package com.ibm.ws.ssl.commands.personalCertificates;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.Session;
import com.ibm.websphere.management.cmdframework.CommandException;
import com.ibm.websphere.management.cmdframework.CommandLoadException;
import com.ibm.websphere.management.cmdframework.CommandNotFoundException;
import com.ibm.websphere.management.cmdframework.CommandValidationException;
import com.ibm.websphere.management.cmdframework.commanddata.CommandData;
import com.ibm.websphere.management.cmdframework.commandmetadata.TaskCommandMetadata;
import com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand;
import com.ibm.websphere.management.cmdframework.provider.TaskCommandResultImpl;
import com.ibm.websphere.management.configservice.ConfigService;
import com.ibm.websphere.management.configservice.ConfigServiceHelper;
import com.ibm.websphere.management.exception.ConfigServiceException;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.commands.utils.CommandConstants;
import com.ibm.ws.ssl.commands.utils.CommandHelper;
import com.ibm.ws.ssl.commands.utils.SSLCommandsHelper;
import com.ibm.ws.ssl.commands.utils.TraceNLSHelper;
import com.ibm.ws.ssl.config.WSKeyStoreRemotable;
import com.ibm.ws.ssl.model.KeyStoreInfo;
import com.ibm.wsspi.ssl.WSPKIClient;
import com.ibm.wsspi.ssl.WSPKIException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.ObjectName;

/* loaded from: input_file:wasJars/cryptoimpl.jar:com/ibm/ws/ssl/commands/personalCertificates/RevokeCACertificate.class */
public class RevokeCACertificate extends AbstractTaskCommand {
    private static TraceComponent tc = Tr.register(RevokeCACertificate.class, "SSL", "com.ibm.ws.ssl.commands.personalCertificates");
    private String keyStoreName;
    private String keyStoreScope;
    private String certificateAlias;
    private String reason;
    private String revocationPassword;
    private KeyStoreInfo ksInfo;
    private ObjectName keyStoreObjName;
    private ObjectName certRefObj;
    private ConfigService cs;
    private ObjectName security;
    private Session session;

    public RevokeCACertificate(TaskCommandMetadata taskCommandMetadata) throws CommandNotFoundException {
        super(taskCommandMetadata);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.reason = null;
        this.revocationPassword = null;
        this.ksInfo = null;
        this.keyStoreObjName = null;
        this.certRefObj = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    public RevokeCACertificate(CommandData commandData) throws CommandNotFoundException, CommandLoadException {
        super(commandData);
        this.keyStoreName = null;
        this.keyStoreScope = null;
        this.certificateAlias = null;
        this.reason = null;
        this.revocationPassword = null;
        this.ksInfo = null;
        this.keyStoreObjName = null;
        this.certRefObj = null;
        this.cs = null;
        this.security = null;
        this.session = null;
    }

    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand, com.ibm.websphere.management.cmdframework.provider.AbstractAdminCommand, com.ibm.websphere.management.cmdframework.AdminCommand
    public void validate() throws CommandValidationException {
        ObjectName objectName;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        super.validate();
        try {
            this.cs = SSLCommandsHelper.getConfigService(getName());
            this.session = getConfigSession();
            this.security = SSLCommandsHelper.getSecurityObjectName(this.session, this.cs);
            this.keyStoreName = (String) getParameter(CommandConstants.KEY_STORE_NAME);
            this.keyStoreScope = (String) getParameter(CommandConstants.KEY_STORE_SCOPE);
            this.certificateAlias = (String) getParameter(CommandConstants.CERTIFICATE_ALIAS);
            this.revocationPassword = (String) getParameter(CommandConstants.REVOCATION_PASSWORD);
            this.reason = (String) getParameter(CommandConstants.REVOCATION_REASON);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "keyStoreName=" + this.keyStoreName + " certificateRequestAlias=" + this.certificateAlias + " reason=" + this.reason);
            }
            CommandHelper commandHelper = new CommandHelper();
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultScope();
                Tr.debug(tc, "Default cell scopeName: " + this.keyStoreScope);
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(this.session, this.cs, this.keyStoreName, this.keyStoreScope);
            if (this.keyStoreScope == null) {
                this.keyStoreScope = commandHelper.defaultScope();
            }
            this.ksInfo = PersonalCertificateHelper.getKsInfo(this.session, this.cs, this.keyStoreName, this.keyStoreScope);
            AttributeList attributeList = new AttributeList();
            ConfigServiceHelper.setAttributeValue(attributeList, CommandConstants.NAME, this.keyStoreName);
            this.keyStoreObjName = commandHelper.getObjectName(this.cs, this.session, this.security, CommandConstants.KEY_STORES, attributeList, this.keyStoreScope);
            attributeList.clear();
            try {
                this.certRefObj = PersonalCertificateHelper.getCertificateObj(this.session, this.cs, this.security, this.certificateAlias, this.ksInfo);
                if (this.certRefObj != null && ((objectName = (ObjectName) this.cs.getAttribute(this.session, this.certRefObj, CommandConstants.KEY_STORE)) == null || !objectName.equals(this.keyStoreObjName))) {
                    this.certRefObj = null;
                }
                if (this.certRefObj == null) {
                    throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.object.CWPKI0688E", new Object[]{this.certificateAlias}, "The alias " + this.certificateAlias + " is not recognized as a certificate authority (CA) certificate."));
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "validate");
                }
            } catch (CommandValidationException e) {
                throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.object.CWPKI0688E", new Object[]{this.certificateAlias}, "The alias " + this.certificateAlias + " is not recognized as a certificate authority (CA) certificate."));
            }
        } catch (ConfigServiceException e2) {
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error getting configuration: ", e2.getMessage());
            }
            throw new CommandValidationException(e2.getMessage());
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.ssl.commands.RequestCACertificate.validate", "%c%", this);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error processing parameters: ", e3.getMessage());
            }
            throw new CommandValidationException(e3.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.websphere.management.cmdframework.provider.AbstractTaskCommand
    public void afterStepsExecuted() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "afterStepsExecuted");
        }
        super.afterStepsExecuted();
        TaskCommandResultImpl taskCommandResultImpl = (TaskCommandResultImpl) getTaskCommandResult();
        if (!taskCommandResultImpl.isSuccessful()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "afterStepsExecuted");
                return;
            }
            return;
        }
        try {
            caCertificateRevoke(this.session, this.cs, this.certificateAlias, this.ksInfo, this.revocationPassword, this.reason, (ObjectName) this.cs.getAttribute(this.session, this.certRefObj, "caClient"));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.RequestCACertificate.afterStepsExecuted", "%c%", this);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "Error revoking certificate: ", e.getMessage());
            }
            taskCommandResultImpl.setException(new CommandException(e, e.getMessage()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "afterStepsExecuted");
        }
    }

