package com.ibm.gsk.ikeyman.keystore;

import com.ibm.gsk.ikeyman.certrequest.BasicCertificateRequestFile;
import com.ibm.gsk.ikeyman.certrequest.cmscertrequest.CMSCertificateRequestFile;
import com.ibm.gsk.ikeyman.command.CommandParameters;
import com.ibm.gsk.ikeyman.command.Constants;
import com.ibm.gsk.ikeyman.command.FilterFactory;
import com.ibm.gsk.ikeyman.error.CancelledException;
import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.keystore.EntryBagFactory;
import com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory;
import com.ibm.gsk.ikeyman.keystore.EntryValidatorFactory;
import com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory;
import com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory;
import com.ibm.gsk.ikeyman.keystore.entry.CMSCertificateItem;
import com.ibm.gsk.ikeyman.keystore.entry.CMSKeyItem;
import com.ibm.gsk.ikeyman.keystore.entry.CertificateItem;
import com.ibm.gsk.ikeyman.keystore.entry.CertificateKeyItem;
import com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestItem;
import com.ibm.gsk.ikeyman.keystore.entry.CertificateRequestKeyItem;
import com.ibm.gsk.ikeyman.keystore.entry.Entry;
import com.ibm.gsk.ikeyman.keystore.entry.EntryFactory;
import com.ibm.gsk.ikeyman.keystore.entry.PrivateKeyItem;
import com.ibm.gsk.ikeyman.keystore.entry.PublicKeyItem;
import com.ibm.gsk.ikeyman.keystore.entry.SecretKeyItem;
import com.ibm.gsk.ikeyman.keystore.ext.CACertificates;
import com.ibm.gsk.ikeyman.keystore.ext.DatabaseDescriptorFactory;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStoreDefaultCert;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStoreInfo;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStoreModifyCert;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStorePasswordExpiry;
import com.ibm.gsk.ikeyman.keystore.ext.KeyStorePasswordStash;
import com.ibm.gsk.ikeyman.util.ComparatorFactory;
import com.ibm.gsk.ikeyman.util.Debug;
import com.ibm.gsk.ikeyman.util.KeymanSettings;
import com.ibm.gsk.ikeyman.util.KeymanUtil;
import com.ibm.gsk.ikeyman.util.TypeDisplayerFactory;
import java.io.File;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;

/* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyStoreItemFactory.class */
public class KeyStoreItemFactory {
    private static final boolean REMOVE_SIGNERS_ENABLED = KeymanSettings.Setting.NoDefaultCertsFunctionEnabled.getBoolean().booleanValue();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory$1, reason: invalid class name */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyStoreItemFactory$1.class */
    public /* synthetic */ class AnonymousClass1 {
        static final int[] $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType = new int[Constants.DatabaseType.values().length];

        static {
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.CMS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.JCEKS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.JKS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.PKCS12.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.PKCS12S2.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.PKCS11Direct.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.MSCapi.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[Constants.DatabaseType.PKCS11Config.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyStoreItemFactory$CMSKeyStoreItemImpl.class */
    public class CMSKeyStoreItemImpl extends KeyStoreItemImpl implements KeyStoreDefaultCert, KeyStoreModifyCert, KeyStorePasswordExpiry, KeyStorePasswordStash {
        private static Map entryValidators = null;

