package org.wildfly.extension.elytron;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import javax.crypto.SecretKey;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.wildfly.common.function.ExceptionFunction;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.UnsupportedCredentialTypeException;
import org.wildfly.security.encryption.SecretKeyUtil;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;

/* loaded from: input_file:org/wildfly/extension/elytron/AbstractCredentialStoreResourceDefinition.class */
abstract class AbstractCredentialStoreResourceDefinition extends SimpleResourceDefinition {
    static final ServiceUtil<CredentialStore> CREDENTIAL_STORE_UTIL = ServiceUtil.newInstance(Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY, ElytronDescriptionConstants.CREDENTIAL_STORE, CredentialStore.class);
    static final StandardResourceDescriptionResolver OPERATION_RESOLVER = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.CREDENTIAL_STORE, ElytronDescriptionConstants.OPERATIONS);
    static final SimpleOperationDefinition READ_ALIASES = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.READ_ALIASES, OPERATION_RESOLVER).setRuntimeOnly().setReadOnly().build();
    static final SimpleAttributeDefinition ALIAS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALIAS, ModelType.STRING, false).setMinSize(1).build();
    static final SimpleAttributeDefinition KEY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY, ModelType.STRING, false).setMinSize(1).build();
    static final SimpleOperationDefinition EXPORT_SECRET_KEY = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.EXPORT_SECRET_KEY, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS}).setRuntimeOnly().build();
    static final SimpleOperationDefinition IMPORT_SECRET_KEY = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.IMPORT_SECRET_KEY, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, KEY}).setRuntimeOnly().build();
    static final SimpleOperationDefinition RELOAD = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.RELOAD, OPERATION_RESOLVER).setRuntimeOnly().build();
    static final OperationStepHandler RELOAD_HANDLER = new CredentialStoreReloadHandler();

    /* loaded from: input_file:org/wildfly/extension/elytron/AbstractCredentialStoreResourceDefinition$AbstractCredentialStoreDoohickey.class */
    protected static abstract class AbstractCredentialStoreDoohickey extends ElytronDoohickey<CredentialStore> {
        /* JADX INFO: Access modifiers changed from: protected */
        public AbstractCredentialStoreDoohickey(PathAddress pathAddress) {
            super(pathAddress);
        }

        protected abstract void reload(OperationContext operationContext) throws GeneralSecurityException, OperationFailedException;
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AbstractCredentialStoreResourceDefinition$CredentialStoreReloadHandler.class */
    static class CredentialStoreReloadHandler extends ElytronRuntimeOnlyHandler {
        CredentialStoreReloadHandler() {
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            try {
                ((AbstractCredentialStoreDoohickey) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI("org.wildfly.security.credential-store-api", operationContext.getCurrentAddressValue(), ExceptionFunction.class))).reload(operationContext);
            } catch (GeneralSecurityException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToReloadCredentialStore(e);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AbstractCredentialStoreResourceDefinition$CredentialStoreRuntimeHandler.class */
    protected class CredentialStoreRuntimeHandler extends ElytronRuntimeOnlyHandler {
        private final Map<String, CredentialStoreRuntimeOperation> definedOperations;

        /* JADX INFO: Access modifiers changed from: protected */
        public CredentialStoreRuntimeHandler(Map<String, CredentialStoreRuntimeOperation> map) {
            this.definedOperations = map;
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            String asString = modelNode.require("operation").asString();
            CredentialStoreRuntimeOperation credentialStoreRuntimeOperation = this.definedOperations.get(asString);
            if (credentialStoreRuntimeOperation == null) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.invalidOperationName(asString, getExpectedOperationNames());
            }
            credentialStoreRuntimeOperation.handle(operationContext, modelNode, getCredentialStore(operationContext));
        }

        private String[] getExpectedOperationNames() {
            return (String[]) this.definedOperations.keySet().toArray(new String[this.definedOperations.size()]);
        }

        protected CredentialStore getCredentialStore(OperationContext operationContext) throws OperationFailedException {
            return (CredentialStore) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI("org.wildfly.security.credential-store-api", operationContext.getCurrentAddressValue(), ExceptionFunction.class)).apply(operationContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:org/wildfly/extension/elytron/AbstractCredentialStoreResourceDefinition$CredentialStoreRuntimeOperation.class */
    public interface CredentialStoreRuntimeOperation {
        void handle(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException;
    }

    protected ServiceUtil<CredentialStore> getCredentialStoreUtil() {
        return CREDENTIAL_STORE_UTIL;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCredentialStoreResourceDefinition(SimpleResourceDefinition.Parameters parameters) {
        super(parameters);
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        AttributeDefinition[] attributeDefinitions = getAttributeDefinitions();
        ElytronReloadRequiredWriteAttributeHandler elytronReloadRequiredWriteAttributeHandler = new ElytronReloadRequiredWriteAttributeHandler(attributeDefinitions);
        for (AttributeDefinition attributeDefinition : attributeDefinitions) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, elytronReloadRequiredWriteAttributeHandler);
        }
        if (ElytronExtension.isServerOrHostController(managementResourceRegistration)) {
            managementResourceRegistration.registerReadOnlyAttribute(ServiceStateDefinition.STATE, new ElytronRuntimeOnlyHandler() { // from class: org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition.1
                protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                    ServiceStateDefinition.populateResponse(operationContext.getResult(), operationContext.getServiceRegistry(false).getRequiredService(AbstractCredentialStoreResourceDefinition.this.getCredentialStoreUtil().serviceName(modelNode)));
                }
            });
        }
    }

    protected abstract AttributeDefinition[] getAttributeDefinitions();

