package com.ibm.mq.ese.pki;

import com.ibm.mq.ese.config.ConfigException;
import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.config.PasswordObject;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.KeyStoreAccess;
import com.ibm.mq.ese.core.MessageProtectionConstants;
import com.ibm.mq.ese.core.X500NameWrapper;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.mq.ese.util.TraceUtil;
import com.ibm.msg.client.commonservices.passwordprotection.CryptoUtil;
import com.ibm.msg.client.commonservices.passwordprotection.EncodedPasswordAbstract;
import com.ibm.msg.client.commonservices.passwordprotection.PBEException;
import com.ibm.msg.client.commonservices.passwordprotection.passwordencodings.EncodedPasswordV0;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.File;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.crypto.Cipher;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/ibm/mq/ese/pki/AbstractKeyStoreAccess.class */
public abstract class AbstractKeyStoreAccess implements KeyStoreAccess {
    public static final String sccsid = "@(#) MQMBID sn=p930-017-240404 su=_qxwxlfKTEe6mUKqTP0CEtw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/AbstractKeyStoreAccess.java";
    private static final String INITIALKEY_ENVVAR = "MQS_AMSCRED_KEYFILE";
    public static final String EYECATCHER = "<AMS>";
    private static char[] initialkey;
    private static boolean defaultInitialKeyUsed;
    private static String initalkeyfilepath;
    private static final byte[] FIXEDSALT;
    private static final byte[] AMS_DEFAULT_KEY;
    private static final byte[] AMS_KEY_MASK;
    protected String keyStoreFile;
    protected String keyStoreType;
    protected String keyStoreProvider;
    protected String credentialAlias;
    protected KeyStore ks = null;
    protected PasswordObject keyStorePassword = null;
    protected PasswordObject pkeyPassword = null;

    public AbstractKeyStoreAccess(KeyStoreConfig keyStoreConfig) {
        this.keyStoreFile = null;
        this.keyStoreType = null;
        this.keyStoreProvider = null;
        this.credentialAlias = null;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)");
        }
        this.keyStoreType = keyStoreConfig.getType();
        this.keyStoreProvider = keyStoreConfig.getProvider();
        this.credentialAlias = keyStoreConfig.getAlias();
        this.keyStoreFile = keyStoreConfig.getKeyStorePath();
        if (Trace.isOn) {
            Trace.traceData(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)", "keyStoreFile: ", this.keyStoreFile);
            Trace.traceData(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)", "keyStoreType: ", this.keyStoreType);
            Trace.traceData(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)", "keyStoreProvider: ", this.keyStoreProvider);
            Trace.traceData(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)", "credentialAlias: ", this.credentialAlias);
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "AbstractKeyStoreAccess(KeyStoreConfig)");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "<init>(KeyStoreConfig)");
        }
    }

    public static void loadInitialKey(String str) throws ConfigException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", new Object[]{str});
        }
        String property = System.getProperty(INITIALKEY_ENVVAR);
        if (property != null) {
            if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", (Object) ("Loading Initial Key from System property value " + property));
            }
            File file = new File(property);
            try {
                initialkey = CryptoUtil.readInitialKey(file);
                initalkeyfilepath = file.getAbsolutePath();
            } catch (PBEException e) {
                if (Trace.isOn) {
                    Trace.catchBlock("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", e);
                }
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INITIAL_KEYFILE, file.getAbsolutePath());
                ConfigException configException = new ConfigException(AmsErrorMessages.mjp_bad_initial_keyfile, hashMap, e);
                if (Trace.isOn) {
                    Trace.throwing("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", configException);
                }
                throw configException;
            }
        } else if (str != null) {
            if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", (Object) ("Loading Initial Key from Configuration File value " + str));
            }
            File file2 = new File(str);
            try {
                initialkey = CryptoUtil.readInitialKey(file2);
                initalkeyfilepath = file2.getAbsolutePath();
            } catch (PBEException e2) {
                if (Trace.isOn) {
                    Trace.catchBlock("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", e2);
                }
                HashMap hashMap2 = new HashMap();
                hashMap2.put(AmsErrorMessageInserts.AMS_INITIAL_KEYFILE, file2.getAbsolutePath());
                ConfigException configException2 = new ConfigException(AmsErrorMessages.mjp_bad_initial_keyfile, hashMap2, e2);
                if (Trace.isOn) {
                    Trace.throwing("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", configException2);
                }
                throw configException2;
            }
        } else {
            if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)", (Object) "Using default initial key");
            }
            initialkey = CryptoUtil.rebuildXORdKey(AMS_DEFAULT_KEY, AMS_KEY_MASK);
            defaultInitialKeyUsed = true;
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "loadInitialKey(String)");
        }
    }

