package com.ibm.ws.ssl.commands.keyStores;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.security.cmskeystore.CMSLoadStoreParameterFactory;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.InvalidParameterValueException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.configservice.ConfigDataId;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceFactory;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.websphere.models.config.ipc.ssl.KeyStore;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sm.workspace.WorkSpaceManagerFactory;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.commands.ManagementScope.ManagementScopeHelper;
import com.ibm.ws.ssl.commands.personalCertificates.PersonalCertificateHelper;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.ssl.config.SSLConfigManager;
import com.ibm.ws.ssl.config.WSKeyStoreHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.CertReqInfo;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.ws.util.PlatformHelperFactory;
import java.io.File;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import javax.management.AttributeList;
import javax.management.ObjectName;
import org.eclipse.osgi.framework.internal.core.Constants;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/commands/keyStores/CreateCMSKeyStore.class */
public class CreateCMSKeyStore extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register(CreateCMSKeyStore.class, "SSL", "com.ibm.ws.ssl.commands.keyStores");
    private String cmsKeyStoreURI;
    private String pluginHostName;
    private String keyStoreName;
    private String keyStoreLocation;
    private String workspaceKeyStoreLocation;
    private String nodeName;
    private String cellName;
    private String serverName;
    private String scopeName;
    private String rootAlias;
    private ObjectName mgmScopeObjName;
    private boolean createMgmScope;
    private KeyStoreInfo rootKsInfo;
    private String rootKeyStoreName;
    private KeyStoreInfo signersKsInfo;
    private String defaultSignersKeyStoreName;
    private String vmName;

    public CreateCMSKeyStore(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.cmsKeyStoreURI = null;
        this.pluginHostName = null;
        this.keyStoreName = null;
        this.keyStoreLocation = null;
        this.workspaceKeyStoreLocation = null;
        this.nodeName = null;
        this.cellName = null;
        this.serverName = null;
        this.scopeName = null;
        this.rootAlias = null;
        this.mgmScopeObjName = null;
        this.createMgmScope = false;
        this.rootKsInfo = null;
        this.rootKeyStoreName = null;
        this.signersKsInfo = null;
        this.defaultSignersKeyStoreName = null;
        this.vmName = System.getProperty(Constants.JVM_VM_NAME);
    }

    public CreateCMSKeyStore(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.cmsKeyStoreURI = null;
        this.pluginHostName = null;
        this.keyStoreName = null;
        this.keyStoreLocation = null;
        this.workspaceKeyStoreLocation = null;
        this.nodeName = null;
        this.cellName = null;
        this.serverName = null;
        this.scopeName = null;
        this.rootAlias = null;
        this.mgmScopeObjName = null;
        this.createMgmScope = false;
        this.rootKsInfo = null;
        this.rootKeyStoreName = null;
        this.signersKsInfo = null;
        this.defaultSignersKeyStoreName = null;
        this.vmName = System.getProperty(Constants.JVM_VM_NAME);
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        ConfigService configService = ConfigServiceFactory.getConfigService();
        Session configSession = getConfigSession();
        ObjectName objectName = null;
        try {
            ObjectName createObjectName = ConfigServiceHelper.createObjectName((ConfigDataId) null, "Security");
            ObjectName objectName2 = configService.resolve(configSession, "Cell=")[0];
            if (objectName2 != null) {
                objectName = configService.queryConfigObjects(configSession, objectName2, createObjectName, null)[0];
            }
            this.cmsKeyStoreURI = (String) getParameter(CommandConstants.CMS_KEY_STORE_URI);
            this.pluginHostName = (String) getParameter(CommandConstants.PLUGIN_HOSTNAME);
            String path = WorkSpaceManagerFactory.getManager().getWorkSpace(configSession.toString()).getPath();
            this.keyStoreLocation = fixupLocationWithRepositoryRoot("${CONFIG_ROOT}", this.cmsKeyStoreURI);
            this.workspaceKeyStoreLocation = fixupLocationWithRepositoryRoot(path, this.cmsKeyStoreURI);
            this.scopeName = getScopeFromURI(this.keyStoreLocation, "server");
            this.keyStoreName = "CMSKeyStore";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cmsKeyStoreURI=" + this.cmsKeyStoreURI + " pluginHostName=" + this.pluginHostName + " keyStoreName=" + this.keyStoreName + " keyStoreLocation=" + this.keyStoreLocation + " scope=" + this.scopeName);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.scopeName == null) {
