package weblogic.security.providers.utils;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.ProvidersLogger;
import com.bea.common.security.SecurityLogger;
import com.bea.common.security.legacy.ExtendedSecurityServices;
import com.bea.common.security.store.data.WLSCertRegEntryId;
import com.bea.common.security.utils.ContextElementDictionary;
import com.bea.common.security.utils.encoders.BASE64Encoder;
import com.bea.common.store.service.RemoteCommitEvent;
import com.bea.common.store.service.RemoteCommitListener;
import com.bea.common.store.service.StoreService;
import com.bea.security.utils.wss.WSSThumbprint;
import com.bea.xml_.impl.jam.xml.JamXmlElements;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.SubjectKeyID;
import com.rsa.certj.cert.extensions.X509V3Extension;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.TreeSet;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
import javax.jdo.PersistenceManager;
import javax.security.auth.x500.X500Principal;
import netscape.ldap.LDAPDN;
import weblogic.management.security.ProviderMBean;
import weblogic.management.utils.AlreadyExistsException;
import weblogic.management.utils.ErrorCollectionException;
import weblogic.management.utils.InvalidCursorException;
import weblogic.management.utils.InvalidParameterException;
import weblogic.management.utils.NotFoundException;
import weblogic.security.spi.AuditMgmtEvent;
import weblogic.security.spi.AuditSeverity;
import weblogic.security.spi.AuditorService;
import weblogic.security.spi.SecurityServices;
import weblogic.security.utils.AuditBaseEventImpl;

/* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate.class */
public abstract class CertRegLDAPDelegate {
    protected AuditorService auditor;
    private static final String SUBJECT_KEY_IDENTIFIER_OID = "2.5.29.14";
    public static final String JKS_KEYSTORE_FORMAT = "JKS KeyStore";
    public static final String GROUP_JKS_KEYSTORE_FORMAT = "Group JKS KeyStore";
    private static final String CERT_HEADER = "-----BEGIN CERTIFICATE-----\n";
    private static final String CERT_FOOTER = "-----END CERTIFICATE-----\n";
    private static final int LINE_LENGTH = 76;
    protected static final String SAMLCertificateRegistry = "SAMLCertificateRegistry";
    protected static final String SAMLCertReg = "SAMLCertReg";
    private static final String TRUST_GROUP_CONSTRAINTS_SEPERATOR = ",";
    protected LoggerSpi log;
    protected StoreService storeService;
    protected CertRegStore certStore;
    protected String realmName;
    protected String domainName;
    private BusinessObjectListerManager listerManager;
    private Map thumbprintMapKeyMap;
    private static final char[] KEYSTORE_PASSWORD = "changeme".toCharArray();
    protected static final String RESERVED_CERT_REG_GROUP = normalizeAlias("ReservedCertRegGroup");
    private static String allowExpiredCerts = "com.bea.common.security.saml.allowExpiredCerts";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate$CertRegAuditMgmtEvent.class */
    public static final class CertRegAuditMgmtEvent extends AuditBaseEventImpl implements AuditMgmtEvent {
        private String eventData;

        public CertRegAuditMgmtEvent(String str, String str2, Exception exc) {
            super(exc == null ? AuditSeverity.INFORMATION : AuditSeverity.FAILURE, str, exc);
            this.eventData = str2;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // weblogic.security.utils.AuditBaseEventImpl
        public void writeAttributes(StringBuffer stringBuffer) {
            super.writeAttributes(stringBuffer);
            stringBuffer.append(this.eventData);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate$ThumbprintMap.class */
    public static class ThumbprintMap extends HashMap {
        private boolean initialized;

        private ThumbprintMap() {
            this.initialized = false;
        }

        boolean isInitialized() {
            return this.initialized;
        }

        void setInitialized(boolean z) {
            this.initialized = z;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate$ThumbprintMapFactory.class */
    public static class ThumbprintMapFactory {
        private static Map thumbprintMaps = new HashMap();

        private ThumbprintMapFactory() {
        }

        static synchronized ThumbprintMap getThumbprintMap(ThumbprintMapKey thumbprintMapKey) {
            ThumbprintMap thumbprintMap = (ThumbprintMap) thumbprintMaps.get(thumbprintMapKey);
            if (thumbprintMap == null) {
                thumbprintMap = new ThumbprintMap();
                thumbprintMaps.put(thumbprintMapKey, thumbprintMap);
            }
            return thumbprintMap;
        }

        static synchronized void clearThumbprintMaps() {
            for (ThumbprintMap thumbprintMap : thumbprintMaps.values()) {
                synchronized (thumbprintMap) {
                    thumbprintMap.clear();
                }
            }
            thumbprintMaps.clear();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate$ThumbprintMapKey.class */
    public static class ThumbprintMapKey {
        private String domainName;
        private String realmName;
        private String registryDNName;

        ThumbprintMapKey(String str, String str2, String str3) {
            this.domainName = str;
            this.realmName = str2;
            this.registryDNName = str3;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            boolean z = false;
            if (obj instanceof ThumbprintMapKey) {
                ThumbprintMapKey thumbprintMapKey = (ThumbprintMapKey) obj;
                z = equals(thumbprintMapKey.domainName, thumbprintMapKey.realmName, thumbprintMapKey.registryDNName);
            }
            return z;
        }

        public int hashCode() {
            return (this.domainName.hashCode() ^ this.realmName.hashCode()) ^ this.registryDNName.hashCode();
        }

        boolean equals(String str, String str2, String str3) {
            return this.domainName.equals(str) && this.realmName.equals(str2) && this.registryDNName.equals(str3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/providers/utils/CertRegLDAPDelegate$ThumbprintRemoteCommitListener.class */
    public class ThumbprintRemoteCommitListener implements RemoteCommitListener {
        private ThumbprintRemoteCommitListener() {
        }

        @Override // com.bea.common.store.service.RemoteCommitListener
        public void afterCommit(RemoteCommitEvent remoteCommitEvent) {
            CertRegLDAPDelegate.this.log.info("calling afterCommit() ...");
            Collection addedObjectIds = remoteCommitEvent.getAddedObjectIds();
            Collection deletedObjectIds = remoteCommitEvent.getDeletedObjectIds();
            handleCertificateAdded(addedObjectIds);
            handleCertificateDeleted(deletedObjectIds);
            CertRegLDAPDelegate.this.log.info("afterCommit() ends.");
        }

        private void handleCertificateAdded(Collection collection) {
            if (collection == null || collection.isEmpty()) {
                if (CertRegLDAPDelegate.this.isDebug()) {
                    CertRegLDAPDelegate.this.log.debug("handleCertificateAdded - objectIds=null || empty");
                    return;
                }
                return;
            }
            int i = 0;
            for (Object obj : collection) {
                ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(CertRegLDAPDelegate.this.getThumbprintMapKey(convertToCertRegEntryId(obj).getRegistryName()));
                synchronized (thumbprintMap) {
                    if (thumbprintMap.isInitialized()) {
                        if (CertRegLDAPDelegate.this.putToThumbprintMap(thumbprintMap, StoreServiceBasedCertRegStore.convert2StoreEntry(getCertRegEntry(obj)))) {
                            i++;
                        }
                    }
                }
            }
            CertRegLDAPDelegate.this.log.info("handleCertificateAdded - #objectIds: " + collection.size() + " #mapping entries added: " + i);
        }

        private void handleCertificateDeleted(Collection collection) {
            if (collection == null || collection.isEmpty()) {
                if (CertRegLDAPDelegate.this.isDebug()) {
                    CertRegLDAPDelegate.this.log.debug("handleCertificateDeleted - objectIds=null || empty");
                    return;
                }
                return;
            }
            int i = 0;
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                WLSCertRegEntryId convertToCertRegEntryId = convertToCertRegEntryId(it.next());
                ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(CertRegLDAPDelegate.this.getThumbprintMapKey(convertToCertRegEntryId.getRegistryName()));
                synchronized (thumbprintMap) {
                    if (thumbprintMap.isInitialized()) {
                        if (CertRegLDAPDelegate.this.removeFromThumbprintMap(thumbprintMap, convertToCertRegEntryId.getCn())) {
                            i++;
                        }
                    }
                }
            }
            CertRegLDAPDelegate.this.log.info("handleCertificateDeleted - #objectIds: " + collection.size() + " #mapping entries removed: " + i);
        }

        private com.bea.common.security.store.data.WLSCertRegEntry getCertRegEntry(Object obj) {
            com.bea.common.security.store.data.WLSCertRegEntry wLSCertRegEntry = null;
            WLSCertRegEntryId convertToCertRegEntryId = convertToCertRegEntryId(obj);
            if (convertToCertRegEntryId != null) {
                PersistenceManager persistenceManager = CertRegLDAPDelegate.this.storeService.getPersistenceManager();
                try {
                    wLSCertRegEntry = (com.bea.common.security.store.data.WLSCertRegEntry) convertToCertRegEntryId.getObject(persistenceManager, true);
                    persistenceManager.close();
                } catch (Throwable th) {
                    persistenceManager.close();
                    throw th;
                }
            }
            return wLSCertRegEntry;
        }

