package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.security.util.DerOutputStream;
import com.ibm.websphere.models.config.ipc.ssl.CryptoHardwareToken;
import com.ibm.websphere.models.config.ipc.ssl.KeyFileFormatKind;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.models.config.ipc.ssl.SecureSocketLayer;
import com.ibm.websphere.models.config.properties.Property;
import com.ibm.websphere.models.config.security.Security;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.security.config.SecurityConfigManager;
import com.ibm.ws.security.config.SecurityConfigObject;
import com.ibm.ws.security.config.SecurityConfigObjectList;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.util.KeyStoreTypeHelper;
import com.ibm.ws.security.util.SASPropFile;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.ws.ssl.core.WSPKCSInKeyStore;
import com.ibm.ws.ssl.core.WSPKCSInKeyStoreList;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.eclipse.emf.common.util.EList;

/* loaded from: input_file:com/ibm/ws/ssl/config/KeyStoreManager.class */
public class KeyStoreManager {
    private HashMap keyStoreMap = new HashMap();
    private HashMap acceleratorMap = new HashMap();
    private static String host;
    private static final TraceComponent tc = Tr.register(KeyStoreManager.class, SSLSocketFactory.SSL, "com.ibm.ws.ssl.resources.ssl");
    private static KeyStoreManager thisClass = null;
    private static HashMap expandMap = new HashMap();
    private static WSPKCSInKeyStoreList pkcsStoreList = new WSPKCSInKeyStoreList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/ssl/config/KeyStoreManager$FileExistsAction.class */
    public class FileExistsAction implements PrivilegedAction {
        private File file;

        public FileExistsAction(File file) {
            this.file = null;
            this.file = file;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                return Boolean.valueOf(this.file.exists());
            } catch (Exception e) {
                return Boolean.FALSE;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/ssl/config/KeyStoreManager$GetKeyStoreInputStreamAction.class */
    public class GetKeyStoreInputStreamAction implements PrivilegedExceptionAction {
        private String file;
        private boolean createStream;

        public GetKeyStoreInputStreamAction(String str, boolean z) {
            this.file = null;
            this.createStream = false;
            this.file = str;
            this.createStream = z;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws MalformedURLException, IOException {
            if (KeyStoreManager.tc.isEntryEnabled()) {
                Tr.entry(KeyStoreManager.tc, "GetKeyStoreInputStreamAction.run");
            }
            InputStream inputStream = null;
            URL url = null;
            boolean contains = this.file.contains("#");
            File file = new File(this.file);
            if (this.createStream && !file.exists()) {
                file.createNewFile();
                if (!contains) {
                    url = file.toURL();
                }
            } else {
                if (file.exists() && file.length() == 0) {
                    throw new IOException("Keystore file exists, but is empty: " + this.file);
                }
                if (!file.exists()) {
                    url = new URL(this.file);
                } else if (!contains) {
                    url = file.toURL();
                }
            }
            if (url != null) {
                inputStream = url.openStream();
            } else if (contains) {
                inputStream = new FileInputStream(file);
            }
            if (KeyStoreManager.tc.isEntryEnabled()) {
                Tr.exit(KeyStoreManager.tc, "GetKeyStoreInputStreamAction.run");
            }
            return inputStream;
        }
    }

    /* loaded from: input_file:com/ibm/ws/ssl/config/KeyStoreManager$GetKeyStoreOutputStreamAction.class */
    class GetKeyStoreOutputStreamAction implements PrivilegedExceptionAction {
        private String file;

        public GetKeyStoreOutputStreamAction(String str) {
            this.file = null;
            this.file = str;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws MalformedURLException, IOException {
            if (KeyStoreManager.tc.isEntryEnabled()) {
                Tr.entry(KeyStoreManager.tc, "GetKeyStoreOutputStreamAction.run", new Object[]{this.file});
            }
            if (this.file.startsWith("safkeyring://")) {
                OutputStream outputStream = new URL(this.file).openConnection().getOutputStream();
                if (KeyStoreManager.tc.isEntryEnabled()) {
                    Tr.exit(KeyStoreManager.tc, "GetKeyStoreOutputStreamAction.run (safkeyring)");
                }
                return outputStream;
            }
            try {
                this.file = new URL(this.file).getFile();
                while (this.file.startsWith("/")) {
                    this.file = this.file.substring(1);
                }
            } catch (MalformedURLException e) {
            }
            if (KeyStoreManager.tc.isDebugEnabled()) {
                Tr.debug(KeyStoreManager.tc, "File path for OutputStream: " + this.file);
            }
            File file = new File(this.file);
            if (file.exists() && !file.canWrite()) {
                throw new IOException("Cannot write to KeyStore file: " + this.file);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            if (KeyStoreManager.tc.isEntryEnabled()) {
                Tr.exit(KeyStoreManager.tc, "GetKeyStoreOutputStreamAction.run");
            }
            return fileOutputStream;
        }
    }

    KeyStoreManager() {
    }

    public static KeyStoreManager getInstance() {
        if (thisClass == null) {
            getHostName();
            thisClass = new KeyStoreManager();
        }
        return thisClass;
    }

    public void loadKeyStores(Security security) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadKeyStores");
        }
        clearKeyStoreMap();
        EList keyStores = security.getKeyStores();
        for (int i = 0; i < keyStores.size(); i++) {
            KeyStore keyStore = (KeyStore) keyStores.get(i);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Loading KeyStore name " + keyStore.getName() + ".");
            }
            loadWCCMKeyStore(keyStore);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyStores");
        }
    }

    public void loadWCCMKeyStore(KeyStore keyStore) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadWCCMKeyStore");
        }
        String str = null;
        if (keyStore.getManagementScope() != null) {
            str = keyStore.getManagementScope().getScopeName();
        }
        if (str != null && !ManagementScopeManager.getInstance().currentScopeContained(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is not in the current scope.");
                return;
            }
            return;
        }
        String name = keyStore.getName();
        WSKeyStore wSKeyStore = new WSKeyStore(keyStore);
        if (name != null && wSKeyStore != null) {
            addKeyStoreIfNotDuplicate(name, wSKeyStore);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadWCCMKeyStore (keystore)");
        }
    }

