package org.opends.admin.ads;

import java.io.IOException;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.naming.ldap.Rdn;
import org.forgerock.opendj.config.ManagedObjectNotFoundException;
import org.forgerock.opendj.ldap.Attribute;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.responses.Result;
import org.forgerock.opendj.ldif.ConnectionEntryReader;
import org.forgerock.opendj.server.config.client.LDIFBackendCfgClient;
import org.forgerock.opendj.server.config.client.RootCfgClient;
import org.forgerock.opendj.server.config.meta.LDIFBackendCfgDefn;
import org.forgerock.opendj.server.config.meta.LocalBackendCfgDefn;
import org.opends.admin.ads.ADSContext;
import org.opends.admin.ads.ADSContextException;
import org.opends.admin.ads.util.ConnectionWrapper;
import org.opends.server.config.ConfigConstants;
import org.opends.server.crypto.CryptoManagerImpl;
import org.opends.server.types.CryptoManagerException;
import org.opends.server.util.ServerConstants;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/opends/admin/ads/ADSContextHelper.class */
public class ADSContextHelper {
    /* JADX INFO: Access modifiers changed from: package-private */
    public void createAdministrationSuffix(ConnectionWrapper connectionWrapper, String str) throws ADSContextException {
        try {
            RootCfgClient rootConfiguration = connectionWrapper.getRootConfiguration();
            LDIFBackendCfgClient lDIFBackendCfgClient = null;
            try {
                lDIFBackendCfgClient = (LDIFBackendCfgClient) rootConfiguration.getBackend(str);
            } catch (ClassCastException e) {
                throw new ADSContextException(ADSContextException.ErrorType.UNEXPECTED_ADS_BACKEND_TYPE, e);
            } catch (ManagedObjectNotFoundException e2) {
            }
            if (lDIFBackendCfgClient == null) {
                lDIFBackendCfgClient = (LDIFBackendCfgClient) rootConfiguration.createBackend(LDIFBackendCfgDefn.getInstance(), str, null);
                lDIFBackendCfgClient.setEnabled(true);
                lDIFBackendCfgClient.setLDIFFile(ADSContext.getAdminLDIFFile());
                lDIFBackendCfgClient.setBackendId(str);
                lDIFBackendCfgClient.setWritabilityMode(LocalBackendCfgDefn.WritabilityMode.ENABLED);
                lDIFBackendCfgClient.setIsPrivateBackend(true);
            }
            SortedSet<DN> baseDN = lDIFBackendCfgClient.getBaseDN();
            if (baseDN == null) {
                baseDN = new TreeSet();
            }
            if (baseDN.add(ADSContext.getAdministrationSuffixDN())) {
                lDIFBackendCfgClient.setBaseDN(baseDN);
                lDIFBackendCfgClient.commit();
            }
        } catch (Throwable th) {
            throw new ADSContextException(ADSContextException.ErrorType.ERROR_UNEXPECTED, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerInstanceKeyCertificate(ConnectionWrapper connectionWrapper, Map<ADSContext.ServerProperty, Object> map, DN dn) throws ADSContextException {
        if (map.containsKey(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE)) {
            String str = (String) map.get(ADSContext.ServerProperty.INSTANCE_KEY_ID);
            Filter equality = Filter.equality(ServerConstants.OBJECTCLASS_ATTRIBUTE_TYPE_NAME, ConfigConstants.OC_CRYPTO_INSTANCE_KEY);
            if (null != str) {
                equality = Filter.and(equality, Filter.equality(ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), str));
            }
            try {
                ConnectionEntryReader search = connectionWrapper.getConnection().search(Requests.newSearchRequest(ADSContext.getInstanceKeysContainerDN(), SearchScope.WHOLE_SUBTREE, Filter.and(equality, Filter.equality(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE.getAttributeName() + ";binary", map.get(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE))), ConfigConstants.ATTR_CRYPTO_KEY_ID));
                Throwable th = null;
                boolean z = false;
                while (search.hasNext()) {
                    try {
                        try {
                            Attribute attribute = search.readEntry().getAttribute(ConfigConstants.ATTR_CRYPTO_KEY_ID);
                            if (null != attribute) {
                                str = attribute.firstValueAsString();
                            }
                            z = true;
                        } finally {
                        }
                    } finally {
                    }
                }
                if (!z) {
                    if (null == str) {
                        str = CryptoManagerImpl.getInstanceKeyID((byte[]) map.get(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE));
                    }
                    AddRequest addAttribute = Requests.newAddRequest(ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName() + "=" + Rdn.escapeValue(str) + "," + ADSContext.getInstanceKeysContainerDN()).addAttribute(ServerConstants.OBJECTCLASS_ATTRIBUTE_TYPE_NAME, "top", ConfigConstants.OC_CRYPTO_INSTANCE_KEY);
                    if (null != str) {
                        addAttribute.addAttribute(ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), str);
                    }
                    addAttribute.addAttribute(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE.getAttributeName() + ";binary", map.get(ADSContext.ServerProperty.INSTANCE_PUBLIC_KEY_CERTIFICATE)).addAttribute(ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), str);
                    throwIfNotSuccess(connectionWrapper.getConnection().add(addAttribute));
                }
                if (dn != null) {
                    throwIfNotSuccess(connectionWrapper.getConnection().modify(Requests.newModifyRequest(dn).addModification(ModificationType.REPLACE, ADSContext.ServerProperty.INSTANCE_KEY_ID.getAttributeName(), str)));
                }
                if (search != null) {
                    if (0 != 0) {
                        try {
                            search.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        search.close();
                    }
                }
            } catch (IOException | CryptoManagerException e) {
                throw new ADSContextException(ADSContextException.ErrorType.ERROR_UNEXPECTED, e);
            }
        }
    }

    private void throwIfNotSuccess(Result result) throws LdapException {
        if (result.getResultCode().isExceptional()) {
            throw LdapException.newLdapException(result);
        }
    }

    public String getOcCryptoInstanceKey() {
        return ConfigConstants.OC_CRYPTO_INSTANCE_KEY;
    }

    public String getAttrCryptoKeyCompromisedTime() {
        return ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME;
    }
}