        public CMSKeyStoreItemImpl(EntryInterfaceFactory.EntryInterface entryInterface, DatabaseDescriptorFactory.CMSDatabaseDescriptor cMSDatabaseDescriptor, KeyCreatorFactory.KeyCreator keyCreator) {
            super(entryInterface, cMSDatabaseDescriptor, keyCreator, DatabaseDescriptorFactory.CMSDatabaseDescriptor.class);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreDefaultCert
        public void setDefaultCertificate(String str) throws KeyManagerException {
            Entry item = getItem(str);
            if (!(item instanceof CMSKeyItem)) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_KEY_FOR_LABEL, new String[]{str});
            }
            CMSKeyItem cMSKeyItem = (CMSKeyItem) item;
            cMSKeyItem.setDefault(true);
            addValidItem(cMSKeyItem);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreDefaultCert
        public String getDefaultCertificate() throws KeyManagerException {
            for (CertificateKeyItem certificateKeyItem : getPersonalCerts()) {
                if (!(certificateKeyItem instanceof CMSKeyItem)) {
                    throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_ITEM_TYPE, new String[]{certificateKeyItem.getClass().toString()});
                }
                if (((CMSKeyItem) certificateKeyItem).isDefault()) {
                    return certificateKeyItem.getLabel();
                }
            }
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_DEFAULT_CERTIFICATE);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreModifyCert
        public void modifyCertificate(String str, boolean z) throws KeyManagerException {
            Entry item = getItem(str);
            if (!(item instanceof CMSCertificateItem)) {
                if (!(item instanceof CMSKeyItem)) {
                    throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.INVALID_CERTIFICATE_TYPE, new String[]{str, item.getClass().toString()});
                }
                throw new KeyManagerException(KeyManagerException.ExceptionReason.CANNOT_MODIFY_PERSONAL_CERT_TRUST);
            }
            CMSCertificateItem cMSCertificateItem = (CMSCertificateItem) item;
            cMSCertificateItem.setTrusted(z);
            addValidItem(cMSCertificateItem);
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStorePasswordExpiry
        public Date getPasswordExpiry() throws KeyManagerException {
            if (((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).getPasswordExpiryTime() == 0) {
                return null;
            }
            return new Date(((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).getPasswordExpiryTime() * 1000);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStorePasswordStash
        public void stashPassword(boolean z) throws KeyManagerException {
            useStash(true);
            if (z) {
                useV1Stash(true);
            }
            save();
        }

        public void useStash(boolean z) {
            ((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).setStash(z);
        }

        public void useV1Stash(boolean z) {
            ((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).setV1Stash(z);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.KeyStoreItemImpl, com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryBagFactory.EntryBag
        public void changePassword(CommandParameters commandParameters) throws KeyManagerException {
            if (commandParameters.isParameterPresent(Constants.Parameter.Expire)) {
                Calendar calendar = Calendar.getInstance();
                calendar.add(6, commandParameters.getExpire());
                ((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).setPasswordExpiryTimeSinceEpoch((int) (calendar.getTimeInMillis() / 1000));
            }
            if (commandParameters.isParameterPresent(Constants.Parameter.StashPassword)) {
                useStash(commandParameters.isStash());
            }
            if (commandParameters.isParameterPresent(Constants.Parameter.StashV1Password)) {
                useV1Stash(commandParameters.isV1Stash());
            }
            super.changePassword(commandParameters);
            ((DatabaseDescriptorFactory.CMSDatabaseDescriptor) getDescriptor()).setPasswordProtected(!getPassword().equals(KeymanSettings.PASSWORDLESS_CMS_PASSWORD));
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.KeyStoreItemImpl
        protected List getEntryValidators(KeyStoreItem.ValidationMode validationMode) {
            if (entryValidators == null) {
                entryValidators = new HashMap();
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(super.getEntryValidators(KeyStoreItem.ValidationMode.IMPORT));
                arrayList.add(EntryValidatorFactory.newPrivateKeyTypeValidator(DSAPrivateKey.class));
                entryValidators.put(KeyStoreItem.ValidationMode.ADD, arrayList);
                entryValidators.put(KeyStoreItem.ValidationMode.IMPORT, arrayList);
            }
            return (List) entryValidators.get(validationMode);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyStoreItemFactory.KeyStoreItemImpl, com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public void validate() throws KeyManagerException {
            if (getPasswordExpiry() != null && getPasswordExpiry().before(Calendar.getInstance().getTime())) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.DATABASE_PASSWORD_EXPIRED, new String[]{getPasswordExpiry().toString()});
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyStoreItemFactory$KeyStoreItemImpl.class */
    public class KeyStoreItemImpl extends EntryInterfaceFactory.AbstractEntryInterface implements KeyStoreItem {
        private static final Map entryValidators = new HashMap();
        protected EntryInterfaceFactory.EntryInterface entryInterface;
        private final Class castClass;
        private final KeyCreatorFactory.KeyCreator keyCreator;

        public KeyStoreItemImpl(EntryInterfaceFactory.EntryInterface entryInterface, DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor, KeyCreatorFactory.KeyCreator keyCreator, Class cls) {
            super(entryInterface, databaseDescriptor);
            this.entryInterface = entryInterface;
            this.keyCreator = keyCreator;
            this.castClass = cls;
        }

        protected void addValidItem(Entry entry) throws KeyManagerException {
            this.entryInterface.add(entry);
            try {
                save();
            } catch (KeyManagerException e) {
                this.entryInterface.delete(entry);
                throw e;
            }
        }

