package org.jboss.security.plugins;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.management.ObjectName;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.crypto.CryptoUtil;
import org.jboss.managed.api.ManagedOperation;
import org.jboss.managed.api.annotation.ManagementComponent;
import org.jboss.managed.api.annotation.ManagementObject;
import org.jboss.managed.api.annotation.ManagementObjectID;
import org.jboss.managed.api.annotation.ManagementOperation;
import org.jboss.managed.api.annotation.ManagementParameter;
import org.jboss.managed.api.annotation.ManagementProperties;
import org.jboss.managed.api.annotation.ManagementProperty;
import org.jboss.managed.api.annotation.ViewUse;
import org.jboss.mx.util.MBeanServerLocator;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityDomain;
import org.jboss.security.Util;
import org.jboss.security.auth.callback.JBossCallbackHandler;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.SecurityConstantsBridge;

@ManagementObject(componentType = @ManagementComponent(type = "MCBean", subtype = "Security"), properties = ManagementProperties.EXPLICIT)
/* loaded from: input_file:org/jboss/security/plugins/JaasSecurityDomain.class */
public class JaasSecurityDomain extends JaasSecurityManager implements SecurityDomain, JaasSecurityDomainMBean {
    private static final RuntimePermission encodePermission = new RuntimePermission("org.jboss.security.plugins.JaasSecurityDomain.encode");
    private static final RuntimePermission decodePermission = new RuntimePermission("org.jboss.security.plugins.JaasSecurityDomain.decode");
    private KeyStore keyStore;
    private KeyManagerFactory keyMgr;
    private String keyStoreType;
    private URL keyStoreURL;
    private char[] keyStorePassword;
    private String keyStoreAlias;
    private SecretKey cipherKey;
    private String cipherAlgorithm;
    private byte[] salt;
    private int iterationCount;
    private PBEParameterSpec cipherSpec;
    private ObjectName managerServiceName;
    private KeyStore trustStore;
    private String trustStoreType;
    private char[] trustStorePassword;
    private URL trustStoreURL;
    private TrustManagerFactory trustMgr;
    private String keyStoreProvider;
    private String trustStoreProvider;
    private String keyMgrFactoryProvider;
    private String trustMgrFactoryProvider;
    private String keyMgrFactoryAlgorithm;
    private String trustMgrFactoryAlgorithm;
    private String keyStoreProviderArgument;
    private String trustStoreProviderArgument;
    private ISecurityManagement securityManagement;

    public JaasSecurityDomain() {
        this.keyStoreType = "JKS";
        this.cipherAlgorithm = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 2, 3, 4, 5, 6, 7, 8};
        this.iterationCount = 103;
        this.managerServiceName = JaasSecurityManagerServiceMBean.OBJECT_NAME;
        this.trustStoreType = "JKS";
        this.securityManagement = SecurityConstantsBridge.getSecurityManagement();
    }

    public JaasSecurityDomain(String str) {
        this(str, new JBossCallbackHandler());
    }

    public JaasSecurityDomain(String str, CallbackHandler callbackHandler) {
        super(str, callbackHandler);
        this.keyStoreType = "JKS";
        this.cipherAlgorithm = "PBEwithMD5andDES";
        this.salt = new byte[]{1, 2, 3, 4, 5, 6, 7, 8};
        this.iterationCount = 103;
        this.managerServiceName = JaasSecurityManagerServiceMBean.OBJECT_NAME;
        this.trustStoreType = "JKS";
        this.securityManagement = SecurityConstantsBridge.getSecurityManagement();
    }

