package org.opends.server.tools;

import com.forgerock.opendj.cli.Argument;
import com.forgerock.opendj.cli.ArgumentConstants;
import com.forgerock.opendj.cli.ArgumentException;
import com.forgerock.opendj.cli.ArgumentParser;
import com.forgerock.opendj.cli.BooleanArgument;
import com.forgerock.opendj.cli.CliConstants;
import com.forgerock.opendj.cli.CliMessages;
import com.forgerock.opendj.cli.CommonArguments;
import com.forgerock.opendj.cli.FileBasedArgument;
import com.forgerock.opendj.cli.IntegerArgument;
import com.forgerock.opendj.cli.StringArgument;
import com.forgerock.opendj.cli.Utils;
import java.io.File;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.StringReader;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.Cipher;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.adapter.server3x.Converters;
import org.forgerock.opendj.config.DefaultBehaviorProvider;
import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
import org.forgerock.opendj.config.ManagedObjectDefinition;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.AttributeDescription;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.LinkedAttribute;
import org.forgerock.opendj.ldap.LinkedHashMapEntry;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.CoreSchema;
import org.forgerock.opendj.ldap.schema.Syntax;
import org.forgerock.opendj.server.config.client.BackendCfgClient;
import org.forgerock.opendj.server.config.meta.CryptoManagerCfgDefn;
import org.forgerock.opendj.server.config.server.BackendCfg;
import org.opends.messages.ConfigMessages;
import org.opends.messages.ToolMessages;
import org.opends.quicksetup.Installation;
import org.opends.quicksetup.installer.Installer;
import org.opends.server.config.ConfigConstants;
import org.opends.server.config.ConfigurationHandler;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.LockFileManager;
import org.opends.server.extensions.SaltedSHA512PasswordStorageScheme;
import org.opends.server.types.DirectoryEnvironmentConfig;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.NullOutputStream;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.LDIFReader;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/tools/ConfigureDS.class */
public class ConfigureDS {
    private static final boolean WRONG_USAGE = true;
    private static final String JCKES_KEY_MANAGER_DN = "cn=JCEKS,cn=Key Manager Providers,cn=config";
    private static final String JCKES_TRUST_MANAGER_DN = "cn=JCEKS,cn=Trust Manager Providers,cn=config";
    private static final String DN_ADMIN_TRUST_MANAGER = "cn=Administration,cn=Trust Manager Providers,cn=config";
    private static final String DN_ADMIN_KEY_MANAGER = "cn=Administration,cn=Key Manager Providers,cn=config";
    private static final String DN_LDAP_CONNECTION_HANDLER = "cn=LDAP Connection Handler,cn=Connection Handlers,cn=config";
    private static final String DN_ADMIN_CONNECTOR = "cn=Administration Connector,cn=config";
    private static final String DN_LDAPS_CONNECTION_HANDLER = "cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config";
    private static final String DN_HTTP_CONNECTION_HANDLER = "cn=HTTP Connection Handler,cn=Connection Handlers,cn=config";
    private static final String DN_JMX_CONNECTION_HANDLER = "cn=JMX Connection Handler,cn=Connection Handlers,cn=config";
    private static final String DN_ROOT_USER = "cn=Directory Manager,cn=Root DNs,cn=config";
    private static final String DN_CRYPTO_MANAGER = "cn=Crypto Manager,cn=config";
    private static final String DN_DIGEST_MD5_SASL_MECHANISM = "cn=DIGEST-MD5,cn=SASL Mechanisms,cn=config";
    private static final int SUCCESS = 0;
    private static final int ERROR = 1;
    private final String[] arguments;
    private final PrintStream out;
    private final PrintStream err;
    private BooleanArgument showUsage;
    private BooleanArgument enableStartTLS;
    private FileBasedArgument rootPasswordFile;
    private StringArgument hostName;
    private IntegerArgument ldapPort;
    private IntegerArgument adminConnectorPort;
    private IntegerArgument ldapsPort;
    private IntegerArgument jmxPort;
    private StringArgument baseDNString;
    private StringArgument configFile;
    private StringArgument rootDNString;
    private StringArgument rootPassword;
    private StringArgument keyManagerProviderDN;
    private StringArgument trustManagerProviderDN;
    private StringArgument certNickNames;
    private StringArgument keyManagerPath;
    private StringArgument serverRoot;
    private StringArgument backendType;
    private ConfigurationHandler configHandler;
    private static final String NEW_LINE = System.getProperty("line.separator");
    private static final String JCKES_KEY_MANAGER_LDIF_ENTRY = "dn: cn=JCEKS,cn=Key Manager Providers,cn=config" + NEW_LINE + "objectClass: top" + NEW_LINE + "objectClass: ds-cfg-key-manager-provider" + NEW_LINE + "objectClass: ds-cfg-file-based-key-manager-provider" + NEW_LINE + "cn: JCEKS" + NEW_LINE + "ds-cfg-java-class: org.opends.server.extensions.FileBasedKeyManagerProvider" + NEW_LINE + "ds-cfg-enabled: true" + NEW_LINE + "ds-cfg-key-store-type: JCEKS" + NEW_LINE + "ds-cfg-key-store-file: config/keystore.jceks" + NEW_LINE + "ds-cfg-key-store-pin-file: config/keystore.pin" + NEW_LINE;
    private static final String JCKES_TRUST_MANAGER_LDIF_ENTRY = "dn: cn=JCEKS,cn=Trust Manager Providers,cn=config" + NEW_LINE + "objectClass: top" + NEW_LINE + "objectClass: ds-cfg-trust-manager-provider" + NEW_LINE + "objectClass: ds-cfg-file-based-trust-manager-provider" + NEW_LINE + "cn: JCEKS" + NEW_LINE + "ds-cfg-java-class: org.opends.server.extensions.FileBasedTrustManagerProvider" + NEW_LINE + "ds-cfg-enabled: false" + NEW_LINE + "ds-cfg-trust-store-type: JCEKS" + NEW_LINE + "ds-cfg-trust-store-file: config/truststore" + NEW_LINE;
    private final String serverLockFileName = LockFileManager.getServerLockFileName();
    private final StringBuilder failureReason = new StringBuilder();
    private final ArgumentParser argParser = new ArgumentParser(ConfigureDS.class.getName(), ToolMessages.INFO_CONFIGDS_TOOL_DESCRIPTION.get(), false);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/tools/ConfigureDS$ConfigureDSException.class */
    public class ConfigureDSException extends Exception {
        private final int returnedErrorCode;
        private final LocalizableMessage errorMessage;
        private final boolean wrongUsage;

