package org.opends.server.backends;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Random;
import java.util.Set;
import java.util.SortedSet;
import javax.naming.ldap.Rdn;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.Configuration;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.AVA;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.RDN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.CoreSchema;
import org.forgerock.opendj.server.config.server.TrustStoreBackendCfg;
import org.forgerock.util.Reject;
import org.opends.messages.BackendMessages;
import org.opends.server.api.LocalBackend;
import org.opends.server.config.AdministrationConnector;
import org.opends.server.config.ConfigConstants;
import org.opends.server.core.AddOperation;
import org.opends.server.core.DeleteOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ModifyDNOperation;
import org.opends.server.core.ModifyOperation;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.ServerContext;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeBuilder;
import org.opends.server.types.Attributes;
import org.opends.server.types.BackupConfig;
import org.opends.server.types.BackupDirectory;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.FilePermission;
import org.opends.server.types.IndexType;
import org.opends.server.types.InitializationException;
import org.opends.server.types.LDIFExportConfig;
import org.opends.server.types.LDIFImportConfig;
import org.opends.server.types.LDIFImportResult;
import org.opends.server.types.RestoreConfig;
import org.opends.server.types.SearchFilter;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.Platform;
import org.opends.server.util.SetupUtils;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/backends/TrustStoreBackend.class */
public class TrustStoreBackend extends LocalBackend<TrustStoreBackendCfg> implements ConfigurationChangeListener<TrustStoreBackendCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private TrustStoreBackendCfg configuration;
    private SortedSet<DN> baseDNs;
    private Entry baseEntry;
    private char[] trustStorePIN;
    private String trustStoreFile;
    private String trustStoreType;
    private CertificateManager certificateManager;
    private ServerContext serverContext;

    private DN getBaseDN() {
        return this.baseDNs.first();
    }

    @Override // org.opends.server.api.Backend
    public void configureBackend(TrustStoreBackendCfg trustStoreBackendCfg, ServerContext serverContext) throws ConfigException {
        this.serverContext = serverContext;
        Reject.ifNull(trustStoreBackendCfg);
        this.configuration = trustStoreBackendCfg;
    }

    @Override // org.opends.server.api.LocalBackend, org.opends.server.api.Backend
    public void openBackend() throws ConfigException, InitializationException {
        DN dn = this.configuration.dn();
        SortedSet<DN> baseDN = this.configuration.getBaseDN();
        if (baseDN.size() != 1) {
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_REQUIRES_ONE_BASE_DN.get(dn));
        }
        this.baseDNs = baseDN;
        this.trustStoreFile = this.configuration.getTrustStoreFile();
        this.trustStoreType = this.configuration.getTrustStoreType();
        if (this.trustStoreType == null) {
            this.trustStoreType = KeyStore.getDefaultType();
        }
        try {
            KeyStore.getInstance(this.trustStoreType);
            this.trustStorePIN = getTrustStorePIN(this.configuration, true);
            this.certificateManager = new CertificateManager(StaticUtils.getFileForPath(this.trustStoreFile).getPath(), this.trustStoreType, this.trustStorePIN);
            generateInstanceCertificateIfAbsent();
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(CoreSchema.getTopObjectClass(), "top");
            linkedHashMap.put(this.serverContext.getSchema().getObjectClass("ds-cfg-branch"), "ds-cfg-branch");
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(1);
            Iterator it = getBaseDN().rdn().iterator();
            while (it.hasNext()) {
                AVA ava = (AVA) it.next();
                AttributeType attributeType = ava.getAttributeType();
                linkedHashMap2.put(attributeType, Attributes.createAsList(attributeType, ava.getAttributeValue()));
            }
            this.baseEntry = new Entry(getBaseDN(), linkedHashMap, linkedHashMap2, null);
            this.configuration.addTrustStoreChangeListener(this);
            try {
                this.serverContext.getBackendConfigManager().registerBaseDN(getBaseDN(), this, true);
            } catch (Exception e) {
                logger.traceException(e);
                throw new InitializationException(BackendMessages.ERR_BACKEND_CANNOT_REGISTER_BASEDN.get(getBaseDN(), e), e);
            }
        } catch (KeyStoreException e2) {
            logger.traceException(e2);
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(this.trustStoreType, dn, StaticUtils.getExceptionMessage(e2)));
        }
    }

