package com.ibm.ws.security.audit;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.rsadapter.DSConfigHelper;
import com.ibm.ws.security.common.util.AuditConstants;
import com.ibm.ws.security.config.AdminData;
import com.ibm.ws.security.config.AuditKeystoreConfig;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityConfigObjectList;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.wsspi.security.audit.AuditDecryptException;
import com.ibm.wsspi.security.audit.AuditEncryptException;
import com.ibm.wsspi.security.audit.AuditSignException;
import com.ibm.wsspi.security.audit.AuditSigning;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:com/ibm/ws/security/audit/AuditSigningImpl.class */
public class AuditSigningImpl implements AuditSigning {
    AuditCrypto crypto = null;
    String cellName = null;
    String nodeName = null;
    String serverName = null;
    int aliasIncrement = 1;
    private Signature signature = null;
    private byte[] sigBytes = null;
    private int signerKeyStoreIncrement = 1;
    private CertReqInfo certInfo = null;
    private ObjectName mgmScopeObjName = null;
    AuditKeyEncryptor encryptor = null;
    private String signerName = null;
    private String signerType = null;
    private String signerProvider = null;
    private String expandedConfigRoot = KeyStoreManager.getInstance().expand("${CONFIG_ROOT}");
    private String signerKeyFileLocation = null;
    private String signerPassword = null;
    private String signerAlias = null;
    private static final TraceComponent tc = Tr.register((Class<?>) AuditSigningImpl.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static AuditSigningImpl as = null;
    private static String subjectDN = "CN=auditsigner, OU=SWG, O=IBM, C=US";
    private static String keyStoreName = "auditSignerKeyStore_";
    private static String certLabelPrefix = "auditcert";
    private static String CRYPTO_ALGORITHM = Constants.SHA256WITH_RSA;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/security/audit/AuditSigningImpl$OpenKeyStoreAction.class */
    public static class OpenKeyStoreAction implements PrivilegedExceptionAction {
        private String file;

        public OpenKeyStoreAction(String str) {
            this.file = null;
            this.file = str;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws MalformedURLException, IOException {
            if (AuditSigningImpl.tc.isEntryEnabled()) {
                Tr.entry(AuditSigningImpl.tc, "OpenKeyStoreAction.run");
            }
            File file = new File(this.file);
            if (file.exists() && file.length() == 0) {
                throw new IOException("Keystore file exists, but is empty: " + this.file);
            }
            InputStream openStream = (!file.exists() ? new URL(this.file) : new URL("file:" + file.getCanonicalPath())).openStream();
            if (AuditSigningImpl.tc.isEntryEnabled()) {
                Tr.exit(AuditSigningImpl.tc, "OpenKeyStoreAction.run");
            }
            return openStream;
        }
    }

    public AuditSigningImpl(String str, String str2, String str3) throws AuditSignException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "AuditSigningImpl");
        }
        try {
            initialize(str, str2, str3);
        } catch (Exception e) {
            Tr.error(tc, "security.audit.signing.init.error", new Object[]{e});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "AuditSigningImpl");
        }
    }

    @Override // com.ibm.wsspi.security.audit.AuditSigning
    public void initialize(String str, String str2, String str3) throws AuditSignException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize");
        }
        this.cellName = SecurityObjectLocator.getAdminData().getString(AdminData.CELL_NAME);
        this.nodeName = SecurityObjectLocator.getAdminData().getString(AdminData.NODE_NAME);
        this.serverName = SecurityObjectLocator.getAdminData().getString(AdminData.SHORT_SERVER_NAME);
        this.signerAlias = str3;
        this.crypto = new AuditCrypto();
        try {
            this.signature = Signature.getInstance(CRYPTO_ALGORITHM, Security.getProperty("DEFAULT_JCE_PROVIDER"));
            try {
                initSignerKeyStore(str, str2, str3);
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "initialize");
                }
            } catch (Exception e) {
                throw new AuditSignException(e);
            }
        } catch (Exception e2) {
            Tr.error(tc, "security.audit.signing.init.error", new Object[]{e2});
            throw new AuditSignException(e2.getMessage());
        }
    }

    public Key generateSharedKey() throws KeyException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateSharedKey");
        }
        SecretKeySpec secretKeySpec = null;
        try {
            if (this.crypto != null) {
                AuditCrypto auditCrypto = this.crypto;
                secretKeySpec = new SecretKeySpec(AuditCrypto.generate3DESKey(), 0, 24, "3DES");
            }
            if (secretKeySpec == null) {
                throw new com.ibm.websphere.crypto.KeyException("Key could not be generated.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateSharedKey");
            }
            return secretKeySpec;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.audit.AuditEncryptionImpl.generateKey", "98", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error generating key.", new Object[]{e});
            }
            if (e instanceof KeyException) {
                throw ((KeyException) e);
            }
            throw new KeyException(e.getMessage(), e);
        }
    }

