package com.tivoli.core.ns;

import com.ibm.db2.jcc.t2zos.m;
import com.ibm.distman.voyagerx.security.ssl.sslite.PKI;
import com.ibm.distman.voyagerx.security.ssl.sslite.SMIME;
import com.ibm.distman.voyagerx.security.ssl.sslite.SSLCert;
import com.ibm.distman.voyagerx.security.ssl.sslite.SSLName;
import com.ibm.distman.voyagerx.security.ssl.sslite.SSLRuntimeException;
import com.ibm.logging.ILogger;
import com.tivoli.util.logging.LogManagerFactory;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Date;

/* JADX WARN: Classes with same name are omitted:
  input_file:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/RaServer.class
 */
/* loaded from: input_file:com.tivoli.eDMS_1.8.0.20050921D.jar:DMSDependencies/mm_orb.jar:com/tivoli/core/ns/RaServer.class */
public class RaServer implements IRegistrationAuthority {
    private static final String COPYRIGHT = "\nLicensed Materials - Property of IBM\n\n5698-TKS\n\nCopyright IBM Corp. 1999, 2000 All Rights Reserved\n\nUS Government Users Restricted Rights - Use, duplication or disclosure\nrestricted by GSA ADP Schedule Contract with IBM Corp.\n";
    private static final String sClassRevision = "$Revision: @(#)55 1.8 orb/src/com/tivoli/core/ns/RaServer.java, mm_orb, mm_orb_dev 00/11/01 10:07:04 $";
    private static final String tmsFile = "com.tivoli.core.ns.tms.FNG_ns_msg";
    public final String CLASS_NAME = "com.tivoli.core.ns.RaServer";
    private NSCA ca;
    private static ILogger trace;
    private static ILogger logger;

    static {
        trace = null;
        logger = null;
        logger = LogManagerFactory.getMessageLogger(INetSecMsgKeys.NS_LOGGER);
        logger.setMessageFile("com.tivoli.core.ns.tms.FNG_ns_msg");
        trace = LogManagerFactory.getTraceLogger(INetSecMsgKeys.NS_TRACER);
    }

    public RaServer() {
        this.ca = null;
        if (trace.isLogging()) {
            trace.entry(1048576L, "com.tivoli.core.ns.RaServer", "<INIT>()");
        }
        this.ca = getCertificationAuthorityPriv();
        if (trace.isLogging()) {
            trace.exit(1048576L, "com.tivoli.core.ns.RaServer", "<INIT>()");
        }
    }

    @Override // com.tivoli.core.ns.IRegistrationAuthority
    public void confirmCertificate(byte[] bArr) throws NetworkSecurityException {
        if (trace.isLogging()) {
            trace.entry(1048576L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])");
        }
        try {
            SMIME smime = new SMIME(bArr, (byte[]) null, this.ca.caPublicCerts());
            if (!smime.validFlags[0]) {
                NetworkSecurityException networkSecurityException = new NetworkSecurityException("CONFIRM_SIGNATURE_NOT_VERIFIED", "com.tivoli.core.ns.tms.FNG_ns_msg", null);
                logger.exception(4L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException);
                if (trace.isLogging()) {
                    trace.exception(512L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException);
                }
                throw networkSecurityException;
            }
            try {
                if (!new String(smime.content, m.e).equals("CONFIRMATION")) {
                    NetworkSecurityException networkSecurityException2 = new NetworkSecurityException("CONFIRMATION_FAILED_INVALID_MESSAGE_CONTENT", "com.tivoli.core.ns.tms.FNG_ns_msg", null);
                    logger.exception(4L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException2);
                    if (trace.isLogging()) {
                        trace.exception(512L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException2);
                    }
                    throw networkSecurityException2;
                }
            } catch (UnsupportedEncodingException e) {
                logger.exception(4L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", e);
                if (trace.isLogging()) {
                    trace.exception(512L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", e);
                }
            }
            SSLName sSLName = smime.issuers[0];
            byte[] bArr2 = smime.serialNumbers[0];
            if (!sSLName.equals(smime.certs[0].issuerName()) || !Arrays.equals(bArr2, smime.certs[0].serialNumber())) {
                NetworkSecurityException networkSecurityException3 = new NetworkSecurityException("ATTCHD_CRT_DSNT_MTCH_SIG", "com.tivoli.core.ns.tms.FNG_ns_msg", null);
                logger.exception(4L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException3);
                if (trace.isLogging()) {
                    trace.exception(512L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", networkSecurityException3);
                }
                throw networkSecurityException3;
            }
            if (trace.isLogging()) {
                trace.text(262144L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", new StringBuffer("Confirming Certificate: ").append(NSUtil.certToString(smime.certs[0])).toString());
            }
            if (trace.isLogging()) {
                trace.exit(1048576L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])");
            }
        } catch (SSLRuntimeException e2) {
            logger.exception(4L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", e2);
            if (trace.isLogging()) {
                trace.exception(512L, "com.tivoli.core.ns.RaServer", "confirmCertificate(byte[])", e2);
            }
            throw new NetworkSecurityException("CONFIRMATION_FAILED_BAD_SIGNED_DATA", "com.tivoli.core.ns.tms.FNG_ns_msg", e2);
        }
    }

    private NSCA getCertificationAuthorityPriv() {
        return (NSCA) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.tivoli.core.ns.RaServer.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return NetSecurityFactory.getCertificationAuthority();
            }
        });
    }

