package com.ibm.spi;

import com.ibm.gsk.ikeyman.basic.BERObject;
import com.ibm.gsk.ikeyman.basic.CMSKeyDatabase;
import com.ibm.gsk.ikeyman.basic.CMSKeyDatabaseException;
import com.ibm.gsk.ikeyman.basic.CertificateItem;
import com.ibm.gsk.ikeyman.basic.CertificateRequestItem;
import com.ibm.gsk.ikeyman.basic.DNItem;
import com.ibm.gsk.ikeyman.basic.EncryptedPrivateKeyInfoItem;
import com.ibm.gsk.ikeyman.basic.KMException;
import com.ibm.gsk.ikeyman.basic.KMSystem;
import com.ibm.gsk.ikeyman.basic.KMUtil;
import com.ibm.gsk.ikeyman.basic.KeyItem;
import com.ibm.gsk.ikeyman.basic.MSCertificateStore;
import com.ibm.gsk.ikeyman.basic.PrivateKeyInfoItem;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:efixes/PQ89734_express_linux_s390/components/prereq.jdk/update.jar:/java/jre/lib/ext/gskikm.jar:com/ibm/spi/CMSKeyStoreSpi.class */
public class CMSKeyStoreSpi extends KeyStoreSpi implements IBMKeyStoreSpi {
    private static final int KEY_STORE_TYPE_CMS = 1;
    private static final int KEY_STORE_TYPE_MSCSP = 2;
    private CMSKeyDatabase cmsKeyDatabase = null;
    private MSCertificateStore msCertificateStore = null;
    private File writeFile;
    private File rdbFile;
    private File crlFile;
    private int type;
    private String cspName;
    private boolean jniStatus;
    private boolean fileStatus;
    private String keyDBPassword;
    boolean initialized;

    public CMSKeyStoreSpi() {
        this.jniStatus = false;
        this.fileStatus = false;
        KMUtil.debugMsg("CMSKeyStoreSpi::CMSKeyStoreSpi() 0000");
        this.initialized = false;
        KMSystem.init();
        if (KMSystem.isJNIEnabled()) {
            this.jniStatus = true;
        }
        try {
            this.fileStatus = false;
            this.writeFile = File.createTempFile("CMSdb", null, null);
            this.rdbFile = new File(new StringBuffer().append(this.writeFile.getPath().substring(0, this.writeFile.getPath().lastIndexOf(46) + 1)).append("rdb").toString());
            this.crlFile = new File(new StringBuffer().append(this.writeFile.getPath().substring(0, this.writeFile.getPath().lastIndexOf(46) + 1)).append("crl").toString());
            this.fileStatus = true;
        } catch (Exception e) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::CMSKeyStoreSpi() 0100, Exception=").append(e).toString());
        }
        if (this.fileStatus) {
            this.writeFile.deleteOnExit();
            this.rdbFile.deleteOnExit();
            this.crlFile.deleteOnExit();
        }
        KMUtil.debugMsg("CMSKeyStoreSpi::CMSKeyStoreSpi() 9999");
    }

    public String toString() {
        return new StringBuffer().append("CMSKeyStoreSpi with CMS database\n").append(this.cmsKeyDatabase).append("\nJNI ready: ").append(this.jniStatus).append("\nFile Status: ").append(this.fileStatus).toString();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyItem keyItem = null;
        if (!this.keyDBPassword.equals(new String(cArr)) && cArr != null) {
            throw new UnrecoverableKeyException("The password supplied is invalid, it must be either null or match the KeyStore password");
        }
        try {
            if (this.type == 1) {
                keyItem = this.cmsKeyDatabase.getKeyItemByLabel(str);
            } else if (this.type == 2) {
                keyItem = this.msCertificateStore.getKeyItemByLabel(str);
            }
            try {
                EncryptedPrivateKeyInfoItem encryptedPrivateKeyInfoItem = keyItem.getEncryptedPrivateKeyInfoItem();
                if (encryptedPrivateKeyInfoItem == null) {
                    return null;
                }
                return KeyFactory.getInstance("RSA", "IBMJCE").generatePrivate(new PKCS8EncodedKeySpec(CMSKeyDatabase.c_DecryptPrivateKey(encryptedPrivateKeyInfoItem.getLength(), encryptedPrivateKeyInfoItem.getEncoded(), this.keyDBPassword).getEncoded()));
            } catch (Exception e) {
                throw new UnrecoverableKeyException(new StringBuffer().append("Error recovering key:").append(e.getMessage()).toString());
            }
        } catch (Exception e2) {
            throw new UnrecoverableKeyException("Error during KeyItem extraction");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineGetCertificateChain 0000, alias=").append(str).toString());
        KeyItem[] keyItemArr = null;
        if (!engineContainsAlias(str)) {
            KMUtil.debugMsg("CMSKeyStoreSpi::engineGetCertificateChain 9999-1");
            return null;
        }
        try {
            if (this.type == 1) {
                keyItemArr = this.cmsKeyDatabase.getKeyItemListByLabel(str);
            } else if (this.type == 2) {
                keyItemArr = this.msCertificateStore.getKeyItemListByLabel(str);
            }
            int length = keyItemArr.length;
            CertificateItem[] certificateItemArr = new CertificateItem[length];
            for (int i = 0; i < length; i++) {
                if (!keyItemArr[i].hasCertificate()) {
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineGetCertificateChain 9999-3");
                    return null;
                }
                certificateItemArr[i] = (CertificateItem) keyItemArr[i].getCertificateChain().elementAt(0);
            }
            CertificateItem[] certificateItemArr2 = new CertificateItem[length];
            certificateItemArr2[0] = certificateItemArr[0];
            for (int i2 = 1; i2 < length; i2++) {
                certificateItemArr2[i2] = certificateItemArr[length - i2];
            }
            X509CertImpl[] x509CertImplArr = new X509CertImpl[length];
            for (int i3 = 0; i3 < length; i3++) {
                try {
                    x509CertImplArr[i3] = new X509CertImpl(certificateItemArr2[i3].getEncoded());