                this.scopeName = commandHelper.defaultCellScope(objectName2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Default cell scopeName: " + this.scopeName);
                }
            } else if (!ManagementScopeHelper.validScopeName(configSession, configService, this.scopeName)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Not a valid management scope name: " + this.scopeName);
                }
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.scope.not.valid.CWPKI0604E", new Object[]{this.scopeName}, "The following Management scope is not valid: " + this.scopeName));
            }
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, this.keyStoreName);
            if (commandHelper.exists(configService, configSession, objectName, CommandConstants.KEY_STORES, attributeList, this.scopeName)) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.object.already.exists.CWPKI0601E", new Object[]{this.keyStoreName, this.scopeName}, this.keyStoreName + " in the management scope " + this.scopeName + " already exists."));
            }
            attributeList.clear();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.SCOPE_NAME, this.scopeName);
            if (commandHelper.exists(configService, configSession, objectName, CommandConstants.MANAGEMENT_SCOPES, attributeList, null)) {
                this.mgmScopeObjName = commandHelper.getObjectName(configService, configSession, objectName, CommandConstants.MANAGEMENT_SCOPES, attributeList, (String) null);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "mgmScopeObjName: " + this.mgmScopeObjName);
                }
            } else {
                this.createMgmScope = true;
            }
            if (commandHelper.isDmgrNode(configSession, configService)) {
                this.rootKeyStoreName = "DmgrDefaultRootStore";
                this.defaultSignersKeyStoreName = "DmgrDefaultSignersStore";
            } else {
                this.rootKeyStoreName = "NodeDefaultRootStore";
                this.defaultSignersKeyStoreName = "NodeDefaultSignersStore";
            }
            String scopeForNodeKeyStore = commandHelper.getScopeForNodeKeyStore(configSession, configService, this.rootKeyStoreName);
            this.rootKsInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.rootKeyStoreName, scopeForNodeKeyStore);
            this.rootAlias = (String) PersonalCertificateHelper.getCustomProperty(configService, configSession, objectName, com.ibm.ws.ssl.core.Constants.SSLPROP_ROOT_CERT_ALIAS);
            this.signersKsInfo = PersonalCertificateHelper.getKsInfo(configSession, configService, this.defaultSignersKeyStoreName, scopeForNodeKeyStore);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate");
            }
        } catch (ConfigServiceException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ConfigService exception is" + e.getMessage());
            }
            throw new CommandValidationException(e, e.getMessage());
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception is " + e2.getMessage());
            }
            throw new CommandValidationException(e2, e2.getMessage());
        }
    }

    private String getNodeURIFromPath(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCellURIFromPath", new Object[]{str});
        }
        int indexOf = str.indexOf("nodes/");
        String substring = indexOf != -1 ? str.substring(indexOf) : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCellURIFromPath");
        }
        return substring;
    }

    private String changeToStashURIPath(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "changeToStashURIPath", new Object[]{str});
        }
        int lastIndexOf = str.lastIndexOf(".");
        String str2 = lastIndexOf != -1 ? str.substring(0, lastIndexOf) + ".sth" : str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "changeToStashURIPath -> " + str2);
        }
        return str2;
    }

    private String getScopeFromURI(String str, String str2) throws CommandValidationException {
        String replace = str.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getScopeFromURI", new Object[]{replace});
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            int indexOf = replace.indexOf("/cells/") + "/cells/".length();
            int indexOf2 = replace.indexOf("/nodes/");
            int indexOf3 = replace.indexOf("/servers/");
            this.cellName = replace.substring(indexOf, indexOf2);
            this.nodeName = replace.substring(indexOf2 + "/nodes/".length(), indexOf3);
            this.serverName = replace.substring(indexOf3 + "/servers/".length(), replace.lastIndexOf("/"));
            if (str2.equals("cell") || str2.equals("node") || str2.equals("server")) {
                stringBuffer.append("(cell):");
                stringBuffer.append(this.cellName);
            }
            if (str2.equals("node") || str2.equals("server")) {
                stringBuffer.append(":(node):");
