package org.wildfly.extension.elytron;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BooleanSupplier;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.MapAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleMapAttributeDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.controller.operations.validation.AllowedValuesValidator;
import org.jboss.as.controller.operations.validation.IntRangeValidator;
import org.jboss.as.controller.operations.validation.ModelTypeValidator;
import org.jboss.as.controller.operations.validation.ParameterValidator;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.TrivialResourceDefinition;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.RealmMapper;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.ssl.CipherSuiteSelector;
import org.wildfly.security.ssl.Protocol;
import org.wildfly.security.ssl.ProtocolSelector;
import org.wildfly.security.ssl.SNIContextMatcher;
import org.wildfly.security.ssl.SNISSLContext;
import org.wildfly.security.ssl.SSLContextBuilder;
import org.wildfly.security.ssl.X509CRLExtendedTrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions.class */
public class SSLDefinitions {
    private static final BooleanSupplier IS_FIPS = getFipsSupplier();
    static final ServiceUtil<SSLContext> SERVER_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SERVER_SSL_CONTEXT, SSLContext.class);
    static final ServiceUtil<SSLContext> CLIENT_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY, ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, SSLContext.class);
    static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition PROVIDER_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDER_NAME, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition PROVIDERS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDERS, ModelType.STRING, true).setAllowExpression(false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition KEYSTORE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_STORE, ModelType.STRING, false).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition ALIAS_FILTER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALIAS_FILTER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition SECURITY_DOMAIN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECURITY_DOMAIN, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.ssl-context").setRestartAllServices().build();
    static final SimpleAttributeDefinition PRE_REALM_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRE_REALM_PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.ssl-context").setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition POST_REALM_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POST_REALM_PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.ssl-context").setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition FINAL_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FINAL_PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.ssl-context").setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition REALM_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM_MAPPER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.realm-mapper", "org.wildfly.security.ssl-context").setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition CIPHER_SUITE_FILTER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CIPHER_SUITE_FILTER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setRestartAllServices().setValidator(new CipherSuiteFilterValidator()).setDefaultValue(new ModelNode("DEFAULT")).build();
    private static final String[] ALLOWED_PROTOCOLS = {"SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
    static final StringListAttributeDefinition PROTOCOLS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.PROTOCOLS).setAllowExpression(true).setMinSize(1).setRequired(false).setAllowedValues(ALLOWED_PROTOCOLS).setValidator(new StringValuesValidator(ALLOWED_PROTOCOLS)).setRestartAllServices().build();
    static final SimpleAttributeDefinition WANT_CLIENT_AUTH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.WANT_CLIENT_AUTH, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition NEED_CLIENT_AUTH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NEED_CLIENT_AUTH, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition AUTHENTICATION_OPTIONAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AUTHENTICATION_OPTIONAL, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition USE_CIPHER_SUITES_ORDER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.USE_CIPHER_SUITES_ORDER, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(true)).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition MAXIMUM_SESSION_CACHE_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MAXIMUM_SESSION_CACHE_SIZE, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(-1)).setValidator(new IntRangeValidator(-1)).setRestartAllServices().build();
    static final SimpleAttributeDefinition SESSION_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SESSION_TIMEOUT, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(-1)).setValidator(new IntRangeValidator(-1)).setRestartAllServices().build();
    static final SimpleAttributeDefinition WRAP = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.WRAP, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setRestartAllServices().build();
    static final SimpleAttributeDefinition KEY_MANAGER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_MANAGER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.key-manager", "org.wildfly.security.ssl-context").setRestartAllServices().setAllowExpression(false).build();
    static final SimpleAttributeDefinition TRUST_MANAGER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TRUST_MANAGER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.trust-manager", "org.wildfly.security.ssl-context").setRestartAllServices().setAllowExpression(false).build();
    private static final SimpleAttributeDefinition MAXIMUM_CERT_PATH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MAXIMUM_CERT_PATH, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(5)).setValidator(new IntRangeValidator(1)).setRestartAllServices().build();
    static final ObjectTypeAttributeDefinition CERTIFICATE_REVOCATION_LIST = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.CERTIFICATE_REVOCATION_LIST, new AttributeDefinition[]{FileAttributeDefinitions.PATH, FileAttributeDefinitions.RELATIVE_TO, MAXIMUM_CERT_PATH}).setRequired(false).setRestartAllServices().build();
    static final SimpleAttributeDefinition DEFAULT_SSL_CONTEXT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEFAULT_SSL_CONTEXT, ModelType.STRING).setCapabilityReference("org.wildfly.security.ssl-context").setRequired(true).setRestartAllServices().build();
    static final MapAttributeDefinition HOST_CONTEXT_MAP = new SimpleMapAttributeDefinition.Builder(ElytronDescriptionConstants.HOST_CONTEXT_MAP, ModelType.STRING, true).setMinSize(0).setAllowExpression(false).setCapabilityReference("org.wildfly.security.ssl-context").setMapValidator(new HostContextMapValidator()).setRestartAllServices().build();
    private static final SimpleAttributeDefinition ACTIVE_SESSION_COUNT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ACTIVE_SESSION_COUNT, ModelType.INT).setStorageRuntime().build();