        private WLSCertRegEntryId convertToCertRegEntryId(Object obj) {
            WLSCertRegEntryId wLSCertRegEntryId = null;
            if (obj instanceof WLSCertRegEntryId) {
                WLSCertRegEntryId wLSCertRegEntryId2 = (WLSCertRegEntryId) obj;
                String domainName = wLSCertRegEntryId2.getDomainName();
                String realmName = wLSCertRegEntryId2.getRealmName();
                String registryName = wLSCertRegEntryId2.getRegistryName();
                if (CertRegLDAPDelegate.this.getThumbprintMapKey(registryName).equals(domainName, realmName, registryName)) {
                    wLSCertRegEntryId = wLSCertRegEntryId2;
                }
            }
            return wLSCertRegEntryId;
        }
    }

    boolean isDebug() {
        if (this.log == null) {
            return false;
        }
        return this.log.isDebugEnabled();
    }

    private void debug(String str, String str2) {
        if (this.log == null) {
            return;
        }
        String str3 = "CertRegLDAPDelegate." + str + ": " + str2;
        if (this.log.isDebugEnabled()) {
            this.log.debug(str3);
        }
    }

    private static void handleUnexpectedException(Throwable th) {
        throw new RuntimeException(th);
    }

    private void validateFormat(String str) throws InvalidParameterException {
        if (!JKS_KEYSTORE_FORMAT.equals(str)) {
            throw new InvalidParameterException(SecurityLogger.getInvalidFormat(str));
        }
    }

    private void validateConstraints(Properties properties) throws InvalidParameterException {
        if (properties != null && properties.size() > 0) {
            throw new InvalidParameterException(SecurityLogger.getInvalidConstraints());
        }
    }

    private String getFullPathName(File file) {
        try {
            return file.getCanonicalPath();
        } catch (IOException e) {
            return file.getAbsolutePath();
        }
    }

    private String getFullPathName(String str) {
        return getFullPathName(new File(str));
    }

    private static void closeStream(InputStream inputStream) {
        try {
            inputStream.close();
        } catch (IOException e) {
        }
    }

    private static void closeStream(OutputStream outputStream) {
        try {
            outputStream.close();
        } catch (IOException e) {
        }
    }

    public static String getCertificateDERFormat(X509Certificate x509Certificate) {
        try {
            return new BASE64Encoder().encodeBuffer(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            return null;
        }
    }

    private static String DER2PEM(byte[] bArr) {
        if (bArr == null || bArr.length < 1) {
            return null;
        }
        String encodeBuffer = new BASE64Encoder().encodeBuffer(bArr);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(CERT_HEADER);
        int length = encodeBuffer.length();
        for (int i = 0; i < length; i += 76) {
            int i2 = i + 76;
            if (i2 > length) {
                i2 = length;
            }
            stringBuffer.append(encodeBuffer.substring(i, i2));
            stringBuffer.append('\n');
        }
        stringBuffer.append(CERT_FOOTER);
        return stringBuffer.toString();
    }

    private byte[] getDER(X509Certificate x509Certificate) {
        try {
            return x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    private String getPEM(X509Certificate x509Certificate) {
        return DER2PEM(getDER(x509Certificate));
    }

    private static String normalizeDN(String str) {
        String str2;
        try {
            String[] explodeDN = LDAPDN.explodeDN(new X500Principal(str).getName(), false);
            TreeSet treeSet = new TreeSet();
            for (String str3 : explodeDN) {
                treeSet.add(str3);
            }
            StringBuffer stringBuffer = new StringBuffer();
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(',');
                }
                stringBuffer.append((String) it.next());
            }
            str2 = stringBuffer.toString();
        } catch (IllegalArgumentException e) {
            str2 = str;
        }
        return str2;
    }

    private byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        X509V3Extension extensionByType;
        try {
            X509V3Extensions extensions = new com.rsa.certj.cert.X509Certificate(x509Certificate.getEncoded(), 0, 0).getExtensions();
            if (extensions == null || (extensionByType = extensions.getExtensionByType(14)) == null) {
                return null;
            }
            return ((SubjectKeyID) extensionByType).getKeyID();
        } catch (Exception e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    private void validateAlias(String str) throws InvalidParameterException {
        if (str == null || str.length() < 1) {
            throw new InvalidParameterException(SecurityLogger.getEmptyOrNullCertificateAlias());
        }
    }

    private void validateFileName(String str) throws InvalidParameterException {
        if (str == null || str.length() < 1) {
            throw new InvalidParameterException(SecurityLogger.getEmptyOrNullFileName());
        }
    }

    private static X509Certificate readCertificateFromStream(InputStream inputStream) throws CertificateException {
        CertificateFactory certificateFactory = null;
        try {
            certificateFactory = CertificateFactory.getInstance("X509");
        } catch (CertificateException e) {
            handleUnexpectedException(e);
        }
        return (X509Certificate) certificateFactory.generateCertificate(inputStream);
    }

    private X509Certificate readCertificateFromFile(String str) throws InvalidParameterException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                X509Certificate readCertificateFromStream = readCertificateFromStream(fileInputStream);
                closeStream(fileInputStream);
                return readCertificateFromStream;
            } catch (Throwable th) {
                closeStream(fileInputStream);
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new InvalidParameterException(SecurityLogger.getUnableToReadFileError(getFullPathName(str)), e);
        } catch (CertificateException e2) {
            throw new InvalidParameterException(SecurityLogger.getUnableToReadCertificateFromPEMorDERError(getFullPathName(str)), e2);
        }
    }

    public static X509Certificate readCertificateFromEncoded(byte[] bArr) {
        try {
            return readCertificateFromStream(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    private X509Certificate getCertificate(WLSCertRegEntry wLSCertRegEntry) {
        byte[] userCertificate;
        if (wLSCertRegEntry == null || RESERVED_CERT_REG_GROUP.equalsIgnoreCase(getAlias(wLSCertRegEntry)) || (userCertificate = wLSCertRegEntry.getUserCertificate()) == null) {
            return null;
        }
        return readCertificateFromEncoded(userCertificate);
    }

    private static String getAlias(WLSCertRegEntry wLSCertRegEntry) {
        if (wLSCertRegEntry == null) {
            return null;
        }
        return wLSCertRegEntry.getCn();
    }

    private static String normalizeAlias(String str) {
        return normalize(str);
    }

    private static String normalize(String str) {
        return str.toUpperCase().toLowerCase();
    }

    private String normalizeGroup(String str) {
        return getRegistryDNName().equalsIgnoreCase(str) ? getRegistryDNName() : normalize(str);
    }

    private void checkTrustGroupNameReserved(String str) throws InvalidParameterException {
        if (SAMLCertReg.equalsIgnoreCase(str) || SAMLCertificateRegistry.equalsIgnoreCase(str) || getRegistryDNName().equalsIgnoreCase(str)) {
            throw new InvalidParameterException(ProvidersLogger.getTrustGroupNameReserved(str));
        }
    }

    private boolean aliasExistsInternal(String str, String str2) {
        return this.certStore.getRegEntryByAlias(str, str2) != null;
    }

    private void checkAliasExists(String str, String str2) throws InvalidParameterException, NotFoundException {
        if (aliasExistsInternal(str, str2)) {
            return;
        }
        if (isDebug()) {
            debug("checkAliasExists", "alias " + str2 + " does not exist");
        }
        throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str2));
    }

    private String checkSubjectDNExistsInternal(String str, String str2) {
        return getAlias(this.certStore.getRegEntryBySubjectDN(str, str2));
    }

    private String checkIssuerDNExistsInternal(String str, String str2, String str3) {
        return getAlias(this.certStore.getRegEntryByIssuerDN(str, str2, str3));
    }

    private String checkSubjectKeyIdentifierExistsInternal(String str, String str2) {
        return getAlias(this.certStore.getRegEntryBySubjectKeyId(str, str2));
    }

    private void checkAliasDoesNotExist(String str, String str2) throws InvalidParameterException, AlreadyExistsException {
        if (aliasExistsInternal(str, str2)) {
            if (isDebug()) {
                debug("checkAliasDoesNotExist", "alias " + str2 + " already exists in trust group: " + str);
            }
            throw new AlreadyExistsException(getRegistryDNName().equalsIgnoreCase(str) ? SecurityLogger.getCertificateAliasAlreadyExists(str2) : ProvidersLogger.getCertificateAliasAlreadyExistsInTrustGroup(str, str2));
        }
    }

