package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.icu.impl.CalendarAstronomer;
import com.ibm.security.certclient.util.PkSsCertFactory;
import com.ibm.security.certclient.util.PkSsCertificate;
import com.ibm.websphere.crypto.KeyPair;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.ssl.core.TraceNLSHelper;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Date;

/* loaded from: input_file:bridge.jar:com/ibm/ws/ssl/config/CertificateManager.class */
public class CertificateManager {
    private static final TraceComponent tc;
    private static CertificateManager thisClass;
    static Class class$com$ibm$ws$ssl$config$CertificateManager;
    static Class class$java$io$File;
    static Class class$java$lang$String;
    static Class class$java$security$KeyStore;

    private CertificateManager() {
    }

    public static CertificateManager getInstance() {
        if (thisClass == null) {
            thisClass = new CertificateManager();
        }
        return thisClass;
    }

    public Certificate selfSignedCertificateCreate(CertReqInfo certReqInfo) throws Exception {
        Class<?> cls;
        Class<?> cls2;
        Class<?> cls3;
        Class<?> cls4;
        Class<?> cls5;
        Class<?> cls6;
        Class<?> cls7;
        Class<?> cls8;
        Class<?> cls9;
        Class<?> cls10;
        Class<?> cls11;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "selfSignedCertificateCreate", new Object[]{certReqInfo});
        }
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        String subjectDN = certReqInfo.getSubjectDN();
        String label = certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        KeyStoreInfo ksInfo = certReqInfo.getKsInfo();
        String location = ksInfo.getLocation();
        String type = ksInfo.getType();
        String provider = ksInfo.getProvider();
        String password = ksInfo.getPassword();
        Boolean stashFile = ksInfo.getStashFile();
        try {
            try {
                Date date = new Date();
                date.setTime(date.getTime() - CalendarAstronomer.DAY_MS);
                PkSsCertificate newSsCert = !JSSEProviderFactory.isFipsEnabled() ? PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, "IBMJCE") : PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, Constants.IBMJCEFIPS_NAME);
                try {
                    Tr.audit(tc, new StringBuffer().append("Self Signed Certificate: notBefore time: ").append(newSsCert.getCertificate().getNotBefore().toString()).append(" notAfter time: ").append(newSsCert.getCertificate().getNotAfter().toString()).toString());
                } catch (Throwable th) {
                }
                KeyStore keyStore = KeyStore.getInstance(type, provider);
                File file = new File(location);
                if (!file.exists()) {
                    keyStore.load(null, password.toCharArray());
                } else if (type == null || !(type.equals(Constants.KEYSTORE_TYPE_CMS) || type.equals(Constants.KEYSTORE_TYPE_CMS_OS400))) {
                    inputStream = KeyStoreManager.getInstance().getInputStream(location, true);
                    keyStore.load(inputStream, password.toCharArray());
                } else {
                    Class<?> cls12 = Class.forName("com.ibm.ws.ssl.config.CMSKeyStoreUtility");
                    Class<?>[] clsArr = new Class[6];
                    if (class$java$io$File == null) {
                        cls = class$("java.io.File");
                        class$java$io$File = cls;
                    } else {
                        cls = class$java$io$File;
                    }
                    clsArr[0] = cls;
                    if (class$java$lang$String == null) {
                        cls2 = class$("java.lang.String");
                        class$java$lang$String = cls2;
                    } else {
                        cls2 = class$java$lang$String;
                    }
                    clsArr[1] = cls2;
                    if (class$java$lang$String == null) {
                        cls3 = class$("java.lang.String");
                        class$java$lang$String = cls3;
                    } else {
                        cls3 = class$java$lang$String;
                    }
                    clsArr[2] = cls3;
                    if (class$java$lang$String == null) {
                        cls4 = class$("java.lang.String");
                        class$java$lang$String = cls4;
                    } else {
                        cls4 = class$java$lang$String;
                    }
                    clsArr[3] = cls4;
                    if (class$java$lang$String == null) {
                        cls5 = class$("java.lang.String");
                        class$java$lang$String = cls5;
                    } else {
                        cls5 = class$java$lang$String;
                    }
                    clsArr[4] = cls5;
                    if (class$java$lang$String == null) {
                        cls6 = class$("java.lang.String");
                        class$java$lang$String = cls6;
                    } else {
                        cls6 = class$java$lang$String;
                    }
                    clsArr[5] = cls6;
                    keyStore = (KeyStore) cls12.getMethod("loadCMSKeyStore", clsArr).invoke(cls12.newInstance(), file, location, password, type, provider, stashFile.toString());
                }
                newSsCert.setToKeyStore(label, password, keyStore);
                Certificate certificate = keyStore.getCertificate(label);
                if (type == null || !(type.equals(Constants.KEYSTORE_TYPE_CMS) || type.equals(Constants.KEYSTORE_TYPE_CMS_OS400))) {
                    fileOutputStream = new FileOutputStream(location);
                    keyStore.store(fileOutputStream, password.toCharArray());
                } else {
                    Class<?> cls13 = Class.forName("com.ibm.ws.ssl.config.CMSKeyStoreUtility");
                    Class<?>[] clsArr2 = new Class[5];
                    if (class$java$security$KeyStore == null) {
                        cls7 = class$("java.security.KeyStore");
                        class$java$security$KeyStore = cls7;
                    } else {
                        cls7 = class$java$security$KeyStore;
                    }
                    clsArr2[0] = cls7;
                    if (class$java$lang$String == null) {
                        cls8 = class$("java.lang.String");
                        class$java$lang$String = cls8;
                    } else {
                        cls8 = class$java$lang$String;
                    }
                    clsArr2[1] = cls8;
                    if (class$java$lang$String == null) {
                        cls9 = class$("java.lang.String");
                        class$java$lang$String = cls9;
                    } else {
                        cls9 = class$java$lang$String;
                    }
                    clsArr2[2] = cls9;
                    if (class$java$lang$String == null) {
                        cls10 = class$("java.lang.String");
                        class$java$lang$String = cls10;
                    } else {
                        cls10 = class$java$lang$String;
                    }
                    clsArr2[3] = cls10;
                    if (class$java$lang$String == null) {
                        cls11 = class$("java.lang.String");
                        class$java$lang$String = cls11;
                    } else {
                        cls11 = class$java$lang$String;
                    }
                    clsArr2[4] = cls11;
                    cls13.getMethod("storeCMSKeyStore", clsArr2).invoke(cls13.newInstance(), keyStore, location, password, type, stashFile.toString());
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "selfSignedCertificateCreate");
                }
                return certificate;
            } catch (Throwable th2) {
                if (0 != 0) {
                    inputStream.close();
                }
                if (0 != 0) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error creating keystore or certificate.", new Object[]{e});
            }
            Tr.error(tc, "ssl.self.signed.create.error.CWPKI0032E", new Object[]{e.getMessage()});
            throw new SSLException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.self.signed.create.error.CWPKI0032E", new Object[]{e.getMessage()}, new StringBuffer().append("Error creating a self-signed certificate.  The exception is ").append(e.getMessage()).toString()), e);
        }
    }

