package com.ibm.it.rome.slm.cli.tshellextension.commands;

import com.ibm.it.rome.common.trace.TraceHandler;
import com.ibm.it.rome.common.util.CliLogger;
import com.ibm.it.rome.slm.access.EncryptionAlgorithm;
import com.ibm.it.rome.slm.access.EncryptionAlgorithmBase;
import com.ibm.it.rome.slm.admin.edi.EdiBundle;
import com.ibm.it.rome.slm.cli.tshell.TShellException;
import com.ibm.it.rome.slm.cli.tshellextension.commands.security.ItlmSecurityBundle;
import com.ibm.it.rome.slm.cli.tshellextension.commands.security.ItlmSecurityException;
import com.ibm.it.rome.slm.cli.tshellextension.util.ITLMServerCLIDefs;
import com.ibm.it.rome.slm.cli.tshellextension.util.ITLMServerCLITools;
import com.ibm.it.rome.slm.system.ProcessLocker;
import com.ibm.it.rome.slm.system.SlmPropertyNames;
import com.ibm.it.rome.slm.system.SlmRoot;
import com.ibm.it.rome.slm.system.SlmSystem;
import com.ibm.log.Level;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.util.Properties;
import java.util.ResourceBundle;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:install/data/ITAMROOT0/4.2.0.0/assembly.dat:com/ibm/it/rome/slm/cli/tshellextension/commands/KeyStoreUpdate.class */
public class KeyStoreUpdate implements ITLMServerCLIDefs {
    static final String COPYRIGHT = "(C) Copyright IBM Corporation 2005. All rights reserved.";
    private static TraceHandler.TraceFeeder trace;
    private static String confDirPath;
    private static int componentId;
    private static ResourceBundle resourceBundle;
    static final String KSTOREUPDATE_SUCCESS = "kstoreupdate.success";
    static final String KSTOREUPDATE_ERROR = "kstoreupdate.error";
    static final String PWD_FILE_NAME = "passwd.properties";
    static final String DOT_OLD = ".old";
    static final String DOT_NEW = ".new";
    static final String KEY_STORE_FILE_NAME = "keys.jks";
    static final String PASSWD_PROPS_HEADER = "###############################################################################\n# Licensed Materials - Property of IBM\n# 5724-D33\n# IBM Tivoli License Manager\n#\n# (C) Copyright IBM Corp. 2002, 2005.  All Rights Reserved.\n#\n# US Government Users Restricted Rights - Use, duplication or\n# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n###############################################################################\n";
    private static final String IBM_JCE_PROVIDER_NAME = "IBMJCE";
    private static final String JCE_TYPE_KEYSTORE = "JCEKS";
    private String encryptedDbPasswd;
    private String decryptedDbPasswd;
    private String encryptedRtmPasswd;
    private String decryptedRtmPasswd;
    private String encryptedTrustPasswd;
    private String decryptedTrustPasswd;
    private static SecretKeySpec newDbKey;
    private static SecretKeySpec newRtmKey;
    private static SecretKeySpec newTrustKey;
    private static String reEncryptedDbPasswd;
    private static String reEncryptedRtmPasswd;
    private static String reEncryptedTrustPasswd;
    private static String keystoreFileName;
    private static String passwdPropertiesFileName;
    private static String keystoreFileNameOld;
    private static String passwdPropertiesFileNameOld;
    private static final String TRUST_PASSWD_LABEL = EncryptionAlgorithmBase.trustStorePasswordKeyLabel;
    private static final String RUNTIME_PASSWD_LABEL = EncryptionAlgorithmBase.runtimePasswordKeyLabel;
    private static final String DB_PASSWD_LABEL = EncryptionAlgorithmBase.dbPasswordKeyLabel;
    private static final String KEY_STORE_PWD = EncryptionAlgorithmBase.getKEY_STORE_PWD();
    private static final String DB_PASSWD_ACCESS_CODE = EncryptionAlgorithmBase.dbPasswordKeyAccessCode;
    private static final String RTM_PASSWD_ACCESS_CODE = EncryptionAlgorithmBase.runtimePasswordKeyAccessCode;
    private static final String TRUST_PASSWD_ACCESS_CODE = EncryptionAlgorithmBase.trustStorePasswordKeyAccessCode;
    private static boolean inited = false;

    public KeyStoreUpdate(int i, String str) {
        if (inited) {
            return;
        }
        componentId = i;
        trace = new TraceHandler.TraceFeeder(getClass());
        resourceBundle = ResourceBundle.getBundle(str);
        confDirPath = SlmRoot.getInstance().getConfFileLocation();
        keystoreFileName = new StringBuffer().append(confDirPath).append(KEY_STORE_FILE_NAME).toString();
        passwdPropertiesFileName = new StringBuffer().append(confDirPath).append("passwd.properties").toString();
        inited = true;
    }

