package org.infinispan.server.configuration.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.util.EnumSet;
import java.util.Properties;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.attributes.AttributeDefinition;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.commons.configuration.attributes.ConfigurationElement;
import org.infinispan.configuration.parsing.ParseUtils;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.Attribute;
import org.infinispan.server.configuration.Element;
import org.infinispan.server.configuration.ServerConfigurationSerializer;
import org.infinispan.server.security.KeyStoreUtils;
import org.infinispan.server.security.ServerSecurityRealm;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.keystore.KeyStoreUtil;
import org.wildfly.security.provider.util.ProviderUtil;
import org.wildfly.security.ssl.SSLContextBuilder;

/* loaded from: input_file:org/infinispan/server/configuration/security/KeyStoreConfiguration.class */
public class KeyStoreConfiguration extends ConfigurationElement<KeyStoreConfiguration> {
    static final AttributeDefinition<String> ALIAS = AttributeDefinition.builder(Attribute.ALIAS, (Object) null, String.class).build();
    static final AttributeDefinition<String> GENERATE_SELF_SIGNED_CERTIFICATE_HOST = AttributeDefinition.builder(Attribute.GENERATE_SELF_SIGNED_CERTIFICATE_HOST, (Object) null, String.class).build();

    @Deprecated
    static final AttributeDefinition<Supplier<CredentialSource>> KEY_PASSWORD = AttributeDefinition.builder(Attribute.KEY_PASSWORD, (Object) null, Supplier.class).serializer(ServerConfigurationSerializer.CREDENTIAL).build();
    static final AttributeDefinition<Supplier<CredentialSource>> KEYSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, (Object) null, Supplier.class).serializer(ServerConfigurationSerializer.CREDENTIAL).build();
    static final AttributeDefinition<String> PATH = AttributeDefinition.builder(Attribute.PATH, (Object) null, String.class).build();
    static final AttributeDefinition<String> RELATIVE_TO = AttributeDefinition.builder(Attribute.RELATIVE_TO, Server.INFINISPAN_SERVER_CONFIG_PATH, String.class).autoPersist(false).build();
    static final AttributeDefinition<String> PROVIDER = AttributeDefinition.builder(Attribute.PROVIDER, (Object) null, String.class).build();
    static final AttributeDefinition<String> TYPE = AttributeDefinition.builder(Attribute.TYPE, (Object) null, String.class).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AttributeSet attributeDefinitionSet() {
        return new AttributeSet(KeyStoreConfiguration.class, new AttributeDefinition[]{ALIAS, GENERATE_SELF_SIGNED_CERTIFICATE_HOST, PATH, RELATIVE_TO, PROVIDER, KEY_PASSWORD, KEYSTORE_PASSWORD, TYPE});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreConfiguration(AttributeSet attributeSet) {
        super(Element.KEYSTORE, attributeSet, new ConfigurationElement[0]);
    }

    public void build(SSLContextBuilder sSLContextBuilder, Properties properties, EnumSet<ServerSecurityRealm.Feature> enumSet) {
        if (this.attributes.isModified()) {
            Provider[] discoverSecurityProviders = SecurityActions.discoverSecurityProviders(Thread.currentThread().getContextClassLoader());
            try {
                String str = (String) this.attributes.attribute(PROVIDER).get();
                KeyStore buildFilelessKeyStore = this.attributes.attribute(PATH).isNull() ? KeyStoreUtils.buildFilelessKeyStore(discoverSecurityProviders, str, (String) this.attributes.attribute(TYPE).get()) : buildKeyStore(discoverSecurityProviders, properties);
                String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
                Provider findProvider = ProviderUtil.findProvider(discoverSecurityProviders, str, KeyManagerFactory.class, defaultAlgorithm);
                KeyManagerFactory keyManagerFactory = findProvider != null ? KeyManagerFactory.getInstance(defaultAlgorithm, findProvider) : KeyManagerFactory.getInstance(defaultAlgorithm);
                char[] resolvePassword = CredentialStoresConfiguration.resolvePassword((org.infinispan.commons.configuration.attributes.Attribute<Supplier<CredentialSource>>) this.attributes.attribute(KEYSTORE_PASSWORD));
                char[] resolvePassword2 = CredentialStoresConfiguration.resolvePassword((org.infinispan.commons.configuration.attributes.Attribute<Supplier<CredentialSource>>) this.attributes.attribute(KEY_PASSWORD));
                keyManagerFactory.init(buildFilelessKeyStore, resolvePassword2 != null ? resolvePassword2 : resolvePassword);
                for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                    if (keyManager instanceof X509ExtendedKeyManager) {
                        sSLContextBuilder.setKeyManager((X509ExtendedKeyManager) keyManager);
                        enumSet.add(ServerSecurityRealm.Feature.ENCRYPT);
                        return;
                    }
                }
                throw Server.log.noDefaultKeyManager();
            } catch (Exception e) {
                throw new CacheConfigurationException(e);
            }
        }
    }

    private KeyStore buildKeyStore(Provider[] providerArr, Properties properties) throws GeneralSecurityException, IOException {
        String resolvePath = ParseUtils.resolvePath((String) this.attributes.attribute(PATH).get(), properties.getProperty((String) this.attributes.attribute(RELATIVE_TO).get()));
        String str = (String) this.attributes.attribute(GENERATE_SELF_SIGNED_CERTIFICATE_HOST).get();
        String str2 = (String) this.attributes.attribute(PROVIDER).get();
        char[] resolvePassword = CredentialStoresConfiguration.resolvePassword((org.infinispan.commons.configuration.attributes.Attribute<Supplier<CredentialSource>>) this.attributes.attribute(KEYSTORE_PASSWORD));
        char[] resolvePassword2 = CredentialStoresConfiguration.resolvePassword((org.infinispan.commons.configuration.attributes.Attribute<Supplier<CredentialSource>>) this.attributes.attribute(KEY_PASSWORD));
        String str3 = (String) this.attributes.attribute(ALIAS).get();
        if (!new File(resolvePath).exists() && str != null) {
            KeyStoreUtils.generateSelfSignedCertificate(resolvePath, str2, resolvePassword, resolvePassword2, str3, str);
        }
        KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(() -> {
            return providerArr;
        }, str2, new FileInputStream(resolvePath), resolvePath, resolvePassword);
        if (str3 != null) {
            if (!loadKeyStore.containsAlias(str3)) {
                throw Server.log.aliasNotInKeystore(str3, resolvePath);
            }
            loadKeyStore = FilteringKeyStore.filteringKeyStore(loadKeyStore, AliasFilter.fromString(str3));
        }
        return loadKeyStore;
    }
}
