package com.ibm.mq.ese.config;

import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.core.SecurityProvider;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.mq.ese.pki.AbstractKeyStoreAccess;
import com.ibm.mq.ese.pki.CompositeKeyStoreAccess;
import com.ibm.mq.ese.pki.KeyStoreAccessFactory;
import com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl;
import com.ibm.mq.ese.util.ConfFile;
import com.ibm.mq.ese.util.DuplicateKeyException;
import com.ibm.mq.ese.util.PathResolver;
import com.ibm.msg.client.commonservices.nls.NLSServices;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Properties;
import java.util.regex.Pattern;

/* loaded from: input_file:lib/com.ibm.mq.jmqi.jar:com/ibm/mq/ese/config/KeyStoreConfigProtector.class */
public class KeyStoreConfigProtector {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-R36, 5724-L26, 5655-L82, 5724-Z94 (c) Copyright IBM Corp. 2010, 2012 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    public static final String sccsid = "@(#) MQMBID sn=p750-004-140807 su=_pY8W4B4HEeS1ypf5zzZGLw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/config/KeyStoreConfigProtector.java";
    private static final String javaClassPath = "java.class.path";
    private static final String pathSeparator;
    private static final String jmqiJar = "com.ibm.mq.jmqi.jar";

    public static void main(String[] strArr) throws AMBIException, IOException {
        if (strArr.length != 2) {
            printUsage();
            System.exit(1);
        }
        String str = strArr[0];
        String str2 = strArr[1];
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0) {
            printUsage();
            System.exit(2);
        }
        KeyStoreConfig readKeystoreConf = readKeystoreConf();
        if (readKeystoreConf == null || readKeystoreConf.getType() == null) {
            printUsage();
            System.exit(3);
        }
        SecurityProvider.init();
        readKeystoreConf.setKeyStorePassword(str.toCharArray());
        readKeystoreConf.setPrivKeyPassword(str2.toCharArray());
        readKeystoreConf.setPasswordsProtected(false);
        KeyStoreAccess keyStoreAccessFactory = KeyStoreAccessFactory.getInstance(readKeystoreConf);
        if (keyStoreAccessFactory == null) {
            printUsage();
            System.exit(4);
        }
        char[] cArr = new char[readKeystoreConf.getKeyStorePassword().length];
        System.arraycopy(readKeystoreConf.getKeyStorePassword(), 0, cArr, 0, cArr.length);
        if (keyStoreAccessFactory instanceof Lifecycle) {
            ((Lifecycle) keyStoreAccessFactory).init();
        }
        AbstractKeyStoreAccess abstractKeyStoreAccess = (AbstractKeyStoreAccess) keyStoreAccessFactory;
        if (keyStoreAccessFactory instanceof CompositeKeyStoreAccess) {
            KeyStoreAccess primaryKeyStore = ((CompositeKeyStoreAccess) keyStoreAccessFactory).getPrimaryKeyStore();
            if (!(primaryKeyStore instanceof KeyStoreAccessPKCS11Impl)) {
                printUsage();
                System.exit(6);
            }
            abstractKeyStoreAccess = (AbstractKeyStoreAccess) primaryKeyStore;
        }
        String[] strArr2 = {abstractKeyStoreAccess.encryptPassword(cArr), abstractKeyStoreAccess.encryptPassword(readKeystoreConf.getPrivKeyPassword())};
        String str3 = null;
        if (!(keyStoreAccessFactory instanceof KeyStoreAccessPKCS11Impl)) {
            display(readKeystoreConf, strArr2[0], strArr2[1], null);
            return;
        }
        char[] secondaryKeyStorePass = readKeystoreConf.getSecondaryKeyStorePass();
        if (secondaryKeyStorePass != null) {
            str3 = abstractKeyStoreAccess.encryptPassword(secondaryKeyStorePass);
        }
        displayPKCS11(readKeystoreConf, strArr2[0], str3);
    }

    private static String escapeWhitespaces(String str) {
        if (!str.contains(" ")) {
            return str;
        }
        if (!pathSeparator.equals(";")) {
            return str.replaceAll(Pattern.quote(" "), "\\ ");
        }
        return "\"" + str + "\"";
    }

    private static void printUsage() {
        String[] split = System.getProperty(javaClassPath).split(pathSeparator);
        String str = jmqiJar;
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String trim = split[i].trim();
            if (trim.endsWith(jmqiJar)) {
                str = escapeWhitespaces(trim);
                break;
            }
            i++;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, str);
        System.out.println(NLSServices.getMessage(AmsErrorMessages.mjc_keystoreprotect_usage, (HashMap<String, ? extends Object>) hashMap));
    }

    private static KeyStoreConfig readKeystoreConf() throws IOException, ConfigException {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    FileInputStream fileInputStream2 = new FileInputStream(PathResolver.getKeystorePath());
                    ConfFile confFile = new ConfFile();
                    confFile.load(fileInputStream2);
                    KeyStoreConfig keyStoreConfig = new KeyStoreConfig(confFile);
                    if ((KeyStoreConfig.KeystoreType.KEYSTORE_JCEKS.equals(keyStoreConfig.getType()) || KeyStoreConfig.KeystoreType.KEYSTORE_JKS.equals(keyStoreConfig.getType())) && (keyStoreConfig.getKeyStorePath() == null || keyStoreConfig.getKeyStorePath().length() == 0)) {
                        throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties);
                    }
                    if (keyStoreConfig.getAlias() == null || keyStoreConfig.getAlias().length() == 0) {
                        HashMap hashMap = new HashMap();
                        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, keyStoreConfig.getKeyStorePath());
                        throw new ConfigException(AmsErrorMessages.mju_keystore_aliases_not_found, (HashMap<String, ? extends Object>) hashMap);
                    }
                    if (fileInputStream2 != null) {
                        fileInputStream2.close();
                    }
                    return keyStoreConfig;
                } catch (IOException e) {
                    throw new ConfigException(AmsErrorMessages.mju_cannot_read_keystore_properties, e);
                }
            } catch (DuplicateKeyException e2) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CONFIG_KEY, e2.getKey());
                throw new ConfigException(AmsErrorMessages.mqo_s_usermap_error_duplicate_key, hashMap2, e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private static void display(KeyStoreConfig keyStoreConfig, String str, String str2, String str3) throws IOException {
        Properties properties = new Properties();
        properties.setProperty(keyStoreConfig.getType() + ".keystore_pass", str);
        properties.setProperty(keyStoreConfig.getType() + ".key_pass", str2);
        if (str3 != null) {
            properties.setProperty(keyStoreConfig.getType() + ".secondary_keystore_pass", str3);
        }
        System.out.println();
        properties.store(System.out, (String) null);
        System.out.println(keyStoreConfig.getType() + ".encrypted=yes");
    }

    private static void displayPKCS11(KeyStoreConfig keyStoreConfig, String str, String str2) throws IOException {
        Properties properties = new Properties();
        properties.setProperty(keyStoreConfig.getType() + ".token_pin", str);
        if (str2 != null) {
            properties.setProperty(keyStoreConfig.getType() + ".secondary_keystore_pass", str2);
        }
        System.out.println();
        properties.store(System.out, (String) null);
        System.out.println(keyStoreConfig.getType() + ".encrypted=yes");
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.config.KeyStoreConfigProtector", "static", "SCCS id", (Object) sccsid);
        }
        pathSeparator = System.getProperty("path.separator");
    }
}
