package org.opends.server.backends;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Random;
import java.util.SortedSet;
import javax.naming.ldap.Rdn;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.opends.messages.BackendMessages;
import org.opends.messages.Message;
import org.opends.server.admin.Configuration;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.TrustStoreBackendCfg;
import org.opends.server.api.Backend;
import org.opends.server.config.ConfigConstants;
import org.opends.server.config.ConfigException;
import org.opends.server.core.AddOperation;
import org.opends.server.core.DeleteOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.AttributeValues;
import org.opends.server.types.Attributes;
import org.opends.server.types.BackupConfig;
import org.opends.server.types.BackupDirectory;
import org.opends.server.types.ByteString;
import org.opends.server.types.ConditionResult;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.FilePermission;
import org.opends.server.types.IndexType;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.LDIFImportResult;
import org.opends.server.types.RDN;
import org.opends.server.types.RestoreConfig;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchScope;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.Validator;

/* loaded from: input_file:org/opends/server/backends/TrustStoreBackend.class */
public class TrustStoreBackend extends Backend implements ConfigurationChangeListener<TrustStoreBackendCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private TrustStoreBackendCfg configuration;
    private DN baseDN;
    private DN[] baseDNs;
    private Entry baseEntry;
    private HashSet<String> supportedControls;
    private HashSet<String> supportedFeatures;
    private char[] trustStorePIN;
    private String trustStoreFile;
    private String trustStoreType;
    private CertificateManager certificateManager;

    @Override // org.opends.server.api.Backend
    public void configureBackend(Configuration configuration) throws ConfigException {
        Validator.ensureNotNull(configuration);
        Validator.ensureTrue(configuration instanceof TrustStoreBackendCfg);
        this.configuration = (TrustStoreBackendCfg) configuration;
    }