    public int run() {
        trace.entry("run");
        try {
            execute();
            System.out.println(resourceBundle.getString(KSTOREUPDATE_SUCCESS));
            CliLogger.logMessage(Level.INFO, this, "run", KSTOREUPDATE_SUCCESS, null, componentId, confDirPath);
            trace.exit("run");
            return 0;
        } catch (Exception e) {
            trace.jerror("run", e);
            System.out.println(resourceBundle.getString(KSTOREUPDATE_ERROR));
            CliLogger.logMessage(Level.ERROR, this, "run", KSTOREUPDATE_ERROR, null, componentId, confDirPath);
            return 1;
        }
    }

    public void execute() throws Exception {
        trace.entry("execute");
        securityInit();
        decryptPasswords();
        generateNewKeys();
        encryptPasswords();
        storePasswords();
        storeKeys();
        backupFiles();
        try {
            swapFiles();
        } catch (Exception e) {
            rollback();
        }
        trace.exit("execute");
    }

    private void deleteBckpFiles() {
        File file = new File(passwdPropertiesFileNameOld);
        File file2 = new File(keystoreFileNameOld);
        if (file.exists()) {
            file.delete();
        }
        if (file2.exists()) {
            file2.delete();
        }
    }

    private void backupFiles() throws IOException {
        keystoreFileNameOld = new StringBuffer().append(keystoreFileName).append(DOT_OLD).toString();
        passwdPropertiesFileNameOld = new StringBuffer().append(passwdPropertiesFileName).append(DOT_OLD).toString();
        ITLMServerCLITools.makePhysicalCopy(keystoreFileName, keystoreFileNameOld);
        ITLMServerCLITools.makePhysicalCopy(passwdPropertiesFileName, passwdPropertiesFileNameOld);
    }

    private boolean rollback() {
        File file = new File(passwdPropertiesFileName);
        File file2 = new File(keystoreFileName);
        File file3 = new File(new StringBuffer().append(passwdPropertiesFileName).append(DOT_NEW).toString());
        File file4 = new File(new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
        File file5 = new File(passwdPropertiesFileNameOld);
        File file6 = new File(keystoreFileNameOld);
        if (file3.exists()) {
            file3.delete();
        }
        if (file4.exists()) {
            file4.delete();
        }
        if (file.exists()) {
            file.delete();
        }
        if (file2.exists()) {
            file2.delete();
        }
        file5.renameTo(file);
        return file6.renameTo(file2);
    }

    private void swapFiles() throws Exception {
        ProcessLocker.LockId engage = ProcessLocker.engage(confDirPath);
        try {
            File file = new File(passwdPropertiesFileName);
            File file2 = new File(keystoreFileName);
            File file3 = new File(new StringBuffer().append(passwdPropertiesFileName).append(DOT_NEW).toString());
            File file4 = new File(new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
            file.delete();
            file2.delete();
            file3.renameTo(file);
            boolean renameTo = file4.renameTo(file2);
            ProcessLocker.dismiss(engage);
            if (renameTo) {
                EncryptionAlgorithmBase.reloadKeys(componentId);
                deleteBckpFiles();
            }
        } catch (Throwable th) {
            ProcessLocker.dismiss(engage);
            throw th;
        }
    }

    private void storeKeys() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JCEKS", "IBMJCE");
        if (componentId == 0) {
            ITLMServerCLITools.makePhysicalCopy(keystoreFileName, new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
            File file = new File(new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
            FileInputStream fileInputStream = new FileInputStream(file);
            keyStore.load(fileInputStream, KEY_STORE_PWD.toCharArray());
            EncryptionAlgorithmBase.deleteKey(DB_PASSWD_LABEL, keyStore);
            EncryptionAlgorithmBase.addKey(newDbKey, DB_PASSWD_LABEL, keyStore, DB_PASSWD_ACCESS_CODE);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, KEY_STORE_PWD.toCharArray());
            fileOutputStream.close();
            fileInputStream.close();
            return;
        }
        if (componentId == 1) {
            EncryptionAlgorithmBase.generateEmptyKeyStore(new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
            File file2 = new File(new StringBuffer().append(keystoreFileName).append(DOT_NEW).toString());
            FileInputStream fileInputStream2 = new FileInputStream(file2);
            keyStore.load(fileInputStream2, KEY_STORE_PWD.toCharArray());
            fileInputStream2.close();
            EncryptionAlgorithmBase.addKey(newDbKey, DB_PASSWD_LABEL, keyStore, DB_PASSWD_ACCESS_CODE);
            EncryptionAlgorithmBase.addKey(newRtmKey, RUNTIME_PASSWD_LABEL, keyStore, RTM_PASSWD_ACCESS_CODE);
            EncryptionAlgorithmBase.addKey(newTrustKey, TRUST_PASSWD_LABEL, keyStore, TRUST_PASSWD_ACCESS_CODE);
            FileOutputStream fileOutputStream2 = new FileOutputStream(file2);
            keyStore.store(fileOutputStream2, KEY_STORE_PWD.toCharArray());
            fileOutputStream2.close();
        }
    }

