package com.ibm.ws.ssl.utils;

import com.ibm.ejs.ras.ManagerAdmin;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.PkEeCertReqFactory;
import com.ibm.security.certclient.PkEeCertReqTransaction;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.messaging.admin.command.WMQActSpecCreateCmd;
import com.ibm.ws.sm.validation.CompositeValidator;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStore;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.wsspi.ssl.WSPKIClient;
import com.ibm.wsspi.ssl.WSPKIException;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.StringTokenizer;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/ibm/ws/ssl/utils/CertificateAuthorityAction.class */
public class CertificateAuthorityAction {
    private static TraceComponent tc = Tr.register((Class<?>) CertificateAuthorityAction.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static final String DEFAULT_TRACE_FILE = "caClient.log";
    private static final String createOpt = "create";
    private static final String revokeOpt = "revoke";
    private static final String queryOpt = "query";
    private static final String requestOpt = "request";
    private static final String clientImplClassOpt = "-pkiImplClass";
    private static final String hostOpt = "-host";
    private static final String portOpt = "-port";
    private static final String userIDOpt = "-username";
    private static final String passwordOpt = "-password";
    private static final String aliasOpt = "-alias";
    private static final String keyStoreAliasOpt = "-keyStoreAlias";
    private static final String customAttrsOpt = "-customAttrs";
    private static final String certReqPathOpt = "-certReqPath";
    private static final String revocationPasswordOpt = "-revocationPassword";
    private static final String revocationReasonOpt = "-revocationReason";
    private static final String queryIntervalOpt = "-retryInterval";
    private static final String queryLimitOpt = "-retryLimit";
    private static final String subjectDNOpt = "-subjectDN";
    private static final String keySizeOpt = "-keySize";
    private static final String subjectAltNamesOpt = "-subjectAltNames";
    private static final String keyUsageOpt = "-keyUsage";
    private static final String extKeyUsageOpt = "-extKeyUsage";
    private static final String logFileOpt = "-logFile";
    private static final String replaceLogOpt = "-replaceLog";
    private static final String helpOpt = "-help";
    private static final String helpQOpt = "?";
    private static final String quietOpt = "-quiet";
    private static final String traceOpt = "-trace";
    private static final String HELP_INFO_REQUEST = "\nRequest Usage: requestCertificate -host <caHost> -port <caPort> -username <caUserName> -password <caPassword> -revocationPassword <revocationPassword> -keyStoreAlias <keyStoreAlias> -pkiImplClass <customCAClient>  [options]     \n\n        options: [-certReqPath <certificateRequestFile> {-subjectDN <subjectDN>} {-alias <storeAsAlias>}] [-keySize <key size>] [-subjectAltNames <altName1;altName2;...>] [-keyUsage <keyUse1;keyUse2;...>] [-extKeyUsage <extKeyUse1;extKeyUse2;...>] [-customAttrs <customAttr1=value;customAttr2=value;...>] [-retryInterval <retry interval>] [-retryLimit <retry limit>] [-logFile <filename>] [-trace] [-replaceLog] [-quiet] [-help]\n\n";
    private static final String HELP_INFO_REVOKE = "\nRevoke Usage: revokeCertificate -host <caHost> -port <caPort> -username <caUserName> -password <caPassword> -keyStoreAlias <keyStoreAlias> -alias <certificateAlias> -revocationPassword <revocationPassword> -pkiImplClass <customCAClient> [options]\n\n        options: [-revocationReason <reason>] [-customAttrs <customAttr1=value;customAttr2=value;...>] [-logFile <filename>] [-trace] [-replaceLog] [-quiet] [-help]\n";
    private static final String HELP_INFO_QUERY = "\nQuery Usage: queryCertificate -host <caHost> -port <caPort> -username <caUserName> -password <caPassword> -alias <certificateAlias> -keyStoreAlias <keyStoreAlias> -pkiImplClass <customCAClient>  [options]\n\n\n        options: [-customAttrs <customAttr1=value;customAttr2=value;...>] [-retryInterval <retry interval>] [-retryLimit <retry limit>] [-logFile <filename>] [-trace] [-replaceLog] [-quiet] [-help]\n";
    private static final String HELP_INFO_CREATE = "\nCreate Usage: createCertRequest -keyStoreAlias <keyStoreAlias> -subjectDN <subjectDN> -alias <certificateAlias>  [options]\n\n        options: [-certReqPath <certificateRequestFile>] [-keySize <key size>] [-subjectAltNames <altName1;altName2;...>] [-keyUsage <keyUse1;keyUse2;...>] [-extKeyUsage <extKeyUse1;extKeyUse2;...>] [-logFile <filename>] [-trace] [-replaceLog] [-quiet] [-help]\n";
    private static final String HELP_INFO_GENERIC = "\nUsage: You must specify a valid action [create, revoke, query, request]";
    public static final int MAX_MSG_LEN = 79;
    public static final String INDENT = "           ";
    private static final String DELIM = "-";
    private WSPKIClient customInstance = null;
    private String logFile = null;
    private String clientImplClass = null;
    private boolean create = false;
    private boolean revoke = false;
    private boolean query = false;
    private boolean request = false;
    private HashMap<String, Object> customAttrs = new HashMap<>();
    private List<String> subjectAltNames = new ArrayList();
    private List<String> keyUsage = new ArrayList();
    private List<String> extKeyUsage = new ArrayList();
    private long queryInterval = -1;
    private long queryRetryCount = -1;
    private String alias = null;
    private String subjectDN = null;
    private String keyStoreAlias = null;
    private String keyStorePassword = null;
    private String certReqPath = null;
    private String revocationPassword = null;
    private String revocationReason = null;
    private int keySize = -1;
    private int certValidity = -1;
    private boolean replaceLog = false;
    private boolean trace = false;
    private boolean help = false;
    private boolean quiet = false;
    private boolean isDoubleByteSystem = false;

    public static void main(String[] strArr) {
        System.exit(new CertificateAuthorityAction().execute(strArr));
    }