    private static char[] getTrustStorePIN(TrustStoreBackendCfg trustStoreBackendCfg, boolean z) throws InitializationException {
        String trustStorePinProperty = trustStoreBackendCfg.getTrustStorePinProperty();
        if (trustStorePinProperty != null) {
            String property = System.getProperty(trustStorePinProperty);
            if (property == null) {
                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_PROPERTY_NOT_SET.get(trustStorePinProperty, trustStoreBackendCfg.dn()));
            }
            return property.toCharArray();
        }
        String trustStorePinEnvironmentVariable = trustStoreBackendCfg.getTrustStorePinEnvironmentVariable();
        if (trustStorePinEnvironmentVariable != null) {
            String str = System.getenv(trustStorePinEnvironmentVariable);
            if (str == null) {
                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_ENVAR_NOT_SET.get(trustStorePinEnvironmentVariable, trustStoreBackendCfg.dn()));
            }
            return str.toCharArray();
        }
        String trustStorePinFile = trustStoreBackendCfg.getTrustStorePinFile();
        if (trustStorePinFile == null) {
            if (trustStoreBackendCfg.getTrustStorePin() != null) {
                return trustStoreBackendCfg.getTrustStorePin().toCharArray();
            }
            return null;
        }
        File fileForPath = StaticUtils.getFileForPath(trustStorePinFile);
        if (!fileForPath.exists()) {
            if (!z) {
                return null;
            }
            try {
                char[] createKeystorePassword = createKeystorePassword();
                createPINFile(fileForPath.getPath(), new String(createKeystorePassword));
                return createKeystorePassword;
            } catch (Exception e) {
                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_CREATE.get(trustStorePinFile, trustStoreBackendCfg.dn()));
            }
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(fileForPath));
            Throwable th = null;
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    if (readLine == null) {
                        throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_EMPTY.get(trustStorePinFile, trustStoreBackendCfg.dn()));
                    }
                    return readLine.toCharArray();
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_PIN_FILE_CANNOT_READ.get(trustStorePinFile, trustStoreBackendCfg.dn(), StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.LocalBackend
    public void closeBackend() {
        this.configuration.addTrustStoreChangeListener(this);
        try {
            this.serverContext.getBackendConfigManager().deregisterBaseDN(getBaseDN());
        } catch (Exception e) {
            logger.traceException(e);
        }
    }

    @Override // org.opends.server.api.Backend
    public Set<DN> getBaseDNs() {
        return this.baseDNs;
    }

    @Override // org.opends.server.api.LocalBackend
    public long getEntryCount() {
        int i = 1;
        try {
            String[] certificateAliases = this.certificateManager.getCertificateAliases();
            if (certificateAliases != null) {
                i = 1 + certificateAliases.length;
            }
        } catch (KeyStoreException e) {
            logger.traceException(e);
        }
        return i;
    }

    @Override // org.opends.server.api.LocalBackend
    public boolean isIndexed(AttributeType attributeType, IndexType indexType) {
        return true;
    }

    @Override // org.opends.server.api.LocalBackend
    public Entry getEntry(DN dn) throws DirectoryException {
        if (dn == null) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_BACKEND_GET_ENTRY_NULL.get(getBackendID()));
        }
        if (dn.equals(getBaseDN())) {
            return this.baseEntry.duplicate(true);
        }
        DN parentDNInSuffix = this.serverContext.getBackendConfigManager().getParentDNInSuffix(dn);
        if (parentDNInSuffix == null || !parentDNInSuffix.equals(getBaseDN())) {
            return null;
        }
        try {
            return getCertEntry(dn);
        } catch (DirectoryException e) {
            logger.traceException(e);
            return null;
        }
    }