                } catch (Exception e) {
                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineGetCertificateChain 9999-4, Exception=").append(e).toString());
                    return null;
                }
            }
            KMUtil.debugMsg("CMSKeyStoreSpi::engineGetCertificateChain 9999-5");
            return x509CertImplArr;
        } catch (Exception e2) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineGetCertificateChain 9999-2, Exception=").append(e2).toString());
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (!engineContainsAlias(str)) {
            return null;
        }
        KeyItem keyItem = null;
        try {
            if (this.type == 1) {
                keyItem = this.cmsKeyDatabase.getKeyItemByLabel(str);
            } else if (this.type == 2) {
                keyItem = this.msCertificateStore.getKeyItemByLabel(str);
            }
            if (!keyItem.hasCertificate()) {
                return null;
            }
            try {
                return new X509CertImpl(((CertificateItem) keyItem.getCertificateChain().elementAt(0)).getEncoded());
            } catch (Exception e) {
                return null;
            }
        } catch (Exception e2) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return new Date(this.writeFile.lastModified());
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0000");
        if (!key.getAlgorithm().equals("RSA")) {
            throw new KeyStoreException("Algorithm not RSA.");
        }
        if (!key.getFormat().equals("PKCS#8")) {
            throw new KeyStoreException("This key does not support encoding to PKCS#8");
        }
        if (cArr != null && !this.keyDBPassword.equals(new String(cArr))) {
            throw new KeyStoreException("Password must be the same as the DB password or null!");
        }
        if (certificateArr != null) {
            for (Certificate certificate : certificateArr) {
                if (!(certificate instanceof X509Certificate)) {
                    throw new KeyStoreException("One of the chain elements is not an X509Certificate");
                }
            }
        }
        KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0100");
        try {
            EncryptedPrivateKeyInfoItem encryptPrivateKey = CMSKeyDatabase.encryptPrivateKey(new PrivateKeyInfoItem(key.getEncoded()), this.keyDBPassword);
            short s = 0;
            CertificateItem[] certificateItemArr = new CertificateItem[1];
            if (certificateArr != null) {
                for (int length = certificateArr.length - 1; length >= 0; length--) {
                    if (engineGetCertificateAlias(certificateArr[length]) == null || length == 0) {
                        try {
                            certificateItemArr[0] = new CertificateItem(((X509Certificate) certificateArr[length]).getEncoded());
                            if (certificateItemArr[0] == null) {
                                throw new Exception("null reference");
                            }
                            s = certificateItemArr[0].getKeySize();
                            if (length != 0) {
                                String name = ((X509Certificate) certificateArr[length]).getSubjectDN().getName();
                                int indexOf = name.indexOf("cn=");
                                int i = indexOf;
                                if (indexOf == -1) {
                                    int indexOf2 = name.indexOf("CN=");
                                    i = indexOf2;
                                    if (indexOf2 == -1) {
                                        int indexOf3 = name.indexOf("ou=");
                                        i = indexOf3;
                                        if (indexOf3 == -1) {
                                            int indexOf4 = name.indexOf("OU=");
                                            i = indexOf4;
                                            if (indexOf4 == -1) {
                                                throw new KeyStoreException(new StringBuffer().append("Cannot find a suitable string for signer alias, ").append(name).toString());
                                            }
                                        }
                                    }
                                }
                                int indexOf5 = name.indexOf(", ", i);
                                String substring = indexOf5 == -1 ? name.substring(i + 3) : name.substring(i + 3, indexOf5);
                                if (engineContainsAlias(substring)) {
                                    throw new KeyStoreException(new StringBuffer().append("Alias \"").append(substring).append("\" for signer cert already exists").toString());
                                }
                                KeyItem keyItem = new KeyItem(substring, (short) 1, s, (EncryptedPrivateKeyInfoItem) null, certificateItemArr, (BERObject) null, true, false);
                                try {
                                    if (this.type == 1) {
                                        this.cmsKeyDatabase.insertKey(keyItem);
                                    } else if (this.type == 2) {
                                        this.msCertificateStore.importCertificate(keyItem);
                                    }
                                } catch (CMSKeyDatabaseException e) {
                                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 0600, CMSKeyDatabaseException=").append(e).toString());
                                    if (!CMSKeyDatabaseException.getErrKey(e.getErrCode()).equals("GSKKM_ERR_DATABASE_DUPLICATE_KEY")) {
