package org.wildfly.security.keystore;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.util.LdapUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:wildfly.zip:bin/wildfly-elytron-tool.jar:org/wildfly/security/keystore/LdapKeyStoreSpi.class
 */
/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-keystore-1.14.1.Final.jar:org/wildfly/security/keystore/LdapKeyStoreSpi.class */
class LdapKeyStoreSpi extends KeyStoreSpi {
    private final String ENV_BINARY_ATTRIBUTES = "java.naming.ldap.attributes.binary";
    private final String CREATE_TIMESTAMP_ATTRIBUTE = "createTimestamp";
    private final String MODIFY_TIMESTAMP_ATTRIBUTE = "modifyTimestamp";
    private final ExceptionSupplier<DirContext, NamingException> dirContextSupplier;
    private final String searchPath;
    private final int searchScope;
    private final int searchTimeLimit;
    private final String filterAlias;
    private final String filterCertificate;
    private final String filterIterate;
    private final LdapName createPath;
    private final String createRdn;
    private final Attributes createAttributes;
    private final String aliasAttribute;
    private final String certificateAttribute;
    private final String certificateType;
    private final String certificateChainAttribute;
    private final String certificateChainEncoding;
    private final String keyAttribute;
    private final String keyType;
    private Object binaryAttributesBackup;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapKeyStoreSpi(ExceptionSupplier<DirContext, NamingException> exceptionSupplier, String str, int i, int i2, String str2, String str3, String str4, LdapName ldapName, String str5, Attributes attributes, String str6, String str7, String str8, String str9, String str10, String str11, String str12) {
        this.dirContextSupplier = exceptionSupplier;
        this.searchPath = str;
        this.searchScope = i;
        this.searchTimeLimit = i2;
        this.filterAlias = str2;
        this.filterCertificate = str3;
        this.filterIterate = str4;
        this.createPath = ldapName;
        this.createRdn = str5;
        this.createAttributes = attributes;
        this.aliasAttribute = str6;
        this.certificateAttribute = str7;
        this.certificateType = str8;
        this.certificateChainAttribute = str9;
        this.certificateChainEncoding = str10;
        this.keyAttribute = str11;
        this.keyType = str12;
    }

    private DirContext obtainDirContext() {
        try {
            DirContext dirContext = this.dirContextSupplier.get();
            this.binaryAttributesBackup = dirContext.getEnvironment().get("java.naming.ldap.attributes.binary");
            dirContext.addToEnvironment("java.naming.ldap.attributes.binary", String.join(" ", this.certificateAttribute, this.certificateChainAttribute, this.keyAttribute));
            return dirContext;
        } catch (NamingException e) {
            throw ElytronMessages.log.failedToObtainDirContext(e);
        }
    }

    private void returnDirContext(DirContext dirContext) {
        try {
            if (this.binaryAttributesBackup == null) {
                dirContext.removeFromEnvironment("java.naming.ldap.attributes.binary");
            } else {
                dirContext.addToEnvironment("java.naming.ldap.attributes.binary", this.binaryAttributesBackup);
            }
            dirContext.close();
        } catch (NamingException e) {
            throw ElytronMessages.log.failedToReturnDirContext(e);
        }
    }

    private SearchControls createSearchControl(String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(this.searchScope);
        searchControls.setTimeLimit(this.searchTimeLimit);
        searchControls.setReturningAttributes(strArr);
        return searchControls;
    }

    private SearchResult searchAlias(DirContext dirContext, String str, byte[] bArr, String[] strArr) throws NamingException {
        SearchControls createSearchControl = createSearchControl(strArr);
        NamingEnumeration search = bArr == null ? dirContext.search(this.searchPath, this.filterAlias, new String[]{str}, createSearchControl) : dirContext.search(this.searchPath, this.filterCertificate, new Object[]{bArr}, createSearchControl);
        if (search.hasMore()) {
            return (SearchResult) search.next();
        }
        ElytronMessages.log.debugf("Alias [%s] not found in LdapKeyStore", str);
        return null;
    }