    public KeyPair generateKeyPair(CertReqInfo certReqInfo) throws KeyException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateKeyPair", new Object[]{certReqInfo});
        }
        String subjectDN = certReqInfo.getSubjectDN();
        certReqInfo.getLabel();
        int size = certReqInfo.getSize();
        int validDays = certReqInfo.getValidDays();
        try {
            Date date = new Date();
            date.setTime(date.getTime() - CalendarAstronomer.DAY_MS);
            PkSsCertificate newSsCert = !JSSEProviderFactory.isFipsEnabled() ? PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, "IBMJCE") : PkSsCertFactory.newSsCert(size, subjectDN, validDays, date, true, true, Constants.IBMJCEFIPS_NAME);
            if (newSsCert == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "generateKeyPair");
                }
                throw new KeyException("Error generating key pair.");
            }
            Certificate[] certificateArr = {newSsCert.getCertificate()};
            PrivateKey key = newSsCert.getKey();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "generateKeyPair");
            }
            return new KeyPair(certificateArr, key);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error creating keystore or certificate.", new Object[]{e});
            }
            Tr.error(tc, "ssl.self.signed.create.error.CWPKI0032E", new Object[]{e.getMessage()});
            String formattedMessage = TraceNLSHelper.getInstance().getFormattedMessage("ssl.self.signed.create.error.CWPKI0032E", new Object[]{e.getMessage()}, new StringBuffer().append("Error creating a self-signed certificate.  The exception is ").append(e.getMessage()).toString());
            if (e instanceof KeyException) {
                throw ((KeyException) e);
            }
            throw new KeyException(formattedMessage, e);
        }
    }

    public boolean isKeyCertJarAvailable() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isKeyCertJarAvailable");
        }
        boolean z = true;
        try {
            Thread.currentThread().getContextClassLoader().loadClass("com.ibm.security.certclient.util.PkSsCertFactory");
        } catch (ClassNotFoundException e) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "isKeyCertJarAvailable", new StringBuffer().append("Unable to load class \"").append("com.ibm.security.certclient.util.PkSsCertFactory").append("\".").toString());
            }
            z = false;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isKeyCertJarAvailable", Boolean.valueOf(z));
        }
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$ssl$config$CertificateManager == null) {
            cls = class$("com.ibm.ws.ssl.config.CertificateManager");
            class$com$ibm$ws$ssl$config$CertificateManager = cls;
        } else {
            cls = class$com$ibm$ws$ssl$config$CertificateManager;
        }
        tc = Tr.register(cls, "SSL", "com.ibm.ws.ssl.resources.ssl");
        thisClass = null;
    }
}
