package com.ibm.mq.ese.pki;

import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.config.PasswordObject;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.core.SecurityProvider;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;

/* loaded from: input_file:com/ibm/mq/ese/pki/KeyStoreAccessJCEKSImpl.class */
public class KeyStoreAccessJCEKSImpl extends AbstractKeyStoreAccess implements Lifecycle {
    public static final String sccsid = "@(#) MQMBID sn=p920-003-210714 su=_6UNd8eSyEeu1HeAYEblAbg pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/KeyStoreAccessJCEKSImpl.java";
    static final int KS_SECONDARY = 1;
    private boolean useExplicitKeyStore;

    public KeyStoreAccessJCEKSImpl(KeyStoreConfig keyStoreConfig) {
        super(keyStoreConfig);
        this.useExplicitKeyStore = false;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "<init>(KeyStoreConfig)", new Object[]{keyStoreConfig});
        }
        if (this.keyStoreProvider != null && this.keyStoreProvider.equals(SecurityProvider.Provider.IBMJCEFIPS)) {
            if (Trace.isOn) {
                Trace.traceInfo(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "KeyStoreAccessJCEKSImpl(KeyStoreConfig)", "keyStoreFile: '" + this.keyStoreFile + "' will be using IBMJCE as a keystore provider", "");
            }
            this.keyStoreProvider = SecurityProvider.Provider.IBMJCE;
            this.useExplicitKeyStore = true;
        }
        this.keyStorePassword = new PasswordObject(keyStoreConfig.getKeyStorePassword());
        setPkeyPass(keyStoreConfig);
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "<init>(KeyStoreConfig)");
        }
    }

    public KeyStoreAccessJCEKSImpl(KeyStoreConfig keyStoreConfig, int i) {
        this(keyStoreConfig);
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "<init>(KeyStoreConfig,int)", new Object[]{keyStoreConfig, Integer.valueOf(i)});
        }
        if (i == 1) {
            this.keyStoreType = KeyStoreConfig.KeystoreType.KEYSTORE_JCEKS;
            this.keyStoreFile = keyStoreConfig.getSecondaryKeyStorePath();
            this.keyStorePassword = new PasswordObject(keyStoreConfig.getSecondaryKeyStorePass());
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "<init>(KeyStoreConfig,int)");
        }
    }

    protected void openKeyStore() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()");
        }
        FileInputStream fileInputStream = null;
        try {
            if (this.ks == null) {
                try {
                    if (this.useExplicitKeyStore) {
                        this.ks = KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
                    } else {
                        this.ks = KeyStore.getInstance(this.keyStoreType);
                    }
                    File accessKeystoreFile = accessKeystoreFile(this.keyStoreFile);
                    FileInputStream fileInputStream2 = new FileInputStream(accessKeystoreFile);
                    this.ks.load(fileInputStream2, null);
                    fileInputStream2.close();
                    char[] cArr = null;
                    switch (this.keyStorePassword.getProtectionType()) {
                        case PLAINTEXT:
                        case NULL:
                            cArr = new char[this.keyStorePassword.getPassword().length];
                            System.arraycopy(this.keyStorePassword.getPassword(), 0, cArr, 0, this.keyStorePassword.getPassword().length);
                            break;
                        case OLDPROTECTED:
                            cArr = decryptPasswordOld(new String(this.keyStorePassword.getPassword()));
                            break;
                        case NEWPROTECTED:
                            cArr = decryptPassword(new String(this.keyStorePassword.getPassword()));
                            break;
                    }
                    if (this.useExplicitKeyStore) {
                        this.ks = KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
                    } else {
                        this.ks = KeyStore.getInstance(this.keyStoreType);
                    }
                    fileInputStream = new FileInputStream(accessKeystoreFile);
                    this.ks.load(fileInputStream, cArr);
                    Arrays.fill(cArr, (char) 0);
                    fileInputStream.close();
                    if (Trace.isOn) {
                        Trace.finallyBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()");
                    }
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", e, 3);
                            }
                        }
                    }
                } catch (AMBIException e2) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", e2, 1);
                    }
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", e2, 1);
                    }
                    throw e2;
                } catch (Exception e3) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", e3, 2);
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
                    AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap, e3);
                    if (Trace.isOn) {
                        Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", aMBIException, 2);
                    }
                    throw aMBIException;
                }
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()");
            }
        } catch (Throwable th) {
            if (Trace.isOn) {
                Trace.finallyBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()");
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    if (Trace.isOn) {
                        Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "openKeyStore()", e4, 3);
                    }
                }
            }
            throw th;
        }
    }

    static File accessKeystoreFile(String str) throws AMBIException {
        File file;
        if (Trace.isOn) {
            Trace.entry("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "accessKeystoreFile(String)", new Object[]{str});
        }
        SecurityException securityException = null;
        for (String str2 : new String[]{".jks", ".jceks", "", ".jck"}) {
            try {
                file = new File(str + str2);
            } catch (SecurityException e) {
                if (Trace.isOn) {
                    Trace.catchBlock("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "accessKeystoreFile(String)", e);
                }
                if (securityException == null) {
                    securityException = e;
                }
            }
            if (file.exists()) {
                if (Trace.isOn) {
                    Trace.exit("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "accessKeystoreFile(String)", file);
                }
                return file;
            }
            continue;
        }
        if (securityException != null) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, str);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap, new AccessControlException(str));
            if (Trace.isOn) {
                Trace.throwing("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "accessKeystoreFile(String)", aMBIException, 1);
            }
            throw aMBIException;
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, str);
        AMBIException aMBIException2 = new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap2, new FileNotFoundException(str));
        if (Trace.isOn) {
            Trace.throwing("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "accessKeystoreFile(String)", aMBIException2, 2);
        }
        throw aMBIException2;
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void init() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "init()");
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    if (Trace.isOn) {
                        Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "run()");
                    }
                    KeyStoreAccessJCEKSImpl.this.openKeyStore();
                    if (!Trace.isOn) {
                        return null;
                    }
                    Trace.exit(this, "com.ibm.mq.ese.pki.null", "run()", (Object) null);
                    return null;
                }
            });
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "init()");
            }
        } catch (PrivilegedActionException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "init()", e);
            }
            if (e.getException() instanceof AMBIException) {
                AMBIException aMBIException = (AMBIException) e.getException();
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "init()", aMBIException, 1);
                }
                throw aMBIException;
            }
            AMBIException aMBIException2 = new AMBIException(e.getException());
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "init()", aMBIException2, 2);
            }
            throw aMBIException2;
        }
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void cleanUp() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "cleanUp()");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "cleanUp()");
        }
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.KeyStoreAccessJCEKSImpl", "static", "SCCS id", (Object) sccsid);
        }
    }
}