    public String generateAliasForSharedKey() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateAliasForSharedKey");
        }
        String str = null;
        if (this.cellName != null && this.nodeName != null && this.serverName != null) {
            str = this.cellName + this.nodeName + this.serverName + "Alias" + new Integer(this.aliasIncrement).toString();
        }
        this.aliasIncrement++;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateAliasForSharedKey: alias = " + str);
        }
        return str;
    }

    public byte[] encryptSharedKey(Key key, Key key2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encryptSharedKey");
        }
        if (key == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "ERROR!!! shared key is null!");
            return null;
        }
        this.encryptor = new AuditKeyEncryptor(key2.getEncoded());
        byte[] encrypt = this.encryptor.encrypt(key.getEncoded());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encryptedSharedKey");
        }
        return encrypt;
    }

    public byte[] decryptSharedKey(byte[] bArr, Key key) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decryptSharedKey");
        }
        if (bArr == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "ERROR!!! shared key is null!");
            return null;
        }
        if (this.encryptor == null) {
            this.encryptor = new AuditKeyEncryptor(key.getEncoded());
        }
        key.getEncoded();
        byte[] decrypt = this.encryptor.decrypt(bArr);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decryptSharedKey");
        }
        return decrypt;
    }

    public X509Certificate retrieveSignerCertificate() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveSignerCertificate");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "signerAlias: " + this.signerAlias + " signerType: " + this.signerType + " signerProvider: " + this.signerProvider + " signerKeyFileLocation: " + this.signerKeyFileLocation);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.signerType, this.signerProvider);
            keyStore.load(openKeyStore(this.signerKeyFileLocation), this.signerPassword.toCharArray());
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(this.signerAlias);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrieveSignerCertificate");
            }
            return x509Certificate;
        } catch (MalformedURLException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: malformed URL", e.getMessage());
            }
            throw new Exception(e.getMessage());
        } catch (IOException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e2.getMessage());
            }
            throw new Exception(e2.getMessage());
        } catch (KeyStoreException e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e3.getMessage());
            }
            throw new Exception(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: no such algorithm", e4.getMessage());
            }
            throw new Exception(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: no such provider.", e5.getMessage());
            }
            throw new Exception(e5.getMessage());
        } catch (CertificateException e6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting certificate.", e6.getMessage());
            }
            throw new Exception(e6.getMessage());
        }
    }

    public Key retrievePrivateSignerKey() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrievePrivateSignerKey");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.signerType, this.signerProvider);
            keyStore.load(openKeyStore(this.signerKeyFileLocation), this.signerPassword.toCharArray());
            Key key = keyStore.getKey(this.signerAlias, this.signerPassword.toCharArray());
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrievePrivateSignerKey");
            }
            return key;
        } catch (MalformedURLException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: malformed URL", e.getMessage());
            }
            throw new Exception(e.getMessage());
        } catch (IOException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e2.getMessage());
            }
            throw new Exception(e2.getMessage());
        } catch (KeyStoreException e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e3.getMessage());
            }
            throw new Exception(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: no such algorithm", e4.getMessage());
            }
            throw new Exception(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore: no such provider.", e5.getMessage());
            }
            throw new Exception(e5.getMessage());
        } catch (UnrecoverableKeyException e6) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e6.getMessage());
            }
            throw new Exception(e6.getMessage());
        } catch (CertificateException e7) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting certificate.", e7.getMessage());
            }
            throw new Exception(e7.getMessage());
        }
    }

    public Key retrievePublicSignerKey() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrievePublicSignerKey");
        }
        try {
            PublicKey publicKey = retrieveSignerCertificate().getPublicKey();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "retrievePublicSignerKey");
            }
            return publicKey;
        } catch (MalformedURLException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e.getMessage());
            }
            throw new Exception(e.getMessage());
        } catch (IOException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e2.getMessage());
            }
            throw new Exception(e2.getMessage());
        } catch (Exception e3) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", e3.getMessage());
            }
            throw new Exception(e3.getMessage());
        }
    }

    public byte[] encrypt(byte[] bArr, Key key) throws AuditEncryptException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "encrypt");
        }
        if (bArr == null) {
            Tr.error(tc, "security.audit.encryption.data.error");
            throw new AuditEncryptException("Invalid data passed into the encryption algorithm.");
        }
        if (key == null) {
            Tr.error(tc, "security.audit.invalid.shared.key.error");
            throw new AuditEncryptException("Invalid shared key has been encountered.");
        }
        new AuditCrypto();
        byte[] encrypt = AuditCrypto.encrypt(bArr, key.getEncoded());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "encrypt");
        }
        return encrypt;
    }