    private int execute(String[] strArr) {
        Class<?> cls;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "execute", new Object[]{strArr, this});
        }
        int i = 0;
        try {
            i = parseArguments(strArr);
            if (!this.help && i == 0) {
                if (this.clientImplClass != null) {
                    try {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Loading class: " + this.clientImplClass);
                        }
                        cls = Class.forName(this.clientImplClass);
                    } catch (ClassNotFoundException e) {
                        try {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Class not found, trying ContextClassLoader");
                            }
                            cls = Class.forName(this.clientImplClass, true, Thread.currentThread().getContextClassLoader());
                        } catch (ClassNotFoundException e2) {
                            try {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Class not found, trying ExtClassLoader");
                                }
                                cls = Class.forName(this.clientImplClass, true, ExtClassLoader.getInstance());
                            } catch (ClassNotFoundException e3) {
                                issueMessage("ssl.ca.client.custom.class.not.found", new Object[]{this.clientImplClass}, "CWPKI0406E: The custom PKI client implementation class \"" + this.clientImplClass + "\" could not be found");
                                return 3;
                            }
                        }
                    }
                    if (cls == null) {
                        issueMessage("ssl.ca.client.custom.class.not.found", new Object[]{this.clientImplClass}, "CWPKI0406E: The custom PKI client implementation class \"" + this.clientImplClass + "\" could not be found");
                        if (!tc.isEntryEnabled()) {
                            return 3;
                        }
                        Tr.exit(tc, "execute");
                        return 3;
                    }
                    Object newInstance = cls.newInstance();
                    if (!(newInstance instanceof WSPKIClient)) {
                        issueMessage("ssl.ca.client.custom.class.invalid", new Object[]{this.clientImplClass}, "CWPKI0407E: The custom PKI client implementation class \"" + this.clientImplClass + "\" is not an instance of com.ibm.ws.ssl.WSPKIClient");
                        if (!tc.isEntryEnabled()) {
                            return 3;
                        }
                        Tr.exit(tc, "execute");
                        return 3;
                    }
                    this.customInstance = (WSPKIClient) newInstance;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Custom class \"" + this.clientImplClass + "\" loaded successfully.");
                    }
                    try {
                        Provider[] providers = Security.getProviders();
                        int i2 = 0;
                        Provider provider = null;
                        int i3 = 0;
                        Provider provider2 = null;
                        for (int i4 = 0; i4 < providers.length; i4++) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Provider[" + i4 + "]: " + providers[i4].getName());
                            }
                            if (providers[i4].getName().equals("IBMJCE")) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "IBMJCE provider at position " + i4);
                                }
                                i2 = i4;
                                provider = providers[i4];
                            } else if (providers[i4].getName().equals(Constants.SUN_PROVIDER_NAME)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "SUN provider at position " + i4);
                                }
                                i3 = i4;
                                provider2 = providers[i4];
                            }
                        }
                        if (provider2 != null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Switching JCE and SUN providers in the provider list");
                            }
                            if (i3 >= 1) {
                                Security.removeProvider("IBMJCE");
                                Security.removeProvider(Constants.SUN_PROVIDER_NAME);
                                Security.insertProviderAt(provider, i3);
                                Security.insertProviderAt(provider2, i2);
                            }
                            Provider[] providers2 = Security.getProviders();
                            for (int i5 = 0; i5 < providers2.length; i5++) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Provider[" + i5 + "]: " + providers2[i5].getName() + ", info: " + providers2[i5].getInfo());
                                }
                            }
                        }
                        try {
                            this.customInstance.init(this.customAttrs);
                        } catch (WSPKIException e4) {
                            Tr.error(tc, "ssl.ca.client.error.init", new Object[]{e4});
                            issueMessage("ssl.ca.client.error.init", new Object[]{e4.getMessage()}, "The following error occurred while initializing the certificate authority implementation: " + e4.getMessage());
                            if (!tc.isEntryEnabled()) {
                                return 3;
                            }
                            Tr.exit(tc, "execute");
                            return 3;
                        }
                    } catch (Exception e5) {
                        Tr.warning(tc, "security.addprovider.error", new Object[]{e5});
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception caught reordering IBMJCE provider.", new Object[]{e5});
                        }
                        throw e5;
                    }
                }
                if (this.create) {
                    Tr.debug(tc, "Processing a CREATE request");
                    i = createPKCS10CertificateRequest();
                    if (i != 0) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "execute");
                        }
                        return i;
                    }
                }
                if (this.request) {
                    Tr.debug(tc, "Processing a REQUEST request");
                    try {
                        byte[] encode = new CertificationRequest(this.certReqPath, true).encode();
                        issueMessage("ssl.ca.cmp.impl.request.created", "CWPKI0425I: Requesting a CA signed certificate.");
                        try {
                            X509Certificate[] requestCertificate = this.customInstance.requestCertificate(encode, this.subjectDN != null ? new X500Principal(this.subjectDN) : null, this.revocationPassword.getBytes("UTF8"), this.customAttrs);
                            if (requestCertificate == null || requestCertificate[0] == null) {
                                issueMessage("ssl.ca.client.request.out.of.band", null, "The certificate returned from the CA is null.  The certificate request was not processed immediately and must be obtained out-of-band.");
                                requestCertificate = query();
                                if (requestCertificate == null || requestCertificate[0] == null) {
                                    if (!tc.isEntryEnabled()) {
                                        return 3;
                                    }
                                    Tr.exit(tc, "execute");
                                    return 3;
                                }
                            } else {
                                Tr.debug(tc, "Certificate successfully returned from the CA");
                            }
                            i = receiveCertificate(requestCertificate);
