package org.hawkular.agent.javaagent.config;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;

/* loaded from: input_file:org/hawkular/agent/javaagent/config/SecurityRealm.class */
public class SecurityRealm implements Validatable {

    @JsonProperty(required = true)
    public String name;

    @JsonProperty(value = ModelDescriptionConstants.KEYSTORE_PATH, required = true)
    public String keystorePath;

    @JsonProperty(value = ModelDescriptionConstants.KEYSTORE_PASSWORD, required = true)
    public String keystorePassword;

    @JsonProperty(ModelDescriptionConstants.KEY_PASSWORD)
    public String keyPassword;

    @JsonProperty("keystore-type")
    public String keystoreType;

    @JsonProperty("key-manager-algorithm")
    public String keyManagerAlgorithm;

    @JsonProperty("trust-manager-algorithm")
    public String trustManagerAlgorithm;

    @JsonProperty("ssl-protocol")
    public String sslProtocol;

    public SecurityRealm() {
        this.keystoreType = KeyStore.getDefaultType();
        this.keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        this.trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        this.sslProtocol = "TLSv1";
    }

    public SecurityRealm(SecurityRealm securityRealm) {
        this.keystoreType = KeyStore.getDefaultType();
        this.keyManagerAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        this.trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        this.sslProtocol = "TLSv1";
        this.name = securityRealm.name;
        this.keystorePath = securityRealm.keystorePath;
        this.keystorePassword = securityRealm.keystorePassword;
        this.keyPassword = securityRealm.keyPassword;
        this.keystoreType = securityRealm.keystoreType;
        this.keyManagerAlgorithm = securityRealm.keyManagerAlgorithm;
        this.trustManagerAlgorithm = securityRealm.trustManagerAlgorithm;
        this.sslProtocol = securityRealm.sslProtocol;
    }

    @Override // org.hawkular.agent.javaagent.config.Validatable
    public void validate() throws Exception {
        if (this.name == null) {
            throw new Exception("security-realm name must be specified");
        }
        if (this.keystorePath == null || this.keystorePath.trim().length() == 0) {
            throw new Exception("security-realm: [" + this.name + "] keystore-path must be specified");
        }
        if (this.keystorePassword == null || this.keystorePassword.trim().length() == 0) {
            throw new Exception("security-realm: [" + this.name + "] keystore-password must be specified");
        }
        try {
            KeyStore.getInstance(this.keystoreType);
            try {
                KeyManagerFactory.getInstance(this.keyManagerAlgorithm);
                try {
                    TrustManagerFactory.getInstance(this.trustManagerAlgorithm);
                    try {
                        SSLContext.getInstance(this.sslProtocol);
                    } catch (Exception e) {
                        throw new Exception("security-realm: [" + this.name + "] ssl-protocol [" + this.sslProtocol + "] is invalid. You may want to use [TLSv1]", e);
                    }
                } catch (Exception e2) {
                    throw new Exception("security-realm: [" + this.name + "] trust-manager-algorithm [" + this.trustManagerAlgorithm + "] is invalid. You may want to use the VM default of [" + TrustManagerFactory.getDefaultAlgorithm() + "]", e2);
                }
            } catch (Exception e3) {
                throw new Exception("security-realm: [" + this.name + "] key-manager-algorithm [" + this.keyManagerAlgorithm + "] is invalid. You may want to use the VM default of [" + KeyManagerFactory.getDefaultAlgorithm() + "]", e3);
            }
        } catch (Exception e4) {
            throw new Exception("security-realm: [" + this.name + "] keystore-type [" + this.keystoreType + "] is invalid. You may want to use the VM default of [" + KeyStore.getDefaultType() + "]", e4);
        }
    }
}
