package com.ibm.ws.ssl.commands.keyStores;

import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.ws.odc.util.Util;
import com.ibm.ws.profile.WSWASProfileConstants;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.ssl.commands.ManagementScope.ManagementScopeHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.SSLCommandsHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.ManagementScopeData;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.File;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:com/ibm/ws/ssl/commands/keyStores/CreateKeyStore.class */
public class CreateKeyStore extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register((Class<?>) CreateKeyStore.class, "SSL", "com.ibm.ws.ssl.commands.keyStores");
    private String keyStoreName;
    private String keyStoreNameCR;
    private String keyStoreNameSR;
    private String keyStoreLocation;
    private String keyStoreType;
    private String keyStorePassword;
    private String keyStorePasswordVerify;
    private String keyStoreHostList;
    private String keyStoreProvider;
    private Boolean keyStoreIsFileBased;
    private Boolean keyStoreReadOnly;
    private Boolean keyStoreInitAtStartup;
    private String keyStoreCustomProvider;
    private Boolean keyStoreStashFile;
    private String scopeName;
    private Boolean keyStoreForAcceleration;
    private boolean createKeyFile;
    private boolean createRACFKS;
    private boolean createWritableKeyrings;
    private String controlRegionUser;
    private String servantRegionUser;
    private String keyStoreLocationCR;
    private String keyStoreLocationSR;
    private String keyStoreDescription;
    private String keyStoreUsage;
    private ObjectName mgmScopeObjName;
    private boolean createMgmScope;
    private ConfigService cs;
    private ObjectName security;
    private ObjectName cell;
    private Session session;

    public CreateKeyStore(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.keyStoreNameCR = null;
        this.keyStoreNameSR = null;
        this.keyStoreLocation = null;
        this.keyStoreType = null;
        this.keyStorePassword = null;
        this.keyStorePasswordVerify = null;
        this.keyStoreHostList = null;
        this.keyStoreProvider = null;
        this.keyStoreIsFileBased = null;
        this.keyStoreReadOnly = null;
        this.keyStoreInitAtStartup = null;
        this.keyStoreCustomProvider = null;
        this.keyStoreStashFile = null;
        this.scopeName = null;
        this.keyStoreForAcceleration = null;
        this.createKeyFile = true;
        this.createRACFKS = false;
        this.createWritableKeyrings = false;
        this.controlRegionUser = null;
        this.servantRegionUser = null;
        this.keyStoreLocationCR = null;
        this.keyStoreLocationSR = null;
        this.keyStoreDescription = null;
        this.keyStoreUsage = null;
        this.mgmScopeObjName = null;
        this.createMgmScope = false;
        this.cs = null;
        this.security = null;
        this.cell = null;
        this.session = null;
    }

    public CreateKeyStore(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.keyStoreNameCR = null;
        this.keyStoreNameSR = null;
        this.keyStoreLocation = null;
        this.keyStoreType = null;
        this.keyStorePassword = null;
        this.keyStorePasswordVerify = null;
        this.keyStoreHostList = null;
        this.keyStoreProvider = null;
        this.keyStoreIsFileBased = null;
        this.keyStoreReadOnly = null;
        this.keyStoreInitAtStartup = null;
        this.keyStoreCustomProvider = null;
        this.keyStoreStashFile = null;
        this.scopeName = null;
        this.keyStoreForAcceleration = null;
        this.createKeyFile = true;
        this.createRACFKS = false;
        this.createWritableKeyrings = false;
        this.controlRegionUser = null;
        this.servantRegionUser = null;
        this.keyStoreLocationCR = null;
        this.keyStoreLocationSR = null;
        this.keyStoreDescription = null;
        this.keyStoreUsage = null;
        this.mgmScopeObjName = null;
        this.createMgmScope = false;
        this.cs = null;
        this.security = null;
        this.cell = null;
        this.session = null;
    }

    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.VALIDATE);
        }
        super.validate();
        try {
            this.cs = SSLCommandsHelper.getConfigService(getName());
            this.session = getConfigSession();
            this.security = SSLCommandsHelper.getSecurityObjectName(this.session, this.cs);
            this.keyStoreName = (String) getParameter("keyStoreName");