                stringBuffer.append(this.nodeName);
            }
            if (str2.equals("server")) {
                stringBuffer.append(":(server):");
                stringBuffer.append(this.serverName);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getScopeFromURI -> " + stringBuffer.toString());
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getScopeFromURI exception is" + e.getMessage());
            }
            InvalidParameterValueException invalidParameterValueException = new InvalidParameterValueException(getName(), "cmsKeyStoreURI", replace);
            throw new CommandValidationException(invalidParameterValueException, invalidParameterValueException.getMessage() + ".  Please put the KeyStore under <USER.INSTALL.ROOT>/config/cells/<cell_name>/nodes/<node_name>/servers/<server_name>");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:68:0x0432  */
    /* JADX WARN: Removed duplicated region for block: B:70:? A[RETURN, SYNTHETIC] */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void afterStepsExecuted() {
        /*
            Method dump skipped, instructions count: 1083
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.ssl.commands.keyStores.CreateCMSKeyStore.afterStepsExecuted():void");
    }

    private static String fixupLocationWithRepositoryRoot(String str, String str2) {
        String replace = str2.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "fixupLocationWithRepositoryRoot", new Object[]{str, replace});
        }
        int indexOf = replace.indexOf("/cells/");
        String str3 = replace;
        if (indexOf != -1) {
            str3 = str + replace.substring(indexOf);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "fixupLocationWithRepositoryRoot -> " + str3);
        }
        return str3;
    }

    public void checkIfCMSKeyStoreExistsAndCreateIfNot(KeyStore keyStore, KeyStore keyStore2, KeyStoreInfo keyStoreInfo, String str, KeyStore keyStore3, String str2) throws SSLException {
        String str3;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkIfCMSKeyStoreExistsAndCreateIfNot", new Object[]{keyStore3.getLocation(), str2});
        }
        try {
            Session configSession = getConfigSession();
            JSSEProviderFactory.initializeIBMCMSProvider();
            String configRoot = KeyStoreManager.getConfigRoot();
            if (this.rootAlias == null) {
                this.rootAlias = "root";
            }
            String expand = configRoot != null ? configRoot : KeyStoreManager.getInstance().expand("${CONFIG_ROOT}");
            boolean z = false;
            String fixupLocationWithRepositoryRoot = fixupLocationWithRepositoryRoot(expand, keyStore3.getLocation());
            java.security.KeyStore keyStore4 = null;
            KeyStore.LoadStoreParameter loadStoreParameter = null;
            File file = new File(fixupLocationWithRepositoryRoot);
            File file2 = new File(str);
            if (file.exists()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkIfCMSKeyStoreExistsAndCreateIfNot -> (exists)");
                    return;
                }
                return;
            }
            if (keyStore3 == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "checkIfCMSKeyStoreExistsAndCreateIfNot -> (exists)");
                }
                throw new SSLException("WCCM KeyStore object for CMS keystore is null.");
            }
            boolean isReadOnly = keyStore != null ? keyStore.isReadOnly() : false;
            if (keyStore != null && !isReadOnly) {
                boolean isFileBased = keyStore.isFileBased();
                String location = keyStore.getLocation();
                String type = keyStore.getType();
                String provider = keyStore.getProvider();
                String password = keyStore.getPassword();
                String scopeName = keyStore.getManagementScope().getScopeName();
                String name = keyStore.getName();
                if (name != null && name.endsWith(com.ibm.ws.ssl.core.Constants.DEFAULT_KEY_STORE) && isFileBased) {
                    String expand2 = KeyStoreManager.getInstance().expand(fixupLocationWithRepositoryRoot(expand, location));
                    if (!new File(expand2).exists()) {
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "checkIfKeyStoreExistsAndCreateIfNot -> (does not exist)");
                        }
                        throw new SSLException("Cannot find Node's DefaultKeyStore named " + name + " at location " + expand2);
                    }
                }
                java.security.KeyStore keyStore5 = KeyStoreManager.getInstance().getKeyStore(null, type, provider, str, password, scopeName, false, null);
                String str4 = (PlatformHelperFactory.getPlatformHelper().isOS400() && this.vmName.equals("Classic VM")) ? com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_CMS_OS400 : com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_CMS;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Extracting certificate from default KeyStore to use in CMS store.");