    @Override // org.jboss.security.plugins.JaasSecurityManager
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security domain name")
    @ManagementObjectID(type = "SecurityDomain")
    public String getSecurityDomain() {
        return super.getSecurityDomain();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore implementation type - default is JKS")
    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore location")
    public String getKeyStoreURL() {
        String str = null;
        if (this.keyStoreURL != null) {
            str = this.keyStoreURL.toExternalForm();
        }
        return str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreURL(String str) throws IOException {
        this.keyStoreURL = validateStoreURL(str);
        this.log.debug("Using KeyStore=" + this.keyStoreURL.toExternalForm());
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore password", mandatory = true)
    public void setKeyStorePass(String str) throws Exception {
        this.keyStorePassword = Util.loadPassword(str);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The keystore alias with the certificate to be used")
    public String getKeyStoreAlias() {
        return this.keyStoreAlias;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreAlias(String str) {
        this.keyStoreAlias = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore implementation type - default is JKS")
    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore location")
    public String getTrustStoreURL() {
        String str = null;
        if (this.trustStoreURL != null) {
            str = this.trustStoreURL.toExternalForm();
        }
        return str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreURL(String str) throws IOException {
        this.trustStoreURL = validateStoreURL(str);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The truststore password")
    public void setTrustStorePass(String str) throws Exception {
        this.trustStorePassword = Util.loadPassword(str);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The salt for password-based encryption (PBE)")
    public void setSalt(String str) {
        this.salt = str.getBytes();
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The iteration count for password-based encryption (PBE)")
    public void setIterationCount(int i) {
        this.iterationCount = i;
    }

    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The cipher algorithm used in the encode/decode operations - default is PBEwithMD5andDES")
    public String getCipherAlgorithm() {
        return this.cipherAlgorithm;
    }

    public void setCipherAlgorithm(String str) {
        this.cipherAlgorithm = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The object name of the security manager service")
    public ObjectName getManagerServiceName() {
        return this.managerServiceName;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setManagerServiceName(ObjectName objectName) {
        this.managerServiceName = objectName;
    }

    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security manager service bean where this domain is registered")
    public ISecurityManagement getSecurityManagement() {
        return this.securityManagement;
    }

    public void setSecurityManagement(ISecurityManagement iSecurityManagement) {
        this.securityManagement = iSecurityManagement;
    }

    public String getName() {
        return "JaasSecurityDomain(" + getSecurityDomain() + ")";
    }

    @ManagementOperation(description = "Get the KeyStore constructed by this domain", impact = ManagedOperation.Impact.ReadOnly)
    public KeyStore getKeyStore() throws SecurityException {
        return this.keyStore;
    }

    @ManagementOperation(description = "Get the KeyManagerFactory constructed by this domain", impact = ManagedOperation.Impact.ReadOnly)
    public KeyManagerFactory getKeyManagerFactory() throws SecurityException {
        return this.keyMgr;
    }

    @ManagementOperation(description = "Get the TrustStore constructed by this domain", impact = ManagedOperation.Impact.ReadOnly)
    public KeyStore getTrustStore() throws SecurityException {
        return this.trustStore;
    }