                            if (i != 0) {
                                Tr.info(tc, "ssl.ca.client.receive.failed");
                                issueMessage("ssl.ca.client.receive.failed", "The certifcate request was processed by the CA but failed to store in the keystore specified.  The certifcate will be revoked and a retry of the request is necessary.  Check the previous failure messages and correct the issue(s) before retrying the certifcate request");
                                try {
                                    this.customInstance.revokeCertificate(requestCertificate, this.revocationPassword.getBytes("UTF8"), "unspecified", this.customAttrs);
                                } catch (WSPKIException e6) {
                                    Tr.error(tc, "ssl.ca.client.error.revoke", new Object[]{e6});
                                    issueMessage("ssl.ca.client.error.revoke", new Object[]{e6.getMessage()}, "The following error occurred while revoking a CA signed certificate: " + e6.getMessage());
                                    i = 3;
                                }
                            } else {
                                issueMessage("ssl.ca.cmp.impl.certificate.received", new Object[]{this.keyStoreAlias, this.alias}, "Certificate received and stored in keystore \"" + this.keyStoreAlias + "\" as alias \"" + this.alias + "\"");
                                printCert(requestCertificate[0]);
                            }
                        } catch (Exception e7) {
                            Tr.error(tc, "ssl.ca.client.error.create", new Object[]{e7});
                            issueMessage("ssl.ca.client.error.create", new Object[]{e7.getMessage()}, "The following error occurred while creating a CA signed certificate: " + e7.getMessage());
                            i = 3;
                        }
                    } catch (IOException e8) {
                        Tr.error(tc, "ssl.ca.client.general.error", new Object[]{e8});
                        issueMessage("ssl.ca.client.general.error", new Object[]{e8.getMessage()}, "The following error is returned from an exception: " + e8.getMessage());
                        if (!tc.isEntryEnabled()) {
                            return 3;
                        }
                        Tr.exit(tc, "execute");
                        return 3;
                    }
                }
                if (this.revoke) {
                    Tr.debug(tc, "Processing a REVOKE request");
                    Certificate[] certificate = getCertificate();
                    if (certificate == null || certificate[0] == null) {
                        System.out.println("The certificate to be revoked is null");
                        if (!tc.isEntryEnabled()) {
                            return 3;
                        }
                        Tr.exit(tc, "execute");
                        return 3;
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[certificate.length];
                    for (int i6 = 0; i6 < certificate.length; i6++) {
                        x509CertificateArr[i6] = (X509Certificate) certificate[i6];
                    }
                    X509Certificate x509Certificate = x509CertificateArr[0];
                    issueMessage("ssl.ca.cmp.impl.revoke.request.created", "CWPKI0430I: Revoking a CA signed certificate.");
                    try {
                        this.customInstance.revokeCertificate(x509CertificateArr, this.revocationPassword.getBytes("UTF8"), this.revocationReason, this.customAttrs);
                        issueMessage("ssl.ca.cmp.impl.revoke.request.processed", new Object[]{this.alias, this.revocationReason}, "CWPKI0462I: Certificate revocation request for certificate alias \"" + this.alias + "\" initiated due to reason: " + this.revocationReason);
                        i = 0;
                    } catch (Exception e9) {
                        Tr.error(tc, "ssl.ca.client.error.revoke", new Object[]{e9});
                        issueMessage("ssl.ca.client.error.revoke", new Object[]{e9.getMessage()}, "The following error occurred while revoking a CA signed certificate: " + e9.getMessage());
                        i = 3;
                    }
                }
                if (this.query) {
                    Tr.debug(tc, "Processing a QUERY request");
                    try {
                        X509Certificate[] query = query();
                        if (query == null || query[0] == null) {
                            issueMessage("ssl.ca.client.request.out.of.band", null, "The certificate returned from the CA is null.  The certificate request was not processed immediately and must be obtained out-of-band using the queryCertificate command.");
                            if (!tc.isEntryEnabled()) {
                                return 3;
                            }
                            Tr.exit(tc, "execute");
                            return 3;
                        }
                        i = receiveCertificate(query);
                        if (i != 0) {
                            Tr.info(tc, "ssl.ca.client.receive.failed");
                            issueMessage("ssl.ca.client.receive.failed", "The certifcate request was processed by the CA but failed to store in the keystore specified.  The certifcate will be revoked and a retry of the request is necessary.  Check the previous failure messages and correct the issue(s) before retrying the certifcate request");
                            try {
                                this.customInstance.revokeCertificate(query, this.revocationPassword.getBytes("UTF8"), "unspecified", this.customAttrs);
                            } catch (WSPKIException e10) {
                                Tr.error(tc, "ssl.ca.client.error.revoke", new Object[]{e10});
                                issueMessage("ssl.ca.client.error.revoke", new Object[]{e10.getMessage()}, "The following error occurred while revoking a CA signed certificate: " + e10.getMessage());
                                i = 3;
                            }
                        } else {
                            issueMessage("ssl.ca.cmp.impl.certificate.received", "Certificate Received");
                            printCert(query[0]);
                        }
                    } catch (WSPKIException e11) {
                        Tr.error(tc, "ssl.ca.client.error.query", new Object[]{e11});
                        issueMessage("ssl.ca.client.error.query", new Object[]{e11.getMessage()}, "The following error occurred while revoking a CA signed certificate: " + e11.getMessage());
                        return 3;
                    }
                }
            }
        } catch (PkException e12) {
            Tr.error(tc, "ssl.ca.client.general.error", new Object[]{e12});
            Object[] objArr = new Object[1];
            objArr[0] = e12.getMessage() == null ? e12 : e12.getMessage();
            issueMessage("ssl.ca.client.general.error", objArr, "The following error is returned from an exception: " + e12.getMessage());
            Throwable wrappedException = e12.getWrappedException();
            if (wrappedException != null) {
                Object[] objArr2 = new Object[1];
                objArr2[0] = wrappedException.getMessage() == null ? wrappedException : wrappedException.getMessage();
                issueMessage("ssl.ca.client.general.error", objArr2, "The following error is returned from an exception: " + e12.getMessage());
            }
        } catch (Exception e13) {
            Tr.error(tc, "ssl.ca.client.general.error", new Object[]{e13});
            Object[] objArr3 = new Object[1];
            objArr3[0] = e13.getMessage() == null ? e13 : e13.getMessage();
            issueMessage("ssl.ca.client.general.error", objArr3, "The following error is returned from an exception: " + e13.getMessage());
            i = 3;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "execute");
        }
        return i;
    }