                                        throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e.toString()).toString());
                                    }
                                } catch (KMException e2) {
                                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 0610, KMException=").append(e2).toString());
                                    if (!e2.getErrCodeName().equals("GSKKM_ERR_IO")) {
                                        throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e2.toString()).toString());
                                    }
                                    throw new KeyStoreException("User canceled");
                                } catch (Exception e3) {
                                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 0620, Exception=").append(e3).toString());
                                    throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e3.toString()).toString());
                                }
                            } else {
                                continue;
                            }
                        } catch (Exception e4) {
                            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 0400, Exception=").append(e4).toString());
                            throw new KeyStoreException(new StringBuffer().append("Error during conversion of X509Certificate #").append(length).append(", ").append(e4.toString()).toString());
                        }
                    }
                }
            }
            KeyItem keyItem2 = new KeyItem(str, (short) 1, s, encryptPrivateKey, certificateItemArr, (BERObject) null, true, false);
            if (engineContainsAlias(str)) {
                engineDeleteEntry(str);
            }
            try {
                if (this.type == 1) {
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0720");
                    this.cmsKeyDatabase.insertKey(keyItem2);
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0730");
                } else if (this.type == 2) {
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0740");
                    this.msCertificateStore.importCertificate(keyItem2);
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 0750");
                }
                KMUtil.debugMsg("CMSKeyStoreSpi::engineSetKeyEntry 9999");
            } catch (CMSKeyDatabaseException e5) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 1000, CMSKeyDatabaseException=").append(e5).toString());
                int errCode = e5.getErrCode();
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 1001, errCode=").append(errCode).toString());
                String errKey = CMSKeyDatabaseException.getErrKey(errCode);
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 1002, errKey=").append(errKey).toString());
                if (errKey.equals("GSKKM_ERR_DATABASE_DUPLICATE_KEY")) {
                    throw new CertificateAlreadyExistsException("User certificate already exists in the key database");
                }
                if (!errKey.equals("GSKKM_ERR_INVALID_CERT_CHAIN")) {
                    throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e5.toString()).toString());
                }
                throw new KeyStoreException("INVALID_CERT_CHAIN");
            } catch (Exception e6) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 1010, Exception=").append(e6).toString());
                throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e6.toString()).toString());
            }
        } catch (Exception e7) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetKeyEntry 0200, Exception=").append(e7).toString());
            throw new KeyStoreException(new StringBuffer().append("Error during encryption of PKCS#8 ").append(e7.toString()).toString());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("CMS cannot accept externally encoded PKCS#8 objects");
    }

    public CertificateItem parseCertificate(Certificate certificate, byte[] bArr) throws KeyStoreException {
        String str;
        String str2;
        String str3;
        String str4;
        String str5;
        String str6;
        String str7;
        String str8;
        CertificateItem certificateItem;
        if (certificate == null) {
            return null;
        }
        try {
            X509CertImpl x509CertImpl = new X509CertImpl(certificate.getEncoded());
            PublicKey publicKey = certificate.getPublicKey();
            PublicKey generatePublic = KeyFactory.getInstance(publicKey.getAlgorithm()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
            int bitLength = generatePublic instanceof RSAPublicKey ? ((RSAPublicKey) generatePublic).getModulus().bitLength() : ((DSAPublicKey) generatePublic).getY().bitLength();
            if (bitLength % 2 != 0) {
                bitLength++;
            }
            X500Name x500Name = (X500Name) x509CertImpl.getIssuerDN();
            try {
                str = x500Name.getCommonName();
            } catch (Exception e) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8000, Exception=").append(e).toString());
                str = "<invalid issuer cn>";
            }
            try {
                str2 = x500Name.getOrganizationalUnit();
            } catch (Exception e2) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8010, Exception=").append(e2).toString());
                str2 = "<invalid issuer ou>";
            }
            try {
                str3 = x500Name.getOrganization();
            } catch (Exception e3) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8020, Exception=").append(e3).toString());
                str3 = "<invalid orgnanization name>";
            }
            try {
                str4 = x500Name.getCountry();
