package com.tivoli.core.ns;

import com.ibm.distman.voyagerx.security.ssl.sslite.CA;
import com.ibm.distman.voyagerx.security.ssl.sslite.SSLCert;
import com.ibm.distman.voyagerx.security.ssl.sslite.SSLToken;
import com.ibm.logging.ILogger;
import com.tivoli.util.logging.LogManagerFactory;
import java.io.File;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;

/* JADX WARN: Classes with same name are omitted:
  input_file:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/NSCA.class
 */
/* loaded from: input_file:com.tivoli.eDMS_1.8.0.20050921D.jar:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/NSCA.class */
public class NSCA extends CA {
    private static final String COPYRIGHT = "\nLicensed Materials - Property of IBM\n\n5698-TKS\n\nCopyright IBM Corp. 1999, 2000 All Rights Reserved\n\nUS Government Users Restricted Rights - Use, duplication or disclosure\nrestricted by GSA ADP Schedule Contract with IBM Corp.\n";
    private static final String sClassRevision = "$Revision: @(#)49 1.9 orb/src/com/tivoli/core/ns/NSCA.java, mm_orb, mm_orb_dev 00/11/02 12:03:33 $";
    String className = "com.tivoli.core.ns.NSCA";
    private static final String tmsFile = "com.tivoli.core.ns.tms.FNG_ns_msg";
    private static String CA_POLICY = "version=1.0\nkeyLength=1024\nkeyAlg=RSA\nactiveSpan=6y\nmaxValiditySpan=4y\nissueRecoverSpan=14d\npurgeCASpan=1y\ncrlInterval=14d\nmaintenanceInterval=1d\npurgeRASpan=14d\nclockDriftSpan=1d\nissuerNameTemplate=cn=Tivoli Kernel Services CA([###]), o=Tivoli Systems, c=US\n";
    private static ILogger trace;
    private static ILogger logger;

    /* JADX WARN: Classes with same name are omitted:
      input_file:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/NSCA$VaultParams.class
     */
    /* loaded from: input_file:com.tivoli.eDMS_1.8.0.20050921D.jar:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/NSCA$VaultParams.class */
    class VaultParams {
        private final NSCA this$0;
        String vaultFileName;
        String stashFileName;

        VaultParams(NSCA nsca, String str, String str2) {
            this.this$0 = nsca;
            this.vaultFileName = null;
            this.stashFileName = null;
            this.vaultFileName = str;
            this.stashFileName = str2;
        }
    }

    static {
        trace = null;
        logger = null;
        logger = LogManagerFactory.getMessageLogger(INetSecMsgKeys.NS_LOGGER);
        logger.setMessageFile("com.tivoli.core.ns.tms.FNG_ns_msg");
        trace = LogManagerFactory.getTraceLogger(INetSecMsgKeys.NS_TRACER);
    }

    public NSCA() {
        if (trace.isLogging()) {
            trace.entry(1048576L, this.className, "<INIT>()");
        }
        if (trace.isLogging()) {
            trace.exit(1048576L, this.className, "<INIT>()");
        }
    }

    public SSLCert[] caPublicCerts() {
        SSLCert[] caPrivateCerts = caPrivateCerts();
        SSLCert[] sSLCertArr = new SSLCert[caPrivateCerts.length];
        if (trace.isLogging()) {
            trace.entry(1048576L, this.className, "caPublicCerts()");
        }
        for (int i = 0; i < sSLCertArr.length; i++) {
            sSLCertArr[i] = new SSLCert(caPrivateCerts[i].encode(), (String) null);
            if (trace.isLogging()) {
                trace.text(524289L, this.className, "caPublicCerts()", new StringBuffer("Public CA Cert: ").append(NSUtil.certToString(sSLCertArr[i])).toString());
            }
        }
        if (trace.isLogging()) {
            trace.exit(1048576L, this.className, "caPublicCerts()");
        }
        return sSLCertArr;
    }

    public SSLCert getIssuerPrivateCert(SSLCert sSLCert) {
        SSLCert sSLCert2 = null;
        SSLCert signerCertificate = sSLCert.signerCertificate();
        SSLCert[] caPrivateCerts = caPrivateCerts();
        boolean z = false;
        for (int i = 0; i < caPrivateCerts.length && !z; i++) {
            if (signerCertificate != null) {
                if (signerCertificate.issuerName().equals(caPrivateCerts[i].issuerName()) && Arrays.equals(signerCertificate.serialNumber(), caPrivateCerts[i].serialNumber())) {
                    z = true;
                }
            } else if (sSLCert.issuerName().equals(caPrivateCerts[i].subjectName()) && caPrivateCerts[i].validates(sSLCert, false)) {
                z = true;
            }
            if (z) {
                sSLCert2 = caPrivateCerts[i];
                if (trace.isLogging()) {
                    trace.text(524288L, this.className, "getIssuerPrivateCert(SSLCert)", "Found issuing private cert {0}", NSUtil.certToString(caPrivateCerts[i]));
                }
            }
        }
        if (trace.isLogging()) {
            if (sSLCert2 == null) {
                trace.text(524288L, this.className, "getIssuerPrivateCert(SSLCert)", "Could not locate issuing certificate!");
            }
            trace.exit(1048576L, this.className, "getIssuerPrivateCert(SSLCert)");
        }
        return sSLCert2;
    }

