package org.jboss.security;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.jboss.security.plugins.SecurityKeyManager;

/* loaded from: input_file:org/jboss/security/JBossJSSESecurityDomain.class */
public class JBossJSSESecurityDomain implements JSSESecurityDomain {
    private KeyStore keyStore;
    private KeyManagerFactory keyManagerFactory;
    private KeyManager[] keyManagers;
    private URL keyStoreURL;
    private char[] keyStorePassword;
    private String keyStoreProvider;
    private String keyStoreProviderArgument;
    private String keyManagerFactoryProvider;
    private String keyManagerFactoryAlgorithm;
    private KeyStore trustStore;
    private TrustManagerFactory trustManagerFactory;
    private TrustManager[] trustManagers;
    private URL trustStoreURL;
    private char[] trustStorePassword;
    private String trustStoreProvider;
    private String trustStoreProviderArgument;
    private String trustManagerFactoryProvider;
    private String trustManagerFactoryAlgorithm;
    private String clientAlias;
    private String serverAlias;
    private boolean clientAuth;
    private char[] serviceAuthToken;
    private String[] cipherSuites;
    private String[] protocols;
    private Properties additionalProperties;
    private String name;
    private String keyStoreType = "JKS";
    private String trustStoreType = "JKS";

    public JBossJSSESecurityDomain(String str) {
        this.name = str;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public String getKeyStoreURL() {
        String str = null;
        if (this.keyStoreURL != null) {
            str = this.keyStoreURL.toExternalForm();
        }
        return str;
    }

    public void setKeyStoreURL(String str) throws IOException {
        this.keyStoreURL = validateStoreURL(str);
    }

    public String getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    public void setKeyStoreProvider(String str) {
        this.keyStoreProvider = str;
    }

    public String getKeyManagerFactoryProvider() {
        return this.keyManagerFactoryProvider;
    }

    public String getKeyStoreProviderArgument() {
        return this.keyStoreProviderArgument;
    }

    public void setKeyStoreProviderArgument(String str) {
        this.keyStoreProviderArgument = str;
    }

    public void setKeyManagerFactoryProvider(String str) {
        this.keyManagerFactoryProvider = str;
    }

    public String getKeyManagerFactoryAlgorithm() {
        return this.keyManagerFactoryAlgorithm;
    }

    public void setKeyManagerFactoryAlgorithm(String str) {
        this.keyManagerFactoryAlgorithm = str;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public void setTrustStoreType(String str) {
        this.trustStoreType = str;
    }

    public String getTrustStoreURL() {
        String str = null;
        if (this.trustStoreURL != null) {
            str = this.trustStoreURL.toExternalForm();
        }
        return str;
    }

    public void setTrustStoreURL(String str) throws IOException {
        this.trustStoreURL = validateStoreURL(str);
    }

    public String getTrustStoreProvider() {
        return this.trustStoreProvider;
    }

    public void setTrustStoreProvider(String str) {
        this.trustStoreProvider = str;
    }

    public String getTrustStoreProviderArgument() {
        return this.trustStoreProviderArgument;
    }

    public void setTrustStoreProviderArgument(String str) {
        this.trustStoreProviderArgument = str;
    }

    public String getTrustManagerFactoryProvider() {
        return this.trustManagerFactoryProvider;
    }

    public void setTrustManagerFactoryProvider(String str) {
        this.trustManagerFactoryProvider = str;
    }

    public String getTrustManagerFactoryAlgorithm() {
        return this.trustManagerFactoryAlgorithm;
    }

    public void setTrustManagerFactoryAlgorithm(String str) {
        this.trustManagerFactoryAlgorithm = str;
    }

    public String getClientAlias() {
        return this.clientAlias;
    }

    public void setClientAlias(String str) {
        this.clientAlias = str;
    }

    public String getServerAlias() {
        return this.serverAlias;
    }

    public void setServerAlias(String str) {
        this.serverAlias = str;
    }

    public boolean isClientAuth() {
        return this.clientAuth;
    }

    public void setClientAuth(boolean z) {
        this.clientAuth = z;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    public void setKeyStorePassword(String str) throws Exception {
        this.keyStorePassword = Util.loadPassword(str);
    }

    public void setTrustStorePassword(String str) throws Exception {
        this.trustStorePassword = Util.loadPassword(str);
    }

    public void setServiceAuthToken(String str) throws Exception {
        this.serviceAuthToken = Util.loadPassword(str);
    }

    public KeyManager[] getKeyManagers() throws SecurityException {
        return this.keyManagers;
    }

    public TrustManager[] getTrustManagers() throws SecurityException {
        return this.trustManagers;
    }

    public String getSecurityDomain() {
        return this.name;
    }

    public Key getKey(String str, String str2) throws Exception {
        PicketBoxLogger.LOGGER.traceJSSEDomainGetKey(str);
        Key key = this.keyStore.getKey(str, this.keyStorePassword);
        if (key == null || (key instanceof PublicKey)) {
            return key;
        }
        verifyServiceAuthToken(str2);
        return key;
    }

    public Certificate getCertificate(String str) throws Exception {
        PicketBoxLogger.LOGGER.traceJSSEDomainGetCertificate(str);
        return this.trustStore.getCertificate(str);
    }

    public void reloadKeyAndTrustStore() throws Exception {
        loadKeyAndTrustStore();
    }

    public String[] getCipherSuites() {
        return this.cipherSuites;
    }

    public void setCipherSuites(String str) {
        this.cipherSuites = str.split(",");
    }

