package net.shibboleth.idp.admin.impl;

import jakarta.servlet.http.HttpServletRequest;
import java.security.KeyException;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.security.impl.BasicKeystoreKeyStrategy;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/idp-admin-impl-5.1.3.jar:net/shibboleth/idp/admin/impl/UnlockDataSealers.class */
public class UnlockDataSealers extends AbstractProfileAction {

    @Nonnull
    @NotEmpty
    public static final String KEYSTORE_PASSWORD_PARAM_NAME = "keystorePassword";

    @Nonnull
    @NotEmpty
    public static final String KEY_PASSWORD_PARAM_NAME = "keyPassword";

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) UnlockDataSealers.class);

    @Nonnull
    private Collection<BasicKeystoreKeyStrategy> keyStrategies = CollectionSupport.emptyList();

    public void setKeyStrategies(@Nullable Collection<BasicKeystoreKeyStrategy> collection) {
        checkSetterPreconditions();
        if (collection != null) {
            this.keyStrategies = CollectionSupport.copyToList(collection);
        } else {
            this.keyStrategies = CollectionSupport.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.profile.action.AbstractConditionalProfileAction, org.opensaml.profile.action.AbstractProfileAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        if (!super.doPreExecute(profileRequestContext) || this.keyStrategies.isEmpty()) {
            return false;
        }
        if (getHttpServletRequest() != null) {
            return true;
        }
        this.log.warn("{} No HttpServletRequest available", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
        return false;
    }

    @Override // org.opensaml.profile.action.AbstractProfileAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Constraint.isNotNull(getHttpServletRequest(), "Could not locate servlet request");
        String[] parameterValues = httpServletRequest.getParameterValues(KEYSTORE_PASSWORD_PARAM_NAME);
        String[] parameterValues2 = httpServletRequest.getParameterValues(KEY_PASSWORD_PARAM_NAME);
        if (parameterValues == null || parameterValues2 == null || parameterValues.length != this.keyStrategies.size() || parameterValues2.length != this.keyStrategies.size()) {
            this.log.warn("{} Password parameter count does not match size of configured KeyStrategy inputs", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
            return;
        }
        int i = 0;
        for (BasicKeystoreKeyStrategy basicKeystoreKeyStrategy : this.keyStrategies) {
            if (parameterValues[i] == null || parameterValues2[i] == null) {
                this.log.warn("{} Empty password supplied at index {}", getLogPrefix(), Integer.valueOf(i));
                ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
                return;
            }
            basicKeystoreKeyStrategy.setKeystorePassword(parameterValues[i]);
            basicKeystoreKeyStrategy.setKeyPassword(parameterValues2[i]);
            try {
                basicKeystoreKeyStrategy.getDefaultKey();
                i++;
            } catch (KeyException e) {
                this.log.warn("{} Failed to unlock key strategy in collection with index {}", getLogPrefix(), Integer.valueOf(i));
                ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MESSAGE);
                return;
            }
        }
    }
}