    @Override // org.opends.server.api.Backend
    public void initializeBackend() throws ConfigException, InitializationException {
        DN dn = this.configuration.dn();
        SortedSet<DN> baseDN = this.configuration.getBaseDN();
        if (baseDN.size() != 1) {
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_REQUIRES_ONE_BASE_DN.get(String.valueOf(dn)));
        }
        this.baseDN = baseDN.first();
        this.baseDNs = new DN[]{this.baseDN};
        this.trustStoreFile = this.configuration.getTrustStoreFile();
        this.trustStoreType = this.configuration.getTrustStoreType();
        if (this.trustStoreType == null) {
            this.trustStoreType = KeyStore.getDefaultType();
        }
        try {
            KeyStore.getInstance(this.trustStoreType);
            String trustStorePinProperty = this.configuration.getTrustStorePinProperty();
            if (trustStorePinProperty == null) {
                String trustStorePinEnvironmentVariable = this.configuration.getTrustStorePinEnvironmentVariable();
                if (trustStorePinEnvironmentVariable == null) {
                    String trustStorePinFile = this.configuration.getTrustStorePinFile();
                    if (trustStorePinFile == null) {
                        String trustStorePin = this.configuration.getTrustStorePin();
                        if (trustStorePin == null) {
                            this.trustStorePIN = null;
                        } else {
                            this.trustStorePIN = trustStorePin.toCharArray();
                        }
                    } else {
                        File fileForPath = StaticUtils.getFileForPath(trustStorePinFile);
                        if (fileForPath.exists()) {
                            BufferedReader bufferedReader = null;
                            try {
                                try {
                                    bufferedReader = new BufferedReader(new FileReader(fileForPath));
                                    String readLine = bufferedReader.readLine();
                                    try {
                                        bufferedReader.close();
                                    } catch (Exception e) {
                                    }
                                    if (readLine == null) {
                                        throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(String.valueOf(trustStorePinFile), String.valueOf(dn)));
                                    }
                                    this.trustStorePIN = readLine.toCharArray();
                                } catch (IOException e2) {
                                    throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(String.valueOf(trustStorePinFile), String.valueOf(dn), StaticUtils.getExceptionMessage(e2)), e2);
                                }
                            } catch (Throwable th) {
                                try {
                                    bufferedReader.close();
                                } catch (Exception e3) {
                                }
                                throw th;
                            }
                        } else {
                            try {
                                this.trustStorePIN = createKeystorePassword();
                                createPINFile(fileForPath.getPath(), new String(this.trustStorePIN));
                            } catch (Exception e4) {
                                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(String.valueOf(trustStorePinFile), String.valueOf(dn)));
                            }
                        }
                    }
                } else {
                    String str = System.getenv(trustStorePinEnvironmentVariable);
                    if (str == null) {
                        throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(String.valueOf(trustStorePinProperty), String.valueOf(dn)));
                    }
                    this.trustStorePIN = str.toCharArray();
                }
            } else {
                String property = System.getProperty(trustStorePinProperty);
                if (property == null) {
                    throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(String.valueOf(trustStorePinProperty), String.valueOf(dn)));
                }
                this.trustStorePIN = property.toCharArray();
            }
            this.certificateManager = new CertificateManager(StaticUtils.getFileForPath(this.trustStoreFile).getPath(), this.trustStoreType, new String(this.trustStorePIN));
            generateInstanceCertificateIfAbsent();
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(DirectoryServer.getTopObjectClass(), "top");
            linkedHashMap.put(DirectoryServer.getObjectClass("ds-cfg-branch", true), "ds-cfg-branch");
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(0);
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(1);
            RDN rdn = this.baseDN.getRDN();
            int numValues = rdn.getNumValues();
            for (int i = 0; i < numValues; i++) {
                AttributeType attributeType = rdn.getAttributeType(i);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(Attributes.create(attributeType, rdn.getAttributeValue(i)));
                linkedHashMap3.put(attributeType, arrayList);
            }
            this.baseEntry = new Entry(this.baseDN, linkedHashMap, linkedHashMap3, linkedHashMap2);
            this.supportedControls = new HashSet<>(0);
            this.supportedFeatures = new HashSet<>(0);
            this.configuration.addTrustStoreChangeListener(this);
            try {
                DirectoryServer.registerBaseDN(this.baseDN, this, true);
            } catch (Exception e5) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e5);
                }
                throw new InitializationException(BackendMessages.ERR_BACKEND_CANNOT_REGISTER_BASEDN.get(String.valueOf(this.baseDN), String.valueOf(e5)), e5);
            }
        } catch (KeyStoreException e6) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e6);
            }
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(String.valueOf(this.trustStoreType), String.valueOf(dn), StaticUtils.getExceptionMessage(e6)));
        }
    }

    @Override // org.opends.server.api.Backend
    public void finalizeBackend() {
        this.configuration.addTrustStoreChangeListener(this);
        try {
            DirectoryServer.deregisterBaseDN(this.baseDN);
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
        }
    }

    @Override // org.opends.server.api.Backend
    public DN[] getBaseDNs() {
        return this.baseDNs;
    }

    @Override // org.opends.server.api.Backend
    public long getEntryCount() {
        int i = 1;
        try {
            String[] certificateAliases = this.certificateManager.getCertificateAliases();
            if (certificateAliases != null) {
                i = 1 + certificateAliases.length;
            }
        } catch (KeyStoreException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
        }
        return i;
    }

    @Override // org.opends.server.api.Backend
    public boolean isLocal() {
        return true;
    }

    @Override // org.opends.server.api.Backend
    public boolean isIndexed(AttributeType attributeType, IndexType indexType) {
        return true;
    }

    @Override // org.opends.server.api.Backend
    public Entry getEntry(DN dn) throws DirectoryException {
        if (dn == null) {
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_GET_ENTRY_NULL.get());
        }
        if (dn.equals(this.baseDN)) {
            return this.baseEntry.duplicate(true);
        }
        DN parentDNInSuffix = dn.getParentDNInSuffix();
        if (parentDNInSuffix == null || !parentDNInSuffix.equals(this.baseDN)) {
            return null;
        }
        try {
            return getCertEntry(dn);
        } catch (DirectoryException e) {
            return null;
        }
    }