            } catch (Exception e4) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8030, Exception=").append(e4).toString());
                str4 = "<invalid country name>";
            }
            X500Name x500Name2 = (X500Name) x509CertImpl.getSubjectDN();
            try {
                str5 = x500Name2.getCommonName();
            } catch (Exception e5) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8040, Exception=").append(e5).toString());
                str5 = "<invalid subject cn>";
            }
            try {
                str6 = x500Name2.getOrganizationalUnit();
            } catch (Exception e6) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8050, Exception=").append(e6).toString());
                str6 = "<invalid subject ou>";
            }
            try {
                str7 = x500Name2.getOrganization();
            } catch (Exception e7) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8060, Exception=").append(e7).toString());
                str7 = "<invalid subject origination name>";
            }
            try {
                str8 = x500Name2.getCountry();
            } catch (Exception e8) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 8070, Exception=").append(e8).toString());
                str8 = "<invalid subject country name>";
            }
            DNItem dNItem = new DNItem(str, str2, str3, str4);
            DNItem dNItem2 = new DNItem(str5, str6, str7, str8);
            AlgorithmId algorithmId = (AlgorithmId) x509CertImpl.get(X509CertImpl.SIG_ALG);
            CertificateExtensions certificateExtensions = (CertificateExtensions) ((X509CertInfo) x509CertImpl.get(X509CertInfo.IDENT)).get("extensions");
            if (certificateExtensions != null) {
                KMUtil.debugMsg("CMSKeyStoreSpi::parseCertificate() 0200");
                DerOutputStream derOutputStream = new DerOutputStream();
                certificateExtensions.encode(derOutputStream);
                certificateItem = new CertificateItem((short) ((X509Certificate) certificate).getVersion(), (short) bitLength, ((X509Certificate) certificate).getSerialNumber().toString(), dNItem, dNItem2, ((X509Certificate) certificate).getNotBefore(), ((X509Certificate) certificate).getNotAfter(), new BERObject(certificate.getPublicKey().getEncoded()), new BERObject(derOutputStream.toByteArray()), ((X509Certificate) certificate).getSignature(), new BERObject(algorithmId.encode()), x509CertImpl.getSigAlgOID(), x509CertImpl.getSigAlgName(), bArr);
            } else {
                KMUtil.debugMsg("CMSKeyStoreSpi::parseCertificate() 0300");
                certificateItem = new CertificateItem((short) ((X509Certificate) certificate).getVersion(), (short) bitLength, ((X509Certificate) certificate).getSerialNumber().toString(), dNItem, dNItem2, ((X509Certificate) certificate).getNotBefore(), ((X509Certificate) certificate).getNotAfter(), new BERObject(certificate.getPublicKey().getEncoded()), null, ((X509Certificate) certificate).getSignature(), new BERObject(algorithmId.encode()), x509CertImpl.getSigAlgOID(), x509CertImpl.getSigAlgName(), bArr);
            }
            KMUtil.debugMsg("CMSKeyStoreSpi::parseCertificate() 9999");
            return certificateItem;
        } catch (IOException e9) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 9999-1, IOException=").append(e9).toString());
            throw new KeyStoreException("IOException");
        } catch (NoSuchAlgorithmException e10) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 9999-4, NoSuchAlgorithmException=").append(e10).toString());
            throw new KeyStoreException(KMSystem.getNLSErrString("GSKKM_ERR_UNDEFINED_KEY_TYPE"));
        } catch (CertificateEncodingException e11) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 9999-3, CertificateEncodingException=").append(e11).toString());
            throw new KeyStoreException(e11.getMessage());
        } catch (CertificateException e12) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 9999-5, CertificateException=").append(e12).toString());
            throw new KeyStoreException(KMSystem.getNLSErrString("GSKKM_ERR_X509"));
        } catch (InvalidKeySpecException e13) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::parseCertificate() 9999-2, InvalidKeySpecException=").append(e13).toString());
            throw new KeyStoreException(e13.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (engineContainsAlias(str)) {
            if (!engineIsCertificateEntry(str)) {
                throw new KeyStoreException("Alias already exists and is not a trusted entry");
            }
            engineDeleteEntry(str);
        }
        KeyItem keyItem = new KeyItem();
        keyItem.setKeyLabel(str);
        if (certificate != null) {
            try {
                byte[] encoded = certificate.getEncoded();
                new CertificateItem(encoded);
                keyItem.addCertificate(parseCertificate(certificate, encoded));
                keyItem.setTrusted(true);
            } catch (CMSKeyDatabaseException e) {
                String errKey = CMSKeyDatabaseException.getErrKey(e.getErrCode());
                if (errKey.equals("GSKKM_ERR_DATABASE_DUPLICATE_KEY")) {
                    throw new CertificateAlreadyExistsException("Certificate already exists in the key database");
                }
                if (!errKey.equals("GSKKM_ERR_INVALID_CERT_CHAIN")) {
                    throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e.toString()).toString());
                }
                throw new KeyStoreException("INVALID_CERT_CHAIN");
            } catch (KMException e2) {
                if (!e2.getErrCodeName().equals("GSKKM_ERR_IO")) {