    public static void overrideInitialKey(File file) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "overrideInitialKey(char[])", new Object[]{"********"});
        }
        initialkey = CryptoUtil.readInitialKey(file);
        initalkeyfilepath = file.getAbsolutePath();
        defaultInitialKeyUsed = false;
        if (Trace.isOn) {
            Trace.exit("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "overrideInitialKey(char[])");
        }
    }

    public void init(KeyStore keyStore) {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "init(KeyStore)", new Object[]{keyStore});
        }
        if (this.ks == null) {
            this.ks = keyStore;
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "init(KeyStore)");
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public X509Certificate getCertificate(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificate(String)", new Object[]{str});
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) getKs().getCertificate(str);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificate(String)", x509Certificate);
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificate(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_user_certificate_not_found, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificate(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public PrivateKey getPrivateKey(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", new Object[]{str});
        }
        try {
            char[] cArr = null;
            if (this.pkeyPassword != null) {
                if (Trace.isOn) {
                    Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", "Password is protected in type: ", (Object) this.pkeyPassword.getProtectionType());
                }
                switch (this.pkeyPassword.getProtectionType()) {
                    case PLAINTEXT:
                    case NULL:
                        cArr = new char[this.pkeyPassword.getPassword().length];
                        System.arraycopy(this.pkeyPassword.getPassword(), 0, cArr, 0, this.pkeyPassword.getPassword().length);
                        break;
                    case OLDPROTECTED:
                        cArr = decryptPasswordOld(new String(this.pkeyPassword.getPassword()));
                        break;
                    case NEWPROTECTED:
                        cArr = decryptPassword(new String(this.pkeyPassword.getPassword()));
                        break;
                }
            } else if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", (Object) "Private key password has not be created and is null.");
            }
            PrivateKey privateKey = (PrivateKey) getKs().getKey(str, cArr);
            if (cArr != null) {
                Arrays.fill(cArr, (char) 0);
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", "************");
            }
            return privateKey;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_user_privatekey_not_found, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public PrivateKey getPrivateKey(String str, String str2) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String,String)", new Object[]{str, "************"});
        }
        try {
            PrivateKey privateKey = (PrivateKey) getKs().getKey(str, str2.toCharArray());
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String, String)", "************");
            }
            return privateKey;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String,String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_user_privatekey_not_found, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String,String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public Enumeration<String> aliases() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "aliases()");
        }
        try {
            Enumeration<String> aliases = getKs().aliases();
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "aliases()", aliases);
            }
            return aliases;
        } catch (KeyStoreException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "aliases()", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            ConfigException configException = new ConfigException(AmsErrorMessages.mju_keystore_aliases_not_found, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "aliases()", configException);
            }
            throw configException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public boolean containsAlias(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "containsAlias(String)", new Object[]{str});
        }
        try {
            boolean containsAlias = getKs().containsAlias(str);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "containsAlias(String)", Boolean.valueOf(containsAlias));
            }
            return containsAlias;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "containsAlias(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_keystore_alias_verify, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "containsAlias(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public Certificate[] getCertificateChain(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificateChain(String)", new Object[]{str});
        }
        try {
            Certificate[] certificateChain = getKs().getCertificateChain(str);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificateChain(String)", certificateChain);
            }
            return certificateChain;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificateChain(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_keystore_certificate_chain_not_found, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificateChain(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public boolean isCertificateEntry(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isCertificateEntry(String)", new Object[]{str});
        }
        try {
            boolean isCertificateEntry = getKs().isCertificateEntry(str);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isCertificateEntry(String)", Boolean.valueOf(isCertificateEntry));
            }
            return isCertificateEntry;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isCertificateEntry(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_error_keystore_certificate_entry_verify, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isCertificateEntry(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public boolean isKeyEntry(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isKeyEntry(String)", new Object[]{str});
        }
        try {
            boolean isKeyEntry = getKs().isKeyEntry(str);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isKeyEntry(String)", Boolean.valueOf(isKeyEntry));
            }
            return isKeyEntry;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isKeyEntry(String)", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, str);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_error_keystore_certificate_entry_verify, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "isKeyEntry(String)", aMBIException);
            }
            throw aMBIException;
        }
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public String getType() {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getType()");
        }
        String type = getKs().getType();
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getType()", new Object[]{type});
        }
        return type;
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public X509Certificate[] getCertificates(List<String> list, boolean z) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificates(List,boolean)", new Object[]{list, Boolean.valueOf(z)});
        }
        X509Certificate[] doGetCertificates = doGetCertificates(list, z);
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getCertificates(List,boolean)", doGetCertificates);
        }
        return doGetCertificates;
    }

