package com.ibm.ws.ssl.config;

import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.crypto.KeyException;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminClientFactory;
import com.ibm.websphere.management.AdminServiceFactory;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.ws.util.PlatformHelperFactory;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.management.MBeanException;
import javax.management.ObjectName;

/* loaded from: input_file:com/ibm/ws/ssl/config/WSKeyStoreRemotable.class */
public class WSKeyStoreRemotable extends WSKeyStore implements WSKeyStoreRemotableInterface {
    private String name;
    private KeyStore ks;
    private static final TraceComponent tc = Tr.register(WSKeyStoreRemotable.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static Map connectorPropMap = null;

    public WSKeyStoreRemotable(com.ibm.websphere.models.config.ipc.ssl.KeyStore keyStore) {
        super(keyStore);
        this.name = null;
        this.ks = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    public WSKeyStoreRemotable(WSKeyStore wSKeyStore) {
        this.name = null;
        this.ks = null;
        Enumeration<?> propertyNames = wSKeyStore.propertyNames();
        if (propertyNames != null) {
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                if (str != null) {
                    setProperty(str, wSKeyStore.getProperty(str));
                }
            }
        }
    }

    public WSKeyStoreRemotable(KeyStoreInfo keyStoreInfo) {
        super(keyStoreInfo);
        this.name = null;
        this.ks = null;
    }

    public WSKeyStoreRemotable() {
        this.name = null;
        this.ks = null;
    }

    @Override // com.ibm.ws.ssl.config.WSKeyStore, com.ibm.ws.ssl.config.WSKeyStoreRemotableInterface
    public Object[] invokeKeyStoreCommand(String str, Object[] objArr) throws KeyException {
        return invokeKeyStoreCommand(str, objArr, Boolean.FALSE);
    }