    private Entry getCertEntry(DN dn) throws DirectoryException {
        AttributeType attributeType = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID, true);
        AttributeValue attributeValue = dn.getRDN().getAttributeValue(attributeType);
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(String.valueOf(dn)), this.baseDN, null);
        }
        String byteString = attributeValue.getValue().toString();
        try {
            Certificate certificate = this.certificateManager.getCertificate(byteString);
            if (certificate == null) {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_CERTIFICATE_NOT_FOUND.get(String.valueOf(dn), byteString));
            }
            ByteString wrap = ByteString.wrap(certificate.getEncoded());
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(DirectoryServer.getTopObjectClass(), "top");
            linkedHashMap.put(DirectoryServer.getObjectClass(ConfigConstants.OC_CRYPTO_INSTANCE_KEY, true), ConfigConstants.OC_CRYPTO_INSTANCE_KEY);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(0);
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(3);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(Attributes.create(attributeType, attributeValue));
            linkedHashMap3.put(attributeType, arrayList);
            AttributeType attributeType2 = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE, true);
            AttributeBuilder attributeBuilder = new AttributeBuilder(attributeType2);
            attributeBuilder.setOption("binary");
            attributeBuilder.add(AttributeValues.create(attributeType2, wrap));
            ArrayList arrayList2 = new ArrayList(1);
            arrayList2.add(attributeBuilder.toAttribute());
            linkedHashMap3.put(attributeType2, arrayList2);
            Entry entry = new Entry(dn, linkedHashMap, linkedHashMap3, linkedHashMap2);
            entry.processVirtualAttributes();
            return entry;
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.VERBOSE, e);
            }
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_CANNOT_RETRIEVE_CERT.get(byteString, this.trustStoreFile, e.getMessage()));
        }
    }

    @Override // org.opends.server.api.Backend
    public void addEntry(Entry entry, AddOperation addOperation) throws DirectoryException {
        DN dn = entry.getDN();
        if (dn.equals(this.baseDN)) {
            throw new DirectoryException(ResultCode.ENTRY_ALREADY_EXISTS, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
        }
        DN parentDNInSuffix = dn.getParentDNInSuffix();
        if (parentDNInSuffix == null) {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
        }
        if (parentDNInSuffix.equals(this.baseDN)) {
            addCertificate(entry);
        } else {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
        }
    }

    @Override // org.opends.server.api.Backend
    public void deleteEntry(DN dn, DeleteOperation deleteOperation) throws DirectoryException {
        if (dn.equals(this.baseDN)) {
            throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
        }
        DN parentDNInSuffix = dn.getParentDNInSuffix();
        if (parentDNInSuffix == null || !parentDNInSuffix.equals(this.baseDN)) {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
        }
        deleteCertificate(dn);
    }

    @Override // org.opends.server.api.Backend
    public void replaceEntry(Entry entry, Entry entry2, ModifyOperation modifyOperation) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_MODIFY_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public void renameEntry(DN dn, Entry entry, ModifyDNOperation modifyDNOperation) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_MODIFY_DN_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public void search(SearchOperation searchOperation) throws DirectoryException {
        DN baseDN = searchOperation.getBaseDN();
        Entry entry = getEntry(baseDN);
        SearchScope scope = searchOperation.getScope();
        SearchFilter filter = searchOperation.getFilter();
        if (!this.baseDN.equals(baseDN)) {
            if (!this.baseDN.equals(baseDN.getParentDNInSuffix())) {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(baseDN)));
            }
            Entry certEntry = getCertEntry(baseDN);
            if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(certEntry)) {
                searchOperation.returnEntry(certEntry, null);
                return;
            }
            return;
        }
        if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(entry)) {
            searchOperation.returnEntry(entry, null);
        }
        String[] strArr = null;
        try {
            strArr = this.certificateManager.getCertificateAliases();
        } catch (KeyStoreException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
        }
        if (strArr == null) {
            strArr = new String[0];
        }
        if (scope == SearchScope.BASE_OBJECT || strArr.length == 0) {
            return;
        }
        AttributeType attributeType = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID, true);
        for (String str : strArr) {
            try {
                Entry certEntry2 = getCertEntry(makeChildDN(this.baseDN, attributeType, str));
                if (filter.matchesEntry(certEntry2)) {
                    searchOperation.returnEntry(certEntry2, null);
                }
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.VERBOSE, e2);
                }
            }
        }
    }