        private void validateEntry(Entry entry, KeyStoreItem.ValidationMode validationMode) throws KeyManagerException {
            Iterator it = getEntryValidators(validationMode).iterator();
            while (it.hasNext()) {
                ((EntryValidatorFactory.EntryValidator) it.next()).validate(entry, this);
            }
        }

        protected List getEntryValidators(KeyStoreItem.ValidationMode validationMode) {
            return (List) entryValidators.get(validationMode);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public void addAll(Collection collection, boolean z, boolean z2, KeyStoreItem.ValidationMode validationMode) throws KeyManagerException {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Entry entry = (Entry) it.next();
                try {
                    validateEntry(entry, validationMode);
                    this.entryInterface.add(entry);
                } catch (KeyManagerException e) {
                    if (e.getReason() == KeyManagerException.ExceptionReason.ENTRY_EXISTS_FOR_KEY && z) {
                        continue;
                    } else if (e.getReason() != KeyManagerException.ExceptionReason.INVALID_ENTRY_TYPE || !z2) {
                        throw e;
                    }
                }
            }
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryBagFactory.EntryBag
        public void changePassword(CommandParameters commandParameters) throws KeyManagerException {
            this.entryInterface.changePassword(commandParameters);
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public boolean checkPassword(String str) {
            return this.entryInterface.getDescriptor().getPassword().equals(str);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public void clear() throws KeyManagerException {
            Iterator<E> it = new ArrayList(this.entryInterface.getAliases()).iterator();
            while (it.hasNext()) {
                this.entryInterface.delete((String) it.next());
            }
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.EntryInterface
        public void close() throws KeyManagerException {
            this.entryInterface.close();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.EntryInterface
        public void delete() throws KeyManagerException {
            this.entryInterface.delete();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryBagFactory.AbstractEntryContainerBag, com.ibm.gsk.ikeyman.keystore.EntryContainerFactory.EntryContainer
        public Collection getAliases() {
            TreeSet treeSet = new TreeSet(ComparatorFactory.newCollatedStringComparator());
            treeSet.addAll(this.entryInterface.getAliases());
            return treeSet;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public CertificateItem getCertificate(String str) throws KeyManagerException {
            Entry item = this.entryInterface.getItem(str);
            if (item instanceof CertificateItem) {
                return (CertificateItem) item;
            }
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_CERTIFICATE_FOR_LABEL, new String[]{str});
        }

        private static Collection getEntries(EntryInterfaceFactory.EntryInterface entryInterface, FilterFactory.Filter filter, Class cls) throws KeyManagerException {
            ArrayList arrayList = new ArrayList();
            Collection aliases = entryInterface.getAliases();
            ArrayList arrayList2 = new ArrayList();
            Iterator it = aliases.iterator();
            while (it.hasNext()) {
                arrayList2.add(entryInterface.getItem((String) it.next()));
            }
            Iterator it2 = filter.filter(arrayList2).iterator();
            while (it2.hasNext()) {
                arrayList.add(cls.cast((Entry) it2.next()));
            }
            Collections.sort(arrayList, new CertSortComparator(entryInterface));
            return arrayList;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.EntryInterface
        public DatabaseDescriptorFactory.DatabaseDescriptor getDescriptor() {
            return (DatabaseDescriptorFactory.DatabaseDescriptor) this.castClass.cast(this.entryInterface.getDescriptor());
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public Entry getEntry(PublicKey publicKey) throws KeyManagerException {
            ArrayList<PublicKeyItem> arrayList = new ArrayList();
            arrayList.addAll(getCertificates());
            arrayList.addAll(getCertificateRequests());
            for (PublicKeyItem publicKeyItem : arrayList) {
                if (publicKeyItem.getPublicKey().equals(publicKey)) {
                    return (Entry) publicKeyItem;
                }
                continue;
            }
            return null;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public Collection getCertificates() throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getTypeFilter(CertificateItem.class), CertificateItem.class);
        }

        protected Collection getCertificateRequests() throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getTypeFilter(CertificateRequestKeyItem.class), CertificateRequestKeyItem.class);
        }

        protected Collection getPersonalCerts() throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getTypeFilter(CertificateKeyItem.class), CertificateKeyItem.class);
        }

        protected Collection getSecretKeys() throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getTypeFilter(SecretKeyItem.class), SecretKeyItem.class);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public KeyStoreInfo getInfo() throws KeyManagerException {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(getCertificates());
            arrayList.addAll(getCertificateRequests());
            arrayList.addAll(getSecretKeys());
            return new KeyStoreInfo(getDescriptor(), getKeyCreator(), arrayList, this.entryInterface.getSupportedTypes());
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public String getPassword() {
            return getDescriptor().getPassword();
        }