    public String[] getProtocols() {
        return this.protocols;
    }

    public void setProtocols(String str) {
        this.protocols = str.split(",");
    }

    public Properties getAdditionalProperties() {
        return this.additionalProperties;
    }

    public void setAdditionalProperties(Properties properties) {
        this.additionalProperties = properties;
    }

    private URL validateStoreURL(String str) throws IOException {
        ClassLoader contextClassLoader;
        URL url = null;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
        }
        if (url == null) {
            File file = new File(str);
            if (file.exists()) {
                url = file.toURI().toURL();
            }
        }
        if (url == null && (contextClassLoader = SecurityActions.getContextClassLoader()) != null) {
            url = contextClassLoader.getResource(str);
        }
        if (url == null) {
            throw PicketBoxMessages.MESSAGES.failedToValidateURL(str);
        }
        return url;
    }

    private void verifyServiceAuthToken(String str) throws SecurityException {
        if (this.serviceAuthToken == null) {
            throw PicketBoxMessages.MESSAGES.missingServiceAuthToken(getSecurityDomain());
        }
        boolean z = true;
        char[] charArray = str.toCharArray();
        if (this.serviceAuthToken.length == charArray.length) {
            int i = 0;
            while (true) {
                if (i >= this.serviceAuthToken.length) {
                    break;
                }
                if (this.serviceAuthToken[i] != charArray[i]) {
                    z = false;
                    break;
                }
                i++;
            }
            if (z) {
                return;
            }
        }
        throw PicketBoxMessages.MESSAGES.failedToVerifyServiceAuthToken();
    }

    private void loadKeyAndTrustStore() throws Exception {
        if (this.keyStorePassword != null) {
            if (this.keyStoreProvider == null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType);
            } else if (this.keyStoreProviderArgument != null) {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, (Provider) SecurityActions.getContextClassLoader().loadClass(this.keyStoreProvider).getConstructor(String.class).newInstance(this.keyStoreProviderArgument));
            } else {
                this.keyStore = KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider);
            }
            try {
                if (("PKCS11".equalsIgnoreCase(this.keyStoreType) && "PKCS11IMPLKS".equalsIgnoreCase(this.keyStoreType)) || this.keyStoreURL == null) {
                    throw PicketBoxMessages.MESSAGES.invalidKeyStoreType(this.keyStoreType);
                }
                InputStream openStream = this.keyStoreURL.openStream();
                this.keyStore.load(openStream, this.keyStorePassword);
                safeClose(openStream);
                String defaultAlgorithm = this.keyManagerFactoryAlgorithm != null ? this.keyManagerFactoryAlgorithm : KeyManagerFactory.getDefaultAlgorithm();
                if (this.keyManagerFactoryProvider != null) {
                    this.keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm, this.keyManagerFactoryProvider);
                } else {
                    this.keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
                }
                this.keyManagerFactory.init(this.keyStore, this.keyStorePassword);
                this.keyManagers = this.keyManagerFactory.getKeyManagers();
                for (int i = 0; i < this.keyManagers.length; i++) {
                    this.keyManagers[i] = new SecurityKeyManager((X509KeyManager) this.keyManagers[i], this.serverAlias, this.clientAlias);
                }
            } catch (Throwable th) {
                safeClose(null);
                throw th;
            }
        }
        if (this.trustStorePassword == null) {
            if (this.keyStore != null) {
                this.trustStore = this.keyStore;
                this.trustManagerFactory = TrustManagerFactory.getInstance(this.trustManagerFactoryAlgorithm != null ? this.trustManagerFactoryAlgorithm : TrustManagerFactory.getDefaultAlgorithm());
                this.trustManagerFactory.init(this.trustStore);
                this.trustManagers = this.trustManagerFactory.getTrustManagers();
                return;
            }
            return;
        }
        if (this.trustStoreProvider == null) {
            this.trustStore = KeyStore.getInstance(this.trustStoreType);
        } else if (this.trustStoreProviderArgument != null) {
            this.trustStore = KeyStore.getInstance(this.trustStoreType, (Provider) Thread.currentThread().getContextClassLoader().loadClass(this.trustStoreProvider).getConstructor(String.class).newInstance(this.trustStoreProviderArgument));
        } else {
            this.trustStore = KeyStore.getInstance(this.trustStoreType, this.trustStoreProvider);
        }
        try {
            if (("PKCS11".equalsIgnoreCase(this.trustStoreType) && "PKCS11IMPLKS".equalsIgnoreCase(this.trustStoreType)) || this.trustStoreURL == null) {
                throw PicketBoxMessages.MESSAGES.invalidKeyStoreType(this.trustStoreType);
            }
            InputStream openStream2 = this.trustStoreURL.openStream();
            this.trustStore.load(openStream2, this.trustStorePassword);
            safeClose(openStream2);
            String defaultAlgorithm2 = this.trustManagerFactoryAlgorithm != null ? this.trustManagerFactoryAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
            if (this.trustManagerFactoryProvider != null) {
                this.trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm2, this.trustStoreProvider);
            } else {
                this.trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm2);
            }
            this.trustManagerFactory.init(this.trustStore);
            this.trustManagers = this.trustManagerFactory.getTrustManagers();
        } catch (Throwable th2) {
            safeClose(null);
            throw th2;
        }
    }

    private void safeClose(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (Exception e) {
            }
        }
    }
}