    public WSKeyStore[] loadOldWCCMKeyStores(String str, String str2, SecureSocketLayer secureSocketLayer) throws Exception {
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadOldWCCMKeyStore");
        }
        if (SSLConfigManager.getInstance().getGlobalProperty("com.ibm.websphere.ssl.ignore.jvm.keystores", "false").equalsIgnoreCase("true")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "returning null as com.ibm.websphere.ssl.ignore.jvm.keystores is set. ");
            return null;
        }
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String str10 = null;
        String str11 = null;
        String str12 = null;
        String str13 = null;
        String str14 = null;
        String str15 = null;
        String str16 = null;
        String str17 = null;
        if (secureSocketLayer == null || str2 == null || !str2.equals("SSSL")) {
            if (secureSocketLayer != null && secureSocketLayer.isSetEnableCryptoHardwareSupport() && secureSocketLayer.isEnableCryptoHardwareSupport()) {
                str3 = "true";
                CryptoHardwareToken cryptoHardware = secureSocketLayer.getCryptoHardware();
                str17 = cryptoHardware.getTokenType();
                str14 = cryptoHardware.getLibraryFile();
                str15 = cryptoHardware.getPassword();
            } else {
                str3 = "false";
            }
            if (secureSocketLayer != null && secureSocketLayer.getKeyFileName() != null && !secureSocketLayer.getKeyFileName().equals(StringUtils.EMPTY)) {
                str6 = expand(secureSocketLayer.getKeyFileName());
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.keyStore") != null && System.getProperty("javax.net.ssl.keyStore").length() > 0) {
                str6 = System.getProperty("javax.net.ssl.keyStore");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  keyStoreName was not set");
            }
            if (secureSocketLayer != null && secureSocketLayer.getKeyFilePassword() != null && !secureSocketLayer.getKeyFilePassword().equals(StringUtils.EMPTY)) {
                str7 = secureSocketLayer.getKeyFilePassword();
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.keyStorePassword") != null && System.getProperty("javax.net.ssl.keyStorePassword").length() > 0) {
                str7 = System.getProperty("javax.net.ssl.keyStorePassword");
                if (str7 != null) {
                    str7 = SSLConfig.decodePassword(str7);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Decoded keyStorePassword from system prop.");
                    }
                    System.setProperty("javax.net.ssl.keyStorePassword", str7);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  keyStorePassword was not set");
            }
            if (secureSocketLayer != null && secureSocketLayer.getKeyFileFormat() != null && !secureSocketLayer.getKeyFileFormat().equals(StringUtils.EMPTY)) {
                str8 = getKeyStoreType(secureSocketLayer.getKeyFileFormat());
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.keyStoreType") != null && System.getProperty("javax.net.ssl.keyStoreType").length() > 0) {
                str8 = System.getProperty("javax.net.ssl.keyStoreType");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  keyStoreFormat was not set");
            }
            if (secureSocketLayer == null && System.getProperty("javax.net.ssl.keyStoreProvider") != null && System.getProperty("javax.net.ssl.keyStoreProvider").length() > 0) {
                str9 = System.getProperty("javax.net.ssl.keyStoreProvider");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  keyStoreProvider was not set");
            }
            if (secureSocketLayer != null && secureSocketLayer.getTrustFileName() != null && !secureSocketLayer.getTrustFileName().equals(StringUtils.EMPTY)) {
                str10 = expand(secureSocketLayer.getTrustFileName());
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.trustStore") != null && System.getProperty("javax.net.ssl.trustStore").length() > 0) {
                str10 = System.getProperty("javax.net.ssl.trustStore");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  trustStoreProvider was not set");
            }
            if (secureSocketLayer != null && secureSocketLayer.getTrustFilePassword() != null && !secureSocketLayer.getTrustFilePassword().equals(StringUtils.EMPTY)) {
                str11 = secureSocketLayer.getTrustFilePassword();
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.trustStorePassword") != null && System.getProperty("javax.net.ssl.trustStorePassword").length() > 0) {
                str11 = System.getProperty("javax.net.ssl.trustStorePassword");
                if (str11 != null) {
                    str11 = SSLConfig.decodePassword(str11);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Decoded trustStorePassword from system prop.");
                    }
                    System.setProperty("javax.net.ssl.trustStorePassword", str11);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  trustStorePassword was not set");
            }
            if (secureSocketLayer != null && secureSocketLayer.getTrustFileFormat() != null && !secureSocketLayer.getTrustFileFormat().equals(StringUtils.EMPTY)) {
                str12 = getKeyStoreType(secureSocketLayer.getTrustFileFormat());
            } else if (secureSocketLayer == null && System.getProperty("javax.net.ssl.trustStoreType") != null && System.getProperty("javax.net.ssl.trustStoreType").length() > 0) {
                str12 = System.getProperty("javax.net.ssl.trustStoreType");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  trustStoreFormat was not set");
            }
            if (secureSocketLayer == null && System.getProperty("javax.net.ssl.trustStoreProvider") != null && System.getProperty("javax.net.ssl.trustStoreProvider").length() > 0) {
                str13 = System.getProperty("javax.net.ssl.trustStoreProvider");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Due to missing property,  trustStoreProvider was not set");
            }
        } else if (secureSocketLayer != null && secureSocketLayer.isSetEnableCryptoHardwareSupport() && secureSocketLayer.isEnableCryptoHardwareSupport()) {
            str8 = "JCE4758KS";
            str6 = secureSocketLayer.getKeyFileName();
            if (str6 != null) {
                str6 = "safkeyringhw:///" + str6;
            }
            str7 = secureSocketLayer.getKeyFilePassword();
            if (str7 == null) {
                str7 = "password";
            }
            str3 = "true";
        } else {
            str8 = "JCERACFKS";
            str6 = secureSocketLayer.getKeyFileName();
            if (str6 != null) {
                str6 = "safkeyring:///" + str6;
            }
            str7 = secureSocketLayer.getKeyFilePassword();
            if (str7 == null) {
                str7 = "password";
            }
            str3 = "false";
        }
        if (secureSocketLayer != null) {
            for (int i = 0; i < secureSocketLayer.getProperties().size(); i++) {
                Property property = (Property) secureSocketLayer.getProperties().get(i);
                if (property != null) {
                    if (property.getName().equals(SASPropFile.TOKEN_SLOT)) {
                        str16 = property.getValue();
                    } else if (property.getName().equals(SASPropFile.CLIENT_KEY_ALIAS)) {
                        str4 = property.getValue();
                    } else if (property.getName().equals(SASPropFile.SERVER_KEY_ALIAS)) {
                        str5 = property.getValue();
                    }
                }
            }
        }
        WSKeyStore wSKeyStore = null;
        WSKeyStore wSKeyStore2 = null;
        if (str14 != null || str6 != null) {
            wSKeyStore = new WSKeyStore();
            if (str3 != null) {
                wSKeyStore.setProperty("com.ibm.ssl.tokenEnabled", str3);
            }
            wSKeyStore.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
            if (str4 != null) {
                wSKeyStore.setProperty(SASPropFile.CLIENT_KEY_ALIAS, str4);
            }
            if (str5 != null) {
                wSKeyStore.setProperty(SASPropFile.SERVER_KEY_ALIAS, str5);
            }
            if (secureSocketLayer != null && str2 != null && str2.equals("SSSL")) {
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
                if (str6 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str6);
                }
                if (str7 != null) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str7);
                }
                if (str8 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str8);
                    if (str8.equals("JKS") || str8.equals("JCEKS") || str8.equals("PKCS12")) {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                    } else {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                    }
                }
                wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            } else if (str3.equals("true")) {
                if (str14 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_LIBRARY_FILE, str14);
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str14);
                }
                if (str15 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_PASSWORD, str15);
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str15);
                }
                if (str17 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_TYPE, str17);
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str17);
                }
                if (str16 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_SLOT, str16);
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreSlot", str16);
                }
                wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMPKCS11Impl");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "true");
            } else {
                if (str6 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str6);
                }
                if (str7 != null) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str7);
                }
                if (str8 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str8);
                    if (str8.equals("JKS") || str8.equals("JCEKS") || str8.equals("PKCS12")) {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                    } else {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                    }
                }
                if (str8 == null || !str8.equals("JCE4758KS")) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "false");
                } else {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                }
                if (str9 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, str9);
                } else {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
                }
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding KeyStore name: " + str + "_key");
            }
            wSKeyStore.setProperty("com.ibm.ssl.keyStoreName", str + "_key");
            addKeyStoreIfNotDuplicate(str + "_key", wSKeyStore);
        }
        if (str10 != null) {
            wSKeyStore2 = new WSKeyStore();
            wSKeyStore2.setProperty("com.ibm.ssl.tokenEnabled", "false");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
            wSKeyStore2.setProperty(SASPropFile.KEY_FILE_NAME, str10);
            if (str11 != null) {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStorePassword", str11);
            }
            if (str12 != null) {
                wSKeyStore2.setProperty(SASPropFile.KEY_STORE_TYPE, str12);
                if (str12.equals("JKS") || str12.equals("JCEKS") || str12.equals("PKCS12")) {
                    wSKeyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                } else {
                    wSKeyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                }
            }
            if (str12 == null || !str12.equals("JCE4758KS")) {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStoreReadOnly", "false");
            } else {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
            }
            if (str13 != null) {
                wSKeyStore2.setProperty(SASPropFile.KEY_STORE_PROVIDER, str13);
            } else {
                wSKeyStore2.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
            }
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "true");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding TrustStore name: " + str + "_trust");
            }
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreName", str + "_trust");
            addKeyStoreIfNotDuplicate(str + "_trust", wSKeyStore2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Total Number of KeyStores: " + this.keyStoreMap.size());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadOldWCCMKeyStore");
        }
        if (wSKeyStore != null && wSKeyStore2 != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning key and trust.");
            }
            return new WSKeyStore[]{wSKeyStore, wSKeyStore2};
        }
        if (wSKeyStore != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Copying key to trust.");
            }
            WSKeyStore wSKeyStore3 = (WSKeyStore) wSKeyStore.clone();
            wSKeyStore3.setProperty("com.ibm.ssl.keyStoreName", str + "_trust");
            addKeyStoreIfNotDuplicate(str + "_trust", wSKeyStore3);
            return new WSKeyStore[]{wSKeyStore, wSKeyStore3};
        }
        if (wSKeyStore2 == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Not returning any KeyStores from old WCCM config.");
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Copying trust to key.");
        }
        WSKeyStore wSKeyStore4 = (WSKeyStore) wSKeyStore2.clone();
        wSKeyStore4.setProperty("com.ibm.ssl.keyStoreName", str + "_key");
        addKeyStoreIfNotDuplicate(str + "_key", wSKeyStore4);
        return new WSKeyStore[]{wSKeyStore4, wSKeyStore2};
    }

    public void loadKeyStores(SecurityConfigObject securityConfigObject) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadKeyStores");
        }
        clearKeyStoreMap();
        SecurityConfigObjectList objectList = securityConfigObject.getObjectList("keyStores");
        for (int i = 0; i < objectList.size(); i++) {
            SecurityConfigObject securityConfigObject2 = objectList.get(i);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Loading KeyStore name " + securityConfigObject2.getString("name") + ".");
            }
            loadKeyStore(securityConfigObject2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadKeyStores");
        }
    }

    public void loadKeyStore(SecurityConfigObject securityConfigObject) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadWCCMKeyStore");
        }
        String str = null;
        SecurityConfigObject object = securityConfigObject.getObject("managementScope");
        if (object != null) {
            str = object.getString("scopeName");
        }
        if (str != null && !ManagementScopeManager.getInstance().currentScopeContained(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is not in the current scope.");
                return;
            }
            return;
        }
        String string = securityConfigObject.getString("name");
        WSKeyStore wSKeyStore = new WSKeyStore(securityConfigObject);
        if (string != null && wSKeyStore != null) {
            addKeyStoreIfNotDuplicate(string, wSKeyStore);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadWCCMKeyStore (keystore)");
        }
    }