        public Collection getSignerCerts() throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getListWhichFilter(Constants.ListFilter.CA), CertificateItem.class);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public String receiveCertificate(Collection collection) throws KeyManagerException {
            List reorderCertChain = EntryFactory.reorderCertChain(collection);
            CertificateItem certificateItem = (CertificateItem) reorderCertChain.remove(0);
            Entry entry = getEntry(certificateItem.getPublicKey());
            if (entry == null || !(entry instanceof PrivateKeyItem)) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_REQUEST_FOR_CERTIFICATE);
            }
            CertificateKeyItem newKeyItem = EntryFactory.newKeyItem(entry.getLabel(), ((PrivateKeyItem) entry).getPrivateKey(), new Certificate[]{certificateItem.getCert()});
            try {
                addAll(reorderCertChain, true, false, KeyStoreItem.ValidationMode.ADD);
                addValidItem(newKeyItem);
                refresh();
                if (getDescriptor().getType() == Constants.DatabaseType.CMS && (entry instanceof CertificateRequestItem)) {
                    delete(entry);
                }
                if ((entry instanceof PrivateKeyItem) && !((PrivateKeyItem) entry).getPrivateKey().equals(newKeyItem.getPrivateKey())) {
                    delete(entry);
                }
            } catch (KeyManagerException e) {
                if (e.getReason() != KeyManagerException.ExceptionReason.NO_REQUEST_FOR_LABEL) {
                    throw e;
                }
            }
            return entry.getLabel();
        }

        public void validate() throws KeyManagerException {
        }

        @Override // java.util.Comparator
        public boolean equals(Object obj) {
            return obj instanceof String ? getDescriptor().getFileName().equals(new File((String) obj).getAbsolutePath()) : super.equals(obj);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public Collection getEntries(Class cls) throws KeyManagerException {
            return getEntries(this.entryInterface, FilterFactory.getTypeFilter(cls), cls);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public Entry getEntry(String str, Class cls, KeyManagerException.ExceptionReason exceptionReason) throws KeyManagerException {
            Entry item = this.entryInterface.getItem(str);
            if (cls.isInstance(item)) {
                return (Entry) cls.cast(item);
            }
            throw new KeyManagerException(exceptionReason, new String[]{str});
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public boolean supportsEntry(Class cls) {
            return this.entryInterface.getEntryBag(cls) != null;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryBagFactory.EntryBag
        public void add(Entry entry) throws KeyManagerException {
            validateEntry(entry, KeyStoreItem.ValidationMode.ADD);
            addValidItem(entry);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryBagFactory.EntryBag
        public void delete(String str) throws KeyManagerException {
            super.delete(str);
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface, com.ibm.gsk.ikeyman.keystore.EntryBagFactory.EntryBag
        public void delete(Entry entry) throws KeyManagerException {
            super.delete(entry);
            save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.AbstractEntryInterface
        protected void reload() throws CancelledException, KeyManagerException {
            this.entryInterface.refresh();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.EntryInterfaceFactory.EntryInterface
        public void save() throws KeyManagerException {
            this.entryInterface.save();
        }

        @Override // com.ibm.gsk.ikeyman.keystore.ext.KeyStoreItem
        public KeyCreatorFactory.KeyCreator getKeyCreator() {
            return this.keyCreator;
        }

        static {
            entryValidators.put(KeyStoreItem.ValidationMode.ADD, new ArrayList());
            entryValidators.put(KeyStoreItem.ValidationMode.IMPORT, new ArrayList());
            ((List) entryValidators.get(KeyStoreItem.ValidationMode.ADD)).add(EntryValidatorFactory.newDuplicateLabelValidator());
            ((List) entryValidators.get(KeyStoreItem.ValidationMode.IMPORT)).add(EntryValidatorFactory.newDuplicateKeyValidator());
            ((List) entryValidators.get(KeyStoreItem.ValidationMode.IMPORT)).add(EntryValidatorFactory.newDuplicateLabelValidator());
        }
    }

