package org.jboss.as.test.integration.security.common;

import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.util.Random;
import javax.crypto.KeyGenerator;
import org.jboss.as.security.vault.VaultSession;
import org.jboss.logging.Logger;
import org.picketbox.util.KeyStoreUtil;

/* loaded from: input_file:org/jboss/as/test/integration/security/common/VaultHandler.class */
public class VaultHandler {
    public static final String ENC_DAT_FILE = "ENC.dat";
    public static final String SHARED_DAT_FILE = "Shared.dat";
    public static final String VAULT_DAT_FILE = "VAULT.dat";
    public static final String DEFAULT_KEYSTORE_FILE = "vault.keystore";
    private String encodedVaultFileDirectory;
    private String keyStoreType;
    private String keyStore;
    private String keyStorePassword;
    private int keySize;
    private String alias;
    private String salt;
    private int iterationCount;
    private VaultSession vaultSession;
    private static Logger LOGGER = Logger.getLogger(VaultHandler.class);
    private static String FILE_SEPARATOR = System.getProperty("file.separator");
    private static String TMP_DIR = System.getProperty("java.io.tmpdir");
    private static String DEFAULT_PASSWORD = "super_secret";

    public VaultHandler(String str, String str2, String str3, String str4, int i, String str5, String str6, int i2) {
        this.keySize = 128;
        this.alias = "defaultalias";
        if (str5 != null) {
            this.alias = str5;
        }
        if (i != 0) {
            this.keySize = i;
        }
        if (str3 == null) {
            this.keyStoreType = "JCEKS";
        } else {
            if (!str3.equals("JCEKS") && !str3.equals("JKS")) {
                throw new IllegalArgumentException("Wrong keyStoreType. Supported are only (JCEKS or JKS). Preferred is JCEKS.");
            }
            this.keyStoreType = str3;
        }
        if (str2 == null) {
            this.keyStorePassword = DEFAULT_PASSWORD;
        } else {
            if (str2.startsWith("MASK-")) {
                throw new IllegalArgumentException("keyStorePassword cannot be a masked password, use plain text password, please");
            }
            this.keyStorePassword = str2;
        }
        try {
            File file = new File(str);
            if (!file.exists()) {
                if (!this.keyStoreType.equals("JCEKS")) {
                    throw new RuntimeException("keyStoreType has to be JCEKS when creating new key store");
                }
                KeyStore createKeyStore = KeyStoreUtil.createKeyStore(this.keyStoreType, this.keyStorePassword.toCharArray());
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(this.keySize);
                createKeyStore.setEntry(this.alias, new KeyStore.SecretKeyEntry(keyGenerator.generateKey()), new KeyStore.PasswordProtection(this.keyStorePassword.toCharArray()));
                createKeyStore.store(new FileOutputStream(file), this.keyStorePassword.toCharArray());
            }
            this.keyStore = file.getAbsolutePath();
            File file2 = new File(str4);
            if (!file2.exists()) {
                file2.mkdirs();
                this.encodedVaultFileDirectory = file2.getAbsolutePath();
            } else if (!file2.isDirectory()) {
                throw new RuntimeException("Vault encryption directory has to be directory, but " + file2.getAbsolutePath() + " is not.");
            }
            this.encodedVaultFileDirectory = file2.getAbsolutePath();
            if (str6 == null) {
                this.salt = (Long.toHexString(System.currentTimeMillis()) + Long.toHexString(System.currentTimeMillis()) + Long.toHexString(System.currentTimeMillis()) + Long.toHexString(System.currentTimeMillis())).substring(0, 8);
            } else {
                this.salt = str6;
            }
            if (i2 <= 0) {
                this.iterationCount = new Random().nextInt(90) + 1;
            } else {
                this.iterationCount = i2;
            }
            if (LOGGER.isDebugEnabled()) {
                logCreatedVault();
            }
            try {
                this.vaultSession = new VaultSession(this.keyStore, this.keyStorePassword, this.encodedVaultFileDirectory, this.salt, this.iterationCount);
                this.vaultSession.startVaultSession(this.alias);
                LOGGER.debug("VaultSession started");
            } catch (Exception e) {
                throw new RuntimeException("Problem creating VaultSession: ", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException("Problem creating keyStore: ", e2);
        }
    }

    public VaultHandler(String str, String str2) {
        this(str, null, null, str2, 0, null, null, 0);
    }

    public VaultHandler(String str) {
        this(str + FILE_SEPARATOR + DEFAULT_KEYSTORE_FILE, str);
    }

    public VaultHandler() {
        this(TMP_DIR);
    }

    public String getMaskedKeyStorePassword() {
        if (this.vaultSession != null) {
            return this.vaultSession.getKeystoreMaskedPassword();
        }
        throw new RuntimeException("getMaskedKeyStorePassword: Vault inside this handler is not initialized or created");
    }

    public String addSecuredAttribute(String str, String str2, char[] cArr) {
        if (this.vaultSession == null) {
            throw new RuntimeException("addSecuredAttribute: Vault inside this handler is not initialized or created");
        }
        try {
            return this.vaultSession.addSecuredAttribute(str, str2, cArr);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public boolean exists(String str, String str2) {
        if (this.vaultSession == null) {
            throw new RuntimeException("exists: Vault inside this handler is not initialized or created");
        }
        try {
            return this.vaultSession.checkSecuredAttribute(str, str2);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public VaultSession getVaultSession() {
        return this.vaultSession;
    }

    public void cleanUp() {
        new File(this.keyStore).delete();
        new File(this.encodedVaultFileDirectory + FILE_SEPARATOR + VAULT_DAT_FILE).delete();
        File file = new File(this.keyStore + ".original");
        if (file.exists()) {
            file.delete();
        }
        File file2 = new File(this.encodedVaultFileDirectory + FILE_SEPARATOR + ENC_DAT_FILE);
        if (file2.exists()) {
            file2.delete();
        }
        File file3 = new File(this.encodedVaultFileDirectory + FILE_SEPARATOR + ENC_DAT_FILE + ".original");
        if (file3.exists()) {
            file3.delete();
        }
        File file4 = new File(this.encodedVaultFileDirectory + FILE_SEPARATOR + SHARED_DAT_FILE);
        if (file4.exists()) {
            file4.delete();
        }
        File file5 = new File(this.encodedVaultFileDirectory + FILE_SEPARATOR + "KEYSTORE_README");
        if (file5.exists()) {
            file5.delete();
        }
        this.vaultSession = null;
    }

    public String getEncodedVaultFileDirectory() {
        return this.encodedVaultFileDirectory;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public String getKeyStore() {
        return this.keyStore;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public String getAlias() {
        return this.alias;
    }

    public String getSalt() {
        return this.salt;
    }

    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }

    public int getIterationCount() {
        return this.iterationCount;
    }

    public String getIterationCountAsString() {
        return Integer.toString(this.iterationCount);
    }

    private void logCreatedVault() {
        LOGGER.debug("keystoreURL=" + this.keyStore);
        LOGGER.debug("KEYSTORE_PASSWORD=" + this.keyStorePassword);
        LOGGER.debug("ENC_FILE_DIR=" + this.encodedVaultFileDirectory);
        LOGGER.debug("KEYSTORE_ALIAS=" + this.alias);
        LOGGER.debug("SALT=" + this.salt);
        LOGGER.debug("ITERATION_COUNT=" + this.iterationCount);
    }
}
