package org.jboss.as.clustering.jgroups.subsystem;

import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.UnaryOperator;
import java.util.stream.Collectors;
import javax.security.auth.x500.X500Principal;
import org.jboss.as.clustering.controller.CapabilityReference;
import org.jboss.as.clustering.controller.CommonUnaryRequirement;
import org.jboss.as.clustering.controller.ResourceDescriptor;
import org.jboss.as.clustering.controller.ResourceServiceBuilderFactory;
import org.jboss.as.clustering.dmr.ModelNodes;
import org.jboss.as.clustering.jgroups.logging.JGroupsLogger;
import org.jboss.as.clustering.jgroups.protocol.EncryptProtocol;
import org.jboss.as.clustering.jgroups.subsystem.AbstractProtocolResourceDefinition;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ModelVersion;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jgroups.protocols.ASYM_ENCRYPT;
import org.jgroups.protocols.EncryptBase;
import org.jgroups.protocols.SYM_ENCRYPT;
import org.wildfly.clustering.jgroups.spi.ChannelFactory;
import org.wildfly.common.function.ExceptionBiFunction;
import org.wildfly.security.manager.WildFlySecurityManager;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

/* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition.class */
public class EncryptProtocolResourceDefinition<P extends EncryptBase & EncryptProtocol> extends ProtocolResourceDefinition<P> {
    private static final OperationStepHandler ADD_OPERATION_TRANSLATOR = new OperationStepHandler() { // from class: org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.1
        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            PathAddress pathAddress;
            if (modelNode.hasDefined(Attribute.KEY_STORE.getName()) || modelNode.hasDefined(Attribute.KEY_ALIAS.getName()) || modelNode.hasDefined(Attribute.CREDENTIAL.getName())) {
                return;
            }
            PathAddress parent = operationContext.getCurrentAddress().getParent();
            while (true) {
                pathAddress = parent;
                if (pathAddress.getLastElement().getKey().equals("subsystem")) {
                    break;
                } else {
                    parent = pathAddress.getParent();
                }
            }
            Map<String, ModelNode> map = (Map) ((List) ModelNodes.optionalPropertyList(AbstractProtocolResourceDefinition.Attribute.PROPERTIES.resolveModelAttribute(operationContext, modelNode)).orElse(Collections.emptyList())).stream().collect(Collectors.toMap((v0) -> {
                return v0.getName();
            }, (v0) -> {
                return v0.getValue();
            }));
            String str = "jgroups-" + operationContext.getCurrentAddress().getParent().getLastElement().getValue();
            LegacyEncryptDescriptor apply = LegacyEncryptDescriptorFactory.valueOf(operationContext.getCurrentAddressValue()).apply(str, map);
            PathAddress append = pathAddress.getParent().append(new PathElement[]{PathElement.pathElement("subsystem", "elytron"), PathElement.pathElement("key-store", str)});
            ModelNode createAddOperation = Util.createAddOperation(append);
            createAddOperation.get("type").set(apply.getKeyStoreType());
            createAddOperation.get("path").set(apply.getKeyStorePath());
            createAddOperation.get("required").set(true);
            createAddOperation.get("credential-reference").get("clear-text").set(apply.getKeyStorePassword());
            OperationStepHandler operationHandler = operationContext.getRootResourceRegistration().getOperationHandler(append, "add");
            if (operationHandler == null) {
                throw JGroupsLogger.ROOT_LOGGER.operationNotDefined("add", append.toCLIStyleString());
            }
            operationContext.addStep(createAddOperation, operationHandler, OperationContext.Stage.MODEL);
            modelNode.get(Attribute.KEY_STORE.getName()).set(str);
            modelNode.get(Attribute.KEY_ALIAS.getName()).set(apply.getKeyAlias());
            modelNode.get(Attribute.CREDENTIAL.getName()).get("clear-text").set(apply.getKeyPassword());
        }
    };