    public static KeyStoreItem createKeyStore(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor, Collection collection) throws KeyManagerException, CancelledException {
        Debug.entering(new Object[]{databaseDescriptor, collection});
        switch (AnonymousClass1.$SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[databaseDescriptor.getType().ordinal()]) {
            case 1:
                Debug.exiting();
                return newCMSKeyStoreItem((DatabaseDescriptorFactory.CMSDatabaseDescriptor) databaseDescriptor, collection, false);
            case 2:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, collection, true, false);
            case 3:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, collection, false, false);
            case 4:
            case 5:
                Debug.exiting();
                return newPKCS12KeyStoreItem((DatabaseDescriptorFactory.PKCS12DatabaseDescriptor) databaseDescriptor, collection, false);
            default:
                throw new RuntimeException("not implemented for database type " + ((Object) databaseDescriptor.getType()));
        }
    }

    public static KeyStoreItem createKeyStore(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor) throws KeyManagerException, CancelledException {
        Debug.entering();
        switch (AnonymousClass1.$SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[databaseDescriptor.getType().ordinal()]) {
            case 1:
                Debug.exiting();
                return newCMSKeyStoreItem((DatabaseDescriptorFactory.CMSDatabaseDescriptor) databaseDescriptor, null, !REMOVE_SIGNERS_ENABLED);
            case 2:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, null, true, !REMOVE_SIGNERS_ENABLED);
            case 3:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, null, false, !REMOVE_SIGNERS_ENABLED);
            case 4:
            case 5:
                Debug.exiting();
                return newPKCS12KeyStoreItem((DatabaseDescriptorFactory.PKCS12DatabaseDescriptor) databaseDescriptor, null, !REMOVE_SIGNERS_ENABLED);
            default:
                throw new RuntimeException("not implemented for database type " + ((Object) databaseDescriptor.getType()));
        }
    }

    public static KeyStoreItem loadKeystore(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor) throws KeyManagerException, CancelledException {
        Debug.entering();
        switch (AnonymousClass1.$SwitchMap$com$ibm$gsk$ikeyman$command$Constants$DatabaseType[databaseDescriptor.getType().ordinal()]) {
            case 1:
                Debug.exiting();
                return newCMSKeyStoreItem((DatabaseDescriptorFactory.CMSDatabaseDescriptor) databaseDescriptor);
            case 2:
            default:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, true);
            case 3:
                Debug.exiting();
                return newBasicKeyStoreItem(databaseDescriptor, false);
            case 4:
            case 5:
                Debug.exiting();
                return newPKCS12KeyStoreItem((DatabaseDescriptorFactory.PKCS12DatabaseDescriptor) databaseDescriptor);
            case 6:
                Debug.exiting();
                return newPKCS11ImplKeyStoreItem((DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptor) databaseDescriptor);
            case 7:
                Debug.exiting();
                return newMSCAPIKeyStoreItem(databaseDescriptor);
            case 8:
                Debug.exiting();
                return newPKCS11ImplKeyStoreItem((DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptor) databaseDescriptor);
        }
    }

    public static KeyStoreItem newBasicKeyStoreItem(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor, boolean z) throws KeyManagerException, CancelledException {
        Debug.entering(new Object[]{databaseDescriptor});
        Debug.exiting();
        return getBasicKeyStoreItem(databaseDescriptor, false, z);
    }

    public static KeyStoreItem newBasicKeyStoreItem(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor, Collection collection, boolean z, boolean z2) throws KeyManagerException, CancelledException {
        Debug.entering(new Object[]{databaseDescriptor, collection});
        validateFileName(databaseDescriptor);
        KeyStoreItem basicKeyStoreItem = getBasicKeyStoreItem(databaseDescriptor, true, z);
        if (collection != null) {
            basicKeyStoreItem.addAll(collection, false, true, KeyStoreItem.ValidationMode.ADD);
        }
        if (z2) {
            addCACerts(basicKeyStoreItem);
        }
        basicKeyStoreItem.save();
        Debug.exiting(basicKeyStoreItem);
        return basicKeyStoreItem;
    }

    private static void validateFileName(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor) throws KeyManagerException {
        Debug.entering(new Object[]{databaseDescriptor});
        try {
            if (outputFilesExist(databaseDescriptor.getFileNameString())) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.OUTPUT_FILE_EXISTS, new String[]{databaseDescriptor.getFileNameString()});
            }
        } catch (SecurityException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_READ_PERMISSION, e, new String[]{databaseDescriptor.getFileNameString()});
        }
    }

    private static void addCACerts(KeyStoreItem keyStoreItem) throws KeyManagerException {
        Debug.entering(new Object[]{keyStoreItem});
        Iterator aliases = CACertificates.getAliases();
        while (aliases.hasNext()) {
            keyStoreItem.addAll(CACertificates.getCACertificates((String) aliases.next()), false, false, KeyStoreItem.ValidationMode.ADD);
        }
        Debug.exiting();
    }