    @ManagementOperation(description = "Get the TrustManagerFactory constructed by this domain", impact = ManagedOperation.Impact.ReadOnly)
    public TrustManagerFactory getTrustManagerFactory() throws SecurityException {
        return this.trustMgr;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementOperation(description = "Encode a secret using the cipher algorithm and the KeyStore password", params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")}, impact = ManagedOperation.Impact.ReadOnly)
    public byte[] encode(byte[] bArr) throws Exception {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("Checking: " + encodePermission);
            }
            securityManager.checkPermission(encodePermission);
        }
        Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
        cipher.init(1, this.cipherKey, this.cipherSpec);
        return cipher.doFinal(bArr);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementOperation(description = "Decode a secret using the cipher algorithm and the KeyStore password", params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")}, impact = ManagedOperation.Impact.ReadOnly)
    public byte[] decode(byte[] bArr) throws Exception {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(decodePermission);
        }
        Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
        cipher.init(2, this.cipherKey, this.cipherSpec);
        return cipher.doFinal(bArr);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementOperation(description = "Encode a secret as a base64 string using the cipher algorithm and the KeyStore password", params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")}, impact = ManagedOperation.Impact.ReadOnly)
    public String encode64(byte[] bArr) throws Exception {
        return CryptoUtil.tob64(encode(bArr));
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementOperation(description = "Decode a base64 secret using the cipher algorithm and the KeyStore password", params = {@ManagementParameter(name = "secret", description = "The secret to be encoded")}, impact = ManagedOperation.Impact.ReadOnly)
    public byte[] decode64(String str) throws Exception {
        byte[] fromb64 = CryptoUtil.fromb64(str);
        if (fromb64.length % 8 != 0) {
            int length = fromb64.length;
            int i = ((length / 8) + 1) * 8;
            int i2 = i - length;
            fromb64 = new byte[i];
            for (int length2 = fromb64.length - 1; length2 >= 0; length2--) {
                fromb64[length2 + i2] = fromb64[length2];
            }
        }
        return decode(fromb64);
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security provider of the KeyManagerFactory")
    public String getKeyManagerFactoryProvider() {
        return this.keyMgrFactoryProvider;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyManagerFactoryProvider(String str) {
        this.keyMgrFactoryProvider = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security provider of the KeyStore")
    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreProvider(String str) {
        this.keyStoreProvider = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security provider of the TrustManagerFactory")
    public String getTrustManagerFactoryProvider() {
        return this.trustMgrFactoryProvider;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustManagerFactoryProvider(String str) {
        this.trustMgrFactoryProvider = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The security provider of the TrustStore")
    public String getTrustStoreProvider() {
        return this.trustStoreProvider;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreProvider(String str) {
        this.trustStoreProvider = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The algorithm of the KeyManagerFactory")
    public String getKeyManagerFactoryAlgorithm() {
        return this.keyMgrFactoryAlgorithm;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyManagerFactoryAlgorithm(String str) {
        this.keyMgrFactoryAlgorithm = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The algorithm of the TrustManagerFactory")
    public String getTrustManagerFactoryAlgorithm() {
        return this.trustMgrFactoryAlgorithm;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustManagerFactoryAlgorithm(String str) {
        this.trustMgrFactoryAlgorithm = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The argument of the KeyStore provider constructor")
    public String getKeyStoreProviderArgument() {
        return this.keyStoreProviderArgument;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setKeyStoreProviderArgument(String str) {
        this.keyStoreProviderArgument = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementProperty(use = {ViewUse.CONFIGURATION}, description = "The argument of the TrustStore provider constructor")
    public String getTrustStoreProviderArgument() {
        return this.trustStoreProviderArgument;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    public void setTrustStoreProviderArgument(String str) {
        this.trustStoreProviderArgument = str;
    }

    @Override // org.jboss.security.plugins.JaasSecurityDomainMBean
    @ManagementOperation(description = "Reload the key and trust stores", impact = ManagedOperation.Impact.WriteOnly)
    public void reloadKeyAndTrustStore() throws Exception {
        loadKeyAndTrustStore();
    }

    @ManagementOperation(description = "Service lifecycle operation", impact = ManagedOperation.Impact.WriteOnly)
    protected void startService() throws Exception {
        loadPBESecretKey();
        loadKeyAndTrustStore();
        if (this.managerServiceName != null) {
            MBeanServerLocator.locateJBoss().invoke(this.managerServiceName, "registerSecurityDomain", new Object[]{getSecurityDomain(), this}, new String[]{"java.lang.String", "org.jboss.security.SecurityDomain"});
        }
        if (this.securityManagement instanceof JNDIBasedSecurityManagement) {
            ((JNDIBasedSecurityManagement) this.securityManagement).registerJaasSecurityDomainInstance(this);
        }
    }

    @ManagementOperation(description = "Service lifecycle operation", impact = ManagedOperation.Impact.WriteOnly)
    protected void stopService() {
        if (this.keyStorePassword != null) {
            Arrays.fill(this.keyStorePassword, (char) 0);
            this.keyStorePassword = null;
        }
        this.cipherKey = null;
        if (this.securityManagement instanceof JNDIBasedSecurityManagement) {
            ((JNDIBasedSecurityManagement) this.securityManagement).deregisterJaasSecurityDomainInstance(getSecurityDomain());
        }
    }