                }
                String globalProperty = SSLConfigManager.getInstance().getGlobalProperty(com.ibm.ws.ssl.core.Constants.SSLPROP_DEFAULT_CERTREQ_ALIAS, "default");
                Key key = keyStore5.getKey(globalProperty, password.toCharArray());
                Certificate[] certificateChain = keyStore5.getCertificateChain(globalProperty);
                if (key != null && certificateChain != null) {
                    keyStore4 = java.security.KeyStore.getInstance(str4, keyStore3.getProvider());
                    keyStore4.load(null, keyStore3.getPassword().toCharArray());
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Removing CMS default signers from keystore");
                    }
                    Enumeration<String> aliases = keyStore4.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (keyStore4.isCertificateEntry(nextElement)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Removing signer with alias " + nextElement + " from key store " + fixupLocationWithRepositoryRoot + ".");
                            }
                            keyStore4.deleteEntry(nextElement);
                        }
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding WAS default signers to CMS keystore");
                    }
                    HashMap<String, X509Certificate> defaultSigners = KeyStoreHelper.getDefaultSigners(configSession, this.signersKsInfo);
                    if (defaultSigners.size() > 0 && !isReadOnly) {
                        for (String str5 : defaultSigners.keySet()) {
                            X509Certificate x509Certificate = defaultSigners.get(str5);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Adding signer with alias " + str5 + " to key store " + fixupLocationWithRepositoryRoot + ".");
                            }
                            keyStore4.setCertificateEntry(str5, x509Certificate);
                        }
                    }
                    if (keyStore4 != null) {
                        keyStore4.setKeyEntry(globalProperty, key, keyStore3.getPassword().toCharArray(), certificateChain);
                        z = true;
                    }
                    if (!keyStore2.isReadOnly() && certificateChain.length > 1) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Add new signer certificate to trust store: " + keyStore2.getName());
                        }
                        new WSKeyStoreRemotable(keyStoreInfo).invokeKeyStoreCommand("setCertificateEntry", new Object[]{globalProperty, certificateChain[certificateChain.length - 1]});
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust store is read only, unable to add new signer certificate to trust store: " + keyStore2.getName());
                    }
                }
            }
            if (!z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Default keystore is not found in repository, creating a new certificate for CMS store.");
                }
                KeyStoreInfo keyStoreInfo2 = new KeyStoreInfo(keyStore3.getName(), str, keyStore3.getPassword(), keyStore3.getProvider(), keyStore3.getType(), Boolean.TRUE, null, keyStore3.getManagementScope().getScopeName(), null, Boolean.FALSE, Boolean.TRUE, new Boolean(keyStore3.isCreateStashFileForCMS()), null, new Integer(0), Boolean.FALSE, null, keyStore3.getDescription());
                String globalProperty2 = SSLConfigManager.getInstance().getGlobalProperty(com.ibm.ws.ssl.core.Constants.SSLPROP_DEFAULT_CERTREQ_KEYSIZE, "1024");
                String globalProperty3 = SSLConfigManager.getInstance().getGlobalProperty(com.ibm.ws.ssl.core.Constants.SSLPROP_DEFAULT_CERTREQ_SUBJECTDN, "cn=${hostname},o=IBM,c=US");
                KeyStoreManager.getInstance();
                String expandHostNameVariable = KeyStoreManager.expandHostNameVariable(globalProperty3, str2);
                String globalProperty4 = SSLConfigManager.getInstance().getGlobalProperty(com.ibm.ws.ssl.core.Constants.SSLPROP_DEFAULT_CERTREQ_DAYS, "5475");
                int intValue = new Integer(globalProperty2).intValue();
                int intValue2 = new Integer(globalProperty4).intValue();
                String globalProperty5 = SSLConfigManager.getInstance().getGlobalProperty(com.ibm.ws.ssl.core.Constants.SSLPROP_DEFAULT_CERTREQ_ALIAS, "default");
                CertReqInfo certReqInfo = new CertReqInfo(globalProperty5, intValue, expandHostNameVariable, intValue2, keyStoreInfo2, null);
                WSKeyStoreHelper wSKeyStoreHelper = this.rootKsInfo != null ? new WSKeyStoreHelper(this.rootKsInfo) : null;
                X509Certificate chainedCertificateCreate = (wSKeyStoreHelper != null && wSKeyStoreHelper.containsAlias(this.rootAlias) && wSKeyStoreHelper.isCertKeyEntry(this.rootAlias)) ? PersonalCertificateHelper.chainedCertificateCreate(certReqInfo, this.rootAlias, this.rootKsInfo, configSession) : PersonalCertificateHelper.personalCertificateCreate(certReqInfo, configSession);
