package org.jboss.as.cli.impl.aesh.cmd.security.model;

import java.io.File;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import org.aesh.command.CommandException;
import org.jboss.as.cli.CommandContext;
import org.jboss.as.cli.impl.aesh.cmd.security.SecurityCommand;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.Property;

/* loaded from: input_file:m2repo/org/wildfly/core/wildfly-cli/7.0.0.Final/wildfly-cli-7.0.0.Final.jar:org/jboss/as/cli/impl/aesh/cmd/security/model/SSLSecurityBuilder.class */
public abstract class SSLSecurityBuilder implements SecurityCommand.FailureConsumer {
    private static final SecureRandom RANDOM = new SecureRandom();
    private static final String CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    private String sslContextName;
    private String keyManagerName;
    private ServerSSLContext sslContext;
    private File trustedCertificate;
    private String trustStoreName;
    private String trustStoreFileName;
    private String generatedTrustStore;
    private String trustStoreFilePassword;
    private String newTrustStoreName;
    private String newTrustManagerName;
    private boolean validateCertificate;
    public FailureDescProvider NO_DESC = new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.1
        @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
        public String stepFailedDescription() {
            return null;
        }
    };
    private final List<FailureDescProvider> providers = new ArrayList();
    private final List<FailureDescProvider> finalProviders = new ArrayList();
    private final List<FailureDescProvider> effectiveProviders = new ArrayList();
    private final ModelNode composite = new ModelNode();
    private final Set<String> ksToStore = new HashSet();
    private final List<ModelNode> finalSteps = new ArrayList();

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-cli/7.0.0.Final/wildfly-cli-7.0.0.Final.jar:org/jboss/as/cli/impl/aesh/cmd/security/model/SSLSecurityBuilder$FailureDescProvider.class */
    public interface FailureDescProvider {
        String stepFailedDescription();
    }

    public SSLSecurityBuilder() throws CommandException {
        this.composite.get("operation").set("composite");
        this.composite.get("address").setEmptyList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void needKeyStoreStore(String str) {
        this.ksToStore.add(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addFinalstep(ModelNode modelNode, FailureDescProvider failureDescProvider) {
        this.finalSteps.add(modelNode);
        this.finalProviders.add(failureDescProvider);
    }

    public void setNewTrustStoreName(String str) {
        this.newTrustStoreName = str;
    }

    public void setNewTrustManagerName(String str) {
        this.newTrustManagerName = str;
    }

    public ModelNode buildExecutableRequest(CommandContext commandContext) throws Exception {
        try {
            Iterator<FailureDescProvider> it = this.providers.iterator();
            while (it.hasNext()) {
                this.effectiveProviders.add(it.next());
            }
            Iterator<String> it2 = this.ksToStore.iterator();
            while (it2.hasNext()) {
                this.composite.get("steps").add(ElytronUtil.storeKeyStore(commandContext, it2.next()));
                this.effectiveProviders.add(new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.2
                    @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
                    public String stepFailedDescription() {
                        return "Storing the key-store " + SSLSecurityBuilder.this.ksToStore;
                    }
                });
            }
            for (int i = 0; i < this.finalSteps.size(); i++) {
                this.composite.get("steps").add(this.finalSteps.get(i));
                this.effectiveProviders.add(this.finalProviders.get(i));
            }
            return this.composite;
        } catch (Exception e) {
            try {
                failureOccured(commandContext, null);
            } catch (Exception e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    public File getTrustedCertificatePath() {
        return this.trustedCertificate;
    }

    public void setTrustedCertificatePath(File file) {
        this.trustedCertificate = file;
    }

    public void setValidateCertificate(boolean z) {
        this.validateCertificate = z;
    }

    public void addStep(ModelNode modelNode, FailureDescProvider failureDescProvider) {
        Objects.requireNonNull(modelNode);
        Objects.requireNonNull(failureDescProvider);
        this.composite.get("steps").add(modelNode);
        this.providers.add(failureDescProvider);
    }

    public ServerSSLContext getServerSSLContext() {
        return this.sslContext;
    }

    public SSLSecurityBuilder setSSLContextName(String str) {
        this.sslContextName = str;
        return this;
    }

    public SSLSecurityBuilder setKeyManagerName(String str) {
        this.keyManagerName = str;
        return this;
    }

    protected abstract KeyStore buildKeyStore(CommandContext commandContext, boolean z) throws Exception;