    @Override // com.ibm.ws.ssl.config.WSKeyStore, com.ibm.ws.ssl.config.WSKeyStoreRemotableInterface
    public Object[] invokeKeyStoreCommand(String str, Object[] objArr, Boolean bool) throws KeyException {
        ObjectName objectName;
        Certificate[] certificatesList;
        String str2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "invokeKeyStoreCommand", new Object[]{str});
        }
        Object[] objArr2 = null;
        try {
            String property = getProperty(Constants.SSLPROP_KEY_STORE_HOST_LIST);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreHostList is " + property);
            }
            if (property != null && !property.equals("")) {
                String[] split = property.split(property.indexOf(44) >= 0 ? "," : "\\|");
                hostInListAreGood(split);
                for (int i = 0; i < split.length; i++) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Locating connector properties for host: " + split[i]);
                    }
                    String lowerCase = split[i].toLowerCase();
                    Properties properties = (Properties) connectorPropMap.get(lowerCase);
                    if (properties != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found the node connector props, proceeding to call SSLAdmin MBean using AdminClient.");
                        }
                        String[] split2 = properties.getProperty("SOAP HOST|PORT").split("\\|");
                        if (split2 == null || split2.length != 2) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "invokeKeyStoreCommand: Host/Port property is null.");
                            }
                            throw new KeyException("Cannot get host and port from connector properties.");
                        }
                        properties.setProperty("host", split2[0]);
                        properties.setProperty("port", split2[1]);
                        properties.setProperty("type", "SOAP");
                        properties.setProperty("isInternal", "true");
                        AdminClient createAdminClient = AdminClientFactory.createAdminClient(properties);
                        String property2 = properties.getProperty("queryString");
                        Set queryNames = createAdminClient.queryNames(new ObjectName(property2), null);
                        if (queryNames.isEmpty()) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "invokeKeyStoreCommand: SSLAdmin MBean was not found using queryString " + property2);
                            }
                            throw new KeyException("Cannot get AdminClient to make remote keystore request.");
                        }
                        ObjectName objectName2 = (ObjectName) queryNames.iterator().next();
                        if (objectName2 == null) {
                            if (tc.isEntryEnabled()) {
                                Tr.exit(tc, "invokeKeyStoreCommand: SSLAdmin is null.");
                            }
                            throw new KeyException("Cannot get SSLAdmin MBean to make remote keystore request.");
                        }
                        objArr2 = (Object[]) createAdminClient.invoke(objectName2, "invokeRemoteKeyStoreCommand", new Object[]{getProperty(Constants.SSLPROP_KEY_STORE_NAME), str, objArr}, new String[]{"java.lang.String", "java.lang.String", "[Ljava.lang.Object;"});
                        if (objArr2 != null && str.equals("listPersonalCertificates") && isOldPersonalCertFormat((HashMap) objArr2[0])) {
                            objArr2[0] = reformatPersonalCerts((HashMap) objArr2[0]);
                        }
                    } else {
                        Tr.error(tc, "ssl.cannot.find.node.from.hostlist.CWPKI0039E", new Object[]{lowerCase, getProperty(Constants.SSLPROP_KEY_STORE_NAME)});
                    }
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "invokeKeyStoreCommand");
                }
                return objArr2;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Not remote, Calling local KeyStoreCommand via MBean call .");
            }
            if (!PlatformHelperFactory.getPlatformHelper().isZOS()) {
                return super.invokeKeyStoreCommand(str, objArr, bool);
            }
            String property3 = getProperty("com.ibm.ssl.keyStoreType");
            if (!property3.equals(Constants.KEYSTORE_TYPE_JCERACFKS) && !property3.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS) && !property3.equals(Constants.KEYSTORE_TYPE_JCEHYBRIDRACFKS)) {
                return super.invokeKeyStoreCommand(str, objArr, bool);
            }
            String property4 = getProperty(Constants.SSLPROP_KEY_STORE_MGMT_SCOPE);
            boolean z = false;
            if ((property3.equals(Constants.KEYSTORE_TYPE_JCERACFKS) || property3.equals(Constants.KEYSTORE_TYPE_JCECCARACFKS)) && new Boolean(getProperty(Constants.SSLPROP_KEY_STORE_READ_ONLY)).equals(false)) {
                z = true;
            }
            if (property4 == null || property4.equals("")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "scope is not set. Use scopeString : WebSphere:type=SSLAdmin,*");
                }
                objectName = new ObjectName("WebSphere:type=SSLAdmin,*");
            } else {
                ManagementScopeData managementScopeData = new ManagementScopeData(property4);
                str2 = "WebSphere:type=SSLAdmin";
                str2 = managementScopeData.getCellName() != null ? str2 + ",cell=" + managementScopeData.getCellName() : "WebSphere:type=SSLAdmin";
                if (managementScopeData.getNodeName() != null) {
                    str2 = str2 + ",node=" + managementScopeData.getNodeName();
                }
                if (managementScopeData.getProcessName() != null) {
                    str2 = str2 + ",process=" + managementScopeData.getProcessName();
                } else if (z && ManagementScopeManager.getInstance().getProcessType().equals("DeploymentManager") && managementScopeData.getNodeName() == null) {
                    str2 = str2 + ",process=dmgr";
                }
                String str3 = str2 + ",*";
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "scope is set. scopeString : " + str3);
                }
                objectName = new ObjectName(str3);
            }
            Set<ObjectName> queryNames2 = AdminServiceFactory.getAdminService().queryNames(objectName, null);
            if (queryNames2 == null || queryNames2.isEmpty()) {
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "SSLAdmin MBean not found. ");
                return null;
            }
            if (z) {
                String property5 = getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                ObjectName objectName3 = (ObjectName) queryNames2.iterator().next();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "writable SAF support is enabled. Object Name: " + objectName3.toString());
                }
                return (Object[]) AdminServiceFactory.getAdminService().invoke(objectName3, "invokeRemoteKeyStoreCommand", new Object[]{property5, str, objArr}, new String[]{"java.lang.String", "java.lang.String", "[Ljava.lang.Object;"});
            }
            String[] strArr = null;
            HashMap hashMap = new HashMap();
            ArrayList arrayList = new ArrayList();
            for (ObjectName objectName4 : queryNames2) {
                String keyProperty = objectName4.getKeyProperty("process");
                Tr.debug(tc, "Object Name: " + objectName4.toString());
                if (keyProperty == null || !keyProperty.startsWith(AppConstants.CELLMGR_NAME)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "other process is found, place it on the bottom of the list.");
                    }
                    arrayList.add(objectName4);
                } else {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "dmgr process is found, place it on the top of the list.");
                    }
                    arrayList.add(0, objectName4);
                }
            }
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                String property6 = getProperty(Constants.SSLPROP_KEY_STORE_NAME);
                ObjectName objectName5 = (ObjectName) arrayList.get(i2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Iteration [ " + i2 + " ] Object Name: " + (objectName5 != null ? objectName5.toString() : "<null>"));
                }
                boolean z2 = true;
                if (str.equals("createRemoteKeyring") && objectName5 != null) {
                    String keyProperty2 = objectName5.getKeyProperty("version");
