package com.ibm.mq.ese.pki;

import com.ibm.disthub2.impl.client.BaseConfig;
import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.core.SecurityProvider;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.regex.Pattern;

/* loaded from: input_file:com/ibm/mq/ese/pki/KeyStoreAccessJCERACFKSImpl.class */
public class KeyStoreAccessJCERACFKSImpl extends AbstractKeyStoreAccess implements Lifecycle {
    public static final String sccsid = "@(#) MQMBID sn=p930-011-230929 su=_zeu1816cEe61NJUItrVmPw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/KeyStoreAccessJCERACFKSImpl.java";
    static final int KS_SECONDARY = 1;
    private static final Pattern URI_SPLIT_PATTERN;
    private static final Pattern SLASH_SPLIT_PATTERN;
    protected String keyRingName;
    protected String keyRingUser;

    public KeyStoreAccessJCERACFKSImpl(KeyStoreConfig keyStoreConfig) {
        super(keyStoreConfig);
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "<init>(KeyStoreConfig)", new Object[]{keyStoreConfig});
        }
        if (this.keyStoreProvider == null || this.keyStoreProvider.equals(SecurityProvider.Provider.IBMJCE) || this.keyStoreProvider.equals(SecurityProvider.Provider.IBMJCEFIPS) || !this.keyStoreProvider.equals(SecurityProvider.Provider.IBMJCEPlusFIPS)) {
        }
        this.keyStoreProvider = SecurityProvider.Provider.IBMJCE;
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "<init>(KeyStoreConfig)");
        }
    }

    public KeyStoreAccessJCERACFKSImpl(KeyStoreConfig keyStoreConfig, int i) {
        this(keyStoreConfig);
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "<init>(KeyStoreConfig,int)", new Object[]{keyStoreConfig, Integer.valueOf(i)});
        }
        if (i == 1) {
            this.keyStoreType = KeyStoreConfig.KeystoreType.KEYSTORE_JCERACFKS;
            this.keyStoreFile = keyStoreConfig.getSecondaryKeyStorePath();
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "<init>(KeyStoreConfig,int)");
        }
    }

    private AMBIException getInitFailedEx(Exception exc) {
        HashMap hashMap = new HashMap();
        hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
        return new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap, exc);
    }

    private Constructor<?> getRACFInputStreamConstructor() throws AMBIException {
        try {
            Constructor<?> declaredConstructor = Class.forName("com.ibm.crypto.provider.RACFInputStream").getDeclaredConstructor(String.class, String.class, char[].class);
            declaredConstructor.setAccessible(true);
            return declaredConstructor;
        } catch (Exception e) {
            AMBIException initFailedEx = getInitFailedEx(e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "getRACFInputStreamConstructor()", initFailedEx, 1);
            }
            throw initFailedEx;
        }
    }

    public static String[] parseRacfKeystoreName(String str) {
        String[] split = (str == null || str.length() <= 0) ? new String[0] : URI_SPLIT_PATTERN.split(str, 3);
        return (split.length == 2 && split[0].equalsIgnoreCase("safkeyring")) ? SLASH_SPLIT_PATTERN.split(split[1], 3) : new String[0];
    }

    private String[] parseUserKeyring() throws AMBIException {
        String[] parseRacfKeystoreName = parseRacfKeystoreName(this.keyStoreFile);
        if (parseRacfKeystoreName.length == 2 && parseRacfKeystoreName[1].length() != 0) {
            return parseRacfKeystoreName;
        }
        AMBIException initFailedEx = getInitFailedEx(new Exception("Keystore name incorrect format"));
        if (Trace.isOn) {
            Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "parseUserKeyring()", initFailedEx, 1);
        }
        throw initFailedEx;
    }

    protected void openKeyStore() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()");
        }
        if (this.ks == null) {
            try {
                this.ks = KeyStore.getInstance(this.keyStoreType, SecurityProvider.Provider.IBMJCE);
                String[] parseUserKeyring = parseUserKeyring();
                this.keyRingUser = parseUserKeyring[0];
                this.keyRingName = parseUserKeyring[1];
                InputStream inputStream = null;
                try {
                    inputStream = (InputStream) getRACFInputStreamConstructor().newInstance(this.keyRingUser, this.keyRingName, null);
                    this.ks.load(inputStream, null);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                        }
                    }
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    throw th;
                }
            } catch (AMBIException e3) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()", e3, 1);
                    Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()", e3, 1);
                }
                throw e3;
            } catch (Exception e4) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()", e4, 2);
                }
                AMBIException initFailedEx = getInitFailedEx(e4);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()", initFailedEx, 2);
                }
                throw initFailedEx;
            }
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "openKeyStore()");
        }
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void init() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "init()");
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    if (Trace.isOn) {
                        Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "run()");
                    }
                    KeyStoreAccessJCERACFKSImpl.this.openKeyStore();
                    if (!Trace.isOn) {
                        return null;
                    }
                    Trace.exit(this, "com.ibm.mq.ese.pki.null", "run()", (Object) null);
                    return null;
                }
            });
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "init()");
            }
        } catch (PrivilegedActionException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "init()", e);
            }
            AMBIException aMBIException = e.getException() instanceof AMBIException ? (AMBIException) e.getException() : new AMBIException(e.getException());
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "init()", aMBIException, 1);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void cleanUp() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "cleanUp()");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "cleanUp()");
        }
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.KeyStoreAccessJCERACFKSImpl", "static", "SCCS id", (Object) sccsid);
        }
        URI_SPLIT_PATTERN = Pattern.compile("://");
        SLASH_SPLIT_PATTERN = Pattern.compile(BaseConfig.SUBTOPIC_SEPARATOR);
    }
}