            this.keyStoreLocation = (String) getParameter(CommandConstants.KEY_STORE_LOCATION);
            this.keyStoreType = (String) getParameter(CommandConstants.KEY_STORE_TYPE);
            this.keyStorePassword = (String) getParameter("keyStorePassword");
            this.keyStorePasswordVerify = (String) getParameter(CommandConstants.KEY_STORE_PASSWORD_VERIFY);
            this.keyStoreHostList = (String) getParameter(CommandConstants.KEY_STORE_HOST_LIST);
            this.keyStoreProvider = (String) getParameter(CommandConstants.KEY_STORE_PROVIDER);
            this.keyStoreIsFileBased = (Boolean) getParameter(CommandConstants.KEY_STORE_IS_FILE_BASED);
            this.keyStoreReadOnly = (Boolean) getParameter(CommandConstants.KEY_STORE_READ_ONLY);
            this.keyStoreInitAtStartup = (Boolean) getParameter(CommandConstants.KEY_STORE_INIT_AT_STARTUP);
            this.keyStoreStashFile = (Boolean) getParameter(CommandConstants.KEY_STORE_STASH_FILE);
            this.scopeName = (String) getParameter(CommandConstants.SCOPE_NAME);
            this.keyStoreForAcceleration = (Boolean) getParameter(CommandConstants.KEY_STORE_ACCELERATION);
            this.keyStoreDescription = (String) getParameter(CommandConstants.KEY_STORE_DESCRIPTION);
            this.keyStoreUsage = (String) getParameter(CommandConstants.KEY_STORE_USAGE);
            this.controlRegionUser = (String) getParameter(CommandConstants.USER_NAME_CONTROL);
            this.servantRegionUser = (String) getParameter(CommandConstants.USER_NAME_SERVANT);
            String str = Constants.SAFKEYRING_PREFIX;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreName=" + this.keyStoreName + " keyStoreLocation=" + this.keyStoreLocation + " keyStoreType=" + this.keyStoreType + " keyStorePassword=" + this.keyStorePassword + " keyStoreHostList=" + this.keyStoreHostList + " keyStoreProvider=" + this.keyStoreProvider + " keyStoreIsFileBased=" + this.keyStoreIsFileBased + " keyStoreReadOnly=" + this.keyStoreReadOnly + " keyStoreInitAtStartup=" + this.keyStoreInitAtStartup + " keyStoreCustomProvider=" + this.keyStoreCustomProvider + " keyStoreStashFile=" + this.keyStoreStashFile + " scopeName=" + this.scopeName + " keyStoreDescription=" + this.keyStoreDescription + " usage=" + this.keyStoreUsage);
            }
            if (this.keyStoreDescription != null && this.keyStoreDescription.length() == 0) {
                this.keyStoreDescription = null;
            }
            if (this.keyStorePassword != null && this.keyStorePassword.length() == 0) {
                this.keyStorePassword = null;
            }
            if (this.keyStorePasswordVerify != null && this.keyStorePasswordVerify.length() == 0) {
                this.keyStorePasswordVerify = null;
            }
            if (this.controlRegionUser != null && this.controlRegionUser.length() == 0) {
                this.controlRegionUser = null;
            }
            if (this.servantRegionUser != null && this.servantRegionUser.length() == 0) {
                this.servantRegionUser = null;
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.scopeName == null) {
                this.cell = SSLCommandsHelper.getCellObjectName(this.session, this.cs);
                this.scopeName = commandHelper.defaultCellScope(this.cell);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Default cell scopeName: " + this.scopeName);
                }
            } else if (!ManagementScopeHelper.validScopeName(this.session, this.cs, this.scopeName)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Not a valid management scope name: " + this.scopeName);
                }
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.scope.not.valid.CWPKI0604E", new Object[]{this.scopeName}, "The following Management scope is not valid: " + this.scopeName));
            }
            if (this.keyStoreType.indexOf(Constants.KEYSTORE_TYPE_JAVACRYPTO) >= 0) {
                this.keyStoreType = Constants.KEYSTORE_TYPE_JAVACRYPTO;
            }
            if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JAVACRYPTO)) {
                this.keyStoreIsFileBased = Boolean.FALSE;
            }
            if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCERACFKS) || this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS) || this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCEHYBRIDRACFKS)) {
                if (!PlatformHelperFactory.getPlatformHelper().isZOS()) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.bad.type.CWPKI0694E", new Object[]{this.keyStoreType}, "CWPKI0694E: \"" + this.keyStoreType + "\" is not a valid key store type."));