    public void buildRequest(CommandContext commandContext, boolean z) throws Exception {
        try {
            KeyStore buildKeyStore = buildKeyStore(commandContext, z);
            this.sslContext = buildServerSSLContext(commandContext, buildKeyManager(commandContext, this.keyManagerName, buildKeyStore), buildTrustManager(commandContext, z));
        } catch (Exception e) {
            try {
                failureOccured(commandContext, null);
            } catch (Exception e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    protected KeyManager buildTrustManager(CommandContext commandContext, boolean z) throws Exception {
        KeyStore keyStore;
        KeyManager keyManager = null;
        if (this.trustedCertificate != null || this.trustStoreName != null) {
            String uuid = UUID.randomUUID().toString();
            if (this.newTrustStoreName == null) {
                this.newTrustStoreName = "trust-store-" + uuid;
            } else if (ElytronUtil.keyStoreExists(commandContext, this.newTrustStoreName)) {
                throw new CommandException("The key-store " + this.newTrustStoreName + " already exists");
            }
            if (this.trustStoreName == null) {
                if (this.trustStoreFileName == null) {
                    this.trustStoreFileName = "server-" + uuid + ".trustore";
                } else {
                    List<String> findMatchingKeyStores = ElytronUtil.findMatchingKeyStores(commandContext, new File(this.trustStoreFileName), "jboss.server.config.dir");
                    if (!findMatchingKeyStores.isEmpty()) {
                        throw new CommandException("Error, the file " + this.trustStoreFileName + " is already referenced from " + findMatchingKeyStores + " resources. Use " + SecurityCommand.formatOption(SecurityCommand.OPT_TRUST_STORE_NAME) + " option or choose another file name.");
                    }
                }
                this.generatedTrustStore = this.newTrustStoreName;
                String generateRandomPassword = this.trustStoreFilePassword == null ? generateRandomPassword() : this.trustStoreFilePassword;
                ModelNode addKeyStore = ElytronUtil.addKeyStore(commandContext, this.newTrustStoreName, new File(this.trustStoreFileName), "jboss.server.config.dir", generateRandomPassword, "JKS", false, null);
                if (z) {
                    addStep(addKeyStore, this.NO_DESC);
                } else {
                    SecurityCommand.execute(commandContext, addKeyStore, SecurityCommand.DEFAULT_FAILURE_CONSUMER);
                }
                keyStore = new KeyStore(this.newTrustStoreName, generateRandomPassword, false);
                addStep(ElytronUtil.importCertificate(commandContext, this.trustedCertificate, uuid, this.validateCertificate, keyStore, true), new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.3
                    @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
                    public String stepFailedDescription() {
                        return "Importing certificate " + SSLSecurityBuilder.this.trustedCertificate.getAbsolutePath() + " in trust-store " + SSLSecurityBuilder.this.newTrustStoreName;
                    }
                });
                needKeyStoreStore(keyStore.getName());
            } else {
                keyStore = ElytronUtil.getKeyStore(commandContext, this.trustStoreName);
            }
            keyManager = buildTrustManager(commandContext, this.newTrustManagerName, keyStore);
        }
        return keyManager;
    }

    private KeyManager buildKeyManager(CommandContext commandContext, String str, KeyStore keyStore) throws Exception {
        boolean z = false;
        if (str == null) {
            str = DefaultResourceNames.buildDefaultKeyManagerName(commandContext, keyStore.getName());
            z = true;
        } else if (ElytronUtil.keyManagerExists(commandContext, str)) {
            throw new CommandException("The key-manager " + str + " already exists");
        }
        final String str2 = null;
        boolean z2 = false;
        if (keyStore.exists() && z) {
            str2 = ElytronUtil.findMatchingKeyManager(commandContext, keyStore, null, null);
        }
        if (str2 == null) {
            str2 = str;
            addStep(ElytronUtil.addKeyManager(commandContext, keyStore, str, null, null), new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.4
                @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
                public String stepFailedDescription() {
                    return "Adding key-manager " + str2;
                }
            });
        } else {
            z2 = true;
        }
        return new KeyManager(str2, keyStore, z2);
    }

    private KeyManager buildTrustManager(CommandContext commandContext, String str, KeyStore keyStore) throws Exception {
        boolean z = false;
        if (str == null) {
            str = DefaultResourceNames.buildDefaultKeyManagerName(commandContext, keyStore.getName());
            z = true;
        } else if (ElytronUtil.trustManagerExists(commandContext, str)) {
            throw new CommandException("The key-manager " + str + " already exists");
        }
        String str2 = null;
        boolean z2 = false;
        if (keyStore.exists() && z) {
            str2 = ElytronUtil.findMatchingTrustManager(commandContext, keyStore, null, null);
        }
        if (str2 == null) {
            str2 = str;
            final String str3 = str;
            addStep(ElytronUtil.addTrustManager(commandContext, keyStore, str, null, null), new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.5
                @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
                public String stepFailedDescription() {
                    return "Adding trust-manager " + str3;
                }
            });
        } else {
            z2 = true;
        }
        return new KeyManager(str2, keyStore, z2);
    }

