package com.ibm.ws.ssl.config;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.security.certclient.util.PkNewCertificate;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/ssl/config/EncodedCertificateInfo.class */
public class EncodedCertificateInfo implements Serializable {
    private static final TraceComponent tc = Tr.register((Class<?>) EncodedCertificateInfo.class, "SSL", "com.ibm.ws.ssl.resources.ssl");
    private static final int VERSION_1 = 1;
    private transient PrivateKey privateKey = null;
    private transient X509Certificate[] certChain = null;
    private int _version = 1;
    private String privateKeyAlgorithm = null;
    private String privateKeyFormat = null;
    private byte[] privateKeyBytes = null;
    byte[][] cert_bytes = (byte[][]) null;

    public EncodedCertificateInfo(PkNewCertificate pkNewCertificate) {
        prepare_for_certificate_encoding(pkNewCertificate);
    }

    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    private void prepare_for_certificate_encoding(PkNewCertificate pkNewCertificate) {
        try {
            this.privateKey = pkNewCertificate.getKey();
            this.certChain = pkNewCertificate.getCertificateChain();
            this.privateKeyAlgorithm = this.privateKey.getAlgorithm();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Writing key algorithm: " + this.privateKeyAlgorithm);
            }
            this.privateKeyFormat = this.privateKey.getFormat();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Writing key format: " + this.privateKeyFormat);
            }
            this.privateKeyBytes = this.privateKey.getEncoded();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Writing key bytes: " + this.privateKeyBytes);
            }
            int length = this.certChain.length;
            this.cert_bytes = new byte[length];
            for (int i = 0; i < length; i++) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Writing certificate " + (i + 1) + " of " + length);
                }
                this.cert_bytes[i] = this.certChain[i].getEncoded();
            }
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.EncodedCertificateInfo.prepare_for_certificate_encoding", "103", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception encoding certificate chain: ", new Object[]{e});
            }
        }
    }

    public X509Certificate[] getX509CertificateChain() {
        if (this.certChain == null && this.cert_bytes != null) {
            try {
                this.certChain = new X509Certificate[this.cert_bytes.length];
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (int i = 0; i < this.cert_bytes.length; i++) {
                    this.certChain[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.cert_bytes[i]));
                }
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.EncodedCertificateInfo.getX509CertificateChain", "131", this);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception obtaining X509Certificate from byte[]: ", new Object[]{e});
                }
            }
        }
        return this.certChain;
    }

    public String getKeyAlgorithm() {
        getDecodedPrivateKeyInfo();
        return this.privateKeyAlgorithm;
    }

    public String getKeyFormat() {
        getDecodedPrivateKeyInfo();
        return this.privateKeyFormat;
    }

    public Key getKey() {
        getDecodedPrivateKeyInfo();
        return this.privateKey;
    }

    private void getDecodedPrivateKeyInfo() {
        if (this.privateKey != null || this.privateKeyBytes == null) {
            return;
        }
        try {
            this.privateKey = KeyFactory.getInstance(this.privateKeyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(this.privateKeyBytes));
            this.privateKeyAlgorithm = this.privateKey.getAlgorithm();
            this.privateKeyFormat = this.privateKey.getFormat();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.EncodedCertificateInfo.getKey", "183", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception obtaining PrivateKey from byte[]: ", new Object[]{e});
            }
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("\n\nEncodedCertificateInfo: ");
        stringBuffer.append("\nPrivateKey algorithm: ");
        stringBuffer.append(getKeyAlgorithm());
        stringBuffer.append("\nPrivateKey format: ");
        stringBuffer.append(getKeyFormat());
        X509Certificate[] x509CertificateChain = getX509CertificateChain();
        for (int i = 0; i < x509CertificateChain.length; i++) {
            stringBuffer.append("\nCertificate[" + i + "]: ");
            stringBuffer.append(x509CertificateChain[i]);
        }
        return stringBuffer.toString();
    }

    public byte[] getBytes() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getBytes");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
        byte[] bArr = null;
        try {
            new ObjectOutputStream(byteArrayOutputStream).writeObject(this);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.ssl.config.EncodedCertificateInfo.getBytes", "231", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to serialize personal certificate.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getBytes");
        }
        return bArr;
    }

    public static EncodedCertificateInfo createFromBytes(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createFromBytes", bArr);
        }
        EncodedCertificateInfo encodedCertificateInfo = null;
        try {
            encodedCertificateInfo = (EncodedCertificateInfo) new ObjectInputStream(new ByteArrayInputStream(bArr)).readObject();
        } catch (Exception e) {
            Manager.Ffdc.log(e, EncodedCertificateInfo.class, "com.ibm.ws.ssl.config.EncodedCertificateInfo.getBytes", "256");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to deserialize personal certificate.", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createFromBytes", encodedCertificateInfo);
        }
        return encodedCertificateInfo;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "writeObject", objectOutputStream);
        }
        ObjectOutputStream.PutField putFields = objectOutputStream.putFields();
        putFields.put("_version", this._version);
        putFields.put("privateKeyAlgorithm", this.privateKeyAlgorithm);
        putFields.put("privateKeyFormat", this.privateKeyFormat);
        putFields.put("privateKeyBytes", this.privateKeyBytes);
        putFields.put("cert_bytes", this.cert_bytes);
        objectOutputStream.writeFields();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "writeObject");
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "readObject", objectInputStream);
        }
        ObjectInputStream.GetField readFields = objectInputStream.readFields();
        this._version = readFields.get("_version", 1);
        this.privateKeyAlgorithm = (String) readFields.get("privateKeyAlgorithm", (Object) null);
        this.privateKeyFormat = (String) readFields.get("privateKeyFormat", (Object) null);
        this.privateKeyBytes = (byte[]) readFields.get("privateKeyBytes", (Object) null);
        this.cert_bytes = (byte[][]) readFields.get("cert_bytes", (Object) null);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "readObject");
        }
    }
}