                }
                this.keyStoreIsFileBased = Boolean.FALSE;
                if (this.keyStoreLocation.startsWith(Constants.SAFKEYRING_HW_PREFIX)) {
                    str = Constants.SAFKEYRING_HW_PREFIX;
                }
                if (this.keyStoreLocation.startsWith(Constants.SAFKEYRING_HYBRID_PREFIX)) {
                    str = Constants.SAFKEYRING_HYBRID_PREFIX;
                }
                if (!this.keyStoreLocation.startsWith(str) || ((this.keyStoreLocation.startsWith(str) && this.keyStoreLocation.endsWith(str)) || this.keyStoreLocation.endsWith("/"))) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyring.uri.invalid.CWPKI0713E", new Object[]{this.keyStoreLocation}, "The SAF keyring location specified as \"" + this.keyStoreLocation + "\", is not valid."));
                }
                if (this.keyStoreLocation.split("/").length != 4) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyring.uri.invalid.CWPKI0713E", new Object[]{this.keyStoreLocation}, "The SAF keyring location specified as \"" + this.keyStoreLocation + "\", is not valid."));
                }
                if (this.keyStoreLocation.startsWith(str + "/")) {
                    if (this.controlRegionUser == null && this.servantRegionUser == null) {
                        Tr.debug(tc, "KeyRing is not qualified with a user-id, forcing readOnly flag to true.");
                        this.keyStoreReadOnly = Boolean.TRUE;
                    }
                    int lastIndexOf = this.keyStoreLocation.lastIndexOf("/");
                    if (this.controlRegionUser != null && this.servantRegionUser != null) {
                        this.createWritableKeyrings = true;
                        this.keyStoreReadOnly = Boolean.TRUE;
                        this.keyStoreNameCR = this.keyStoreName + "-CR";
                        this.keyStoreNameSR = this.keyStoreName + "-SR";
                        this.keyStoreLocationCR = str + this.controlRegionUser + "/" + this.keyStoreLocation.substring(lastIndexOf + 1);
                        this.keyStoreLocationSR = str + this.servantRegionUser + "/" + this.keyStoreLocation.substring(lastIndexOf + 1);
                    }
                    if (this.controlRegionUser == null && this.servantRegionUser != null) {
                        throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyring.username.required.CWPKI0721E", new Object[]{CommandConstants.USER_NAME_CONTROL, CommandConstants.USER_NAME_SERVANT}, "Parameter controlRegionUser and parameter servantRegionUser must be specified together."));
                    }
                    if (this.controlRegionUser != null && this.servantRegionUser == null) {
                        throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyring.username.required.CWPKI0721E", new Object[]{CommandConstants.USER_NAME_CONTROL, CommandConstants.USER_NAME_SERVANT}, "Parameter controlRegionUser and parameter servantRegionUser must be specified together."));
                    }
                }
                if (this.keyStorePassword == null && this.keyStorePasswordVerify == null) {
                    this.keyStorePassword = "password";
                    this.keyStorePasswordVerify = "password";
                }
                if (this.keyStoreReadOnly.booleanValue()) {
                    int lastIndexOf2 = this.keyStoreLocation.lastIndexOf(str) + str.length();
                    int lastIndexOf3 = this.keyStoreLocation.lastIndexOf("/");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "SAF Keyring is valid");
                        Tr.debug(tc, "USERID: " + this.keyStoreLocation.substring(lastIndexOf2, lastIndexOf3));
                        Tr.debug(tc, "KEYRING: " + this.keyStoreLocation.substring(lastIndexOf3 + 1));
                    }
                }
            }
            if (this.keyStoreForAcceleration == null || !this.keyStoreForAcceleration.booleanValue()) {
                if ((this.keyStorePassword != null && this.keyStorePasswordVerify == null) || ((this.keyStorePassword == null && this.keyStorePasswordVerify != null) || (this.keyStorePassword == null && this.keyStorePasswordVerify == null))) {
                    String string = TraceNLSHelper.getInstance().getString("ssl.command.password.missing.CWPKI0632E", "Both password and verify password were not supplied.");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Both password and verify password were not supplied.");
                    }
                    throw new CommandValidationException(string);
                }
                if (!KeyStoreHelper.passwordVerify(this.keyStorePassword, this.keyStorePasswordVerify)) {
