package org.forgerock.opendj.security;

import com.forgerock.opendj.security.KeystoreMessages;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ConstraintViolationException;
import org.forgerock.opendj.ldap.Entries;
import org.forgerock.opendj.ldap.Entry;
import org.forgerock.opendj.ldap.EntryNotFoundException;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.requests.SearchRequest;
import org.forgerock.opendj.ldap.schema.SchemaConstants;
import org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.forgerock.util.Options;
import org.slf4j.Marker;

/* loaded from: input_file:org/forgerock/opendj/security/KeyStoreImpl.class */
final class KeyStoreImpl extends KeyStoreSpi {
    private static final LocalizedLogger logger = LocalizedLogger.getLocalizedLogger((Class<?>) KeyStoreImpl.class);
    private static final String[] SEARCH_ATTR_LIST = {Marker.ANY_MARKER, "createTimeStamp", "modifyTimeStamp"};
    private static final Filter FILTER_KEYSTORE_OBJECT = Filter.valueOf("(objectClass=ds-keystore-object)");
    private final OpenDJProvider provider;
    private KeyStoreParameters config;
    private KeyStoreObjectCache cache;
    private KeyProtector keyProtector;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreImpl(OpenDJProvider openDJProvider) {
        this.provider = openDJProvider;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        if (readKeyStoreObject != null) {
            return readKeyStoreObject.getKey(this.keyProtector, cArr);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        if (readKeyStoreObject != null) {
            return readKeyStoreObject.getCertificateChain();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        if (readKeyStoreObject != null) {
            return readKeyStoreObject.getCertificate();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        if (readKeyStoreObject != null) {
            return readKeyStoreObject.getCreationDate();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        writeKeyStoreObject(KeyStoreObject.newKeyObject(str, key, certificateArr, this.keyProtector, cArr));
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        if (readKeyStoreObject != null && !readKeyStoreObject.isTrustedCertificate()) {
            throw new LocalizedKeyStoreException(KeystoreMessages.KEYSTORE_KEY_ENTRY_ALREADY_EXISTS.get(str));
        }
        writeKeyStoreObject(KeyStoreObject.newTrustedCertificateObject(str, certificate));
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        try {
            Connection connection = this.config.getConnection();
            try {
                connection.delete(Requests.newDeleteRequest(KeyStoreObject.dnOf(this.config.getBaseDN(), str)));
                if (connection != null) {
                    connection.close();
                }
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (EntryNotFoundException e) {
        } catch (LdapException e2) {
            throw new LocalizedKeyStoreException(KeystoreMessages.KEYSTORE_DELETE_FAILURE.get(str), e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        SearchRequest newSearchRequest = Requests.newSearchRequest(this.config.getBaseDN(), SearchScope.SINGLE_LEVEL, FILTER_KEYSTORE_OBJECT, SchemaConstants.NO_ATTRIBUTES);
        try {
            Connection connection = this.config.getConnection();
            try {
                ConnectionEntryReader search = connection.search(newSearchRequest);
                try {
                    ArrayList arrayList = new ArrayList();
                    while (search.hasNext()) {
                        if (search.isEntry()) {
                            arrayList.add(aliasOf(search.readEntry()));
                        }
                    }
                    Enumeration<String> enumeration = Collections.enumeration(arrayList);
                    if (search != null) {
                        search.close();
                    }
                    if (connection != null) {
                        connection.close();
                    }
                    return enumeration;
                } catch (Throwable th) {
                    if (search != null) {
                        try {
                            search.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.warn(KeystoreMessages.KEYSTORE_READ_FAILURE.get(), e);
            return Collections.emptyEnumeration();
        }
    }

    private String aliasOf(Entry entry) {
        return entry.getName().rdn().getFirstAVA().getAttributeValue().toString();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return readKeyStoreObject(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        try {
            Connection connection = this.config.getConnection();
            try {
                int asInteger = connection.readEntry(this.config.getBaseDN(), "numSubordinates").parseAttribute("numSubordinates").asInteger(0);
                if (connection != null) {
                    connection.close();
                }
                return asInteger;
            } finally {
            }
        } catch (LdapException e) {
            logger.warn(KeystoreMessages.KEYSTORE_READ_FAILURE.get(), e);
            return 0;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        return (readKeyStoreObject == null || readKeyStoreObject.isTrustedCertificate()) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        KeyStoreObject readKeyStoreObject = readKeyStoreObject(str);
        return readKeyStoreObject != null && readKeyStoreObject.isTrustedCertificate();
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        SearchRequest newSearchRequest = Requests.newSearchRequest(this.config.getBaseDN(), SearchScope.SINGLE_LEVEL, Filter.and(FILTER_KEYSTORE_OBJECT, Filter.equality("ds-keystore-certificate;binary", getCertificateAssertion(certificate))), SchemaConstants.NO_ATTRIBUTES);
        try {
            Connection connection = this.config.getConnection();
            try {
                ConnectionEntryReader search = connection.search(newSearchRequest);
                do {
                    try {
                        if (!search.hasNext()) {
                            if (search != null) {
                                search.close();
                            }
                            if (connection != null) {
                                connection.close();
                            }
                            return null;
                        }
                    } catch (Throwable th) {
                        if (search != null) {
                            try {
                                search.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } while (!search.isEntry());
                String aliasOf = aliasOf(search.readEntry());
                if (search != null) {
                    search.close();
                }
                if (connection != null) {
                    connection.close();
                }
                return aliasOf;
            } finally {
            }
        } catch (IOException e) {
            logger.warn(KeystoreMessages.KEYSTORE_READ_FAILURE.get(), e);
            return null;
        }
    }