        ConfigureDSException(ConfigureDS configureDS, LocalizableMessage localizableMessage) {
            this(configureDS, new Exception("An error occured in ConfigureDS: " + ((Object) localizableMessage)), localizableMessage, false);
        }

        ConfigureDSException(ConfigureDS configureDS, Exception exc, LocalizableMessage localizableMessage) {
            this(configureDS, exc, localizableMessage, false);
        }

        ConfigureDSException(ConfigureDS configureDS, LocalizableMessage localizableMessage, boolean z) {
            this(configureDS, new Exception("An error occured in ConfigureDS: " + ((Object) localizableMessage)), localizableMessage, z);
        }

        ConfigureDSException(ConfigureDS configureDS, Exception exc, LocalizableMessage localizableMessage, boolean z) {
            this(exc, localizableMessage, z, 1);
        }

        ConfigureDSException(Exception exc, LocalizableMessage localizableMessage, boolean z, int i) {
            super(exc);
            this.errorMessage = localizableMessage;
            this.wrongUsage = z;
            this.returnedErrorCode = i;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public LocalizableMessage getErrorMessage() {
            return this.errorMessage;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isWrongUsage() {
            return this.wrongUsage;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getErrorCode() {
            return this.returnedErrorCode;
        }
    }

    public static void main(String[] strArr) {
        int configMain = configMain(strArr, System.out, System.err);
        if (configMain != 0) {
            System.exit(Utils.filterExitCode(configMain));
        }
    }

    public static int configMain(String[] strArr, OutputStream outputStream, OutputStream outputStream2) {
        return new ConfigureDS(strArr, outputStream, outputStream2).run();
    }

    private ConfigureDS(String[] strArr, OutputStream outputStream, OutputStream outputStream2) {
        this.arguments = strArr;
        this.out = NullOutputStream.wrapOrNullStream(outputStream);
        this.err = NullOutputStream.wrapOrNullStream(outputStream2);
    }

    private int run() {
        try {
            try {
                initializeArguments();
                parseArguments();
                if (this.argParser.usageOrVersionDisplayed()) {
                    LockFileManager.releaseLock(this.serverLockFileName, this.failureReason);
                    return 0;
                }
                checkArgumentsConsistency();
                checkPortArguments();
                tryAcquireExclusiveLocks();
                updateBaseDNs(parseProvidedBaseDNs());
                initializeDirectoryServer();
                DN parseRootDN = parseRootDN();
                String parseRootDNPassword = parseRootDNPassword();
                this.configHandler = DirectoryServer.getInstance().getServerContext().getConfigurationHandler();
                checkManagerProvider(this.keyManagerProviderDN, JCKES_KEY_MANAGER_DN, JCKES_KEY_MANAGER_LDIF_ENTRY, true);
                checkManagerProvider(this.trustManagerProviderDN, JCKES_TRUST_MANAGER_DN, JCKES_TRUST_MANAGER_LDIF_ENTRY, false);
                if (this.keyManagerPath.isPresent() && !this.keyManagerProviderDN.isPresent()) {
                    throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_KEYMANAGER_PROVIDER_DN_REQUIRED.get(this.keyManagerProviderDN.getLongIdentifier(), this.keyManagerPath.getLongIdentifier()));
                }
                updateLdapPort();
                updateAdminConnectorPort();
                updateLdapSecurePort();
                updateJMXport();
                updateStartTLS();
                updateKeyManager();
                updateTrustManager();
                updateRootUser(parseRootDN, parseRootDNPassword);
                addFQDNDigestMD5();
                updateCryptoCipher();
                Utils.printWrappedText(this.out, ToolMessages.INFO_CONFIGDS_WROTE_UPDATED_CONFIG.get());
                LockFileManager.releaseLock(this.serverLockFileName, this.failureReason);
                return 0;
            } catch (ConfigureDSException e) {
                if (e.isWrongUsage()) {
                    this.argParser.displayMessageAndUsageReference(this.err, e.getErrorMessage());
                } else {
                    Utils.printWrappedText(this.err, e.getErrorMessage());
                }
                int errorCode = e.getErrorCode();
                LockFileManager.releaseLock(this.serverLockFileName, this.failureReason);
                return errorCode;
            }
        } catch (Throwable th) {
            LockFileManager.releaseLock(this.serverLockFileName, this.failureReason);
            throw th;
        }
    }

