package org.apache.geronimo.security.keystore;

import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.crypto.KeystoreUtil;
import org.apache.geronimo.crypto.jce.X509Principal;
import org.apache.geronimo.crypto.jce.X509V1CertificateGenerator;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.GBeanData;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.config.ConfigurationUtil;
import org.apache.geronimo.kernel.config.EditableConfigurationManager;
import org.apache.geronimo.kernel.config.InvalidConfigException;
import org.apache.geronimo.kernel.util.InputUtils;
import org.apache.geronimo.management.geronimo.KeystoreException;
import org.apache.geronimo.management.geronimo.KeystoreInstance;
import org.apache.geronimo.management.geronimo.KeystoreIsLocked;
import org.apache.geronimo.management.geronimo.KeystoreManager;
import org.apache.geronimo.system.serverinfo.ServerInfo;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;

/* loaded from: input_file:WEB-INF/lib/geronimo-security-2.1.4.jar:org/apache/geronimo/security/keystore/FileKeystoreManager.class */
public class FileKeystoreManager implements KeystoreManager, GBeanLifecycle {
    private static final Log log = LogFactory.getLog(FileKeystoreManager.class);
    private File directory;
    private ServerInfo serverInfo;
    private URI configuredDir;
    private Collection keystores;
    private Kernel kernel;
    public static final GBeanInfo GBEAN_INFO;

    public FileKeystoreManager(URI uri, ServerInfo serverInfo, Collection collection, Kernel kernel) {
        this.configuredDir = uri;
        this.serverInfo = serverInfo;
        this.keystores = collection;
        this.kernel = kernel;
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doStart() throws Exception {
        URI resolveServer = this.serverInfo != null ? this.serverInfo.resolveServer(this.configuredDir) : this.configuredDir;
        if (!resolveServer.getScheme().equals("file")) {
            throw new IllegalStateException("FileKeystoreManager must have a root that's a local directory (not " + resolveServer + ")");
        }
        this.directory = new File(resolveServer);
        if (!this.directory.exists() || !this.directory.isDirectory() || !this.directory.canRead()) {
            throw new IllegalStateException("FileKeystoreManager must have a root that's a valid readable directory (not " + this.directory.getAbsolutePath() + ")");
        }
        log.debug("Keystore directory is " + this.directory.getAbsolutePath());
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doStop() throws Exception {
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doFail() {
    }

    public String[] listKeystoreFiles() {
        File[] listFiles = this.directory.listFiles();
        ArrayList arrayList = new ArrayList();
        for (File file : listFiles) {
            if (file.canRead() && !file.isDirectory()) {
                arrayList.add(file.getName());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public KeystoreInstance[] getKeystores() {
        String[] listKeystoreFiles = listKeystoreFiles();
        KeystoreInstance[] keystoreInstanceArr = new KeystoreInstance[listKeystoreFiles.length];
        for (int i = 0; i < keystoreInstanceArr.length; i++) {
            keystoreInstanceArr[i] = getKeystore(listKeystoreFiles[i], null);
            if (keystoreInstanceArr[i] == null) {
                return null;
            }
        }
        return keystoreInstanceArr;
    }

