package org.jboss.as.domain.management.security;

import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.jboss.as.controller.services.path.PathEntry;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/as/domain/management/security/FileKeyManagerService.class */
public class FileKeyManagerService extends AbstractKeyManagerService {
    public static final String SHA_256_WITH_RSA = "SHA256withRSA";
    private final InjectedValue<PathManager> pathManager;
    private volatile String provider;
    private volatile String path;
    private volatile String relativeTo;
    private volatile String alias;
    private volatile FileKeystore keyStore;
    private String autoGenerateCertHostName;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FileKeyManagerService(String str, String str2, String str3, char[] cArr, char[] cArr2, String str4, String str5) {
        super(cArr, cArr2);
        this.pathManager = new InjectedValue<>();
        this.provider = str;
        this.path = str2;
        this.relativeTo = str3;
        this.alias = str4;
        this.autoGenerateCertHostName = str5;
    }

    public String getProvider() {
        return this.provider;
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public String getPath() {
        return this.path;
    }

    public void setPath(String str) {
        this.path = str;
    }

    public String getRelativeTo() {
        return this.relativeTo;
    }

    public void setRelativeTo(String str) {
        this.relativeTo = str;
    }

    public String getAlias() {
        return this.alias;
    }

    public void setAlias(String str) {
        this.alias = str;
    }

    @Override // org.jboss.as.domain.management.security.AbstractKeyManagerService
    public void stop(StopContext stopContext) {
        super.stop(stopContext);
        this.keyStore = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.domain.management.security.AbstractKeyManagerService
    public boolean isLazy() {
        return this.keyStore == null;
    }

    @Override // org.jboss.as.domain.management.security.AbstractKeyManagerService
    protected KeyStore loadKeyStore(boolean z) {
        try {
            if (this.keyStore != null) {
                if (this.keyStore.isModified()) {
                    this.keyStore.load();
                }
                return this.keyStore.getKeyStore();
            }
            String str = this.path;
            if (this.relativeTo != null) {
                PathManager pathManager = (PathManager) this.pathManager.getValue();
                str = pathManager.resolveRelativePathEntry(str, this.relativeTo);
                pathManager.registerCallback(this.relativeTo, new PathManager.Callback() { // from class: org.jboss.as.domain.management.security.FileKeyManagerService.1
                    public void pathModelEvent(PathManager.PathEventContext pathEventContext, String str2) {
                        if (pathEventContext.isResourceServiceRestartAllowed()) {
                            return;
                        }
                        pathEventContext.reloadRequired();
                    }

                    public void pathEvent(PathManager.Event event, PathEntry pathEntry) {
                    }
                }, new PathManager.Event[]{PathManager.Event.REMOVED, PathManager.Event.UPDATED});
            }
            File file = new File(str);
            if (!file.exists() && this.autoGenerateCertHostName != null) {
                if (z) {
                    DomainManagementLogger.SECURITY_LOGGER.keystoreWillBeCreated(str, this.autoGenerateCertHostName);
                    return null;
                }
                generateFileKeyStore(file);
            }
            this.keyStore = FileKeystore.newKeyStore(this.provider, str, resolveKeystorePassword(), resolveKeyPassword(), this.alias);
            this.keyStore.load();
            return this.keyStore.getKeyStore();
        } catch (StartException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }

    private void generateFileKeyStore(File file) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X509Certificate generateCertificate = generateCertificate(generateKeyPair);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, resolveKeystorePassword());
            keyStore.setKeyEntry(this.alias, generateKeyPair.getPrivate(), resolveKeyPassword(), new X509Certificate[]{generateCertificate});
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            Throwable th = null;
            try {
                try {
                    keyStore.store(fileOutputStream, resolveKeystorePassword());
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    DomainManagementLogger.SECURITY_LOGGER.keystoreHasBeenCreated(file.toString(), getSha1Fingerprint(generateCertificate, "SHA-1"), getSha1Fingerprint(generateCertificate, "SHA-256"));
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw DomainManagementLogger.SECURITY_LOGGER.failedToGenerateSelfSignedCertificate(e);
        }
    }

    X509Certificate generateCertificate(KeyPair keyPair) throws Exception {
        PrivateKey privateKey = keyPair.getPrivate();
        X509CertificateBuilder x509CertificateBuilder = new X509CertificateBuilder();
        Date date = new Date();
        Date date2 = new Date(date.getTime() + 315360000000L);
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        x509CertificateBuilder.setNotValidAfter(ZonedDateTime.ofInstant(Instant.ofEpochMilli(date2.getTime()), TimeZone.getDefault().toZoneId()));
        x509CertificateBuilder.setNotValidBefore(ZonedDateTime.ofInstant(Instant.ofEpochMilli(date.getTime()), TimeZone.getDefault().toZoneId()));
        x509CertificateBuilder.setSerialNumber(bigInteger);
        X500Principal x500Principal = new X500Principal("CN=" + this.autoGenerateCertHostName);
        x509CertificateBuilder.setSubjectDn(x500Principal);
        x509CertificateBuilder.setIssuerDn(x500Principal);
        x509CertificateBuilder.setPublicKey(keyPair.getPublic());
        x509CertificateBuilder.setVersion(3);
        x509CertificateBuilder.setSignatureAlgorithmName(SHA_256_WITH_RSA);
        x509CertificateBuilder.setSigningKey(privateKey);
        return x509CertificateBuilder.build();
    }

    private static String getSha1Fingerprint(X509Certificate x509Certificate, String str) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(x509Certificate.getEncoded());
        return hexify(messageDigest.digest());
    }

    private static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(":");
            }
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    public Injector<PathManager> getPathManagerInjector() {
        return this.pathManager;
    }
}