    private Entry getCertEntry(DN dn) throws DirectoryException {
        AttributeType attributeType = this.serverContext.getSchema().getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID);
        ByteString attributeValue = dn.rdn().getAttributeValue(attributeType);
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(dn), getBaseDN(), null);
        }
        String byteString = attributeValue.toString();
        try {
            Certificate certificate = this.certificateManager.getCertificate(byteString);
            if (certificate == null) {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_CERTIFICATE_NOT_FOUND.get(dn, byteString));
            }
            ByteString wrap = ByteString.wrap(certificate.getEncoded());
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(CoreSchema.getTopObjectClass(), "top");
            linkedHashMap.put(this.serverContext.getSchema().getObjectClass(ConfigConstants.OC_CRYPTO_INSTANCE_KEY), ConfigConstants.OC_CRYPTO_INSTANCE_KEY);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(0);
            LinkedHashMap linkedHashMap3 = new LinkedHashMap(3);
            linkedHashMap3.put(attributeType, Attributes.createAsList(attributeType, attributeValue));
            AttributeType attributeType2 = this.serverContext.getSchema().getAttributeType(ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE);
            AttributeBuilder attributeBuilder = new AttributeBuilder(attributeType2);
            attributeBuilder.setOption("binary");
            attributeBuilder.add(wrap);
            linkedHashMap3.put(attributeType2, attributeBuilder.toAttributeList());
            Entry entry = new Entry(dn, linkedHashMap, linkedHashMap3, linkedHashMap2);
            entry.processVirtualAttributes();
            return entry;
        } catch (Exception e) {
            logger.traceException(e);
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_CANNOT_RETRIEVE_CERT.get(byteString, this.trustStoreFile, e.getMessage()));
        }
    }

    @Override // org.opends.server.api.LocalBackend
    public void addEntry(Entry entry, AddOperation addOperation) throws DirectoryException {
        DN name = entry.getName();
        if (name.equals(getBaseDN())) {
            throw new DirectoryException(ResultCode.ENTRY_ALREADY_EXISTS, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(name));
        }
        DN parentDNInSuffix = this.serverContext.getBackendConfigManager().getParentDNInSuffix(name);
        if (parentDNInSuffix == null) {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(name));
        }
        if (parentDNInSuffix.equals(getBaseDN())) {
            addCertificate(entry);
        } else {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(name));
        }
    }

    @Override // org.opends.server.api.LocalBackend
    public void deleteEntry(DN dn, DeleteOperation deleteOperation) throws DirectoryException {
        if (dn.equals(getBaseDN())) {
            throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(dn));
        }
        DN parentDNInSuffix = this.serverContext.getBackendConfigManager().getParentDNInSuffix(dn);
        if (parentDNInSuffix == null || !parentDNInSuffix.equals(getBaseDN())) {
            throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(dn));
        }
        deleteCertificate(dn);
    }

    @Override // org.opends.server.api.LocalBackend
    public void replaceEntry(Entry entry, Entry entry2, ModifyOperation modifyOperation) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_MODIFY_NOT_SUPPORTED.get(entry.getName(), getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public void renameEntry(DN dn, Entry entry, ModifyDNOperation modifyDNOperation) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_MODIFY_DN_NOT_SUPPORTED.get(dn, getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public void search(SearchOperation searchOperation) throws DirectoryException {
        DN baseDN = searchOperation.getBaseDN();
        Entry entry = getEntry(baseDN);
        SearchScope scope = searchOperation.getScope();
        SearchFilter filter = searchOperation.getFilter();
        if (!getBaseDN().equals(baseDN)) {
            if (!getBaseDN().equals(this.serverContext.getBackendConfigManager().getParentDNInSuffix(baseDN))) {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(baseDN));
            }
            Entry certEntry = getCertEntry(baseDN);
            if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(certEntry)) {
                searchOperation.returnEntry(certEntry, null);
                return;
            }
            return;
        }
        if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(entry)) {
            searchOperation.returnEntry(entry, null);
        }
        String[] strArr = null;
        try {
            strArr = this.certificateManager.getCertificateAliases();
        } catch (KeyStoreException e) {
            logger.traceException(e);
        }
        if (strArr == null) {
            strArr = new String[0];
        }
        if (scope == SearchScope.BASE_OBJECT || strArr.length == 0) {
            return;
        }
        AttributeType attributeType = this.serverContext.getSchema().getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID);
        for (String str : strArr) {
            try {
                Entry certEntry2 = getCertEntry(makeChildDN(getBaseDN(), attributeType, str));
                if (filter.matchesEntry(certEntry2)) {
                    searchOperation.returnEntry(certEntry2, null);
                }
            } catch (Exception e2) {
                logger.traceException(e2);
            }
        }
    }

    @Override // org.opends.server.api.Backend
    public Set<String> getSupportedControls() {
        return Collections.emptySet();
    }