    @Override // org.opends.server.api.Backend
    public HashSet<String> getSupportedControls() {
        return this.supportedControls;
    }

    @Override // org.opends.server.api.Backend
    public HashSet<String> getSupportedFeatures() {
        return this.supportedFeatures;
    }

    @Override // org.opends.server.api.Backend
    public boolean supportsLDIFExport() {
        return false;
    }

    @Override // org.opends.server.api.Backend
    public void exportLDIF(LDIFExportConfig lDIFExportConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_IMPORT_AND_EXPORT_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public boolean supportsLDIFImport() {
        return false;
    }

    @Override // org.opends.server.api.Backend
    public LDIFImportResult importLDIF(LDIFImportConfig lDIFImportConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_IMPORT_AND_EXPORT_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public boolean supportsBackup() {
        return false;
    }

    @Override // org.opends.server.api.Backend
    public boolean supportsBackup(BackupConfig backupConfig, StringBuilder sb) {
        return false;
    }

    @Override // org.opends.server.api.Backend
    public void createBackup(BackupConfig backupConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_BACKUP_AND_RESTORE_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public void removeBackup(BackupDirectory backupDirectory, String str) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_BACKUP_AND_RESTORE_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public boolean supportsRestore() {
        return false;
    }

    @Override // org.opends.server.api.Backend
    public void restoreBackup(RestoreConfig restoreConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_BACKUP_AND_RESTORE_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public ConditionResult hasSubordinates(DN dn) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_HAS_SUBORDINATES_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.Backend
    public long numSubordinates(DN dn, boolean z) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_NUM_SUBORDINATES_NOT_SUPPORTED.get());
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(TrustStoreBackendCfg trustStoreBackendCfg, List<Message> list) {
        boolean z = true;
        DN dn = trustStoreBackendCfg.dn();
        String trustStoreFile = trustStoreBackendCfg.getTrustStoreFile();
        try {
            File fileForPath = StaticUtils.getFileForPath(trustStoreFile);
            if (!fileForPath.exists() || !fileForPath.isFile()) {
                list.add(BackendMessages.ERR_TRUSTSTORE_NO_SUCH_FILE.get(String.valueOf(trustStoreFile), String.valueOf(dn)));
                z = false;
            }
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            list.add(BackendMessages.ERR_TRUSTSTORE_CANNOT_DETERMINE_FILE.get(String.valueOf(dn), StaticUtils.getExceptionMessage(e)));
            z = false;
        }
        String trustStoreType = trustStoreBackendCfg.getTrustStoreType();
        if (trustStoreType != null) {
            try {
                KeyStore.getInstance(trustStoreType);
            } catch (KeyStoreException e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
                list.add(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(String.valueOf(trustStoreType), String.valueOf(dn), StaticUtils.getExceptionMessage(e2)));
                z = false;
            }
        }
        String trustStorePinProperty = trustStoreBackendCfg.getTrustStorePinProperty();
        if (trustStorePinProperty != null && System.getProperty(trustStorePinProperty) == null) {
            list.add(BackendMessages.ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(String.valueOf(trustStorePinProperty), String.valueOf(dn)));
            z = false;
        }
        String trustStorePinEnvironmentVariable = trustStoreBackendCfg.getTrustStorePinEnvironmentVariable();
        if (trustStorePinEnvironmentVariable != null && System.getenv(trustStorePinEnvironmentVariable) == null) {
            list.add(BackendMessages.ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(String.valueOf(trustStorePinEnvironmentVariable), String.valueOf(dn)));
            z = false;
        }
        String trustStorePinFile = trustStoreBackendCfg.getTrustStorePinFile();
        if (trustStorePinFile != null && new File(trustStorePinFile).exists()) {
            String str = null;
            BufferedReader bufferedReader = null;
            try {
                try {
                    bufferedReader = new BufferedReader(new FileReader(trustStorePinFile));
                    str = bufferedReader.readLine();
                    try {
                        bufferedReader.close();
                    } catch (Exception e3) {
                    }
                } catch (IOException e4) {
                    list.add(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(String.valueOf(trustStorePinFile), String.valueOf(dn), StaticUtils.getExceptionMessage(e4)));
                    z = false;
                    try {
                        bufferedReader.close();
                    } catch (Exception e5) {
                    }
                }
                if (str == null) {
                    list.add(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(String.valueOf(trustStorePinFile), String.valueOf(dn)));
                    z = false;
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Exception e6) {
                }
                throw th;
            }
        }
        return z;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(TrustStoreBackendCfg trustStoreBackendCfg) {
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        DN dn = trustStoreBackendCfg.dn();