    private static KeyStoreItem getBasicKeyStoreItem(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor, boolean z, boolean z2) throws CancelledException, KeyManagerException {
        KeyStoreProxyCreatorFactory.KeyStoreProxy create = databaseDescriptor.getType().getCreater().create(databaseDescriptor, z);
        create.getKeyStore();
        EntryInterfaceFactory.EntryInterface createRequestFile = z ? BasicCertificateRequestFile.createRequestFile(databaseDescriptor.getFileNameString(), databaseDescriptor.getPassword(), DatabaseDescriptorFactory.DatabaseDescriptor.class) : BasicCertificateRequestFile.loadRequestFile(databaseDescriptor.getFileNameString(), databaseDescriptor.getPassword(), DatabaseDescriptorFactory.DatabaseDescriptor.class);
        EntryBagFactory.EntryBag newKeyStoreCertificateBag = EntryBagFactory.newKeyStoreCertificateBag(create, ProtectionParameterCreatorFactory.newNullProtectionCreater(), databaseDescriptor.getPassword());
        EntryBagFactory.EntryBag newKeyStoreKeyBag = EntryBagFactory.newKeyStoreKeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), databaseDescriptor.getPassword());
        return new KeyStoreItemImpl(EntryInterfaceFactory.newCompoundEntryInterface(databaseDescriptor, new EntryInterfaceFactory.EntryInterface[]{EntryInterfaceFactory.newKeyStoreProxyEntryInterface(z2 ? EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{newKeyStoreCertificateBag, newKeyStoreKeyBag, EntryBagFactory.newKeyStoreSecretKeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), databaseDescriptor.getPassword())}) : EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{newKeyStoreCertificateBag, newKeyStoreKeyBag}), databaseDescriptor, create), createRequestFile}), databaseDescriptor, KeyCreatorFactory.getDefaultKeyCreator(KeymanUtil.getJCEProviderName()), DatabaseDescriptorFactory.DatabaseDescriptor.class);
    }

    public static KeyStoreItem newCMSKeyStoreItem(DatabaseDescriptorFactory.CMSDatabaseDescriptor cMSDatabaseDescriptor, Collection collection, boolean z) throws KeyManagerException, CancelledException {
        Debug.entering(new Object[]{cMSDatabaseDescriptor, collection});
        validateFileName(cMSDatabaseDescriptor);
        KeyStoreItem cMSKeyStoreItem = getCMSKeyStoreItem(cMSDatabaseDescriptor, true);
        cMSKeyStoreItem.clear();
        if (collection != null) {
            cMSKeyStoreItem.addAll(collection, false, true, KeyStoreItem.ValidationMode.ADD);
        }
        if (z) {
            addCACerts(cMSKeyStoreItem);
        }
        cMSKeyStoreItem.save();
        Debug.exiting(cMSKeyStoreItem);
        return cMSKeyStoreItem;
    }

    public static KeyStoreItem newCMSKeyStoreItem(DatabaseDescriptorFactory.CMSDatabaseDescriptor cMSDatabaseDescriptor) throws KeyManagerException, CancelledException {
        return getCMSKeyStoreItem(cMSDatabaseDescriptor, false);
    }

    private static KeyStoreItem getCMSKeyStoreItem(DatabaseDescriptorFactory.CMSDatabaseDescriptor cMSDatabaseDescriptor, boolean z) throws CancelledException, KeyManagerException {
        KeyStoreProxyCreatorFactory.KeyStoreProxy create = cMSDatabaseDescriptor.getType().getCreater().create(cMSDatabaseDescriptor, z);
        create.getKeyStore();
        return new CMSKeyStoreItemImpl(EntryInterfaceFactory.newCompoundEntryInterface(cMSDatabaseDescriptor, new EntryInterfaceFactory.EntryInterface[]{EntryInterfaceFactory.newKeyStoreProxyEntryInterface(EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{EntryBagFactory.newCMSKeyStoreCertificateBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), cMSDatabaseDescriptor.getPassword()), EntryBagFactory.newCMSKeyStoreKeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), cMSDatabaseDescriptor.getPassword())}), cMSDatabaseDescriptor, create), z ? CMSCertificateRequestFile.createRequestFile(cMSDatabaseDescriptor.getFileName(), cMSDatabaseDescriptor.getPassword()) : CMSCertificateRequestFile.loadRequestFile(cMSDatabaseDescriptor.getFileName(), cMSDatabaseDescriptor.getPassword())}), cMSDatabaseDescriptor, KeyCreatorFactory.getDefaultKeyCreator(KeymanUtil.getJCEProviderName()));
    }