    /* JADX INFO: Access modifiers changed from: protected */
    public void readAliasesOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        try {
            try {
                ArrayList arrayList = new ArrayList();
                Iterator it = credentialStore.getAliases().iterator();
                while (it.hasNext()) {
                    arrayList.add(new ModelNode((String) it.next()));
                }
                operationContext.getResult().set(arrayList);
            } catch (CredentialStoreException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e, dumpCause(e));
            }
        } catch (RuntimeException e2) {
            e2.printStackTrace();
            throw new OperationFailedException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeAliasOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore, Class<? extends Credential> cls) throws OperationFailedException {
        try {
            try {
                String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
                Credential retrieve = credentialStore.retrieve(asString, cls);
                if (retrieve == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialDoesNotExist(asString, cls.getSimpleName());
                }
                credentialStore.remove(asString, cls);
                operationContext.addResponseWarning(Level.WARNING, ElytronSubsystemMessages.ROOT_LOGGER.updateDependantServices(asString));
                try {
                    credentialStore.flush();
                } catch (CredentialStoreException e) {
                    credentialStore.store(asString, retrieve);
                    throw e;
                }
            } catch (RuntimeException e2) {
                throw new OperationFailedException(e2);
            }
        } catch (CredentialStoreException e3) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e3, dumpCause(e3));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void exportSecretKeyOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        try {
            String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            SecretKeyCredential retrieve = credentialStore.retrieve(asString, SecretKeyCredential.class);
            if (retrieve == null) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.credentialDoesNotExist(asString, SecretKeyCredential.class.getSimpleName());
            }
            operationContext.getResult().get(ElytronDescriptionConstants.KEY).set(SecretKeyUtil.exportSecretKey(retrieve.getSecretKey()));
        } catch (GeneralSecurityException e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.secretKeyOperationFailed(ElytronDescriptionConstants.EXPORT_SECRET_KEY, dumpCause(e), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void importSecretKeyOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        try {
            String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            String asString2 = KEY.resolveModelAttribute(operationContext, modelNode).asString();
            if (credentialStore.exists(asString, SecretKeyCredential.class)) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.credentialAlreadyExists(asString, SecretKeyCredential.class.getName());
            }
            storeSecretKey(credentialStore, asString, SecretKeyUtil.importSecretKey(asString2));
        } catch (GeneralSecurityException e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.secretKeyOperationFailed(ElytronDescriptionConstants.IMPORT_SECRET_KEY, dumpCause(e), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void generateSecretKeyOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore, int i) throws OperationFailedException {
        try {
            String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            if (credentialStore.exists(asString, SecretKeyCredential.class)) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.credentialAlreadyExists(asString, SecretKeyCredential.class.getName());
            }
            storeSecretKey(credentialStore, asString, SecretKeyUtil.generateSecretKey(i));
        } catch (GeneralSecurityException e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.secretKeyOperationFailed(ElytronDescriptionConstants.GENERATE_SECRET_KEY, dumpCause(e), e);
        }
    }

    protected static PasswordCredential createCredentialFromPassword(char[] cArr) throws UnsupportedCredentialTypeException {
        try {
            return new PasswordCredential(PasswordFactory.getInstance(ElytronDescriptionConstants.CLEAR).generatePassword(new ClearPasswordSpec(cArr)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new UnsupportedCredentialTypeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void storeSecret(CredentialStore credentialStore, String str, String str2) throws CredentialStoreException {
        storeCredential(credentialStore, str, createCredentialFromPassword(str2 != null ? str2.toCharArray() : new char[0]));
    }

    protected static void storeSecretKey(CredentialStore credentialStore, String str, SecretKey secretKey) throws CredentialStoreException {
        storeCredential(credentialStore, str, new SecretKeyCredential(secretKey));
    }

    protected static void storeCredential(CredentialStore credentialStore, String str, Credential credential) throws CredentialStoreException {
        credentialStore.store(str, credential);
        try {
            credentialStore.flush();
        } catch (CredentialStoreException e) {
            credentialStore.remove(str, PasswordCredential.class);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String dumpCause(Throwable th) {
        StringBuffer append = new StringBuffer().append(th.getLocalizedMessage());
        Throwable cause = th.getCause();
        int i = 0;
        while (cause != null) {
            int i2 = i;
            i++;
            if (i2 >= 10) {
                break;
            }
            append.append("->").append(cause.getLocalizedMessage());
            cause = cause.getCause() == cause ? null : cause.getCause();
        }
        return append.toString();
    }
}