    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$CipherSuiteFilterValidator.class */
    static class CipherSuiteFilterValidator extends ModelTypeValidator {
        CipherSuiteFilterValidator() {
            super(ModelType.STRING, true, true, false);
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined()) {
                try {
                    CipherSuiteSelector.fromString(modelNode.asString());
                } catch (IllegalArgumentException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.invalidCipherSuiteFilter(e, e.getLocalizedMessage());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$DelegatingKeyManager.class */
    public static class DelegatingKeyManager extends X509ExtendedKeyManager {
        private final AtomicReference<X509ExtendedKeyManager> delegating;

        private DelegatingKeyManager() {
            this.delegating = new AtomicReference<>();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) {
            this.delegating.set(x509ExtendedKeyManager);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.delegating.get().getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.delegating.get().chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.delegating.get().getServerAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.delegating.get().chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.delegating.get().getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegating.get().getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.delegating.get().chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.delegating.get().chooseEngineServerAlias(str, principalArr, sSLEngine);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$DelegatingTrustManager.class */
    public static class DelegatingTrustManager extends X509ExtendedTrustManager {
        private final AtomicReference<X509ExtendedTrustManager> delegating;

        private DelegatingTrustManager() {
            this.delegating = new AtomicReference<>();
        }

        public void setTrustManager(X509ExtendedTrustManager x509ExtendedTrustManager) {
            this.delegating.set(x509ExtendedTrustManager);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            this.delegating.get().checkClientTrusted(x509CertificateArr, str, socket);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            this.delegating.get().checkServerTrusted(x509CertificateArr, str, socket);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            this.delegating.get().checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            this.delegating.get().checkServerTrusted(x509CertificateArr, str, sSLEngine);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.delegating.get().checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.delegating.get().checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.delegating.get().getAcceptedIssuers();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$HostContextMapValidator.class */
    static class HostContextMapValidator implements ParameterValidator {
        static Pattern hostnamePattern = Pattern.compile("^([a-zA-Z0-9*]+(-[a-zA-Z0-9*]+)*\\.?)+[a-zA-Z0-9*]$");

        HostContextMapValidator() {
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            if (modelNode.isDefined()) {
                for (String str2 : modelNode.keys()) {
                    if (!hostnamePattern.matcher(str2).matches()) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.invalidHostContextMapValue(str2);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$ReloadableX509ExtendedTrustManager.class */
    private static abstract class ReloadableX509ExtendedTrustManager extends X509ExtendedTrustManager {
        private ReloadableX509ExtendedTrustManager() {
        }

        abstract void reload();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$SSLContextRuntimeHandler.class */
    public static abstract class SSLContextRuntimeHandler extends ElytronRuntimeOnlyHandler {
        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ServiceName serviceName = getSSLContextServiceUtil().serviceName(modelNode);
            ServiceController requiredService = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), serviceName, SSLContext.class);
            ServiceController.State state = requiredService.getState();
            if (state != ServiceController.State.UP) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.requiredServiceNotUp(serviceName, state);
            }
            performRuntime(operationContext.getResult(), modelNode, (SSLContext) requiredService.getService().getValue());
        }

        protected abstract void performRuntime(ModelNode modelNode, ModelNode modelNode2, SSLContext sSLContext) throws OperationFailedException;

        protected abstract ServiceUtil<SSLContext> getSSLContextServiceUtil();
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/SSLDefinitions$StringValuesValidator.class */
    static class StringValuesValidator extends ModelTypeValidator implements AllowedValuesValidator {
        private List<ModelNode> allowedValues;

        StringValuesValidator(String... strArr) {
            super(ModelType.STRING);
            this.allowedValues = new ArrayList();
            for (String str : strArr) {
                this.allowedValues.add(new ModelNode().set(str));
            }
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined() && !this.allowedValues.contains(modelNode)) {
                throw new OperationFailedException(ControllerLogger.ROOT_LOGGER.invalidValue(modelNode.asString(), str, this.allowedValues));
            }
        }

        public List<ModelNode> getAllowedValues() {
            return this.allowedValues;
        }
    }