    @Override // org.opends.server.api.Backend
    public Set<String> getSupportedFeatures() {
        return Collections.emptySet();
    }

    @Override // org.opends.server.api.LocalBackend
    public boolean supports(LocalBackend.BackendOperation backendOperation) {
        return false;
    }

    @Override // org.opends.server.api.LocalBackend
    public void exportLDIF(LDIFExportConfig lDIFExportConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_IMPORT_AND_EXPORT_NOT_SUPPORTED.get(getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public LDIFImportResult importLDIF(LDIFImportConfig lDIFImportConfig, ServerContext serverContext) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_IMPORT_AND_EXPORT_NOT_SUPPORTED.get(getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public void createBackup(BackupConfig backupConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_BACKUP_AND_RESTORE_NOT_SUPPORTED.get(getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public void removeBackup(BackupDirectory backupDirectory, String str) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_BACKUP_AND_RESTORE_NOT_SUPPORTED.get(getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public void restoreBackup(RestoreConfig restoreConfig) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_BACKEND_BACKUP_AND_RESTORE_NOT_SUPPORTED.get(getBackendID()));
    }

    @Override // org.opends.server.api.LocalBackend
    public ConditionResult hasSubordinates(DN dn) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_HAS_SUBORDINATES_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.LocalBackend
    public long getNumberOfEntriesInBaseDN(DN dn) throws DirectoryException {
        Reject.checkNotNull(dn, "baseDN must not be null");
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_NUM_SUBORDINATES_NOT_SUPPORTED.get());
    }

    @Override // org.opends.server.api.LocalBackend
    public long getNumberOfChildren(DN dn) throws DirectoryException {
        Reject.checkNotNull(dn, "parentDN must not be null");
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, BackendMessages.ERR_NUM_SUBORDINATES_NOT_SUPPORTED.get());
    }

    public boolean isConfigurationChangeAcceptable(TrustStoreBackendCfg trustStoreBackendCfg, List<LocalizableMessage> list) {
        DN dn = trustStoreBackendCfg.dn();
        String trustStoreFile = trustStoreBackendCfg.getTrustStoreFile();
        try {
            File fileForPath = StaticUtils.getFileForPath(trustStoreFile);
            if (!fileForPath.exists() || !fileForPath.isFile()) {
                list.add(BackendMessages.ERR_TRUSTSTORE_NO_SUCH_FILE.get(trustStoreFile, dn));
            }
        } catch (Exception e) {
            logger.traceException(e);
            list.add(BackendMessages.ERR_TRUSTSTORE_CANNOT_DETERMINE_FILE.get(dn, StaticUtils.getExceptionMessage(e)));
        }
        String trustStoreType = trustStoreBackendCfg.getTrustStoreType();
        if (trustStoreType != null) {
            try {
                KeyStore.getInstance(trustStoreType);
            } catch (KeyStoreException e2) {
                logger.traceException(e2);
                list.add(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(trustStoreType, dn, StaticUtils.getExceptionMessage(e2)));
            }
        }
        try {
            getTrustStorePIN(trustStoreBackendCfg, false);
        } catch (InitializationException e3) {
            list.add(e3.getMessageObject());
        }
        return list.isEmpty();
    }

    public ConfigChangeResult applyConfigurationChange(TrustStoreBackendCfg trustStoreBackendCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        DN dn = trustStoreBackendCfg.dn();
        String trustStoreFile = trustStoreBackendCfg.getTrustStoreFile();
        File fileForPath = StaticUtils.getFileForPath(trustStoreFile);
        if (!fileForPath.exists() || !fileForPath.isFile()) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(BackendMessages.ERR_TRUSTSTORE_NO_SUCH_FILE.get(trustStoreFile, dn));
        }
        String trustStoreType = trustStoreBackendCfg.getTrustStoreType();
        if (trustStoreType == null) {
            trustStoreType = KeyStore.getDefaultType();
        }
        try {
            KeyStore.getInstance(trustStoreType);
        } catch (KeyStoreException e) {
            logger.traceException(e);
            configChangeResult.addMessage(BackendMessages.ERR_TRUSTSTORE_INVALID_TYPE.get(trustStoreType, dn, StaticUtils.getExceptionMessage(e)));
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
        }
        char[] cArr = null;
        try {
            cArr = getTrustStorePIN(trustStoreBackendCfg, true);
        } catch (InitializationException e2) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e2.getMessageObject());
        }
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS) {
            this.trustStoreFile = trustStoreFile;
            this.trustStoreType = trustStoreType;
            this.trustStorePIN = cArr;
            this.configuration = trustStoreBackendCfg;
            this.certificateManager = new CertificateManager(StaticUtils.getFileForPath(this.trustStoreFile).getPath(), this.trustStoreType, this.trustStorePIN);
        }
        return configChangeResult;
    }

