package org.jboss.security.plugins;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.StringTokenizer;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.management.ObjectName;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.SecurityDomain;
import org.jboss.security.Util;
import org.jboss.security.auth.callback.SecurityAssociationHandler;

/* loaded from: input_file:org/jboss/security/plugins/JaasSecurityDomain.class */
public class JaasSecurityDomain extends JaasSecurityManager implements SecurityDomain, JaasSecurityDomainMBean {
    private static final RuntimePermission encodePermission = new RuntimePermission("org.jboss.security.plugins.JaasSecurityDomain.encode");
    private static final RuntimePermission decodePermission = new RuntimePermission("org.jboss.security.plugins.JaasSecurityDomain.decode");
    private KeyStore keyStore;
    private KeyManagerFactory keyMgr;
    private String keyStoreType;
    private URL keyStoreURL;
    private char[] keyStorePassword;
    private String keyStorePasswordCmd;
    private String keyStorePasswordCmdType;
    private SecretKey cipherKey;
    private String cipherAlgorithm;
    private byte[] salt;
    private int iterationCount;
    private PBEParameterSpec cipherSpec;
    private ObjectName managerServiceName;
    private KeyStore trustStore;
    private String trustStoreType;
    private char[] trustStorePassword;
    private URL trustStoreURL;
    private TrustManagerFactory trustMgr;
    static Class class$java$lang$String;

    public JaasSecurityDomain() {
        this.keyStoreType = "JKS";
        this.cipherAlgorithm = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 2, 3, 4, 5, 6, 7, 8};
        this.iterationCount = 103;
        this.managerServiceName = JaasSecurityManagerServiceMBean.OBJECT_NAME;
        this.trustStoreType = "JKS";
    }

    public JaasSecurityDomain(String str) {
        this(str, new SecurityAssociationHandler());
    }

    public JaasSecurityDomain(String str, CallbackHandler callbackHandler) {
        super(str, callbackHandler);
        this.keyStoreType = "JKS";
        this.cipherAlgorithm = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 2, 3, 4, 5, 6, 7, 8};
        this.iterationCount = 103;
        this.managerServiceName = JaasSecurityManagerServiceMBean.OBJECT_NAME;
        this.trustStoreType = "JKS";
    }

    @Override // org.jboss.security.SecurityDomain
    public KeyStore getKeyStore() throws SecurityException {
        return this.keyStore;
    }

    @Override // org.jboss.security.SecurityDomain
    public KeyManagerFactory getKeyManagerFactory() throws SecurityException {
        return this.keyMgr;
    }

    @Override // org.jboss.security.SecurityDomain
    public KeyStore getTrustStore() throws SecurityException {
        return this.trustStore;
    }

    @Override // org.jboss.security.SecurityDomain
    public TrustManagerFactory getTrustManagerFactory() throws SecurityException {
        return this.trustMgr;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public ObjectName getManagerServiceName() {
        return this.managerServiceName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setManagerServiceName(ObjectName objectName) {
        this.managerServiceName = objectName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public String getKeyStoreURL() {
        String str = null;
        if (this.keyStoreURL != null) {
            str = this.keyStoreURL.toExternalForm();
        }
        return str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreURL(String str) throws IOException {
        this.keyStoreURL = validateStoreURL(str);
        this.log.debug(new StringBuffer().append("Using KeyStore=").append(this.keyStoreURL.toExternalForm()).toString());
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStorePass(String str) {
        this.keyStorePassword = null;
        if (str.charAt(0) != '{') {
            this.keyStorePassword = str.toCharArray();
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, "{}");
        this.keyStorePasswordCmdType = stringTokenizer.nextToken();
        this.keyStorePasswordCmd = stringTokenizer.nextToken();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStorePass(String str) {
        this.trustStorePassword = str.toCharArray();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public String getTrustStoreURL() {
        String str = null;
        if (this.trustStoreURL != null) {
            str = this.trustStoreURL.toExternalForm();
        }
        return str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreURL(String str) throws IOException {
        this.trustStoreURL = validateStoreURL(str);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setSalt(String str) {
        this.salt = str.getBytes();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setIterationCount(int i) {
        this.iterationCount = i;
    }

    public String getCipherAlgorithm() {
        return this.cipherAlgorithm;
    }

    public void setCipherAlgorithm(String str) {
        this.cipherAlgorithm = str;
    }

    public String getName() {
        return new StringBuffer().append("JaasSecurityDomain(").append(getSecurityDomain()).append(")").toString();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public byte[] encode(byte[] bArr) throws Exception {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            System.out.println(new StringBuffer().append("Checking: ").append(encodePermission).toString());
            securityManager.checkPermission(encodePermission);
        }
        Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
        cipher.init(1, this.cipherKey, this.cipherSpec);
        return cipher.doFinal(bArr);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public byte[] decode(byte[] bArr) throws Exception {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(decodePermission);
        }
        Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
        cipher.init(2, this.cipherKey, this.cipherSpec);
        return cipher.doFinal(bArr);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public String encode64(byte[] bArr) throws Exception {
        return Util.tob64(encode(bArr));
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public byte[] decode64(String str) throws Exception {
        return decode(Util.fromb64(str));
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void reloadKeyAndTrustStore() throws Exception {
        loadKeyAndTrustStore();
    }