                if (this.signersKsInfo != null) {
                    KeyStoreHelper.addDefaultSigners(configSession, keyStoreInfo2, this.signersKsInfo);
                }
                if (keyStoreInfo != null) {
                    WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
                    Object[] invokeKeyStoreCommand = wSKeyStoreRemotable.invokeKeyStoreCommand("listSignerCertificates", null);
                    WSKeyStoreRemotable wSKeyStoreRemotable2 = new WSKeyStoreRemotable(keyStoreInfo2);
                    HashMap hashMap = (HashMap) invokeKeyStoreCommand[0];
                    for (String str6 : hashMap.keySet()) {
                        X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(str6);
                        if (x509Certificate2 != null) {
                            wSKeyStoreRemotable2.invokeKeyStoreCommand("setCertificateEntry", new Object[]{str6, x509Certificate2});
                        }
                    }
                    if (!keyStore2.isReadOnly() && chainedCertificateCreate != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Add new signer certificate to trust store: " + keyStore2.getName());
                        }
                        wSKeyStoreRemotable.invokeKeyStoreCommand("setCertificateEntry", new Object[]{globalProperty5, chainedCertificateCreate});
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust store is read only, unable to add new signer certificate to trust store: " + keyStore2.getName());
                    }
                }
            }
            if (keyStore4 != null) {
                if (keyStore2 != null) {
                    boolean isFileBased2 = keyStore2.isFileBased();
                    String location2 = keyStore2.getLocation();
                    String type2 = keyStore2.getType();
                    String provider2 = keyStore2.getProvider();
                    String password2 = keyStore2.getPassword();
                    String scopeName2 = keyStore2.getManagementScope().getScopeName();
                    String name2 = keyStore2.getName();
                    boolean isReadOnly2 = keyStore2.isReadOnly();
                    File file3 = null;
                    if (name2 != null && name2.endsWith(com.ibm.ws.ssl.core.Constants.DEFAULT_TRUST_STORE) && isFileBased2) {
                        location2 = fixupLocationWithRepositoryRoot(expand, location2);
                        file3 = new File(location2);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Trust store passed in is not default or file-based, not adding signers to CMS store.");
                    }
                    if ((file3 != null && file3.exists()) || isReadOnly2) {
                        java.security.KeyStore keyStore6 = KeyStoreManager.getInstance().getKeyStore(null, type2, provider2, location2, password2, scopeName2, false, null);
                        if (keyStore6 != null) {
                            Enumeration<String> aliases2 = keyStore6.aliases();
                            while (aliases2.hasMoreElements()) {
                                String nextElement2 = aliases2.nextElement();
                                if (keyStore6.isCertificateEntry(nextElement2)) {
                                    X509Certificate x509Certificate3 = (X509Certificate) keyStore6.getCertificate(nextElement2);
                                    boolean checkIfSignerAlreadyExistsInTrustStore = KeyStoreManager.getInstance().checkIfSignerAlreadyExistsInTrustStore(x509Certificate3, keyStore4);
                                    if (!checkIfSignerAlreadyExistsInTrustStore && !keyStore4.containsAlias(nextElement2)) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Adding alias \"" + nextElement2 + "\" to CMS keystore.");
                                        }
                                        keyStore4.setCertificateEntry(nextElement2, x509Certificate3);
                                        z = true;
                                    } else if (!checkIfSignerAlreadyExistsInTrustStore) {
                                        int i = 1;
                                        do {
                                            int i2 = i;
                                            i++;
                                            str3 = nextElement2 + "_" + i2;
                                        } while (keyStore4.containsAlias(str3));
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "Adding alias \"" + str3 + "\" to CMS keystore.");
                                        }
                                        if (!keyStore4.containsAlias(str3)) {
                                            keyStore4.setCertificateEntry(str3, x509Certificate3);
                                            z = true;
                                        }
                                    }
                                }