    private static DN makeChildDN(DN dn, AttributeType attributeType, String str) {
        return dn.child(new RDN(attributeType, ByteString.valueOfUtf8(str)));
    }

    public KeyManager[] getKeyManagers() throws DirectoryException {
        KeyStore loadKeyStore = loadKeyStore();
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(loadKeyStore, this.trustStorePIN);
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            logger.traceException(e);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_CREATE_FACTORY.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private KeyStore loadKeyStore() throws DirectoryException {
        try {
            FileInputStream fileInputStream = new FileInputStream(StaticUtils.getFileForPath(this.trustStoreFile));
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(this.trustStoreType);
                keyStore.load(fileInputStream, this.trustStorePIN);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_LOAD.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    public TrustManager[] getTrustManagers() throws DirectoryException {
        KeyStore loadKeyStore = loadKeyStore();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadKeyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            logger.traceException(e);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_CREATE_FACTORY.get(this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    public Key getKey(String str) throws DirectoryException {
        try {
            return loadKeyStore().getKey(str, this.trustStorePIN);
        } catch (Exception e) {
            logger.traceException(e);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ERROR_READING_KEY.get(str, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX WARN: Finally extract failed */
    private void addCertificate(Entry entry) throws DirectoryException {
        DN name = entry.getName();
        ByteString attributeValue = name.rdn().getAttributeValue(this.serverContext.getSchema().getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID));
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(name), getBaseDN(), null);
        }
        String byteString = attributeValue.toString();
        try {
            if (this.certificateManager.aliasInUse(byteString)) {
                throw new DirectoryException(ResultCode.ENTRY_ALREADY_EXISTS, BackendMessages.ERR_TRUSTSTORE_ALIAS_IN_USE.get(name));
            }
            if (entry.hasObjectClass(this.serverContext.getSchema().getObjectClass(ConfigConstants.OC_SELF_SIGNED_CERT_REQUEST))) {
                try {
                    Platform.KeyType typeOrDefault = Platform.KeyType.getTypeOrDefault(byteString);
                    this.certificateManager.generateSelfSignedCertificate(typeOrDefault, byteString, getADSCertificateSubjectDN(typeOrDefault), getADSCertificateValidity());
                } catch (Exception e) {
                    throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
                }
            }
            Iterator<Attribute> it = entry.getAllAttributes(ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE).iterator();
            if (!it.hasNext()) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_MISSING_CERT_ATTR.get(name, ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            Attribute next = it.next();
            if (it.hasNext()) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_HAS_MULTIPLE_CERT_ATTRS.get(name, ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            Iterator<ByteString> it2 = next.iterator();
            if (!it2.hasNext()) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_MISSING_CERT_VALUE.get(name, ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            ByteString next2 = it2.next();
            if (it2.hasNext()) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_ENTRY_HAS_MULTIPLE_CERT_VALUES.get(name, ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE));
            }
            try {
                File createTempFile = File.createTempFile(this.configuration.getBackendId(), byteString, StaticUtils.getFileForPath("config"));
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(createTempFile.getPath(), false);
                    Throwable th = null;
                    try {
                        try {
                            next2.copyTo(fileOutputStream);
                            this.certificateManager.addCertificate(byteString, createTempFile);
                            if (fileOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileOutputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileOutputStream.close();
                                }
                            }
                            createTempFile.delete();
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (fileOutputStream != null) {
                            if (th != null) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        throw th3;
                    }
                } catch (Throwable th5) {
                    createTempFile.delete();
                    throw th5;
                }
            } catch (IOException e2) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_WRITE_CERT.get(byteString, StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    private void deleteCertificate(DN dn) throws DirectoryException {
        ByteString attributeValue = dn.rdn().getAttributeValue(this.serverContext.getSchema().getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID));
        if (attributeValue == null) {
            throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, BackendMessages.ERR_TRUSTSTORE_DN_DOES_NOT_SPECIFY_CERTIFICATE.get(dn), getBaseDN(), null);
        }
        String byteString = attributeValue.toString();
        try {
            if (this.certificateManager.aliasInUse(byteString)) {
                this.certificateManager.removeCertificate(byteString);
            } else {
                throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, BackendMessages.ERR_TRUSTSTORE_INVALID_BASE.get(dn));
            }
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), BackendMessages.ERR_TRUSTSTORE_CANNOT_DELETE_CERT.get(byteString, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private static int getADSCertificateValidity() {
        return AdministrationConnector.ADMIN_CERT_VALIDITY;
    }

