package com.ibm.mq.ese.pki;

import com.ibm.mq.ese.config.KeyStoreConfig;
import com.ibm.mq.ese.config.PasswordObject;
import com.ibm.mq.ese.core.AMBIException;
import com.ibm.mq.ese.core.Lifecycle;
import com.ibm.mq.ese.nls.AmsErrorMessageInserts;
import com.ibm.mq.ese.nls.AmsErrorMessages;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.HashMap;

/* loaded from: input_file:com/ibm/mq/ese/pki/KeyStoreAccessPKCS11Impl.class */
public class KeyStoreAccessPKCS11Impl extends AbstractKeyStoreAccess implements Lifecycle {
    public static final String sccsid = "@(#) MQMBID sn=p920-L200710.DE su=_6p8lZ8KXEeqhru3bNhtEjw pn=com.ibm.mq.ese/src/com/ibm/mq/ese/pki/KeyStoreAccessPKCS11Impl.java";
    private static final String CLASS;
    private boolean useExplicitKeyStore;
    private boolean usePKCS11IMPLKS;
    public static final Object KS_LOCK;
    private static KeyStore staticKS;

    public KeyStoreAccessPKCS11Impl(KeyStoreConfig keyStoreConfig) {
        super(keyStoreConfig);
        this.useExplicitKeyStore = false;
        this.usePKCS11IMPLKS = true;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "<init>(KeyStoreConfig)", new Object[]{keyStoreConfig});
        }
        this.keyStoreFile = keyStoreConfig.getType();
        this.keyStorePassword = new PasswordObject(keyStoreConfig.getKeyStorePassword());
        setPkeyPass(keyStoreConfig);
        if (this.keyStoreProvider != null && this.keyStoreProvider.length() > 0) {
            this.useExplicitKeyStore = true;
            this.usePKCS11IMPLKS = this.keyStoreProvider.toUpperCase().startsWith("IBM");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "<init>(KeyStoreConfig)");
        }
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void init() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()");
        }
        try {
            synchronized (KS_LOCK) {
                if (staticKS == null) {
                    this.ks = null;
                    if (this.useExplicitKeyStore) {
                        staticKS = KeyStore.getInstance(this.usePKCS11IMPLKS ? KeyStoreConfig.KeystoreType.KEYSTORE_PKCS11IMPLKS : "PKCS11", this.keyStoreProvider);
                    } else {
                        staticKS = KeyStore.getInstance(this.usePKCS11IMPLKS ? KeyStoreConfig.KeystoreType.KEYSTORE_PKCS11IMPLKS : "PKCS11");
                    }
                    char[] cArr = null;
                    switch (this.keyStorePassword.getProtectionType()) {
                        case PLAINTEXT:
                        case NULL:
                            cArr = new char[this.keyStorePassword.getPassword().length];
                            System.arraycopy(this.keyStorePassword.getPassword(), 0, cArr, 0, this.keyStorePassword.getPassword().length);
                            break;
                        case OLDPROTECTED:
                            cArr = decryptPasswordOld(new String(this.keyStorePassword.getPassword()));
                            break;
                        case NEWPROTECTED:
                            cArr = decryptPassword(new String(this.keyStorePassword.getPassword()));
                            break;
                    }
                    staticKS.load(null, cArr);
                    Arrays.fill(cArr, (char) 0);
                    this.keyStoreProvider = staticKS.getProvider().getName();
                    String info = staticKS.getProvider().getInfo();
                    if (Trace.isOn) {
                        Trace.traceInfo(CLASS, "init()", "Provider information", (Object) info);
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put(AmsErrorMessageInserts.AMS_INSERT_PKCS11_PROVIDER_INFORMATION, info);
                    AmsErrorMessages.log(CLASS, "init()", AmsErrorMessages.mju_pkcs11_keystore_init, hashMap);
                }
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()");
            }
        } catch (IOException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()", e, 2);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException = new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap2, e);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()", aMBIException, 2);
            }
            throw aMBIException;
        } catch (GeneralSecurityException e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()", e2, 1);
            }
            HashMap hashMap3 = new HashMap();
            hashMap3.put(AmsErrorMessageInserts.AMS_INSERT_FILENAME, this.keyStoreFile);
            AMBIException aMBIException2 = new AMBIException(AmsErrorMessages.mju_error_keystore_init_failed, hashMap3, e2);
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "init()", aMBIException2, 1);
            }
            throw aMBIException2;
        }
    }

    @Override // com.ibm.mq.ese.core.Lifecycle
    public void cleanUp() throws AMBIException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "cleanUp()");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "cleanUp()");
        }
    }

    @Override // com.ibm.mq.ese.pki.AbstractKeyStoreAccess
    protected KeyStore getKs() {
        if (Trace.isOn) {
            Trace.data(this, "com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "getKs()", "getter", staticKS);
        }
        return staticKS;
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.mq.ese.pki.KeyStoreAccessPKCS11Impl", "static", "SCCS id", (Object) sccsid);
        }
        CLASS = KeyStoreAccessPKCS11Impl.class.getName();
        KS_LOCK = new Object();
    }
}
