package com.ibm.ws.ssl.commands.personalCertificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.ws.ssl.commands.certificateRequests.CertificateRequestHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:ws_runtime_ext.jar:com/ibm/ws/ssl/commands/personalCertificates/ReplaceCertificate.class */
public class ReplaceCertificate extends AbstractTaskCommand {
    private static TraceComponent tc;
    private String keyStoreName;
    private String keyStoreScope;
    private String certificateAlias;
    private String replacementCertificateAlias;
    private Boolean deleteOldCert;
    private Boolean deleteOldSigners;
    private KeyStoreInfo ksInfo;
    private Session session;
    static Class class$com$ibm$ws$ssl$commands$personalCertificates$ReplaceCertificate;

    public ReplaceCertificate(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.replacementCertificateAlias = null;
        this.deleteOldCert = null;
        this.deleteOldSigners = null;
        this.ksInfo = null;
        this.session = null;
    }

    public ReplaceCertificate(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.replacementCertificateAlias = null;
        this.deleteOldCert = null;
        this.deleteOldSigners = null;
        this.ksInfo = null;
        this.session = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            this.session = getConfigSession();
            ObjectName createObjectName = ConfigServiceHelper.createObjectName(null, "Security");
            ObjectName objectName = configService.resolve(this.session, "Cell=")[0];
            if (objectName != null) {
                ObjectName objectName2 = configService.queryConfigObjects(this.session, objectName, createObjectName, null)[0];
            }
            this.keyStoreName = (String) getParameter(CommandConstants.KEY_STORE_NAME);
            this.keyStoreScope = (String) getParameter(CommandConstants.KEY_STORE_SCOPE);
            this.certificateAlias = (String) getParameter(CommandConstants.CERT_ALIAS);
            this.replacementCertificateAlias = (String) getParameter(CommandConstants.REPLACE_CERT_ALIAS);
            this.deleteOldCert = (Boolean) getParameter(CommandConstants.DELETE_OLD_CERT);
            this.deleteOldSigners = (Boolean) getParameter(CommandConstants.DELETE_OLD_SIGNERS);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("keyStoreName=").append(this.keyStoreName).append(" keyStoreScope= ").append(this.keyStoreScope).append(" certAlias=").append(this.certificateAlias).append(" replacementCertificateAlias=").append(this.replacementCertificateAlias).append(" deleteOldCert= ").append(this.deleteOldCert).append(" deleteOldSigners= ").append(this.deleteOldSigners).toString());
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultCellScope(objectName);
                Tr.debug(tc, new StringBuffer().append("Default cell scopeName: ").append(this.keyStoreScope).toString());
            }
            if (this.certificateAlias.equalsIgnoreCase(this.replacementCertificateAlias)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.dup.alias.values.CWPKI0674E", new Object[]{"certificateAlias", "replacementCertificateAlias"}, "certificateAlias and replacementCertificate alias values must be different."));
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(this.session, configService, this.keyStoreName, this.keyStoreScope);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (Exception e) {
            throw new CommandValidationException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
            }
        } else {
            try {
                personalCertificateReplace(this.ksInfo, this.certificateAlias, this.replacementCertificateAlias, this.deleteOldCert.booleanValue(), this.deleteOldSigners.booleanValue(), this.keyStoreScope);
            } catch (Exception e) {
                taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
            }
        }
    }

    public void personalCertificateReplace(KeyStoreInfo keyStoreInfo, String str, String str2, boolean z, boolean z2, String str3) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "personalCertificateReplace");
        }
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        boolean booleanValue = keyStoreInfo.getFileBased().booleanValue();
        X509Certificate x509Certificate = null;
        X509Certificate x509Certificate2 = null;
        if (!keyStoreInfo.getReadOnly().booleanValue() && booleanValue) {
            try {
                if (!((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str})[0]).booleanValue()) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.cert.CWPKI0666E", new Object[]{str}, new StringBuffer().append("Certificate \"").append(str).append("\" is not a personal certificate.").toString()));
                }
                x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
                if (CertificateRequestHelper.isKeyCertReq(x509Certificate, str) != null) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.cert.CWPKI0666E", new Object[]{str}, new StringBuffer().append("Certificate \"").append(str).append("\" is not a personal certificate.").toString()));
                }
                if (!((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("isKeyEntry", new Object[]{str2})[0]).booleanValue()) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.cert.CWPKI0666E", new Object[]{str2}, new StringBuffer().append("Certificate \"").append(str2).append("\" is not a personal certificate.").toString()));
                }
                x509Certificate2 = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str2})[0];
                if (CertificateRequestHelper.isKeyCertReq(x509Certificate2, str2) != null) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.not.personal.cert.CWPKI0666E", new Object[]{str2}, new StringBuffer().append("Certificate \"").append(str2).append("\" is not a personal certificate.").toString()));
                }
            } catch (Exception e) {
                throw new Exception(e);
            }
        }
        changeAliasReferences(keyStoreInfo, str, str2);
        if (x509Certificate == null || x509Certificate2 == null) {
            throw new KeyStoreException("Certificate not found in keyStore.");
        }
        PersonalCertificateHelper.replaceSigners(this.session, str, x509Certificate, str2, x509Certificate2, z2);
        if (z) {
            wSKeyStoreRemotable.invokeKeyStoreCommand("deleteEntry", new Object[]{str});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "personalCertificateExport");
        }
    }