    private WLSCertRegEntry prepareForRegistery(String str, String str2, X509Certificate x509Certificate) throws AlreadyExistsException, InvalidParameterException, Exception {
        String checkSubjectKeyIdentifierExistsInternal;
        if (isDebug()) {
            debug("registerCertificate", "alias=" + str2 + ",  group=" + str + ",cert=" + x509Certificate);
        }
        String normalizeAlias = normalizeAlias(str2);
        String normalizeGroup = normalizeGroup(str);
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        String str3 = null;
        if (subjectX500Principal != null) {
            str3 = subjectX500Principal.getName();
        }
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        String str4 = null;
        if (issuerX500Principal != null) {
            str4 = issuerX500Principal.getName();
        }
        String normalizeDN = normalizeDN(str3);
        String normalizeDN2 = normalizeDN(str4);
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        String subjectKeyIdentifierString = getSubjectKeyIdentifierString(getSubjectKeyIdentifier(x509Certificate));
        checkGroupExists(normalizeGroup);
        checkAliasDoesNotExist(normalizeGroup, normalizeAlias);
        String checkSubjectDNExistsInternal = checkSubjectDNExistsInternal(normalizeGroup, normalizeDN);
        if (checkSubjectDNExistsInternal != null) {
            if (isDebug()) {
                debug("registerCertificate", "subjectDN " + normalizeDN + " already exists under the alias " + checkSubjectDNExistsInternal + " and group " + str);
            }
            throw new AlreadyExistsException(getRegistryDNName().equalsIgnoreCase(str) ? SecurityLogger.getSubjectDNAlreadyExists(normalizeDN, checkSubjectDNExistsInternal) : ProvidersLogger.getSubjectDNAlreadyExists(str, normalizeDN, checkSubjectDNExistsInternal));
        }
        String checkIssuerDNExistsInternal = checkIssuerDNExistsInternal(normalizeGroup, normalizeDN2, serialNumber.toString());
        if (checkIssuerDNExistsInternal != null) {
            if (isDebug()) {
                debug("registerCertificate", "issuerDN " + normalizeDN2 + " and serial number " + serialNumber + " already exists under the alias " + checkIssuerDNExistsInternal + " and group " + str);
            }
            throw new AlreadyExistsException(getRegistryDNName().equalsIgnoreCase(str) ? SecurityLogger.getIssuerDNAndSerialNumberAlreadyExists(normalizeDN2, serialNumber.toString(), checkIssuerDNExistsInternal) : ProvidersLogger.getIssuerDNAndSerialNumberAlreadyExists(str, normalizeDN2, serialNumber.toString(), checkIssuerDNExistsInternal));
        }
        if (subjectKeyIdentifierString != null && (checkSubjectKeyIdentifierExistsInternal = checkSubjectKeyIdentifierExistsInternal(normalizeGroup, subjectKeyIdentifierString)) != null) {
            if (isDebug()) {
                debug("registerCertificate", "SubjectKeyIdentifier " + subjectKeyIdentifierString + " already exists under the alias " + checkSubjectKeyIdentifierExistsInternal + " and group " + str);
            }
            throw new AlreadyExistsException(getRegistryDNName().equalsIgnoreCase(str) ? SecurityLogger.getSubjectKeyIdentifierAlreadyExists(subjectKeyIdentifierString, checkSubjectKeyIdentifierExistsInternal) : ProvidersLogger.getSubjectKeyIdentifierAlreadyExists(str, subjectKeyIdentifierString, checkSubjectKeyIdentifierExistsInternal));
        }
        WLSCertRegEntry wLSCertRegEntry = new WLSCertRegEntry();
        wLSCertRegEntry.setCn(normalizeAlias);
        wLSCertRegEntry.setRegistryName(normalizeGroup);
        wLSCertRegEntry.setWlsCertRegSubjectDN(normalizeDN);
        wLSCertRegEntry.setWlsCertRegIssuerDN(normalizeDN2);
        wLSCertRegEntry.setWlsCertRegSerialNumber(serialNumber.toString());
        wLSCertRegEntry.setWlsCertRegSubjectKeyIdentifier(subjectKeyIdentifierString);
        wLSCertRegEntry.setUserCertificate(getDER(x509Certificate));
        return wLSCertRegEntry;
    }

    private void registerCertificateInternal(String str, String str2, X509Certificate x509Certificate) throws AlreadyExistsException, InvalidParameterException, Exception {
        WLSCertRegEntry prepareForRegistery = prepareForRegistery(str, str2, x509Certificate);
        try {
            ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(getThumbprintMapKey(prepareForRegistery.getRegistryName()));
            synchronized (thumbprintMap) {
                this.certStore.registerCertificate(prepareForRegistery);
                if (thumbprintMap.isInitialized()) {
                    putToThumbprintMap(thumbprintMap, prepareForRegistery.getUserCertificate(), prepareForRegistery.getCn());
                }
            }
            if (isDebug()) {
                debug("registerCertificate", "group " + str + ", alias " + str2 + " and certificate " + x509Certificate + " have been added to the registry");
            }
        } catch (Exception e) {
            if (isDebug()) {
                debug("registerCertificate", "group " + str + ", alias " + str2 + " and certificate " + x509Certificate + " have not been added to the registry, exception: " + e.getMessage());
            }
            throw e;
        }
    }

    private void validateGroup(String str) throws InvalidParameterException {
        if (str == null || str.length() < 1) {
            throw new InvalidParameterException(ProvidersLogger.getEmptyOrNullTrustGroup());
        }
    }

    private void validateGroups(String[] strArr) throws InvalidParameterException {
        if (strArr == null || strArr.length < 1) {
            throw new InvalidParameterException(ProvidersLogger.getEmptyOrNullTrustGroups());
        }
        for (String str : strArr) {
            checkTrustGroupNameReserved(str);
        }
    }

    private void registerGroupNoAudit(String str) throws AlreadyExistsException, InvalidParameterException {
        validateGroup(str);
        try {
            registerGroupInternal(normalizeGroup(str));
        } catch (AlreadyExistsException e) {
            throw e;
        } catch (Exception e2) {
            handleUnexpectedException(e2);
        }
    }

    private void checkGroupDoesNotExist(String str) throws InvalidParameterException, AlreadyExistsException {
        if (aliasExistsInternal(str, RESERVED_CERT_REG_GROUP)) {
            if (isDebug()) {
                debug("checkGroupDoesNotExist", "group " + str + " already exists");
            }
            throw new AlreadyExistsException(ProvidersLogger.getTrustGroupAlreadyExists(str));
        }
    }

    private void registerGroupInternal(String str) throws AlreadyExistsException, InvalidParameterException, Exception {
        checkGroupDoesNotExist(str);
        WLSCertRegEntry wLSCertRegEntry = new WLSCertRegEntry();
        wLSCertRegEntry.setCn(RESERVED_CERT_REG_GROUP);
        wLSCertRegEntry.setRegistryName(str);
        wLSCertRegEntry.setUserCertificate(new byte[]{0});
        wLSCertRegEntry.setWlsCertRegIssuerDN("FAKEIssuerDN");
        wLSCertRegEntry.setWlsCertRegSerialNumber("0");
        wLSCertRegEntry.setWlsCertRegSubjectDN("FAKESubjectDN");
        try {
            this.certStore.registerCertificate(wLSCertRegEntry);
            if (isDebug()) {
                debug("registerGroupInternal", "alias " + RESERVED_CERT_REG_GROUP + " and group " + str + " have been added to the registry");
            }
        } catch (Exception e) {
            if (isDebug()) {
                debug("registerGroupInternal", "alias " + RESERVED_CERT_REG_GROUP + " and group " + str + " have not been added to the registry, exception: " + e.getMessage());
            }
            throw e;
        }
    }

    public boolean aliasExists(String str, String str2) throws InvalidParameterException {
        validateGroup(str);
        validateAlias(str2);
        checkTrustGroupNameReserved(str);
        try {
            return aliasExistsInternal(normalizeGroup(str), normalizeAlias(str2));
        } catch (Exception e) {
            handleUnexpectedException(e);
            return false;
        }
    }

    public X509Certificate getCertificateFromAlias(String str, String str2) throws NotFoundException, InvalidParameterException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        String normalizeGroup = normalizeGroup(str);
        checkGroupFound(normalizeGroup);
        return getCertificateFromAliasInternal(normalizeGroup, str2);
    }

    private X509Certificate getCertificateFromAliasInternal(String str, String str2) throws NotFoundException, InvalidParameterException {
        validateAlias(str2);
        try {
            X509Certificate certificate = getCertificate(this.certStore.getRegEntryByAlias(str, normalizeAlias(str2)));
            if (certificate == null) {
                throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str2));
            }
            return certificate;
        } catch (NotFoundException e) {
            throw e;
        } catch (Exception e2) {
            handleUnexpectedException(e2);
            return null;
        }
    }

    private void registerCertificateNoAudit(String str, String str2, String str3, String str4) throws AlreadyExistsException, InvalidParameterException {
        validateAlias(str3);
        validateGroup(str2);
        validateFileName(str4);
        X509Certificate readCertificateFromFile = readCertificateFromFile(str4);
        boolean z = Boolean.getBoolean(allowExpiredCerts);
        try {
            readCertificateFromFile.checkValidity();
        } catch (CertificateExpiredException e) {
            if (isDebug()) {
                debug(str, "Expired certificate being registered as alias: " + str3);
            }
            if (!z) {
                throw new InvalidParameterException("Expired certificate being registered:" + e.getMessage());
            }
        } catch (CertificateNotYetValidException e2) {
            if (isDebug()) {
                debug(str, "Not yet valid certificate being registered as alias: " + str3);
            }
            if (!z) {
                throw new InvalidParameterException("Certificate that is not yet valid is being registered: " + e2.getMessage());
            }
        } catch (Exception e3) {
            if (isDebug()) {
                debug(str, "Exception when certificate being registered as alias: " + str3);
            }
            if (!z) {
                throw new InvalidParameterException("Exception when certificate is being registered: " + e3.getMessage());
            }
        }
        try {
            registerCertificateInternal(str2, str3, readCertificateFromFile);
        } catch (AlreadyExistsException e4) {
            throw e4;
        } catch (InvalidParameterException e5) {
            throw e5;
        } catch (Exception e6) {
            handleUnexpectedException(e6);
        }
    }

