package com.ibm.iaccess.base.keystore;

import com.ibm.iaccess.Copyright;
import com.ibm.iaccess.base.AcsLogUtil;
import com.ibm.iaccess.base.AcsMsgUtil;
import com.ibm.iaccess.base.AcsSSLUtils;
import com.ibm.iaccess.base.keystore.AcsKeymanKsEntry;
import com.ibm.iaccess.base.keystore.AcsKeystoreChangeListener;
import com.ibm.iaccess.base.launcher.AcsProcessLauncherUtils;
import com.ibm.iaccess.base.natives.AcsRegistrySnapshot;
import com.ibm.iaccess.baselite.AcsBaseUtilities;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.iaccess.baselite.AcsFile;
import com.ibm.iaccess.baselite.AcsFileUtils;
import com.ibm.iaccess.baselite.AcsMessage;
import com.ibm.iaccess.baselite.AcsStringUtil;
import com.ibm.iaccess.baselite.exception.AcsException;
import com.ibm.iaccess.launch.AcsLaunchPad;
import com.ibm.iaccess.mri.current.AcsMriKeys_acsmsg;
import java.awt.Component;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentSkipListMap;
import org.apache.commons.codec.binary.Base64;

@Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
/* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/keystore/AcsKeymanKsWrapper.class */
public class AcsKeymanKsWrapper implements AcsConstants {
    private static final String BASE_64_ASCII_FILE_HEADER = "-----BEGIN CERTIFICATE-----\r\n";
    private static final String BASE_64_ASCII_FILE_FOOTER = "-----END CERTIFICATE-----";
    private final KeyStore m_ks;
    private File m_file;
    private char[] m_pw;
    private volatile boolean m_isImplicitSaving = true;
    private final List<AcsKeystoreChangeListener> m_listeners = new ArrayList();

    public AcsKeymanKsWrapper(File file, char[] cArr) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException {
        this.m_file = null;
        boolean z = false;
        KeyStore keyStore = null;
        this.m_pw = cArr;
        if (null != file) {
            for (String str : new String[]{"PKCS12", AcsConstants.JKS_STR, "JCEKS", KeyStore.getDefaultType()}) {
                try {
                    keyStore = KeyStore.getInstance(str);
                    this.m_file = file;
                    keyStore.load(new FileInputStream(file), cArr);
                    z = true;
                    break;
                } catch (Exception e) {
                    AcsLogUtil.logFine(e);
                }
            }
        } else {
            keyStore = KeyStore.getInstance(AcsConstants.JKS_STR);
            keyStore.load(null);
            z = true;
        }
        this.m_ks = z ? keyStore : null;
        if (null == this.m_ks && null != file) {
            throw new KeyStoreException();
        }
    }

    public String getFilename() {
        return null == this.m_file ? "" : this.m_file.getAbsolutePath();
    }

    public String getDbType() {
        return this.m_ks.getType();
    }

    public String getTokenLabel() {
        return "";
    }

    public List<AcsKeymanKsEntry> getEntries(AcsKeymanKsEntry.EntryType entryType) throws KeyStoreException {
        LinkedList linkedList = new LinkedList();
        for (AcsKeymanKsEntry acsKeymanKsEntry : getAllEntries().values()) {
            if (entryType == acsKeymanKsEntry.getEntryType()) {
                linkedList.add(acsKeymanKsEntry);
            }
        }
        return linkedList;
    }

    public Map<String, AcsKeymanKsEntry> getAllEntries() throws KeyStoreException {
        KeyStore.Entry entry;
        ConcurrentSkipListMap concurrentSkipListMap = new ConcurrentSkipListMap();
        Iterator it = Collections.list(this.m_ks.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
                entry = this.m_ks.getEntry(str, null);
            } catch (Exception e) {
                e.printStackTrace();
                AcsLogUtil.logFine(e);
                try {
                    entry = this.m_ks.getEntry(str, new KeyStore.PasswordProtection(this.m_pw));
                } catch (Exception e2) {
                    e.printStackTrace();
                    AcsLogUtil.logFine(e2);
                }
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                concurrentSkipListMap.put(str, new AcsKeymanKsPrivateKeyEntry(str, (KeyStore.PrivateKeyEntry) entry));
            } else if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                if (entry instanceof KeyStore.TrustedCertificateEntry) {
                    concurrentSkipListMap.put(str, new AcsKeymanKsTrustedCertEntry(str, (KeyStore.TrustedCertificateEntry) entry));
                } else {
                    AcsLogUtil.logInfo("Unknown entry type: " + entry);
                }
            }
        }
        return concurrentSkipListMap;
    }