    private X509Certificate[] query() throws WSPKIException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, queryOpt);
        }
        try {
            byte[] encode = new CertificationRequest(CertificateRequestHelper.isKeyCertReq((X509Certificate) getCertificate()[0], this.alias), true).encode();
            X509Certificate[] x509CertificateArr = null;
            for (int i = 0; i < this.queryRetryCount; i++) {
                x509CertificateArr = this.customInstance.queryCertificate(encode, this.customAttrs);
                try {
                    Thread.sleep(this.queryInterval);
                } catch (InterruptedException e) {
                }
                if (x509CertificateArr != null) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, queryOpt, x509CertificateArr);
                    }
                    return x509CertificateArr;
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, queryOpt, x509CertificateArr);
            }
            return x509CertificateArr;
        } catch (Exception e2) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, queryOpt, null);
            return null;
        }
    }

    private Certificate[] getCertificate() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificate", this);
        }
        WSKeyStore keyStore = KeyStoreManager.getInstance().getKeyStore(this.keyStoreAlias);
        if (keyStore == null) {
            throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
        }
        if (keyStore.getKeyStore(false, false) == null) {
            throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
        }
        Object[] invokeKeyStoreCommand = keyStore.invokeKeyStoreCommand("containsAlias", new Object[]{this.alias});
        Object[] invokeKeyStoreCommand2 = keyStore.invokeKeyStoreCommand("isKeyEntry", new Object[]{this.alias});
        if (!((Boolean) invokeKeyStoreCommand[0]).booleanValue()) {
            throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.cert.does.not.exist", new Object[]{this.alias, this.keyStoreAlias}, "Certificate alias \\" + this.alias + "\" does not exist in key store \\" + this.keyStoreAlias + "\"."));
        }
        if (!((Boolean) invokeKeyStoreCommand2[0]).booleanValue()) {
            throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.not.personal.cert", new Object[]{this.alias}, "Certificate \"" + this.alias + "\" is not a personal certificate."));
        }
        Object[] invokeKeyStoreCommand3 = keyStore.invokeKeyStoreCommand("getCertificateChain", new Object[]{this.alias});
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificate");
        }
        return (Certificate[]) invokeKeyStoreCommand3[0];
    }

    private int receiveCertificate(X509Certificate[] x509CertificateArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "receiveCertificate");
        }
        try {
            WSKeyStore keyStore = KeyStoreManager.getInstance().getKeyStore(this.keyStoreAlias);
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr2[i] = x509CertificateArr[i];
            }
            if (keyStore == null) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
            }
            X509Certificate x509Certificate = null;
            if (keyStore.getKeyStore(false, false) == null) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
            }
            if (new Boolean(keyStore.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY)).booleanValue()) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getString("ssl.ca.client.keystore.readonly", "Unable to recieve the certificate because the keystore specified is read-only."));
            }
            Object[] invokeKeyStoreCommand = keyStore.invokeKeyStoreCommand("aliases", null);
            int i2 = 0;
            while (true) {
                if (i2 >= invokeKeyStoreCommand.length) {
                    break;
                }
                String str = (String) invokeKeyStoreCommand[i2];
                Object[] invokeKeyStoreCommand2 = keyStore.invokeKeyStoreCommand("isKeyEntry", new Object[]{str});
                X509Certificate x509Certificate2 = (X509Certificate) keyStore.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
                if (((Boolean) invokeKeyStoreCommand2[0]).booleanValue() && CertificateRequestHelper.isKeyCertReq(x509Certificate2, str) != null && x509CertificateArr[0].getPublicKey().equals(x509Certificate2.getPublicKey())) {
                    x509Certificate = x509Certificate2;
                    this.alias = str;
                    break;
                }
                i2++;
            }
            if (x509Certificate == null) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.cert.publickey.not.found", new Object[]{this.keyStoreAlias}, "Certificate with a public key matching the public key in the certificate from the Certificate Authority is not found in key store \"" + this.keyStoreAlias + "\"."));
            }
            Object[] invokeKeyStoreCommand3 = keyStore.invokeKeyStoreCommand("getKey", new Object[]{this.alias, this.keyStorePassword.toCharArray()});
            if (invokeKeyStoreCommand3 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Key entry is not found.");
                }
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.cert.key.not.exist.CWPKI0653E", new Object[]{this.alias}, "Failed to retrieve key for alias \"" + this.alias + "\" from the key store."));
            }
            Object[] objArr = new Object[4];
            objArr[0] = this.alias;
            objArr[1] = (Key) invokeKeyStoreCommand3[0];
            objArr[2] = this.keyStorePassword != null ? this.keyStorePassword.toCharArray() : null;
            objArr[3] = x509CertificateArr2;
            keyStore.invokeKeyStoreCommand("setKeyEntryOverwrite", objArr);
            if (!tc.isEntryEnabled()) {
                return 0;
            }
            Tr.exit(tc, "receiveCertificate");
            return 0;
        } catch (Exception e) {
            Tr.error(tc, "ssl.ca.client.general.error", new Object[]{e});
            issueMessage("ssl.ca.client.general.error", new Object[]{e.getMessage()}, "The following error is returned from an exception: " + e.getMessage());
            if (!tc.isEntryEnabled()) {
                return 3;
            }
            Tr.exit(tc, "receiveCertificate");
            return 3;
        }
    }