    SSLDefinitions() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getKeyManagerDefinition() {
        StandardResourceDescriptionResolver resourceDescriptionResolver = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.KEY_MANAGER);
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDERS).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.key-manager").setAllowExpression(false).setRestartAllServices().build();
        final AttributeDefinition build2 = new SimpleAttributeDefinitionBuilder(KEYSTORE).setCapabilityReference("org.wildfly.security.key-store", "org.wildfly.security.key-manager").setAllowExpression(false).setRestartAllServices().build();
        final AttributeDefinition attributeDefinition = CredentialReference.getAttributeDefinition(true);
        AttributeDefinition[] attributeDefinitionArr = {ALGORITHM, build, PROVIDER_NAME, build2, ALIAS_FILTER, attributeDefinition};
        return TrivialResourceDefinition.builder().setPathKey(ElytronDescriptionConstants.KEY_MANAGER).setAddHandler(new TrivialAddHandler<KeyManager>(KeyManager.class, attributeDefinitionArr, Capabilities.KEY_MANAGER_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.SSLDefinitions.1
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<KeyManager> getValueSupplier(ServiceBuilder<KeyManager> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                String asStringOrNull = SSLDefinitions.ALGORITHM.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull2 = SSLDefinitions.PROVIDER_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull3 = build.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                InjectedValue injectedValue = new InjectedValue();
                if (asStringOrNull3 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", asStringOrNull3), Provider[].class), Provider[].class, injectedValue);
                }
                String asStringOrNull4 = build2.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                InjectedValue injectedValue2 = new InjectedValue();
                if (asStringOrNull4 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.key-store", asStringOrNull4), KeyStore.class), KeyStore.class, injectedValue2);
                }
                String asStringOrNull5 = SSLDefinitions.ALIAS_FILTER.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String defaultAlgorithm = asStringOrNull != null ? asStringOrNull : KeyManagerFactory.getDefaultAlgorithm();
                ExceptionSupplier credentialSourceSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, attributeDefinition, modelNode, serviceBuilder);
                DelegatingKeyManager delegatingKeyManager = new DelegatingKeyManager();
                return () -> {
                    Provider[] providerArr = (Provider[]) injectedValue.getOptionalValue();
                    KeyManagerFactory keyManagerFactory = null;
                    if (providerArr != null) {
                        for (Provider provider : providerArr) {
                            if (asStringOrNull2 == null || asStringOrNull2.equals(provider.getName())) {
                                try {
                                    keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm, provider);
                                    break;
                                } catch (NoSuchAlgorithmException e) {
                                }
                            }
                        }
                        if (keyManagerFactory == null) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCreateManagerFactory(KeyManagerFactory.class.getSimpleName(), defaultAlgorithm);
                        }
                    } else {
                        try {
                            keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
                        } catch (NoSuchAlgorithmException e2) {
                            throw new StartException(e2);
                        }
                    }
                    try {
                        CredentialSource credentialSource = (CredentialSource) credentialSourceSupplier.get();
                        if (credentialSource == null) {
                            throw new StartException(ElytronSubsystemMessages.ROOT_LOGGER.keyStorePasswordCannotBeResolved(asStringOrNull4));
                        }
                        char[] password = credentialSource.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword();
                        KeyStore keyStore = (KeyStore) injectedValue2.getOptionalValue();
                        if (asStringOrNull5 != null) {
                            keyStore = FilteringKeyStore.filteringKeyStore(keyStore, AliasFilter.fromString(asStringOrNull5));
                        }
                        if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                            ElytronSubsystemMessages elytronSubsystemMessages = ElytronSubsystemMessages.ROOT_LOGGER;
                            Object[] objArr = new Object[9];
                            objArr[0] = Arrays.toString(providerArr);
                            objArr[1] = asStringOrNull2;
                            objArr[2] = defaultAlgorithm;
                            objArr[3] = keyManagerFactory;
                            objArr[4] = asStringOrNull4;
                            objArr[5] = asStringOrNull5;
                            objArr[6] = keyStore;
                            objArr[7] = Integer.valueOf(keyStore.size());
                            objArr[8] = Boolean.valueOf(password != null);
                            elytronSubsystemMessages.tracef("KeyManager supplying:  providers = %s  provider = %s  algorithm = %s  keyManagerFactory = %s  keyStoreName = %s  aliasFilter = %s  keyStore = %s  keyStoreSize = %d  password (of item) = %b", objArr);
                        }
                        keyManagerFactory.init(keyStore, password);
                        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                            if (keyManager instanceof X509ExtendedKeyManager) {
                                delegatingKeyManager.setKeyManager((X509ExtendedKeyManager) keyManager);
                                return delegatingKeyManager;
                            }
                        }
                        throw ElytronSubsystemMessages.ROOT_LOGGER.noTypeFound(X509ExtendedKeyManager.class.getSimpleName());
                    } catch (Exception e3) {
                        throw new StartException(e3);
                    } catch (StartException e4) {
                        throw e4;
                    }
                };
            }
        }).setAttributes(attributeDefinitionArr).setRuntimeCapabilities(Capabilities.KEY_MANAGER_RUNTIME_CAPABILITY).addOperation(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.INIT, resourceDescriptionResolver).setRuntimeOnly().build(), init(ServiceUtil.newInstance(Capabilities.KEY_MANAGER_RUNTIME_CAPABILITY, ElytronDescriptionConstants.KEY_MANAGER, KeyManager.class))).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getTrustManagerDefinition() {
        StandardResourceDescriptionResolver resourceDescriptionResolver = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.TRUST_MANAGER);
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDERS).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.trust-manager").setAllowExpression(false).setRestartAllServices().build();
        final AttributeDefinition build2 = new SimpleAttributeDefinitionBuilder(KEYSTORE).setCapabilityReference("org.wildfly.security.key-store", "org.wildfly.security.trust-manager").setAllowExpression(false).setRestartAllServices().build();
        AttributeDefinition[] attributeDefinitionArr = {ALGORITHM, build, PROVIDER_NAME, build2, ALIAS_FILTER, CERTIFICATE_REVOCATION_LIST};
        TrivialAddHandler<TrustManager> trivialAddHandler = new TrivialAddHandler<TrustManager>(TrustManager.class, attributeDefinitionArr, Capabilities.TRUST_MANAGER_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.SSLDefinitions.2
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<TrustManager> getValueSupplier(ServiceBuilder<TrustManager> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                String asStringOrNull = SSLDefinitions.ALGORITHM.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull2 = SSLDefinitions.PROVIDER_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull3 = build.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                InjectedValue<Provider[]> injectedValue = new InjectedValue<>();
                if (asStringOrNull3 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", asStringOrNull3), Provider[].class), Provider[].class, injectedValue);
                }
                String asStringOrNull4 = build2.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                InjectedValue<KeyStore> injectedValue2 = new InjectedValue<>();
                if (asStringOrNull4 != null) {
                    serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.key-store", asStringOrNull4), KeyStore.class), KeyStore.class, injectedValue2);
                }
                String asStringOrNull5 = SSLDefinitions.ALIAS_FILTER.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String defaultAlgorithm = asStringOrNull != null ? asStringOrNull : TrustManagerFactory.getDefaultAlgorithm();
                ModelNode resolveModelAttribute = SSLDefinitions.CERTIFICATE_REVOCATION_LIST.resolveModelAttribute(operationContext, modelNode);
                if (resolveModelAttribute.isDefined()) {
                    return createX509CRLExtendedTrustManager(serviceBuilder, operationContext, defaultAlgorithm, asStringOrNull2, injectedValue, injectedValue2, resolveModelAttribute, asStringOrNull5);
                }
                DelegatingTrustManager delegatingTrustManager = new DelegatingTrustManager();
                return () -> {
                    Provider[] providerArr = (Provider[]) injectedValue.getOptionalValue();
                    TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory(providerArr, asStringOrNull2, defaultAlgorithm);
                    KeyStore keyStore = (KeyStore) injectedValue2.getOptionalValue();
                    if (asStringOrNull5 != null) {
                        try {
                            keyStore = FilteringKeyStore.filteringKeyStore(keyStore, AliasFilter.fromString(asStringOrNull5));
                        } catch (Exception e) {
                            throw new StartException(e);
                        }
                    }
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("TrustManager supplying:  providers = %s  provider = %s  algorithm = %s  trustManagerFactory = %s  keyStoreName = %s  keyStore = %s  aliasFilter = %s  keyStoreSize = %d", new Object[]{Arrays.toString(providerArr), asStringOrNull2, defaultAlgorithm, createTrustManagerFactory, asStringOrNull4, keyStore, asStringOrNull5, Integer.valueOf(keyStore.size())});
                    }
                    createTrustManagerFactory.init((KeyStore) injectedValue2.getOptionalValue());
                    for (TrustManager trustManager : createTrustManagerFactory.getTrustManagers()) {
                        if (trustManager instanceof X509ExtendedTrustManager) {
                            delegatingTrustManager.setTrustManager((X509ExtendedTrustManager) trustManager);
                            return delegatingTrustManager;
                        }
                    }
                    throw ElytronSubsystemMessages.ROOT_LOGGER.noTypeFound(X509ExtendedKeyManager.class.getSimpleName());
                };
            }

