package com.sun.enterprise.admin.servermgmt;

import com.sun.enterprise.admin.servermgmt.pe.PEFileLayout;
import com.sun.enterprise.security.auth.realm.certificate.OID;
import com.sun.enterprise.universal.glassfish.ASenvPropertyReader;
import com.sun.enterprise.universal.io.SmartFile;
import com.sun.enterprise.universal.process.ProcessUtils;
import com.sun.enterprise.util.ExecException;
import com.sun.enterprise.util.OS;
import com.sun.enterprise.util.ProcessExecutor;
import com.sun.enterprise.util.SystemPropertyConstants;
import com.sun.enterprise.util.i18n.StringManager;
import com.sun.enterprise.util.net.NetUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:com/sun/enterprise/admin/servermgmt/KeystoreManager.class */
public class KeystoreManager {
    private static final String KEYTOOL_CMD;
    private static final String KEYTOOL_EXE_NAME;
    private static final String CERTIFICATE_DN_PREFIX = "CN=";
    private static final String CERTIFICATE_DN_SUFFIX = ",OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK";
    public static final String CERTIFICATE_ALIAS = "s1as";
    public static final String INSTANCE_SECURE_ADMIN_ALIAS = "glassfish-instance";
    public static final String DEFAULT_MASTER_PASSWORD = "changeit";
    private static final String SKID_EXTENSION_SYSTEM_PROPERTY = "-J-Dsun.security.internal.keytool.skid";
    private static final String INSTANCE_CN_SUFFIX = "-instance";
    private static final StringManager STRING_MANAGER;
    protected PEFileLayout _fileLayout = null;

    /* loaded from: input_file:com/sun/enterprise/admin/servermgmt/KeystoreManager$KeytoolExecutor.class */
    public static class KeytoolExecutor extends ProcessExecutor {
        public KeytoolExecutor(String[] strArr, long j) {
            super(strArr, j);
            setExecutionRetentionFlag(true);
            addKeytoolCommand();
        }

        public KeytoolExecutor(String[] strArr, long j, String[] strArr2) {
            super(strArr, j, strArr2);
            setExecutionRetentionFlag(true);
            addKeytoolCommand();
        }

        @Override // com.sun.enterprise.util.ProcessExecutor
        protected String getExceptionMessage() {
            return getLatestOutput(this.mOutFile) + " " + getFileBuffer(this.mErrFile);
        }

        private void addKeytoolCommand() {
            if (this.mCmdStrings[0].equals(KeystoreManager.KEYTOOL_CMD)) {
                return;
            }
            String[] strArr = new String[this.mCmdStrings.length + 1];
            strArr[0] = KeystoreManager.KEYTOOL_CMD;
            System.arraycopy(this.mCmdStrings, 0, strArr, 1, this.mCmdStrings.length);
            this.mCmdStrings = strArr;
        }

        public void execute(String str, File file) throws RepositoryException {
            try {
                super.execute();
                if (getProcessExitValue() != 0) {
                    throw new RepositoryException(KeystoreManager.STRING_MANAGER.getString(str, file) + getLastExecutionError() + " " + getLastExecutionOutput());
                }
            } catch (ExecException e) {
                throw new RepositoryException(KeystoreManager.STRING_MANAGER.getString(str, file) + getLastExecutionError() + " " + getLastExecutionOutput(), e);
            }
        }
    }

    protected static String getCertificateDN(RepositoryConfig repositoryConfig, String str) {
        String cNFromCfg = getCNFromCfg(repositoryConfig);
        if (cNFromCfg == null) {
            try {
                cNFromCfg = NetUtils.getCanonicalHostName();
            } catch (Exception e) {
                cNFromCfg = "localhost";
            }
        }
        return "CN=" + cNFromCfg + (str != null ? str : "") + ",OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PEFileLayout getFileLayout(RepositoryConfig repositoryConfig) {
        if (this._fileLayout == null) {
            this._fileLayout = new PEFileLayout(repositoryConfig);
        }
        return this._fileLayout;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createKeyStore(File file, RepositoryConfig repositoryConfig, String str) throws RepositoryException {
        String dASCertDN = getDASCertDN(repositoryConfig);
        SLogger.getLogger().log(Level.INFO, STRING_MANAGER.getString("CertificateDN", dASCertDN));
        addSelfSignedCertToKeyStore(file, "s1as", str, dASCertDN);
        String instanceCertDN = getInstanceCertDN(repositoryConfig);
        SLogger.getLogger().log(Level.INFO, STRING_MANAGER.getString("CertificateDN", instanceCertDN));
        addSelfSignedCertToKeyStore(file, "glassfish-instance", str, instanceCertDN);
    }