    private int createPKCS10CertificateRequest() throws Exception {
        String str;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPKCS10CertificateRequest");
        }
        issueMessage("ssl.ca.client.pkcs10.request.sending", "Generating a PKCS10 certificate request");
        String str2 = this.keyStoreAlias;
        String str3 = this.alias;
        int i = this.keySize;
        int i2 = this.certValidity;
        WSKeyStore keyStore = KeyStoreManager.getInstance().getKeyStore(str2);
        try {
            if (keyStore == null) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
            }
            if (keyStore.getKeyStore(false, false) == null) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.keystore.not.found", new Object[]{this.keyStoreAlias}, "The local keyStore specified as alias \"" + this.keyStoreAlias + "\" was not found on the client."));
            }
            if (keyStore.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY) != null && (keyStore.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY).equalsIgnoreCase("true") || keyStore.getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY).equalsIgnoreCase("yes"))) {
                throw new KeyStoreException(TraceNLSHelper.getInstance().getString("ssl.ca.client.keystore.readonly", "Unable to recieve the certificate because the keystore specified is read-only."));
            }
            String str4 = null;
            try {
                new X500Principal(this.subjectDN);
                if (!this.subjectDN.toUpperCase().startsWith("CN=")) {
                    throw new Exception();
                }
                if (this.subjectDN.indexOf(",") != -1) {
                    str = this.subjectDN.substring(0, this.subjectDN.indexOf(","));
                    str4 = this.subjectDN.substring(this.subjectDN.indexOf(",") + 1);
                } else {
                    str = this.subjectDN;
                }
                if (this.certReqPath == null) {
                    if (!keyStore.getProperty(Constants.SSLPROP_KEY_STORE_FILE_BASED).equals("true")) {
                        String property = System.getProperty(CompositeValidator.USER_INSTALL_ROOT_PROPERTY);
                        if (property == null || property.length() <= 0) {
                            property = System.getProperty("was.install.root");
                        }
                        this.certReqPath = property + File.separator + "etc";
                        File file = new File(this.certReqPath);
                        if (file.isDirectory()) {
                            File createTempFile = File.createTempFile("certReq", ".req", file);
                            this.certReqPath = createTempFile.getAbsolutePath();
                            createTempFile.delete();
                        }
                    } else {
                        if (keyStore.getLocation().equals("")) {
                            throw new FileNotFoundException("KeyStore file path cannot not be missing or null.");
                        }
                        File file2 = new File(keyStore.getLocation());
                        if (file2.getParentFile().isDirectory()) {
                            File createTempFile2 = File.createTempFile("certReq", ".req", file2.getParentFile());
                            this.certReqPath = createTempFile2.getAbsolutePath();
                            createTempFile2.delete();
                        }
                    }
                }
                Tr.debug(tc, "Certificate Request file path is: " + this.certReqPath);
                this.certReqPath = this.certReqPath.replace('\\', '/');
                String str5 = "file://" + this.certReqPath;
                ArrayList arrayList = new ArrayList();
                arrayList.add("certreq@us.ibm.com");
                arrayList.add("CERTREQUEST");
                arrayList.add(str5);
                if (this.subjectAltNames != null && this.subjectAltNames.isEmpty()) {
                    this.subjectAltNames = null;
                }
                if (this.keyUsage != null && this.keyUsage.isEmpty()) {
                    this.keyUsage = null;
                }
                if (this.extKeyUsage != null && this.extKeyUsage.isEmpty()) {
                    this.extKeyUsage = null;
                }
                Object[] invokeKeyStoreCommand = keyStore.invokeKeyStoreCommand("containsAlias", new Object[]{str3});
                ((Boolean) invokeKeyStoreCommand[0]).booleanValue();
                if (((Boolean) invokeKeyStoreCommand[0]).booleanValue()) {
                    throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.alias.exists", new Object[]{this.alias, str2}, "Certificate alias \"" + this.alias + "\" already exists in key store \"" + str2 + "\""));
                }
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "IBMJCE");
                keyPairGenerator.initialize(i, SecureRandom.getInstance("IBMSecureRandom", "IBMJCE"));
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                PkEeCertReqTransaction newCertRequest = PkEeCertReqFactory.newCertRequest(i, str, i2, true, false, this.subjectAltNames, this.keyUsage, this.extKeyUsage, (String) null, (String) null, str4, generateKeyPair);
                if (newCertRequest != null) {
                    Date date = new Date();
                    date.setTime(date.getTime() - 86400000);
                    PkSsCertificate newSsCert = PkSsCertFactory.newSsCert(i, this.subjectDN, i2, date, true, true, arrayList, (List) null, (List) null, "IBMJCE", generateKeyPair);
                    if (newSsCert == null) {
                        throw new Exception("SelfSigned certificate creation failed.");
                    }
                    CertificationRequest certificationRequest = new CertificationRequest(newCertRequest.getPKCS10CertReq());
                    X509Certificate certificate = newSsCert.getCertificate();
                    keyStore.invokeKeyStoreCommand("setKeyEntry", new Object[]{str3, newSsCert.getKey(), this.keyStorePassword.toCharArray(), new X509Certificate[]{certificate}});
                    try {
                        Tr.audit(tc, "Self Signed Certificate: notBefore time: " + certificate.getNotBefore().toString() + " notAfter time: " + certificate.getNotAfter().toString());
                    } catch (Throwable th) {
                    }
                    certificationRequest.writeBASE64(this.certReqPath);
                    issueMessage("ssl.ca.client.pkcs10.request.created", new Object[]{this.alias, this.certReqPath}, "A PKCS10 certificate with alias \"" + this.alias + "\" was created successfully.  The request is stored in file: " + this.certReqPath);
                }
                if (!tc.isEntryEnabled()) {
                    return 0;
                }
                Tr.exit(tc, "createPKCS10CertificateRequest");
                return 0;
            } catch (Exception e) {
                issueMessage("ssl.ca.client.subjectdn.invalid", "SubjectDN supplied is invalid");
                Tr.error(tc, "ssl.ca.client.subjectdn.invalid");
                return 3;
            }
        } catch (Exception e2) {
            issueMessage("ssl.ca.client.pkcs10.request.failed", new Object[]{e2.getMessage()}, "Failed to create a PKCS10 certificate request due to the following error:");
            Tr.error(tc, "ssl.ca.client.pkcs10.request.failed", new Object[]{e2});
            if (keyStore != null && 1 == 0) {
                try {
                    if (!((Boolean) keyStore.invokeKeyStoreCommand("containsAlias", new Object[]{this.alias})[0]).booleanValue()) {
                        throw new Exception("Certificate " + this.alias + " does not exist in the keyStore.");
                    }
                    Tr.debug(tc, "Deleting existing certificate request from keyStore");
                    keyStore.invokeKeyStoreCommand("deleteEntry", new Object[]{this.alias});
                    File file3 = new File(this.certReqPath);
                    if (file3.exists()) {
                        Tr.debug(tc, "Deleting existing certificate request file " + this.certReqPath);
                        file3.delete();
                    }
                } catch (Exception e3) {
                    Tr.debug(tc, e3.getMessage());
                }
            }
            if (!tc.isEntryEnabled()) {
                return 3;
            }
            Tr.exit(tc, "createPKCS10CertificateRequest");
            return 3;
        }
    }