    private void initializeArguments() throws ConfigureDSException {
        String str;
        try {
            this.configFile = StringArgument.builder(ArgumentConstants.OPTION_LONG_CONFIG_FILE).shortIdentifier('c').description(ToolMessages.INFO_DESCRIPTION_CONFIG_FILE.get()).hidden().required().valuePlaceholder(ToolMessages.INFO_CONFIGFILE_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            try {
                str = InetAddress.getLocalHost().getHostName();
            } catch (Exception e) {
                str = "localhost";
            }
            this.hostName = StringArgument.builder(ArgumentConstants.OPTION_LONG_HOST).shortIdentifier('h').description(ToolMessages.INFO_INSTALLDS_DESCRIPTION_HOST_NAME.get()).defaultValue(str).valuePlaceholder(ToolMessages.INFO_HOST_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.ldapPort = IntegerArgument.builder(ArgumentConstants.OPTION_LONG_LDAP_PORT).shortIdentifier('p').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_LDAP_PORT.get()).range(1, 65535).defaultValue(Integer.valueOf(CliConstants.DEFAULT_LDAP_PORT)).valuePlaceholder(ToolMessages.INFO_LDAPPORT_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.adminConnectorPort = IntegerArgument.builder(ArgumentConstants.OPTION_LONG_ADMIN_CONNECTOR_PORT).description(ToolMessages.INFO_INSTALLDS_DESCRIPTION_ADMINCONNECTORPORT.get()).range(1, 65535).defaultValue(4444).valuePlaceholder(CliMessages.INFO_PORT_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.ldapsPort = IntegerArgument.builder(ArgumentConstants.OPTION_LONG_LDAPS_PORT).shortIdentifier('P').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_LDAPS_PORT.get()).range(1, 65535).defaultValue(Integer.valueOf(CliConstants.DEFAULT_SSL_PORT)).valuePlaceholder(ToolMessages.INFO_LDAPPORT_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.enableStartTLS = BooleanArgument.builder(ArgumentConstants.OPTION_LONG_ENABLE_TLS).shortIdentifier('q').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_ENABLE_START_TLS.get()).buildAndAddToParser(this.argParser);
            this.jmxPort = IntegerArgument.builder(ArgumentConstants.OPTION_LONG_JMX_PORT).shortIdentifier('x').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_JMX_PORT.get()).range(1, 65535).defaultValue(Integer.valueOf(CliConstants.DEFAULT_JMX_PORT)).valuePlaceholder(CliMessages.INFO_JMXPORT_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.keyManagerProviderDN = StringArgument.builder("keyManagerProviderDN").shortIdentifier('k').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PROVIDER_DN.get()).valuePlaceholder(ToolMessages.INFO_KEY_MANAGER_PROVIDER_DN_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.trustManagerProviderDN = StringArgument.builder("trustManagerProviderDN").shortIdentifier('t').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_TRUSTMANAGER_PROVIDER_DN.get()).valuePlaceholder(ToolMessages.INFO_TRUST_MANAGER_PROVIDER_DN_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.keyManagerPath = StringArgument.builder("keyManagerPath").shortIdentifier('m').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PATH.get()).valuePlaceholder(ToolMessages.INFO_KEY_MANAGER_PATH_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.certNickNames = StringArgument.builder("certNickName").shortIdentifier('a').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_CERTNICKNAME.get()).multiValued().valuePlaceholder(ToolMessages.INFO_NICKNAME_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.baseDNString = StringArgument.builder(ArgumentConstants.OPTION_LONG_BASEDN).shortIdentifier('b').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_BASE_DN.get()).multiValued().defaultValue(Installation.DEFAULT_INTERACTIVE_BASE_DN).valuePlaceholder(ToolMessages.INFO_BASEDN_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.rootDNString = StringArgument.builder(ArgumentConstants.OPTION_LONG_ROOT_USER_DN).shortIdentifier('D').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_ROOT_DN.get()).defaultValue("cn=Directory Manager").valuePlaceholder(ToolMessages.INFO_ROOT_USER_DN_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.rootPassword = StringArgument.builder("rootPassword").shortIdentifier('w').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_ROOT_PW.get()).valuePlaceholder(ToolMessages.INFO_ROOT_USER_PWD_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.rootPasswordFile = FileBasedArgument.builder("rootPasswordFile").shortIdentifier('j').description(ToolMessages.INFO_CONFIGDS_DESCRIPTION_ROOT_PW_FILE.get()).valuePlaceholder(CliMessages.INFO_FILE_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.showUsage = CommonArguments.showUsageArgument();
            this.argParser.addArgument(this.showUsage);
            this.argParser.setUsageArgument(this.showUsage);
            this.serverRoot = StringArgument.builder(ArgumentConstants.OPTION_LONG_SERVER_ROOT).shortIdentifier(ArgumentConstants.OPTION_SHORT_SERVER_ROOT).hidden().valuePlaceholder(ToolMessages.INFO_SERVER_ROOT_DIR_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
            this.backendType = StringArgument.builder(ArgumentConstants.OPTION_LONG_BACKEND_TYPE).description(ToolMessages.INFO_INSTALLDS_DESCRIPTION_BACKEND_TYPE.get()).valuePlaceholder(ToolMessages.INFO_INSTALLDS_BACKEND_TYPE_PLACEHOLDER.get()).buildAndAddToParser(this.argParser);
        } catch (ArgumentException e2) {
            throw new ConfigureDSException(this, e2, ToolMessages.ERR_CANNOT_INITIALIZE_ARGS.get(e2.getMessage()));
        }
    }