    public KeystoreInstance getKeystore(String str, String str2) {
        for (KeystoreInstance keystoreInstance : this.keystores) {
            if (keystoreInstance.getKeystoreName().equals(str)) {
                return keystoreInstance;
            }
        }
        File file = new File(this.directory, str);
        if (!file.exists() || !file.canRead()) {
            throw new IllegalArgumentException("Cannot access keystore " + file.getAbsolutePath() + QuickTargetSourceCreator.PREFIX_PROTOTYPE);
        }
        AbstractName abstractNameFor = this.kernel.getAbstractNameFor(this);
        AbstractName createSiblingName = this.kernel.getNaming().createSiblingName(abstractNameFor, str, NameFactory.KEYSTORE_INSTANCE);
        GBeanData gBeanData = new GBeanData(createSiblingName, FileKeystoreInstance.getGBeanInfo());
        try {
            String uri = this.configuredDir.toString();
            if (!uri.endsWith("/")) {
                uri = uri + "/";
            }
            gBeanData.setAttribute("keystorePath", new URI(uri + str));
            gBeanData.setReferencePattern("ServerInfo", this.kernel.getAbstractNameFor(this.serverInfo));
            gBeanData.setAttribute("keystoreName", str);
            if (str2 == null) {
                if (str.lastIndexOf(".") == -1) {
                    str2 = KeystoreUtil.defaultType;
                    log.warn("keystoreType for new keystore \"" + str + "\" set to default type \"" + str2 + "\".");
                } else {
                    str2 = str.substring(str.lastIndexOf(".") + 1);
                    log.warn("keystoreType for new keystore \"" + str + "\" set to \"" + str2 + "\" based on file extension.");
                }
            }
            gBeanData.setAttribute("keystoreType", str2);
            EditableConfigurationManager editableConfigurationManager = ConfigurationUtil.getEditableConfigurationManager(this.kernel);
            try {
                if (editableConfigurationManager == null) {
                    log.warn("The ConfigurationManager in the kernel does not allow changes at runtime");
                    return null;
                }
                try {
                    editableConfigurationManager.addGBeanToConfiguration(abstractNameFor.getArtifact(), gBeanData, true);
                    KeystoreInstance keystoreInstance2 = (KeystoreInstance) this.kernel.getProxyManager().createProxy(createSiblingName, KeystoreInstance.class);
                    ConfigurationUtil.releaseConfigurationManager(this.kernel, editableConfigurationManager);
                    return keystoreInstance2;
                } catch (InvalidConfigException e) {
                    log.error("Should never happen", e);
                    throw new IllegalStateException("Unable to add Keystore GBean (" + e.getMessage() + ")", e);
                }
            } catch (Throwable th) {
                ConfigurationUtil.releaseConfigurationManager(this.kernel, editableConfigurationManager);
                throw th;
            }
        } catch (URISyntaxException e2) {
            throw new IllegalStateException("Can't resolve keystore path: " + e2.getMessage(), e2);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public SSLSocketFactory createSSLFactory(String str, String str2, String str3, String str4, ClassLoader classLoader) throws KeystoreException {
        return createSSLFactory(str, str2, str3, null, null, str4, classLoader);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public SSLSocketFactory createSSLFactory(String str, String str2, String str3, String str4, String str5, String str6, ClassLoader classLoader) throws KeystoreException {
        KeystoreInstance keystoreInstance = null;
        if (str4 != null) {
            keystoreInstance = getKeystore(str4, null);
            if (keystoreInstance.isKeystoreLocked()) {
                throw new KeystoreIsLocked("Keystore '" + str4 + "' is locked; please use the keystore page in the admin console to unlock it");
            }
            if (keystoreInstance.isKeyLocked(str5)) {
                throw new KeystoreIsLocked("Key '" + str5 + "' in keystore '" + str4 + "' is locked; please use the keystore page in the admin console to unlock it");
            }
        }
        KeystoreInstance keystore = str6 == null ? null : getKeystore(str6, null);
        if (keystore != null && keystore.isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + str6 + "' is locked; please use the keystore page in the admin console to unlock it");
        }
        try {
            Class<?> loadClass = classLoader.loadClass("javax.net.ssl.SSLContext");
            Object invoke = loadClass.getMethod("getInstance", String.class).invoke(null, str2);
            Method method = loadClass.getMethod("init", Class.forName("[Ljavax.net.ssl.KeyManager;", false, classLoader), Class.forName("[Ljavax.net.ssl.TrustManager;", false, classLoader), classLoader.loadClass("java.security.SecureRandom"));
            Object[] objArr = new Object[3];
            objArr[0] = keystoreInstance == null ? null : keystoreInstance.getKeyManager(str3, str5, null);
            objArr[1] = keystore == null ? null : keystore.getTrustManager(str3, null);
            objArr[2] = new SecureRandom();
            method.invoke(invoke, objArr);
            return (SSLSocketFactory) loadClass.getMethod("getSocketFactory", new Class[0]).invoke(invoke, new Object[0]);
        } catch (Exception e) {
            throw new KeystoreException("Unable to create SSL Factory", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public SSLServerSocketFactory createSSLServerFactory(String str, String str2, String str3, String str4, String str5, String str6, ClassLoader classLoader) throws KeystoreException {
        SSLContext createSSLContext = createSSLContext(str, str2, str3, str4, str5, str6, classLoader);
        try {
            return (SSLServerSocketFactory) createSSLContext.getClass().getMethod("getServerSocketFactory", new Class[0]).invoke(createSSLContext, new Object[0]);
        } catch (Exception e) {
            throw new KeystoreException("Unable to create SSL Server Factory", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public SSLContext createSSLContext(String str, String str2, String str3, String str4, String str5, String str6, ClassLoader classLoader) throws KeystoreException {
        KeystoreInstance keystore = getKeystore(str4, null);