    private void registerCertificate(String str, String str2, String str3) throws AlreadyExistsException, InvalidParameterException {
        try {
            try {
                try {
                    try {
                        registerCertificateNoAudit("registerCertificate", str, str2, str3);
                        if (1 == 0 || this.auditor == null) {
                            return;
                        }
                        auditMgmtEvent("registerCertificate", "<Trust group = " + str + "> <Alias = " + str2 + "> <File Name = " + str3 + ">", null);
                    } catch (RuntimeException e) {
                        throw e;
                    }
                } catch (AlreadyExistsException e2) {
                    throw e2;
                }
            } catch (InvalidParameterException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("registerCertificate", "<Trust group = " + str + "> <Alias = " + str2 + "> <File Name = " + str3 + ">", null);
            }
            throw th;
        }
    }

    private static String arrayToString(String[] strArr) {
        if (strArr == null) {
            return "null";
        }
        int length = strArr.length - 1;
        if (length == -1) {
            return "[]";
        }
        StringBuilder sb = new StringBuilder();
        sb.append('[');
        int i = 0;
        while (true) {
            sb.append(strArr[i]);
            if (i == length) {
                return sb.append(']').toString();
            }
            sb.append(", ");
            i++;
        }
    }

    public void registerCertificate(String[] strArr, String str, String str2) throws InvalidParameterException, ErrorCollectionException {
        validateAlias(str);
        validateFileName(str2);
        validateGroups(strArr);
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(ProvidersLogger.getErrorsRegisterCertificate(arrayToString(strArr)));
        for (int i = 0; i < strArr.length; i++) {
            if (isDebug()) {
                debug("registerCertificatefromFile", " alias=" + str + " filename=" + str2 + " groups=" + arrayToString(strArr));
            }
            try {
                registerCertificate(strArr[i], str, str2);
                if (isDebug()) {
                    debug("registerCertificatefromFile", " registered for group:" + strArr[i]);
                }
            } catch (AlreadyExistsException e) {
                errorCollectionException.add(e);
            } catch (InvalidParameterException e2) {
                errorCollectionException.add(e2);
            }
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    public String[] getTrustGroups(String str) throws InvalidParameterException {
        validateAlias(str);
        List trustGroupList = getTrustGroupList(str);
        trustGroupList.remove(getRegistryDNName());
        return (String[]) trustGroupList.toArray(new String[0]);
    }

    private List getTrustGroupList(String str) {
        List generateGroupNameList = generateGroupNameList(this.certStore.getRegEntriesByRegistryPattern("*", normalizeAlias(str), 0));
        generateGroupNameList.remove(getRegistryDNName());
        return generateGroupNameList;
    }

    public void registerCertificate(String[] strArr, String str) throws NotFoundException, InvalidParameterException, ErrorCollectionException {
        validateAlias(str);
        validateGroups(strArr);
        Collection<WLSCertRegEntry> regEntriesByRegistryPattern = this.certStore.getRegEntriesByRegistryPattern("*", normalizeAlias(str), 0);
        List generateGroupNameList = generateGroupNameList(regEntriesByRegistryPattern);
        if (generateGroupNameList.size() == 0) {
            throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str));
        }
        X509Certificate certificate = getCertificate(regEntriesByRegistryPattern.iterator().next());
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(ProvidersLogger.getErrorsRegisterCertificate(arrayToString(strArr)));
        for (int i = 0; i < strArr.length; i++) {
            if (isDebug()) {
                debug("registerCertificate", "registering exist certificate:" + certificate + " with alias:" + str + " for " + arrayToString(strArr));
            }
            try {
                validateGroup(strArr[i]);
                if (generateGroupNameList.contains(normalizeGroup(strArr[i]))) {
                    errorCollectionException.add(new AlreadyExistsException(ProvidersLogger.getCertificateAliasAlreadyExistsInTrustGroup(strArr[i], str)));
                } else {
                    try {
                        registerCertificateAudit(strArr[i], normalizeAlias(str), certificate);
                        if (isDebug()) {
                            debug("registerCertificate", "registered cert with alias:" + str + " for " + strArr[i]);
                        }
                    } catch (Exception e) {
                        errorCollectionException.add(e);
                    }
                }
            } catch (InvalidParameterException e2) {
                errorCollectionException.add(e2);
            }
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    private void registerCertificateAudit(String str, String str2, X509Certificate x509Certificate) throws Exception {
        try {
            try {
                try {
                    try {
                        registerCertificateInternal(str, str2, x509Certificate);
                        if (1 == 0 || this.auditor == null) {
                            return;
                        }
                        auditMgmtEvent("registerCertificate", "<Trust group = " + str + "><Alias = " + str2 + ">", null);
                    } catch (RuntimeException e) {
                        throw e;
                    }
                } catch (InvalidParameterException e2) {
                    throw e2;
                }
            } catch (AlreadyExistsException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("registerCertificate", "<Trust group = " + str + "><Alias = " + str2 + ">", null);
            }
            throw th;
        }
    }

    public boolean isAliasRegistered(String str) throws InvalidParameterException {
        validateAlias(str);
        Collection<WLSCertRegEntry> regEntriesByRegistryPattern = this.certStore.getRegEntriesByRegistryPattern("*", normalizeAlias(str), 3);
        int size = regEntriesByRegistryPattern == null ? 0 : regEntriesByRegistryPattern.size();
        if (isDebug()) {
            debug("isAliasRegistered", "alias " + str + " registered at least: " + size + "times.");
        }
        return generateGroupNameList(regEntriesByRegistryPattern).size() > 0;
    }

    public void removeCertificate(String str) throws NotFoundException, InvalidParameterException {
        validateAlias(str);
        String normalizeAlias = normalizeAlias(str);
        if (isDebug()) {
            debug("removeCertificate", "alias = " + str);
        }
        List<String> trustGroupList = getTrustGroupList(normalizeAlias);
        if (trustGroupList.size() == 0) {
            throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str));
        }
        for (String str2 : trustGroupList) {
            if (isDebug()) {
                debug("removeCertificate", "unregistering trust group = " + str2 + "...");
            }
            try {
                unregisterCertificate(str2, normalizeAlias);
            } catch (NotFoundException e) {
                if (isDebug()) {
                    debug("removeCertificate", "alias= " + str + " not found in trust group: " + str2);
                }
            } catch (Exception e2) {
                handleUnexpectedException(e2);
            }
        }
    }

    private void unregisterCertificateNoAudit(String str, String str2) throws NotFoundException, InvalidParameterException {
        if (isDebug()) {
            debug("unregisterCertificate", "alias=" + str2);
        }
        validateAlias(str2);
        String normalizeAlias = normalizeAlias(str2);
        try {
            checkAliasExists(str, normalizeAlias);
            ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(getThumbprintMapKey(str));
            synchronized (thumbprintMap) {
                this.certStore.unregisterCertificate(str, normalizeAlias);
                if (thumbprintMap.isInitialized()) {
                    removeFromThumbprintMap(thumbprintMap, normalizeAlias);
                }
            }
            if (isDebug()) {
                debug("unregisterCertificate", "alias " + normalizeAlias + " and its certificate have been removed from the registry");
            }
        } catch (InvalidParameterException e) {
            throw e;
        } catch (NotFoundException e2) {
            throw e2;
        } catch (Throwable th) {
            handleUnexpectedException(th);
        }
    }

    public void unregisterCertificate(String[] strArr, String str) throws InvalidParameterException, ErrorCollectionException {
        validateAlias(str);
        validateGroups(strArr);
        String normalizeAlias = normalizeAlias(str);
        ErrorCollectionException errorCollectionException = new ErrorCollectionException();
        for (int i = 0; i < strArr.length; i++) {
            try {
                validateGroup(strArr[i]);
                String normalizeGroup = normalizeGroup(strArr[i]);
                checkGroupFound(normalizeGroup);
                checkAliasExists(normalizeGroup, normalizeAlias);
            } catch (InvalidParameterException e) {
                errorCollectionException.add(e);
            } catch (NotFoundException e2) {
                errorCollectionException.add(e2);
            }
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
        if (isDebug()) {
            debug("unregisterCertificate", "alias=" + str + "groups=" + arrayToString(strArr));
        }
        for (String str2 : strArr) {
            try {
                unregisterCertificate(str2, normalizeAlias);
            } catch (NotFoundException e3) {
                if (isDebug()) {
                    debug("unregisterCertificate", "alias=" + str + " not found in trust group=" + str2);
                }
            }
        }
    }

