package com.ibm.tivoli.netcool.sslmigrate;

import com.ibm.security.pkcs8.EncryptedPrivateKeyInfo;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.tivoli.netcool.sslmigrate.utils.ConsolePrinter;
import com.ibm.tivoli.netcool.sslmigrate.utils.PathFinder;
import com.ibm.tivoli.netcool.sslmigrate.utils.SSLFileReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Map;

/* loaded from: input_file:nco_ssl_migrate-5.11.54-noarch.npm:omnibus/java/jars/nco_ssl_migrate.jar:com/ibm/tivoli/netcool/sslmigrate/CMSKeystoreManager.class */
public class CMSKeystoreManager {
    private static final String KEYSTORE_TYPE = "IBMCMSKS";
    private static final String RSA = "RSA";
    private static final String DSA = "DSA";
    private Map<String, Integer> nextSuffix = new Hashtable();
    private KeyStore keystore = null;
    private boolean loaded = false;
    private char[] password = null;
    private String keystorePath;
    public static final String CN_ATTRIB = "CN=";
    public static final int CN_ATTRIB_LENGTH = CN_ATTRIB.length();
    private static final char ESCAPE = '\\';

    public CMSKeystoreManager() {
        this.keystorePath = null;
        this.keystorePath = PathFinder.getDefaultKdbPath();
    }

    public CMSKeystoreManager(String str) {
        this.keystorePath = null;
        this.keystorePath = str;
    }

    public CMSKeystoreManager(String str, char[] cArr) {
        this.keystorePath = null;
        this.keystorePath = str;
        setPassword(cArr);
    }

    public void load(char[] cArr) throws IOException, FileNotFoundException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        if (this.keystorePath == null) {
            return;
        }
        this.keystore = KeyStore.getInstance(KEYSTORE_TYPE);
        FileInputStream fileInputStream = new FileInputStream(this.keystorePath);
        try {
            this.keystore.load(fileInputStream, cArr);
            fileInputStream.close();
            setPassword(cArr);
            this.loaded = true;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public void importPrivateKeyAndCert(String str, String str2, char[] cArr, boolean z) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateNotYetValidException, CertificateExpiredException, CertificateException, PKCSException, InvalidKeySpecException, CertExistsException {
        importPrivateKeyAndCert(str, str2, str2, cArr, z);
    }

    public void importPrivateKeyAndCert(String str, String str2, String str3, char[] cArr, boolean z) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateNotYetValidException, CertificateExpiredException, CertificateException, PKCSException, InvalidKeySpecException, CertExistsException {
        PrivateKey generatePrivate;
        X509Certificate[] x509CertificateArr = {SSLFileReader.getCertificateFromFile(str2)};
        Global.reporter.debug("LOG_MSG0015", str, x509CertificateArr[0].toString());
        String subjectCommonName = getSubjectCommonName(x509CertificateArr[0], false);
        if (!subjectCommonName.equals(str)) {
            Global.reporter.warn("WARN_SERVER_CN_DIFFER", str, subjectCommonName);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(SSLFileReader.readBase64PrivateKey(str3));
        Global.reporter.debug("LOG_MSG0016", str, encryptedPrivateKeyInfo.toString());
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(encryptedPrivateKeyInfo.decrypt(cArr));
        try {
            generatePrivate = KeyFactory.getInstance(RSA).generatePrivate(pKCS8EncodedKeySpec);
        } catch (InvalidKeySpecException e) {
            generatePrivate = KeyFactory.getInstance(DSA).generatePrivate(pKCS8EncodedKeySpec);
        }
        if (!z) {
            x509CertificateArr[0].checkValidity();
        }
        if (!Global.getPropertyBoolean(Global.FORCE_FLAG_PROPERTY) && this.keystore.containsAlias(str)) {
            if (this.keystore.isKeyEntry(str)) {
                if (!this.keystore.getCertificate(str).equals(x509CertificateArr[0])) {
                    Global.reporter.error("ERR_DIFFERENT_SERVERCERT_EXISTS", str);
                    throw new CertExistsException("ERR_DIFFERENT_SERVERCERT_EXISTS", str);
                }
                try {
                    if (generatePrivate.equals(this.keystore.getKey(str, this.password))) {
                        Global.reporter.info("ERR_SAME_CERTKEY_EXISTS", str);
                        throw new CertExistsException(false, "ERR_SAME_CERTKEY_EXISTS", str);
                    }
                } catch (UnrecoverableKeyException e2) {
                    Global.reporter.error("ERR_NOKEY_SERVERCERT_EXISTS", str);
                    throw new CertExistsException("ERR_NOKEY_SERVERCERT_EXISTS", str);
                }
            } else if (this.keystore.isCertificateEntry(str)) {
                Global.reporter.error("ERR_TRUSTED_CERT_EXISTS", str);
                throw new CertExistsException("ERR_TRUSTED_CERT_EXISTS", str);
            }
        }
        this.keystore.setKeyEntry(str, generatePrivate, this.password, x509CertificateArr);
    }