                    if (keyProperty2 != null && keyProperty2.startsWith("6.1.0.")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Skip invoking MBean call, becuase a destination doesn't support a method.");
                        }
                        z2 = false;
                    }
                } else if (str.equals("personalCertificateExtract")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "personalCertificateExtract is being invoked. Check whether a target has a key first.");
                    }
                    Object[] objArr3 = (Object[]) AdminServiceFactory.getAdminService().invoke(objectName5, "invokeRemoteKeyStoreCommand", new Object[]{property6, "isKeyEntry", new Object[]{objArr[2]}}, new String[]{"java.lang.String", "java.lang.String", "[Ljava.lang.Object;"});
                    if (objArr3 == null || !((Boolean) objArr3[0]).booleanValue()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "a certificate doesn't exist in this scope, skip invoking personalCertificateExtract");
                        }
                        z2 = false;
                    }
                } else if (str.equals("signerCertificateExtract")) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "signerCertificateExtract is being invoked. Check whether a target has a certificate first.");
                    }
                    Object[] objArr4 = (Object[]) AdminServiceFactory.getAdminService().invoke(objectName5, "invokeRemoteKeyStoreCommand", new Object[]{property6, "isCertificateEntry", new Object[]{objArr[2]}}, new String[]{"java.lang.String", "java.lang.String", "[Ljava.lang.Object;"});
                    if (objArr4 == null || !((Boolean) objArr4[0]).booleanValue()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "a certificate doesn't exist in this scope, skip invoking signerCertificateExtract");
                        }
                        z2 = false;
                    }
                }
                if (z2) {
                    objArr2 = (Object[]) AdminServiceFactory.getAdminService().invoke(objectName5, "invokeRemoteKeyStoreCommand", new Object[]{property6, str, objArr}, new String[]{"java.lang.String", "java.lang.String", "[Ljava.lang.Object;"});
                    if (str.substring(0, 3).equals("set") || str.equals("personalCertificateExtract") || str.equals("signerCertificateExtract")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Since a method always returns null, returning after the first invocation.");
                        }
                        return objArr2;
                    }
                    if (str.equals("aliases")) {
                        if (objArr2 != null) {
                            if (strArr == null) {
                                List asList = Arrays.asList((String[]) objArr2);
                                ArrayList arrayList2 = new ArrayList();
                                Iterator it = asList.iterator();
                                while (it.hasNext()) {
                                    arrayList2.add((String) it.next());
                                }
                                strArr = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
                                if (tc.isEntryEnabled()) {
                                    Tr.exit(tc, "invokeRemoteKeyStoreCommand - merged Aliases list is ", strArr);
                                }
                            } else {
                                List asList2 = Arrays.asList(strArr);
                                List<String> asList3 = Arrays.asList((String[]) objArr2);
                                ArrayList arrayList3 = new ArrayList();
                                Iterator it2 = asList2.iterator();
                                while (it2.hasNext()) {
                                    arrayList3.add((String) it2.next());
                                }
                                for (String str4 : asList3) {
                                    if (!arrayList3.contains(str4)) {
                                        arrayList3.add(str4);
                                    }
                                }
                                strArr = (String[]) arrayList3.toArray(new String[arrayList3.size()]);
                            }
                        }
                    } else if (str.equals("listPersonalCertificates")) {
                        if (objArr2 != null) {
                            if (hashMap.isEmpty()) {
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "brand new mergedCertsList for personal certificates");
                                }
                                HashMap hashMap2 = (HashMap) objArr2[0];
                                for (String str5 : hashMap2.keySet()) {
                                    Certificate[] certificatesList2 = getCertificatesList(hashMap2.get(str5));
                                    if (certificatesList2 != null) {
                                        hashMap.put(str5, certificatesList2);
                                    }
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "invokeRemoteKeyStoreCommand - new merged Cert list is ", hashMap);
                                }
                            } else {
                                HashMap hashMap3 = (HashMap) objArr2[0];
                                for (String str6 : hashMap3.keySet()) {
                                    if (!hashMap.containsKey(str6) && (certificatesList = getCertificatesList(hashMap3.get(str6))) != null) {
                                        hashMap.put(str6, certificatesList);
                                    }
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "invokeRemoteKeyStoreCommand - merged Cert list is ", hashMap);
                                }
                            }
                        }
                    } else if (str.equals("listSignerCertificates")) {
                        if (objArr2 != null) {
                            if (hashMap.isEmpty()) {
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "brand new mergedCertsList for signer certificates");
                                }
                                HashMap hashMap4 = (HashMap) objArr2[0];
                                for (String str7 : hashMap4.keySet()) {
                                    hashMap.put(str7, (Certificate) hashMap4.get(str7));
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "invokeRemoteKeyStoreCommand - new merged Cert list is ", hashMap);
                                }
                            } else {
                                HashMap hashMap5 = (HashMap) objArr2[0];
                                for (String str8 : hashMap5.keySet()) {
                                    if (!hashMap.containsKey(str8)) {
                                        hashMap.put(str8, (Certificate) hashMap5.get(str8));
                                    }
                                }
                                if (tc.isEntryEnabled()) {
                                    Tr.debug(tc, "invokeRemoteKeyStoreCommand - merged Cert list is ", hashMap);
                                }
                            }
                        }
                    } else if (str.equals("isKeyEntry") || str.equals("isCertificateEntry") || str.equals("containsAlias")) {
                        if (objArr2 != null && ((Boolean) objArr2[0]).booleanValue()) {
                            return objArr2;
                        }
                    } else if (objArr2 != null && objArr2.length > 0 && objArr2[0] != null) {
                        return objArr2;
                    }
                }
            }
            if (str.equals("aliases")) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "invokeRemoteKeyStoreCommand - final merged Aliases list is ", strArr);
                }
                return strArr;
            }
            if (!str.equals("listPersonalCertificates") && !str.equals("listSignerCertificates")) {
                return objArr2;
            }
            Object[] objArr5 = {hashMap};
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "invokeRemoteKeyStoreCommand - final merged Certs list is ", objArr5);
            }
            return objArr5;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception executing KeyStore method.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.ssl.config.WSKeyStore.invokeKeyStoreCommand", "460", this);
            if (e instanceof KeyException) {
                throw ((KeyException) e);
            }
            if (e instanceof MBeanException) {
                throw new KeyException(e.getCause().getMessage(), e);
            }
            throw new KeyException(e.getMessage(), e);
        }
    }