    public WSKeyStore[] loadOldWCCMKeyStores(String str, String str2, SecurityConfigObject securityConfigObject) throws Exception {
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "loadOldWCCMKeyStores");
        }
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        String str10 = null;
        String str11 = null;
        String str12 = null;
        String str13 = null;
        String str14 = null;
        String str15 = null;
        if (securityConfigObject == null || str2 == null || !str2.equals("SSSL")) {
            if (securityConfigObject != null && securityConfigObject.isSet("enableCryptoHardwareSupport") && securityConfigObject.getBoolean("enableCryptoHardwareSupport").booleanValue()) {
                str3 = "true";
                SecurityConfigObject object = securityConfigObject.getObject("cryptoHardware");
                str15 = object.getString("tokenType");
                str12 = object.getUnexpandedString("libraryFile");
                str13 = object.getDecodedString("password");
            } else {
                str3 = "false";
            }
            if (securityConfigObject == null && System.getProperty("javax.net.ssl.keyStoreProvider") != null) {
                System.getProperty("javax.net.ssl.keyStoreProvider");
            }
            if (securityConfigObject != null && securityConfigObject.getUnexpandedString("keyFileName") != null && !securityConfigObject.getUnexpandedString("keyFileName").equals(StringUtils.EMPTY)) {
                str6 = expand(securityConfigObject.getUnexpandedString("keyFileName"));
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.keyStore") != null) {
                str6 = System.getProperty("javax.net.ssl.keyStore");
            }
            String decodedString = securityConfigObject != null ? securityConfigObject.getDecodedString("keyFilePassword") : null;
            if (decodedString != null && !decodedString.equals(StringUtils.EMPTY)) {
                str7 = decodedString;
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.keyStorePassword") != null) {
                str7 = System.getProperty("javax.net.ssl.keyStorePassword");
                if (str7 != null) {
                    str7 = SSLConfig.decodePassword(str7);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Decoded keyStorePassword from system prop.");
                    }
                    System.setProperty("javax.net.ssl.keyStorePassword", str7);
                }
            }
            if (securityConfigObject != null && securityConfigObject.getString("keyFileFormat", "JKS") != null && !securityConfigObject.getString("keyFileFormat", "JKS").equals(StringUtils.EMPTY)) {
                str8 = securityConfigObject.getString("keyFileFormat", "JKS");
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.keyStoreType") != null) {
                str8 = System.getProperty("javax.net.ssl.keyStoreType");
            }
            if (securityConfigObject == null && System.getProperty("javax.net.ssl.keyStoreProvider") != null) {
                System.getProperty("javax.net.ssl.keyStoreProvider");
            }
            if (securityConfigObject != null && securityConfigObject.getUnexpandedString("trustFileName") != null && !securityConfigObject.getUnexpandedString("trustFileName").equals(StringUtils.EMPTY)) {
                str9 = expand(securityConfigObject.getUnexpandedString("trustFileName"));
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.trustStore") != null) {
                str9 = System.getProperty("javax.net.ssl.trustStore");
            }
            String decodedString2 = securityConfigObject != null ? securityConfigObject.getDecodedString("trustFilePassword") : null;
            if (decodedString2 != null && !decodedString2.equals(StringUtils.EMPTY)) {
                str10 = decodedString2;
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.trustStorePassword") != null) {
                str10 = System.getProperty("javax.net.ssl.trustStorePassword");
                if (str10 != null) {
                    str10 = SSLConfig.decodePassword(str10);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Decoded trustStorePassword from system prop.");
                    }
                    System.setProperty("javax.net.ssl.trustStorePassword", str10);
                }
            }
            if (securityConfigObject != null && securityConfigObject.getString("trustFileFormat", "JKS") != null && !securityConfigObject.getString("trustFileFormat", "JKS").equals(StringUtils.EMPTY)) {
                str11 = securityConfigObject.getString("trustFileFormat", "JKS");
            } else if (securityConfigObject == null && System.getProperty("javax.net.ssl.trustStoreType") != null) {
                str11 = System.getProperty("javax.net.ssl.trustStoreType");
            }
            if (securityConfigObject == null && System.getProperty("javax.net.ssl.trustStoreProvider") != null) {
                System.getProperty("javax.net.ssl.trustStoreProvider");
            }
        } else if (securityConfigObject != null && securityConfigObject.isSet("enableCryptoHardwareSupport") && securityConfigObject.getBoolean("enableCryptoHardwareSupport").booleanValue()) {
            str8 = "JCE4758KS";
            str6 = securityConfigObject.getUnexpandedString("keyFileName");
            if (str6 != null) {
                str6 = "safkeyringhw:///" + str6;
            }
            str7 = securityConfigObject.getUnexpandedString("keyFilePassword");
            if (str7 == null) {
                str7 = "password";
            }
            str3 = "true";
        } else {
            str8 = "JCERACFKS";
            str6 = securityConfigObject.getUnexpandedString("keyFileName");
            if (str6 != null) {
                str6 = "safkeyring:///" + str6;
            }
            str7 = securityConfigObject.getUnexpandedString("keyFilePassword");
            if (str7 == null) {
                str7 = "password";
            }
            str3 = "false";
        }
        if (securityConfigObject != null) {
            SecurityConfigObjectList objectList = securityConfigObject.getObjectList("properties");
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                if (securityConfigObject2 != null) {
                    String string = securityConfigObject2.getString("name");
                    if (string.equals(SASPropFile.TOKEN_SLOT)) {
                        str14 = securityConfigObject2.getString("value");
                    } else if (string.equals(SASPropFile.CLIENT_KEY_ALIAS)) {
                        str4 = securityConfigObject2.getString("value");
                    } else if (string.equals(SASPropFile.SERVER_KEY_ALIAS)) {
                        str5 = securityConfigObject2.getString("value");
                    }
                }
            }
        }
        WSKeyStore wSKeyStore = null;
        WSKeyStore wSKeyStore2 = null;
        if (str12 != null || str6 != null) {
            wSKeyStore = new WSKeyStore();
            if (str3 != null) {
                wSKeyStore.setProperty("com.ibm.ssl.tokenEnabled", str3);
            }
            wSKeyStore.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
            if (str4 != null) {
                wSKeyStore.setProperty(SASPropFile.CLIENT_KEY_ALIAS, str4);
            }
            if (str5 != null) {
                wSKeyStore.setProperty(SASPropFile.SERVER_KEY_ALIAS, str5);
            }
            if (securityConfigObject != null && str2 != null && str2.equals("SSSL")) {
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
                if (str6 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str6);
                }
                if (str7 != null) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str7);
                }
                if (str8 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str8);
                    if (str8.equals("JKS") || str8.equals("JCEKS") || str8.equals("PKCS12")) {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                    } else {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                    }
                }
                wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            } else if (str3.equals("true")) {
                if (str12 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_LIBRARY_FILE, str12);
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str12);
                }
                if (str13 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_PASSWORD, str13);
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str13);
                }
                if (str15 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_TYPE, str15);
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str15);
                }
                if (str14 != null) {
                    wSKeyStore.setProperty(SASPropFile.TOKEN_SLOT, str14);
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreSlot", str14);
                }
                wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMPKCS11Impl");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "true");
            } else {
                if (str6 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_FILE_NAME, str6);
                }
                if (str7 != null) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStorePassword", str7);
                }
                if (str8 != null) {
                    wSKeyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str8);
                    if (str8.equals("JKS") || str8.equals("JCEKS") || str8.equals("PKCS12")) {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                    } else {
                        wSKeyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                    }
                }
                if (str8 == null || !str8.equals("JCE4758KS")) {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "false");
                } else {
                    wSKeyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
                }
                wSKeyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "true");
                wSKeyStore.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding KeyStore name: " + str + "_key");
            }
            wSKeyStore.setProperty("com.ibm.ssl.keyStoreName", str + "_key");
            addKeyStoreIfNotDuplicate(str + "_key", wSKeyStore);
        }
        if (str9 != null) {
            wSKeyStore2 = new WSKeyStore();
            wSKeyStore2.setProperty("com.ibm.ssl.tokenEnabled", "false");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreScope", ManagementScopeManager.getInstance().getCellScopeName());
            wSKeyStore2.setProperty(SASPropFile.KEY_FILE_NAME, str9);
            if (str10 != null) {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStorePassword", str10);
            }
            if (str11 != null) {
                wSKeyStore2.setProperty(SASPropFile.KEY_STORE_TYPE, str11);
                if (str11.equals("JKS") || str11.equals("JCEKS") || str11.equals("PKCS12")) {
                    wSKeyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                } else {
                    wSKeyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                }
            }
            if (str11 == null || !str11.equals("JCE4758KS")) {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStoreReadOnly", "false");
            } else {
                wSKeyStore2.setProperty("com.ibm.ssl.keyStoreReadOnly", "true");
            }
            wSKeyStore2.setProperty(SASPropFile.KEY_STORE_PROVIDER, "IBMJCE");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreInitializeAtStartup", "false");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreCreateCMSStash", "true");
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreUseForAcceleration", "false");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Adding TrustStore name: " + str + "_trust");
            }
            wSKeyStore2.setProperty("com.ibm.ssl.keyStoreName", str + "_trust");
            addKeyStoreIfNotDuplicate(str + "_trust", wSKeyStore2);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Total Number of KeyStores: " + this.keyStoreMap.size());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "loadOldWCCMKeyStore");
        }
        if (wSKeyStore != null && wSKeyStore2 != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning key and trust.");
            }
            return new WSKeyStore[]{wSKeyStore, wSKeyStore2};
        }
        if (wSKeyStore != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Copying key to trust.");
            }
            WSKeyStore wSKeyStore3 = (WSKeyStore) wSKeyStore.clone();
            wSKeyStore3.setProperty("com.ibm.ssl.keyStoreName", str + "_trust");
            addKeyStoreIfNotDuplicate(str + "_trust", wSKeyStore3);
            return new WSKeyStore[]{wSKeyStore, wSKeyStore3};
        }
        if (wSKeyStore2 == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Not returning any KeyStores from old WCCM config.");
            return null;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Copying trust to key.");
        }
        WSKeyStore wSKeyStore4 = (WSKeyStore) wSKeyStore2.clone();
        wSKeyStore4.setProperty("com.ibm.ssl.keyStoreName", str + "_key");
        addKeyStoreIfNotDuplicate(str + "_key", wSKeyStore4);
        return new WSKeyStore[]{wSKeyStore4, wSKeyStore2};
    }