    private int parseArguments() throws ConfigureDSException {
        try {
            this.argParser.parseArguments(this.arguments);
            return 0;
        } catch (ArgumentException e) {
            throw new ConfigureDSException(e, ToolMessages.ERR_ERROR_PARSING_ARGS.get(e.getMessage()), true, 89);
        }
    }

    private void checkArgumentsConsistency() throws ConfigureDSException {
        if (!this.baseDNString.isPresent() && !this.ldapPort.isPresent() && !this.jmxPort.isPresent() && !this.rootDNString.isPresent()) {
            throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_NO_CONFIG_CHANGES.get(), true);
        }
    }

    private void checkPortArguments() throws ConfigureDSException {
        try {
            IntegerArgument[] integerArgumentArr = {this.ldapPort, this.adminConnectorPort, this.ldapsPort, this.jmxPort};
            HashSet hashSet = new HashSet();
            for (IntegerArgument integerArgument : integerArgumentArr) {
                if (integerArgument.isPresent()) {
                    int intValue = integerArgument.getIntValue();
                    if (hashSet.contains(Integer.valueOf(intValue))) {
                        throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(Integer.valueOf(integerArgument.getIntValue())), true);
                    }
                    hashSet.add(Integer.valueOf(intValue));
                }
            }
        } catch (ArgumentException e) {
            throw new ConfigureDSException(this, e, ToolMessages.ERR_CANNOT_INITIALIZE_ARGS.get(e.getMessage()));
        }
    }

    private void initializeDirectoryServer() throws ConfigureDSException {
        if (this.serverRoot.isPresent()) {
            DirectoryEnvironmentConfig environmentConfig = DirectoryServer.getEnvironmentConfig();
            String value = this.serverRoot.getValue();
            try {
                environmentConfig.setServerRoot(new File(this.serverRoot.getValue()));
            } catch (InitializationException e) {
                ToolMessages.ERR_INITIALIZE_SERVER_ROOT.get(value, e.getMessageObject());
            }
        }
        DirectoryServer directoryServer = DirectoryServer.getInstance();
        DirectoryServer.bootstrapClient();
        try {
            DirectoryServer.initializeJMX();
            try {
                directoryServer.initializeConfiguration(this.configFile.getValue());
                try {
                    directoryServer.initializeSchema();
                } catch (Exception e2) {
                    throw new ConfigureDSException(this, e2, ToolMessages.ERR_CONFIGDS_CANNOT_INITIALIZE_SCHEMA.get(this.configFile.getValue(), e2.getMessage()));
                }
            } catch (Exception e3) {
                throw new ConfigureDSException(this, e3, ToolMessages.ERR_CONFIGDS_CANNOT_INITIALIZE_CONFIG.get(this.configFile.getValue(), e3.getMessage()));
            }
        } catch (Exception e4) {
            throw new ConfigureDSException(this, e4, ToolMessages.ERR_CONFIGDS_CANNOT_INITIALIZE_JMX.get(this.configFile.getValue(), e4.getMessage()));
        }
    }

    private void tryAcquireExclusiveLocks() throws ConfigureDSException {
        if (!LockFileManager.acquireExclusiveLock(this.serverLockFileName, this.failureReason)) {
            throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_CANNOT_ACQUIRE_SERVER_LOCK.get(this.serverLockFileName, this.failureReason));
        }
    }