            private TrivialService.ValueSupplier<TrustManager> createX509CRLExtendedTrustManager(ServiceBuilder<TrustManager> serviceBuilder, OperationContext operationContext, String str, String str2, InjectedValue<Provider[]> injectedValue, InjectedValue<KeyStore> injectedValue2, ModelNode modelNode, String str3) throws OperationFailedException {
                String asStringOrNull = FileAttributeDefinitions.PATH.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull2 = FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                int asInt = SSLDefinitions.MAXIMUM_CERT_PATH.resolveModelAttribute(operationContext, modelNode).asInt();
                InjectedValue injectedValue3 = new InjectedValue();
                if (asStringOrNull != null && asStringOrNull2 != null) {
                    serviceBuilder.addDependency(PathManagerService.SERVICE_NAME, PathManager.class, injectedValue3);
                    serviceBuilder.requires(FileAttributeDefinitions.pathName(asStringOrNull2));
                }
                return () -> {
                    TrustManagerFactory createTrustManagerFactory = createTrustManagerFactory((Provider[]) injectedValue.getOptionalValue(), str2, str);
                    KeyStore keyStore = (KeyStore) injectedValue2.getOptionalValue();
                    if (str3 != null) {
                        try {
                            keyStore = FilteringKeyStore.filteringKeyStore(keyStore, AliasFilter.fromString(str3));
                        } catch (Exception e) {
                            throw new StartException(e);
                        }
                    }
                    if (asStringOrNull == null) {
                        return new X509CRLExtendedTrustManager(keyStore, createTrustManagerFactory, (InputStream) null, asInt, (X509Certificate[]) null);
                    }
                    try {
                        return createReloadableX509CRLTrustManager(asStringOrNull, asStringOrNull2, asInt, injectedValue3, createTrustManagerFactory, keyStore, new X509CRLExtendedTrustManager(keyStore, createTrustManagerFactory, new FileInputStream(resolveFileLocation(asStringOrNull, asStringOrNull2, injectedValue3)), asInt, (X509Certificate[]) null));
                    } catch (FileNotFoundException e2) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToAccessCRL(e2);
                    }
                };
            }

            private TrustManager createReloadableX509CRLTrustManager(final String str, final String str2, final int i, final InjectedValue<PathManager> injectedValue, final TrustManagerFactory trustManagerFactory, final KeyStore keyStore, final X509CRLExtendedTrustManager x509CRLExtendedTrustManager) {
                return new ReloadableX509ExtendedTrustManager() { // from class: org.wildfly.extension.elytron.SSLDefinitions.2.1
                    private volatile X509ExtendedTrustManager delegate;
                    private AtomicBoolean reloading;

                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super();
                        this.delegate = x509CRLExtendedTrustManager;
                        this.reloading = new AtomicBoolean();
                    }

                    @Override // org.wildfly.extension.elytron.SSLDefinitions.ReloadableX509ExtendedTrustManager
                    void reload() {
                        try {
                            if (this.reloading.compareAndSet(false, true)) {
                                try {
                                    this.delegate = new X509CRLExtendedTrustManager(keyStore, trustManagerFactory, new FileInputStream(resolveFileLocation(str, str2, injectedValue)), i, (X509Certificate[]) null);
                                    this.reloading.lazySet(false);
                                } catch (FileNotFoundException e) {
                                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToReloadCRL(e);
                                }
                            }
                        } catch (Throwable th) {
                            this.reloading.lazySet(false);
                            throw th;
                        }
                    }

                    @Override // javax.net.ssl.X509ExtendedTrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3, Socket socket) throws CertificateException {
                        this.delegate.checkClientTrusted(x509CertificateArr, str3, socket);
                    }

                    @Override // javax.net.ssl.X509ExtendedTrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3, Socket socket) throws CertificateException {
                        this.delegate.checkServerTrusted(x509CertificateArr, str3, socket);
                    }

                    @Override // javax.net.ssl.X509ExtendedTrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3, SSLEngine sSLEngine) throws CertificateException {
                        this.delegate.checkClientTrusted(x509CertificateArr, str3, sSLEngine);
                    }

                    @Override // javax.net.ssl.X509ExtendedTrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3, SSLEngine sSLEngine) throws CertificateException {
                        this.delegate.checkServerTrusted(x509CertificateArr, str3, sSLEngine);
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                        this.delegate.checkClientTrusted(x509CertificateArr, str3);
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                        this.delegate.checkServerTrusted(x509CertificateArr, str3);
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return this.delegate.getAcceptedIssuers();
                    }
                };
            }

