package org.opends.server.extensions;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.server.FileBasedTrustManagerProviderCfg;
import org.forgerock.opendj.server.config.server.TrustManagerProviderCfg;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.util.ExpirationCheckTrustManager;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/FileBasedTrustManagerProvider.class */
public class FileBasedTrustManagerProvider extends TrustManagerProvider<FileBasedTrustManagerProviderCfg> implements ConfigurationChangeListener<FileBasedTrustManagerProviderCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private char[] trustStorePIN;
    private FileBasedTrustManagerProviderCfg currentConfig;
    private String trustStoreFile;
    private String trustStoreType;

    @Override // org.opends.server.api.TrustManagerProvider
    public void initializeTrustManagerProvider(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg) throws ConfigException, InitializationException {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        this.currentConfig = fileBasedTrustManagerProviderCfg;
        this.trustStoreFile = getTrustStoreFile(fileBasedTrustManagerProviderCfg, configChangeResult);
        this.trustStoreType = getTrustStoreType(fileBasedTrustManagerProviderCfg, configChangeResult);
        this.trustStorePIN = getTrustStorePIN(fileBasedTrustManagerProviderCfg, configChangeResult);
        if (!configChangeResult.getMessages().isEmpty()) {
            throw new InitializationException(configChangeResult.getMessages().get(0));
        }
        fileBasedTrustManagerProviderCfg.addFileBasedChangeListener(this);
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public void finalizeTrustManagerProvider() {
        this.currentConfig.removeFileBasedChangeListener(this);
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public TrustManager[] getTrustManagers() throws DirectoryException {
        try {
            FileInputStream fileInputStream = new FileInputStream(StaticUtils.getFileForPath(this.trustStoreFile));
            try {
                KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
                keyStore.load(fileInputStream, this.trustStorePIN);
                fileInputStream.close();
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    TrustManager[] trustManagerArr = new TrustManager[trustManagers.length];
                    if (com.forgerock.opendj.util.StaticUtils.isFips()) {
                        trustManagerArr = trustManagers;
                    } else {
                        for (int i = 0; i < trustManagers.length; i++) {
                            trustManagerArr[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
                        }
                    }
                    return trustManagerArr;
                } catch (Exception e) {
                    logger.traceException(e);
                    throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_FILE_TRUSTMANAGER_CANNOT_CREATE_FACTORY.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
                }
            } finally {
            }
        } catch (Exception e2) {
            logger.traceException(e2);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_FILE_TRUSTMANAGER_CANNOT_LOAD.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public boolean isConfigurationAcceptable(TrustManagerProviderCfg trustManagerProviderCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((FileBasedTrustManagerProviderCfg) trustManagerProviderCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg, List<LocalizableMessage> list) {
        int size = list.size();
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        getTrustStoreFile(fileBasedTrustManagerProviderCfg, configChangeResult);
        getTrustStoreType(fileBasedTrustManagerProviderCfg, configChangeResult);
        getTrustStorePIN(fileBasedTrustManagerProviderCfg, configChangeResult);
        list.addAll(configChangeResult.getMessages());
        return size == list.size();
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        String trustStoreFile = getTrustStoreFile(fileBasedTrustManagerProviderCfg, configChangeResult);
        String trustStoreType = getTrustStoreType(fileBasedTrustManagerProviderCfg, configChangeResult);
        char[] trustStorePIN = getTrustStorePIN(fileBasedTrustManagerProviderCfg, configChangeResult);
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS) {
            this.currentConfig = fileBasedTrustManagerProviderCfg;
            this.trustStorePIN = trustStorePIN;
            this.trustStoreFile = trustStoreFile;
            this.trustStoreType = trustStoreType;
        }
        return configChangeResult;
    }

    private String getTrustStoreFile(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg, ConfigChangeResult configChangeResult) {
        String trustStoreFile = fileBasedTrustManagerProviderCfg.getTrustStoreFile();
        File fileForPath = StaticUtils.getFileForPath(trustStoreFile);
        if (!fileForPath.exists() || !fileForPath.isFile()) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(ExtensionMessages.ERR_FILE_TRUSTMANAGER_NO_SUCH_FILE.get(trustStoreFile, fileBasedTrustManagerProviderCfg.dn()));
        }
        return trustStoreFile;
    }

    private String getTrustStoreType(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg, ConfigChangeResult configChangeResult) {
        String trustStoreType = fileBasedTrustManagerProviderCfg.getTrustStoreType();
        if (trustStoreType != null) {
            try {
                KeyStore.getInstance(trustStoreType);
                return trustStoreType;
            } catch (KeyStoreException e) {
                logger.traceException(e);
                configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
                configChangeResult.addMessage(ExtensionMessages.ERR_FILE_TRUSTMANAGER_INVALID_TYPE.get(trustStoreType, fileBasedTrustManagerProviderCfg.dn(), StaticUtils.getExceptionMessage(e)));
            }
        }
        return KeyStore.getDefaultType();
    }

    private char[] getTrustStorePIN(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg, ConfigChangeResult configChangeResult) {
        try {
            return FileBasedKeyManagerProvider.getKeyStorePIN(fileBasedTrustManagerProviderCfg.getTrustStorePinProperty(), fileBasedTrustManagerProviderCfg.getTrustStorePinEnvironmentVariable(), fileBasedTrustManagerProviderCfg.getTrustStorePinFile(), fileBasedTrustManagerProviderCfg.getTrustStorePin(), fileBasedTrustManagerProviderCfg.dn(), ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY);
        } catch (InitializationException e) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
            return null;
        }
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(FileBasedTrustManagerProviderCfg fileBasedTrustManagerProviderCfg, List list) {
        return isConfigurationChangeAcceptable2(fileBasedTrustManagerProviderCfg, (List<LocalizableMessage>) list);
    }
}