    private Attributes obtainAliasOrCertificateAttributes(String str, byte[] bArr, String[] strArr) {
        DirContext obtainDirContext = obtainDirContext();
        try {
            if (obtainDirContext == null) {
                ElytronMessages.log.trace("Unable to obtain DirContext");
                return null;
            }
            try {
                SearchResult searchAlias = searchAlias(obtainDirContext, str, bArr, strArr);
                if (searchAlias == null) {
                    return null;
                }
                Attributes attributes = searchAlias.getAttributes();
                returnDirContext(obtainDirContext);
                return attributes;
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToObtainAlias(str, e);
            }
        } finally {
            returnDirContext(obtainDirContext);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        byte[] bArr;
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{this.certificateAttribute});
        if (obtainAliasOrCertificateAttributes == null) {
            ElytronMessages.log.tracef("Alias [%s] does not exist", str);
            return null;
        }
        try {
            Attribute binaryAttribute = LdapUtil.getBinaryAttribute(obtainAliasOrCertificateAttributes, this.certificateAttribute);
            if (binaryAttribute == null || (bArr = (byte[]) binaryAttribute.get()) == null) {
                return null;
            }
            return CertificateFactory.getInstance(this.certificateType).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException | NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainCertificate(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        byte[] bArr;
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{this.certificateChainAttribute});
        if (obtainAliasOrCertificateAttributes == null) {
            ElytronMessages.log.tracef("Alias [%s] does not exist", str);
            return null;
        }
        try {
            Attribute binaryAttribute = LdapUtil.getBinaryAttribute(obtainAliasOrCertificateAttributes, this.certificateChainAttribute);
            if (binaryAttribute == null || (bArr = (byte[]) binaryAttribute.get()) == null) {
                return null;
            }
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(this.certificateType).generateCertificates(new ByteArrayInputStream(bArr));
            return (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
        } catch (CertificateException | NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainCertificateChain(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        byte[] bArr;
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{this.keyAttribute});
        if (obtainAliasOrCertificateAttributes == null) {
            ElytronMessages.log.tracef("Alias [%s] does not exist", str);
            return null;
        }
        try {
            Attribute binaryAttribute = LdapUtil.getBinaryAttribute(obtainAliasOrCertificateAttributes, this.keyAttribute);
            if (binaryAttribute == null || (bArr = (byte[]) binaryAttribute.get()) == null) {
                return null;
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            KeyStore keyStore = KeyStore.getInstance(this.keyType);
            keyStore.load(byteArrayInputStream, cArr);
            return keyStore.getKey(keyStore.aliases().nextElement(), cArr);
        } catch (IOException | KeyStoreException | CertificateException | NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToRecoverKey(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{"createTimestamp", "modifyTimestamp"});
        if (obtainAliasOrCertificateAttributes == null) {
            ElytronMessages.log.tracef("Alias [%s] does not exist", str);
            return null;
        }
        try {
            Attribute attribute = obtainAliasOrCertificateAttributes.get("createTimestamp");
            Attribute attribute2 = obtainAliasOrCertificateAttributes.get("modifyTimestamp");
            if (attribute2 != null && attribute2.get() != null) {
                return LdapGeneralizedTimeUtil.generalizedTimeToDate((String) attribute2.get());
            }
            if (attribute != null && attribute.get() != null) {
                return LdapGeneralizedTimeUtil.generalizedTimeToDate((String) attribute.get());
            }
            ElytronMessages.log.tracef("LDAP entry of alias [%s] does not have create nor modify timestamp attributes", str);
            return null;
        } catch (ParseException | NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainCreationDate(str, e);
        }
    }