    private void loadPBESecretKey() throws Exception {
        this.cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        this.cipherKey = SecretKeyFactory.getInstance("PBEwithMD5andDES").generateSecret(new PBEKeySpec(this.keyStorePassword));
    }

    private void loadKeyAndTrustStore() throws Exception {
        if (this.keyStorePassword != null) {
            if (this.keyStoreProvider == null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType);
            } else if (this.keyStoreProviderArgument != null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, (Provider) Thread.currentThread().getContextClassLoader().loadClass(this.keyStoreProvider).getConstructor(String.class).newInstance(this.keyStoreProviderArgument));
            } else {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
            }
            InputStream inputStream = null;
            if ((!"PKCS11".equalsIgnoreCase(this.keyStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(this.keyStoreType)) && this.keyStoreURL != null) {
                inputStream = this.keyStoreURL.openStream();
            }
            this.keyStore.load(inputStream, this.keyStorePassword);
            if (this.keyStoreAlias != null && !this.keyStore.isKeyEntry(this.keyStoreAlias)) {
                throw new IOException("Cannot find key entry with alias " + this.keyStoreAlias + " in the keyStore");
            }
            String defaultAlgorithm = this.keyMgrFactoryAlgorithm != null ? this.keyMgrFactoryAlgorithm : KeyManagerFactory.getDefaultAlgorithm();
            if (this.keyMgrFactoryProvider != null) {
                this.keyMgr = KeyManagerFactory.getInstance(defaultAlgorithm, this.keyMgrFactoryProvider);
            } else {
                this.keyMgr = KeyManagerFactory.getInstance(defaultAlgorithm);
            }
            this.keyMgr.init(this.keyStore, this.keyStorePassword);
            if (this.keyStoreAlias != null) {
                KeyManager[] keyManagers = this.keyMgr.getKeyManagers();
                for (int i = 0; i < keyManagers.length; i++) {
                    keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], this.keyStoreAlias);
                }
            }
        }
        if (this.trustStorePassword == null) {
            if (this.keyStore != null) {
                this.trustStore = this.keyStore;
                this.trustMgr = TrustManagerFactory.getInstance(this.trustMgrFactoryAlgorithm != null ? this.trustMgrFactoryAlgorithm : TrustManagerFactory.getDefaultAlgorithm());
                this.trustMgr.init(this.trustStore);
                return;
            }
            return;
        }
        if (this.trustStoreProvider == null) {
            this.trustStore = KeyStore.getInstance(this.trustStoreType);
        } else if (this.trustStoreProviderArgument != null) {
            this.trustStore = KeyStore.getInstance(this.trustStoreType, (Provider) Thread.currentThread().getContextClassLoader().loadClass(this.trustStoreProvider).getConstructor(String.class).newInstance(this.trustStoreProviderArgument));
        } else {
            this.trustStore = KeyStore.getInstance(this.trustStoreType, this.trustStoreProvider);
        }
        InputStream inputStream2 = null;
        if ((!"PKCS11".equalsIgnoreCase(this.trustStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(this.trustStoreType)) && this.trustStoreURL != null) {
            inputStream2 = this.trustStoreURL.openStream();
        }
        this.trustStore.load(inputStream2, this.trustStorePassword);
        String defaultAlgorithm2 = this.trustMgrFactoryAlgorithm != null ? this.trustMgrFactoryAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
        if (this.trustMgrFactoryProvider != null) {
            this.trustMgr = TrustManagerFactory.getInstance(defaultAlgorithm2, this.trustStoreProvider);
        } else {
            this.trustMgr = TrustManagerFactory.getInstance(defaultAlgorithm2);
        }
        this.trustMgr.init(this.trustStore);
    }

    private URL validateStoreURL(String str) throws IOException {
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
        }
        if (url == null) {
            File file = new File(str);
            if (file.exists()) {
                url = file.toURL();
            }
        }
        if (url == null) {
            url = SubjectActions.getContextClassLoader().getResource(str);
        }
        if (url == null) {
            throw new MalformedURLException("Failed to find url=" + str + " as a URL, file or resource");
        }
        return url;
    }
}