                    String string2 = TraceNLSHelper.getInstance().getString("ssl.command.keyStore.password.not.confirm.CWPKI0619E", "Passwords do not match.");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Password did not verify.");
                    }
                    throw new CommandValidationException(string2);
                }
            }
            if (this.keyStoreProvider == null) {
                if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_CMS)) {
                    this.keyStoreProvider = Constants.IBMCMS_NAME;
                } else if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JAVACRYPTO)) {
                    this.keyStoreProvider = Constants.KEYSTORE_TYPE_JAVACRYPTO;
                } else if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_PKCS12) || this.keyStoreType.equals("JKS") || this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCEKS)) {
                    this.keyStoreProvider = "IBMJCE";
                } else if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCECCAKS) || this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS)) {
                    this.keyStoreProvider = Constants.IBMJCECCA_NAME;
                } else if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCEHYBRIDRACFKS)) {
                    this.keyStoreProvider = Constants.IBMJCEHYBRID_NAME;
                }
            }
            if (this.keyStoreUsage != null && !KeyStoreHelper.ValidUsage(this.keyStoreUsage)) {
                String string3 = TraceNLSHelper.getInstance().getString("ssl.command.usage.not.valid.CWPKI0710E", "Usage is not valid.");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Usage value is not valid.");
                }
                throw new CommandValidationException(string3);
            }
            if (this.keyStoreIsFileBased != null && !this.keyStoreIsFileBased.booleanValue()) {
                this.createKeyFile = false;
            }
            if (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCERACFKS) || (this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS) && this.keyStoreReadOnly != null && !this.keyStoreReadOnly.booleanValue())) {
                this.createRACFKS = true;
            }
            if (this.keyStoreHostList == null) {
                if (this.keyStoreIsFileBased.booleanValue()) {
                    int checkKeyFile = KeyStoreHelper.checkKeyFile(this.keyStoreType, KeyStoreManager.getInstance().expand(this.keyStoreLocation), this.keyStorePassword);
                    if (checkKeyFile == 1) {
                        File file = new File(KeyStoreManager.getInstance().expand(this.keyStoreLocation));
                        if (!file.isAbsolute()) {
                            this.keyStoreLocation = KeyStoreManager.getInstance().expand(SecConstants.USER_INSTALL_ROOT + File.separator + "etc" + File.separator + file);
                            checkKeyFile = KeyStoreHelper.checkKeyFile(this.keyStoreType, KeyStoreManager.getInstance().expand(this.keyStoreLocation), this.keyStorePassword);
                        }
                    }
                    if (checkKeyFile == 1) {
                        this.createKeyFile = true;
                    } else if (checkKeyFile == 0) {
                        this.createKeyFile = false;
                    } else if (checkKeyFile == 2 || checkKeyFile == 3) {
                        throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keyStore.check.key.file.CWPKI0663E", new Object[]{this.keyStoreLocation}, "Key store file \"" + this.keyStoreLocation + "\" did not verify, check key store type and password."));
                    }
                }
                if (this.keyStoreReadOnly != null && this.keyStoreReadOnly.booleanValue()) {
                    if (this.keyStoreType.equalsIgnoreCase(Constants.KEYSTORE_TYPE_JAVACRYPTO)) {
                        File file2 = new File(KeyStoreManager.getInstance().expand(this.keyStoreLocation));
                        if (file2 == null || !file2.isFile() || !file2.canRead()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Key store file \"" + this.keyStoreLocation + "\" does not exist.");
                            }
                            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.check.file.CWPKI0673E", new Object[]{this.keyStoreLocation}, "Creating a read only key store object.  File \"" + this.keyStoreLocation + "\" should already exist."));
                        }
                        this.createKeyFile = false;
                    }
                    if (this.createKeyFile) {