    public synchronized void remove(AcsKeymanKsEntry acsKeymanKsEntry) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, AcsException {
        LinkedList linkedList = new LinkedList();
        linkedList.add(acsKeymanKsEntry);
        remove(linkedList);
    }

    private void saveImplicitlyIfNeeded() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        if (isImplicitSavingEnabled()) {
            saveToFile();
        }
    }

    public static void exportCert(AcsKeystoreDataType acsKeystoreDataType, AcsKeymanKsEntry acsKeymanKsEntry, File file) throws AcsException, IOException, CertificateEncodingException {
        KeyStore.Entry enclosed = acsKeymanKsEntry.getEnclosed();
        if (!(enclosed instanceof KeyStore.TrustedCertificateEntry)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CERTIFICATE_PROBLEM));
        }
        Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) enclosed).getTrustedCertificate();
        if (!(trustedCertificate instanceof X509Certificate)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CERTIFICATE_PROBLEM));
        }
        X509Certificate x509Certificate = (X509Certificate) trustedCertificate;
        if (acsKeystoreDataType == AcsKeystoreDataType.BINARY_DER) {
            exportCertToDer(x509Certificate, file);
        } else {
            exportCertToBase64Ascii(x509Certificate, file);
        }
    }

    public static void pushCertToWindowsKdb(AcsKeymanKsEntry acsKeymanKsEntry) throws AcsException, IOException {
        KeyStore.Entry enclosed = acsKeymanKsEntry.getEnclosed();
        if (!(enclosed instanceof KeyStore.TrustedCertificateEntry)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CERTIFICATE_PROBLEM));
        }
        Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) enclosed).getTrustedCertificate();
        if (!(trustedCertificate instanceof X509Certificate)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_SSL_CERTIFICATE_PROBLEM));
        }
        pushCertToWindowsKdb((X509Certificate) trustedCertificate);
    }

    public static void main(String[] strArr) {
        AcsLaunchPad.initAcsEnvironmentForTesting(strArr);
        try {
            pushCertToWindowsKdb(new AcsKeymanKsWrapper(AcsSSLUtils.getCaCertFile(), "ca400".toCharArray()).getEntries(AcsKeymanKsEntry.EntryType.TRUSTED_CERT).get(0));
        } catch (Exception e) {
            e.printStackTrace();
            AcsMsgUtil.msg((Component) null, e);
        }
    }

    private static void pushCertToWindowsKdb(X509Certificate x509Certificate) throws IOException {
        AcsFile createTempFile = AcsFileUtils.createTempFile(".der");
        try {
            try {
                exportCertToDer(x509Certificate, createTempFile);
                String str = "HKEY_LOCAL_MACHINE\\SOFTWARE\\" + (AcsBaseUtilities.is64bit() ? "Wow6432Node" : "") + "\\IBM\\Client Access\\CurrentVersion";
                AcsFile acsFile = new AcsFile(new AcsRegistrySnapshot(str).getValue(str, "InstallPath").toString() + File.separator + "JRE" + File.separator + "bin" + File.separator + "ikeycmd.exe");
                if (!acsFile.exists()) {
                    throw new FileNotFoundException(acsFile.getAbsolutePath());
                }
                String str2 = "acs_import_" + new AcsKeymanPrincipalMap(x509Certificate.getSubjectX500Principal()).get(AcsKeymanPrincipalMap.CN) + "_" + System.nanoTime();
                LinkedList linkedList = new LinkedList();
                linkedList.add("-cert");
                linkedList.add("-add");
                linkedList.add("-db");
                linkedList.add("C:\\Users\\Public\\Documents\\IBM\\Client Access\\cwbssldf.kdb");
                linkedList.add("-type");
                linkedList.add("cms");
                linkedList.add("-file");
                linkedList.add(createTempFile.getAbsolutePath());
                linkedList.add("-label");
                linkedList.add(str2);
                Iterator<String> it = AcsProcessLauncherUtils.runCommandWithArgsAndRuntimeInput(acsFile.getAbsolutePath(), "ca400" + AcsFile.lineSeparator, (String[]) linkedList.toArray(new String[linkedList.size()])).iterator();
                while (it.hasNext()) {
                    System.out.println(it.next());
                }
            } catch (Exception e) {
                if (!(e instanceof IOException)) {
                    throw new IOException(e);
                }
            }
        } finally {
            createTempFile.delete();
        }
    }