    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$Attribute.class */
    enum Attribute implements org.jboss.as.clustering.controller.Attribute {
        CREDENTIAL(CredentialReference.getAttributeBuilder("credential-reference", "credential-reference", false).setCapabilityReference(new CapabilityReference(Capability.ENCRYPT_CREDENTIAL_STORE, CommonUnaryRequirement.CREDENTIAL_STORE)).build()),
        KEY_ALIAS("key-alias", ModelType.STRING, simpleAttributeDefinitionBuilder -> {
            return simpleAttributeDefinitionBuilder.setAllowExpression(true);
        }),
        KEY_STORE("key-store", ModelType.STRING, simpleAttributeDefinitionBuilder2 -> {
            return simpleAttributeDefinitionBuilder2.setCapabilityReference(new CapabilityReference(Capability.ENCRYPT_KEY_STORE, CommonUnaryRequirement.KEY_STORE));
        });

        private final AttributeDefinition definition;

        Attribute(String str, ModelType modelType, UnaryOperator unaryOperator) {
            this.definition = ((SimpleAttributeDefinitionBuilder) unaryOperator.apply(new SimpleAttributeDefinitionBuilder(str, modelType).setRequired(true))).build();
        }

        Attribute(AttributeDefinition attributeDefinition) {
            this.definition = attributeDefinition;
        }

        /* renamed from: getDefinition, reason: merged with bridge method [inline-methods] */
        public AttributeDefinition m20getDefinition() {
            return this.definition;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$Capability.class */
    public enum Capability implements org.jboss.as.clustering.controller.Capability {
        ENCRYPT_CREDENTIAL_STORE("org.wildfly.extension.undertow.application-security-domain.single-sign-on.credential-store"),
        ENCRYPT_KEY_STORE("org.wildfly.extension.undertow.application-security-domain.single-sign-on.key-store");

        private final RuntimeCapability<Void> definition;

        Capability(String str) {
            this.definition = RuntimeCapability.Builder.of(str, true).build();
        }

        /* renamed from: getDefinition, reason: merged with bridge method [inline-methods] */
        public RuntimeCapability<Void> m22getDefinition() {
            return this.definition;
        }

        public RuntimeCapability<?> resolve(PathAddress pathAddress) {
            return this.definition.fromBaseCapability(pathAddress.getParent().getLastElement().getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$LegacyAsymmetricEncryptDescriptor.class */
    public static class LegacyAsymmetricEncryptDescriptor implements LegacyEncryptDescriptor {
        private static final ASYM_ENCRYPT DEFAULTS = new ASYM_ENCRYPT();
        private static final char[] PASSWORD_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".toCharArray();
        private final SecureRandom random = new SecureRandom();
        private final char[] keyStorePassword = generatePassword(32);
        private final char[] keyPassword = generatePassword(32);
        private final String keyStoreType = KeyStore.getDefaultType();
        private final String alias;
        private final String path;

        LegacyAsymmetricEncryptDescriptor(String str, Map<String, ModelNode> map) throws OperationFailedException {
            String str2 = (String) Optional.ofNullable(map.get("provider")).map((v0) -> {
                return v0.asString();
            }).orElse(null);
            String str3 = (String) Optional.ofNullable(map.get("asym_algorithm")).map((v0) -> {
                return v0.asString();
            }).orElse(DEFAULTS.asymAlgorithm());
            int indexOf = str3.indexOf(47);
            String substring = indexOf < 0 ? str3 : str3.substring(0, indexOf);
            int intValue = ((Integer) Optional.ofNullable(map.get("asym_keylength")).map((v0) -> {
                return v0.asInt();
            }).orElse(Integer.valueOf(DEFAULTS.asymKeylength()))).intValue();
            this.alias = DEFAULTS.getClass().getSimpleName();
            this.path = str + ".keystore";
            try {
                KeyPairGenerator keyPairGenerator = str2 != null ? KeyPairGenerator.getInstance(substring, str2) : KeyPairGenerator.getInstance(substring);
                keyPairGenerator.initialize(intValue, this.random);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                X500Principal x500Principal = new X500Principal("UID=" + ((String) WildFlySecurityManager.doUnchecked(() -> {
                    return System.getProperty("user.name");
                })));
                X509Certificate build = new X509CertificateBuilder().setPublicKey(generateKeyPair.getPublic()).setSignatureAlgorithmName("SHA1with" + substring).setSigningKey(generateKeyPair.getPrivate()).setIssuerDn(x500Principal).setSubjectDn(x500Principal).build();
                KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
                keyStore.load(null, this.keyStorePassword);
                keyStore.setKeyEntry(this.alias, generateKeyPair.getPrivate(), this.keyPassword, new Certificate[]{build});
                keyStore.store(new FileOutputStream(this.path), this.keyStorePassword);
            } catch (IOException | GeneralSecurityException e) {
                throw new OperationFailedException(e);
            }
        }