    private X509Certificate[] doGetCertificates(List<String> list, boolean z) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "doGetCertificates(List,boolean)", new Object[]{list, Boolean.valueOf(z)});
        }
        X509Certificate[] x509CertificateArr = null;
        if (list != null && !list.isEmpty()) {
            Enumeration<String> aliases = aliases();
            x509CertificateArr = new X509Certificate[list.size()];
            while (aliases.hasMoreElements() && !list.isEmpty()) {
                X509Certificate certificate = getCertificate(aliases.nextElement());
                if (certificate != null) {
                    X500NameWrapper x500NameWrapper = new X500NameWrapper(certificate.getSubjectX500Principal().toString());
                    int i = 0;
                    while (true) {
                        if (i >= list.size()) {
                            break;
                        }
                        if (x500NameWrapper.isEqual(new X500NameWrapper(list.get(i)))) {
                            x509CertificateArr[-(list.size() - x509CertificateArr.length)] = certificate;
                            list.remove(i);
                            break;
                        }
                        i++;
                    }
                }
            }
        }
        if (z && !list.isEmpty()) {
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_RECIPIENTS_NAMES, TraceUtil.objectsAsString(list.toArray()));
            MissingCertificateException missingCertificateException = new MissingCertificateException(AmsErrorMessages.mju_policy_failed_to_get_receiver_certs, (HashMap<String, ? extends Object>) hashMap);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "doGetCertificates(List,boolean)", missingCertificateException);
            }
            throw missingCertificateException;
        }
        if (!z) {
            int i2 = 0;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (x509Certificate == null) {
                    i2++;
                }
            }
            if (i2 > 0) {
                X509Certificate[] x509CertificateArr2 = x509CertificateArr;
                x509CertificateArr = new X509Certificate[x509CertificateArr2.length - i2];
                int i3 = 0;
                for (int i4 = 0; i4 < x509CertificateArr2.length; i4++) {
                    if (x509CertificateArr2[i4] != null && i3 < x509CertificateArr.length) {
                        int i5 = i3;
                        i3++;
                        x509CertificateArr[i5] = x509CertificateArr2[i4];
                    }
                }
            }
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "doGetCertificates(List,boolean)", x509CertificateArr);
        }
        return x509CertificateArr;
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public KeyStore getKeyStore() {
        return this.ks;
    }

    public String toString() {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "toString()");
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.keyStoreType).append('/').append(this.keyStoreProvider).append('/');
        if (this.keyStoreFile != null) {
            sb.append(this.keyStoreFile);
        }
        String sb2 = sb.toString();
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "toString()", sb2);
        }
        return sb2;
    }

    @Override // com.ibm.mq.ese.core.KeyStoreAccess
    public String getProvider() {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getProvider()", "getter", this.keyStoreProvider);
        }
        return this.keyStoreProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPkeyPass(KeyStoreConfig keyStoreConfig) {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "setPkeyPass(KeyStoreConfig)", "setter", keyStoreConfig);
        }
        if (keyStoreConfig.getPrivKeyPassword() == null || keyStoreConfig.getPrivKeyPassword().getProtectionType() == PasswordObject.PasswordType.NULL) {
            return;
        }
        this.pkeyPassword = new PasswordObject(keyStoreConfig.getPrivKeyPassword());
    }

    public int hashCode() {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "hashCode()");
        }
        int hashCode = this.keyStoreFile.hashCode();
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "hashCode()", Integer.valueOf(hashCode));
        }
        return hashCode;
    }

    public boolean equals(Object obj) {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "equals(Object)", new Object[]{obj});
        }
        boolean equals = this.keyStoreFile.equals(obj);
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "equals(Object)", Boolean.valueOf(equals));
        }
        return equals;
    }

    public static String encryptPassword(char[] cArr, String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry("AbstractKeyStoreAccess", "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPassword(char[])");
        }
        try {
            String printableString = CryptoUtil.encryptPassword(cArr, initialkey, FIXEDSALT, 2, EYECATCHER).toPrintableString();
            if (Trace.isOn) {
                Trace.exit("AbstractKeyStoreAccess", "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPassword(char[])", new Object[]{printableString});
            }
            return printableString;
        } catch (PBEException e) {
            if (Trace.isOn) {
                Trace.catchBlock("AbstractKeyStoreAccess", "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPassword(char[])", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PROPERTY_KEY, str);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_keystore_password_protection_failure_new, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing("AbstractKeyStoreAccess", "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPassword(char [ ])", aMBIException, 1);
            }
            throw aMBIException;
        }
    }