    private LinkedList<DN> parseProvidedBaseDNs() throws ConfigureDSException {
        LinkedList<DN> linkedList = new LinkedList<>();
        if (this.baseDNString.isPresent()) {
            for (String str : this.baseDNString.getValues()) {
                try {
                    linkedList.add(DN.valueOf(str));
                } catch (Exception e) {
                    throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_PARSE_BASE_DN.get(str, e.getMessage()));
                }
            }
        }
        return linkedList;
    }

    private DN parseRootDN() throws ConfigureDSException {
        DN dn = null;
        if (this.rootDNString.isPresent()) {
            try {
                dn = DN.valueOf(this.rootDNString.getValue());
            } catch (LocalizedIllegalArgumentException e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_PARSE_ROOT_DN.get(this.rootDNString.getValue(), e.getMessageObject()));
            }
        }
        return dn;
    }

    private String parseRootDNPassword() throws ConfigureDSException {
        String str = null;
        if (this.rootDNString.isPresent()) {
            if (this.rootPassword.isPresent()) {
                str = this.rootPassword.getValue();
            } else {
                if (!this.rootPasswordFile.isPresent()) {
                    throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_NO_ROOT_PW.get());
                }
                str = this.rootPasswordFile.getValue();
            }
        }
        return str;
    }

    private void checkManagerProvider(Argument argument, String str, String str2, boolean z) throws ConfigureDSException {
        if (!argument.isPresent()) {
            return;
        }
        try {
            DN valueOf = DN.valueOf(this.trustManagerProviderDN.getValue());
            if (!valueOf.equals(DN.valueOf(str))) {
                try {
                    this.configHandler.getEntry(valueOf);
                    return;
                } catch (Exception e) {
                    throw new ConfigureDSException(this, e, z ? ConfigMessages.ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(e) : ConfigMessages.ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(e));
                }
            }
            LDIFReader lDIFReader = null;
            try {
                try {
                    lDIFReader = new LDIFReader(new LDIFImportConfig(new StringReader(str2)));
                    while (true) {
                        Entry readEntry = lDIFReader.readEntry();
                        if (readEntry == null) {
                            StaticUtils.close(lDIFReader);
                            return;
                        }
                        this.configHandler.addEntry(Converters.from(readEntry));
                    }
                } catch (Exception e2) {
                    throw new ConfigureDSException(this, e2, z ? ToolMessages.ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(e2) : ConfigMessages.ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(e2));
                }
            } catch (Throwable th) {
                StaticUtils.close(lDIFReader);
                throw th;
            }
        } catch (LocalizedIllegalArgumentException e3) {
            String value = this.trustManagerProviderDN.getValue();
            LocalizableMessage messageObject = e3.getMessageObject();
            throw new ConfigureDSException(this, e3, z ? ToolMessages.ERR_CONFIGDS_CANNOT_PARSE_KEYMANAGER_PROVIDER_DN.get(value, messageObject) : ToolMessages.ERR_CONFIGDS_CANNOT_PARSE_TRUSTMANAGER_PROVIDER_DN.get(value, messageObject));
        }
    }

    private void updateBaseDNs(List<DN> list) throws ConfigureDSException {
        if (list.isEmpty()) {
            return;
        }
        String value = this.backendType.getValue();
        BackendTypeHelper backendTypeHelper = new BackendTypeHelper();
        ManagedObjectDefinition<? extends BackendCfgClient, ? extends BackendCfg> retrieveBackendTypeFromName = backendTypeHelper.retrieveBackendTypeFromName(value);
        if (retrieveBackendTypeFromName == null) {
            throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_BACKEND_TYPE_UNKNOWN.get(value, backendTypeHelper.getPrintableBackendTypeNames()));
        }
        try {
            BackendCreationHelper.createBackendOffline(Installer.ROOT_BACKEND_NAME, list, retrieveBackendTypeFromName);
        } catch (Exception e) {
            throw new ConfigureDSException(this, ToolMessages.ERR_CONFIGDS_SET_BACKEND_TYPE.get(value, e.getMessage()));
        }
    }

    private void updateLdapPort() throws ConfigureDSException {
        if (this.ldapPort.isPresent()) {
            try {
                updateConfigEntryWithAttribute(DN_LDAP_CONNECTION_HANDLER, ConfigConstants.ATTR_LISTEN_PORT, CoreSchema.getIntegerSyntax(), Integer.valueOf(this.ldapPort.getIntValue()));
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_LDAP_PORT.get(e));
            }
        }
    }

    private void updateAdminConnectorPort() throws ConfigureDSException {
        if (this.adminConnectorPort.isPresent()) {
            try {
                updateConfigEntryWithAttribute(DN_ADMIN_CONNECTOR, ConfigConstants.ATTR_LISTEN_PORT, CoreSchema.getIntegerSyntax(), Integer.valueOf(this.adminConnectorPort.getIntValue()));
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_ADMIN_CONNECTOR_PORT.get(e));
            }
        }
    }

