package org.jboss.security.ssl;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.jboss.beans.metadata.api.annotations.FactoryMethod;
import org.jboss.logging.Logger;
import org.jboss.security.Util;
import org.jboss.security.plugins.SecurityKeyManager;

/* loaded from: input_file:org/jboss/security/ssl/JBossSSLConfiguration.class */
public class JBossSSLConfiguration {
    private Provider provider;
    private String keyStoreType;
    private URL keyStoreURL;
    private char[] keyStorePass;
    private String keyStoreAlias;
    private String keyStoreProvider;
    private String keyStoreProviderArgument;
    private KeyStore keyStore;
    private String trustStoreType;
    private URL trustStoreURL;
    private char[] trustStorePass;
    private String trustStoreProvider;
    private String trustStoreProviderArgument;
    private KeyStore trustStore;
    private static JBossSSLConfiguration singleton;
    private static Logger log = Logger.getLogger(JBossSSLConfiguration.class);

    private JBossSSLConfiguration() {
    }

    @FactoryMethod
    public static JBossSSLConfiguration getInstance() {
        if (singleton == null) {
            singleton = new JBossSSLConfiguration();
        }
        return singleton;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public String getKeyStoreURL() {
        String str = null;
        if (this.keyStoreURL != null) {
            str = this.keyStoreURL.toExternalForm();
        }
        return str;
    }

    public void setKeyStoreURL(String str) throws IOException {
        this.keyStoreURL = validateStoreURL(str);
    }

    public void setKeyStorePassword(String str) throws Exception {
        this.keyStorePass = Util.loadPassword(str);
    }

    public String getKeyStoreAlias() {
        return this.keyStoreAlias;
    }

    public void setKeyStoreAlias(String str) {
        this.keyStoreAlias = str;
    }

    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    public void setKeyStoreProvider(String str) {
        this.keyStoreProvider = str;
    }

    public String getKeyStoreProviderArgument() {
        return this.keyStoreProviderArgument;
    }

    public void setKeyStoreProviderArgument(String str) {
        this.keyStoreProviderArgument = str;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    public String getTrustStoreURL() {
        String str = null;
        if (this.trustStoreURL != null) {
            str = this.trustStoreURL.toExternalForm();
        }
        return str;
    }

    public void setTrustStoreURL(String str) throws IOException {
        this.trustStoreURL = validateStoreURL(str);
    }

    public void setTrustStorePassword(String str) throws Exception {
        this.trustStorePass = Util.loadPassword(str);
    }

    public String getTrustStoreProvider() {
        return this.trustStoreProvider;
    }

    public void setTrustStoreProvider(String str) {
        this.trustStoreProvider = str;
    }

    public String getTrustStoreProviderArgument() {
        return this.trustStoreProviderArgument;
    }

    public void setTrustStoreProviderArgument(String str) {
        this.trustStoreProviderArgument = str;
    }

    public void start() throws Exception {
        this.provider = new JBossProvider();
        addProvider(this.provider);
        if (this.keyStorePass != null) {
            if (this.keyStoreType == null) {
                this.keyStoreType = KeyStore.getDefaultType();
            }
            if (this.keyStoreProvider == null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType);
            } else if (this.keyStoreProviderArgument != null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, (Provider) getContextClassLoader().loadClass(this.keyStoreProvider).getConstructor(String.class).newInstance(this.keyStoreProviderArgument));
            } else {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
            }
            InputStream inputStream = null;
            if ((!"PKCS11".equalsIgnoreCase(this.keyStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(this.keyStoreType)) && this.keyStoreURL != null) {
                inputStream = this.keyStoreURL.openStream();
            }
            this.keyStore.load(inputStream, this.keyStorePass);
            if (this.keyStoreAlias != null && !this.keyStore.isKeyEntry(this.keyStoreAlias)) {
                throw new IOException("Cannot find key entry with alias " + this.keyStoreAlias + " in the keyStore");
            }
        }
        if (this.trustStorePass != null) {
            if (this.trustStoreType == null) {
                this.trustStoreType = KeyStore.getDefaultType();
            }
            if (this.trustStoreProvider == null) {
                this.trustStore = KeyStore.getInstance(this.trustStoreType);
            } else if (this.trustStoreProviderArgument != null) {
                this.trustStore = KeyStore.getInstance(this.trustStoreType, (Provider) getContextClassLoader().loadClass(this.trustStoreProvider).getConstructor(String.class).newInstance(this.trustStoreProviderArgument));
            } else {
                this.trustStore = KeyStore.getInstance(this.trustStoreType, this.trustStoreProvider);
            }
            InputStream inputStream2 = null;
            if ((!"PKCS11".equalsIgnoreCase(this.trustStoreType) || !"PKCS11IMPLKS".equalsIgnoreCase(this.trustStoreType)) && this.trustStoreURL != null) {
                inputStream2 = this.trustStoreURL.openStream();
            }
            this.trustStore.load(inputStream2, this.trustStorePass);
        }
    }