    @Deprecated
    public String encryptPasswordOld(char[] cArr) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char[])");
        }
        try {
            Cipher cipher = Cipher.getInstance(MessageProtectionConstants.ENCRYPTION_RSA, "BC");
            if (!getKs().containsAlias(this.credentialAlias)) {
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
                AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_credential_alias_not_found_keystore, (HashMap<String, ? extends Object>) hashMap);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", aMBIException, 1);
                }
                throw aMBIException;
            }
            if (!getKs().isKeyEntry(this.credentialAlias)) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
                hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
                AMBIException aMBIException2 = new AMBIException(AmsErrorMessages.mju_credential_alias_not_key_entry, (HashMap<String, ? extends Object>) hashMap2);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", aMBIException2, 2);
                }
                throw aMBIException2;
            }
            char[] cArr2 = null;
            if (this.pkeyPassword != null) {
                if (Trace.isOn) {
                    Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", "Password is protected in type: ", (Object) this.pkeyPassword.getProtectionType());
                }
                switch (this.pkeyPassword.getProtectionType()) {
                    case PLAINTEXT:
                    case NULL:
                        cArr2 = new char[this.pkeyPassword.getPassword().length];
                        System.arraycopy(this.pkeyPassword.getPassword(), 0, cArr2, 0, this.pkeyPassword.getPassword().length);
                        break;
                    case OLDPROTECTED:
                        cArr2 = decryptPasswordOld(new String(this.pkeyPassword.getPassword()));
                        break;
                    case NEWPROTECTED:
                        cArr2 = decryptPassword(new String(this.pkeyPassword.getPassword()));
                        break;
                }
            } else if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getPrivateKey(String)", (Object) "Private key password has not be created and is null.");
            }
            PrivateKey privateKey = (PrivateKey) getKs().getKey(this.credentialAlias, cArr2);
            Arrays.fill(cArr2, (char) 0);
            if (privateKey == null) {
                HashMap hashMap3 = new HashMap();
                hashMap3.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
                hashMap3.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
                AMBIException aMBIException3 = new AMBIException(AmsErrorMessages.mju_user_privatekey_not_found, hashMap3, new InvalidKeyException("null"));
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", aMBIException3, 3);
                }
                throw aMBIException3;
            }
            KeyFactory keyFactory = KeyFactory.getInstance(MessageProtectionConstants.ENCRYPTION_RSA, "BC");
            if (((RSAPrivateKey) privateKey).getModulus() != null && ((RSAPrivateKey) privateKey).getPrivateExponent() != null) {
                cipher.init(1, keyFactory.generatePublic(new RSAPublicKeySpec(((RSAPrivateKey) privateKey).getModulus(), ((RSAPrivateKey) privateKey).getPrivateExponent())));
                cipher.update(CryptoUtil.charArrayToByteArray(cArr));
                String str = new String(Base64.encode(cipher.doFinal()));
                if (Trace.isOn) {
                    Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", str);
                }
                return str;
            }
            HashMap hashMap4 = new HashMap();
            hashMap4.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
            hashMap4.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException4 = new AMBIException(AmsErrorMessages.mju_user_privatekey_not_found, hashMap4, new InvalidKeyException("Failed to extract the key"));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", aMBIException4, 4);
            }
            throw aMBIException4;
        } catch (Exception e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", e);
            }
            HashMap hashMap5 = new HashMap();
            hashMap5.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
            hashMap5.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException5 = new AMBIException(AmsErrorMessages.mju_keystore_password_protection_failure, hashMap5, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "encryptPasswordOld(char [ ])", aMBIException5, 5);
            }
            throw aMBIException5;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public char[] decryptPassword(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPassword(String)", new Object[]{"********"});
        }
        try {
            EncodedPasswordAbstract encodedPasswordObjFromString = CryptoUtil.getEncodedPasswordObjFromString(str, EYECATCHER);
            char[] decryptPasswordOld = encodedPasswordObjFromString instanceof EncodedPasswordV0 ? decryptPasswordOld(((EncodedPasswordV0) encodedPasswordObjFromString).getPassword()) : CryptoUtil.decryptPassword(initialkey, FIXEDSALT, encodedPasswordObjFromString);
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPassword(String)", "***********");
            }
            return decryptPasswordOld;
        } catch (PBEException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPassword(String)", e, 1);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
            hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_keystore_password_unprotection_failure, hashMap, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPassword(String)", aMBIException, 2);
            }
            throw aMBIException;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Deprecated
    public char[] decryptPasswordOld(String str) throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", new Object[]{"********"});
        }
        try {
            byte[] decode = Base64.decode(str);
            try {
                PublicKey publicKey = getKs().getCertificate(this.credentialAlias).getPublicKey();
                Cipher cipher = Cipher.getInstance(MessageProtectionConstants.ENCRYPTION_RSA, "BC");
                cipher.init(2, KeyFactory.getInstance(MessageProtectionConstants.ENCRYPTION_RSA, "BC").generatePrivate(new RSAPrivateKeySpec(((RSAPublicKey) publicKey).getModulus(), ((RSAPublicKey) publicKey).getPublicExponent())));
                cipher.update(decode);
                char[] byteArrayToCharArray = CryptoUtil.byteArrayToCharArray(cipher.doFinal());
                if (Trace.isOn) {
                    Trace.exit(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", "*********");
                }
                return byteArrayToCharArray;
            } catch (Exception e) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", e, 1);
                }
                HashMap hashMap = new HashMap();
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
                hashMap.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
                AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_user_certificate_not_found, hashMap, e);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", aMBIException, 1);
                }
                throw aMBIException;
            }
        } catch (Exception e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", e2, 2);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_CREDENTIAL_ALIAS, this.credentialAlias);
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException2 = new AMBIException(AmsErrorMessages.mju_keystore_password_unprotection_failure, hashMap2, e2);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "decryptPasswordOld(String)", aMBIException2, 2);
            }
            throw aMBIException2;
        }
    }

