStore.changePassword(createPassword.toCharArray());
                    fileKeyStore.store();
                }
                if (new File(ConfigurationConstants.getTruststoreFile()).exists()) {
                    FileKeyStore fileKeyStore2 = new FileKeyStore(this.config.getTrustStoreName(), registrationPW.toCharArray());
                    fileKeyStore2.changePassword(createPassword.toCharArray());
                    fileKeyStore2.store();
                }
                this.config.setKeyRingPW(createPassword);
            } catch (Exception e) {
                this.config.setKeyRingPW(registrationPW);
            }
        } catch (Exception e2) {
            throw new CertManagementException(e2.getMessage());
        }
    }

    public Properties getArsProperties() {
        return this.arsProperties;
    }

    public void setArsProperties(Properties properties) {
        this.arsProperties = properties;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$tivoli$agentmgr$credentialmgr$CredentialServiceImpl == null) {
            cls = class$("com.tivoli.agentmgr.credentialmgr.CredentialServiceImpl");
            class$com$tivoli$agentmgr$credentialmgr$CredentialServiceImpl = cls;
        } else {
            cls = class$com$tivoli$agentmgr$credentialmgr$CredentialServiceImpl;
        }
        CLASSNAME = cls.getName();
        secure = true;
        String property = System.getProperty("com.tivoli.agent.net.secure");
        if (property == null || !property.equalsIgnoreCase("false")) {
            return;
        }
        secure = false;
    }
}