    public static KeyStoreItem newPKCS12KeyStoreItem(DatabaseDescriptorFactory.PKCS12DatabaseDescriptor pKCS12DatabaseDescriptor) throws KeyManagerException, CancelledException {
        return getPKCS12KeyStoreItem(pKCS12DatabaseDescriptor, false);
    }

    private static KeyStoreItem getPKCS12KeyStoreItem(DatabaseDescriptorFactory.PKCS12DatabaseDescriptor pKCS12DatabaseDescriptor, boolean z) throws CancelledException, KeyManagerException {
        KeyStoreProxyCreatorFactory.KeyStoreProxy create = pKCS12DatabaseDescriptor.getType().getCreater().create(pKCS12DatabaseDescriptor, z);
        create.getKeyStore();
        KeyStoreItemImpl keyStoreItemImpl = new KeyStoreItemImpl(EntryInterfaceFactory.newKeyStoreProxyEntryInterface(EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{EntryBagFactory.newKeyStoreCertificateBag(create, ProtectionParameterCreatorFactory.newNullProtectionCreater(), pKCS12DatabaseDescriptor.getPassword()), EntryBagFactory.newKeyStoreKeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), pKCS12DatabaseDescriptor.getPassword()), EntryBagFactory.newPKCS11CertRequestBag(create, null, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), null, pKCS12DatabaseDescriptor.getPassword())}), pKCS12DatabaseDescriptor, create), pKCS12DatabaseDescriptor, KeyCreatorFactory.getDefaultKeyCreator(KeymanUtil.getJCEProviderName()), DatabaseDescriptorFactory.PKCS12DatabaseDescriptor.class);
        if (pKCS12DatabaseDescriptor.isPfxFile()) {
            doPfx(create.getKeyStore(), pKCS12DatabaseDescriptor.getPassword());
            keyStoreItemImpl.refresh();
        }
        return keyStoreItemImpl;
    }

    private static void doPfx(KeyStore keyStore, String str) throws KeyManagerException {
        String str2 = null;
        try {
            for (String str3 : Collections.list(keyStore.aliases())) {
                if (keyStore.isCertificateEntry(str3)) {
                    Certificate certificate = keyStore.getCertificate(str3);
                    keyStore.deleteEntry(str3);
                    str2 = keyStore.getCertificateAlias(certificate);
                    if (str2 == null || keyStore.isCertificateEntry(str2)) {
                        keyStore.setCertificateEntry(str3, certificate);
                    } else {
                        Key key = keyStore.getKey(str2, str.toCharArray());
                        Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                        keyStore.deleteEntry(str2);
                        keyStore.setKeyEntry(str3, key, str.toCharArray(), certificateChain);
                    }
                }
            }
        } catch (KeyStoreException e) {
            throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.UNINITIALISED_KEY_STORE, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e2, new String[]{e2.getMessage()});
        } catch (UnrecoverableKeyException e3) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.UNRECOVERABLE_ENTRY, e3, new String[]{str2});
        }
    }

    private static KeyStoreItem newPKCS12KeyStoreItem(DatabaseDescriptorFactory.PKCS12DatabaseDescriptor pKCS12DatabaseDescriptor, Collection collection, boolean z) throws KeyManagerException, CancelledException {
        Debug.entering(new Object[]{pKCS12DatabaseDescriptor, collection, Boolean.valueOf(z)});
        validateFileName(pKCS12DatabaseDescriptor);
        KeyStoreItem pKCS12KeyStoreItem = getPKCS12KeyStoreItem(pKCS12DatabaseDescriptor, true);
        if (collection != null) {
            pKCS12KeyStoreItem.addAll(collection, false, true, KeyStoreItem.ValidationMode.ADD);
        }
        if (z) {
            addCACerts(pKCS12KeyStoreItem);
        }
        pKCS12KeyStoreItem.save();
        Debug.exiting(pKCS12KeyStoreItem);
        return pKCS12KeyStoreItem;
    }

    public static KeyStoreItem newPKCS11ImplKeyStoreItem(DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptor pKCS11ImplDatabaseDescriptor) throws KeyManagerException, CancelledException {
        return getPKCS11ImplKeyStoreItem(pKCS11ImplDatabaseDescriptor);
    }