    private int parseArguments(String[] strArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "parseArguments", new Object[]{strArr});
        }
        List list = null;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        String str = strArr.length >= 1 ? strArr[0] : "";
        if (str.startsWith("-") || !(str.equalsIgnoreCase("create") || str.equalsIgnoreCase(revokeOpt) || str.equalsIgnoreCase(queryOpt) || str.equalsIgnoreCase("request"))) {
            issueMessage("ssl.ca.client.invalid.option", new Object[]{str}, "The following option is not valid: " + str);
            printHelp();
            return 3;
        }
        if (str.equalsIgnoreCase("create")) {
            this.create = true;
            list = Arrays.asList(certReqPathOpt, aliasOpt, keyStoreAliasOpt, subjectDNOpt, keySizeOpt, subjectAltNamesOpt, keyUsageOpt, extKeyUsageOpt, "-help", "?", traceOpt, quietOpt, logFileOpt, replaceLogOpt);
        }
        if (str.equalsIgnoreCase(revokeOpt)) {
            this.revoke = true;
            list = Arrays.asList(clientImplClassOpt, hostOpt, portOpt, userIDOpt, passwordOpt, aliasOpt, keyStoreAliasOpt, revocationPasswordOpt, revocationReasonOpt, customAttrsOpt, queryLimitOpt, queryIntervalOpt, "-help", "?", traceOpt, quietOpt, logFileOpt, replaceLogOpt);
        }
        if (str.equalsIgnoreCase(queryOpt)) {
            this.query = true;
            list = Arrays.asList(clientImplClassOpt, hostOpt, portOpt, userIDOpt, passwordOpt, aliasOpt, keyStoreAliasOpt, customAttrsOpt, queryLimitOpt, queryIntervalOpt, "-help", "?", traceOpt, quietOpt, logFileOpt, replaceLogOpt);
        }
        if (str.equalsIgnoreCase("request")) {
            this.request = true;
            list = Arrays.asList(clientImplClassOpt, hostOpt, portOpt, userIDOpt, passwordOpt, certReqPathOpt, aliasOpt, keyStoreAliasOpt, revocationPasswordOpt, subjectDNOpt, keySizeOpt, subjectAltNamesOpt, keyUsageOpt, extKeyUsageOpt, customAttrsOpt, queryLimitOpt, queryIntervalOpt, "-help", "?", traceOpt, quietOpt, logFileOpt, replaceLogOpt);
        }
        if (strArr.length < 2) {
            printHelp();
            return 3;
        }
        for (int i = 1; i < strArr.length; i++) {
            if (strArr[i] != null && strArr[i].startsWith("-")) {
                if (!list.contains(strArr[i])) {
                    issueMessage("ssl.ca.client.invalid.option", new Object[]{strArr[i]}, "CWPKI0404W: The following option is not valid: \"" + strArr[i] + "\"");
                    printHelp();
                    return 3;
                }
                arrayList.add(strArr[i]);
            } else if (strArr[i - 1] == null || !(!strArr[i - 1].startsWith("-") || strArr[i - 1].equals(traceOpt) || strArr[i - 1].equals(replaceLogOpt) || strArr[i - 1].equals("-help") || strArr[i - 1].equals(quietOpt))) {
                arrayList.add(strArr[i]);
            } else {
                arrayList2.add(strArr[i]);
            }
        }
        if (arrayList.contains("-help") || arrayList.contains("?")) {
            this.help = true;
            printHelp();
            return 3;
        }
        if (arrayList.contains(traceOpt)) {
            this.trace = true;
        }
        if (arrayList.contains(quietOpt)) {
            this.quiet = true;
        }
        this.logFile = getOptionValue(arrayList, logFileOpt, false);
        if (arrayList.contains(replaceLogOpt)) {
            this.replaceLog = true;
        }
        enableTrace();
        SSLConfigManager.getInstance().initializeClientSSL();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The following options were provided on the command line: " + arrayList);
        }
        if (arrayList2 != null && arrayList2.size() != 0) {
            String str2 = (String) arrayList2.get(0);
            for (int i2 = 1; i2 < arrayList2.size(); i2++) {
                str2 = str2 + ", " + ((String) arrayList2.get(i2));
            }
            issueMessage("ssl.ca.client.ignored.arguments", new Object[]{str2}, "Ignoring the following unrecognized options: [" + str2 + "]");
            Tr.warning(tc, "ssl.ca.client.ignored.arguments", new Object[]{str2});
        }
        if (arrayList != null) {
            try {
                if (arrayList.size() != 0) {
                    if (!this.create) {
                        try {
                            this.customAttrs.put("CAHostname", getOptionValue(arrayList, hostOpt, true));
                            this.customAttrs.put("CAPort", Integer.valueOf(Integer.parseInt(getOptionValue(arrayList, portOpt, true))));
                            this.customAttrs.put("AuthenticationID", getOptionValue(arrayList, userIDOpt, true));
                            this.customAttrs.put("AuthenticationPWD", getOptionValue(arrayList, passwordOpt, true).getBytes("UTF8"));
                        } catch (UnsupportedEncodingException e) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Exception getting the bytes from the supplied keystore password.  Exception: ", e);
                            }
                        } catch (NumberFormatException e2) {
                            issueMessage("ssl.ca.client.invalid.option.type", new Object[]{"integer", portOpt}, "Supply integer value for -port.");
                            printHelp();
                            return 3;
                        }
                        this.clientImplClass = getOptionValue(arrayList, clientImplClassOpt, true);
                        try {
                            String optionValue = getOptionValue(arrayList, queryIntervalOpt, false);
                            if (optionValue != null) {
                                this.queryInterval = Long.parseLong(optionValue);
                            }
                            if (this.queryInterval == -1) {
                                this.queryInterval = 5000L;
                            }
                            try {
                                String optionValue2 = getOptionValue(arrayList, queryLimitOpt, false);
                                if (optionValue2 != null) {
                                    this.queryRetryCount = Long.parseLong(optionValue2);
                                }
                                if (this.queryRetryCount == -1) {
                                    this.queryRetryCount = 5L;
                                }
                                parseCustomAttrs(getOptionValue(arrayList, customAttrsOpt, false));
                            } catch (NumberFormatException e3) {
                                issueMessage("ssl.ca.client.invalid.option.type", new Object[]{"integer", queryLimitOpt}, "Supply integer value for -retryLimit.");
                                printHelp();
                                return 3;
                            }
                        } catch (NumberFormatException e4) {
                            issueMessage("ssl.ca.client.invalid.option.type", new Object[]{WMQActSpecCreateCmd.LONG_TYPE, queryIntervalOpt}, "Supply long value for -retryInterval.");
                            printHelp();
                            return 3;
                        }
                    }
                    this.keyStoreAlias = getOptionValue(arrayList, keyStoreAliasOpt, true);
                    for (String str3 : SSLConfigManager.getInstance().getSSLConfigAliases()) {
                        SSLConfig sSLConfig = SSLConfigManager.getInstance().getSSLConfig(str3);
                        if (sSLConfig.getProperty(Constants.SSLPROP_KEY_STORE_NAME).equals(this.keyStoreAlias)) {
                            this.keyStorePassword = sSLConfig.getProperty("com.ibm.ssl.keyStorePassword");
                        }
                        if (sSLConfig.getProperty(Constants.SSLPROP_TRUST_STORE_NAME).equals(this.keyStoreAlias)) {
                            this.keyStorePassword = sSLConfig.getProperty("com.ibm.ssl.trustStorePassword");
                        }
                    }
                    if (this.keyStorePassword == null) {
                    }
                    if (this.request) {
                        this.certReqPath = getOptionValue(arrayList, certReqPathOpt, false);
                        if (this.certReqPath == null) {
                            this.create = true;
                        }
                        this.revocationPassword = getOptionValue(arrayList, revocationPasswordOpt, true);
                    }
                    if (this.revoke) {
                        this.alias = getOptionValue(arrayList, aliasOpt, true);
                        this.revocationPassword = getOptionValue(arrayList, revocationPasswordOpt, true);
                        this.revocationReason = getOptionValue(arrayList, revocationReasonOpt, false);
                        if (this.revocationReason == null) {
                            this.revocationReason = "unspecified";
                        }
                    }
                    if (this.query) {
                        this.alias = getOptionValue(arrayList, aliasOpt, true);
                    }
                    if (this.create) {
                        this.subjectDN = getOptionValue(arrayList, subjectDNOpt, true);
                        this.certReqPath = getOptionValue(arrayList, certReqPathOpt, false);
                        this.alias = getOptionValue(arrayList, aliasOpt, true);
                        try {
                            String optionValue3 = getOptionValue(arrayList, keySizeOpt, false);
                            if (optionValue3 != null) {
                                this.keySize = Integer.parseInt(optionValue3);
                            }
                            if (this.keySize == -1) {
                                this.keySize = Integer.parseInt(Constants.KEY_SIZE);
                            }
                            this.certValidity = 365;
                            this.subjectAltNames = parseListAttrs(getOptionValue(arrayList, subjectAltNamesOpt, false));
                            this.keyUsage = parseListAttrs(getOptionValue(arrayList, keyUsageOpt, false));
                            this.extKeyUsage = parseListAttrs(getOptionValue(arrayList, extKeyUsageOpt, false));
                        } catch (NumberFormatException e5) {
                            issueMessage("ssl.ca.client.invalid.option.type", new Object[]{"integer", keySizeOpt}, "Supply integer value for -keySize.");
                            printHelp();
                            return 3;
                        }
                    }
                }
            } catch (IllegalArgumentException e6) {
                printHelp();
                return 3;
            }
        }
        if (!tc.isEntryEnabled()) {
            return 0;
        }
        Tr.exit(tc, "parseArguments");
        return 0;
    }