    protected void startService() throws Exception {
        loadKeystorePassword();
        loadKeyAndTrustStore();
        if (this.managerServiceName != null) {
            MBeanServerLocator.locateJBoss().invoke(this.managerServiceName, "registerSecurityDomain", new Object[]{getSecurityDomain(), this}, new String[]{"java.lang.String", "org.jboss.security.SecurityDomain"});
        }
    }

    protected void stopService() {
        if (this.keyStorePassword != null) {
            Arrays.fill(this.keyStorePassword, (char) 0);
            this.keyStorePassword = null;
        }
        this.cipherKey = null;
    }

    private void loadKeystorePassword() throws Exception {
        if (this.keyStorePassword == null) {
            if (this.keyStorePasswordCmdType.equals("EXT")) {
                execPasswordCmd();
            } else {
                if (!this.keyStorePasswordCmdType.equals("CLASS")) {
                    throw new IllegalArgumentException(new StringBuffer().append("Unknown keyStorePasswordCmdType: ").append(this.keyStorePasswordCmdType).toString());
                }
                invokePasswordClass();
            }
        }
        this.cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        this.cipherKey = SecretKeyFactory.getInstance("PBEwithMD5andDES").generateSecret(new PBEKeySpec(this.keyStorePassword));
    }

    private void loadKeyAndTrustStore() throws Exception {
        if (this.keyStoreURL != null) {
            this.keyStore = KeyStore.getInstance(this.keyStoreType);
            this.keyStore.load(this.keyStoreURL.openStream(), this.keyStorePassword);
            this.keyMgr = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.keyMgr.init(this.keyStore, this.keyStorePassword);
        }
        if (this.trustStoreURL != null) {
            this.trustStore = KeyStore.getInstance(this.trustStoreType);
            this.trustStore.load(this.trustStoreURL.openStream(), this.trustStorePassword);
            this.trustMgr = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustMgr.init(this.trustStore);
            return;
        }
        if (this.keyStore != null) {
            this.trustStore = this.keyStore;
            this.trustMgr = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustMgr.init(this.trustStore);
        }
    }

    private void execPasswordCmd() throws Exception {
        this.log.debug(new StringBuffer().append("Executing command: ").append(this.keyStorePasswordCmd).toString());
        Process exec = Runtime.getRuntime().exec(this.keyStorePasswordCmd);
        InputStream inputStream = exec.getInputStream();
        String readLine = new BufferedReader(new InputStreamReader(inputStream)).readLine();
        inputStream.close();
        this.log.debug(new StringBuffer().append("Command exited with: ").append(exec.waitFor()).toString());
        this.keyStorePassword = readLine.toCharArray();
    }

    private void invokePasswordClass() throws Exception {
        Object newInstance;
        Class<?> cls;
        this.keyStorePassword = null;
        String str = this.keyStorePasswordCmd;
        String str2 = null;
        int indexOf = this.keyStorePasswordCmd.indexOf(58);
        if (indexOf > 0) {
            str = this.keyStorePasswordCmd.substring(0, indexOf);
            str2 = this.keyStorePasswordCmd.substring(indexOf + 1);
        }
        this.log.debug(new StringBuffer().append("Loading class: ").append(str).append(", ctorArg=").append(str2).toString());
        Class<?> loadClass = SubjectActions.getContextClassLoader().loadClass(str);
        if (str2 != null) {
            Class<?>[] clsArr = new Class[1];
            if (class$java$lang$String == null) {
                cls = class$("java.lang.String");
                class$java$lang$String = cls;
            } else {
                cls = class$java$lang$String;
            }
            clsArr[0] = cls;
            newInstance = loadClass.getConstructor(clsArr).newInstance(str2);
        } else {
            newInstance = loadClass.newInstance();
        }
        try {
            this.log.debug("Checking for toCharArray");
            this.log.debug("Invoking toCharArray");
            this.keyStorePassword = (char[]) loadClass.getMethod("toCharArray", new Class[0]).invoke(newInstance, new Object[0]);
        } catch (NoSuchMethodException e) {
            this.log.debug("No toCharArray found, invoking toString");
            String obj = newInstance.toString();
            if (obj != null) {
                this.keyStorePassword = obj.toCharArray();
            }
        }
    }

    private URL validateStoreURL(String str) throws IOException {
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
        }
        if (url == null) {
            File file = new File(str);
            if (file.exists()) {
                url = file.toURL();
            }
        }
        if (url == null) {
            url = SubjectActions.getContextClassLoader().getResource(str);
        }
        if (url == null) {
            throw new MalformedURLException(new StringBuffer().append("Failed to find url=").append(str).append(" as a URL, file or resource").toString());
        }
        return url;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