    private void unregisterCertificate(String str, String str2) throws NotFoundException, InvalidParameterException {
        validateGroup(str);
        String normalizeGroup = normalizeGroup(str);
        checkGroupFound(normalizeGroup);
        try {
            try {
                try {
                    unregisterCertificateNoAudit(normalizeGroup(normalizeGroup), str2);
                    if (1 == 0 || this.auditor == null) {
                        return;
                    }
                    auditMgmtEvent("unregisterCertificate", getRegistryDNName().equalsIgnoreCase(str) ? "<Alias = " + str2 + ">" : "<Trust group = " + str + " <Alias = " + str2 + ">", null);
                } catch (RuntimeException e) {
                    throw e;
                }
            } catch (InvalidParameterException e2) {
                throw e2;
            } catch (NotFoundException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("unregisterCertificate", getRegistryDNName().equalsIgnoreCase(str) ? "<Alias = " + str2 + ">" : "<Trust group = " + str + " <Alias = " + str2 + ">", null);
            }
            throw th;
        }
    }

    public void exportData(String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        if (isDebug()) {
            debug("exportData", "format=" + str + ", filename=" + str2 + ", constraints=" + properties);
        }
        if (GROUP_JKS_KEYSTORE_FORMAT.equals(str)) {
            exportDataGroupJKS(str, str2, properties);
        } else {
            if (!JKS_KEYSTORE_FORMAT.equals(str)) {
                throw new InvalidParameterException(SecurityLogger.getInvalidFormat(str));
            }
            exportDataJKS(getRegistryDNName(), str, str2, properties);
        }
    }

    private void exportDataGroupJKS(String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateFileName(str2);
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(new File(str2));
                exportDataToOutputStream(fileOutputStream, properties);
                closeStream(fileOutputStream);
            } catch (FileNotFoundException e) {
                throw new InvalidParameterException(SecurityLogger.getExportFileError(), e);
            }
        } catch (Throwable th) {
            closeStream(fileOutputStream);
            throw th;
        }
    }

    private void exportDataToOutputStream(FileOutputStream fileOutputStream, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        List<String> generateAllGroupNameList;
        ErrorCollectionException errorCollectionException = new ErrorCollectionException();
        String[] parseTrustGroupsConstraints = parseTrustGroupsConstraints(properties);
        if (parseTrustGroupsConstraints == null || parseTrustGroupsConstraints.length <= 0) {
            if (isDebug()) {
                debug("exportGroupJKS", "Null or empty group list, going to export all data.");
            }
            generateAllGroupNameList = generateAllGroupNameList(this.certStore.getRegEntriesByRegistryPattern("*", RESERVED_CERT_REG_GROUP, 0));
        } else {
            generateAllGroupNameList = new ArrayList();
            for (int i = 0; i < parseTrustGroupsConstraints.length; i++) {
                if (groupExists(parseTrustGroupsConstraints[i])) {
                    generateAllGroupNameList.add(parseTrustGroupsConstraints[i]);
                } else {
                    errorCollectionException.add(new NotFoundException(ProvidersLogger.getTrustGroupNotFound(parseTrustGroupsConstraints[i])));
                }
            }
            if (generateAllGroupNameList.isEmpty()) {
                if (isDebug()) {
                    debug("exportGroupJKS", "User wants to export: " + arrayToString(parseTrustGroupsConstraints) + " but none of them exits.");
                }
                throw errorCollectionException;
            }
        }
        ZipOutputStream zipOutputStream = null;
        try {
            zipOutputStream = new ZipOutputStream(fileOutputStream);
            for (String str : generateAllGroupNameList) {
                try {
                    if (isDebug()) {
                        debug("exportGroupJKS", "exporting group: " + str);
                    }
                    appendZipEntry(zipOutputStream, str);
                } catch (IOException e) {
                    errorCollectionException.add(e);
                }
            }
            try {
                zipOutputStream.flush();
                zipOutputStream.finish();
                zipOutputStream.close();
            } catch (Exception e2) {
                errorCollectionException.add(e2);
            }
            if (!errorCollectionException.isEmpty()) {
                throw errorCollectionException;
            }
        } catch (Throwable th) {
            try {
                zipOutputStream.flush();
                zipOutputStream.finish();
                zipOutputStream.close();
            } catch (Exception e3) {
                errorCollectionException.add(e3);
            }
            throw th;
        }
    }

    private List generateGroupNameList(Collection collection) {
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                String registryName = ((WLSCertRegEntry) it.next()).getRegistryName();
                if (!SAMLCertReg.equalsIgnoreCase(registryName) && !SAMLCertificateRegistry.equalsIgnoreCase(registryName)) {
                    arrayList.add(registryName);
                } else if (isDebug()) {
                    debug("generateGroupNameList", "ignore certificate found in " + registryName);
                }
            }
        }
        return arrayList;
    }

    private List generateAllGroupNameList(Collection collection) {
        List generateGroupNameList = generateGroupNameList(collection);
        generateGroupNameList.add(getRegistryDNName());
        return generateGroupNameList;
    }

    private void appendZipEntry(ZipOutputStream zipOutputStream, String str) throws InvalidParameterException, ErrorCollectionException, IOException {
        zipOutputStream.putNextEntry(new ZipEntry(str));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        exportData(str, byteArrayOutputStream);
        zipOutputStream.write(byteArrayOutputStream.toByteArray());
    }

    private void exportDataJKS(String str, String str2, String str3, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateFormat(str2);
        validateConstraints(properties);
        validateFileName(str3);
        try {
            exportData(str, new FileOutputStream(new File(str3)));
        } catch (FileNotFoundException e) {
            throw new InvalidParameterException(SecurityLogger.getExportFileError(), e);
        }
    }

    private void exportData(String str, OutputStream outputStream) throws InvalidParameterException, ErrorCollectionException {
        validateGroup(str);
        String normalizeGroup = normalizeGroup(str);
        checkGroupExists(normalizeGroup);
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance("JKS");
        } catch (Exception e) {
            handleUnexpectedException(e);
        }
        try {
            keyStore.load(null, null);
        } catch (Exception e2) {
            handleUnexpectedException(e2);
        }
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(SecurityLogger.getExportErrors());
        try {
            Collection<WLSCertRegEntry> regEntriesByAliasPattern = this.certStore.getRegEntriesByAliasPattern(normalizeGroup, "*", 0);
            if (regEntriesByAliasPattern != null) {
                for (WLSCertRegEntry wLSCertRegEntry : regEntriesByAliasPattern) {
                    String alias = getAlias(wLSCertRegEntry);
                    X509Certificate certificate = alias != null ? getCertificate(wLSCertRegEntry) : null;
                    if (isDebug()) {
                        debug("exportData", "export trust group=" + str + " alias=" + alias + " cert=" + certificate);
                    }
                    if (alias != null && certificate != null) {
                        try {
                            keyStore.setCertificateEntry(alias, certificate);
                            if (isDebug()) {
                                debug("exportData", "exported  alias=" + alias);
                            }
                        } catch (KeyStoreException e3) {
                            errorCollectionException.add(e3);
                        }
                    }
                }
            }
        } catch (Throwable th) {
            handleUnexpectedException(th);
        }
        try {
            try {
                keyStore.store(outputStream, KEYSTORE_PASSWORD);
                closeStream(outputStream);
            } catch (Throwable th2) {
                closeStream(outputStream);
                throw th2;
            }
        } catch (Exception e4) {
            handleUnexpectedException(e4);
            closeStream(outputStream);
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    public void registerCertificate(String str, String str2, X509Certificate x509Certificate) throws InvalidParameterException, ErrorCollectionException {
        if (str2 == null || str2.length() == 0 || x509Certificate == null) {
            throw new InvalidParameterException("Import Certificate Invalid Parameter Exception, either alias or certificate is null");
        }
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(SecurityLogger.getImportErrors());
        try {
            try {
                registerCertificateInternal(str, str2, x509Certificate);
            } catch (AlreadyExistsException e) {
                errorCollectionException.add(e);
            } catch (InvalidParameterException e2) {
                errorCollectionException.add(e2);
            }
        } catch (Exception e3) {
            handleUnexpectedException(e3);
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    private void importDataNoAudit(String str, InputStream inputStream) throws InvalidParameterException, ErrorCollectionException {
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance("JKS");
        } catch (Exception e) {
            handleUnexpectedException(e);
        }
        try {
            try {
                keyStore.load(inputStream, null);
                closeStream(inputStream);
            } catch (Exception e2) {
                handleUnexpectedException(e2);
                closeStream(inputStream);
            }
            ErrorCollectionException errorCollectionException = new ErrorCollectionException(SecurityLogger.getImportErrors());
            try {
                ArrayList arrayList = new ArrayList();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    if (isDebug()) {
                        debug("importDataNoAudit", " trust group=" + str + " alias=" + nextElement + " cert=" + x509Certificate);
                    }
                    if (x509Certificate != null) {
                        try {
                            arrayList.add(prepareForRegistery(str, nextElement, x509Certificate));
                            if (isDebug()) {
                                debug("importDataNoAudit", " imported alias: " + nextElement);
                            }
                        } catch (Exception e3) {
                            errorCollectionException.add(e3);
                        }
                    }
                }
                Collection<WLSCertRegEntry> registerCertificate = this.certStore.registerCertificate(str, arrayList, errorCollectionException);
                ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(getThumbprintMapKey(str));
                synchronized (thumbprintMap) {
                    if (thumbprintMap.isInitialized()) {
                        for (WLSCertRegEntry wLSCertRegEntry : registerCertificate) {
                            putToThumbprintMap(thumbprintMap, wLSCertRegEntry.getUserCertificate(), wLSCertRegEntry.getCn());
                        }
                    }
                }
            } catch (KeyStoreException e4) {
                handleUnexpectedException(e4);
            }
            if (!errorCollectionException.isEmpty()) {
                throw errorCollectionException;
            }
        } catch (Throwable th) {
            closeStream(inputStream);
            throw th;
        }
    }

