package org.jboss.as.security.vault;

import java.io.File;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.codehaus.plexus.util.LineOrientedInterpolatingReader;
import org.codehaus.plexus.util.SelectorUtils;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.security.Util;
import org.jboss.security.plugins.PBEUtils;
import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultFactory;
import org.picketbox.plugins.vault.PicketBoxSecurityVault;
import org.picketbox.util.StringUtil;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-security/15.0.1.Final/wildfly-security-15.0.1.Final.jar:org/jboss/as/security/vault/VaultSession.class */
public final class VaultSession {
    public static final String VAULT_ENC_ALGORITHM = "PBEwithMD5andDES";
    static final Charset CHARSET = StandardCharsets.UTF_8;
    private String keystoreURL;
    private String keystorePassword;
    private String keystoreMaskedPassword;
    private String encryptionDirectory;
    private String salt;
    private int iterationCount;
    private boolean createKeystore;
    private SecurityVault vault;
    private String vaultAlias;

    public VaultSession(String str, String str2, String str3, String str4, int i) throws Exception {
        this(str, str2, str3, str4, i, false);
    }

    public VaultSession(String str, String str2, String str3, String str4, int i, boolean z) throws Exception {
        this.keystoreURL = str;
        this.keystorePassword = str2;
        this.encryptionDirectory = str3;
        this.salt = str4;
        this.iterationCount = i;
        this.createKeystore = z;
        validate();
    }

    private void validate() throws Exception {
        validateKeystoreURL();
        validateEncryptionDirectory();
        validateSalt();
        validateIterationCount();
        validateKeystorePassword();
    }

    protected void validateKeystoreURL() throws Exception {
        File file = new File(this.keystoreURL);
        if (!file.exists()) {
            if (!this.createKeystore) {
                throw SecurityLogger.ROOT_LOGGER.keyStoreDoesnotExistWithExample(this.keystoreURL, this.keystoreURL);
            }
        } else if (!file.canWrite() || !file.isFile()) {
            throw SecurityLogger.ROOT_LOGGER.keyStoreNotWritable(this.keystoreURL);
        }
    }

    protected void validateKeystorePassword() throws Exception {
        if (this.keystorePassword == null) {
            throw SecurityLogger.ROOT_LOGGER.keyStorePasswordNotSpecified();
        }
    }

    protected void validateEncryptionDirectory() throws Exception {
        if (this.encryptionDirectory == null) {
            throw new Exception("Encryption directory has to be specified.");
        }
        if (!this.encryptionDirectory.endsWith("/") || this.encryptionDirectory.endsWith(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ)) {
            this.encryptionDirectory += "/";
        }
        File file = new File(this.encryptionDirectory);
        if (!file.exists() && !file.mkdirs()) {
            throw SecurityLogger.ROOT_LOGGER.cannotCreateEncryptionDirectory(file.getAbsolutePath());
        }
        if (!file.isDirectory()) {
            throw SecurityLogger.ROOT_LOGGER.encryptionDirectoryDoesNotExist(this.encryptionDirectory);
        }
    }

    protected void validateIterationCount() throws Exception {
        if (this.iterationCount < 1 && this.iterationCount > Integer.MAX_VALUE) {
            throw SecurityLogger.ROOT_LOGGER.iterationCountOutOfRange(String.valueOf(this.iterationCount));
        }
    }

    protected void validateSalt() throws Exception {
        if (this.salt == null || this.salt.length() != 8) {
            throw SecurityLogger.ROOT_LOGGER.saltWrongLength();
        }
    }

    private String computeMaskedPassword() throws Exception {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM);
        char[] charArray = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
        return PicketBoxSecurityVault.PASS_MASK_PREFIX + PBEUtils.encode64(this.keystorePassword.getBytes(CHARSET), VAULT_ENC_ALGORITHM, secretKeyFactory.generateSecret(new PBEKeySpec(charArray)), new PBEParameterSpec(this.salt.getBytes(CHARSET), this.iterationCount));
    }

    private void initSecurityVault() throws Exception {
        try {
            this.vault = SecurityVaultFactory.get();
            this.vault.init(getVaultOptionsMap());
            handshake();
        } catch (SecurityVaultException e) {
            throw SecurityLogger.ROOT_LOGGER.securityVaultException(e);
        }
    }