    protected synchronized SSLToken loadToken(Object obj) {
        Vault vault = null;
        VaultParams vaultParams = (VaultParams) obj;
        trace.entry(1048576L, this.className, "loadToken(Oject1)");
        trace.text(524289L, this.className, "loadToken(Oject1)", "Certification Authority Vault File: {0}", vaultParams.vaultFileName);
        trace.text(524289L, this.className, "loadToken(Oject1)", "Certification Authority Stash File: {0}", vaultParams.stashFileName);
        try {
            vault = new Vault();
            vault.setPath(vaultParams.vaultFileName, vaultParams.stashFileName);
            vault.open();
        } catch (IOException e) {
            logger.exception(4L, this.className, "loadToken(Oject1)", e);
            NetworkSecurityException networkSecurityException = new NetworkSecurityException("CA_COULD_NOT_LOAD_CA_VAULT", "com.tivoli.core.ns.tms.FNG_ns_msg", vaultParams.vaultFileName, e);
            if (trace.isLogging()) {
                trace.exception(262144L, this.className, "loadToken(Oject1)", networkSecurityException);
            }
            desaster(0, "", networkSecurityException);
        }
        if (trace.isLogging()) {
            trace.exit(1048576L, this.className, "loadToken(Oject1)");
        }
        return vault;
    }

    public void startCA(String str, String str2, String str3) throws NetworkSecurityException {
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction(str3, "startCA(String,String,String)", str2, this, str) { // from class: com.tivoli.core.ns.NSCA.1
                private final String val$stashFileName;
                private final String val$vaultFileName;
                private final String val$caRootDirectory;
                private final String val$methodName;
                private final NSCA this$0;

                {
                    this.val$caRootDirectory = str3;
                    this.val$methodName = r5;
                    this.val$stashFileName = str2;
                    this.this$0 = this;
                    this.val$vaultFileName = str;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws NetworkSecurityException {
                    NSCA.trace.entry(1048576L, this.this$0.className, this.val$methodName);
                    File file = new File(this.val$caRootDirectory);
                    if (file.exists()) {
                        this.this$0.init((CA) null, CoreNSConstants.DEFAULT_CA_NAME, new VaultParams(this.this$0, this.val$vaultFileName, this.val$stashFileName), file.getAbsolutePath(), NSCA.CA_POLICY);
                        NSCA.trace.exit(1048576L, this.this$0.className, this.val$methodName);
                        return null;
                    }
                    NetworkSecurityException networkSecurityException = new NetworkSecurityException("CA_ROOT_DIRECTORY_MISSING", "com.tivoli.core.ns.tms.FNG_ns_msg", null);
                    NSCA.logger.exception(4L, this.this$0.className, this.val$methodName, networkSecurityException);
                    if (NSCA.trace.isLogging()) {
                        NSCA.trace.exception(262144L, this.this$0.className, this.val$methodName, networkSecurityException);
                    }
                    throw networkSecurityException;
                }
            });
        } catch (PrivilegedActionException e) {
            logger.exception(4L, this.className, "startCA(String,String,String)", e);
            if (!(e.getException() instanceof NetworkSecurityException)) {
                throw new NetworkSecurityException("UNKNOWN_ERROR", "com.tivoli.core.ns.tms.FNG_ns_msg", e.getException());
            }
            throw ((NetworkSecurityException) e.getException());
        }
    }

    protected synchronized void updateToken(SSLToken sSLToken, Object obj) {
        boolean z = false;
        if (trace.isLogging()) {
            trace.entry(1048576L, this.className, "updateToken(SSLToken , Object)");
        }
        while (!z) {
            try {
                ((Vault) sSLToken).save();
                ((Vault) sSLToken).open();
                z = true;
            } catch (IOException e) {
                logger.exception(4L, this.className, "updateToken(SSLToken , Object)", e);
                NetworkSecurityException networkSecurityException = new NetworkSecurityException("CA_COULD_NOT_UPDATE_CA_VAULT", "com.tivoli.core.ns.tms.FNG_ns_msg", ((Vault) sSLToken).getPath(), e);
                if (trace.isLogging()) {
                    trace.exception(262144L, this.className, "updateToken(SSLToken , Object)", networkSecurityException);
                }
                desaster(0, "", networkSecurityException);
            }
        }
        if (trace.isLogging()) {
            trace.exit(1048576L, this.className, "updateToken(SSLToken , Object)");
        }
    }
}