    private static void exportCertToBase64Ascii(X509Certificate x509Certificate, File file) throws IOException, CertificateEncodingException {
        BufferedWriter bufferedWriter = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            bufferedWriter = new BufferedWriter(new OutputStreamWriter(fileOutputStream));
            bufferedWriter.write(BASE_64_ASCII_FILE_HEADER);
            bufferedWriter.flush();
            fileOutputStream.write(Base64.encodeBase64(x509Certificate.getEncoded(), true));
            bufferedWriter.write(BASE_64_ASCII_FILE_FOOTER);
            bufferedWriter.flush();
            if (null != bufferedWriter) {
                try {
                    bufferedWriter.close();
                } catch (Exception e) {
                    AcsLogUtil.logWarning(e);
                }
            }
        } catch (Throwable th) {
            if (null != bufferedWriter) {
                try {
                    bufferedWriter.close();
                } catch (Exception e2) {
                    AcsLogUtil.logWarning(e2);
                }
            }
            throw th;
        }
    }

    private static void exportCertToDer(X509Certificate x509Certificate, File file) throws IOException, CertificateEncodingException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(x509Certificate.getEncoded());
            fileOutputStream.flush();
            if (null != fileOutputStream) {
                try {
                    fileOutputStream.close();
                } catch (Exception e) {
                    AcsLogUtil.logWarning(e);
                }
            }
        } catch (Throwable th) {
            if (null != fileOutputStream) {
                try {
                    fileOutputStream.close();
                } catch (Exception e2) {
                    AcsLogUtil.logWarning(e2);
                }
            }
            throw th;
        }
    }

    public synchronized void renameAlias(AcsKeymanKsEntry acsKeymanKsEntry, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, AcsException {
        String aliasForEntry = getAliasForEntry(acsKeymanKsEntry.getEnclosed());
        if (aliasForEntry.equals(str)) {
            return;
        }
        if (this.m_ks.containsAlias(str)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_KEYSTORE_ALREADY_HAS_ALIAS, str));
        }
        this.m_ks.deleteEntry(aliasForEntry);
        this.m_ks.setEntry(str, acsKeymanKsEntry.getEnclosed(), null);
        saveImplicitlyIfNeeded();
        fireKeystoreChangedEvent();
    }

    private synchronized String getAliasForEntry(KeyStore.Entry entry) throws KeyStoreException {
        Iterator it = Collections.list(this.m_ks.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            try {
            } catch (Exception e) {
                e.printStackTrace();
                AcsLogUtil.logFine(e);
            }
            if (areEntriesEqual(this.m_ks.getEntry(str, null), entry)) {
                return str;
            }
        }
        throw new KeyStoreException(new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_FUNCTION_FAILED)));
    }

    private boolean areEntriesEqual(KeyStore.Entry entry, KeyStore.Entry entry2) {
        if (entry.getClass() != entry2.getClass()) {
            return false;
        }
        return entry instanceof KeyStore.TrustedCertificateEntry ? ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate().equals(((KeyStore.TrustedCertificateEntry) entry2).getTrustedCertificate()) : entry.toString().equals(entry2.toString());
    }

