package org.wildfly.extension.elytron;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AbstractRuntimeOnlyHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.controller.operations.validation.AllowedValuesValidator;
import org.jboss.as.controller.operations.validation.ModelTypeValidator;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.security.CredentialStoreClient;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.ssl.CipherSuiteSelector;
import org.wildfly.security.ssl.Protocol;
import org.wildfly.security.ssl.ProtocolSelector;
import org.wildfly.security.ssl.SSLContextBuilder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions.class */
public class SSLDefinitions {
    static final ServiceUtil<SSLContext> SERVER_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SERVER_SSL_CONTEXT, SSLContext.class);
    static final ServiceUtil<SSLContext> CLIENT_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, SSLContext.class);
    static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition PROVIDER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition PROVIDER_LOADER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDER_LOADER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition KEYSTORE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_STORE, ModelType.STRING, false).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition SECURITY_DOMAIN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECURITY_DOMAIN, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.ssl-context", true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition CIPHER_SUITE_FILTER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CIPHER_SUITE_FILTER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final String[] ALLOWED_PROTOCOLS = {"SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
    static final StringListAttributeDefinition PROTOCOLS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.PROTOCOLS).setAllowExpression(true).setMinSize(1).setAllowNull(true).setAllowedValues(ALLOWED_PROTOCOLS).setValidator(new StringValuesValidator(ALLOWED_PROTOCOLS)).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition WANT_CLIENT_AUTH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.WANT_CLIENT_AUTH, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition NEED_CLIENT_AUTH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NEED_CLIENT_AUTH, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition AUTHENTICATION_OPTIONAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AUTHENTICATION_OPTIONAL, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition USE_CIPHER_SUITES_ORDER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.USE_CIPHER_SUITES_ORDER, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(true)).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition MAXIMUM_SESSION_CACHE_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MAXIMUM_SESSION_CACHE_SIZE, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(0)).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition SESSION_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SESSION_TIMEOUT, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(0)).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition KEY_MANAGERS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_MANAGERS, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.key-managers", "org.wildfly.security.ssl-context", true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition TRUST_MANAGERS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TRUST_MANAGERS, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.trust-managers", "org.wildfly.security.ssl-context", true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    private static SimpleAttributeDefinition ACTIVE_SESSION_COUNT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ACTIVE_SESSION_COUNT, ModelType.INT).setStorageRuntime().build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$SSLContextDefinition.class */
    public static class SSLContextDefinition extends TrivialResourceDefinition {
        final boolean server;

        private SSLContextDefinition(String str, boolean z, AbstractAddStepHandler abstractAddStepHandler, AttributeDefinition[] attributeDefinitionArr) {
            super(str, abstractAddStepHandler, attributeDefinitionArr, Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY);
            this.server = z;
        }

        @Override // org.wildfly.extension.elytron.TrivialResourceDefinition
        public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
            super.registerAttributes(managementResourceRegistration);
            managementResourceRegistration.registerReadOnlyAttribute(SSLDefinitions.ACTIVE_SESSION_COUNT, new SSLContextRuntimeHandler() { // from class: org.wildfly.extension.elytron.SSLDefinitions.SSLContextDefinition.1
                @Override // org.wildfly.extension.elytron.SSLDefinitions.SSLContextRuntimeHandler
                protected void performRuntime(ModelNode modelNode, ModelNode modelNode2, SSLContext sSLContext) throws OperationFailedException {
                    modelNode.set(Collections.list((SSLContextDefinition.this.server ? sSLContext.getServerSessionContext() : sSLContext.getClientSessionContext()).getIds()).stream().mapToInt(bArr -> {
                        return 1;
                    }).sum());
                }

                @Override // org.wildfly.extension.elytron.SSLDefinitions.SSLContextRuntimeHandler
                protected ServiceUtil<SSLContext> getSSLContextServiceUtil() {
                    return SSLContextDefinition.this.server ? SSLDefinitions.SERVER_SERVICE_UTIL : SSLDefinitions.CLIENT_SERVICE_UTIL;
                }
            });
        }