    public void importData(String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        if (isDebug()) {
            debug("importData", "format=" + str + ", filename=" + str2 + ", constraints=" + properties);
        }
        try {
            try {
                try {
                    if (GROUP_JKS_KEYSTORE_FORMAT.equals(str)) {
                        importDataGroupJKS(str2, properties);
                    } else {
                        if (!JKS_KEYSTORE_FORMAT.equals(str)) {
                            throw new InvalidParameterException(SecurityLogger.getInvalidFormat(str));
                        }
                        importDataJKS(getRegistryDNName(), str2, properties);
                    }
                } catch (ErrorCollectionException e) {
                    throw e;
                }
            } catch (RuntimeException e2) {
                throw e2;
            } catch (InvalidParameterException e3) {
                throw e3;
            }
        } finally {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("importData", "<Format = " + str + "><File Name = " + str2 + "><Constraints = " + properties + ">", null);
            }
        }
    }

    private boolean importGroup(ZipFile zipFile, String str) throws Exception {
        ZipEntry entry = zipFile.getEntry(str);
        if (entry == null) {
            return false;
        }
        InputStream inputStream = zipFile.getInputStream(entry);
        if (!getRegistryDNName().equals(str) && !groupExists(str)) {
            createTrustGroup(str);
        }
        importDataNoAudit(str, inputStream);
        return true;
    }

    private List getGroupsFromZipFile(ZipFile zipFile) throws InvalidParameterException {
        Enumeration<? extends ZipEntry> entries = zipFile.entries();
        if (entries == null) {
            throw new InvalidParameterException(SecurityLogger.getImportFileError());
        }
        ArrayList arrayList = new ArrayList();
        if (isDebug()) {
            debug("getGroupsFromZipFile", "Groups in the given import file: ");
        }
        while (entries.hasMoreElements()) {
            String name = entries.nextElement().getName();
            if (isDebug()) {
                debug("getGroupsFromZipFile", name);
            }
            arrayList.add(name);
        }
        if (arrayList.isEmpty()) {
            throw new InvalidParameterException(SecurityLogger.getImportFileError());
        }
        return arrayList;
    }

    private String[] parseTrustGroupsConstraints(Properties properties) throws InvalidParameterException {
        if (properties != null && !properties.isEmpty()) {
            if (!properties.containsKey(ContextElementDictionary.TRUST_GROUPS)) {
                throw new InvalidParameterException(SecurityLogger.getInvalidConstraints());
            }
            String property = properties.getProperty(ContextElementDictionary.TRUST_GROUPS);
            r6 = property != null ? property.split(",") : null;
            if (r6 != null) {
                for (String str : r6) {
                    try {
                        validateGroup(str);
                    } catch (InvalidParameterException e) {
                        throw new InvalidParameterException(SecurityLogger.getInvalidConstraints());
                    }
                }
            }
        }
        return r6;
    }

    private void importDataGroupJKS(String str, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateFileName(str);
        String[] parseTrustGroupsConstraints = parseTrustGroupsConstraints(properties);
        ZipFile zipFile = null;
        try {
            try {
                zipFile = new ZipFile(str);
                importDataFromZipFile(zipFile, parseTrustGroupsConstraints);
                if (zipFile != null) {
                    try {
                        zipFile.close();
                    } catch (IOException e) {
                    }
                }
            } catch (IOException e2) {
                throw new InvalidParameterException(SecurityLogger.getImportFileError(), e2);
            }
        } catch (Throwable th) {
            if (zipFile != null) {
                try {
                    zipFile.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    private void importDataFromZipFile(ZipFile zipFile, String[] strArr) throws InvalidParameterException, ErrorCollectionException {
        List<String> list;
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(SecurityLogger.getImportErrors());
        List groupsFromZipFile = getGroupsFromZipFile(zipFile);
        if (strArr == null || strArr.length == 0) {
            if (isDebug()) {
                debug("importDataFromZipFile", "Null or empty group list, going to import all data.");
            }
            list = groupsFromZipFile;
        } else {
            list = new ArrayList();
            for (int i = 0; i < strArr.length; i++) {
                if (groupsFromZipFile.contains(strArr[i])) {
                    list.add(strArr[i]);
                } else {
                    if (isDebug()) {
                        debug("importDataFromZipFile", "User wants to import group:" + strArr[i] + " but it does not exist in the given file.");
                    }
                    errorCollectionException.add(new InvalidParameterException(ProvidersLogger.getGroupNotInImportFileError(strArr[i], zipFile.getName())));
                }
            }
            if (list.isEmpty()) {
                throw errorCollectionException;
            }
        }
        for (String str : list) {
            if (str == null || str.trim().length() == 0) {
                errorCollectionException.add(new InvalidParameterException(ProvidersLogger.getEmptyOrNullTrustGroup()));
            }
            try {
                if (isDebug()) {
                    debug("importDataFromZipFile", "importing group: " + str);
                }
                if (!importGroup(zipFile, str)) {
                    errorCollectionException.add(new NotFoundException(ProvidersLogger.getGroupNotInImportFileError(str, zipFile.getName())));
                }
            } catch (ErrorCollectionException e) {
                Collection exceptions = e.getExceptions();
                if (exceptions != null && exceptions.size() > 0) {
                    Iterator it = exceptions.iterator();
                    while (it.hasNext()) {
                        errorCollectionException.add((Throwable) it.next());
                    }
                }
            } catch (Exception e2) {
                errorCollectionException.add(e2);
            }
        }
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    private void importDataJKS(String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateConstraints(properties);
        validateFileName(str2);
        File file = new File(str2);
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                importDataNoAudit(str, fileInputStream);
                closeStream(fileInputStream);
            } catch (Throwable th) {
                closeStream(fileInputStream);
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new InvalidParameterException(SecurityLogger.getUnableToReadFile(getFullPathName(file)));
        }
    }

    public void copyToPEM(String str, String str2, String str3) throws InvalidParameterException, NotFoundException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        copyToPEMInternal(normalizeGroup(str), str2, str3);
    }

    private void copyToPEMInternal(String str, String str2, String str3) throws InvalidParameterException, NotFoundException {
        if (isDebug()) {
            debug("copyToPEM", "alias=" + str2 + ", filename=" + str3);
        }
        validateFileName(str3);
        X509Certificate certificateFromAliasInternal = getCertificateFromAliasInternal(str, str2);
        if (certificateFromAliasInternal == null) {
            throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str2));
        }
        File file = new File(str3);
        try {
            PrintStream printStream = new PrintStream(new FileOutputStream(file));
            try {
                printStream.print(getPEM(certificateFromAliasInternal));
                closeStream(printStream);
            } catch (Throwable th) {
                closeStream(printStream);
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new InvalidParameterException(SecurityLogger.getUnableToWriteFileError(getFullPathName(file)), e);
        }
    }

    public void copyToDER(String str, String str2, String str3) throws InvalidParameterException, NotFoundException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        copyToDERInternal(normalizeGroup(str), str2, str3);
    }