                    throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e2.toString()).toString());
                }
                throw new KeyStoreException("User canceled");
            } catch (KeyStoreException e3) {
                throw new KeyStoreException(new StringBuffer().append("An ASN1Exception occurred: ").append(e3.getMessage()).toString());
            } catch (Exception e4) {
                throw new KeyStoreException(new StringBuffer().append("Key Insertion Failed: ").append(e4.toString()).toString());
            }
        }
        if (this.type == 1) {
            this.cmsKeyDatabase.insertKey(keyItem);
        } else if (this.type == 2) {
            this.msCertificateStore.importCertificate(keyItem);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        try {
            if (this.type == 1) {
                this.cmsKeyDatabase.deleteKeyByLabel(str);
            } else if (this.type == 2) {
                this.msCertificateStore.deleteKeyItemByLabel(str);
            }
        } catch (KMException e) {
            if (!e.getErrCodeName().equals("GSKKM_ERR_IO")) {
                throw new KeyStoreException(new StringBuffer().append("Insertion error ").append(e.toString()).toString());
            }
            throw new KeyStoreException("User canceled");
        } catch (Exception e2) {
            throw new KeyStoreException(e2.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineAliases() 0000");
        Enumeration enumeration = null;
        try {
            if (this.type == 1) {
                this.cmsKeyDatabase.buildKeyLabelList();
            } else if (this.type == 2) {
                this.msCertificateStore.buildKeyLabelList();
            }
        } catch (Exception e) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineAliases() 8000, Exception=").append(e).toString());
        }
        Vector vector = new Vector(engineSize());
        if (this.type == 1) {
            enumeration = this.cmsKeyDatabase.getKeyLabelList().elements();
        } else if (this.type == 2) {
            enumeration = this.msCertificateStore.getKeyLabelList().elements();
        }
        while (enumeration.hasMoreElements()) {
            try {
                vector.add((String) enumeration.nextElement());
            } catch (Exception e2) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineAliases() 8050, Exception=").append(e2).toString());
            }
        }
        if (this.type == 1 && this.cmsKeyDatabase.getReqKeyLabelList() != null) {
            Enumeration elements = this.cmsKeyDatabase.getReqKeyLabelList().elements();
            while (elements.hasMoreElements()) {
                vector.add((String) elements.nextElement());
            }
        }
        KMUtil.debugMsg("CMSKeyStoreSpi::engineAliases() 9999");
        return vector.elements();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        try {
            if (this.type == 1) {
                return this.cmsKeyDatabase.getKeyLabelList().contains(str);
            }
            if (this.type == 2) {
                return this.msCertificateStore.getKeyLabelList().contains(str);
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        try {
            if (this.type == 1) {
                this.cmsKeyDatabase.buildKeyLabelList();
                return this.cmsKeyDatabase.getKeyLabelList().size();
            }
            if (this.type != 2) {
                return -1;
            }
            this.msCertificateStore.buildKeyLabelList();
            return this.msCertificateStore.getKeyLabelList().size();
        } catch (Exception e) {
            return -1;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineIsKeyEntry 0000, alias=").append(str).toString());
        boolean z = false;
        if (this.type == 1) {
            z = this.cmsKeyDatabase.isPrivateKeyPresent(str);
        } else if (this.type == 2) {
            z = this.msCertificateStore.getPersonalKeyLabelList().contains(str);
        }
        KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineIsKeyEntry 9999, isKeyEntry=").append(z).toString());
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        if (!engineContainsAlias(str)) {
            return false;
        }
        if (this.type != 1) {
            return true;
        }
        try {
            return this.cmsKeyDatabase.getKeyItemByLabel(str).isTrusted();
        } catch (Exception e) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            return (String) null;
        }
        try {
            Vector vector = null;
            byte[] encoded = (certificate instanceof X509CertImpl ? (X509CertImpl) certificate : new X509CertImpl(certificate.getEncoded())).getPublicKey().getEncoded();
            if (encoded == null) {
                return (String) null;
            }
            if (this.type == 1) {
                vector = this.cmsKeyDatabase.getKeyItemsByPublicKey(new BERObject(encoded));
            } else if (this.type == 2) {
                vector = this.msCertificateStore.getKeyItemsByPublicKey(new BERObject(encoded));
            }
            KeyItem keyItem = (KeyItem) vector.elementAt(0);
            return keyItem != null ? keyItem.getKeyLabel() : (String) null;
        } catch (Exception e) {
            return (String) null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (this.type != 1 || outputStream == null) {
            return;
        }
        if (cArr != null) {
            try {
                if (!this.keyDBPassword.equals(new String(cArr))) {
                    this.keyDBPassword = new String(cArr);
                    this.cmsKeyDatabase.changeKeyDbPwd(this.keyDBPassword, 0L);
                }
            } catch (Exception e) {
                throw new IOException("Error in password changing");
            }