            /* JADX INFO: Access modifiers changed from: private */
            public File resolveFileLocation(String str, String str2, InjectedValue<PathManager> injectedValue) {
                return str2 != null ? new File(((PathManager) injectedValue.getValue()).resolveRelativePathEntry(str, str2)) : new File(str);
            }

            private TrustManagerFactory createTrustManagerFactory(Provider[] providerArr, String str, String str2) throws StartException {
                if (providerArr != null) {
                    for (Provider provider : providerArr) {
                        if (str == null || str.equals(provider.getName())) {
                            try {
                                return TrustManagerFactory.getInstance(str2, provider);
                            } catch (NoSuchAlgorithmException e) {
                            }
                        }
                    }
                    if (0 == 0) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCreateManagerFactory(TrustManagerFactory.class.getSimpleName(), str2);
                    }
                }
                try {
                    return TrustManagerFactory.getInstance(str2);
                } catch (NoSuchAlgorithmException e2) {
                    throw new StartException(e2);
                }
            }
        };
        ResourceDescriptionResolver resourceDescriptionResolver2 = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.TRUST_MANAGER);
        return TrivialResourceDefinition.builder().setPathKey(ElytronDescriptionConstants.TRUST_MANAGER).setResourceDescriptionResolver(resourceDescriptionResolver2).setAddHandler(trivialAddHandler).setAttributes(attributeDefinitionArr).setRuntimeCapabilities(Capabilities.TRUST_MANAGER_RUNTIME_CAPABILITY).addOperation(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.RELOAD_CERTIFICATE_REVOCATION_LIST, resourceDescriptionResolver2).setRuntimeOnly().build(), new ElytronRuntimeOnlyHandler() { // from class: org.wildfly.extension.elytron.SSLDefinitions.3
            protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                ServiceName capabilityServiceName = Capabilities.TRUST_MANAGER_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName();
                ServiceController requiredService = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(true), capabilityServiceName, TrustManager.class);
                ServiceController.State state = requiredService.getState();
                if (state != ServiceController.State.UP) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.requiredServiceNotUp(capabilityServiceName, state);
                }
                TrustManager trustManager = (TrustManager) requiredService.getValue();
                if (!(trustManager instanceof ReloadableX509ExtendedTrustManager)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToReloadCRLNotReloadable();
                }
                ((ReloadableX509ExtendedTrustManager) trustManager).reload();
            }
        }).addOperation(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.INIT, resourceDescriptionResolver).setRuntimeOnly().build(), init(ServiceUtil.newInstance(Capabilities.TRUST_MANAGER_RUNTIME_CAPABILITY, ElytronDescriptionConstants.TRUST_MANAGER, TrustManager.class))).build();
    }

    private static OperationStepHandler init(final ServiceUtil<?> serviceUtil) {
        return new ElytronRuntimeOnlyHandler() { // from class: org.wildfly.extension.elytron.SSLDefinitions.4
            protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                try {
                    ServiceName serviceName = ServiceUtil.this.serviceName(modelNode);
                    ServiceController serviceController = null;
                    if (serviceName.getParent().getCanonicalName().equals("org.wildfly.security.key-manager")) {
                        serviceController = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), serviceName, KeyManager.class);
                    } else if (serviceName.getParent().getCanonicalName().equals("org.wildfly.security.trust-manager")) {
                        serviceController = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), serviceName, TrustManager.class);
                    }
                    serviceController.getService().stop((StopContext) null);
                    serviceController.getService().start((StartContext) null);
                } catch (Exception e) {
                    throw new OperationFailedException(e);
                }
            }
        };
    }

    private static ResourceDefinition createSSLContextDefinition(String str, final boolean z, AbstractAddStepHandler abstractAddStepHandler, AttributeDefinition[] attributeDefinitionArr, boolean z2) {
        TrivialResourceDefinition.Builder runtimeCapabilities = TrivialResourceDefinition.builder().setPathKey(str).setAddHandler(abstractAddStepHandler).setAttributes(attributeDefinitionArr).setRuntimeCapabilities(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY);
        if (z2) {
            runtimeCapabilities.addReadOnlyAttribute(ACTIVE_SESSION_COUNT, new SSLContextRuntimeHandler() { // from class: org.wildfly.extension.elytron.SSLDefinitions.5
                @Override // org.wildfly.extension.elytron.SSLDefinitions.SSLContextRuntimeHandler
                protected void performRuntime(ModelNode modelNode, ModelNode modelNode2, SSLContext sSLContext) throws OperationFailedException {
                    int i = 0;
                    Iterator it = Collections.list((z ? sSLContext.getServerSessionContext() : sSLContext.getClientSessionContext()).getIds()).iterator();
                    while (it.hasNext()) {
                        i++;
                    }
                    modelNode.set(i);
                }