    /* JADX WARN: Finally extract failed */
    private void copyToDERInternal(String str, String str2, String str3) throws InvalidParameterException, NotFoundException {
        if (isDebug()) {
            debug("copyToDER", "alias=" + str2 + ", filename=" + str3);
        }
        validateFileName(str3);
        X509Certificate certificateFromAliasInternal = getCertificateFromAliasInternal(str, str2);
        if (certificateFromAliasInternal == null) {
            throw new NotFoundException(SecurityLogger.getCertificateAliasNotFound(str2));
        }
        File file = new File(str3);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                try {
                    fileOutputStream.write(getDER(certificateFromAliasInternal));
                } catch (IOException e) {
                    handleUnexpectedException(e);
                }
                closeStream(fileOutputStream);
            } catch (Throwable th) {
                closeStream(fileOutputStream);
                throw th;
            }
        } catch (FileNotFoundException e2) {
            throw new InvalidParameterException(SecurityLogger.getUnableToWriteFileError(getFullPathName(file)), e2);
        }
    }

    public String listAliasesByGroup(String str, String str2, int i) throws InvalidParameterException, InvalidCursorException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        if (isDebug()) {
            debug("listAliasesByGroup", "aliasWildcard=" + str2 + ", maxToReturn=" + i);
        }
        String listAliases = listAliases(this.listerManager, normalizeGroup(str), str2, i);
        if (isDebug()) {
            debug("listAliasesByGroup", "returning " + listAliases);
        }
        return listAliases;
    }

    protected List searchCertificatesByAliasFilter(String str, String str2, int i) {
        Collection<WLSCertRegEntry> regEntriesByAliasPattern = this.certStore.getRegEntriesByAliasPattern(str, str2, i);
        if (regEntriesByAliasPattern == null || regEntriesByAliasPattern.size() <= 0) {
            return null;
        }
        return new ArrayList(regEntriesByAliasPattern);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List searchCertificatesByAliasFilter(String str, int i) {
        return searchCertificatesByAliasFilter(getRegistryDNName(), str, i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String listAliases(BusinessObjectListerManager businessObjectListerManager, String str, int i) throws InvalidParameterException, InvalidCursorException {
        return listAliases(businessObjectListerManager, getRegistryDNName(), str, i);
    }

    protected String listAliases(BusinessObjectListerManager businessObjectListerManager, String str, String str2, int i) throws InvalidParameterException, InvalidCursorException {
        if (str2 == null || str2.length() < 1) {
            throw new InvalidParameterException(SecurityLogger.getEmptyOrNullCertificateAliasWildcard());
        }
        if (i < 0) {
            throw new InvalidParameterException(SecurityLogger.getMaximumToReturnCanNotBeLessThanZero());
        }
        return businessObjectListerManager.addLister(generateNameList(this.certStore.getRegEntriesByAliasPattern(str, str2, i)), i);
    }

    public boolean haveCurrent(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("", "cursor=" + str);
        }
        boolean haveCurrent = ListerManager.haveCurrent(str);
        if (isDebug()) {
            debug("", "returning " + haveCurrent);
        }
        return haveCurrent;
    }

    public String getCurrentName(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("getCurrentName", "cursor=" + str);
        }
        String str2 = (String) this.listerManager.getCurrentBusinessObject(str);
        if (isDebug()) {
            debug("getCurrentName", "returning " + str2);
        }
        return str2;
    }

    public void advance(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("", "cursor=" + str);
        }
        ListerManager.advance(str);
    }

    public void close(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("close", "cursor=" + str);
        }
        ListerManager.close(str);
    }

    private static List generateNameList(Collection collection) {
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                String cn = ((WLSCertRegEntry) it.next()).getCn();
                if (!RESERVED_CERT_REG_GROUP.equalsIgnoreCase(cn)) {
                    arrayList.add(cn);
                }
            }
        }
        return arrayList;
    }

    public static String getSubjectKeyIdentifierString(byte[] bArr) {
        if (bArr == null || bArr.length < 1) {
            return null;
        }
        return new BASE64Encoder().encodeBuffer(bArr);
    }

    private String normalizeOrDefaultGroup(String str) {
        return str == null ? "" : getRegistryDNName().equalsIgnoreCase(str) ? getRegistryDNName() : normalizeGroup(str);
    }

    public X509Certificate getCertificateFromSubjectDN(String str, String str2) {
        try {
            return getCertificate(this.certStore.getRegEntryBySubjectDN(normalizeOrDefaultGroup(str), normalizeDN(str2)));
        } catch (Exception e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    public X509Certificate getCertificateFromIssuerDNAndSerialNumber(String str, String str2, BigInteger bigInteger) {
        try {
            return getCertificate(this.certStore.getRegEntryByIssuerDN(normalizeOrDefaultGroup(str == null ? getRegistryDNName() : normalizeGroup(str)), normalizeDN(str2), bigInteger.toString()));
        } catch (Exception e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    public X509Certificate getCertificateFromSubjectKeyIdentifierString(String str, String str2) {
        try {
            return getCertificate(this.certStore.getRegEntryBySubjectKeyId(normalizeOrDefaultGroup(str), str2));
        } catch (Exception e) {
            handleUnexpectedException(e);
            return null;
        }
    }

    public X509Certificate getCertificateFromThumbprint(String str) {
        return getCertificateFromThumbprint(getRegistryDNName(), str);
    }

    public X509Certificate getCertificateFromThumbprint(String str, String str2) {
        String normalizeOrDefaultGroup = normalizeOrDefaultGroup(str);
        initializeThumbprintMap(normalizeOrDefaultGroup);
        String fromThumbprintMap = getFromThumbprintMap(normalizeOrDefaultGroup, str2);
        if (isDebug()) {
            debug("getCertificateFromThumbprint", " trust group=" + str + " thumbprint= " + str2 + " alias=" + fromThumbprintMap);
        }
        if (fromThumbprintMap == null) {
            return null;
        }
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = getCertificate(this.certStore.getRegEntryByAlias(normalizeOrDefaultGroup, fromThumbprintMap));
        } catch (Exception e) {
            handleUnexpectedException(e);
        }
        return x509Certificate;
    }

    protected abstract String getRegistryDNName();

    protected abstract String getBaseAuditEventType();

    protected abstract String getDebugLogName();

    protected boolean ignoreCertPathValidators() {
        return false;
    }

    private void auditMgmtEvent(String str, String str2, Exception exc) {
        if (this.auditor == null) {
            return;
        }
        this.auditor.providerAuditWriteEvent(new CertRegAuditMgmtEvent(constructEventType(str), str2, exc));
    }

    private String constructEventType(String str) {
        return getBaseAuditEventType() + " " + str;
    }

    protected CertRegLDAPDelegate() {
        this.log = null;
        this.storeService = null;
        this.listerManager = new BusinessObjectListerManager();
        this.thumbprintMapKeyMap = new HashMap();
    }

    public void initialize(ProviderMBean providerMBean, SecurityServices securityServices) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertRegLDAPDelegate(ProviderMBean providerMBean, SecurityServices securityServices) {
        this.log = null;
        this.storeService = null;
        this.listerManager = new BusinessObjectListerManager();
        this.thumbprintMapKeyMap = new HashMap();
        this.log = ((ExtendedSecurityServices) securityServices).getLogger(getDebugLogName());
        this.realmName = providerMBean.getRealm().getName();
        this.domainName = Utils.getDomainName(securityServices);
        this.storeService = Utils.getStoreService(securityServices);
        this.certStore = new StoreServiceBasedCertRegStore(this.domainName, this.realmName, this.storeService, this.log);
        this.auditor = securityServices.getAuditorService();
        if (isDebug()) {
            debug(JamXmlElements.CONSTRUCTOR, "succeeded.  Delegate = " + this);
        }
    }

    public void shutdown() {
        clearThumbprintMap();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ThumbprintMapKey getThumbprintMapKey(String str) {
        ThumbprintMapKey thumbprintMapKey;
        synchronized (this.thumbprintMapKeyMap) {
            ThumbprintMapKey thumbprintMapKey2 = (ThumbprintMapKey) this.thumbprintMapKeyMap.get(str);
            if (thumbprintMapKey2 == null) {
                thumbprintMapKey2 = new ThumbprintMapKey(this.domainName, this.realmName, str);
                this.thumbprintMapKeyMap.put(str, thumbprintMapKey2);
            }
            thumbprintMapKey = thumbprintMapKey2;
        }
        return thumbprintMapKey;
    }

    private void initializeThumbprintMap(String str) {
        ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(getThumbprintMapKey(str));
        synchronized (thumbprintMap) {
            if (thumbprintMap.isInitialized()) {
                return;
            }
            this.log.info("initializing Thumbprint Map...");
            Date date = new Date();
            Collection<WLSCertRegEntry> regEntriesByAliasPattern = this.certStore.getRegEntriesByAliasPattern(str, "*", 0);
            if (isDebug()) {
                this.log.debug("Time to retrieve " + (regEntriesByAliasPattern == null ? 0 : regEntriesByAliasPattern.size()) + " certificates from the store: " + (new Date().getTime() - date.getTime()));
            }
            thumbprintMap.setInitialized(true);
            if (this.storeService != null) {
                this.storeService.addRemoteCommitListener(com.bea.common.security.store.data.WLSCertRegEntry.class, new ThumbprintRemoteCommitListener());
            }
            if (regEntriesByAliasPattern == null || regEntriesByAliasPattern.isEmpty()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Thumbprint Map for trust group " + str + " initialized -#count: 0");
                }
                this.log.info("Thumbprint Map initialized -#count: 0");
                return;
            }
            Date date2 = new Date();
            Iterator<WLSCertRegEntry> it = regEntriesByAliasPattern.iterator();
            while (it.hasNext()) {
                putToThumbprintMap(thumbprintMap, it.next());
            }
            if (isDebug()) {
                this.log.debug("Time to generate " + regEntriesByAliasPattern.size() + " thumbprints: " + (new Date().getTime() - date2.getTime()));
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("Thumbprint Map for trust group " + str + " initialized -#count:" + thumbprintMap.size());
            }
            this.log.info("Thumbprint Map initialized -#count:" + thumbprintMap.size());
        }
    }