    private static String getADSCertificateSubjectDN(Platform.KeyType keyType) throws UnknownHostException {
        return "cn=" + Rdn.escapeValue(SetupUtils.getHostNameForCertificate(DirectoryServer.getServerRoot())) + ",O=OpenDJ " + keyType + " Certificate";
    }

    private static char[] createKeystorePassword() {
        char[] cArr = new char[50];
        Random random = new Random();
        for (int i = 0; i < 50; i++) {
            cArr[i] = getRandomChar(random, getRandomInt(random, 3));
        }
        return cArr;
    }

    private static char getRandomChar(Random random, int i) {
        char c;
        int nextInt = random.nextInt();
        switch (i) {
            case 0:
                int i2 = nextInt % 10;
                if (i2 < 0) {
                    i2 *= -1;
                }
                c = (char) (i2 + 48);
                break;
            case 1:
                int i3 = nextInt % 26;
                if (i3 < 0) {
                    i3 *= -1;
                }
                c = (char) (i3 + 97);
                break;
            default:
                int i4 = nextInt % 26;
                if (i4 < 0) {
                    i4 *= -1;
                }
                c = (char) (i4 + 65);
                break;
        }
        return c;
    }

    private static int getRandomInt(Random random, int i) {
        return random.nextInt() & i;
    }

    private static void createPINFile(String str, String str2) throws IOException {
        FileWriter fileWriter = new FileWriter(str);
        Throwable th = null;
        try {
            PrintWriter printWriter = new PrintWriter(fileWriter);
            Throwable th2 = null;
            try {
                printWriter.println(str2);
                printWriter.flush();
                if (printWriter != null) {
                    if (0 != 0) {
                        try {
                            printWriter.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        printWriter.close();
                    }
                }
                try {
                    if (!FilePermission.setPermissions(new File(str), new FilePermission(384))) {
                        logger.warn(BackendMessages.WARN_TRUSTSTORE_SET_PERMISSIONS_FAILED, str);
                    }
                } catch (DirectoryException e) {
                    logger.warn(BackendMessages.WARN_TRUSTSTORE_SET_PERMISSIONS_FAILED, str);
                }
            } catch (Throwable th4) {
                if (printWriter != null) {
                    if (0 != 0) {
                        try {
                            printWriter.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        printWriter.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (fileWriter != null) {
                if (0 != 0) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    fileWriter.close();
                }
            }
        }
    }

    private void generateInstanceCertificateIfAbsent() throws InitializationException {
        try {
            if (this.certificateManager.aliasInUse(ConfigConstants.ADS_CERTIFICATE_ALIAS)) {
                return;
            }
            try {
                Platform.KeyType typeOrDefault = Platform.KeyType.getTypeOrDefault(ConfigConstants.ADS_CERTIFICATE_ALIAS);
                this.certificateManager.generateSelfSignedCertificate(typeOrDefault, ConfigConstants.ADS_CERTIFICATE_ALIAS, getADSCertificateSubjectDN(typeOrDefault), getADSCertificateValidity());
            } catch (Exception e) {
                throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_CANNOT_GENERATE_CERT.get(ConfigConstants.ADS_CERTIFICATE_ALIAS, this.trustStoreFile, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            throw new InitializationException(BackendMessages.ERR_TRUSTSTORE_CANNOT_ADD_CERT.get(ConfigConstants.ADS_CERTIFICATE_ALIAS, this.trustStoreFile, StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(Configuration configuration, List list) {
        return isConfigurationChangeAcceptable((TrustStoreBackendCfg) configuration, (List<LocalizableMessage>) list);
    }
}