        }
        this.cmsKeyDatabase.save();
        FileInputStream fileInputStream = new FileInputStream(this.writeFile);
        while (true) {
            int read = fileInputStream.read();
            if (read == -1) {
                return;
            } else {
                outputStream.write(read);
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad() 0000");
        if (inputStream == null && cArr == null) {
            this.initialized = true;
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad() 9999-1");
            return;
        }
        this.type = 1;
        try {
            engineLoadCMS(inputStream, null, null, cArr);
            this.initialized = true;
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad() 9999");
        } catch (IOException e) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoad() 9999-2, IOException=").append(e).toString());
            throw e;
        } catch (NoSuchAlgorithmException e2) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoad() 9999-3, NoSuchAlgorithmException=").append(e2).toString());
            throw e2;
        } catch (CertificateException e3) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoad() 9999-4, CertificateException=").append(e3).toString());
            throw e3;
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineLoad(String str, String str2) throws IOException {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad(aCspName) 0000");
        if (str == null || str2 == null) {
            this.initialized = true;
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad(aCspName) 9999-1");
            throw new IOException("Null MSCSP arguments");
        }
        this.type = 2;
        if (str != null && str.length() == 0) {
            str = null;
        }
        this.cspName = str;
        this.keyDBPassword = str2;
        try {
            this.msCertificateStore = new MSCertificateStore(str, str2);
            this.msCertificateStore.open();
            this.initialized = true;
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoad(aCspName) 9999");
        } catch (Exception e) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoad(aCspName) 9999-2, Exception=").append(e).toString());
            throw new IOException("Error opening MSCSP");
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public boolean engineIsDefaultKeyEntry(String str) {
        try {
            KeyItem keyItemByLabel = this.cmsKeyDatabase.getKeyItemByLabel(str);
            if (keyItemByLabel != null) {
                return keyItemByLabel.isDefault();
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public String engineGetDefaultKeyEntry() throws KeyStoreException {
        try {
            KeyItem defaultKeyItem = this.cmsKeyDatabase.getDefaultKeyItem();
            if (defaultKeyItem != null) {
                return defaultKeyItem.getKeyLabel();
            }
            return null;
        } catch (Exception e) {
            if (e.getMessage().equals(KMSystem.getNLSErrString("GSKKM_ERR_CMN_KEYDB_GET_DEFAULT_KEY"))) {
                return null;
            }
            throw new KeyStoreException(new StringBuffer().append("An error occured while extracting the default KeyItem: ").append(e.getMessage()).toString());
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineSetDefaultKeyEntry(String str) throws KeyStoreException {
        try {
            this.cmsKeyDatabase.setDefaultKey(str);
        } catch (Exception e) {
            throw new KeyStoreException("Error setting default key");
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public boolean engineIsSiteCertificateEntry(String str) throws KeyStoreException {
        return false;
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineSetSiteCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineLoadFromClass(InputStream inputStream, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException {
        throw new NoSuchAlgorithmException("CMS does not support loading from a class");
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineStoreAsClass(OutputStream outputStream, char[] cArr, String str) throws IOException, CertificateException, NoSuchAlgorithmException {
        throw new NoSuchAlgorithmException("CMS does not support storing to a class");
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public boolean isInitialized() {
        return this.initialized;
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineLoadCMS(InputStream inputStream, InputStream inputStream2, InputStream inputStream3, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 0000");
        this.type = 1;
        if (!this.writeFile.canWrite()) {
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 9999-1");
            throw new IOException("Cannot write to the temp file.");
        }
        this.writeFile.delete();
        this.rdbFile.delete();
        this.crlFile.delete();
        if (cArr == null) {
            KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 9999-2");
            throw new IOException("Password invalid, CMS *requires* password to load.");
        }
        this.keyDBPassword = new String(cArr);
        if (inputStream != null) {
            try {
                if (inputStream instanceof FileInputStream) {
                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoadCMS() 0010, fdOfKdb=").append(((FileInputStream) inputStream).getFD().toString()).toString());
                } else {
                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoadCMS() 0015, kdbStream=").append(inputStream.toString()).toString());
                }
                FileOutputStream fileOutputStream = new FileOutputStream(this.writeFile);
                while (true) {