                @Override // org.wildfly.extension.elytron.SSLDefinitions.SSLContextRuntimeHandler
                protected ServiceUtil<SSLContext> getSSLContextServiceUtil() {
                    return z ? SSLDefinitions.SERVER_SERVICE_UTIL : SSLDefinitions.CLIENT_SERVICE_UTIL;
                }
            }).addChild(new SSLSessionDefinition(z));
        }
        return runtimeCapabilities.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T> InjectedValue<T> addDependency(String str, SimpleAttributeDefinition simpleAttributeDefinition, Class<T> cls, ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        String asStringOrNull = simpleAttributeDefinition.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
        InjectedValue<T> injectedValue = new InjectedValue<>();
        if (asStringOrNull != null) {
            serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(str, asStringOrNull), cls), cls, injectedValue);
        }
        return injectedValue;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getServerSSLContextDefinition(boolean z) {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDERS).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.ssl-context").setAllowExpression(false).setRestartAllServices().build();
        AttributeDefinition[] attributeDefinitionArr = {CIPHER_SUITE_FILTER, PROTOCOLS, SECURITY_DOMAIN, WANT_CLIENT_AUTH, NEED_CLIENT_AUTH, AUTHENTICATION_OPTIONAL, USE_CIPHER_SUITES_ORDER, MAXIMUM_SESSION_CACHE_SIZE, SESSION_TIMEOUT, WRAP, new SimpleAttributeDefinitionBuilder(KEY_MANAGER).setRequired(true).setRestartAllServices().build(), TRUST_MANAGER, PRE_REALM_PRINCIPAL_TRANSFORMER, POST_REALM_PRINCIPAL_TRANSFORMER, FINAL_PRINCIPAL_TRANSFORMER, REALM_MAPPER, build, PROVIDER_NAME};
        return createSSLContextDefinition(ElytronDescriptionConstants.SERVER_SSL_CONTEXT, true, new TrivialAddHandler<SSLContext>(SSLContext.class, ServiceController.Mode.ACTIVE, attributeDefinitionArr, Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.SSLDefinitions.6
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue addDependency = SSLDefinitions.addDependency("org.wildfly.security.security-domain", SSLDefinitions.SECURITY_DOMAIN, SecurityDomain.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency2 = SSLDefinitions.addDependency("org.wildfly.security.key-manager", SSLDefinitions.KEY_MANAGER, KeyManager.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency3 = SSLDefinitions.addDependency("org.wildfly.security.trust-manager", SSLDefinitions.TRUST_MANAGER, TrustManager.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency4 = SSLDefinitions.addDependency("org.wildfly.security.principal-transformer", SSLDefinitions.PRE_REALM_PRINCIPAL_TRANSFORMER, PrincipalTransformer.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency5 = SSLDefinitions.addDependency("org.wildfly.security.principal-transformer", SSLDefinitions.POST_REALM_PRINCIPAL_TRANSFORMER, PrincipalTransformer.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency6 = SSLDefinitions.addDependency("org.wildfly.security.principal-transformer", SSLDefinitions.FINAL_PRINCIPAL_TRANSFORMER, PrincipalTransformer.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency7 = SSLDefinitions.addDependency("org.wildfly.security.realm-mapper", SSLDefinitions.REALM_MAPPER, RealmMapper.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency8 = SSLDefinitions.addDependency("org.wildfly.security.providers", build, Provider[].class, serviceBuilder, operationContext, modelNode);
                String asStringOrNull = SSLDefinitions.PROVIDER_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                List unwrap = SSLDefinitions.PROTOCOLS.unwrap(operationContext, modelNode);
                String asStringOrNull2 = SSLDefinitions.CIPHER_SUITE_FILTER.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                boolean asBoolean = SSLDefinitions.WANT_CLIENT_AUTH.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean2 = SSLDefinitions.NEED_CLIENT_AUTH.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean3 = SSLDefinitions.AUTHENTICATION_OPTIONAL.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean4 = SSLDefinitions.USE_CIPHER_SUITES_ORDER.resolveModelAttribute(operationContext, modelNode).asBoolean();
                int asInt = SSLDefinitions.MAXIMUM_SESSION_CACHE_SIZE.resolveModelAttribute(operationContext, modelNode).asInt();
                int asInt2 = SSLDefinitions.SESSION_TIMEOUT.resolveModelAttribute(operationContext, modelNode).asInt();
                boolean asBoolean5 = SSLDefinitions.WRAP.resolveModelAttribute(operationContext, modelNode).asBoolean();
                return () -> {
                    SecurityDomain securityDomain = (SecurityDomain) addDependency.getOptionalValue();
                    X509ExtendedKeyManager x509KeyManager = SSLDefinitions.getX509KeyManager((KeyManager) addDependency2.getOptionalValue());
                    X509ExtendedTrustManager x509TrustManager = SSLDefinitions.getX509TrustManager((TrustManager) addDependency3.getOptionalValue());
                    PrincipalTransformer principalTransformer = (PrincipalTransformer) addDependency4.getOptionalValue();
                    PrincipalTransformer principalTransformer2 = (PrincipalTransformer) addDependency5.getOptionalValue();
                    PrincipalTransformer principalTransformer3 = (PrincipalTransformer) addDependency6.getOptionalValue();
                    RealmMapper realmMapper = (RealmMapper) addDependency7.getOptionalValue();
                    Provider[] filterProviders = SSLDefinitions.filterProviders((Provider[]) addDependency8.getOptionalValue(), asStringOrNull);
                    SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                    if (securityDomain != null) {
                        sSLContextBuilder.setSecurityDomain(securityDomain);
                    }
                    if (x509KeyManager != null) {
                        sSLContextBuilder.setKeyManager(x509KeyManager);
                    }
                    if (x509TrustManager != null) {
                        sSLContextBuilder.setTrustManager(x509TrustManager);
                    }
                    if (filterProviders != null) {
                        sSLContextBuilder.setProviderSupplier(() -> {
                            return filterProviders;
                        });
                    }
                    if (asStringOrNull2 != null) {
                        sSLContextBuilder.setCipherSuiteSelector(CipherSuiteSelector.fromString(asStringOrNull2));
                    }
                    if (!unwrap.isEmpty()) {
                        ArrayList arrayList = new ArrayList();
                        Iterator it = unwrap.iterator();
                        while (it.hasNext()) {
                            arrayList.add(Protocol.forName((String) it.next()));
                        }
                        sSLContextBuilder.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf((Collection) arrayList)));
                    }
                    if (principalTransformer != null || principalTransformer2 != null || principalTransformer3 != null || realmMapper != null) {
                        MechanismConfiguration.Builder builder = MechanismConfiguration.builder();
                        if (principalTransformer != null) {
                            builder.setPreRealmRewriter(principalTransformer);
                        }
                        if (principalTransformer2 != null) {
                            builder.setPostRealmRewriter(principalTransformer2);
                        }
                        if (principalTransformer3 != null) {
                            builder.setFinalRewriter(principalTransformer3);
                        }
                        if (realmMapper != null) {
                            builder.setRealmMapper(realmMapper);
                        }
                        sSLContextBuilder.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(builder.build()));
                    }
                    sSLContextBuilder.setWantClientAuth(asBoolean).setNeedClientAuth(asBoolean2).setAuthenticationOptional(asBoolean3).setUseCipherSuitesOrder(asBoolean4).setSessionCacheSize(asInt).setSessionTimeout(asInt2).setWrap(asBoolean5);
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("ServerSSLContext supplying:  securityDomain = %s  keyManager = %s  trustManager = %s  providers = %s  cipherSuiteFilter = %s  protocols = %s  wantClientAuth = %s  needClientAuth = %s  authenticationOptional = %s  maximumSessionCacheSize = %s  sessionTimeout = %s wrap = %s", new Object[]{securityDomain, x509KeyManager, x509TrustManager, Arrays.toString(filterProviders), asStringOrNull2, Arrays.toString(unwrap.toArray()), Boolean.valueOf(asBoolean), Boolean.valueOf(asBoolean2), Boolean.valueOf(asBoolean3), Integer.valueOf(asInt), Integer.valueOf(asInt2), Boolean.valueOf(asBoolean5)});
                    }
                    try {
                        return (SSLContext) sSLContextBuilder.build().create();
                    } catch (GeneralSecurityException e) {
                        throw new StartException(e);
                    }
                };
            }