    public boolean checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot(SSLConfig sSLConfig) {
        String str;
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot");
        }
        boolean z = false;
        boolean z2 = false;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        try {
            String property = sSLConfig.getProperty("com.ibm.ssl.keyStoreName");
            WSKeyStore keyStore = getKeyStore(property);
            if (keyStore == null) {
                keyStore = new WSKeyStore();
                if (property != null) {
                    keyStore.setProperty("com.ibm.ssl.keyStoreName", property);
                }
                str3 = sSLConfig.getProperty("com.ibm.ssl.keyStoreFileBased");
                if (str3 != null) {
                    keyStore.setProperty("com.ibm.ssl.keyStoreFileBased", str3);
                }
                str8 = sSLConfig.getProperty("com.ibm.ssl.keyStoreReadOnly");
                if (str8 != null) {
                    keyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", str8);
                }
                str4 = sSLConfig.getProperty(SASPropFile.KEY_FILE_NAME);
                if (str4 != null) {
                    keyStore.setProperty(SASPropFile.KEY_FILE_NAME, str4);
                }
                str5 = sSLConfig.getProperty("com.ibm.ssl.keyStorePassword");
                if (str5 != null) {
                    keyStore.setProperty("com.ibm.ssl.keyStorePassword", str5);
                }
                String property2 = sSLConfig.getProperty("com.ibm.ssl.tokenEnabled");
                if (property2 != null) {
                    keyStore.setProperty("com.ibm.ssl.tokenEnabled", property2);
                }
                str6 = sSLConfig.getProperty(SASPropFile.KEY_STORE_TYPE);
                if (str6 != null) {
                    keyStore.setProperty(SASPropFile.KEY_STORE_TYPE, str6);
                    if (str6.equals("JKS") || str6.equals("JCEKS") || str6.equals("PKCS12") || str6.equals("CMSKS")) {
                        keyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "true");
                        str3 = "true";
                    } else {
                        keyStore.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                        str3 = "false";
                    }
                    if (str6.equals("PKCS11") || str6.equals("JCE4758KS")) {
                        keyStore.setProperty("com.ibm.ssl.tokenEnabled", "true");
                    }
                    str8 = sSLConfig.getProperty("com.ibm.ssl.keyStoreReadOnly");
                    if (str8 != null) {
                        keyStore.setProperty("com.ibm.ssl.keyStoreReadOnly", str8);
                    }
                }
                String property3 = sSLConfig.getProperty("com.ibm.ssl.tokenConfigFile");
                if (property3 != null) {
                    keyStore.setProperty("com.ibm.ssl.tokenConfigFile", property3);
                }
                str7 = sSLConfig.getProperty(SASPropFile.KEY_STORE_PROVIDER);
                if (str7 != null) {
                    if (str7.equals("IBMPKCS11Impl")) {
                        keyStore.setProperty("com.ibm.ssl.tokenEnabled", "true");
                    }
                    keyStore.setProperty(SASPropFile.KEY_STORE_PROVIDER, str7);
                }
                str9 = sSLConfig.getProperty("com.ibm.ssl.keyStoreScope");
                if (str9 != null) {
                    keyStore.setProperty("com.ibm.ssl.keyStoreScope", str9);
                }
                this.keyStoreMap.put(property, keyStore);
            }
            if (str3 == null) {
                str3 = keyStore.getProperty("com.ibm.ssl.keyStoreFileBased");
            }
            if (str8 == null) {
                str8 = keyStore.getProperty("com.ibm.ssl.keyStoreReadOnly");
            }
            if (str4 == null) {
                str4 = keyStore.getProperty(SASPropFile.KEY_FILE_NAME);
            }
            Certificate certificate = null;
            if (str3 != null && str3.equals("true") && str8 != null && str8.equals("false") && property != null && property.endsWith("DefaultKeyStore")) {
                try {
                    str2 = new URL(str4).getFile();
                    while (str2.startsWith("/")) {
                        str2 = str2.substring(1);
                    }
                } catch (MalformedURLException e) {
                    str2 = str4;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "File path for OutputStream: " + str2);
                }
                File file = null;
                Boolean bool = Boolean.FALSE;
                if (str2 != null) {
                    file = new File(str2);
                    bool = (Boolean) AccessController.doPrivileged(new FileExistsAction(file));
                }
                if (file != null && bool.booleanValue()) {
                    z = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot -> (keystore exists)");
                    }
                } else if (file != null) {
                    String str10 = str2;
                    if (str5 == null) {
                        str5 = keyStore.getProperty("com.ibm.ssl.keyStorePassword");
                    }
                    if (str6 == null) {
                        str6 = keyStore.getProperty(SASPropFile.KEY_STORE_TYPE);
                    }
                    if (str7 == null) {
                        str7 = keyStore.getProperty(SASPropFile.KEY_STORE_PROVIDER);
                    }
                    if (str9 == null) {
                        str9 = keyStore.getProperty("com.ibm.ssl.keyStoreScope");
                    }
                    KeyStoreInfo keyStoreInfo = new KeyStoreInfo(property, str10, str5, str7, str6, Boolean.TRUE, null, str9, null, Boolean.FALSE, Boolean.TRUE, Boolean.FALSE, null, new Integer(0), Boolean.FALSE, null, null);
                    String property4 = sSLConfig.getProperty(SASPropFile.CLIENT_KEY_ALIAS);
                    String globalProperty = SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqAlias", "default");
                    try {
                        certificate = CertificateManager.getInstance().chainedCertificateCreate(new CertReqInfo(property4 != null ? property4 : globalProperty != null ? globalProperty : "default", new Integer(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqKeySize", "2048")).intValue(), expand(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqSubjectDN", "cn=${hostname},o=IBM,c=US")), new Integer(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqDays", "5475")).intValue(), keyStoreInfo, null), "root", null);
                    } catch (NoClassDefFoundError e2) {
                        Manager.Ffdc.log(e2, this, "com.ibm.ws.ssl.config.KeyStoreManager.checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot", "%c%", this, new Object[]{e2});
                        Tr.error(tc, TraceNLSHelper.getInstance().getFormattedMessage("ssl.chained.create.error.CWPKI0043E", new Object[]{e2.toString()}, "Error creating a chained certificate due to: " + e2));
                        throw e2;
                    }
                }
            }
            String property5 = sSLConfig.getProperty("com.ibm.ssl.trustStoreName");
            WSKeyStore keyStore2 = getKeyStore(property5);
            String str11 = null;
            String str12 = null;
            if (keyStore2 == null) {
                keyStore2 = new WSKeyStore();
                if (property5 != null) {
                    keyStore2.setProperty("com.ibm.ssl.keyStoreName", property5);
                }
                str11 = sSLConfig.getProperty("com.ibm.ssl.trustStoreFileBased");
                if (str11 != null) {
                    keyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", str11);
                }
                str12 = sSLConfig.getProperty(SASPropFile.TRUST_FILE_NAME);
                if (str12 != null) {
                    keyStore2.setProperty(SASPropFile.KEY_FILE_NAME, str12);
                }
                String property6 = sSLConfig.getProperty("com.ibm.ssl.trustStorePassword");
                if (property6 != null) {
                    keyStore2.setProperty("com.ibm.ssl.keyStorePassword", property6);
                }
                if (0 != 0) {
                    keyStore2.setProperty("com.ibm.ssl.tokenEnabled", null);
                }
                String property7 = sSLConfig.getProperty(SASPropFile.TRUST_STORE_TYPE);
                if (property7 != null) {
                    if (property7.equals("PKCS11") || property7.equals("JCE4758KS")) {
                        keyStore2.setProperty("com.ibm.ssl.tokenEnabled", "true");
                    }
                    if (property7.equals("JCERACFKS") || property7.equals("JCE4758KS") || property7.equals("JCEHYBRIDRACFKS")) {
                        keyStore2.setProperty("com.ibm.ssl.keyStoreFileBased", "false");
                    }
                    keyStore2.setProperty(SASPropFile.KEY_STORE_TYPE, property7);
                }
                String property8 = sSLConfig.getProperty("com.ibm.ssl.tokenConfigFile");
                if (property8 != null) {
                    keyStore2.setProperty("com.ibm.ssl.tokenConfigFile", property8);
                }
                String property9 = sSLConfig.getProperty(SASPropFile.TRUST_STORE_PROVIDER);
                if (property9 != null) {
                    keyStore2.setProperty(SASPropFile.KEY_STORE_PROVIDER, property9);
                }
                String property10 = sSLConfig.getProperty("com.ibm.ssl.trustStoreReadOnly");
                if (property10 != null) {
                    keyStore2.setProperty("com.ibm.ssl.keyStoreReadOnly", property10);
                }
                this.keyStoreMap.put(property5, keyStore2);
            }
            if (str11 == null) {
                str11 = keyStore2.getProperty("com.ibm.ssl.keyStoreFileBased");
            }
            if (str12 == null) {
                str12 = keyStore2.getProperty(SASPropFile.KEY_FILE_NAME);
            }
            if (!z && str11 != null && str11.equals("true") && property5 != null && property5.endsWith("DefaultTrustStore")) {
                try {
                    str = new URL(str12).getFile();
                    while (str.startsWith("/")) {
                        str = str.substring(1);
                    }
                } catch (MalformedURLException e3) {
                    str = str12;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "File path for OutputStream: " + str);
                }
                if (((Boolean) AccessController.doPrivileged(new FileExistsAction(new File(str)))).booleanValue()) {
                    z2 = true;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot -> (truststore exists)");
                    }
                } else {
                    java.security.KeyStore keyStore3 = keyStore2.getKeyStore(false, false);
                    if (keyStore3 != null && certificate != null) {
                        keyStore3.setCertificateEntry("default_signer", certificate);
                        keyStore2.store();
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Signer set in new truststore file.");
                        }
                    }
                }
            }
        } catch (Exception e4) {
            Manager.Ffdc.log(e4, this, "com.ibm.ws.ssl.config.KeyStoreManager.checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot", "%c%", this, new Object[]{e4});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating client keystore and/or truststore.", new Object[]{e4});
            }
            Tr.error(tc, "ssl.client.keystore.create.error.CWPKI0031E", new Object[]{e4.getMessage()});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot -> " + new Boolean((z || z2) ? false : true).toString());
        }
        return (z || z2) ? false : true;
    }