    private void parseCustomAttrs(String str) {
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.indexOf("=") == -1) {
                    String string = TraceNLSHelper.getInstance().getString("ssl.ca.client.invalid.custom.attrs", "Unable to parse custom attributes.");
                    issueMessage("ssl.ca.client.invalid.custom.attrs", "Unable to parse custom attributes.");
                    throw new IllegalArgumentException(string);
                }
                String replaceAll = nextToken.substring(nextToken.indexOf("=") + 1).trim().replaceAll(" ", "");
                String replaceAll2 = nextToken.substring(0, nextToken.indexOf("=")).trim().replaceAll(" ", "");
                if (replaceAll2 == null || replaceAll2.length() == 0 || replaceAll == null || replaceAll.length() == 0) {
                    String string2 = TraceNLSHelper.getInstance().getString("ssl.ca.client.invalid.custom.attrs", "Unable to parse custom attributes.");
                    issueMessage("ssl.ca.client.invalid.custom.attrs", "Unable to parse custom attributes.");
                    throw new IllegalArgumentException(string2);
                }
                this.customAttrs.put(replaceAll2.trim(), replaceAll.trim());
            }
        }
    }

    private List<String> parseListAttrs(String str) {
        if (str == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        ArrayList arrayList = new ArrayList();
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(stringTokenizer.nextToken().trim());
        }
        return arrayList;
    }

