package org.wildfly.extension.elytron;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.logging.Logger;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.FileAttributeDefinitions;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.EmptyProvider;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.AtomicLoadKeyStore;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.keystore.KeyStoreUtil;
import org.wildfly.security.keystore.ModifyTrackingKeyStore;
import org.wildfly.security.keystore.UnmodifiableKeyStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.provider.util.ProviderUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/KeyStoreService.class */
public class KeyStoreService implements ModifiableKeyStoreService {
    private final String provider;
    private final String type;
    private final String path;
    private final String relativeTo;
    private final boolean required;
    private final String aliasFilter;
    private FileAttributeDefinitions.PathResolver pathResolver;
    private File resolvedPath;
    private volatile long synched;
    private final InjectedValue<PathManager> pathManager = new InjectedValue<>();
    private final InjectedValue<Provider[]> providers = new InjectedValue<>();
    private final InjectedValue<ExceptionSupplier<CredentialSource, Exception>> credentialSourceSupplier = new InjectedValue<>();
    private volatile AtomicLoadKeyStore keyStore = null;
    private volatile ModifyTrackingKeyStore trackingKeyStore = null;
    private volatile KeyStore unmodifiableKeyStore = null;

    /* loaded from: input_file:org/wildfly/extension/elytron/KeyStoreService$LoadKey.class */
    static class LoadKey {
        private final AtomicLoadKeyStore.LoadKey loadKey;
        private final long modifiedTime;
        private final boolean modified;

        LoadKey(AtomicLoadKeyStore.LoadKey loadKey, long j, boolean z) {
            this.loadKey = loadKey;
            this.modifiedTime = j;
            this.modified = z;
        }
    }

    private KeyStoreService(String str, String str2, String str3, String str4, boolean z, String str5) {
        this.provider = str;
        this.type = str2;
        this.relativeTo = str3;
        this.path = str4;
        this.required = z;
        this.aliasFilter = str5;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStoreService createFileLessKeyStoreService(String str, String str2, String str3) {
        return new KeyStoreService(str, str2, null, null, false, str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStoreService createFileBasedKeyStoreService(String str, String str2, String str3, String str4, boolean z, String str5) {
        return new KeyStoreService(str, str2, str3, str4, z, str5);
    }

    public void start(StartContext startContext) throws StartException {
        try {
            AtomicLoadKeyStore atomicLoadKeyStore = null;
            if (this.type != null) {
                atomicLoadKeyStore = AtomicLoadKeyStore.newInstance(this.type, resolveProvider());
            }
            if (this.path != null) {
                this.pathResolver = FileAttributeDefinitions.pathResolver();
                this.resolvedPath = getResolvedPath(this.pathResolver, this.path, this.relativeTo);
            }
            this.synched = System.currentTimeMillis();
            if (this.resolvedPath != null && !this.resolvedPath.exists()) {
                if (this.required || this.type == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreFileNotExists(this.resolvedPath.getAbsolutePath());
                }
                ElytronSubsystemMessages.ROOT_LOGGER.keyStoreFileNotExistsButIgnored(this.resolvedPath.getAbsolutePath());
            }
            FileInputStream fileInputStream = (this.resolvedPath == null || !this.resolvedPath.exists()) ? null : new FileInputStream(this.resolvedPath);
            Throwable th = null;
            try {
                char[] resolvePassword = resolvePassword();
                ElytronSubsystemMessages elytronSubsystemMessages = ElytronSubsystemMessages.ROOT_LOGGER;
                Object[] objArr = new Object[6];
                objArr[0] = this.type;
                objArr[1] = this.provider;
                objArr[2] = this.path;
                objArr[3] = this.resolvedPath;
                objArr[4] = Boolean.valueOf(resolvePassword != null);
                objArr[5] = this.aliasFilter;
                elytronSubsystemMessages.tracef("starting:  type = %s  provider = %s  path = %s  resolvedPath = %s  password = %b  aliasFilter = %s", objArr);
                if (fileInputStream == null) {
                    synchronized (EmptyProvider.getInstance()) {
                        atomicLoadKeyStore.load((InputStream) null, resolvePassword);
                    }
                } else if (this.type != null) {
                    atomicLoadKeyStore.load(fileInputStream, resolvePassword);
                } else {
                    Provider[] providerArr = (Provider[]) this.providers.getOptionalValue();
                    if (providerArr == null) {
                        providerArr = Security.getProviders();
                    }
                    Provider[] providerArr2 = providerArr;
                    KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(() -> {
                        return providerArr2;
                    }, this.provider, fileInputStream, this.resolvedPath.getPath(), resolvePassword);
                    if (loadKeyStore == null) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToDetectKeyStore(this.resolvedPath.getPath());
                    }
                    atomicLoadKeyStore = AtomicLoadKeyStore.atomize(loadKeyStore);
                }
                checkCertificatesValidity(atomicLoadKeyStore);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                this.keyStore = atomicLoadKeyStore;
                AtomicLoadKeyStore filteringKeyStore = this.aliasFilter != null ? FilteringKeyStore.filteringKeyStore(atomicLoadKeyStore, AliasFilter.fromString(this.aliasFilter)) : atomicLoadKeyStore;
                this.trackingKeyStore = ModifyTrackingKeyStore.modifyTrackingKeyStore(filteringKeyStore);
                this.unmodifiableKeyStore = UnmodifiableKeyStore.unmodifiableKeyStore(filteringKeyStore);
            } finally {
            }
        } catch (Exception e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToStartService(e);
        }
    }