            protected Resource createResource(OperationContext operationContext) {
                SSLContextResource sSLContextResource = new SSLContextResource(Resource.Factory.create(), true);
                operationContext.addResource(PathAddress.EMPTY_ADDRESS, sSLContextResource);
                return sSLContextResource;
            }

            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected void installedForResource(ServiceController<SSLContext> serviceController, Resource resource) {
                ((SSLContextResource) resource).setSSLContextServiceController(serviceController);
            }
        }, attributeDefinitionArr, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getServerSNISSLContextDefinition() {
        AttributeDefinition[] attributeDefinitionArr = {DEFAULT_SSL_CONTEXT, HOST_CONTEXT_MAP};
        return TrivialResourceDefinition.builder().setPathKey(ElytronDescriptionConstants.SERVER_SSL_SNI_CONTEXT).setAddHandler(new TrivialAddHandler<SSLContext>(SSLContext.class, attributeDefinitionArr, Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.SSLDefinitions.7
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue injectedValue = new InjectedValue();
                serviceBuilder.addDependency(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY.getCapabilityServiceName(new String[]{SSLDefinitions.DEFAULT_SSL_CONTEXT.resolveModelAttribute(operationContext, modelNode).asString()}), SSLContext.class, injectedValue);
                ModelNode resolveModelAttribute = SSLDefinitions.HOST_CONTEXT_MAP.resolveModelAttribute(operationContext, modelNode);
                if (resolveModelAttribute.isDefined()) {
                    Set<String> keys = resolveModelAttribute.keys();
                    if (keys.size() > 0) {
                        HashMap hashMap = new HashMap(keys.size());
                        for (String str : keys) {
                            String asString = resolveModelAttribute.require(str).asString();
                            InjectedValue injectedValue2 = new InjectedValue();
                            serviceBuilder.addDependency(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY.getCapabilityServiceName(new String[]{asString}), SSLContext.class, injectedValue2);
                            hashMap.put(str, injectedValue2);
                        }
                        return () -> {
                            SNIContextMatcher.Builder builder = new SNIContextMatcher.Builder();
                            for (Map.Entry entry : hashMap.entrySet()) {
                                builder.addMatch((String) entry.getKey(), (SSLContext) ((InjectedValue) entry.getValue()).getValue());
                            }
                            return new SNISSLContext(builder.setDefaultContext((SSLContext) injectedValue.getValue()).build());
                        };
                    }
                }
                return () -> {
                    return (SSLContext) injectedValue.getValue();
                };
            }
        }).setAttributes(attributeDefinitionArr).setRuntimeCapabilities(Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getClientSSLContextDefinition(boolean z) {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(PROVIDERS).setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.ssl-context").setAllowExpression(false).setRestartAllServices().build();
        AttributeDefinition[] attributeDefinitionArr = {CIPHER_SUITE_FILTER, PROTOCOLS, KEY_MANAGER, TRUST_MANAGER, build, PROVIDER_NAME};
        return createSSLContextDefinition(ElytronDescriptionConstants.CLIENT_SSL_CONTEXT, false, new TrivialAddHandler<SSLContext>(SSLContext.class, attributeDefinitionArr, Capabilities.SSL_CONTEXT_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.SSLDefinitions.8
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SSLContext> getValueSupplier(ServiceBuilder<SSLContext> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue addDependency = SSLDefinitions.addDependency("org.wildfly.security.key-manager", SSLDefinitions.KEY_MANAGER, KeyManager.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency2 = SSLDefinitions.addDependency("org.wildfly.security.trust-manager", SSLDefinitions.TRUST_MANAGER, TrustManager.class, serviceBuilder, operationContext, modelNode);
                InjectedValue addDependency3 = SSLDefinitions.addDependency("org.wildfly.security.providers", build, Provider[].class, serviceBuilder, operationContext, modelNode);
                String asStringOrNull = SSLDefinitions.PROVIDER_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                List unwrap = SSLDefinitions.PROTOCOLS.unwrap(operationContext, modelNode);
                String asStringOrNull2 = SSLDefinitions.CIPHER_SUITE_FILTER.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                return () -> {
                    X509ExtendedKeyManager x509KeyManager = SSLDefinitions.getX509KeyManager((KeyManager) addDependency.getOptionalValue());
                    X509ExtendedTrustManager x509TrustManager = SSLDefinitions.getX509TrustManager((TrustManager) addDependency2.getOptionalValue());
                    Provider[] filterProviders = SSLDefinitions.filterProviders((Provider[]) addDependency3.getOptionalValue(), asStringOrNull);
                    SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                    if (x509KeyManager != null) {
                        sSLContextBuilder.setKeyManager(x509KeyManager);
                    }
                    if (x509TrustManager != null) {
                        sSLContextBuilder.setTrustManager(x509TrustManager);
                    }
                    if (filterProviders != null) {
                        sSLContextBuilder.setProviderSupplier(() -> {
                            return filterProviders;
                        });
                    }
                    if (asStringOrNull2 != null) {
                        sSLContextBuilder.setCipherSuiteSelector(CipherSuiteSelector.fromString(asStringOrNull2));
                    }
                    if (!unwrap.isEmpty()) {
                        ArrayList arrayList = new ArrayList();
                        Iterator it = unwrap.iterator();
                        while (it.hasNext()) {
                            arrayList.add(Protocol.forName((String) it.next()));
                        }
                        sSLContextBuilder.setProtocolSelector(ProtocolSelector.empty().add(EnumSet.copyOf((Collection) arrayList)));
                    }
                    sSLContextBuilder.setClientMode(true).setWrap(false);
                    if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("ClientSSLContext supplying:  keyManager = %s  trustManager = %s  providers = %s  cipherSuiteFilter = %s  protocols = %s", new Object[]{x509KeyManager, x509TrustManager, Arrays.toString(filterProviders), asStringOrNull2, Arrays.toString(unwrap.toArray())});
                    }
                    try {
                        return (SSLContext) sSLContextBuilder.build().create();
                    } catch (GeneralSecurityException e) {
                        throw new StartException(e);
                    }
                };
            }