    private void updateLdapSecurePort() throws ConfigureDSException {
        if (this.ldapsPort.isPresent()) {
            try {
                updateConfigEntryWithAttribute(DN_LDAPS_CONNECTION_HANDLER, ConfigConstants.ATTR_LISTEN_PORT, CoreSchema.getIntegerSyntax(), Integer.valueOf(this.ldapsPort.getIntValue()));
                updateConfigEntryWithAttribute(DN_LDAPS_CONNECTION_HANDLER, "ds-cfg-enabled", CoreSchema.getBooleanSyntax(), ServerConstants.TRUE_VALUE);
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_LDAPS_PORT.get(e));
            }
        }
    }

    private void updateJMXport() throws ConfigureDSException {
        if (this.jmxPort.isPresent()) {
            try {
                updateConfigEntryWithAttribute(DN_JMX_CONNECTION_HANDLER, ConfigConstants.ATTR_LISTEN_PORT, CoreSchema.getIntegerSyntax(), Integer.valueOf(this.jmxPort.getIntValue()));
                updateConfigEntryWithAttribute(DN_JMX_CONNECTION_HANDLER, "ds-cfg-enabled", CoreSchema.getBooleanSyntax(), ServerConstants.TRUE_VALUE);
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_JMX_PORT.get(e));
            }
        }
    }

    private void updateStartTLS() throws ConfigureDSException {
        if (this.enableStartTLS.isPresent()) {
            try {
                updateConfigEntryWithAttribute(DN_LDAP_CONNECTION_HANDLER, ConfigConstants.ATTR_ALLOW_STARTTLS, CoreSchema.getBooleanSyntax(), ServerConstants.TRUE_VALUE);
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_ENABLE_STARTTLS.get(e));
            }
        }
    }

    private void updateKeyManager() throws ConfigureDSException {
        if (this.keyManagerProviderDN.isPresent()) {
            if (this.enableStartTLS.isPresent() || this.ldapsPort.isPresent()) {
                try {
                    updateConfigEntryWithAttribute(this.keyManagerProviderDN.getValue(), "ds-cfg-enabled", CoreSchema.getBooleanSyntax(), ServerConstants.TRUE_VALUE);
                } catch (Exception e) {
                    throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_ENABLE_KEYMANAGER.get(e));
                }
            }
            putKeyManagerConfigAttribute(this.enableStartTLS, DN_LDAP_CONNECTION_HANDLER);
            putKeyManagerConfigAttribute(this.ldapsPort, DN_LDAPS_CONNECTION_HANDLER);
            putKeyManagerConfigAttribute(this.ldapsPort, DN_HTTP_CONNECTION_HANDLER);
            if (this.keyManagerPath.isPresent()) {
                try {
                    updateConfigEntryWithAttribute(this.keyManagerProviderDN.getValue(), ConfigConstants.ATTR_KEYSTORE_FILE, CoreSchema.getDirectoryStringSyntax(), this.keyManagerPath.getValue());
                } catch (Exception e2) {
                    throw new ConfigureDSException(this, e2, LocalizableMessage.raw(e2.toString(), new Object[0]));
                }
            }
            if (com.forgerock.opendj.util.StaticUtils.isFips()) {
                putAdminKeyManagerConfigAttribute(this.keyManagerProviderDN, DN_ADMIN_KEY_MANAGER);
            }
        }
    }

    private void putKeyManagerConfigAttribute(Argument argument, String str) throws ConfigureDSException {
        if (argument.isPresent()) {
            try {
                updateConfigEntryWithAttribute(str, "ds-cfg-key-manager-provider", CoreSchema.getDirectoryStringSyntax(), this.keyManagerProviderDN.getValue());
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(e));
            }
        }
    }

    private void putAdminKeyManagerConfigAttribute(Argument argument, String str) throws ConfigureDSException {
        if (argument.isPresent()) {
            try {
                if (argument.getValue().toLowerCase().startsWith("cn=bcfks")) {
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_KEYSTORE_TYPE, CoreSchema.getDirectoryStringSyntax(), CertificateManager.KEY_STORE_TYPE_BCFKS);
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_KEYSTORE_FILE, CoreSchema.getDirectoryStringSyntax(), this.keyManagerPath.getValue());
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_KEYSTORE_PIN_FILE, CoreSchema.getDirectoryStringSyntax(), "config/keystore.pin");
                } else {
                    updateConfigEntryByRemovingAttribute(str, ConfigConstants.ATTR_KEYSTORE_TYPE);
                    updateConfigEntryByRemovingAttribute(str, ConfigConstants.ATTR_KEYSTORE_FILE);
                    updateConfigEntryWithObjectClasses(str, "top", "ds-cfg-pkcs11-key-manager-provider", "ds-cfg-key-manager-provider");
                    updateConfigEntryWithAttribute(str, "ds-cfg-java-class", CoreSchema.getDirectoryStringSyntax(), "org.opends.server.extensions.PKCS11KeyManagerProvider");
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_KEYSTORE_PIN_FILE, CoreSchema.getDirectoryStringSyntax(), "config/keystore.pin");
                }
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(e));
            }
        }
    }