        String trustStoreFile = trustStoreBackendCfg.getTrustStoreFile();
        File fileForPath = StaticUtils.getFileForPath(trustStoreFile);
        if (!fileForPath.exists() || !fileForPath.isFile()) {
            resultCode = DirectoryServer.getServerErrorResultCode();
            arrayList.add(BackendMessages.ERR_TRUSTSTORE_NO_SUCH_FILE.get(String.valueOf(trustStoreFile), String.valueOf(dn)));
        }
        String trustStoreType = trustStoreBackendCfg.getTrustStoreType();
        if (trustStoreType == null) {
            trustStoreType = KeyStore.getDefaultType();
        }
        try {
            KeyStore.getInstance(trustStoreType);
        } catch (KeyStoreException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            arrayList.add(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(String.valueOf(trustStoreType), String.valueOf(dn), StaticUtils.getExceptionMessage(e)));
            resultCode = DirectoryServer.getServerErrorResultCode();
        }
        char[] cArr = null;
        String trustStorePinProperty = trustStoreBackendCfg.getTrustStorePinProperty();
        if (trustStorePinProperty == null) {
            String trustStorePinEnvironmentVariable = trustStoreBackendCfg.getTrustStorePinEnvironmentVariable();
            if (trustStorePinEnvironmentVariable == null) {
                String trustStorePinFile = trustStoreBackendCfg.getTrustStorePinFile();
                if (trustStorePinFile == null) {
                    String trustStorePin = trustStoreBackendCfg.getTrustStorePin();
                    cArr = trustStorePin == null ? null : trustStorePin.toCharArray();
                } else {
                    File fileForPath2 = StaticUtils.getFileForPath(trustStorePinFile);
                    if (fileForPath2.exists()) {
                        String str = null;
                        BufferedReader bufferedReader = null;
                        try {
                            try {
                                bufferedReader = new BufferedReader(new FileReader(fileForPath2));
                                str = bufferedReader.readLine();
                                try {
                                    bufferedReader.close();
                                } catch (Exception e2) {
                                }
                            } catch (IOException e3) {
                                resultCode = DirectoryServer.getServerErrorResultCode();
                                arrayList.add(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(String.valueOf(trustStorePinFile), String.valueOf(dn), StaticUtils.getExceptionMessage(e3)));
                                try {
                                    bufferedReader.close();
                                } catch (Exception e4) {
                                }
                            }
                            if (str == null) {
                                resultCode = DirectoryServer.getServerErrorResultCode();
                                arrayList.add(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(String.valueOf(trustStorePinFile), String.valueOf(dn)));
                            } else {
                                cArr = str.toCharArray();
                            }
                        } catch (Throwable th) {
                            try {
                                bufferedReader.close();
                            } catch (Exception e5) {
                            }
                            throw th;
                        }
                    } else {
                        try {
                            cArr = createKeystorePassword();
                            createPINFile(fileForPath2.getPath(), new String(cArr));
                        } catch (Exception e6) {
                            resultCode = DirectoryServer.getServerErrorResultCode();
                            arrayList.add(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(String.valueOf(trustStorePinFile), String.valueOf(dn)));
                        }
                    }
                }
            } else {
                String str2 = System.getenv(trustStorePinEnvironmentVariable);
                if (str2 == null) {
                    resultCode = DirectoryServer.getServerErrorResultCode();
                    arrayList.add(BackendMessages.ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(String.valueOf(trustStorePinEnvironmentVariable), String.valueOf(dn)));
                } else {
                    cArr = str2.toCharArray();
                }
            }
        } else {
            String property = System.getProperty(trustStorePinProperty);
            if (property == null) {
                resultCode = DirectoryServer.getServerErrorResultCode();
                arrayList.add(BackendMessages.ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(String.valueOf(trustStorePinProperty), String.valueOf(dn)));
            } else {
                cArr = property.toCharArray();
            }
        }
        if (resultCode == ResultCode.SUCCESS) {
            this.trustStoreFile = trustStoreFile;
            this.trustStoreType = trustStoreType;
            this.trustStorePIN = cArr;
            this.configuration = trustStoreBackendCfg;
            this.certificateManager = new CertificateManager(StaticUtils.getFileForPath(this.trustStoreFile).getPath(), this.trustStoreType, new String(this.trustStorePIN));
        }
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    public static DN makeChildDN(DN dn, AttributeType attributeType, String str) {
        return dn.concat(RDN.create(attributeType, AttributeValues.create(attributeType, str)));
    }