        public void registerChildren(ManagementResourceRegistration managementResourceRegistration) {
            super.registerChildren(managementResourceRegistration);
            managementResourceRegistration.registerSubModel(new SSLSessionDefinition(this.server));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$SSLContextRuntimeHandler.class */
    public static abstract class SSLContextRuntimeHandler extends AbstractRuntimeOnlyHandler {
        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ServiceName serviceName = getSSLContextServiceUtil().serviceName(modelNode);
            ServiceController requiredService = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), serviceName, SSLContext.class);
            ServiceController.State state = requiredService.getState();
            if (state != ServiceController.State.UP) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.requiredServiceNotUp(serviceName, state);
            }
            performRuntime(operationContext.getResult(), modelNode, (SSLContext) requiredService.getService().getValue());
        }

        protected abstract void performRuntime(ModelNode modelNode, ModelNode modelNode2, SSLContext sSLContext) throws OperationFailedException;

        protected abstract ServiceUtil<SSLContext> getSSLContextServiceUtil();
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$StringValuesValidator.class */
    static class StringValuesValidator extends ModelTypeValidator implements AllowedValuesValidator {
        private List<ModelNode> allowedValues;

        StringValuesValidator(String... strArr) {
            super(ModelType.STRING);
            this.allowedValues = new ArrayList();
            for (String str : strArr) {
                this.allowedValues.add(new ModelNode().set(str));
            }
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined() && !this.allowedValues.contains(modelNode)) {
                throw new OperationFailedException(ControllerLogger.ROOT_LOGGER.invalidValue(modelNode.asString(), str, this.allowedValues));
            }
        }

        public List<ModelNode> getAllowedValues() {
            return this.allowedValues;
        }
    }