    private void updateTrustManager() throws ConfigureDSException {
        if (this.trustManagerProviderDN.isPresent()) {
            if (this.enableStartTLS.isPresent() || this.ldapsPort.isPresent()) {
                try {
                    updateConfigEntryWithAttribute(this.trustManagerProviderDN.getValue(), "ds-cfg-enabled", CoreSchema.getBooleanSyntax(), ServerConstants.TRUE_VALUE);
                } catch (Exception e) {
                    throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_ENABLE_TRUSTMANAGER.get(e));
                }
            }
            putTrustManagerAttribute(this.enableStartTLS, DN_LDAP_CONNECTION_HANDLER);
            putTrustManagerAttribute(this.ldapsPort, DN_LDAPS_CONNECTION_HANDLER);
            putTrustManagerAttribute(this.ldapsPort, DN_HTTP_CONNECTION_HANDLER);
        }
        if (this.certNickNames.isPresent()) {
            List<String> values = this.certNickNames.getValues();
            updateCertNicknameEntry(this.ldapPort, DN_LDAP_CONNECTION_HANDLER, ConfigConstants.ATTR_SSL_CERT_NICKNAME, values);
            updateCertNicknameEntry(this.ldapsPort, DN_LDAPS_CONNECTION_HANDLER, ConfigConstants.ATTR_SSL_CERT_NICKNAME, values);
            updateCertNicknameEntry(this.certNickNames, DN_HTTP_CONNECTION_HANDLER, ConfigConstants.ATTR_SSL_CERT_NICKNAME, values);
            updateCertNicknameEntry(this.jmxPort, DN_JMX_CONNECTION_HANDLER, ConfigConstants.ATTR_SSL_CERT_NICKNAME, values);
        } else {
            removeSSLCertNicknameAttribute(DN_LDAP_CONNECTION_HANDLER);
            removeSSLCertNicknameAttribute(DN_LDAPS_CONNECTION_HANDLER);
            removeSSLCertNicknameAttribute(DN_HTTP_CONNECTION_HANDLER);
            removeSSLCertNicknameAttribute(DN_JMX_CONNECTION_HANDLER);
        }
        if (com.forgerock.opendj.util.StaticUtils.isFips()) {
            putAdminTrustManagerConfigAttribute(this.trustManagerProviderDN, DN_ADMIN_TRUST_MANAGER);
        }
    }

    private void putTrustManagerAttribute(Argument argument, String str) throws ConfigureDSException {
        if (argument.isPresent()) {
            try {
                updateConfigEntryWithAttribute(str, "ds-cfg-trust-manager-provider", CoreSchema.getDirectoryStringSyntax(), this.trustManagerProviderDN.getValue());
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(e));
            }
        }
    }

    private void putAdminTrustManagerConfigAttribute(Argument argument, String str) throws ConfigureDSException {
        if (this.keyManagerProviderDN.isPresent()) {
            try {
                if (this.keyManagerProviderDN.getValue().toLowerCase().startsWith("cn=bcfks")) {
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_TRUSTSTORE_TYPE, CoreSchema.getDirectoryStringSyntax(), CertificateManager.KEY_STORE_TYPE_BCFKS);
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_TRUSTSTORE_FILE, CoreSchema.getDirectoryStringSyntax(), this.keyManagerPath.getValue());
                    updateConfigEntryWithAttribute(str, ConfigConstants.ATTR_TRUSTSTORE_PIN_FILE, CoreSchema.getDirectoryStringSyntax(), "config/keystore.pin");
                }
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(e));
            }
        }
    }

    private void updateCertNicknameEntry(Argument argument, String str, String str2, List<String> list) throws ConfigureDSException {
        try {
            if (argument.isPresent()) {
                updateConfigEntryWithAttribute(str, str2, CoreSchema.getDirectoryStringSyntax(), list.toArray(new Object[list.size()]));
            } else {
                updateConfigEntryByRemovingAttribute(str, ConfigConstants.ATTR_SSL_CERT_NICKNAME);
            }
        } catch (Exception e) {
            throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(e));
        }
    }

    private void removeSSLCertNicknameAttribute(String str) throws ConfigureDSException {
        try {
            updateConfigEntryByRemovingAttribute(str, ConfigConstants.ATTR_SSL_CERT_NICKNAME);
        } catch (Exception e) {
            throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(e));
        }
    }