    public KeyManager[] getKeyManagers() throws DirectoryException {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
            FileInputStream fileInputStream = new FileInputStream(StaticUtils.getFileForPath(this.trustStoreFile));
            keyStore.load(fileInputStream, this.trustStorePIN);
            fileInputStream.close();
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, this.trustStorePIN);
                return keyManagerFactory.getKeyManagers();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_CREATE_FACTORY.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_LOAD.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    public TrustManager[] getTrustManagers() throws DirectoryException {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
            FileInputStream fileInputStream = new FileInputStream(StaticUtils.getFileForPath(this.trustStoreFile));
            keyStore.load(fileInputStream, this.trustStorePIN);
            fileInputStream.close();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_CREATE_FACTORY.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_LOAD.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    public Key getKey(String str) throws DirectoryException {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
            FileInputStream fileInputStream = new FileInputStream(StaticUtils.getFileForPath(this.trustStoreFile));
            keyStore.load(fileInputStream, this.trustStorePIN);
            fileInputStream.close();
            try {
                return keyStore.getKey(str, this.trustStorePIN);
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ERROR_READING_KEY.get(str, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_LOAD.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    private void addCertificate(Entry entry) throws DirectoryException {
        DN dn = entry.getDN();
        AttributeValue attributeValue = dn.getRDN().getAttributeValue(DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID, true));
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(String.valueOf(dn)), this.baseDN, null);
        }
        String byteString = attributeValue.getValue().toString();
        try {
            if (this.certificateManager.aliasInUse(byteString)) {
                throw new DirectoryException(ResultCode.ENTRY_ALREADY_EXISTS, BackendMessages.ERR_TRUSTSTORE_ALIAS_IN_USE.get(String.valueOf(dn)));
            }
            if (entry.hasObjectClass(DirectoryServer.getObjectClass(ConfigConstants.OC_SELF_SIGNED_CERT_REQUEST, true))) {
                try {
                    this.certificateManager.generateSelfSignedCertificate(byteString, getADSCertificateSubjectDN(), getADSCertificateValidity());
                } catch (Exception e) {
                    throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
                }
            }
            List<Attribute> attribute = entry.getAttribute(ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE);
            if (attribute == null) {
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_MISSING_CERT_ATTR.get(String.valueOf(dn), ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            if (attribute.size() != 1) {
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_HAS_MULTIPLE_CERT_ATTRS.get(String.valueOf(dn), ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            Iterator<AttributeValue> it = attribute.get(0).iterator();
            if (!it.hasNext()) {
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_MISSING_CERT_VALUE.get(String.valueOf(dn), ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            ByteString value = it.next().getValue();
            if (it.hasNext()) {
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_HAS_MULTIPLE_CERT_VALUES.get(String.valueOf(dn), ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            try {
                File createTempFile = File.createTempFile(this.configuration.getBackendId(), byteString, StaticUtils.getFileForPath("config"));
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(createTempFile.getPath(), false);
                    try {
                        value.copyTo(fileOutputStream);
                        fileOutputStream.close();
                        this.certificateManager.addCertificate(byteString, createTempFile);
                        createTempFile.delete();
                    } catch (Throwable th) {
                        fileOutputStream.close();
                        throw th;
                    }
                } catch (Throwable th2) {
                    createTempFile.delete();
                    throw th2;
                }
            } catch (IOException e2) {
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_WRITE_CERT.get(byteString, StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    private void deleteCertificate(DN dn) throws DirectoryException {
        AttributeValue attributeValue = dn.getRDN().getAttributeValue(DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID, true));
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(String.valueOf(dn)), this.baseDN, null);
        }
        String byteString = attributeValue.getValue().toString();
        try {
            if (this.certificateManager.aliasInUse(byteString)) {
                this.certificateManager.removeCertificate(byteString);
            } else {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(String.valueOf(dn)));
            }
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_DELETE_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private static int getADSCertificateValidity() {
        return 7300;
    }