    SSLDefinitions() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getKeyManagerDefinition() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDER_LOADER).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.key-managers", true).build();
        final AttributeDefinition build2 = new SimpleAttributeDefinitionBuilder(KEYSTORE).setCapabilityReference("org.wildfly.security.key-store", "org.wildfly.security.key-managers", true).build();
        AttributeDefinition[] attributeDefinitionArr = {ALGORITHM, build, PROVIDER, build2, CredentialReference.getAttributeDefinition()};
        return new TrivialResourceDefinition(ElytronDescriptionConstants.KEY_MANAGERS, new TrivialAddHandler<KeyManager[]>(KeyManager[].class, attributeDefinitionArr, new RuntimeCapability[]{Capabilities.KEY_MANAGERS_RUNTIME_CAPABILITY, Capabilities.CREDENTIAL_STORE_CLIENT_RUNTIME_CAPABILITY}) { // from class: org.wildfly.extension.elytron.SSLDefinitions.1
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<KeyManager[]> getValueSupplier(ServiceBuilder<KeyManager[]> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                CredentialReference createCredentialReference;
                String asString = SSLDefinitions.ALGORITHM.resolveModelAttribute(operationContext, modelNode).asString();
                String asString2 = SSLDefinitions.PROVIDER.resolveModelAttribute(operationContext, modelNode).isDefined() ? SSLDefinitions.PROVIDER.resolveModelAttribute(operationContext, modelNode).asString() : null;
                String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, build, modelNode);
                InjectedValue injectedValue = new InjectedValue();
                if (asStringIfDefined != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", asStringIfDefined), Provider[].class), Provider[].class, injectedValue);
                }
                String asStringIfDefined2 = ElytronExtension.asStringIfDefined(operationContext, build2, modelNode);
                InjectedValue injectedValue2 = new InjectedValue();
                if (asStringIfDefined2 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.key-store", asStringIfDefined2), KeyStore.class), KeyStore.class, injectedValue2);
                }
                String credentialReferencePartAsStringIfDefined = CredentialReference.credentialReferencePartAsStringIfDefined(operationContext, KeyStoreDefinition.CREDENTIAL_REFERENCE, modelNode, ElytronDescriptionConstants.STORE);
                String credentialReferencePartAsStringIfDefined2 = CredentialReference.credentialReferencePartAsStringIfDefined(operationContext, KeyStoreDefinition.CREDENTIAL_REFERENCE, modelNode, ElytronDescriptionConstants.ALIAS);
                String credentialReferencePartAsStringIfDefined3 = CredentialReference.credentialReferencePartAsStringIfDefined(operationContext, KeyStoreDefinition.CREDENTIAL_REFERENCE, modelNode, ElytronDescriptionConstants.TYPE);
                String credentialReferencePartAsStringIfDefined4 = CredentialReference.credentialReferencePartAsStringIfDefined(operationContext, KeyStoreDefinition.CREDENTIAL_REFERENCE, modelNode, "clear-text");
                if (credentialReferencePartAsStringIfDefined == null || credentialReferencePartAsStringIfDefined.isEmpty()) {
                    createCredentialReference = CredentialReference.createCredentialReference(credentialReferencePartAsStringIfDefined4 != null ? credentialReferencePartAsStringIfDefined4.toCharArray() : null);
                } else {
                    createCredentialReference = CredentialReference.createCredentialReference(credentialReferencePartAsStringIfDefined, credentialReferencePartAsStringIfDefined2, credentialReferencePartAsStringIfDefined3);
                }
                Injector<CredentialStoreClient> injectedValue3 = new InjectedValue<>();
                if (createCredentialReference.getAlias() != null) {
                    KeyStoreDefinition.CREDENTIAL_STORE_CLIENT_SERVICE_UTIL.addInjection((ServiceBuilder<?>) serviceBuilder, injectedValue3, operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.credential-store-client", createCredentialReference.getCredentialStoreName()), CredentialStoreClient.class));
                }
                CredentialReference credentialReference = createCredentialReference;
                return () -> {
                    Provider[] providerArr = (Provider[]) injectedValue.getOptionalValue();
                    KeyManagerFactory keyManagerFactory = null;
                    if (providerArr != null) {
                        for (Provider provider : providerArr) {
                            if (asString2 == null || asString2.equals(provider.getName())) {
                                try {
                                    keyManagerFactory = KeyManagerFactory.getInstance(asString, provider);
                                    break;
                                } catch (NoSuchAlgorithmException e) {
                                }
                            }
                        }
                        if (keyManagerFactory == null) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCreateManagerFactory(KeyManagerFactory.class.getSimpleName(), asString);
                        }
                    } else {
                        try {
                            keyManagerFactory = KeyManagerFactory.getInstance(asString);
                        } catch (NoSuchAlgorithmException e2) {
                            throw new StartException(e2);
                        }
                    }
                    try {
                        CredentialReference.reinjectCredentialStoreClient(injectedValue3, credentialReference);
                        CredentialStoreClient credentialStoreClient = (CredentialStoreClient) injectedValue3.getOptionalValue();