    public Certificate checkIfKeyStoreExistsAndCreateIfNot(WSKeyStore wSKeyStore, SSLConfig sSLConfig) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfKeyStoreExistsAndCreateIfNot");
        }
        String property = wSKeyStore.getProperty("com.ibm.ssl.keyStoreFileBased");
        String property2 = wSKeyStore.getProperty(SASPropFile.KEY_FILE_NAME);
        if (getConfigRoot() == null) {
            getInstance().expand("${CONFIG_ROOT}");
        }
        String property3 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreName");
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Key store location: " + property2);
        }
        if (property3 == null || !((property3.endsWith("DefaultKeyStore") || property3.endsWith("RSATokenKeyStore")) && property != null && property.equals("true"))) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "checkIfKeyStoreExistsAndCreateIfNot (not filebased or in config root)");
            return null;
        }
        if (((Boolean) AccessController.doPrivileged(new FileExistsAction(new File(property2)))).booleanValue()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "checkIfKeyStoreExistsAndCreateIfNot -> (exists)");
            return null;
        }
        try {
            String property4 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreName");
            String property5 = wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword");
            String property6 = wSKeyStore.getProperty(SASPropFile.KEY_STORE_TYPE);
            String property7 = wSKeyStore.getProperty(SASPropFile.KEY_STORE_PROVIDER);
            String property8 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreScope");
            String property9 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreCreateCMSStash");
            Boolean bool = Boolean.TRUE;
            if (property9 != null) {
                bool = new Boolean(property9);
            }
            KeyStoreInfo keyStoreInfo = new KeyStoreInfo(property4, property2, property5, property7, property6, Boolean.TRUE, null, property8, null, Boolean.FALSE, Boolean.TRUE, bool, null, new Integer(0), Boolean.FALSE, null, null);
            if (property3.endsWith("RSATokenKeyStore")) {
                keyStoreInfo.setUsage("RSATokenKeys");
            } else {
                keyStoreInfo.setUsage("SSLKeys");
            }
            String property10 = sSLConfig.getProperty(SASPropFile.CLIENT_KEY_ALIAS);
            String property11 = sSLConfig.getProperty(SASPropFile.SERVER_KEY_ALIAS);
            String globalProperty = SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqAlias", "default");
            Certificate chainedCertificateCreate = CertificateManager.getInstance().chainedCertificateCreate(new CertReqInfo(property11 != null ? property11 : property10 != null ? property10 : globalProperty != null ? globalProperty : "default", new Integer(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqKeySize", "2048")).intValue(), expand(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqSubjectDN", "cn=${hostname},o=IBM,c=US")), new Integer(SSLConfigManager.getInstance().getGlobalProperty("com.ibm.ssl.defaultCertReqDays", "5475")).intValue(), keyStoreInfo, null), "root", null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkIfKeyStoreExistsAndCreateIfNot");
            }
            return chainedCertificateCreate;
        } catch (Exception e) {
            if (e instanceof SSLException) {
                throw ((SSLException) e);
            }
            throw new SSLException(e.getMessage(), e);
        }
    }

    public void checkIfTrustStoreExistsAndCreateIfNot(WSKeyStore wSKeyStore, SSLConfig sSLConfig, Certificate certificate) throws SSLException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfTrustStoreExistsAndCreateIfNot");
        }
        String property = wSKeyStore.getProperty("com.ibm.ssl.keyStoreFileBased");
        String property2 = wSKeyStore.getProperty(SASPropFile.KEY_FILE_NAME);
        if (getConfigRoot() == null) {
            getInstance().expand("${CONFIG_ROOT}");
        }
        String property3 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreName");
        if (property3 != null && ((property3.endsWith("DefaultTrustStore") || property3.endsWith("RSATokenTrustStore")) && property != null && property.equals("true"))) {
            if (((Boolean) AccessController.doPrivileged(new FileExistsAction(new File(property2)))).booleanValue()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkIfTrustStoreExistsAndCreateIfNot -> (exists)");
                    return;
                }
                return;
            }
            try {
                String property4 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreName");
                String property5 = wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword");
                java.security.KeyStore keyStore = getKeyStore(property4, wSKeyStore.getProperty(SASPropFile.KEY_STORE_TYPE), wSKeyStore.getProperty(SASPropFile.KEY_STORE_PROVIDER), property2, property5, wSKeyStore.getProperty("com.ibm.ssl.keyStoreScope"), true, sSLConfig);
                if (keyStore != null && certificate != null) {
                    keyStore.setCertificateEntry("default_signer", certificate);
                    keyStore.store(new FileOutputStream(property2), property5.toCharArray());
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "checkIfTrustStoreExistsAndCreateIfNot (signer set)");
                        return;
                    }
                    return;
                }
            } catch (Exception e) {
                if (!(e instanceof SSLException)) {
                    throw new SSLException(e.getMessage(), e);
                }
                throw ((SSLException) e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkIfTrustStoreExistsAndCreateIfNot (not filebased or in config root)");
        }
    }

    public void addKeyStoreIfNotDuplicate(String str, WSKeyStore wSKeyStore) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addKeyStoreIfNotDuplicate", str);
        }
        if (this.keyStoreMap.size() > 0) {
            Iterator it = this.keyStoreMap.entrySet().iterator();
            while (it.hasNext()) {
                WSKeyStore wSKeyStore2 = (WSKeyStore) ((Map.Entry) it.next()).getValue();
                if (wSKeyStore2.equals(wSKeyStore)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found a matching KeyStore, adding reference to existing.");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding keystore lookup as: " + str);
                    }
                    this.keyStoreMap.put(str, wSKeyStore2);
                    String property = wSKeyStore2.getProperty("com.ibm.ssl.keyStoreUseForAcceleration");
                    if (property == null || !property.equals("true")) {
                        return;
                    }
                    this.acceleratorMap.put(str, wSKeyStore2);
                    return;
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding KeyStore to the Map: " + str + ", values: " + wSKeyStore);
        }
        if (SSLConfigManager.getInstance().validationEnabled()) {
            wSKeyStore.provideExpirationWarnings(new Integer("60").intValue(), str);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Adding keystore lookup as: " + str);
        }
        this.keyStoreMap.put(str, wSKeyStore);
        String property2 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreUseForAcceleration");
        if (property2 != null && property2.equals("true")) {
            this.acceleratorMap.put(str, wSKeyStore);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addKeyStoreIfNotDuplicate");
        }
    }

    public void exchangeSigners(String str, KeyStore keyStore, String str2, KeyStore keyStore2) {
        exchangeSigners(str, keyStore, false, str2, keyStore2, false);
    }

    public void exchangeSigners(String str, KeyStore keyStore, boolean z, String str2, KeyStore keyStore2, boolean z2) {
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "exchangeSigners", new Object[]{keyStore.getLocation(), keyStore2.getLocation()});
        }
        FileOutputStream fileOutputStream = null;
        try {
            try {
                String name = keyStore.getName();
                String fixupConfigRootForSignerExchange = fixupConfigRootForSignerExchange(str, keyStore.getLocation());
                if (z && fixupConfigRootForSignerExchange.contains("${USER_INSTALL_ROOT}")) {
                    fixupConfigRootForSignerExchange = expand(fixupConfigRootForSignerExchange);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "expanded key store location to " + fixupConfigRootForSignerExchange);
                    }
                }
                java.security.KeyStore keyStore3 = getKeyStore(name, keyStore.getType(), keyStore.getProvider(), fixupConfigRootForSignerExchange, keyStore.getPassword(), keyStore.getManagementScope().getScopeName(), true, null);
                String name2 = keyStore2.getName();
                String fixupConfigRootForSignerExchange2 = fixupConfigRootForSignerExchange(str2, keyStore2.getLocation());
                if (z2 && fixupConfigRootForSignerExchange2.contains("${USER_INSTALL_ROOT}")) {
                    fixupConfigRootForSignerExchange2 = expand(fixupConfigRootForSignerExchange2);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "expanded trust store location to " + fixupConfigRootForSignerExchange2);
                    }
                }
                String password = keyStore2.getPassword();
                String type = keyStore2.getType();
                boolean z3 = false;
                java.security.KeyStore keyStore4 = getKeyStore(name2, type, keyStore2.getProvider(), fixupConfigRootForSignerExchange2, password, keyStore2.getManagementScope().getScopeName(), true, null);
                if (keyStore3 != null && keyStore4 != null) {
                    Enumeration<String> aliases = keyStore3.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (keyStore3.isKeyEntry(nextElement)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Key alias: " + nextElement);
                            }
                            Certificate[] certificateChain = keyStore3.getCertificateChain(nextElement);
                            X509Certificate x509Certificate = (X509Certificate) certificateChain[certificateChain.length - 1];
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Certificate DN: " + x509Certificate.getIssuerDN().getName());
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Certificate S/N: " + x509Certificate.getSerialNumber());
                            }
                            boolean checkIfSignerAlreadyExistsInTrustStore = checkIfSignerAlreadyExistsInTrustStore(x509Certificate, keyStore4);
                            if (!checkIfSignerAlreadyExistsInTrustStore && !keyStore4.containsAlias(nextElement)) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Adding alias \"" + nextElement + "\" from keystore \"" + fixupConfigRootForSignerExchange + "\" to keystore \"" + fixupConfigRootForSignerExchange2 + "\".");
                                }
                                keyStore4.setCertificateEntry(nextElement, x509Certificate);
                                z3 = true;
                            } else if (!checkIfSignerAlreadyExistsInTrustStore) {
                                int i = 1;
                                do {
                                    int i2 = i;
                                    i++;
                                    str3 = nextElement + "_" + i2;
                                } while (keyStore4.containsAlias(str3));
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "Adding alias \"" + str3 + "\" from keystore \"" + fixupConfigRootForSignerExchange + "\" to keystore \"" + fixupConfigRootForSignerExchange2 + "\".");
                                }
                                if (!keyStore4.containsAlias(str3)) {
                                    keyStore4.setCertificateEntry(str3, x509Certificate);
                                    z3 = true;
                                }
                            }
                        }
                    }
                    if (z3) {
                        if (KeyStoreTypeHelper.isCMSKeyStore(type)) {
                            Class<?> cls = Class.forName("com.ibm.ws.ssl.config.CMSKeyStoreUtility");
                            cls.getMethod("storeCMSKeyStore", java.security.KeyStore.class, String.class, String.class, String.class, String.class).invoke(cls.newInstance(), keyStore4, fixupConfigRootForSignerExchange2, password, type, "true");
                        } else {
                            fileOutputStream = new FileOutputStream(fixupConfigRootForSignerExchange2);
                            keyStore4.store(fileOutputStream, password.toCharArray());
                        }
                        clearJavaKeyStoresFromKeyStoreMap();
                    }
                }
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e2) {
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ws.ssl.config.KeyStoreManager.exchangeSigners", "%c%", this, new Object[]{e3});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception exchanging signers.", new Object[]{e3});
            }
            Tr.error(tc, "ssl.signer.exchange.error.CWPKI0030E", new Object[]{e3.getMessage()});
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e4) {
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "exchangeSigners");
        }
    }