    private void changeAliasReferences(KeyStoreInfo keyStoreInfo, String str, String str2) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "changeAliasReferences");
        }
        ArrayList<ObjectName> arrayList = new ArrayList();
        AttributeList attributeList = new AttributeList();
        try {
            ConfigService configService = ConfigServiceFactory.getConfigService();
            Session configSession = getConfigSession();
            ObjectName objectName = configService.resolve(configSession, "Cell=:Security=")[0];
            this.keyStoreName = keyStoreInfo.getName();
            String str3 = (String) configService.getAttribute(configSession, keyStoreInfo.getScopeName(), "scopeName");
            CommandHelper commandHelper = new CommandHelper();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, this.keyStoreName);
            ObjectName objectName2 = commandHelper.getObjectName(configService, configSession, objectName, CommandConstants.KEY_STORES, attributeList, str3);
            AttributeList attributes = configService.getAttributes(configSession, objectName, new String[]{CommandConstants.REPERTOIRE}, false);
            List<ObjectName> list = (List) ((Attribute) attributes.get(0)).getValue();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Looking at the repertoires.");
            }
            for (ObjectName objectName3 : list) {
                AttributeList attributeList2 = (AttributeList) configService.getAttribute(configSession, objectName3, "setting");
                ObjectName objectName4 = (ObjectName) ConfigServiceHelper.getAttributeValue(attributeList2, "keyStore");
                if (objectName4 != null) {
                    AttributeList attributeList3 = new AttributeList();
                    if (objectName4.equals(objectName2)) {
                        String str4 = (String) ConfigServiceHelper.getAttributeValue(attributeList2, "serverKeyAlias");
                        if (str4 != null && str4.equals(str)) {
                            ConfigServiceHelper.setAttributeValue(attributeList3, "serverKeyAlias", str2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replacing serverKeyAlias");
                            }
                        }
                        String str5 = (String) ConfigServiceHelper.getAttributeValue(attributeList2, "clientKeyAlias");
                        if (str5 != null && str5.equals(str)) {
                            ConfigServiceHelper.setAttributeValue(attributeList3, "clientKeyAlias", str2);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replacing clientKeyAlias");
                            }
                        }
                    }
                    if (!attributeList3.isEmpty()) {
                        configService.setAttributes(configSession, objectName3, attributeList3);
                        arrayList.add(objectName3);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Modify the alias in the config and save repertoire in list.");
                        }
                    }
                    attributeList3.clear();
                }
            }
            attributes.clear();
            if (!arrayList.isEmpty()) {
                AttributeList attributes2 = configService.getAttributes(configSession, objectName, new String[]{CommandConstants.DYNAMIC_SSL_CONFIG_SELECTIONS}, false);
                for (ObjectName objectName5 : (List) ((Attribute) attributes2.get(0)).getValue()) {
                    ObjectName objectName6 = (ObjectName) configService.getAttribute(configSession, objectName5, "sslConfig");
                    for (ObjectName objectName7 : arrayList) {
                        AttributeList attributeList4 = new AttributeList();
                        if (objectName7.equals(objectName6)) {
                            attributeList4.clear();
                            String str6 = (String) configService.getAttribute(configSession, objectName5, "certificateAlias");
                            if (str6 != null && str6.equals(str)) {
                                ConfigServiceHelper.setAttributeValue(attributeList4, "certificateAlias", str2);
                                configService.setAttributes(configSession, objectName5, attributeList4);
                            }
                        }
                    }
                }
                attributes2.clear();
                for (ObjectName objectName8 : (List) ((Attribute) configService.getAttributes(configSession, objectName, new String[]{CommandConstants.SSL_CONFIG_GROUPS}, false).get(0)).getValue()) {
                    ObjectName objectName9 = (ObjectName) configService.getAttribute(configSession, objectName8, "sslConfig");
                    for (ObjectName objectName10 : arrayList) {
                        AttributeList attributeList5 = new AttributeList();
                        if (objectName10.equals(objectName9)) {
                            attributeList5.clear();
                            String str7 = (String) configService.getAttribute(configSession, objectName8, "certificateAlias");
                            if (str7 != null && str7.equals(str)) {
                                ConfigServiceHelper.setAttributeValue(attributeList5, "certificateAlias", str2);
                                configService.setAttributes(configSession, objectName8, attributeList5);
                            }
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Certificate ").append(str).append(" is not used in the configuration.").toString());
            }
            arrayList.clear();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "replaceAliasReferences");
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception changing certificate references: ").append(e.getMessage()).toString());
            }
            throw e;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$commands$personalCertificates$ReplaceCertificate == null) {
            cls = class$("com.ibm.ws.ssl.commands.personalCertificates.ReplaceCertificate");
            class$com$ibm$ws$ssl$commands$personalCertificates$ReplaceCertificate = cls;
        } else {
            cls = class$com$ibm$ws$ssl$commands$personalCertificates$ReplaceCertificate;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.commands.keyStores");
    }
}