                        KeyStore keyStore = (KeyStore) injectedValue2.getOptionalValue();
                        char[] secret = credentialStoreClient != null ? credentialStoreClient.getSecret() : credentialReference.getSecret();
                        if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                            ElytronSubsystemMessages elytronSubsystemMessages = ElytronSubsystemMessages.ROOT_LOGGER;
                            Object[] objArr = new Object[7];
                            objArr[0] = Arrays.toString(providerArr);
                            objArr[1] = asString2;
                            objArr[2] = asString;
                            objArr[3] = keyManagerFactory;
                            objArr[4] = asStringIfDefined2;
                            objArr[5] = keyStore;
                            objArr[6] = Boolean.valueOf(secret != null);
                            elytronSubsystemMessages.tracef("KeyManager supplying:  providers = %s  provider = %s  algorithm = %s  keyManagerFactory = %s  keyStoreName = %s  keyStore = %s  password (of item) = %b", objArr);
                        }
                        keyManagerFactory.init(keyStore, secret);
                        return keyManagerFactory.getKeyManagers();
                    } catch (ClassNotFoundException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                        throw new StartException(e3);
                    }
                };
            }
        }, attributeDefinitionArr, Capabilities.KEY_MANAGERS_RUNTIME_CAPABILITY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getTrustManagerDefinition() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDER_LOADER).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.trust-managers", true).build();
        final AttributeDefinition build2 = new SimpleAttributeDefinitionBuilder(KEYSTORE).setCapabilityReference("org.wildfly.security.key-store", "org.wildfly.security.trust-managers", true).build();
        AttributeDefinition[] attributeDefinitionArr = {ALGORITHM, build, PROVIDER, build2};
        return new TrivialResourceDefinition(ElytronDescriptionConstants.TRUST_MANAGERS, new TrivialAddHandler<TrustManager[]>(TrustManager[].class, attributeDefinitionArr, new RuntimeCapability[]{Capabilities.TRUST_MANAGERS_RUNTIME_CAPABILITY}) { // from class: org.wildfly.extension.elytron.SSLDefinitions.2
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<TrustManager[]> getValueSupplier(ServiceBuilder<TrustManager[]> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                String asString = SSLDefinitions.ALGORITHM.resolveModelAttribute(operationContext, modelNode).asString();
                String asString2 = SSLDefinitions.PROVIDER.resolveModelAttribute(operationContext, modelNode).isDefined() ? SSLDefinitions.PROVIDER.resolveModelAttribute(operationContext, modelNode).asString() : null;
                String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, build, modelNode);
                InjectedValue injectedValue = new InjectedValue();
                if (asStringIfDefined != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", asStringIfDefined), Provider[].class), Provider[].class, injectedValue);
                }
                String asStringIfDefined2 = ElytronExtension.asStringIfDefined(operationContext, build2, modelNode);
                InjectedValue injectedValue2 = new InjectedValue();
                if (asStringIfDefined2 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.key-store", asStringIfDefined2), KeyStore.class), KeyStore.class, injectedValue2);
                }
                return () -> {
                    Provider[] providerArr = (Provider[]) injectedValue.getOptionalValue();
                    TrustManagerFactory trustManagerFactory = null;
                    if (providerArr != null) {
                        for (Provider provider : providerArr) {
                            if (asString2 == null || asString2.equals(provider.getName())) {
                                try {
                                    trustManagerFactory = TrustManagerFactory.getInstance(asString, provider);
                                    break;
                                } catch (NoSuchAlgorithmException e) {
                                }
                            }
                        }
                        if (trustManagerFactory == null) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCreateManagerFactory(TrustManagerFactory.class.getSimpleName(), asString);
                        }
                    } else {
                        try {
                            trustManagerFactory = TrustManagerFactory.getInstance(asString);
                        } catch (NoSuchAlgorithmException e2) {
                            throw new StartException(e2);
                        }
                    }
                    KeyStore keyStore = (KeyStore) injectedValue2.getOptionalValue();
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("KeyManager supplying:  providers = %s  provider = %s  algorithm = %s  trustManagerFactory = %s  keyStoreName = %s  keyStore = %s", new Object[]{Arrays.toString(providerArr), asString2, asString, trustManagerFactory, asStringIfDefined2, keyStore});
                    }
                    try {
                        trustManagerFactory.init((KeyStore) injectedValue2.getOptionalValue());
                        return trustManagerFactory.getTrustManagers();
                    } catch (KeyStoreException e3) {
                        throw new StartException(e3);
                    }
                };
            }