                        throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.check.key.file.CWPKI0656E", new Object[]{this.keyStoreLocation}, "Creating a read only key store object.  File \"" + this.keyStoreLocation + "\" should already exist, check the key store password and key store type."));
                    }
                }
                if (this.keyStoreForAcceleration != null && this.keyStoreForAcceleration.booleanValue()) {
                    File file3 = new File(KeyStoreManager.getInstance().expand(this.keyStoreLocation));
                    if (file3 == null || !file3.isFile() || !file3.canRead()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "File \"" + this.keyStoreLocation + "\" does not exist.");
                        }
                        if (this.keyStoreForAcceleration != null && this.keyStoreForAcceleration.booleanValue()) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Crypto operations config file does not exist.");
                            }
                            throw new Exception(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.check.acceleration.file.CWPKI0664E", new Object[]{this.keyStoreLocation}, "Cryptographic operations configuration file \"" + this.keyStoreLocation + "\"does not exist."));
                        }
                    }
                    this.createKeyFile = false;
                }
            } else {
                String processType = AdminServiceFactory.getAdminService().getProcessType();
                if (processType != null && (processType.equals(Util.STANDALONE_PROCESS) || processType.equals(WSWASProfileConstants.S_ADMIN_AGENT_NAME_SEED))) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Can not remotely manage key stores from a base application server.");
                    }
                    throw new Exception(TraceNLSHelper.getInstance().getString("ssl.command.not.remote.CWPKI0669E", "Key stores and certificates can not be remotely managed from a base application server."));
                }
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, "name", this.keyStoreName);
            if (commandHelper.exists(this.cs, this.session, this.security, CommandConstants.KEY_STORES, attributeList, this.scopeName)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.already.exists.CWPKI0601E", new Object[]{this.keyStoreName, this.scopeName}, this.keyStoreName + " in the management scope " + this.scopeName + " already exists."));
            }
            if (commandHelper.existsInScopeFamily(this.cs, this.session, this.security, CommandConstants.KEY_STORES, this.keyStoreName, this.scopeName)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keystore.not.unique.CWPKI0740E", new Object[]{this.keyStoreName}, "Keystore name must be unique within the same management scope.  A keystore with the name " + this.keyStoreName + " already exists within the same management scope."));
            }
            if (this.createWritableKeyrings) {
                AttributeList attributeList2 = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList2, "name", this.keyStoreNameCR);
                if (commandHelper.exists(this.cs, this.session, this.security, CommandConstants.KEY_STORES, attributeList2, this.scopeName)) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.already.exists.CWPKI0601E", new Object[]{this.keyStoreNameCR, this.scopeName}, this.keyStoreNameCR + " in the management scope " + this.scopeName + " already exists."));
                }
                attributeList = new AttributeList();
                ConfigServiceHelper.setAttributeValue(attributeList, "name", this.keyStoreNameSR);
                if (commandHelper.exists(this.cs, this.session, this.security, CommandConstants.KEY_STORES, attributeList, this.scopeName)) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.already.exists.CWPKI0601E", new Object[]{this.keyStoreNameSR, this.scopeName}, this.keyStoreNameSR + " in the management scope " + this.scopeName + " already exists."));
                }
            }
            if (this.keyStoreForAcceleration != null && this.keyStoreForAcceleration.booleanValue() && !this.keyStoreType.equals(Constants.KEYSTORE_TYPE_JAVACRYPTO)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.keystore.hardware.CWPKI0658E", new Object[]{Constants.KEYSTORE_TYPE_JAVACRYPTO}, "Key store types for hardware devices must be PKCS11"));
            }
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_NAME, this.scopeName);
            if (commandHelper.exists(this.cs, this.session, this.security, CommandConstants.MANAGEMENT_SCOPES, attributeList, null)) {