    public void stop() {
        if (this.provider != null) {
            removeProvider(this.provider);
        }
    }

    public void initializeKeyManagerFactory(KeyManagerFactory keyManagerFactory) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (this.keyStore == null) {
            throw new KeyStoreException("Global keystore is not correctly initialized");
        }
        if (log.isTraceEnabled()) {
            log.trace("Using global keystore configuration");
        }
        keyManagerFactory.init(this.keyStore, this.keyStorePass);
    }

    public KeyManager[] getKeyManagers(KeyManagerFactory keyManagerFactory) {
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (this.keyStoreAlias != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], this.keyStoreAlias);
            }
        }
        return keyManagers;
    }

    public void initializeTrustManagerFactory(TrustManagerFactory trustManagerFactory, KeyStore keyStore) throws KeyStoreException {
        if (this.trustStore == null) {
            if (log.isTraceEnabled()) {
                log.trace("Global truststore is not correctly initialized. Using local truststore configuration");
            }
            trustManagerFactory.init(keyStore);
        } else {
            if (log.isTraceEnabled()) {
                log.trace("Using global truststore configuration");
            }
            trustManagerFactory.init(this.trustStore);
        }
    }

    public void initializeTrustManagerFactory(TrustManagerFactory trustManagerFactory, ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (this.trustStore == null) {
            if (log.isTraceEnabled()) {
                log.trace("Global truststore is not correctly initialized. Using local truststore configuration");
            }
            trustManagerFactory.init(managerFactoryParameters);
            return;
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
        PKIXBuilderParameters pKIXBuilderParameters2 = null;
        try {
            pKIXBuilderParameters2 = new PKIXBuilderParameters(this.trustStore, new X509CertSelector());
            pKIXBuilderParameters2.setAnyPolicyInhibited(pKIXBuilderParameters.isAnyPolicyInhibited());
            pKIXBuilderParameters2.setCertPathCheckers(pKIXBuilderParameters.getCertPathCheckers());
            pKIXBuilderParameters2.setCertStores(pKIXBuilderParameters.getCertStores());
            pKIXBuilderParameters2.setDate(pKIXBuilderParameters.getDate());
            pKIXBuilderParameters2.setExplicitPolicyRequired(pKIXBuilderParameters.isExplicitPolicyRequired());
            pKIXBuilderParameters2.setInitialPolicies(pKIXBuilderParameters.getInitialPolicies());
            pKIXBuilderParameters2.setMaxPathLength(pKIXBuilderParameters.getMaxPathLength());
            pKIXBuilderParameters2.setPolicyMappingInhibited(pKIXBuilderParameters.isPolicyMappingInhibited());
            pKIXBuilderParameters2.setPolicyQualifiersRejected(pKIXBuilderParameters.getPolicyQualifiersRejected());
            pKIXBuilderParameters2.setRevocationEnabled(pKIXBuilderParameters.isRevocationEnabled());
            pKIXBuilderParameters2.setSigProvider(pKIXBuilderParameters.getSigProvider());
        } catch (KeyStoreException e) {
            log.error("Error initializing TrustManagerFactory", e);
        }
        if (log.isTraceEnabled()) {
            log.trace("Using global truststore configuration");
        }
        trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters2));
    }

    private URL validateStoreURL(String str) throws IOException {
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
        }
        if (url == null) {
            File file = new File(str);
            if (file.exists()) {
                url = file.toURI().toURL();
            }
        }
        if (url == null) {
            url = getContextClassLoader().getResource(str);
        }
        if (url == null) {
            throw new MalformedURLException("Failed to find url=" + str + " as a URL, file or resource");
        }
        return url;
    }

    private static ClassLoader getContextClassLoader() {
        return (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { // from class: org.jboss.security.ssl.JBossSSLConfiguration.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ClassLoader run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }

    private static Object addProvider(final Provider provider) {
        return AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.jboss.security.ssl.JBossSSLConfiguration.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Integer.valueOf(Security.insertProviderAt(provider, 1));
            }
        });
    }

    private static Object removeProvider(final Provider provider) {
        return AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.jboss.security.ssl.JBossSSLConfiguration.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                Security.removeProvider(provider.getName());
                return null;
            }
        });
    }
}