        }, attributeDefinitionArr, Capabilities.TRUST_MANAGERS_RUNTIME_CAPABILITY, Capabilities.CREDENTIAL_STORE_CLIENT_RUNTIME_CAPABILITY);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> InjectedValue<T> addDependency(String str, SimpleAttributeDefinition simpleAttributeDefinition, Class<T> cls, ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, simpleAttributeDefinition, modelNode);
        InjectedValue<T> injectedValue = new InjectedValue<>();
        if (asStringIfDefined != null) {
            serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(str, asStringIfDefined), cls), cls, injectedValue);
        }
        return injectedValue;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getServerSSLContextDefinition() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDER_LOADER).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.ssl-context", true).build();
        AttributeDefinition[] attributeDefinitionArr = {SECURITY_DOMAIN, CIPHER_SUITE_FILTER, PROTOCOLS, WANT_CLIENT_AUTH, NEED_CLIENT_AUTH, AUTHENTICATION_OPTIONAL, USE_CIPHER_SUITES_ORDER, MAXIMUM_SESSION_CACHE_SIZE, SESSION_TIMEOUT, KEY_MANAGERS, TRUST_MANAGERS, build};
        return new SSLContextDefinition(ElytronDescriptionConstants.SERVER_SSL_CONTEXT, true, new TrivialAddHandler<SSLContext>(SSLContext.class, attributeDefinitionArr, new RuntimeCapability[]{Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY}) { // from class: org.wildfly.extension.elytron.SSLDefinitions.3
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue addDependency = SSLDefinitions.addDependency("org.wildfly.security.security-domain", SSLDefinitions.SECURITY_DOMAIN, SecurityDomain.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency2 = SSLDefinitions.addDependency("org.wildfly.security.key-managers", SSLDefinitions.KEY_MANAGERS, KeyManager[].class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency3 = SSLDefinitions.addDependency("org.wildfly.security.trust-managers", SSLDefinitions.TRUST_MANAGERS, TrustManager[].class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency4 = SSLDefinitions.addDependency("org.wildfly.security.providers", build, Provider[].class, serviceBuilder, operationContext, modelNode);
                List unwrap = SSLDefinitions.PROTOCOLS.unwrap(operationContext, modelNode);
                String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, SSLDefinitions.CIPHER_SUITE_FILTER, modelNode);
                boolean asBoolean = SSLDefinitions.WANT_CLIENT_AUTH.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean2 = SSLDefinitions.NEED_CLIENT_AUTH.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean3 = SSLDefinitions.AUTHENTICATION_OPTIONAL.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean4 = SSLDefinitions.USE_CIPHER_SUITES_ORDER.resolveModelAttribute(operationContext, modelNode).asBoolean();
                int asInt = SSLDefinitions.MAXIMUM_SESSION_CACHE_SIZE.resolveModelAttribute(operationContext, modelNode).asInt();
                int asInt2 = SSLDefinitions.SESSION_TIMEOUT.resolveModelAttribute(operationContext, modelNode).asInt();
                return () -> {
                    SecurityDomain securityDomain = (SecurityDomain) addDependency.getOptionalValue();
                    X509ExtendedKeyManager x509KeyManager = SSLDefinitions.getX509KeyManager((KeyManager[]) addDependency2.getOptionalValue());
                    X509ExtendedTrustManager x509TrustManager = SSLDefinitions.getX509TrustManager((TrustManager[]) addDependency3.getOptionalValue());
                    Provider[] providerArr = (Provider[]) addDependency4.getOptionalValue();
                    SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                    if (securityDomain != null) {
                        sSLContextBuilder.setSecurityDomain(securityDomain);
                    }
                    if (x509KeyManager != null) {
                        sSLContextBuilder.setKeyManager(x509KeyManager);
                    }
                    if (x509TrustManager != null) {
                        sSLContextBuilder.setTrustManager(x509TrustManager);
                    }
                    if (providerArr != null) {
                        sSLContextBuilder.setProviderSupplier(() -> {
                            return providerArr;
                        });
                    }
                    if (asStringIfDefined != null) {
                        sSLContextBuilder.setCipherSuiteSelector(CipherSuiteSelector.fromString(asStringIfDefined));
                    }
                    if (!unwrap.isEmpty()) {
                        sSLContextBuilder.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf((Collection) unwrap.stream().map(Protocol::forName).collect(Collectors.toList()))));
                    }
                    sSLContextBuilder.setWantClientAuth(asBoolean).setNeedClientAuth(asBoolean2).setAuthenticationOptional(asBoolean3).setUseCipherSuitesOrder(asBoolean4).setSessionCacheSize(asInt).setSessionTimeout(asInt2);
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("ServerSSLContext supplying:  securityDomain = %s  keyManager = %s  trustManager = %s  providers = %s  cipherSuiteFilter = %s  protocols = %s  wantClientAuth = %s  needClientAuth = %s  authenticationOptional = %s  maximumSessionCacheSize = %s  sessionTimeout = %s", new Object[]{securityDomain, x509KeyManager, x509TrustManager, Arrays.toString(providerArr), asStringIfDefined, Arrays.toString(unwrap.toArray()), Boolean.valueOf(asBoolean), Boolean.valueOf(asBoolean2), Boolean.valueOf(asBoolean3), Integer.valueOf(asInt), Integer.valueOf(asInt2)});
                    }
                    try {
                        return (SSLContext) sSLContextBuilder.build().create();
                    } catch (GeneralSecurityException e) {
                        throw new StartException(e);
                    }
                };
            }