    private void storePasswords() throws TShellException {
        Properties properties = new Properties();
        properties.setProperty(DB_PASSWD_LABEL, reEncryptedDbPasswd);
        if (componentId == 1) {
            properties.setProperty(RUNTIME_PASSWD_LABEL, reEncryptedRtmPasswd);
            properties.setProperty(TRUST_PASSWD_LABEL, reEncryptedTrustPasswd);
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(new StringBuffer().append(passwdPropertiesFileName).append(DOT_NEW).toString()), false);
            properties.store(fileOutputStream, PASSWD_PROPS_HEADER);
            fileOutputStream.close();
        } catch (Exception e) {
            EdiBundle.printMessage("edi.InternalError", new Object[]{new StringBuffer().append(passwdPropertiesFileName).append(DOT_NEW).toString()}, Level.ERROR, getClass().getName(), "storePasswords");
            throw new TShellException();
        }
    }

    private void encryptPasswords() throws UnsupportedEncodingException {
        reEncryptedDbPasswd = EncryptionAlgorithmBase.encryptSymmetricWithKey(this.decryptedDbPasswd, DB_PASSWD_LABEL, newDbKey);
        if (componentId == 1) {
            reEncryptedRtmPasswd = EncryptionAlgorithmBase.encryptSymmetricWithKey(this.decryptedRtmPasswd, RUNTIME_PASSWD_LABEL, newRtmKey);
            reEncryptedTrustPasswd = EncryptionAlgorithmBase.encryptSymmetricWithKey(this.decryptedTrustPasswd, TRUST_PASSWD_LABEL, newTrustKey);
        }
    }

    private void generateNewKeys() throws Exception {
        newDbKey = EncryptionAlgorithmBase.generateRandomKeySpec();
        if (componentId == 1) {
            newRtmKey = EncryptionAlgorithmBase.generateRandomKeySpec();
            newTrustKey = EncryptionAlgorithmBase.generateRandomKeySpec();
        }
    }

    private void decryptPasswords() throws TShellException, UnsupportedEncodingException {
        loadPasswdPropertiesFile();
        if (componentId == 0) {
            this.decryptedDbPasswd = EncryptionAlgorithm.symmDecryptAdmDbPasswd(this.encryptedDbPasswd);
        } else if (componentId == 1) {
            this.decryptedDbPasswd = EncryptionAlgorithm.symmDecryptRtmDbPasswd(this.encryptedDbPasswd);
            this.decryptedRtmPasswd = EncryptionAlgorithm.symmDecryptRuntimePasswd(this.encryptedRtmPasswd);
            this.decryptedTrustPasswd = EncryptionAlgorithm.symmDecryptTrustStorePasswd(this.encryptedTrustPasswd);
        }
    }

    private void loadPasswdPropertiesFile() throws TShellException {
        Properties properties = new Properties();
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(passwdPropertiesFileName));
            properties.load(fileInputStream);
            fileInputStream.close();
            this.encryptedDbPasswd = properties.getProperty(EncryptionAlgorithmBase.dbPasswordKeyLabel);
            if (componentId == 1) {
                this.encryptedRtmPasswd = properties.getProperty(EncryptionAlgorithmBase.runtimePasswordKeyLabel);
                this.encryptedTrustPasswd = properties.getProperty(EncryptionAlgorithmBase.trustStorePasswordKeyLabel);
            }
        } catch (Exception e) {
            trace.jerror("loadPasswdPropertiesFile", e);
            EdiBundle.printMessage("edi.InternalError", new Object[]{passwdPropertiesFileName}, Level.ERROR, getClass().getName(), "loadPasswdPropertiesFile");
            throw new TShellException();
        }
    }

    private void securityInit() throws ItlmSecurityException {
        trace.entry("securityInit");
        try {
            EncryptionAlgorithm.init(Boolean.valueOf(SlmSystem.getInstance().getProperty(SlmPropertyNames.FIPS_ENABLED)).booleanValue());
            trace.exit("securityInit");
        } catch (Exception e) {
            ItlmSecurityBundle.printMessage(ItlmSecurityBundle.ERROR_CRYPTO_INITIALIZATION, null, Level.ERROR, getClass().getName(), "securityInit");
            trace.jlog("securityInit", "Error inizializing encryption algorithm....");
            throw new ItlmSecurityException();
        }
    }
}