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Could not load Java KeyStore from repository.  Not adding signers to CMS store.");
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Cannot find the default trust store on the file system.  Not adding signers to CMS store.");
                    }
                }
                if (z) {
                    if (PlatformHelperFactory.getPlatformHelper().isOS400() && this.vmName.equals("Classic VM")) {
                        try {
                            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                            loadStoreParameter = (KeyStore.LoadStoreParameter) (contextClassLoader != null ? contextClassLoader.loadClass("com.ibm.i5os.keystore.i5OSLoadStoreParameter") : Class.forName("com.ibm.i5os.keystore.i5OSLoadStoreParameter")).getConstructor(File.class, KeyStore.PasswordProtection.class).newInstance(file2, new KeyStore.PasswordProtection(keyStore3.getPassword().toCharArray()));
                        } catch (Exception e) {
                            FFDCFilter.processException(e, "com.ibm.ws.ssl.config.KeyStoreManager.checkIfKeyStoreExistsAndCreateIfNot", "934", this, new Object[]{e});
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Could not load iSeries LoadStoreParameter to store the CMS keystore.", new Object[]{e});
                            }
                            throw new SSLException(e.getMessage(), e);
                        }
                    } else if (keyStore3.getType().equals(com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_CMS) && keyStore3.isCreateStashFileForCMS()) {
                        loadStoreParameter = CMSLoadStoreParameterFactory.newCMSStoreParameter(file2, new KeyStore.PasswordProtection(keyStore3.getPassword().toCharArray()), true);
                    } else if (keyStore3.getType().equals(com.ibm.ws.ssl.core.Constants.KEYSTORE_TYPE_CMS)) {
                        loadStoreParameter = CMSLoadStoreParameterFactory.newCMSStoreParameter(file2, new KeyStore.PasswordProtection(keyStore3.getPassword().toCharArray()), false);
                    }
                    if (loadStoreParameter != null) {
                        keyStore4.store(loadStoreParameter);
                    } else {
                        FileOutputStream fileOutputStream = new FileOutputStream(str);
                        keyStore4.store(fileOutputStream, keyStore3.getPassword().toCharArray());
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                    }
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkIfKeyStoreExistsAndCreateIfNot (success)");
            }
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.ssl.config.KeyStoreManager.checkIfKeyStoreExistsAndCreateIfNot", "962", this, new Object[]{e2});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception creating CMS keystore.", new Object[]{e2});
            }
            if (!(e2 instanceof SSLException)) {
                throw new SSLException(e2.getMessage(), e2);
            }
            throw ((SSLException) e2);
        }
    }

    private String getNameFromURI(String str, String str2) throws CommandValidationException {
        String replace = str.replace('\\', '/');
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNameFromURI", new Object[]{replace});
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            int indexOf = replace.indexOf("/cells/") + "/cells/".length();
            int indexOf2 = replace.indexOf("/nodes/");
            int indexOf3 = replace.indexOf("/servers/");
            this.cellName = replace.substring(indexOf, indexOf2);
            this.nodeName = replace.substring(indexOf2 + "/nodes/".length(), indexOf3);
            this.serverName = replace.substring(indexOf3 + "/servers/".length(), replace.lastIndexOf("/"));
            if (str2.equals("cell")) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getNameFromURI -> " + this.cellName);
                }
                return this.cellName;
            }
            if (str2.equals("node")) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getNameFromURI -> " + this.nodeName);
                }
                return this.nodeName;
            }
            if (str2.equals("server")) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getNameFromURI -> " + this.serverName);
                }
                return this.serverName;
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getScopeFromURI -> " + stringBuffer.toString());
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getNameFromURI exception is" + e.getMessage());
            }
            InvalidParameterValueException invalidParameterValueException = new InvalidParameterValueException(getName(), "getNameFromURI", replace);
            throw new CommandValidationException(invalidParameterValueException, invalidParameterValueException.getMessage() + ".  Please put the KeyStore under <USER.INSTALL.ROOT>/config/cells/<cell_name>/nodes/<node_name>/servers/<server_name>");
        }
    }
}