    private static String getADSCertificateSubjectDN() throws UnknownHostException {
        return "cn=" + Rdn.escapeValue(InetAddress.getLocalHost().getCanonicalHostName()) + ",O=OpenDS Certificate";
    }

    private static char[] createKeystorePassword() {
        char[] cArr = new char[50];
        Random random = new Random();
        for (int i = 0; i < 50; i++) {
            cArr[i] = getRandomChar(random, getRandomInt(random, 3));
        }
        return cArr;
    }

    private static char getRandomChar(Random random, int i) {
        char c;
        int nextInt = random.nextInt();
        switch (i) {
            case 0:
                int i2 = nextInt % 10;
                if (i2 < 0) {
                    i2 *= -1;
                }
                c = (char) (i2 + 48);
                break;
            case 1:
                int i3 = nextInt % 26;
                if (i3 < 0) {
                    i3 *= -1;
                }
                c = (char) (i3 + 97);
                break;
            default:
                int i4 = nextInt % 26;
                if (i4 < 0) {
                    i4 *= -1;
                }
                c = (char) (i4 + 65);
                break;
        }
        return c;
    }

    private static int getRandomInt(Random random, int i) {
        return random.nextInt() & i;
    }

    public static void createPINFile(String str, String str2) throws IOException {
        PrintWriter printWriter = new PrintWriter(new FileWriter(str));
        printWriter.println(str2);
        printWriter.flush();
        printWriter.close();
        if (FilePermission.canSetPermissions()) {
            try {
                if (!FilePermission.setPermissions(new File(str), new FilePermission(384))) {
                    ErrorLogger.logError(BackendMessages.WARN_TRUSTSTORE_SET_PERMISSIONS_FAILED.get(str));
                }
            } catch (DirectoryException e) {
                ErrorLogger.logError(BackendMessages.WARN_TRUSTSTORE_SET_PERMISSIONS_FAILED.get(str));
            }
        }
    }

    private void generateInstanceCertificateIfAbsent() throws InitializationException {
        try {
            if (this.certificateManager.aliasInUse(ConfigConstants.ADS_CERTIFICATE_ALIAS)) {
                return;
            }
            try {
                this.certificateManager.generateSelfSignedCertificate(ConfigConstants.ADS_CERTIFICATE_ALIAS, getADSCertificateSubjectDN(), getADSCertificateValidity());
            } catch (Exception e) {
                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(ConfigConstants.ADS_CERTIFICATE_ALIAS, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(ConfigConstants.ADS_CERTIFICATE_ALIAS, this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.Backend
    public void preloadEntryCache() throws UnsupportedOperationException {
        throw new UnsupportedOperationException("Operation not supported.");
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(TrustStoreBackendCfg trustStoreBackendCfg, List list) {
        return isConfigurationChangeAcceptable2(trustStoreBackendCfg, (List<Message>) list);
    }
}