                    int read = inputStream.read();
                    if (read == -1) {
                        break;
                    } else {
                        fileOutputStream.write(read);
                    }
                }
                fileOutputStream.close();
                inputStream.close();
                if (inputStream2 != null) {
                    FileOutputStream fileOutputStream2 = new FileOutputStream(this.rdbFile);
                    while (true) {
                        int read2 = inputStream2.read();
                        if (read2 == -1) {
                            break;
                        } else {
                            fileOutputStream2.write(read2);
                        }
                    }
                    fileOutputStream2.close();
                    inputStream2.close();
                }
                if (inputStream3 != null) {
                    FileOutputStream fileOutputStream3 = new FileOutputStream(this.crlFile);
                    while (true) {
                        int read3 = inputStream3.read();
                        if (read3 == -1) {
                            break;
                        } else {
                            fileOutputStream3.write(read3);
                        }
                    }
                    fileOutputStream3.close();
                    inputStream3.close();
                }
            } catch (KMException e) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoadCMS() 8000, KMException=").append(e).toString());
                if (e.getErrCodeName().equals("GSKKM_ERR_PASSWORD_EXPIRATION_TIME")) {
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 9999-3");
                    throw new IOException(KMSystem.getNLSErrString("GSKKM_ERR_PASSWORD_EXPIRATION_TIME"));
                }
                KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 9999-4");
                throw new IOException(new StringBuffer().append("Error opening database from file ").append(this.writeFile.getPath()).append(e.toString()).toString());
            } catch (Exception e2) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineLoadCMS() 9999-5, KMException=").append(e2).toString());
                throw new IOException(new StringBuffer().append("Error opening database from file ").append(this.writeFile.getPath()).append(e2.toString()).toString());
            }
        }
        if (this.cmsKeyDatabase != null) {
            this.cmsKeyDatabase.close();
            this.cmsKeyDatabase.setKeyDbFileName(this.writeFile.getPath());
        } else {
            this.cmsKeyDatabase = new CMSKeyDatabase(this.writeFile.getPath(), this.keyDBPassword);
        }
        if (inputStream == null) {
            this.cmsKeyDatabase.create();
            Vector keyLabelList = this.cmsKeyDatabase.getKeyLabelList();
            String[] strArr = new String[30];
            for (int i = 0; i < keyLabelList.size(); i++) {
                strArr[i] = (String) keyLabelList.elementAt(i);
            }
            for (String str : strArr) {
                this.cmsKeyDatabase.deleteKeyByLabel(str);
            }
        } else {
            this.cmsKeyDatabase.open();
        }
        this.initialized = true;
        KMUtil.debugMsg("CMSKeyStoreSpi::engineLoadCMS() 9999");
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineStoreCMS(OutputStream outputStream, OutputStream outputStream2, OutputStream outputStream3, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        KMUtil.debugMsg("CMSKeyStoreSpi::engineStoreCMS() 0000");
        if (outputStream == null) {
            KMUtil.debugMsg("CMSKeyStoreSpi::engineStoreCMS() 9999-1");
            return;
        }
        if (cArr != null) {
            try {
                if (!this.keyDBPassword.equals(new String(cArr))) {
                    this.keyDBPassword = new String(cArr);
                    this.cmsKeyDatabase.changeKeyDbPwd(this.keyDBPassword, 0L);
                }
            } catch (Exception e) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineStoreCMS() 9999-2, Exception=").append(e).toString());
                throw new IOException("Error in password changing");
            }
        }
        try {
            KMUtil.debugMsg("CMSKeyStoreSpi::engineStoreCMS() 0100");
            this.cmsKeyDatabase.save();
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineStoreCMS() 0110, kdb filename=").append(this.writeFile.getName()).toString());
            FileInputStream fileInputStream = new FileInputStream(this.writeFile);
            KMUtil.debugMsg("CMSKeyStoreSpi::engineStoreCMS() 0120");
            while (true) {
                int read = fileInputStream.read();
                if (read == -1) {
                    break;
                } else {
                    outputStream.write(read);
                }
            }
            if (outputStream2 != null && this.rdbFile.exists()) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineStoreCMS() 0150, rdb filename=").append(this.rdbFile.getName()).toString());
                FileInputStream fileInputStream2 = new FileInputStream(this.rdbFile);
                while (true) {
                    int read2 = fileInputStream2.read();
                    if (read2 == -1) {
                        break;
                    } else {
                        outputStream2.write(read2);
                    }
                }
            }
            if (outputStream3 != null && this.crlFile.exists()) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineStoreCMS() 0160, crl filename=").append(this.crlFile.getName()).toString());
                FileInputStream fileInputStream3 = new FileInputStream(this.crlFile);
                while (true) {