    private void clearThumbprintMap() {
        this.log.info("clearing Thumbprint Map...");
        ThumbprintMapFactory.clearThumbprintMaps();
        this.log.info("Thumbprint Map cleared.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean putToThumbprintMap(HashMap hashMap, WLSCertRegEntry wLSCertRegEntry) {
        boolean z = false;
        if (wLSCertRegEntry == null) {
            return false;
        }
        try {
            String alias = getAlias(wLSCertRegEntry);
            X509Certificate certificate = getCertificate(wLSCertRegEntry);
            if (alias == null || certificate == null) {
                this.log.error("alias or certificate retrieved from WLSCertRegEntry is null");
            } else {
                hashMap.put(WSSThumbprint.generateThumbprint(certificate), alias);
                z = true;
            }
        } catch (Throwable th) {
            this.log.error("Failed to generate thumbprint from WLSCertRegEntry: " + th.getMessage(), th);
        }
        return z;
    }

    private boolean putToThumbprintMap(HashMap hashMap, byte[] bArr, String str) {
        boolean z = false;
        try {
            hashMap.put(WSSThumbprint.generateThumbprint(bArr), str);
            z = true;
            if (isDebug()) {
                this.log.debug("Put to Thumbprint Map - alias: " + str + " # map count: " + hashMap.size());
            }
        } catch (Exception e) {
            this.log.error("Failed to generate thumbprint for certificate with alias: " + str, e);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean removeFromThumbprintMap(HashMap hashMap, String str) {
        boolean remove = hashMap.values().remove(str);
        if (isDebug()) {
            this.log.debug((remove ? "Removed from" : "Not found in") + " the Thumbprint Map - alias: " + str + " #map count: " + hashMap.size());
        }
        return remove;
    }

    private String getFromThumbprintMap(String str, String str2) {
        String str3 = null;
        ThumbprintMap thumbprintMap = ThumbprintMapFactory.getThumbprintMap(getThumbprintMapKey(str));
        synchronized (thumbprintMap) {
            if (thumbprintMap.isInitialized()) {
                str3 = (String) thumbprintMap.get(str2);
            }
        }
        return str3;
    }

    public void registerCertificate(String str, String str2) throws AlreadyExistsException, InvalidParameterException {
        registerCertificate(getRegistryDNName(), str, str2);
    }

    public void registerCertificate(String str, X509Certificate x509Certificate) throws InvalidParameterException, ErrorCollectionException {
        registerCertificate(getRegistryDNName(), str, x509Certificate);
    }

    public void unregisterCertificate(String str) throws NotFoundException, InvalidParameterException {
        unregisterCertificate(getRegistryDNName(), str);
    }

    public String listAliases(String str, int i) throws InvalidParameterException, InvalidCursorException {
        if (isDebug()) {
            debug("listAliases", "aliasWildcard=" + str + ", maxToReturn=" + i);
        }
        String listAliases = listAliases(this.listerManager, getRegistryDNName(), str, i);
        if (isDebug()) {
            debug("listAliases", "returning " + listAliases);
        }
        return listAliases;
    }

    public X509Certificate getCertificateFromAlias(String str) throws NotFoundException, InvalidParameterException {
        return getCertificateFromAliasInternal(getRegistryDNName(), str);
    }

    public boolean aliasExists(String str) throws InvalidParameterException {
        validateAlias(str);
        boolean z = false;
        try {
            z = aliasExistsInternal(getRegistryDNName(), normalizeAlias(str));
        } catch (Exception e) {
            handleUnexpectedException(e);
        }
        return z;
    }

    public void copyToPEM(String str, String str2) throws InvalidParameterException, NotFoundException {
        copyToPEMInternal(getRegistryDNName(), str, str2);
    }

    public void copyToDER(String str, String str2) throws InvalidParameterException, NotFoundException {
        copyToDERInternal(getRegistryDNName(), str, str2);
    }

    public X509Certificate getCertificateFromSubjectDN(String str) {
        return getCertificateFromSubjectDN(getRegistryDNName(), str);
    }

    public X509Certificate getCertificateFromIssuerDNAndSerialNumber(String str, BigInteger bigInteger) {
        return getCertificateFromIssuerDNAndSerialNumber(getRegistryDNName(), str, bigInteger);
    }

    public X509Certificate getCertificateFromSubjectKeyIdentifierString(String str) {
        return getCertificateFromSubjectKeyIdentifierString(getRegistryDNName(), str);
    }

    public void createTrustGroup(String str) throws AlreadyExistsException, InvalidParameterException {
        checkTrustGroupNameReserved(str);
        try {
            try {
                registerGroupNoAudit(str);
                if (1 == 0 || this.auditor == null) {
                    return;
                }
                auditMgmtEvent("registerGroup", "<Trust group = " + str + ">", null);
            } catch (RuntimeException e) {
                throw e;
            } catch (AlreadyExistsException e2) {
                throw e2;
            } catch (InvalidParameterException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("registerGroup", "<Trust group = " + str + ">", null);
            }
            throw th;
        }
    }

    public String listGroups(String str, int i) throws InvalidCursorException, InvalidParameterException {
        if (isDebug()) {
            debug("listGroups", "aliasWildcard=" + str + ", maxToReturn=" + i);
        }
        String listGroups = listGroups(this.listerManager, str, i);
        if (isDebug()) {
            debug("listGroups", "returning " + listGroups);
        }
        return listGroups;
    }

    protected String listGroups(BusinessObjectListerManager businessObjectListerManager, String str, int i) throws InvalidParameterException, InvalidCursorException {
        if (str == null || str.length() < 1) {
            throw new InvalidParameterException(ProvidersLogger.getEmptyOrNullTrustGroupWildcard());
        }
        if (i < 0) {
            throw new InvalidParameterException(SecurityLogger.getMaximumToReturnCanNotBeLessThanZero());
        }
        List generateGroupNameList = generateGroupNameList(this.certStore.getRegEntriesByRegistryPattern(str, RESERVED_CERT_REG_GROUP, i));
        generateGroupNameList.remove(getRegistryDNName());
        return businessObjectListerManager.addLister(generateGroupNameList, i);
    }

    public boolean groupExists(String str) throws InvalidParameterException {
        return aliasExists(str, RESERVED_CERT_REG_GROUP);
    }

    public void removeTrustGroup(String str) throws NotFoundException, InvalidParameterException {
        checkTrustGroupNameReserved(str);
        try {
            try {
                try {
                    unregisterGroupNoAudit(str);
                    if (1 == 0 || this.auditor == null) {
                        return;
                    }
                    auditMgmtEvent("unRegisterGroup", "<Trust group = " + str + ">", null);
                } catch (NotFoundException e) {
                    throw e;
                }
            } catch (RuntimeException e2) {
                throw e2;
            } catch (InvalidParameterException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (1 != 0 && this.auditor != null) {
                auditMgmtEvent("unRegisterGroup", "<Trust group = " + str + ">", null);
            }
            throw th;
        }
    }

    private void checkGroupExists(String str) throws InvalidParameterException {
        if (getRegistryDNName().equalsIgnoreCase(str) || aliasExistsInternal(str, RESERVED_CERT_REG_GROUP)) {
            return;
        }
        if (isDebug()) {
            debug("checkGroupExists", "group " + str + " already exists");
        }
        throw new InvalidParameterException(ProvidersLogger.getTrustGroupNotFound(str));
    }

    private void checkGroupFound(String str) throws NotFoundException {
        if (getRegistryDNName().equalsIgnoreCase(str) || aliasExistsInternal(str, RESERVED_CERT_REG_GROUP)) {
            return;
        }
        if (isDebug()) {
            debug("checkGroupFound", "group " + str + " already exists");
        }
        throw new NotFoundException(ProvidersLogger.getTrustGroupNotFound(str));
    }

    private void unregisterGroupNoAudit(String str) throws NotFoundException, InvalidParameterException {
        if (isDebug()) {
            debug("unRegisterGroup", "group=" + str);
        }
        validateGroup(str);
        String normalizeGroup = normalizeGroup(str);
        try {
            checkGroupFound(normalizeGroup);
            this.certStore.unregisterGroup(normalizeGroup);
            if (isDebug()) {
                debug("unRegisterGroup", "group " + normalizeGroup + " and its certificates have been removed from the registry");
            }
        } catch (InvalidParameterException e) {
            throw e;
        } catch (NotFoundException e2) {
            throw e2;
        } catch (Throwable th) {
            handleUnexpectedException(th);
        }
    }

    public void copyFromJKS(String str, String str2) throws NotFoundException, InvalidParameterException, ErrorCollectionException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        validateFileName(str2);
        checkGroupFound(normalizeGroup(str));
        importDataJKS(normalizeGroup(str), str2, null);
    }

    public void copyToJKS(String str, String str2) throws NotFoundException, InvalidParameterException, ErrorCollectionException {
        validateGroup(str);
        checkTrustGroupNameReserved(str);
        validateFileName(str2);
        checkGroupFound(normalizeGroup(str));
        exportDataJKS(normalizeGroup(str), JKS_KEYSTORE_FORMAT, str2, null);
    }
}