    private Provider resolveProvider() throws StartException {
        Provider[] providerArr = (Provider[]) this.providers.getOptionalValue();
        Provider findProvider = ProviderUtil.findProvider(() -> {
            return providerArr == null ? Security.getProviders() : providerArr;
        }, this.provider, KeyStore.class, this.type);
        if (findProvider == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.noSuitableProvider(this.type);
        }
        return findProvider;
    }

    private AtomicLoadKeyStore.LoadKey load(AtomicLoadKeyStore atomicLoadKeyStore) throws Exception {
        FileInputStream fileInputStream = this.resolvedPath != null ? new FileInputStream(this.resolvedPath) : null;
        Throwable th = null;
        try {
            try {
                AtomicLoadKeyStore.LoadKey revertibleLoad = atomicLoadKeyStore.revertibleLoad(fileInputStream, resolvePassword());
                checkCertificatesValidity(atomicLoadKeyStore);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return revertibleLoad;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void checkCertificatesValidity(KeyStore keyStore) throws KeyStoreException {
        if (ElytronSubsystemMessages.ROOT_LOGGER.isEnabled(Logger.Level.WARN)) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    try {
                        ((X509Certificate) certificate).checkValidity();
                    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                        ElytronSubsystemMessages.ROOT_LOGGER.certificateNotValid(nextElement, e);
                    }
                }
            }
        }
    }

    public void stop(StopContext stopContext) {
        ElytronSubsystemMessages.ROOT_LOGGER.tracef("stopping:  keyStore = %s  unmodifiableKeyStore = %s  trackingKeyStore = %s  pathResolver = %s", new Object[]{this.keyStore, this.unmodifiableKeyStore, this.trackingKeyStore, this.pathResolver});
        this.keyStore = null;
        this.unmodifiableKeyStore = null;
        this.trackingKeyStore = null;
        if (this.pathResolver != null) {
            this.pathResolver.clear();
            this.pathResolver = null;
        }
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public KeyStore m59getValue() throws IllegalStateException, IllegalArgumentException {
        return this.unmodifiableKeyStore;
    }

    @Override // org.wildfly.extension.elytron.ModifiableKeyStoreService
    public KeyStore getModifiableValue() {
        return this.trackingKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<PathManager> getPathManagerInjector() {
        return this.pathManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<Provider[]> getProvidersInjector() {
        return this.providers;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<ExceptionSupplier<CredentialSource, Exception>> getCredentialSourceSupplierInjector() {
        return this.credentialSourceSupplier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long timeSynched() {
        return this.synched;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LoadKey load() throws OperationFailedException {
        try {
            ElytronSubsystemMessages.ROOT_LOGGER.tracef("reloading KeyStore from file [%s]", this.resolvedPath);
            AtomicLoadKeyStore.LoadKey load = load(this.keyStore);
            long j = this.synched;
            this.synched = System.currentTimeMillis();
            boolean isModified = this.trackingKeyStore.isModified();
            this.trackingKeyStore.setModified(false);
            return new LoadKey(load, j, isModified);
        } catch (Exception e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e, e.getLocalizedMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void revertLoad(LoadKey loadKey) {
        ElytronSubsystemMessages.ROOT_LOGGER.trace("reverting load of KeyStore");
        this.keyStore.revert(loadKey.loadKey);
        this.synched = loadKey.modifiedTime;
        this.trackingKeyStore.setModified(loadKey.modified);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void save() throws OperationFailedException {
        if (this.resolvedPath == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.cantSaveWithoutFile(this.path);
        }
        ElytronSubsystemMessages.ROOT_LOGGER.tracef("saving KeyStore to the file [%s]", this.resolvedPath);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.resolvedPath);
            Throwable th = null;
            try {
                try {
                    this.keyStore.store(fileOutputStream, resolvePassword());
                    this.synched = System.currentTimeMillis();
                    this.trackingKeyStore.setModified(false);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e, e.getLocalizedMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isModified() {
        return this.trackingKeyStore.isModified();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public char[] resolveKeyPassword(ExceptionSupplier<CredentialSource, Exception> exceptionSupplier) throws Exception {
        if (exceptionSupplier == null) {
            return resolvePassword();
        }
        CredentialSource credentialSource = (CredentialSource) exceptionSupplier.get();
        String path = this.resolvedPath != null ? this.resolvedPath.getPath() : "null";
        if (credentialSource == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyPasswordCannotBeResolved(path);
        }
        PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
        if (credential == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyPasswordCannotBeResolved(path);
        }
        ClearPassword password = credential.getPassword(ClearPassword.class);
        if (password == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyPasswordCannotBeResolved(path);
        }
        return password.getPassword();
    }

    private char[] resolvePassword() throws Exception {
        ExceptionSupplier exceptionSupplier = (ExceptionSupplier) this.credentialSourceSupplier.getValue();
        CredentialSource credentialSource = exceptionSupplier != null ? (CredentialSource) exceptionSupplier.get() : null;
        String path = this.resolvedPath != null ? this.resolvedPath.getPath() : "null";
        if (credentialSource == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyStorePasswordCannotBeResolved(path);
        }
        PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
        if (credential == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyStorePasswordCannotBeResolved(path);
        }
        ClearPassword password = credential.getPassword(ClearPassword.class);
        if (password == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.keyStorePasswordCannotBeResolved(path);
        }
        return password.getPassword();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public File getResolvedPath(FileAttributeDefinitions.PathResolver pathResolver, String str, String str2) {
        pathResolver.path(str);
        if (str2 != null) {
            pathResolver.relativeTo(str2, (PathManager) this.pathManager.getValue());
        }
        return pathResolver.resolve();
    }
}