    private Certificate[] getCertificatesList(Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCertificatesList", new Object[]{obj});
        }
        Certificate[] certificateArr = null;
        if (obj != null) {
            if (obj instanceof Certificate) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "returned value is Certificate object (old format).");
                }
                certificateArr = new Certificate[]{(Certificate) obj};
            } else if (obj instanceof Certificate[]) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "returned value is Array of Certificate object (current format).");
                }
                certificateArr = (Certificate[]) obj;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "returned value is unknown object. ignoring...");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCertificatesList", new Object[]{certificateArr});
        }
        return certificateArr;
    }

    private boolean isOldPersonalCertFormat(HashMap hashMap) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isOldPersonalCertFormat");
        }
        boolean z = false;
        if (hashMap != null) {
            Iterator it = hashMap.values().iterator();
            while (it.hasNext() && !z) {
                Object next = it.next();
                if (next != null && (next instanceof Certificate)) {
                    z = true;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isOldPersonalCertFormat", new Object[]{Boolean.valueOf(z)});
        }
        return z;
    }

    private HashMap reformatPersonalCerts(HashMap hashMap) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "reformatPersonalCerts");
        }
        HashMap hashMap2 = new HashMap();
        if (hashMap != null) {
            for (String str : hashMap.keySet()) {
                Certificate[] certificatesList = getCertificatesList(hashMap.get(str));
                if (certificatesList != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Putting alias : " + str + " cert : " + certificatesList[0]);
                    }
                    hashMap2.put(str, certificatesList);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "reformatPersonalCerts", new Object[]{hashMap2});
        }
        return hashMap2;
    }

    private String printParms(Object[] objArr) {
        StringBuffer stringBuffer = new StringBuffer();
        if (objArr == null || objArr.length == 0) {
            stringBuffer.append("null or empty parms");
            return stringBuffer.toString();
        }
        for (int i = 0; i < objArr.length; i++) {
            stringBuffer.append("parm ");
            stringBuffer.append(i);
            stringBuffer.append(": ");
            stringBuffer.append(objArr[i]);
            stringBuffer.append(", ");
        }
        String stringBuffer2 = stringBuffer.toString();
        if (stringBuffer2.endsWith(", ")) {
            stringBuffer2 = stringBuffer2.substring(0, stringBuffer2.length() - 2);
        }
        return stringBuffer2;
    }

    public static void setConnectorMap(Map map) {
        connectorPropMap = map;
    }

    private void hostInListAreGood(String[] strArr) throws KeyException {
        for (int i = 0; i < strArr.length; i++) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Locating connector properties for host: " + strArr[i]);
            }
            String lowerCase = strArr[i].toLowerCase();
            if (((Properties) connectorPropMap.get(lowerCase)) == null) {
                throw new KeyException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.cannot.find.node.from.hostlist.CWPKI0039E", new Object[]{lowerCase, getProperty(Constants.SSLPROP_KEY_STORE_NAME)}, "Cannot find Node connector properties for the hostname " + lowerCase + " in the hostlist for keystore " + getProperty(Constants.SSLPROP_KEY_STORE_NAME) + SecConstants.STRING_HOSTNAME_DELIMITER));
            }
        }
    }
}