    public byte[] decrypt(byte[] bArr, Key key) throws AuditDecryptException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, AuditConstants.DECRYPT);
        }
        if (bArr == null) {
            Tr.error(tc, "security.audit.decryption.data.error");
            throw new AuditDecryptException("Invalid data passed into the decryption algorithm.");
        }
        if (key == null) {
            Tr.error(tc, "security.audit.invalid.shared.key.error");
            throw new AuditDecryptException("An invalid shared key was detected.");
        }
        new AuditCrypto();
        byte[] decrypt = AuditCrypto.decrypt(bArr, key.getEncoded());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, AuditConstants.DECRYPT);
        }
        return decrypt;
    }

    public byte[] unsign(byte[] bArr, Key key) throws AuditSignException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "unsign");
        }
        if (bArr == null) {
            Tr.error(tc, "security.audit.message.digest.error");
            throw new AuditSignException("MessageDigest is invalid");
        }
        try {
            byte[] decrypt = decrypt(bArr, key);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unsignedData: " + new String(decrypt));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "unsign");
            }
            return decrypt;
        } catch (AuditDecryptException e) {
            throw new AuditSignException(e);
        }
    }

    @Override // com.ibm.wsspi.security.audit.AuditSigning
    public byte[] sign(byte[] bArr, Key key) throws AuditSignException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "sign");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            if (bArr == null) {
                Tr.error(tc, "security.audit.signing.data.error");
                throw new AuditSignException("Invalid data passed into signing algorithm");
            }
            messageDigest.reset();
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            if (digest == null) {
                Tr.error(tc, "security.audit.message.digest.error");
                throw new AuditSignException("MessageDigest is invalid");
            }
            try {
                byte[] encrypt = encrypt(digest, key);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "signedData: " + new String(encrypt));
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "sign");
                }
                return encrypt;
            } catch (AuditEncryptException e) {
                throw new AuditSignException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new AuditSignException(e2);
        }
    }

    @Override // com.ibm.wsspi.security.audit.AuditSigning
    public boolean verify(byte[] bArr, Key key) throws AuditSignException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "verify");
        }
        if (this.signature == null) {
            throw new AuditSignException("Signature is null.  Cannot verify data.");
        }
        try {
            this.signature.initVerify((PublicKey) key);
            this.signature.update(bArr);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "verify");
            }
            return this.signature.verify(this.sigBytes);
        } catch (Exception e) {
            throw new AuditSignException(e);
        }
    }

    public String getSignerKeyFileLocation() {
        return this.signerKeyFileLocation;
    }

    public void initSignerKeyStore(String str, String str2, String str3) throws Exception {
        SecurityConfigManager securityConfigManager;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initSignerKeyStore");
        }
        new AttributeList();
        try {
            securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        } catch (Exception e) {
            try {
                AuditKeystoreConfig auditKeystore = SecurityObjectLocator.getAuditConfig().getAuditKeystore(str);
                this.signerType = auditKeystore.getString("type");
                this.signerProvider = auditKeystore.getString("provider");
                this.signerKeyFileLocation = auditKeystore.getUnexpandedString(AuditKeystoreConfig.LOCATION);
                this.signerPassword = auditKeystore.getDecodedString("password");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Using same keyfile as for encryption: signerType: " + this.signerType + " signerProvider: " + this.signerProvider + " signerKeyFileLocation: " + this.signerKeyFileLocation + " signerPassword: " + this.signerPassword);
                }
            } catch (Exception e2) {
                Tr.debug(tc, "Exception caught on try two: " + e2.getMessage());
                throw new Exception(e2.getMessage());
            }
        }
        if (securityConfigManager == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SecurityConfigManager is null.");
            }
            throw new Exception("SecurityConfigManager does not exist.");
        }
        SecurityConfigObjectList objectList = securityConfigManager.getObjectList("security::keyStores");
        if (objectList != null) {
            int i = 0;
            while (true) {
                if (i >= objectList.size()) {
                    break;
                }
                SecurityConfigObject securityConfigObject = objectList.get(i);
                String string = securityConfigObject.getString("name");
                String string2 = securityConfigObject.getObject(CommandConstants.MANAGEMENT_SCOPE).getString(CommandConstants.SCOPE_NAME);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking name and scope: " + string + ":" + string2);
                }
                if (keyStoreName != null && string.equals(str) && string2 != null && string2.equals(str2)) {
                    this.signerType = securityConfigObject.getString("type");
                    this.signerProvider = securityConfigObject.getString("provider");
                    this.signerKeyFileLocation = securityConfigObject.getUnexpandedString(AuditKeystoreConfig.LOCATION);
                    this.signerPassword = securityConfigObject.getDecodedString("password");
                    break;
                }
                i++;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Not using same keyfile as for encryption: signerType: " + this.signerType + " signerProvider: " + this.signerProvider + " signerKeyFileLocation: " + this.signerKeyFileLocation + " signerPassword: " + this.signerPassword);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initSignerKeyStore");
        }
    }