    public boolean checkIfSignerAlreadyExistsInTrustStore(X509Certificate x509Certificate, java.security.KeyStore keyStore) {
        String generateDigest;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfSignerAlreadyExistsInTrustStore");
        }
        try {
            generateDigest = generateDigest("MD5", x509Certificate);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.checkIfSignerAlreadyExistsInTrustStore", "%c%", this, new Object[]{e});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception checking if signer already exists.", new Object[]{e});
            }
        }
        if (generateDigest == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "checkIfSignerAlreadyExistsInTrustStore -> false (could not generate digest)");
            return false;
        }
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.containsAlias(nextElement) && generateDigest.equals(generateDigest("MD5", (X509Certificate) keyStore.getCertificate(nextElement)))) {
                if (!tc.isEntryEnabled()) {
                    return true;
                }
                Tr.entry(tc, "checkIfSignerAlreadyExistsInTrustStore -> true (digest matches)");
                return true;
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "checkIfSignerAlreadyExistsInTrustStore -> false (no digest matches)");
        return false;
    }

    private String fixupConfigRootForSignerExchange(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupConfigRoot", new Object[]{str, str2});
        }
        String str3 = str2;
        int indexOf = str2.indexOf("/cells/");
        if (indexOf != -1) {
            str3 = str + str2.substring(indexOf);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixupConfigRoot -> " + str3);
        }
        return str3;
    }

    public WSKeyStore getKeyStore(String str, String str2, Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStore", new Object[]{str, obj});
        }
        WSKeyStore wSKeyStore = null;
        try {
            Class<?> cls = Class.forName("com.ibm.ws.ssl.utils.ProfileKeystoreUtils");
            if (cls != null) {
                wSKeyStore = (WSKeyStore) cls.getMethod("getWSKeyStoreFromConfig", String.class, String.class, Object.class).invoke(null, str, str2, obj);
            }
            if (wSKeyStore != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "WSKeyStore was successfully created.");
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.getKeyStore", "%c%", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Received the following exception while creating a keystore from the configuration.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStore");
        }
        return wSKeyStore;
    }

    public WSKeyStore getKeyStore(String str) {
        WSKeyStore wSKeyStore = (WSKeyStore) this.keyStoreMap.get(str);
        if (wSKeyStore != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning a keyStore for name: " + str);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Cannot find a keyStore for name: " + str);
        }
        return wSKeyStore;
    }

    public String[] getKeyStoreAliases() {
        return (String[]) this.keyStoreMap.keySet().toArray(new String[0]);
    }

    public String[] getAcceleratorAliases() {
        return (String[]) this.acceleratorMap.keySet().toArray(new String[0]);
    }

    public static String getKeyStoreType(KeyFileFormatKind keyFileFormatKind) {
        String str = null;
        if (keyFileFormatKind != null) {
            switch (keyFileFormatKind.getValue()) {
                case 2:
                    str = "JCEKS";
                    break;
                default:
                    str = keyFileFormatKind.getName();
                    break;
            }
        }
        return str;
    }

    /* JADX WARN: Removed duplicated region for block: B:46:0x0324  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x032e A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:53:0x008e A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.KeyStore getKeyStore(java.lang.String r9, java.lang.String r10, java.lang.String r11, java.lang.String r12, java.lang.String r13, java.lang.String r14, boolean r15, com.ibm.ws.ssl.config.SSLConfig r16) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1053
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.ssl.config.KeyStoreManager.getKeyStore(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, boolean, com.ibm.ws.ssl.config.SSLConfig):java.security.KeyStore");
    }

    public InputStream getInputStream(String str, boolean z) throws MalformedURLException, IOException {
        try {
            return (InputStream) AccessController.doPrivileged(new GetKeyStoreInputStreamAction(str, z));
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.provider.AbstractJSSEProvider", "%c%", this, new Object[]{exception});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", new Object[]{exception});
            }
            if (exception instanceof MalformedURLException) {
                throw ((MalformedURLException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw new IOException(exception.getMessage());
        }
    }

    public OutputStream getOutputStream(String str) throws MalformedURLException, IOException {
        try {
            return (OutputStream) AccessController.doPrivileged(new GetKeyStoreOutputStreamAction(str));
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.getOutputStream", "%c%", this, new Object[]{exception});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception opening keystore.", new Object[]{exception});
            }
            if (exception instanceof MalformedURLException) {
                throw ((MalformedURLException) exception);
            }
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw new IOException(exception.getMessage());
        }
    }

    public String generateDigest(String str, X509Certificate x509Certificate) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateDigest", new Object[]{str});
        }
        if (x509Certificate == null) {
            return null;
        }
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.write(x509Certificate.getEncoded());
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(derOutputStream.toByteArray());
            String[] split = new HexDumpEncoder().encode(messageDigest.digest()).replaceAll("\\s", ":").split(":");
            if (split == null) {
                return null;
            }
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < split.length; i++) {
                if (split[i] != null && split[i].length() == 2) {
                    stringBuffer.append(split[i]);
                    stringBuffer.append(":");
                }
            }
            stringBuffer.deleteCharAt(stringBuffer.length() - 1);
            return stringBuffer.toString().toUpperCase();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.generateDigest", "%c%", this);
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "generateDigest", new Object[]{e});
            return null;
        } catch (NoClassDefFoundError e2) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "generateDigest", new Object[]{e2});
            return null;
        }
    }

    protected void clearKeyStoreMap() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearKeyStoreMap");
        }
        this.keyStoreMap.clear();
        this.acceleratorMap.clear();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearKeyStoreMap");
        }
    }

    public void clearKSMap() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearKSMap");
        }
        this.keyStoreMap.clear();
        this.acceleratorMap.clear();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearKSMap");
        }
    }

    protected void clearKeyStoreFromMap(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearKeyStoreFromMap", new Object[]{str});
        }
        this.keyStoreMap.remove(str);
        this.acceleratorMap.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearKeyStoreFromMap");
        }
    }

    public void clearJavaKeyStoresFromKeyStoreMap() {
        synchronized (this.keyStoreMap) {
            Iterator it = this.keyStoreMap.entrySet().iterator();
            while (it.hasNext()) {
                WSKeyStore wSKeyStore = (WSKeyStore) ((Map.Entry) it.next()).getValue();
                if (wSKeyStore != null) {
                    wSKeyStore.clearJavaKeyStore();
                }
            }
        }
    }