    private void storeAttributes(String str, List<ModificationItem> list) throws KeyStoreException {
        LdapName ldapName;
        DirContext obtainDirContext = obtainDirContext();
        try {
            try {
                SearchResult searchAlias = searchAlias(obtainDirContext, str, null, new String[0]);
                if (searchAlias != null) {
                    ldapName = new LdapName(searchAlias.getNameInNamespace());
                } else {
                    if (this.createPath == null || this.createAttributes == null || this.createRdn == null) {
                        throw ElytronMessages.log.creationNotConfigured(str);
                    }
                    ldapName = (LdapName) this.createPath.clone();
                    ldapName.add(new Rdn(this.createRdn, str));
                    ElytronMessages.log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", str, ldapName.toString());
                    obtainDirContext.createSubcontext(ldapName, this.createAttributes);
                    list.add(new ModificationItem(2, new BasicAttribute(this.aliasAttribute, str)));
                }
                obtainDirContext.modifyAttributes(ldapName, (ModificationItem[]) list.toArray(new ModificationItem[list.size()]));
                returnDirContext(obtainDirContext);
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToStore(str, e);
            }
        } catch (Throwable th) {
            returnDirContext(obtainDirContext);
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        LinkedList linkedList = new LinkedList();
        try {
            BasicAttribute basicAttribute = new BasicAttribute(this.certificateAttribute);
            basicAttribute.add(certificate.getEncoded());
            linkedList.add(new ModificationItem(2, basicAttribute));
            storeAttributes(str, linkedList);
        } catch (CertificateEncodingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToSerializeCertificate(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            KeyStore keyStore = KeyStore.getInstance(this.keyType);
            keyStore.load(null, cArr);
            keyStore.setKeyEntry(str, key, cArr, certificateArr);
            keyStore.store(byteArrayOutputStream, cArr);
            engineSetKeyEntry(str, byteArrayOutputStream.toByteArray(), certificateArr);
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToSerializeKey(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        try {
            LinkedList linkedList = new LinkedList();
            linkedList.add(new ModificationItem(2, new BasicAttribute(this.keyAttribute, bArr)));
            linkedList.add(new ModificationItem(2, new BasicAttribute(this.certificateChainAttribute, CertificateFactory.getInstance(this.certificateType).generateCertPath(Arrays.asList(certificateArr)).getEncoded(this.certificateChainEncoding))));
            linkedList.add(new ModificationItem(2, new BasicAttribute(this.certificateAttribute, certificateArr[0].getEncoded())));
            storeAttributes(str, linkedList);
        } catch (CertificateException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToSerializeCertificate(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        DirContext obtainDirContext = obtainDirContext();
        try {
            try {
                SearchResult searchAlias = searchAlias(obtainDirContext, str, null, new String[0]);
                if (searchAlias == null) {
                    throw ElytronMessages.log.ldapKeyStoreFailedToDeleteNonExisting(str);
                }
                obtainDirContext.destroySubcontext(searchAlias.getNameInNamespace());
                returnDirContext(obtainDirContext);
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToDelete(str, e);
            }
        } catch (Throwable th) {
            returnDirContext(obtainDirContext);
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        DirContext obtainDirContext = obtainDirContext();
        try {
            if (obtainDirContext == null) {
                ElytronMessages.log.trace("Unable to obtain DirContext");
                return false;
            }
            try {
                NamingEnumeration search = obtainDirContext.search(this.searchPath, this.filterAlias, new String[]{str}, createSearchControl(new String[]{this.aliasAttribute}));
                boolean hasMore = search.hasMore();
                search.close();
                returnDirContext(obtainDirContext);
                return hasMore;
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToTestAliasExistence(str, e);
            }
        } catch (Throwable th) {
            returnDirContext(obtainDirContext);
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        DirContext obtainDirContext = obtainDirContext();
        if (obtainDirContext == null) {
            ElytronMessages.log.trace("Unable to obtain DirContext");
            return null;
        }
        try {
            try {
                NamingEnumeration search = obtainDirContext.search(this.searchPath, this.filterIterate, (Object[]) null, createSearchControl(new String[]{this.aliasAttribute}));
                LinkedList linkedList = new LinkedList();
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(this.aliasAttribute);
                    if (attribute != null) {
                        linkedList.add((String) attribute.get());
                    }
                }
                Enumeration<String> enumeration = Collections.enumeration(linkedList);
                returnDirContext(obtainDirContext);
                return enumeration;
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToIterateAliases(e);
            }
        } catch (Throwable th) {
            returnDirContext(obtainDirContext);
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        DirContext obtainDirContext = obtainDirContext();
        try {
            if (obtainDirContext == null) {
                ElytronMessages.log.trace("Unable to obtain DirContext");
                return 0;
            }
            try {
                NamingEnumeration search = obtainDirContext.search(this.searchPath, this.filterIterate, (Object[]) null, createSearchControl(new String[]{this.aliasAttribute}));
                int i = 0;
                while (search.hasMore()) {
                    search.next();
                    i++;
                }
                return i;
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapKeyStoreFailedToIterateAliases(e);
            }
        } finally {
            returnDirContext(obtainDirContext);
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{this.keyAttribute});
        Attribute binaryAttribute = obtainAliasOrCertificateAttributes == null ? null : LdapUtil.getBinaryAttribute(obtainAliasOrCertificateAttributes, this.keyAttribute);
        if (binaryAttribute == null) {
            ElytronMessages.log.tracef("Alias [%s] is not key entry", str);
            return false;
        }
        try {
            return ((byte[]) binaryAttribute.get()) != null;
        } catch (NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainKey(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        Attribute binaryAttribute;
        Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(str, null, new String[]{this.certificateAttribute});
        if (obtainAliasOrCertificateAttributes == null || (binaryAttribute = LdapUtil.getBinaryAttribute(obtainAliasOrCertificateAttributes, this.certificateAttribute)) == null) {
            return false;
        }
        try {
            return ((byte[]) binaryAttribute.get()) != null;
        } catch (NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainKey(str, e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        try {
            Attributes obtainAliasOrCertificateAttributes = obtainAliasOrCertificateAttributes(null, certificate.getEncoded(), new String[]{this.aliasAttribute});
            Attribute attribute = obtainAliasOrCertificateAttributes == null ? null : obtainAliasOrCertificateAttributes.get(this.aliasAttribute);
            if (attribute != null) {
                return (String) attribute.get();
            }
            ElytronMessages.log.tracef("Certificate not found in LDAP: [%s]", certificate);
            return null;
        } catch (CertificateException | NamingException e) {
            throw ElytronMessages.log.ldapKeyStoreFailedToObtainAliasByCertificate(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }
}