    private String getOptionValue(List list, String str, boolean z) {
        String str2 = null;
        int indexOf = list.indexOf(str);
        if (indexOf != -1 && indexOf + 1 < list.size()) {
            str2 = (String) list.get(indexOf + 1);
            if (str2.startsWith("-") || str2.equals("")) {
                String str3 = "The option " + str + " is required with a value.";
                String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.invalid.option.value", new Object[]{str}, str3);
                issueMessage("ssl.ca.client.invalid.option.value", new Object[]{str}, str3);
                throw new IllegalArgumentException(formattedMessage);
            }
        } else if (z || indexOf + 1 == list.size()) {
            String str4 = "The option " + str + " is required with a value.";
            String formattedMessage2 = TraceNLSHelper.getInstance().getFormattedMessage("ssl.ca.client.invalid.option.value", new Object[]{str}, str4);
            issueMessage("ssl.ca.client.invalid.option.value", new Object[]{str}, str4);
            throw new IllegalArgumentException(formattedMessage2);
        }
        return str2;
    }

    private boolean enableTrace() {
        String str;
        if (this.trace) {
            str = "com.ibm.ws.management.*=all=enabled:com.ibm.websphere.management.*=all=enabled:com.ibm.ws.ssl.*=all=enabled:SSL=all=enabled:com.ibm.ws.security.*=all=enabled:SASRas=all=enabled:com.ibm.ws.ssl.commands.*=all=enabled";
            Tr.info(tc, "ssl.ca.client.tracemodeon");
        } else {
            str = "";
        }
        if (this.logFile == null) {
            this.logFile = getDefaultTraceFile();
        }
        boolean z = true;
        if (!ManagerAdmin.isLogFileWriteable(this.logFile)) {
            issueMessage("ssl.ca.client.logfile.error", new Object[]{new File(this.logFile).getAbsolutePath()}, "Cannot write to the trace logfile at the following location: " + new File(this.logFile).getAbsolutePath());
            z = false;
        }
        if (!z) {
            return true;
        }
        issueMessage("ssl.ca.client.logfile.location", new Object[]{new File(this.logFile).getAbsolutePath()}, "Trace is being logged to the following location: " + new File(this.logFile).getAbsolutePath());
        ManagerAdmin.configureClientTrace(str, ManagerAdmin.file, this.logFile, this.replaceLog, "basic", false);
        return true;
    }

    private void printHelp() {
        if (this.request) {
            printMessage(HELP_INFO_REQUEST);
            return;
        }
        if (this.revoke) {
            printMessage(HELP_INFO_REVOKE);
            return;
        }
        if (this.query) {
            printMessage(HELP_INFO_QUERY);
        } else if (this.create) {
            printMessage(HELP_INFO_CREATE);
        } else {
            printMessage(HELP_INFO_GENERIC);
        }
    }

    protected String getDefaultTraceFile() {
        String property = System.getProperty(CompositeValidator.USER_INSTALL_ROOT_PROPERTY);
        if (property == null || property.length() <= 0) {
            property = System.getProperty("was.install.root");
        }
        return (property + File.separator + "logs") + File.separator + DEFAULT_TRACE_FILE;
    }

    protected void issueMessage(String str, Object[] objArr, String str2) {
        String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage(str, objArr, str2);
        if (this.quiet) {
            return;
        }
        printMessage(formattedMessage);
    }

    protected void issueMessage(String str, String str2) {
        String string = TraceNLSHelper.getInstance().getString(str, str2);
        if (this.quiet) {
            return;
        }
        printMessage(string);
    }

    protected void printMessage(String str) {
        int i = 79;
        if (isDoubleByteSystem(str)) {
            i = 79 / 2;
        }
        printMessage(str, i, false);
    }

    private boolean isDoubleByteSystem(String str) {
        DataOutputStream dataOutputStream = new DataOutputStream(new ByteArrayOutputStream());
        try {
            dataOutputStream.writeUTF(str);
            dataOutputStream.flush();
            try {
                dataOutputStream.close();
            } catch (IOException e) {
            }
            if (r0.toByteArray().length > str.length() + (str.length() * 0.1d)) {
                this.isDoubleByteSystem = true;
            } else {
                this.isDoubleByteSystem = false;
            }
            return this.isDoubleByteSystem;
        } catch (IOException e2) {
            try {
                dataOutputStream.close();
            } catch (IOException e3) {
            }
            return false;
        } catch (Throwable th) {
            try {
                dataOutputStream.close();
            } catch (IOException e4) {
            }
            throw th;
        }
    }

    private void printMessage(String str, int i, boolean z) {
        int i2 = i;
        if (z) {
            System.out.print("           ");
            i2 -= "           ".length();
        }
        if (str.length() <= i2) {
            System.out.println(str);
            return;
        }
        int lastIndexOf = str.lastIndexOf(32, i2);
        if (lastIndexOf == -1) {
            lastIndexOf = str.indexOf(32);
            if (lastIndexOf == -1) {
                System.out.println(str);
                return;
            }
        }
        printMessage(str.substring(0, lastIndexOf), i, false);
        printMessage(str.substring(lastIndexOf + 1), i, true);
    }

    private void printCert(X509Certificate x509Certificate) {
        String str = "Cannot determine the SHA-1 digest.";
        String str2 = "Cannot determine the MD5 digest.";
        try {
            str = KeyStoreManager.getInstance().generateDigest("SHA-1", x509Certificate);
            str2 = KeyStoreManager.getInstance().generateDigest("MD5", x509Certificate);
        } catch (NoClassDefFoundError e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "No class found for generateDigest.", new Object[]{e});
            }
        }
        System.out.println("");
        System.out.println(" " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.heade", "*** CERTIFICATE ***"));
        System.out.println(" " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.subject", "Owner: ") + " " + x509Certificate.getSubjectDN());
        System.out.println(" " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.issuer", "Issuer: ") + " " + x509Certificate.getIssuerDN());
        System.out.println(" " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.serial", "Serial Number: ") + " " + x509Certificate.getSerialNumber());
        System.out.println(" " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.fingerprints", ""));
        System.out.println("    " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.shadigest", "SHA-1 Digest: ") + " " + str);
        System.out.println("    " + TraceNLSHelper.getInstance().getString("ssl.ca.cmp.impl.certificate.received.md5digest", "MD5 Digest: ") + " " + str2);
        System.out.println("");
    }
}