    private static KeyStoreItem getPKCS11ImplKeyStoreItem(DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptor pKCS11ImplDatabaseDescriptor) throws CancelledException, KeyManagerException {
        KeyStoreProxyCreatorFactory.KeyStoreProxy create = pKCS11ImplDatabaseDescriptor.getType().getCreater().create(pKCS11ImplDatabaseDescriptor, false);
        KeyStoreItemImpl keyStoreItemImpl = null;
        if (pKCS11ImplDatabaseDescriptor.getSecondaryDescriptor() != null) {
            keyStoreItemImpl = (KeyStoreItemImpl) loadKeystore(pKCS11ImplDatabaseDescriptor.getSecondaryDescriptor());
        }
        TypeDisplayerFactory.TypeDisplayer newPKCS11EntryDisplayer = pKCS11ImplDatabaseDescriptor instanceof DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptorConfig ? TypeDisplayerFactory.newPKCS11EntryDisplayer(((DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptorConfig) pKCS11ImplDatabaseDescriptor).getTokenLabel()) : TypeDisplayerFactory.newPKCS11EntryDisplayer(((DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptorDirect) pKCS11ImplDatabaseDescriptor).getSlotNumber() + "");
        EntryInterfaceFactory.EntryInterface newKeyStoreProxyEntryInterface = EntryInterfaceFactory.newKeyStoreProxyEntryInterface(EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{EntryBagFactory.newPKCS11CertificateBag(create, ProtectionParameterCreatorFactory.newNullProtectionCreater(), newPKCS11EntryDisplayer, pKCS11ImplDatabaseDescriptor.getPassword()), EntryBagFactory.newPKCS11KeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), newPKCS11EntryDisplayer, pKCS11ImplDatabaseDescriptor.getPassword()), EntryBagFactory.newPKCS11CertRequestBag(create, pKCS11ImplDatabaseDescriptor.getProvider(), ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), newPKCS11EntryDisplayer, pKCS11ImplDatabaseDescriptor.getPassword()), EntryBagFactory.newPKCS11SecretKeyBag(create, ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), newPKCS11EntryDisplayer, pKCS11ImplDatabaseDescriptor.getPassword())}), pKCS11ImplDatabaseDescriptor, create);
        return new KeyStoreItemImpl(keyStoreItemImpl != null ? EntryInterfaceFactory.newPrimarySecondaryInterface(pKCS11ImplDatabaseDescriptor, newKeyStoreProxyEntryInterface, keyStoreItemImpl.entryInterface) : newKeyStoreProxyEntryInterface, pKCS11ImplDatabaseDescriptor, KeyCreatorFactory.getPKCS11KeyCreator(pKCS11ImplDatabaseDescriptor.getProvider()), DatabaseDescriptorFactory.PKCS11ImplDatabaseDescriptor.class);
    }

    public static KeyStoreItem newMSCAPIKeyStoreItem(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor) throws KeyManagerException, CancelledException {
        return getMSCAPIKeyStoreItem(databaseDescriptor);
    }

    private static KeyStoreItem getMSCAPIKeyStoreItem(DatabaseDescriptorFactory.DatabaseDescriptor databaseDescriptor) throws CancelledException, KeyManagerException {
        databaseDescriptor.setPassword("");
        KeyStoreProxyCreatorFactory.KeyStoreProxy create = databaseDescriptor.getType().getCreater().create(databaseDescriptor, false);
        return new KeyStoreItemImpl(EntryInterfaceFactory.newKeyStoreProxyEntryInterface(EntryBagFactory.newBagCollection(new EntryBagFactory.EntryBag[]{EntryBagFactory.newKeyStoreCertificateBag(create, ProtectionParameterCreatorFactory.newNullProtectionCreater(), databaseDescriptor.getPassword()), EntryBagFactory.newKeyStoreKeyBag(KeyStoreProxyCreatorFactory.newMSCapiKeyStoreCreater(KeyStoreProxyCreatorFactory.MSCapiType.MY).create(databaseDescriptor, false), ProtectionParameterCreatorFactory.newPasswordProtectionCreater(), databaseDescriptor.getPassword())}), databaseDescriptor, create), databaseDescriptor, KeyCreatorFactory.getDefaultKeyCreator(KeymanUtil.getJCEProviderName()), DatabaseDescriptorFactory.DatabaseDescriptor.class);
    }

    private static boolean outputFilesExist(String str) {
        return new File(str).exists();
    }
}