        if (keystore.isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + str4 + "' is locked; please use the keystore page in the admin console to unlock it");
        }
        if (keystore.isKeyLocked(str5)) {
            throw new KeystoreIsLocked("Key '" + str5 + "' in keystore '" + str4 + "' is locked; please use the keystore page in the admin console to unlock it");
        }
        KeystoreInstance keystore2 = str6 == null ? null : getKeystore(str6, null);
        if (keystore2 != null && keystore2.isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + str6 + "' is locked; please use the keystore page in the admin console to unlock it");
        }
        try {
            Class<?> loadClass = classLoader.loadClass("javax.net.ssl.SSLContext");
            Object invoke = loadClass.getMethod("getInstance", String.class).invoke(null, str2);
            Method method = loadClass.getMethod("init", Class.forName("[Ljavax.net.ssl.KeyManager;", false, classLoader), Class.forName("[Ljavax.net.ssl.TrustManager;", false, classLoader), classLoader.loadClass("java.security.SecureRandom"));
            Object[] objArr = new Object[3];
            objArr[0] = keystore.getKeyManager(str3, str5, null);
            objArr[1] = keystore2 == null ? null : keystore2.getTrustManager(str3, null);
            objArr[2] = new SecureRandom();
            method.invoke(invoke, objArr);
            return (SSLContext) invoke;
        } catch (Exception e) {
            throw new KeystoreException("Unable to create SSL Context", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public KeystoreInstance createKeystore(String str, char[] cArr, String str2) throws KeystoreException {
        InputUtils.validateSafeInput(str);
        File file = new File(this.directory, str);
        if (file.exists()) {
            throw new IllegalArgumentException("Keystore already exists " + file.getAbsolutePath() + QuickTargetSourceCreator.PREFIX_PROTOTYPE);
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyStore.load(null, cArr);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
            keyStore.store(bufferedOutputStream, cArr);
            bufferedOutputStream.flush();
            bufferedOutputStream.close();
            return getKeystore(str, str2);
        } catch (IOException e) {
            throw new KeystoreException("Unable to create keystore", e);
        } catch (KeyStoreException e2) {
            throw new KeystoreException("Unable to create keystore", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeystoreException("Unable to create keystore", e3);
        } catch (CertificateException e4) {
            throw new KeystoreException("Unable to create keystore", e4);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public KeystoreInstance[] getUnlockedKeyStores() {
        ArrayList arrayList = new ArrayList();
        for (KeystoreInstance keystoreInstance : this.keystores) {
            try {
                if (!keystoreInstance.isKeystoreLocked() && keystoreInstance.getUnlockedKeys(null).length > 0) {
                    arrayList.add(keystoreInstance);
                }
            } catch (KeystoreException e) {
            }
        }
        return (KeystoreInstance[]) arrayList.toArray(new KeystoreInstance[arrayList.size()]);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreManager
    public KeystoreInstance[] getUnlockedTrustStores() {
        ArrayList arrayList = new ArrayList();
        for (KeystoreInstance keystoreInstance : this.keystores) {
            try {
                if (!keystoreInstance.isKeystoreLocked() && keystoreInstance.isTrustStore(null)) {
                    arrayList.add(keystoreInstance);
                }
            } catch (KeystoreException e) {
            }
        }
        return (KeystoreInstance[]) arrayList.toArray(new KeystoreInstance[arrayList.size()]);
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    public X509Certificate generateCert(PublicKey publicKey, PrivateKey privateKey, String str, int i, String str2, String str3, String str4, String str5, String str6, String str7) throws SignatureException, InvalidKeyException {
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        Vector vector = new Vector();
        Hashtable hashtable = new Hashtable();
        if (str2 != null) {
            hashtable.put(X509Principal.CN, str2);
            vector.add(X509Principal.CN);
        }
        if (str3 != null) {
            hashtable.put(X509Principal.OU, str3);
            vector.add(X509Principal.OU);
        }
        if (str4 != null) {
            hashtable.put(X509Principal.O, str4);
            vector.add(X509Principal.O);
        }
        if (str5 != null) {
            hashtable.put(X509Principal.L, str5);
            vector.add(X509Principal.L);
        }
        if (str6 != null) {
            hashtable.put(X509Principal.ST, str6);
            vector.add(X509Principal.ST);
        }
        if (str7 != null) {
            hashtable.put(X509Principal.C, str7);
            vector.add(X509Principal.C);
        }
        X509Principal x509Principal = new X509Principal(vector, hashtable);
        x509V1CertificateGenerator.setIssuerDN(x509Principal);
        long currentTimeMillis = System.currentTimeMillis();
        x509V1CertificateGenerator.setNotBefore(new Date(currentTimeMillis));
        x509V1CertificateGenerator.setNotAfter(new Date(currentTimeMillis + (i * 24 * 60 * 60 * 1000)));
        x509V1CertificateGenerator.setSubjectDN(x509Principal);
        x509V1CertificateGenerator.setPublicKey(publicKey);
        x509V1CertificateGenerator.setSignatureAlgorithm(str);
        x509V1CertificateGenerator.setSerialNumber(new BigInteger(String.valueOf(currentTimeMillis)));
        return x509V1CertificateGenerator.generateX509Certificate(privateKey);
    }

    static {
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic(FileKeystoreManager.class);
        createStatic.addAttribute("keystoreDir", URI.class, true);
        createStatic.addAttribute("kernel", Kernel.class, false);
        createStatic.addReference("ServerInfo", ServerInfo.class, "GBean");
        createStatic.addReference("KeystoreInstances", KeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
        createStatic.addInterface(KeystoreManager.class);
        createStatic.setConstructor(new String[]{"keystoreDir", "ServerInfo", "KeystoreInstances", "kernel"});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
