package org.wildfly.security.credential.store.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.CredentialStoreSpi;
import org.wildfly.security.credential.store.UnsupportedCredentialTypeException;
import org.wildfly.security.credential.store._private.ElytronMessages;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.util.AtomicFileOutputStream;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/credential/store/impl/VaultCredentialStore.class */
public final class VaultCredentialStore extends CredentialStoreSpi {
    public static final String VAULT_CREDENTIAL_STORE = "VaultCredentialStore";
    private static final String LOCATION = "location";
    private static final List<String> validAttribtues = Arrays.asList("location");
    private final Map<String, byte[]> data = new HashMap();
    private SecretKey adminKey;
    private File location;
    private volatile boolean modifiable;

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void initialize(Map<String, String> map, CredentialStore.ProtectionParameter protectionParameter, Provider[] providerArr) throws CredentialStoreException {
        if (!(protectionParameter instanceof CredentialStore.CredentialSourceProtectionParameter)) {
            throw ElytronMessages.log.invalidProtectionParameter(protectionParameter);
        }
        try {
            SecretKey secretKey = (SecretKey) ((CredentialStore.CredentialSourceProtectionParameter) protectionParameter).getCredentialSource().applyToCredential(SecretKeyCredential.class, "AES", (v0) -> {
                return v0.getSecretKey();
            });
            if (secretKey == null) {
                throw ElytronMessages.log.cannotAcquireCredentialFromStore(null);
            }
            validateAttribute(map, validAttribtues);
            String str = map.get("location");
            if (str != null) {
                File file = new File(str, "VAULT.dat");
                if (file.exists()) {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(file);
                        try {
                            VaultObjectInputStream vaultObjectInputStream = new VaultObjectInputStream(fileInputStream);
                            try {
                                SecurityVaultData securityVaultData = (SecurityVaultData) vaultObjectInputStream.readObject();
                                vaultObjectInputStream.close();
                                fileInputStream.close();
                                if (securityVaultData != null) {
                                    synchronized (this.data) {
                                        this.data.clear();
                                        this.data.putAll(securityVaultData.getVaultData());
                                    }
                                }
                                this.location = file;
                                this.modifiable = file.canWrite();
                            } catch (Throwable th) {
                                try {
                                    vaultObjectInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } finally {
                        }
                    } catch (IOException | ClassNotFoundException e) {
                        throw ElytronMessages.log.cannotAcquireCredentialFromStore(e);
                    }
                }
            }
            this.adminKey = secretKey;
        } catch (IOException e2) {
            throw ElytronMessages.log.cannotAcquireCredentialFromStore(e2);
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public boolean isModifiable() {
        return this.modifiable;
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void store(String str, Credential credential, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException, UnsupportedCredentialTypeException {
        if (!this.modifiable) {
            throw ElytronMessages.log.nonModifiableCredentialStore("store");
        }
        if (protectionParameter != null) {
            throw ElytronMessages.log.invalidProtectionParameter(protectionParameter);
        }
        char[] cArr = (char[]) credential.castAndApply(PasswordCredential.class, passwordCredential -> {
            return (char[]) passwordCredential.getPassword().castAndApply(ClearPassword.class, (v0) -> {
                return v0.getPassword();
            });
        });
        if (cArr == null) {
            throw ElytronMessages.log.unsupportedCredentialType(credential.getClass());
        }
        try {
            Cipher cipher = Cipher.getInstance(this.adminKey.getAlgorithm());
            cipher.init(1, this.adminKey);
            byte[] doFinal = cipher.doFinal(CodePointIterator.ofChars(cArr).asUtf8().drain());
            synchronized (this.data) {
                this.data.put(str, doFinal);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw ElytronMessages.log.cannotWriteCredentialToStore(e);
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public <C extends Credential> C retrieve(String str, Class<C> cls, String str2, AlgorithmParameterSpec algorithmParameterSpec, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
        byte[] bArr;
        if (protectionParameter != null) {
            throw ElytronMessages.log.invalidProtectionParameter(protectionParameter);
        }
        if (!cls.isAssignableFrom(PasswordCredential.class)) {
            return null;
        }
        if ((str2 != null && !str2.equals("clear")) || algorithmParameterSpec != null) {
            return null;
        }
        synchronized (this.data) {
            bArr = this.data.get(str);
        }
        try {
            Cipher cipher = Cipher.getInstance(this.adminKey.getAlgorithm());
            cipher.init(2, this.adminKey);
            return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", new String(cipher.doFinal(bArr), StandardCharsets.UTF_8).toCharArray())));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw ElytronMessages.log.cannotAcquireCredentialFromStore(e);
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void remove(String str, Class<? extends Credential> cls, String str2, AlgorithmParameterSpec algorithmParameterSpec) throws CredentialStoreException {
        if (cls.isAssignableFrom(PasswordCredential.class)) {
            if ((str2 == null || str2.equals("clear")) && algorithmParameterSpec == null) {
                synchronized (this.data) {
                    this.data.remove(str);
                }
            }
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void flush() throws CredentialStoreException {
        synchronized (this.data) {
            File file = this.location;
            if (file != null) {
                try {
                    AtomicFileOutputStream atomicFileOutputStream = new AtomicFileOutputStream(file);
                    try {
                        try {
                            VaultObjectOutputStream vaultObjectOutputStream = new VaultObjectOutputStream(atomicFileOutputStream);
                            try {
                                vaultObjectOutputStream.writeObject(new SecurityVaultData(this.data));
                                vaultObjectOutputStream.close();
                                atomicFileOutputStream.close();
                            } catch (Throwable th) {
                                try {
                                    vaultObjectOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                                throw th;
                            }
                        } catch (Throwable th3) {
                            try {
                                atomicFileOutputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                            throw th3;
                        }
                    } catch (Throwable th5) {
                        atomicFileOutputStream.cancel();
                        throw th5;
                    }
                } catch (IOException e) {
                    throw ElytronMessages.log.cannotWriteCredentialToStore(e);
                }
            }
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public Set<String> getAliases() throws UnsupportedOperationException, CredentialStoreException {
        Set<String> keySet;
        synchronized (this.data) {
            keySet = this.data.keySet();
        }
        return keySet;
    }
}