        private char[] generatePassword(int i) {
            char[] cArr = new char[i];
            for (int i2 = 0; i2 < cArr.length; i2++) {
                cArr[i2] = PASSWORD_ALPHABET[this.random.nextInt(PASSWORD_ALPHABET.length)];
            }
            return cArr;
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStoreType() {
            return new ModelNode(this.keyStoreType);
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStorePath() {
            return new ModelNode(this.path);
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStorePassword() {
            return new ModelNode(String.valueOf(this.keyStorePassword));
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyAlias() {
            return new ModelNode(this.alias);
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyPassword() {
            return new ModelNode(String.valueOf(this.keyPassword));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$LegacyEncryptDescriptor.class */
    public interface LegacyEncryptDescriptor {
        ModelNode getKeyStoreType();

        ModelNode getKeyStorePath();

        ModelNode getKeyStorePassword();

        ModelNode getKeyAlias();

        ModelNode getKeyPassword();
    }

    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$LegacyEncryptDescriptorFactory.class */
    private enum LegacyEncryptDescriptorFactory implements ExceptionBiFunction<String, Map<String, ModelNode>, LegacyEncryptDescriptor, OperationFailedException> {
        ASYM_ENCRYPT((str, map) -> {
            return new LegacyAsymmetricEncryptDescriptor(str, map);
        }),
        SYM_ENCRYPT((str2, map2) -> {
            return new LegacySymmetricEncryptDescriptor(map2);
        });

        private final ExceptionBiFunction<String, Map<String, ModelNode>, LegacyEncryptDescriptor, OperationFailedException> factory;

        LegacyEncryptDescriptorFactory(ExceptionBiFunction exceptionBiFunction) {
            this.factory = exceptionBiFunction;
        }

        public LegacyEncryptDescriptor apply(String str, Map<String, ModelNode> map) throws OperationFailedException {
            return (LegacyEncryptDescriptor) this.factory.apply(str, map);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/clustering/jgroups/subsystem/EncryptProtocolResourceDefinition$LegacySymmetricEncryptDescriptor.class */
    public static class LegacySymmetricEncryptDescriptor implements LegacyEncryptDescriptor {
        private static final SYM_ENCRYPT DEFAULTS = new SYM_ENCRYPT();
        private final Map<String, ModelNode> properties;

        LegacySymmetricEncryptDescriptor(Map<String, ModelNode> map) {
            this.properties = map;
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStoreType() {
            return this.properties.getOrDefault("keystore_type", new ModelNode("JCEKS"));
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStorePath() {
            return this.properties.get("keystore_name");
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyStorePassword() {
            return this.properties.getOrDefault("store_password", new ModelNode(DEFAULTS.storePassword()));
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyAlias() {
            return this.properties.getOrDefault("alias", new ModelNode(DEFAULTS.alias()));
        }

        @Override // org.jboss.as.clustering.jgroups.subsystem.EncryptProtocolResourceDefinition.LegacyEncryptDescriptor
        public ModelNode getKeyPassword() {
            return this.properties.getOrDefault("key_password", getKeyStorePassword());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addTransformations(ModelVersion modelVersion, ResourceTransformationDescriptionBuilder resourceTransformationDescriptionBuilder) {
        ProtocolResourceDefinition.addTransformations(modelVersion, resourceTransformationDescriptionBuilder);
    }

    public EncryptProtocolResourceDefinition(String str, Consumer<ResourceDescriptor> consumer, ResourceServiceBuilderFactory<ChannelFactory> resourceServiceBuilderFactory) {
        super(pathElement(str), consumer.andThen(resourceDescriptor -> {
            resourceDescriptor.addAttributes(Attribute.class).addCapabilities(Capability.class).addOperationTranslator(ADD_OPERATION_TRANSLATOR);
        }), pathAddress -> {
            return new EncryptProtocolConfigurationBuilder(pathAddress);
        }, resourceServiceBuilderFactory);
    }
}