                this.mgmScopeObjName = commandHelper.getObjectName(this.cs, this.session, this.security, CommandConstants.MANAGEMENT_SCOPES, attributeList, (String) null);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "mgmScopeObjName: " + this.mgmScopeObjName);
                }
            } else {
                this.createMgmScope = true;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, AuditConstants.VALIDATE);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception is " + e.getMessage());
            }
            throw new CommandValidationException(e.getMessage());
        } catch (ConfigServiceException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ConfigService exception is" + e2.getMessage());
            }
            throw new CommandValidationException(e2.getMessage());
        }
    }

    protected void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        AttributeList attributeList = new AttributeList();
        TaskCommandResultImpl taskCommandResult = getTaskCommandResult();
        if (!taskCommandResult.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            if (this.createMgmScope) {
                ManagementScopeData managementScopeData = new ManagementScopeData(this.scopeName);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_NAME, this.scopeName);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_TYPE, managementScopeData.getScopeType());
                this.mgmScopeObjName = this.cs.createConfigData(this.session, this.security, CommandConstants.MANAGEMENT_SCOPES, (String) null, attributeList);
                attributeList.clear();
            }
            KeyStoreInfo keyStoreInfo = new KeyStoreInfo(this.keyStoreName, this.keyStoreLocation, this.keyStorePassword, this.keyStoreProvider, this.keyStoreType, this.keyStoreIsFileBased, this.keyStoreHostList, this.scopeName, this.mgmScopeObjName, this.keyStoreReadOnly, this.keyStoreInitAtStartup, this.keyStoreStashFile, this.keyStoreCustomProvider, null, this.keyStoreForAcceleration, null, this.keyStoreDescription);
            if (this.keyStoreUsage != null) {
                keyStoreInfo.setUsage(this.keyStoreUsage);
            }
            ObjectName createKeyStoreCmd = KeyStoreHelper.createKeyStoreCmd(this.session, keyStoreInfo, this.createKeyFile, this.createRACFKS);
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.MANAGEMENT_SCOPE, this.mgmScopeObjName);
            this.cs.setAttributes(this.session, createKeyStoreCmd, attributeList);
            attributeList.clear();
            if (this.createWritableKeyrings) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Creating writable keyrings for control and servant region.");
                }
                KeyStoreInfo keyStoreInfo2 = new KeyStoreInfo(this.keyStoreNameCR, this.keyStoreLocationCR, this.keyStorePassword, this.keyStoreProvider, this.keyStoreType, this.keyStoreIsFileBased, this.keyStoreHostList, this.scopeName, this.mgmScopeObjName, false, this.keyStoreInitAtStartup, this.keyStoreStashFile, this.keyStoreCustomProvider, null, this.keyStoreForAcceleration, null, "Writable control region keyring for keystore " + this.keyStoreName);
                keyStoreInfo2.setUsage(this.keyStoreName);
                ObjectName createKeyStoreCmd2 = KeyStoreHelper.createKeyStoreCmd(this.session, keyStoreInfo2, this.createKeyFile, true);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.MANAGEMENT_SCOPE, this.mgmScopeObjName);
                this.cs.setAttributes(this.session, createKeyStoreCmd2, attributeList);
                attributeList.clear();
                KeyStoreInfo keyStoreInfo3 = new KeyStoreInfo(this.keyStoreNameSR, this.keyStoreLocationSR, this.keyStorePassword, this.keyStoreProvider, this.keyStoreType, this.keyStoreIsFileBased, this.keyStoreHostList, this.scopeName, this.mgmScopeObjName, false, this.keyStoreInitAtStartup, this.keyStoreStashFile, this.keyStoreCustomProvider, null, this.keyStoreForAcceleration, null, "Writable servant region keyring for keystore " + this.keyStoreName);
                keyStoreInfo3.setUsage(this.keyStoreName);
                ObjectName createKeyStoreCmd3 = KeyStoreHelper.createKeyStoreCmd(this.session, keyStoreInfo3, this.createKeyFile, true);
                ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.MANAGEMENT_SCOPE, this.mgmScopeObjName);
                this.cs.setAttributes(this.session, createKeyStoreCmd3, attributeList);
                attributeList.clear();
            }
            taskCommandResult.setResult(createKeyStoreCmd);
        } catch (Exception e) {
            taskCommandResult.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }
}
