package org.jboss.as.domain.management.security;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.connections.ConnectionManager;
import org.jboss.dmr.ModelNode;
import org.jboss.logging.Logger;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;

/* loaded from: input_file:org/jboss/as/domain/management/security/SecurityRealmService.class */
public class SecurityRealmService implements Service<SecurityRealmService>, SecurityRealm {
    public static final ServiceName BASE_SERVICE_NAME = ServiceName.JBOSS.append(new String[]{"server", "controller", "management", "security_realm"});
    private static final Logger log = Logger.getLogger("org.jboss.as");
    private final InjectedValue<ConnectionManager> connectionManagerValue = new InjectedValue<>();
    private final String name;
    private ModelNode serverIdentities;
    private ModelNode authentication;
    private DomainCallbackHandler callbackHandler;
    private SSLContext sslContext;

    public SecurityRealmService(String str, ModelNode modelNode, ModelNode modelNode2) {
        this.name = str;
        this.authentication = modelNode;
        this.serverIdentities = modelNode2;
    }

    public void start(StartContext startContext) throws StartException {
        log.infof("Starting '%s' Security Realm Service", this.name);
        if (this.authentication != null && this.authentication.has("users")) {
            this.callbackHandler = new UserDomainCallbackHandler(this.name, this.authentication.require("users"));
        } else if (this.authentication == null || !this.authentication.has("ldap")) {
            this.callbackHandler = new DomainCallbackHandler() { // from class: org.jboss.as.domain.management.security.SecurityRealmService.1
                @Override // org.jboss.as.domain.management.security.DomainCallbackHandler
                public Class[] getSupportedCallbacks() {
                    return new Class[0];
                }

                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    throw new IllegalStateException("No authentication mechanism defined in security realm.");
                }
            };
        } else {
            this.callbackHandler = new UserLdapCallbackHandler((ConnectionManager) this.connectionManagerValue.getValue(), this.authentication.require("ldap"));
        }
        if (this.serverIdentities == null || !this.serverIdentities.has("ssl")) {
            return;
        }
        try {
            KeyManager[] keyManagerArr = null;
            ModelNode modelNode = this.serverIdentities.get("ssl");
            String asString = modelNode.has("protocol") ? modelNode.get("protocol").asString() : "TLS";
            if (modelNode.has("keystore")) {
                ModelNode modelNode2 = modelNode.get("keystore");
                String asString2 = modelNode2.require("file").asString();
                char[] charArray = modelNode2.require("password").asString().toCharArray();
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(asString2), charArray);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(keyStore, charArray);
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            SSLContext sSLContext = SSLContext.getInstance(asString);
            sSLContext.init(keyManagerArr, null, null);
            this.sslContext = sSLContext;
        } catch (FileNotFoundException e) {
            throw new StartException("Unable to start service", e);
        } catch (IOException e2) {
            throw new StartException("Unable to start service", e2);
        } catch (KeyManagementException e3) {
            throw new StartException("Unable to start service", e3);
        } catch (KeyStoreException e4) {
            throw new StartException("Unable to start service", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new StartException("Unable to start service", e5);
        } catch (UnrecoverableKeyException e6) {
            throw new StartException("Unable to start service", e6);
        } catch (CertificateException e7) {
            throw new StartException("Unable to start service", e7);
        }
    }

    public void stop(StopContext stopContext) {
        log.infof("Stopping '%s' Security Realm Service", this.name);
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public SecurityRealmService m5getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public String getName() {
        return this.name;
    }

    public InjectedValue<ConnectionManager> getConnectionManagerInjector() {
        return this.connectionManagerValue;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public DomainCallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public SSLContext getSSLContext() {
        if (this.sslContext == null) {
            throw new IllegalStateException("No SSL server-identity defined.");
        }
        return this.sslContext;
    }
}