    public void caCertificateRevoke(Session session, ConfigService configService, String str, KeyStoreInfo keyStoreInfo, String str2, String str3, ObjectName objectName) throws Exception {
        WSKeyStoreRemotable wSKeyStoreRemotable = new WSKeyStoreRemotable(keyStoreInfo);
        if (!((Boolean) wSKeyStoreRemotable.invokeKeyStoreCommand("containsAlias", new Object[]{str})[0]).booleanValue()) {
            throw new CommandValidationException(TraceNLSHelper.getInstance().getFormattedMessage("ssl.command.no.cert.CWPKI0689E", new Object[]{str}, "Certificate \"" + str + "\" does not exist.  Unable to revoke the certificate"));
        }
        X509Certificate x509Certificate = (X509Certificate) wSKeyStoreRemotable.invokeKeyStoreCommand("getCertificate", new Object[]{str})[0];
        String str4 = (String) configService.getAttribute(session, objectName, CommandConstants.CACLIENT_IMPL_CLASS);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Implentation class is " + str4);
        }
        HashMap customAttrs = getCustomAttrs(configService, session, objectName, str, keyStoreInfo);
        try {
            WSPKIClient wSPKIClient = (WSPKIClient) Class.forName(str4).newInstance();
            if (wSPKIClient == null) {
                try {
                    wSPKIClient = (WSPKIClient) Class.forName(str4, true, ExtClassLoader.getInstance()).newInstance();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.ssl.commands.personalCertificates.revokeCertificate", "274", this);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception getting WSPKIClient implementation with ExtClassLoader.", new Object[]{e});
                    }
                    throw e;
                }
            }
            try {
                wSPKIClient.init(customAttrs);
                wSPKIClient.revokeCertificate(new X509Certificate[]{x509Certificate}, str2.getBytes(), str3, customAttrs);
                AttributeList attributes = configService.getAttributes(session, this.certRefObj, null, true);
                ConfigServiceHelper.setAttributeValue(attributes, CommandConstants.CACERTIFICATE_STATUS, "REVOKED");
                configService.setAttributes(session, this.certRefObj, attributes);
            } catch (WSPKIException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.ssl.commands.personalCertificates.revokeCertificate", "289", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception calling WSPKIClient implementation.", new Object[]{e2});
                }
                throw e2;
            }
        } catch (Exception e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.ssl.commands.personalCertificates.revokeCertificate.caCertificateRevoke", "256", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting WSPKIClient implementation.", new Object[]{e3});
            }
            throw e3;
        }
    }

    private HashMap getCustomAttrs(ConfigService configService, Session session, ObjectName objectName, String str, KeyStoreInfo keyStoreInfo) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCustomAttrs");
        }
        HashMap hashMap = new HashMap();
        String str2 = (String) configService.getAttribute(session, objectName, CommandConstants.HOST);
        if (str2 != null) {
            hashMap.put("CAHostname", str2);
        }
        Integer num = (Integer) configService.getAttribute(session, objectName, CommandConstants.PORT);
        if (num != null) {
            hashMap.put("CAPort", num);
        }
        String str3 = (String) configService.getAttribute(session, objectName, CommandConstants.CACLIENT_USERID);
        if (str3 != null) {
            hashMap.put("AuthenticationID", str3);
        }
        String str4 = (String) configService.getAttribute(session, objectName, CommandConstants.PASSWORD);
        if (str4 != null) {
            hashMap.put("AuthenticationPWD", str4.getBytes());
        }
        if (str != null) {
            hashMap.put("CertificateAlias", str);
        }
        if (keyStoreInfo.getName() != null) {
            hashMap.put("KeyStoreAlias", keyStoreInfo.getName());
        }
        if (keyStoreInfo.getLocation() != null) {
            hashMap.put("KeyStore", keyStoreInfo.getLocation());
        }
        if (keyStoreInfo.getType() != null) {
            hashMap.put("KeyStoreType", keyStoreInfo.getType());
        }
        if (keyStoreInfo.getPassword() != null) {
            hashMap.put("KeyStorePassword", keyStoreInfo.getPassword().getBytes());
        }
        AttributeList attributes = configService.getAttributes(session, objectName, new String[]{"properties"}, false);
        if (attributes != null) {
            for (ObjectName objectName2 : (List) ((Attribute) attributes.get(0)).getValue()) {
                String str5 = (String) configService.getAttribute(session, objectName2, "name");
                String str6 = (String) configService.getAttribute(session, objectName2, "value");
                if (str5 != null && str6 != null) {
                    hashMap.put(str5, str6);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCustomAttrs");
        }
        return hashMap;
    }
}