    private String getCertificateAssertion(Certificate certificate) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        return String.format("{serialNumber %s,issuer rdnSequence:\"%s\"}", x509Certificate.getSerialNumber(), x509Certificate.getIssuerX500Principal().getName().replaceAll("\"", "\"\""));
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
        if (outputStream != null) {
            throw new IllegalArgumentException("the LDAP key store is not file based");
        }
        engineStore(null);
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        if (inputStream != null) {
            throw new IllegalArgumentException("the LDAP key store is not file based");
        }
        if (this.provider.getDefaultConfig() == null || cArr == null || cArr.length == 0) {
            engineLoad(null);
            return;
        }
        KeyStoreParameters defaultConfig = this.provider.getDefaultConfig();
        engineLoad(KeyStoreParameters.newKeyStoreParameters(defaultConfig.getConnectionFactory(), defaultConfig.getBaseDN(), Options.copyOf(defaultConfig.getOptions()).set(KeyStoreParameters.GLOBAL_PASSWORD, OpenDJProvider.newClearTextPasswordFactory(cArr))));
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter != null) {
            try {
                this.config = (KeyStoreParameters) loadStoreParameter;
            } catch (ClassCastException e) {
                throw new IllegalArgumentException("load must be called with KeyStoreParameters class");
            }
        } else {
            if (this.provider.getDefaultConfig() == null) {
                throw new IllegalArgumentException("the LDAP key store must be configured using KeyStoreParameters or using the security provider's configuration file");
            }
            this.config = this.provider.getDefaultConfig();
        }
        this.keyProtector = new KeyProtector(this.config.getOptions());
        this.cache = (KeyStoreObjectCache) this.config.getOptions().get(KeyStoreParameters.CACHE);
    }

    private KeyStoreObject readKeyStoreObject(String str) {
        KeyStoreObject readCache = readCache(str);
        if (readCache != null) {
            return readCache;
        }
        try {
            try {
                Connection connection = this.config.getConnection();
                try {
                    KeyStoreObject writeCache = writeCache(KeyStoreObject.valueOf(connection.readEntry(KeyStoreObject.dnOf(this.config.getBaseDN(), str), SEARCH_ATTR_LIST)));
                    if (connection != null) {
                        connection.close();
                    }
                    return writeCache;
                } catch (Throwable th) {
                    if (connection != null) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException | LocalizedKeyStoreException e) {
                logger.warn(KeystoreMessages.KEYSTORE_READ_ALIAS_FAILURE.get(str), e);
                return null;
            }
        } catch (EntryNotFoundException e2) {
            return null;
        }
    }

    private void writeKeyStoreObject(KeyStoreObject keyStoreObject) throws LocalizedKeyStoreException {
        try {
            Connection connection = this.config.getConnection();
            try {
                Entry lDAPEntry = keyStoreObject.toLDAPEntry(this.config.getBaseDN());
                try {
                    connection.add(lDAPEntry);
                } catch (ConstraintViolationException e) {
                    if (e.getResult().getResultCode() != ResultCode.ENTRY_ALREADY_EXISTS) {
                        throw e;
                    }
                    connection.modify(Entries.diffEntries(connection.readEntry(lDAPEntry.getName(), new String[0]), lDAPEntry));
                }
                writeCache(keyStoreObject);
                if (connection != null) {
                    connection.close();
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new LocalizedKeyStoreException(KeystoreMessages.KEYSTORE_UPDATE_ALIAS_FAILURE.get(keyStoreObject.getAlias()), e2);
        }
    }

    private KeyStoreObject writeCache(KeyStoreObject keyStoreObject) {
        this.cache.put(keyStoreObject);
        return keyStoreObject;
    }

    private KeyStoreObject readCache(String str) {
        return this.cache.get(str);
    }
}