            protected Resource createResource(OperationContext operationContext) {
                SSLContextResource sSLContextResource = new SSLContextResource(Resource.Factory.create(), false);
                operationContext.addResource(PathAddress.EMPTY_ADDRESS, sSLContextResource);
                return sSLContextResource;
            }

            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected void installedForResource(ServiceController<SSLContext> serviceController, Resource resource) {
                ((SSLContextResource) resource).setSSLContextServiceController(serviceController);
            }
        }, attributeDefinitionArr, z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Provider[] filterProviders(Provider[] providerArr, String str) {
        if (str == null || providerArr == null) {
            return providerArr;
        }
        ArrayList arrayList = new ArrayList();
        for (Provider provider : providerArr) {
            if (str.equals(provider.getName())) {
                arrayList.add(provider);
            }
        }
        return (Provider[]) arrayList.toArray(new Provider[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509ExtendedKeyManager getX509KeyManager(KeyManager keyManager) throws StartException {
        if (keyManager == null) {
            return null;
        }
        if (!(keyManager instanceof X509ExtendedKeyManager)) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.invalidTypeInjected(X509ExtendedKeyManager.class.getSimpleName());
        }
        X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
        if ((x509ExtendedKeyManager instanceof DelegatingKeyManager) && IS_FIPS.getAsBoolean()) {
            ElytronSubsystemMessages.ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping KeyManager");
            x509ExtendedKeyManager = (X509ExtendedKeyManager) ((DelegatingKeyManager) x509ExtendedKeyManager).delegating.get();
        }
        return x509ExtendedKeyManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509ExtendedTrustManager getX509TrustManager(TrustManager trustManager) throws StartException {
        if (trustManager == null) {
            return null;
        }
        if (!(trustManager instanceof X509ExtendedTrustManager)) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.invalidTypeInjected(X509ExtendedTrustManager.class.getSimpleName());
        }
        X509ExtendedTrustManager x509ExtendedTrustManager = (X509ExtendedTrustManager) trustManager;
        if ((x509ExtendedTrustManager instanceof DelegatingTrustManager) && IS_FIPS.getAsBoolean()) {
            ElytronSubsystemMessages.ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping TrustManager");
            x509ExtendedTrustManager = (X509ExtendedTrustManager) ((DelegatingTrustManager) x509ExtendedTrustManager).delegating.get();
        }
        return x509ExtendedTrustManager;
    }

    private static BooleanSupplier getFipsSupplier() {
        try {
            Method method = SSLDefinitions.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider").getMethod("isFIPS", new Class[0]);
            return () -> {
                try {
                    Object invoke = method.invoke(null, new Object[0]);
                    if (invoke == null || !(invoke instanceof Boolean)) {
                        return false;
                    }
                    return ((Boolean) invoke).booleanValue();
                } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
                    ElytronSubsystemMessages.ROOT_LOGGER.trace("Unable to invoke com.sun.net.ssl.internal.ssl.Provider.isFIPS() method.", e);
                    return false;
                }
            };
        } catch (ClassNotFoundException | NoSuchMethodException | SecurityException e) {
            ElytronSubsystemMessages.ROOT_LOGGER.trace("Unable to find com.sun.net.ssl.internal.ssl.Provider.isFIPS() method.", e);
            Boolean bool = Boolean.FALSE;
            bool.getClass();
            return bool::booleanValue;
        }
    }
}