    private ServerSSLContext buildServerSSLContext(CommandContext commandContext, KeyManager keyManager, KeyManager keyManager2) throws Exception {
        boolean z = false;
        if (this.sslContextName == null) {
            this.sslContextName = DefaultResourceNames.buildDefaultSSLContextName(commandContext, keyManager.getKeyStore().getName());
            z = true;
        } else if (ElytronUtil.serverSSLContextExists(commandContext, this.sslContextName)) {
            throw new CommandException("The ssl-context " + this.sslContextName + " already exists");
        }
        List<String> defaultProtocols = DefaultResourceNames.getDefaultProtocols(commandContext);
        String str = null;
        boolean z2 = false;
        boolean z3 = keyManager2 != null;
        if (keyManager.exists() && z) {
            ServerSSLContext serverSSLContext = new ServerSSLContext(null, keyManager, keyManager2, false);
            serverSSLContext.setNeed(z3);
            serverSSLContext.setProtocols(defaultProtocols);
            str = ElytronUtil.findMatchingSSLContext(commandContext, serverSSLContext);
        }
        if (str == null) {
            str = this.sslContextName;
        } else {
            z2 = true;
        }
        ServerSSLContext serverSSLContext2 = new ServerSSLContext(str, keyManager, keyManager2, z2);
        serverSSLContext2.setNeed(z3);
        serverSSLContext2.setProtocols(defaultProtocols);
        if (!z2) {
            addStep(ElytronUtil.addServerSSLContext(commandContext, serverSSLContext2, this.sslContextName), new FailureDescProvider() { // from class: org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.6
                @Override // org.jboss.as.cli.impl.aesh.cmd.security.model.SSLSecurityBuilder.FailureDescProvider
                public String stepFailedDescription() {
                    return "Adding ssl-context " + SSLSecurityBuilder.this.sslContextName;
                }
            });
        }
        return serverSSLContext2;
    }

    private String getFailedStepDescription(CommandContext commandContext, ModelNode modelNode) {
        if (modelNode == null) {
            return null;
        }
        ModelNode modelNode2 = modelNode.get("result");
        StringBuilder sb = new StringBuilder();
        if (modelNode2.isDefined()) {
            int i = 0;
            if (modelNode.get("failure-description").isDefined()) {
                Iterator<Property> it = modelNode2.asPropertyList().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    ModelNode value = it.next().getValue();
                    if (value.hasDefined("failure-description")) {
                        String stepFailedDescription = this.effectiveProviders.get(i).stepFailedDescription();
                        sb.append("\nERROR, security changes have not been applied.\n");
                        if (stepFailedDescription != null) {
                            sb.append("Failed action: ").append(stepFailedDescription).append("\n");
                        }
                        sb.append("Cause: ").append(value.get("failure-description").asString()).append("\n");
                    } else {
                        i++;
                    }
                }
            }
        }
        return sb.toString();
    }

    @Override // org.jboss.as.cli.impl.aesh.cmd.security.SecurityCommand.FailureConsumer
    public void failureOccured(CommandContext commandContext, ModelNode modelNode) throws CommandException {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        if (modelNode != null) {
            sb.append(getFailedStepDescription(commandContext, modelNode)).append("\n");
            z = true;
        }
        try {
            try {
                if (this.generatedTrustStore != null) {
                    SecurityCommand.execute(commandContext, ElytronUtil.removeKeyStore(commandContext, this.generatedTrustStore), SecurityCommand.DEFAULT_FAILURE_CONSUMER);
                }
                try {
                    doFailureOccured(commandContext);
                } catch (Exception e) {
                    sb.append("Error while cleaning up " + e);
                    z = true;
                }
            } catch (Exception e2) {
                sb.append("Error while cleaning up key-stores " + e2).append("\n");
                z = true;
                try {
                    doFailureOccured(commandContext);
                } catch (Exception e3) {
                    sb.append("Error while cleaning up " + e3);
                    z = true;
                }
            }
            if (z) {
                throw new CommandException(sb.toString());
            }
        } catch (Throwable th) {
            try {
                doFailureOccured(commandContext);
            } catch (Exception e4) {
                sb.append("Error while cleaning up " + e4);
            }
            throw th;
        }
    }

    protected abstract void doFailureOccured(CommandContext commandContext) throws Exception;

    public String getTrustStoreName() {
        return this.trustStoreName;
    }

    public void setTrustStoreName(String str) {
        this.trustStoreName = str;
    }

    public String getTrustStoreFileName() {
        return this.trustStoreFileName;
    }

    public void setTrustStoreFileName(String str) {
        this.trustStoreFileName = str;
    }

    public void setTrustStoreFilePassword(String str) {
        this.trustStoreFilePassword = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String generateRandomPassword() {
        return generateRandomString(8);
    }

    static String generateRandomString(int i) {
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            int nextDouble = (int) (RANDOM.nextDouble() * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".length());
            sb.append("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".substring(nextDouble, nextDouble + 1));
        }
        return sb.toString();
    }
}