    public void startVaultSession(String str) throws Exception {
        if (str == null) {
            throw SecurityLogger.ROOT_LOGGER.vaultAliasNotSpecified();
        }
        this.keystoreMaskedPassword = Util.isPasswordCommand(this.keystorePassword) ? this.keystorePassword : computeMaskedPassword();
        this.vaultAlias = str;
        initSecurityVault();
    }

    private Map<String, Object> getVaultOptionsMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(PicketBoxSecurityVault.KEYSTORE_URL, this.keystoreURL);
        hashMap.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, this.keystoreMaskedPassword);
        hashMap.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, this.vaultAlias);
        hashMap.put(PicketBoxSecurityVault.SALT, this.salt);
        hashMap.put(PicketBoxSecurityVault.ITERATION_COUNT, Integer.toString(this.iterationCount));
        hashMap.put(PicketBoxSecurityVault.ENC_FILE_DIR, this.encryptionDirectory);
        if (this.createKeystore && !new File(this.keystoreURL).exists()) {
            hashMap.put(PicketBoxSecurityVault.CREATE_KEYSTORE, Boolean.toString(this.createKeystore));
        }
        return hashMap;
    }

    private void handshake() throws SecurityVaultException {
        HashMap hashMap = new HashMap();
        hashMap.put(PicketBoxSecurityVault.PUBLIC_CERT, this.vaultAlias);
        this.vault.handshake(hashMap);
    }

    public String addSecuredAttribute(String str, String str2, char[] cArr) throws Exception {
        this.vault.store(str, str2, cArr, null);
        return securedAttributeConfigurationString(str, str2);
    }

    public void addSecuredAttributeWithDisplay(String str, String str2, char[] cArr) throws Exception {
        this.vault.store(str, str2, cArr, null);
        attributeCreatedDisplay(str, str2);
    }

    public boolean checkSecuredAttribute(String str, String str2) throws Exception {
        return this.vault.exists(str, str2);
    }

    public boolean removeSecuredAttribute(String str, String str2) throws Exception {
        return this.vault.remove(str, str2, null);
    }

    public char[] retrieveSecuredAttribute(String str, String str2) throws Exception {
        return this.vault.retrieve(str, str2, null);
    }

    private void attributeCreatedDisplay(String str, String str2) {
        System.out.println(SecurityLogger.ROOT_LOGGER.vaultAttributeCreateDisplay(str, str2, securedAttributeConfigurationString(str, str2)));
    }

    private String securedAttributeConfigurationString(String str, String str2) {
        return "VAULT::" + str + StringUtil.PROPERTY_DEFAULT_SEPARATOR + str2 + "::1";
    }

    public void vaultConfigurationDisplay() {
        String vaultConfiguration = vaultConfiguration();
        System.out.println(SecurityLogger.ROOT_LOGGER.vaultConfigurationTitle());
        System.out.println("********************************************");
        System.out.println("For standalone mode:");
        System.out.println(vaultConfiguration);
        System.out.println("********************************************");
        System.out.println("For domain mode:");
        System.out.println("/host=the_host" + vaultConfiguration);
        System.out.println("********************************************");
    }

    public String vaultConfiguration() {
        StringBuilder sb = new StringBuilder();
        sb.append("/core-service=vault:add(vault-options=[");
        sb.append("(\"KEYSTORE_URL\" => \"").append(this.keystoreURL).append("\")").append(",");
        sb.append("(\"KEYSTORE_PASSWORD\" => \"").append(this.keystoreMaskedPassword).append("\")").append(",");
        sb.append("(\"KEYSTORE_ALIAS\" => \"").append(this.vaultAlias).append("\")").append(",");
        sb.append("(\"SALT\" => \"").append(this.salt).append("\")").append(",");
        sb.append("(\"ITERATION_COUNT\" => \"").append(this.iterationCount).append("\")").append(",");
        sb.append("(\"ENC_FILE_DIR\" => \"").append(this.encryptionDirectory).append("\")");
        sb.append("])");
        return sb.toString();
    }

    public String getKeystoreMaskedPassword() {
        return this.keystoreMaskedPassword;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String blockAttributeDisplayFormat(String str, String str2) {
        return SelectorUtils.PATTERN_HANDLER_PREFIX + str + StringUtil.PROPERTY_DEFAULT_SEPARATOR + str2 + SelectorUtils.PATTERN_HANDLER_SUFFIX;
    }
}