    public boolean personalCertificateCreate(CertReqInfo certReqInfo) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "personalCertificateCreate");
        }
        String subjectDN2 = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        String str = "file://" + certReqInfo.getFilename();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        ksInfo.getProvider();
        String password = ksInfo.getPassword();
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(ksInfo);
        String str2 = label + "_certreq";
        ArrayList arrayList = new ArrayList();
        arrayList.add("certreq@us.ibm.com");
        arrayList.add("CERTREQUEST");
        arrayList.add(str);
        String substring = subjectDN2.substring(0, subjectDN2.indexOf(","));
        String substring2 = subjectDN2.substring(subjectDN2.indexOf(",") + 1);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "cn: " + substring + " dn: " + substring2);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "IBMJCE");
            keyPairGenerator.initialize(size, SecureRandom.getInstance("IBMSecureRandom", "IBMJCE"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Date date = new Date();
            date.setTime(date.getTime() - 86400000);
            PkSsCertificate newSsCert = PkSsCertFactory.newSsCert(size, subjectDN2, 365, date, true, true, arrayList, (List) null, (List) null, "IBMJCE", generateKeyPair);
            if (newSsCert == null) {
                throw new Exception("SelfSigned create failed.");
            }
            X509Certificate certificate = newSsCert.getCertificate();
            wSKeyStoreRemotable.invokeKeyStoreCommand("setKeyEntryOverwrite", new Object[]{label, newSsCert.getKey(), password.toCharArray(), new X509Certificate[]{certificate}}, Boolean.TRUE);
            try {
                Tr.audit(tc, "Self Signed Certificate: notBefore time: " + certificate.getNotBefore().toString() + " notAfter time: " + certificate.getNotAfter().toString());
            } catch (Throwable th) {
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "personalCertificateCreate");
            }
            return true;
        } catch (Throwable th2) {
            th2.printStackTrace();
            throw new Exception(th2.getMessage());
        }
    }

    public static AttributeList createKeyStoreAttrList(KeyStoreInfo keyStoreInfo) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyStoreAttrList");
        }
        AttributeList attributeList = new AttributeList();
        String name = keyStoreInfo.getName();
        if (name != null) {
            attributeList.add(new Attribute("name", name));
        }
        String location = keyStoreInfo.getLocation();
        if (location != null) {
            attributeList.add(new Attribute(AuditKeystoreConfig.LOCATION, location));
        }
        String type = keyStoreInfo.getType();
        if (type != null) {
            attributeList.add(new Attribute("type", type));
        }
        String password = keyStoreInfo.getPassword();
        if (password != null) {
            attributeList.add(new Attribute("password", password));
        }
        String provider = keyStoreInfo.getProvider();
        if (provider != null) {
            attributeList.add(new Attribute("provider", provider));
        }
        String hostList = keyStoreInfo.getHostList();
        if (hostList != null) {
            attributeList.add(new Attribute("hostList", hostList));
        }
        Integer slot = keyStoreInfo.getSlot();
        if (slot != null) {
            attributeList.add(new Attribute("slot", slot));
        }
        attributeList.add(new Attribute(CommandConstants.MANAGEMENT_SCOPE, keyStoreInfo.getScopeName()));
        attributeList.add(new Attribute("fileBased", keyStoreInfo.getFileBased()));
        attributeList.add(new Attribute(DSConfigHelper.READONLY, keyStoreInfo.getReadOnly()));
        attributeList.add(new Attribute("initializeAtStartup", keyStoreInfo.getInitializeAtStartup()));
        attributeList.add(new Attribute("createStashFileForCMS", keyStoreInfo.getStashFile()));
        attributeList.add(new Attribute("useForAcceleration", keyStoreInfo.getAccelerator()));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyStoreAttrList");
        }
        return attributeList;
    }

    protected static InputStream openKeyStore(String str) throws MalformedURLException, IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "openKeyStore" + str);
        }
        try {
            OpenKeyStoreAction openKeyStoreAction = new OpenKeyStoreAction(KeyStoreManager.getInstance().expand(str));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "openKeyStore");
            }
            return (InputStream) AccessController.doPrivileged(openKeyStoreAction);
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", new Object[]{exception});
            }
            if (exception instanceof MalformedURLException) {
                throw ((MalformedURLException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw new IOException(exception.getMessage());
        }
    }
}