    public String expand(String str) {
        String userInstallRoot;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expand");
        }
        String str2 = str;
        String str3 = (String) expandMap.get(str2);
        if (str3 != null && !str3.equals(StringUtils.EMPTY)) {
            String replace = str3.replace('\\', '/');
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "expand -> " + replace);
            }
            return replace;
        }
        try {
            if (SSLConfigManager.getInstance().isServerProcess()) {
                if (str.indexOf("${CONFIG_ROOT}") != -1) {
                    String configRoot = getConfigRoot();
                    if (configRoot != null) {
                        configRoot = configRoot.replace('\\', '/');
                        str3 = str.replaceAll("\\$\\{CONFIG_ROOT\\}", configRoot);
                    }
                    if (configRoot == null && (userInstallRoot = getUserInstallRoot()) != null) {
                        str3 = str.replaceAll("\\$\\{CONFIG_ROOT\\}", (userInstallRoot + File.separator + "config").replace('\\', '/'));
                    }
                } else if (str.indexOf("${WORKSPACE_ROOT}") != -1) {
                    String str4 = (getUserInstallRoot() != null ? getUserInstallRoot() : System.getProperty("websphere.workspace.root")) + File.separator + "wstemp";
                    if (str4 != null) {
                        str3 = str.replaceAll("\\$\\{WORKSPACE_ROOT\\}", str4.replace('\\', '/'));
                    }
                } else {
                    str3 = (String) Class.forName("com.ibm.ws.ssl.core.SSLComponentImpl").getMethod("expand", String.class).invoke(null, str2);
                }
                str2 = str3;
            }
            int indexOf = str2.indexOf("${user.root}");
            if (indexOf != -1) {
                String substring = str2.substring(0, indexOf);
                String substring2 = str2.substring(indexOf + "${user.root}".length());
                String globalProperty = SSLConfigManager.getInstance().getGlobalProperty("user.root");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "User install root: " + globalProperty);
                }
                if (globalProperty != null) {
                    str2 = (substring == null || substring.equals(StringUtils.EMPTY)) ? globalProperty + substring2 : substring + globalProperty + substring2;
                }
            }
            int indexOf2 = str2.indexOf("${USER_INSTALL_ROOT}");
            if (indexOf2 != -1) {
                String substring3 = str2.substring(0, indexOf2);
                String substring4 = str2.substring(indexOf2 + "${USER_INSTALL_ROOT}".length());
                String globalProperty2 = SSLConfigManager.getInstance().getGlobalProperty("user.root");
                if (globalProperty2 == null) {
                    globalProperty2 = SSLConfigManager.getInstance().getGlobalProperty("user.install.root");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "User install root: " + globalProperty2);
                }
                if (globalProperty2 != null) {
                    str2 = (substring3 == null || substring3.equals(StringUtils.EMPTY)) ? globalProperty2 + substring4 : substring3 + globalProperty2 + substring4;
                }
            }
            String expandHostName = expandHostName(str2);
            str3 = expandHostName;
            String str5 = expandHostName;
            int indexOf3 = str5.indexOf("${CONFIG_ROOT}");
            if (indexOf3 != -1) {
                String substring5 = str5.substring(0, indexOf3);
                String substring6 = str5.substring(indexOf3 + "${CONFIG_ROOT}".length());
                String globalProperty3 = SSLConfigManager.getInstance().getGlobalProperty("was.repository.root");
                if (globalProperty3 == null) {
                    globalProperty3 = getUserInstallRoot();
                    if (globalProperty3 != null) {
                        globalProperty3 = globalProperty3 + File.separator + "config";
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "User install root: " + globalProperty3);
                }
                if (globalProperty3 != null) {
                    str3 = (substring5 == null || substring5.equals(StringUtils.EMPTY)) ? globalProperty3 + substring6 : substring5 + globalProperty3 + substring6;
                    str5 = str3;
                }
            }
            int indexOf4 = str5.indexOf("${WORKSPACE_ROOT}");
            if (indexOf4 != -1) {
                String substring7 = str5.substring(0, indexOf4);
                String substring8 = str5.substring(indexOf4 + "${WORKSPACE_ROOT}".length());
                String str6 = null;
                if (SSLConfigManager.getInstance().getGlobalProperty("websphere.workspace.root") != null) {
                    str6 = SSLConfigManager.getInstance().getGlobalProperty("websphere.workspace.root");
                } else if (0 == 0 && SSLConfigManager.getInstance().getGlobalProperty("user.root") != null) {
                    str6 = SSLConfigManager.getInstance().getGlobalProperty("user.root") + File.separator + "wstemp";
                } else if (0 == 0) {
                    str6 = getUserInstallRoot() + File.separator + "wstemp";
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "${WORKSPACE_ROOT} = " + str6);
                }
                if (str6 != null) {
                    str3 = (substring7 == null || substring7.equals(StringUtils.EMPTY)) ? str6 + substring8 : substring7 + str6 + substring8;
                }
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.expand", "%c%", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Expand exception: ", new Object[]{e});
            }
        }
        if (str3 == null) {
            String replace2 = str.replace('\\', '/');
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "expand -> (not expanded)");
            }
            return replace2;
        }
        String replace3 = str3.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expand -> " + replace3);
        }
        if (expandMap.size() > 50) {
            expandMap.clear();
            getHostName();
        }
        expandMap.put(str, replace3);
        return replace3;
    }

    String expandHostName(String str) {
        String str2 = str;
        int indexOf = str.indexOf("${hostname}");
        if (indexOf != -1) {
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + "${hostname}".length());
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Hostname: " + host);
            }
            if (host != null) {
                str2 = substring + host + substring2;
            }
        }
        return str2;
    }

    public static String getHostName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHostName");
        }
        try {
            if (host == null) {
                host = InetAddress.getLocalHost().getCanonicalHostName();
                if (host != null) {
                    expandMap.put("cn=${hostname},o=IBM,c=US", "cn=" + host + ",o=IBM,c=US");
                    expandMap.put("${hostname}", host);
                }
            }
        } catch (UnknownHostException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting canonical hostname.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHostName -> " + host);
        }
        return host;
    }

    public Boolean createPluginKeyStore(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createPluginKeyStore", new Object[]{str, str2});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createPluginKeyStore");
        }
        return Boolean.TRUE;
    }

    public static String expandHostNameVariable(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "expandHostNameVariable", new Object[]{str, str2});
        }
        String str3 = str;
        int indexOf = str.indexOf("${hostname}");
        if (indexOf != -1) {
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + "${hostname}".length());
            if (substring != null && !substring.equals(StringUtils.EMPTY) && substring2 != null && !substring2.equals(StringUtils.EMPTY)) {
                str3 = substring + str2 + substring2;
            } else if (substring != null && !substring.equals(StringUtils.EMPTY)) {
                str3 = substring + str2;
            } else if (substring2 != null && !substring2.equals(StringUtils.EMPTY)) {
                str3 = str2 + substring2;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "expandHostNameVariable -> " + str3);
        }
        return str3;
    }

    private static String fixupLocationWithRepositoryRoot(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupLocationWithRepositoryRoot", new Object[]{str, str2});
        }
        int indexOf = str2.indexOf("/cells/");
        String str3 = str2;
        if (indexOf != -1) {
            str3 = str + str2.substring(indexOf);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixupLocationWithRepositoryRoot -> " + str3);
        }
        return str3;
    }

    public boolean isHWKeyStore(String str) {
        return isHWKeyStore((WSKeyStore) this.keyStoreMap.get(str));
    }

    public boolean isHWKeyStore(WSKeyStore wSKeyStore) {
        return "true".equalsIgnoreCase(wSKeyStore != null ? wSKeyStore.getProperty("com.ibm.ssl.tokenEnabled") : "false");
    }

    public Provider getHWCryptoProviderInstance(String str) {
        return getHWCryptoProviderInstance((WSKeyStore) this.keyStoreMap.get(str));
    }

    public Provider getHWCryptoProviderInstance(WSKeyStore wSKeyStore) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getHWCryptoProviderInstance");
        }
        WSPKCSInKeyStore wSPKCSInKeyStore = null;
        Provider provider = null;
        boolean z = false;
        if (wSKeyStore != null) {
            String property = wSKeyStore.getProperty(SASPropFile.KEY_FILE_NAME);
            String property2 = wSKeyStore.getProperty("com.ibm.ssl.keyStorePassword");
            String property3 = wSKeyStore.getProperty(SASPropFile.KEY_STORE_TYPE);
            String property4 = wSKeyStore.getProperty(SASPropFile.KEY_STORE_PROVIDER);
            String property5 = wSKeyStore.getProperty("com.ibm.ssl.keyStoreUseForAcceleration");
            if (property5 != null) {
                try {
                    if (property5.equals("true")) {
                        z = true;
                    }
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot get the HW crypto initialization status" + new Object[]{e});
                    }
                    Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.getHWCryptoProviderInstance", "%c%", this);
                    Tr.error(tc, "Cannot get the HW crypto initialization status", new Object[]{e.getMessage()});
                }
            }
            wSPKCSInKeyStore = pkcsStoreList.insert(property3, property, property2, true, property4, z);
            if (wSPKCSInKeyStore != null) {
                try {
                    provider = wSPKCSInKeyStore.getHWCryptoProviderInstance(property);
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot get the HW crypto provider instance" + new Object[]{e2});
                    }
                    Manager.Ffdc.log(e2, this, "com.ibm.ws.ssl.config.KeyStoreManager.getHWCryptoProviderInstance", "%c%", this);
                    Tr.error(tc, "Cannot get the HW crypto provider instance", new Object[]{e2.getMessage()});
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getHWCryptoProviderInstance");
        }
        return provider;
    }

    public void returnHWCryptoProviderInstance(String str, Provider provider) {
        returnHWCryptoProviderInstance((WSKeyStore) this.keyStoreMap.get(str), provider);
    }

    public void returnHWCryptoProviderInstance(WSKeyStore wSKeyStore, Provider provider) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "returnHWCryptoProviderInstance");
        }
        WSPKCSInKeyStore wSPKCSInKeyStore = null;
        if (wSKeyStore != null) {
            String property = wSKeyStore.getProperty(SASPropFile.KEY_FILE_NAME);
            try {
                wSPKCSInKeyStore = pkcsStoreList.getListElement(property);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cannot get the HW crypto keystore list element" + new Object[]{property, e});
                }
            }
            if (wSPKCSInKeyStore != null) {
                try {
                    wSPKCSInKeyStore.returnHWCryptoProviderInstance(provider);
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot return provider instance" + new Object[]{e2});
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "returnHWCryptoProviderInstance");
        }
    }