    public void importCertificate(String str, X509Certificate x509Certificate, boolean z) throws KeyStoreException, CertificateNotYetValidException, CertificateExpiredException {
        if (!z) {
            x509Certificate.checkValidity();
        }
        this.keystore.setCertificateEntry(str, x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String importTrustedCert(X509Certificate x509Certificate, boolean z) throws KeyStoreException, CertificateExpiredException, CertificateNotYetValidException, CertExistsException {
        String subjectCommonName = getSubjectCommonName(x509Certificate, false);
        Global.reporter.debug("LOG_MSG0017", subjectCommonName, x509Certificate.toString());
        ConsolePrinter.printWrapped(Global.getMessage("INFO_IMPORTING_CERT", subjectCommonName) + Global.DOTS, 4);
        String certificateAlias = this.keystore.getCertificateAlias(x509Certificate);
        String nextLabel = getNextLabel(subjectCommonName);
        if (certificateAlias != null) {
            if (!z) {
                throw new CertExistsException(false, "INFO_CERT_ALREADY_EXISTS", certificateAlias);
            }
            nextLabel = certificateAlias;
        }
        importCertificate(nextLabel, x509Certificate, z);
        return nextLabel;
    }

    public static String getSubjectCommonName(X509Certificate x509Certificate, boolean z) {
        String name = x509Certificate.getSubjectX500Principal().getName();
        if (!z) {
            int indexOf = name.indexOf(CN_ATTRIB) + CN_ATTRIB_LENGTH;
            if (indexOf < 0) {
                return name;
            }
            int i = -2;
            if (x509Certificate.getVersion() > 1 && indexOf + 1 < name.length() && name.charAt(indexOf + 1) == '\"') {
                i = findNextUnescaped(name, indexOf + 1, '\"');
                if (i >= 0) {
                    indexOf++;
                }
            }
            if (i < 0) {
                i = findNextUnescaped(name, indexOf, ',');
                if (i < 0) {
                    i = name.length();
                }
            }
            name = name.substring(indexOf, i);
        }
        return unescape(name);
    }

    private static int findNextUnescaped(String str, int i, char c) {
        int i2 = 0;
        while (true) {
            try {
                int codePointAt = str.codePointAt(i2);
                if (codePointAt == ESCAPE) {
                    i2 = str.offsetByCodePoints(i2, 2);
                } else {
                    if (codePointAt == c) {
                        return i2;
                    }
                    i2 = str.offsetByCodePoints(i2, 1);
                }
            } catch (IndexOutOfBoundsException e) {
                return -1;
            }
        }
    }

    private static String unescape(String str) {
        int indexOf = str.indexOf(ESCAPE);
        if (indexOf < 0) {
            return str;
        }
        int length = str.length();
        int i = 0;
        int i2 = 0;
        StringBuffer stringBuffer = new StringBuffer(length);
        while (indexOf >= 0 && i2 < length) {
            stringBuffer.append(str.substring(i, indexOf));
            i = indexOf + 1;
            i2 = i + 1;
            indexOf = str.indexOf(ESCAPE, i2);
        }
        stringBuffer.append(str.substring(i));
        return stringBuffer.toString();
    }

    public String getNextLabel(String str) throws KeyStoreException {
        if (!getKeyStore().containsAlias(str)) {
            this.nextSuffix.put(str, new Integer(1));
            return str;
        }
        Integer num = this.nextSuffix.get(str);
        if (num == null) {
            num = new Integer(1);
        }
        int intValue = num.intValue();
        while (getKeyStore().containsAlias(str + "-" + intValue)) {
            intValue++;
        }
        this.nextSuffix.put(str, new Integer(intValue));
        return str + "-" + intValue;
    }

    public void write() throws FileNotFoundException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.keystorePath);
        try {
            this.keystore.store(fileOutputStream, this.password);
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    void deleteEmptyKeystore() {
        File file = new File(this.keystorePath);
        if (file.length() == 0) {
            file.delete();
        }
    }

    private void setPassword(char[] cArr) {
        if (this.password != null) {
            Arrays.fill(this.password, ' ');
        }
        this.password = new char[cArr.length];
        System.arraycopy(cArr, 0, this.password, 0, cArr.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getKeyStorePath() {
        return this.keystorePath;
    }

    private KeyStore getKeyStore() {
        return this.keystore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoaded() {
        return this.loaded;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean exists() {
        return new File(this.keystorePath).exists();
    }
}