                    int read3 = fileInputStream3.read();
                    if (read3 == -1) {
                        break;
                    } else {
                        outputStream3.write(read3);
                    }
                }
            }
            KMUtil.debugMsg("CMSKeyStoreSpi::engineStoreCMS() 9999");
        } catch (Exception e2) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineStoreCMS() 9999-3, Exception=").append(e2).toString());
            throw new IOException(e2.toString());
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineSetExpireTime(long j) throws KeyStoreException, NoSuchAlgorithmException {
        try {
            this.cmsKeyDatabase.changeKeyDbPwd(new StringBuffer().append(this.keyDBPassword).append("tmp").toString(), j);
            this.cmsKeyDatabase.changeKeyDbPwd(this.keyDBPassword, j);
        } catch (Exception e) {
            throw new KeyStoreException(e.toString());
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public boolean engineIsCertReqEntry(String str) {
        Vector reqKeyLabelList = this.cmsKeyDatabase.getReqKeyLabelList();
        if (reqKeyLabelList == null) {
            return false;
        }
        return reqKeyLabelList.contains(str);
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineSetCertReqEntry(String str, CertificationRequest certificationRequest, Key key) throws KeyStoreException {
        KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetCertReqEntry 0000, alias=").append(str).toString());
        if (!key.getAlgorithm().equals("RSA")) {
            throw new KeyStoreException("Algorithm not RSA.");
        }
        if (!key.getFormat().equals("PKCS#8")) {
            throw new KeyStoreException("This key does not support encoding to PKCS#8");
        }
        KeyItem keyItem = null;
        try {
            try {
                CertificateRequestItem certificateRequestItem = new CertificateRequestItem(certificationRequest.encode());
                try {
                    try {
                        keyItem = new KeyItem(str, (short) 1, certificateRequestItem.getKeySize(), this.cmsKeyDatabase.encryptPrivateKey(new PrivateKeyInfoItem(key.getEncoded())), certificateRequestItem, null);
                    } catch (Exception e) {
                        KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetCertReqEntry 8090, Exception=").append(e).toString());
                    }
                    this.cmsKeyDatabase.insertKey(keyItem);
                    KMUtil.debugMsg("CMSKeyStoreSpi::engineSetCertReqEntry 9999");
                } catch (Exception e2) {
                    KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetCertReqEntry 8080, Exception=").append(e2).toString());
                    throw new KeyStoreException(new StringBuffer().append("Error during encryption of PKCS#8 ").append(e2.toString()).toString());
                }
            } catch (Exception e3) {
                KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetCertReqEntry 8060, Exception=").append(e3).toString());
                throw new KeyStoreException(e3.toString());
            }
        } catch (Exception e4) {
            KMUtil.debugMsg(new StringBuffer().append("CMSKeyStoreSpi::engineSetCertReqEntry 8100, Exception=").append(e4).toString());
            throw new KeyStoreException(KMSystem.getNLSErrString("GSKKM_ERR_DATABASE_DUPLICATE_KEY_LABEL"));
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public CertificationRequest engineGetCertReqEntry(String str) throws KeyStoreException {
        try {
            return new CertificationRequest(this.cmsKeyDatabase.getKeyItemByLabel(str).getCertificateRequestItem().getEncoded());
        } catch (Exception e) {
            throw new KeyStoreException(e.toString());
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public boolean engineIsTrusted(String str) {
        boolean z = false;
        try {
            z = this.cmsKeyDatabase.getKeyItemByLabel(str).isTrusted();
        } catch (Exception e) {
        }
        return z;
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineSetTrusted(String str, boolean z) {
        try {
            this.cmsKeyDatabase.setKeyTrust(str, z);
        } catch (Exception e) {
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineStashKeydbPwd(OutputStream outputStream) throws IOException, NoSuchAlgorithmException {
        if (outputStream == null) {
            return;
        }
        try {
            File file = new File(new StringBuffer().append(this.writeFile.getPath().substring(0, this.writeFile.getPath().lastIndexOf(46) + 1)).append("sth").toString());
            CMSKeyDatabase.stashKeyDbPwd(this.cmsKeyDatabase.getKeyDbFileName(), this.cmsKeyDatabase.getKeyDbPwd());
            FileInputStream fileInputStream = new FileInputStream(file);
            while (true) {
                int read = fileInputStream.read();
                if (read == -1) {
                    return;
                } else {
                    outputStream.write(read);
                }
            }
        } catch (Exception e) {
        }
    }

    @Override // com.ibm.spi.IBMKeyStoreSpi
    public void engineCreateNewSelfSignedCertificate(int i, String str, int i2, DNItem dNItem, int i3, int i4, Vector vector) throws KeyStoreException {
        try {
            if (this.type == 1) {
                this.cmsKeyDatabase.createNewSelfSignedCertificate(i, str, false, i2, dNItem, i3, i4, null, true, vector);
            } else if (this.type == 2) {
                this.msCertificateStore.createNewSelfSignedCertificate(i, str, i2, dNItem, i3, i4, vector);
            }
        } catch (Exception e) {
            throw new KeyStoreException(e.toString());
        }
    }
}