    private void updateRootUser(DN dn, String str) throws ConfigureDSException {
        if (dn != null) {
            try {
                updateConfigEntryWithAttribute(DN_ROOT_USER, ConfigConstants.ATTR_ROOTDN_ALTERNATE_BIND_DN, CoreSchema.getDirectoryStringSyntax(), dn);
                updateConfigEntryWithAttribute(DN_ROOT_USER, ServerConstants.ATTR_USER_PASSWORD, CoreSchema.getDirectoryStringSyntax(), SaltedSHA512PasswordStorageScheme.encodeOffline(StaticUtils.getBytes(str)));
            } catch (Exception e) {
                throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_ROOT_USER.get(e));
            }
        }
    }

    private void addFQDNDigestMD5() throws ConfigureDSException {
        try {
            updateConfigEntryWithAttribute(DN_DIGEST_MD5_SASL_MECHANISM, ConfigConstants.ATTR_SERVER_FQDN, CoreSchema.getDirectoryStringSyntax(), this.hostName.getValue());
        } catch (Exception e) {
            throw new ConfigureDSException(this, e, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_DIGEST_MD5_FQDN.get(e));
        }
    }

    private void updateCryptoCipher() throws ConfigureDSException {
        String str = null;
        DefaultBehaviorProvider<String> defaultBehaviorProvider = CryptoManagerCfgDefn.getInstance().getKeyWrappingTransformationPropertyDefinition().getDefaultBehaviorProvider();
        if (defaultBehaviorProvider instanceof DefinedDefaultBehaviorProvider) {
            Collection<String> defaultValues = ((DefinedDefaultBehaviorProvider) defaultBehaviorProvider).getDefaultValues();
            if (!defaultValues.isEmpty()) {
                str = defaultValues.iterator().next().toString();
            }
        }
        if (str != null) {
            try {
                Cipher.getInstance(str);
            } catch (GeneralSecurityException e) {
                String alternativeCipher = getAlternativeCipher();
                if (alternativeCipher != null) {
                    try {
                        updateConfigEntryWithAttribute(DN_CRYPTO_MANAGER, ConfigConstants.ATTR_CRYPTO_CIPHER_KEY_WRAPPING_TRANSFORMATION, CoreSchema.getDirectoryStringSyntax(), alternativeCipher);
                    } catch (Exception e2) {
                        throw new ConfigureDSException(this, e2, ToolMessages.ERR_CONFIGDS_CANNOT_UPDATE_CRYPTO_MANAGER.get(e2));
                    }
                }
            }
        }
    }

    private void updateConfigEntryWithAttribute(String str, String str2, Syntax syntax, Object... objArr) throws DirectoryException, ConfigException {
        org.forgerock.opendj.ldap.Entry entry = this.configHandler.getEntry(DN.valueOf(str));
        this.configHandler.replaceEntry(entry, putAttribute(entry, str2, syntax, objArr));
    }

    private void updateConfigEntryByRemovingAttribute(String str, String str2) throws DirectoryException, ConfigException {
        org.forgerock.opendj.ldap.Entry entry = this.configHandler.getEntry(DN.valueOf(str));
        this.configHandler.replaceEntry(entry, Converters.from(removeAttribute(Converters.to(entry), str2)));
    }

    private void updateConfigEntryWithObjectClasses(String str, Object... objArr) throws DirectoryException, ConfigException {
        org.forgerock.opendj.ldap.Entry entry = this.configHandler.getEntry(DN.valueOf(str));
        this.configHandler.replaceEntry(entry, putAttribute(entry, ConfigConstants.ATTR_OBJECTCLASS, CoreSchema.getOIDSyntax(), objArr), true);
    }

    private org.forgerock.opendj.ldap.Entry putAttribute(org.forgerock.opendj.ldap.Entry entry, String str, Syntax syntax, Object... objArr) {
        LinkedHashMapEntry deepCopyOfEntry = LinkedHashMapEntry.deepCopyOfEntry(entry);
        deepCopyOfEntry.replaceAttribute(new LinkedAttribute(AttributeDescription.create(DirectoryServer.getInstance().getServerContext().getSchema().getAttributeType(str, syntax)), objArr));
        return deepCopyOfEntry;
    }

    private Entry removeAttribute(Entry entry, String str) {
        Entry duplicate = entry.duplicate(false);
        for (AttributeType attributeType : entry.getUserAttributes().keySet()) {
            if (attributeType.hasNameOrOID(str)) {
                duplicate.getUserAttributes().remove(attributeType);
                return duplicate;
            }
        }
        for (AttributeType attributeType2 : entry.getOperationalAttributes().keySet()) {
            if (attributeType2.hasNameOrOID(str)) {
                duplicate.getOperationalAttributes().remove(attributeType2);
                return duplicate;
            }
        }
        return duplicate;
    }

    private static String getAlternativeCipher() {
        for (String str : new String[]{"RSA/ECB/OAEPWITHSHA1ANDMGF1PADDING", "RSA/ECB/PKCS1Padding"}) {
            try {
                Cipher.getInstance(str);
                return str;
            } catch (Throwable th) {
            }
        }
        return null;
    }
}