    protected KeyStore getKs() {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "getKs()", "getter", this.ks);
        }
        return this.ks;
    }

    public static boolean testDecrypt(PasswordObject passwordObject) {
        boolean z;
        if (Trace.isOn) {
            Trace.entry("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "testDecrypt(PasswordObject)", new Object[]{"********"});
        }
        if (passwordObject != null) {
            if (Trace.isOn) {
                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "testDecrypt(PasswordObject)", "Password is protected in type", (Object) passwordObject.getProtectionType());
            }
            switch (passwordObject.getProtectionType()) {
                case PLAINTEXT:
                case NULL:
                    z = true;
                    break;
                case OLDPROTECTED:
                    z = true;
                    break;
                case NEWPROTECTED:
                    try {
                        EncodedPasswordAbstract encodedPasswordObjFromString = CryptoUtil.getEncodedPasswordObjFromString(new String(passwordObject.getPassword()), EYECATCHER);
                        if (encodedPasswordObjFromString.getAlgorithm() == 0) {
                            if (Trace.isOn) {
                                Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "testDecrypt(PasswordObject)", (Object) "Password is an old password protection in a new format. We cannot test it so continue");
                            }
                            z = true;
                        } else {
                            z = CryptoUtil.testDecryptPassword(initialkey, FIXEDSALT, encodedPasswordObjFromString);
                        }
                        break;
                    } catch (PBEException e) {
                        if (Trace.isOn) {
                            Trace.catchBlock("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "testDecrypt(PasswordObject)", e);
                        }
                        z = false;
                        break;
                    }
                default:
                    z = false;
                    break;
            }
        } else {
            z = true;
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "testDecrypt(PasswordObject)", Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean usingDefaultKey() {
        return defaultInitialKeyUsed;
    }

    public static String getInitialKeyFilePath() {
        return initalkeyfilepath;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.AbstractKeyStoreAccess", "static", "SCCS id", (Object) sccsid);
        }
        defaultInitialKeyUsed = false;
        FIXEDSALT = new byte[]{24, -47, 1, -69, -28, -127, -111, 42, -100, 81, 21, 87, -2, 104, 57, -82, -49, 82, 12, -19, -74, 49, 16, -88};
        AMS_DEFAULT_KEY = new byte[]{-120, 68, 53, -88, 118, -59, -27, 52, -86, 86, 43, -51, -92, -89, 61, 30, -79, -62, -27, 50, 31, -4, 89, 21, -108, -115, -37, -47, -18, -27, 91, -51};
        AMS_KEY_MASK = new byte[]{-65, 118, -92, -86, -26, -11, -4, -63, 123, 45, -85, 107, 19, -83, -127, -56, 104, Byte.MAX_VALUE, -33, -114, -81, 95, 63, -109, 94, -87, -122, 30, -58, 119, 28, -22};
    }
}