    private synchronized void saveToFile() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        if (null == this.m_file) {
            AcsLogUtil.logFine("No file specified. Not saving");
            return;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(this.m_file);
        try {
            this.m_ks.store(fileOutputStream, this.m_pw);
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.flush();
            fileOutputStream.close();
            throw th;
        }
    }

    private boolean isImplicitSavingEnabled() {
        return this.m_isImplicitSaving;
    }

    public synchronized AcsKeymanKsWrapper setImplicitSavingEnabled(boolean z) {
        this.m_isImplicitSaving = z;
        return this;
    }

    public void addKeystoreChangedListener(AcsKeystoreChangeListener acsKeystoreChangeListener) {
        synchronized (this.m_listeners) {
            if (!this.m_listeners.contains(acsKeystoreChangeListener)) {
                this.m_listeners.add(acsKeystoreChangeListener);
            }
        }
    }

    public void removeKeystoreChangedListener(AcsKeystoreChangeListener acsKeystoreChangeListener) {
        synchronized (this.m_listeners) {
            this.m_listeners.remove(acsKeystoreChangeListener);
        }
    }

    private void fireKeystoreChangedEvent() {
        synchronized (this.m_listeners) {
            Iterator<AcsKeystoreChangeListener> it = this.m_listeners.iterator();
            while (it.hasNext()) {
                it.next().keystoreChanged(new AcsKeystoreChangeListener.KeystoreChangedEvent(this));
            }
        }
    }

    public synchronized void addCertFromFile(File file, String str) throws CertificateException, KeyStoreException, AcsException, NoSuchAlgorithmException, IOException {
        if (this.m_ks.containsAlias(str)) {
            throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_KEYSTORE_ALREADY_HAS_ALIAS, str));
        }
        this.m_ks.setEntry(str, new KeyStore.TrustedCertificateEntry(CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file))), null);
        saveImplicitlyIfNeeded();
        fireKeystoreChangedEvent();
    }

    public synchronized void remove(List<AcsKeymanKsEntry> list) throws KeyStoreException, AcsException, NoSuchAlgorithmException, CertificateException, IOException {
        Iterator<AcsKeymanKsEntry> it = list.iterator();
        while (it.hasNext()) {
            String aliasForEntry = getAliasForEntry(it.next().getEnclosed());
            if (!AcsStringUtil.isValidNonEmptyString(aliasForEntry)) {
                throw new AcsException(new AcsMessage(AcsMessage.MESSAGETYPE.ERROR_MESSAGE, AcsMriKeys_acsmsg.MSG_FUNCTION_FAILED));
            }
            this.m_ks.deleteEntry(aliasForEntry);
        }
        saveImplicitlyIfNeeded();
        fireKeystoreChangedEvent();
    }

    public void changePassword(char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.m_pw = cArr;
        saveImplicitlyIfNeeded();
    }

    public void saveAs(File file) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.m_file = file;
        saveToFile();
        fireKeystoreChangedEvent();
    }

    public boolean isPasswordNull() {
        return null == this.m_pw;
    }

    public File getFile() {
        return this.m_file;
    }

    public void mergeWithPrompts(Component component, AcsKeymanKsWrapper acsKeymanKsWrapper) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        Map<String, AcsKeymanKsEntry> allEntries = getAllEntries();
        for (Map.Entry<String, AcsKeymanKsEntry> entry : acsKeymanKsWrapper.getAllEntries().entrySet()) {
            String key = entry.getKey();
            AcsKeymanKsEntry value = entry.getValue();
            String replaceAll = key.matches("-[0-9]+$") ? key : key.replaceAll("-[0-9]+$", "");
            String str = replaceAll;
            long j = 2;
            while (true) {
                long j2 = j;
                if (allEntries.containsKey(str)) {
                    str = replaceAll + "-" + j2;
                    j = j2 + 1;
                }
            }
            this.m_ks.setEntry(str, value.getEnclosed(), null);
        }
        saveImplicitlyIfNeeded();
        fireKeystoreChangedEvent();
    }
}