    public static SecurityConfigObject getDefaultKeyStore(String str, String str2) {
        SecurityConfigManager securityConfigManager;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultKeyStore");
        }
        if (str2 == null) {
            str2 = ManagementScopeManager.getInstance().getNodeScopeName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Selected default scope: " + str2);
        }
        if (str2.equals("client") && str.endsWith("RootStore")) {
            return null;
        }
        String defaultKeyStoreName = getDefaultKeyStoreName(str);
        SecurityConfigObject securityConfigObject = null;
        try {
            securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get the DefaultKeyStore " + defaultKeyStoreName, new Object[]{e});
            }
        }
        if (securityConfigManager == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "SecurityConfigManager is null.");
            return null;
        }
        SecurityConfigObjectList objectList = securityConfigManager.getObjectList("security::keyStores");
        if (objectList != null) {
            for (int i = 0; i < objectList.size(); i++) {
                SecurityConfigObject securityConfigObject2 = objectList.get(i);
                String string = securityConfigObject2.getString("name");
                String string2 = securityConfigObject2.getObject("managementScope").getString("scopeName");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking name and scope: " + string + ":" + string2);
                }
                if (defaultKeyStoreName != null && string.equals(defaultKeyStoreName) && string2 != null && string2.equals(str2)) {
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "getDefaultKeyStore", new Object[]{string});
                    }
                    return securityConfigObject2;
                }
                securityConfigObject = null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultKeyStore", new Object[]{securityConfigObject});
        }
        return securityConfigObject;
    }

    public static String getDefaultKeyStoreName(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultKeyStoreName");
        }
        String processType = ManagementScopeManager.getInstance().getProcessType();
        if (processType.equals("client")) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getDefaultKeyStoreName", null);
            return null;
        }
        String str2 = (processType.equals("UnManagedProcess") || processType.equals("AdminAgent") || processType.equals("JobManager")) ? "Node" + str : (str.equalsIgnoreCase("DefaultKeyStore") || str.equalsIgnoreCase("DefaultTrustStore") || str.equalsIgnoreCase("RSATokenKeyStore") || str.equalsIgnoreCase("RSATokenTrustStore")) ? "Cell" + str : "Dmgr" + str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultKeyStoreName", str2);
        }
        return str2;
    }

    public static SecurityConfigObject getKeyStore(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyStore");
        }
        if (str2 == null) {
            str2 = ManagementScopeManager.getInstance().getProcessType().equals("DeploymentManager") ? ManagementScopeManager.getInstance().getCellScopeName() : ManagementScopeManager.getInstance().getNodeScopeName();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Selected default scope: " + str2);
        }
        SecurityConfigObject securityConfigObject = null;
        try {
            SecurityConfigObjectList objectList = SecurityObjectLocator.getSecurityConfig().getSCO().getObjectList("keyStores");
            if (objectList != null) {
                for (int i = 0; i < objectList.size(); i++) {
                    securityConfigObject = objectList.get(i);
                    String string = securityConfigObject.getString("name");
                    String string2 = securityConfigObject.getObject("managementScope").getString("scopeName");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking name and scope: " + string + ":" + string2);
                    }
                    if (str != null && string.equals(str) && string2 != null && string2.equals(str2)) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "getDefaultKeyStore", new Object[]{string});
                        }
                        return securityConfigObject;
                    }
                    securityConfigObject = null;
                }
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get key store " + str, new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyStore", new Object[]{securityConfigObject});
        }
        return securityConfigObject;
    }

    public static String getUserInstallRoot() {
        return stripLastSlash(SecurityObjectLocator.getAdminData().getUserInstallRootPath());
    }

    public static String getConfigRoot() {
        return stripLastSlash(SecurityObjectLocator.getAdminData().getConfigRootPath());
    }

    public static String stripLastSlash(String str) {
        if (str != null) {
            str = str.trim();
            if (str.endsWith("/") || str.endsWith("\\")) {
                return str.substring(0, str.length() - 1);
            }
        }
        return str;
    }

    public java.security.KeyStore getJavaKeyStore(String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getJavaKeyStore", new Object[]{str, str2});
        }
        java.security.KeyStore keyStore = null;
        if (str == null) {
            throw new SSLException("No keystore name provided.");
        }
        if (str2 != null && str2.length() == 0) {
            str2 = null;
        }
        if (str2 != null && !ManagementScopeManager.getInstance().currentScopeContained(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is not in the current scope.");
            }
            throw new SSLException("KeyStore is not in the current scope.");
        }
        WSKeyStore wSKeyStore = (WSKeyStore) this.keyStoreMap.get(str);
        if (wSKeyStore != null && str2 != null && str2.equals(wSKeyStore.getManagementScope())) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "Found the keystore in cache return the java keystore value");
            }
            return wSKeyStore.getKeyStore(false, false);
        }
        try {
            SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
            if (securityConfigManager == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "SecurityConfigManager is null.");
                return null;
            }
            SecurityConfigObjectList objectList = securityConfigManager.getObjectList("security::keyStores");
            if (objectList != null) {
                int i = 0;
                while (true) {
                    if (i >= objectList.size()) {
                        break;
                    }
                    SecurityConfigObject securityConfigObject = objectList.get(i);
                    String string = securityConfigObject.getString("name");
                    String string2 = securityConfigObject.getObject("managementScope").getString("scopeName");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking name and scope: " + string + ":" + string2);
                    }
                    WSKeyStore wSKeyStore2 = null;
                    if (str != null && string.equals(str)) {
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "found the keystore", new Object[]{string});
                        }
                        if ((str2 != null && string2 != null && str2.equals(string2)) || str2 == null) {
                            wSKeyStore2 = new WSKeyStore(securityConfigObject);
                        }
                        if (wSKeyStore2 != null) {
                            keyStore = wSKeyStore2.getKeyStore(false, false);
                            break;
                        }
                    }
                    i++;
                }
            } else if (tc.isEntryEnabled()) {
                Tr.debug(tc, "keyStore are null might be a client process");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getJavaKeyStore");
            }
            return keyStore;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get the getJavaKeyStore " + str, new Object[]{e});
            }
            throw e;
        }
    }

    public WSKeyStore getWSKeyStore(String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSKeyStore", new Object[]{str, str2});
        }
        if (str == null) {
            throw new SSLException("No keystore name provided.");
        }
        if (str2 != null && str2.length() == 0) {
            str2 = null;
        }
        if (str2 != null && str2.length() > 0 && !ManagementScopeManager.getInstance().currentScopeContained(str2)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "KeyStore is not in the current scope.");
            }
            throw new SSLException("KeyStore is not in the current scope.");
        }
        WSKeyStore wSKeyStore = (WSKeyStore) this.keyStoreMap.get(str);
        if (wSKeyStore != null) {
            if (str2 != null && str2.length() > 0 && str2.equals(wSKeyStore.getManagementScope())) {
                if (tc.isDebugEnabled()) {
                    Tr.exit(tc, "Found the keystore in cache return the java keystore value");
                }
                return wSKeyStore;
            }
            if (str2 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.exit(tc, "Found the keystore in cache return the java keystore value.  Management scope passed in was null.");
                }
                return wSKeyStore;
            }
        }
        try {
            SecurityConfigManager securityConfigManager = SecurityObjectLocator.getSecurityConfigManager();
            if (securityConfigManager == null) {
                if (!tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(tc, "SecurityConfigManager is null.");
                return null;
            }
            SecurityConfigObjectList objectList = securityConfigManager.getObjectList("security::keyStores");
            if (objectList != null) {
                int i = 0;
                while (true) {
                    if (i >= objectList.size()) {
                        break;
                    }
                    SecurityConfigObject securityConfigObject = objectList.get(i);
                    String string = securityConfigObject.getString("name");
                    String string2 = securityConfigObject.getObject("managementScope").getString("scopeName");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking name and scope: " + string + ":" + string2);
                    }
                    WSKeyStore wSKeyStore2 = null;
                    if (str != null && string.equals(str)) {
                        if (tc.isEntryEnabled()) {
                            Tr.debug(tc, "found the keystore", new Object[]{string});
                        }
                        if ((str2 != null && string2 != null && str2.equals(string2)) || str2 == null) {
                            wSKeyStore2 = new WSKeyStore(securityConfigObject);
                        }
                        if (wSKeyStore2 != null) {
                            wSKeyStore = wSKeyStore2;
                            break;
                        }
                    }
                    i++;
                }
            } else if (tc.isEntryEnabled()) {
                Tr.debug(tc, "keyStore are null might be a client process");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getWSeyStore");
            }
            return wSKeyStore;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get the getJavaKeyStore " + str, new Object[]{e});
            }
            throw e;
        }
    }

    public void refreshClientKeyStoreAndTrustStore(SSLConfig sSLConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refreshClientKeyStoreAndTrustStore");
        }
        if (sSLConfig != null && !sSLConfig.isEmpty()) {
            clearKeyStoreFromMap(sSLConfig.getProperty("com.ibm.ssl.keyStoreName"));
            clearKeyStoreFromMap(sSLConfig.getProperty("com.ibm.ssl.trustStoreName"));
            checkIfClientKeyStoreAndTrustStoreExistsAndCreateIfNot(sSLConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refreshClientKeyStoreAndTrustStore");
        }
    }

    public void markTheWorkspace(Object obj, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "markTheWorkspace", new Object[]{obj, str});
        }
        try {
            Class<?> cls = Class.forName("com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper");
            if (cls != null) {
                cls.getMethod("setWorkspaceUpdated", Object.class, String.class).invoke(null, obj, str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "setWorkspaceUpdated was called.");
                }
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.KeyStoreManager.markTheWorkspace", "3450", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Received the following exception while marking the workspace updated.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "markTheWorkspace");
        }
    }
}