            protected Resource createResource(OperationContext operationContext) {
                SSLContextResource sSLContextResource = new SSLContextResource(Resource.Factory.create(), true);
                operationContext.addResource(PathAddress.EMPTY_ADDRESS, sSLContextResource);
                return sSLContextResource;
            }

            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected void installedForResource(ServiceController<SSLContext> serviceController, Resource resource) {
                ((SSLContextResource) resource).setSSLContextServiceController(serviceController);
            }
        }, attributeDefinitionArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getClientSSLContextDefinition() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDER_LOADER).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.ssl-context", true).build();
        AttributeDefinition[] attributeDefinitionArr = {CIPHER_SUITE_FILTER, PROTOCOLS, USE_CIPHER_SUITES_ORDER, MAXIMUM_SESSION_CACHE_SIZE, SESSION_TIMEOUT, KEY_MANAGERS, TRUST_MANAGERS, build};
        return new SSLContextDefinition(ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, false, new TrivialAddHandler<SSLContext>(SSLContext.class, attributeDefinitionArr, new RuntimeCapability[]{Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY}) { // from class: org.wildfly.extension.elytron.SSLDefinitions.4
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue addDependency = SSLDefinitions.addDependency("org.wildfly.security.key-managers", SSLDefinitions.KEY_MANAGERS, KeyManager[].class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency2 = SSLDefinitions.addDependency("org.wildfly.security.trust-managers", SSLDefinitions.TRUST_MANAGERS, TrustManager[].class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency3 = SSLDefinitions.addDependency("org.wildfly.security.providers", build, Provider[].class, serviceBuilder, operationContext, modelNode);
                List unwrap = SSLDefinitions.PROTOCOLS.unwrap(operationContext, modelNode);
                String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, SSLDefinitions.CIPHER_SUITE_FILTER, modelNode);
                boolean asBoolean = SSLDefinitions.USE_CIPHER_SUITES_ORDER.resolveModelAttribute(operationContext, modelNode).asBoolean();
                int asInt = SSLDefinitions.MAXIMUM_SESSION_CACHE_SIZE.resolveModelAttribute(operationContext, modelNode).asInt();
                int asInt2 = SSLDefinitions.SESSION_TIMEOUT.resolveModelAttribute(operationContext, modelNode).asInt();
                return () -> {
                    X509ExtendedKeyManager x509KeyManager = SSLDefinitions.getX509KeyManager((KeyManager[]) addDependency.getOptionalValue());
                    X509ExtendedTrustManager x509TrustManager = SSLDefinitions.getX509TrustManager((TrustManager[]) addDependency2.getOptionalValue());
                    Provider[] providerArr = (Provider[]) addDependency3.getOptionalValue();
                    SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                    if (x509KeyManager != null) {
                        sSLContextBuilder.setKeyManager(x509KeyManager);
                    }
                    if (x509TrustManager != null) {
                        sSLContextBuilder.setTrustManager(x509TrustManager);
                    }
                    if (providerArr != null) {
                        sSLContextBuilder.setProviderSupplier(() -> {
                            return providerArr;
                        });
                    }
                    if (asStringIfDefined != null) {
                        sSLContextBuilder.setCipherSuiteSelector(CipherSuiteSelector.fromString(asStringIfDefined));
                    }
                    if (!unwrap.isEmpty()) {
                        sSLContextBuilder.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf((Collection) unwrap.stream().map(Protocol::forName).collect(Collectors.toList()))));
                    }
                    sSLContextBuilder.setClientMode(true).setUseCipherSuitesOrder(asBoolean).setSessionCacheSize(asInt).setSessionTimeout(asInt2);
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("ClientSSLContext supplying:  keyManager = %s  trustManager = %s  providers = %s  cipherSuiteFilter = %s  protocols = %s  maximumSessionCacheSize = %s  sessionTimeout = %s", new Object[]{x509KeyManager, x509TrustManager, Arrays.toString(providerArr), asStringIfDefined, Arrays.toString(unwrap.toArray()), Integer.valueOf(asInt), Integer.valueOf(asInt2)});
                    }
                    try {
                        return (SSLContext) sSLContextBuilder.build().create();
                    } catch (GeneralSecurityException e) {
                        throw new StartException(e);
                    }
                };
            }

            protected Resource createResource(OperationContext operationContext) {
                SSLContextResource sSLContextResource = new SSLContextResource(Resource.Factory.create(), false);
                operationContext.addResource(PathAddress.EMPTY_ADDRESS, sSLContextResource);
                return sSLContextResource;
            }

            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected void installedForResource(ServiceController<SSLContext> serviceController, Resource resource) {
                ((SSLContextResource) resource).setSSLContextServiceController(serviceController);
            }
        }, attributeDefinitionArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509ExtendedKeyManager getX509KeyManager(KeyManager[] keyManagerArr) throws StartException {
        if (keyManagerArr == null) {
            return null;
        }
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw ElytronSubsystemMessages.ROOT_LOGGER.noTypeFound(X509ExtendedKeyManager.class.getSimpleName());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509ExtendedTrustManager getX509TrustManager(TrustManager[] trustManagerArr) throws StartException {
        if (trustManagerArr == null) {
            return null;
        }
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509ExtendedTrustManager) {
                return (X509ExtendedTrustManager) trustManager;
            }
        }
        throw ElytronSubsystemMessages.ROOT_LOGGER.noTypeFound(X509ExtendedTrustManager.class.getSimpleName());
    }
}