    @Override // com.tivoli.core.ns.IRegistrationAuthority
    public byte[] getTrustedRootCertificates(byte[] bArr) throws NetworkSecurityException {
        SSLCert sSLCert = null;
        if (trace.isLogging()) {
            trace.entry(1048576L, "com.tivoli.core.ns.RaServer", "getTrustedRootCertificates()");
        }
        SSLCert[] caPublicCerts = this.ca.caPublicCerts();
        if (bArr != null && bArr.length != 0) {
            sSLCert = this.ca.getIssuerPrivateCert(new SSLCert(bArr, (String) null));
            if (sSLCert == null) {
                NetworkSecurityException networkSecurityException = new NetworkSecurityException("SIGNER_CERT_NOT_FOUND", "com.tivoli.core.ns.tms.FNG_ns_msg", null);
                logger.exception(4L, "com.tivoli.core.ns.RaServer", "getTrustedRootCertificates()", networkSecurityException);
                if (trace.isLogging()) {
                    trace.exception(262144L, "com.tivoli.core.ns.RaServer", "getTrustedRootCertificates()", networkSecurityException);
                }
                throw networkSecurityException;
            }
        }
        if (trace.isLogging()) {
            trace.text(1048577L, "com.tivoli.core.ns.RaServer", "getTrustedRootCertificates()", "Packaging certificates");
        }
        byte[] signAndPackageCerts = NSUtil.signAndPackageCerts(caPublicCerts, sSLCert);
        if (trace.isLogging()) {
            trace.exit(1048576L, "com.tivoli.core.ns.RaServer", "getTrustedRootCertificates()");
        }
        return signAndPackageCerts;
    }

    @Override // com.tivoli.core.ns.IRegistrationAuthority
    public byte[] issueNewCertificate(byte[][] bArr, byte[] bArr2) throws NetworkSecurityException {
        trace.entry(1048576L, "com.tivoli.core.ns.RaServer", "issueNewCertificate(byte[], byte[])");
        try {
            Object[] verifyCertRequest = PKI.verifyCertRequest(bArr2);
            trace.text(524289L, "com.tivoli.core.ns.RaServer", "issueNewCertificate(byte[], byte[])", "Certificate Request Subject Info: {0}", PKI.x500Name(verifyCertRequest[0], 0).toString());
            SSLCert issueCert = this.ca.issueCert(0, (String) null, (byte[]) verifyCertRequest[0], (byte[]) null, (Date) null, (SSLCert) verifyCertRequest[1], (byte[]) null, 0L);
            SSLCert[] caPublicCerts = this.ca.caPublicCerts();
            SSLCert[] sSLCertArr = new SSLCert[caPublicCerts.length + 1];
            sSLCertArr[0] = issueCert;
            System.arraycopy(caPublicCerts, 0, sSLCertArr, 1, caPublicCerts.length);
            byte[] signAndPackageCerts = NSUtil.signAndPackageCerts(sSLCertArr, this.ca.getIssuerPrivateCert(issueCert));
            if (trace.isLogging()) {
                trace.exit(1048576L, "com.tivoli.core.ns.RaServer", "issueNewCertificate(byte[], byte[])");
            }
            return signAndPackageCerts;
        } catch (SSLRuntimeException e) {
            NetworkSecurityException networkSecurityException = new NetworkSecurityException("ORB_CERT_REQ_VERIFICATION_FAILED", "com.tivoli.core.ns.tms.FNG_ns_msg", e);
            logger.exception(4L, "com.tivoli.core.ns.RaServer", "issueNewCertificate(byte[], byte[])", networkSecurityException);
            if (trace.isLogging()) {
                trace.exception(262144L, "com.tivoli.core.ns.RaServer", "issueNewCertificate(byte[], byte[])", networkSecurityException);
            }
            throw networkSecurityException;
        }
    }

    @Override // com.tivoli.core.ns.IRegistrationAuthority
    public byte[] updateCertificate(byte[] bArr) throws NetworkSecurityException {
        if (trace.isLogging()) {
            trace.entry(1048576L, "com.tivoli.core.ns.RaServer", "updateCertificate(byte[])");
        }
        if (!trace.isLogging()) {
            return null;
        }
        trace.exit(1048576L, "com.tivoli.core.ns.RaServer", "updateCertificate(byte[])");
        return null;
    }
}