    private void addSelfSignedCertToKeyStore(File file, String str, String str2, String str3) throws RepositoryException {
        new KeytoolExecutor(new String[]{"-genkey", "-keyalg", "RSA", "-keystore", file.getAbsolutePath(), "-alias", str, "-dname", str3, "-validity", "3650", "-keypass", str2, "-storepass", str2, SKID_EXTENSION_SYSTEM_PROPERTY}, 60L).execute("keystoreNotCreated", file);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void copyCertificates(File file, File file2, DomainConfig domainConfig, String str) throws DomainException {
        try {
            copyCert(file, file2, "s1as", str);
            copyCert(file, file2, "glassfish-instance", str);
        } catch (RepositoryException e) {
            throw new DomainException(STRING_MANAGER.getString("SomeProblemWithKeytool", e.getMessage()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateCertificates(File file, String str) throws RepositoryException {
        String replaceAll = System.getProperty("java.home").concat("/").replaceAll("//", "/");
        try {
            FileInputStream fileInputStream = new FileInputStream(new File((Files.exists(Paths.get(replaceAll, "jre/"), new LinkOption[0]) ? replaceAll + "jre/" : replaceAll) + "lib/security/", "cacerts"));
            try {
                fileInputStream = new FileInputStream(file);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, "changeit".toCharArray());
                    KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore2.load(fileInputStream, str.toCharArray());
                    fileInputStream.close();
                    fileInputStream.close();
                    removeExpiredCerts(keyStore2);
                    try {
                        for (Map.Entry<String, Certificate> entry : getValidCertificates(keyStore).entrySet()) {
                            Certificate value = entry.getValue();
                            if (!keyStore2.containsAlias(entry.getKey())) {
                                keyStore2.setCertificateEntry(entry.getKey(), value);
                            }
                        }
                        try {
                            FileOutputStream fileOutputStream = new FileOutputStream(file);
                            try {
                                keyStore2.store(fileOutputStream, str.toCharArray());
                                fileOutputStream.flush();
                                fileOutputStream.close();
                            } finally {
                            }
                        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                            throw new RepositoryException("Unexpected exception writing certificates to the Keystore file.", e);
                        }
                    } catch (KeyStoreException e2) {
                        throw new RepositoryException("Keystore hasn't been initialized.", e2);
                    }
                } finally {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th) {
                        th.addSuppressed(th);
                    }
                }
            } catch (Throwable th2) {
                throw th2;
            }
        } catch (FileNotFoundException e3) {
            throw new RepositoryException("Unable to find Keystore file.", e3);
        } catch (IOException e4) {
            throw new RepositoryException("Unexpected exception reading Keystore file.", e4);
        } catch (KeyStoreException e5) {
            throw new RepositoryException("Unable to create Keystore object.", e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new RepositoryException("Unable to read Keystore file.", e6);
        } catch (CertificateException e7) {
            throw new RepositoryException("Unable to load certificate from Keystore instance.", e7);
        }
    }

    private void removeExpiredCerts(KeyStore keyStore) throws RepositoryException {
        Iterator<Map.Entry<String, Certificate>> it = getInvalidCertificates(keyStore).entrySet().iterator();
        while (it.hasNext()) {
            try {
                keyStore.deleteEntry(it.next().getKey());
            } catch (KeyStoreException e) {
                throw new RepositoryException("Could not delete invalid cert", e);
            }
        }
    }

    protected Map<String, Certificate> getValidCertificates(KeyStore keyStore) throws RepositoryException {
        return getCertificates(keyStore, true);
    }

    protected Map<String, Certificate> getInvalidCertificates(KeyStore keyStore) throws RepositoryException {
        return getCertificates(keyStore, false);
    }

    private Map<String, Certificate> getCertificates(KeyStore keyStore, boolean z) throws RepositoryException {
        HashMap hashMap = new HashMap();
        try {
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                Certificate certificate = keyStore.getCertificate(str);
                if (certificate.getType().equals(XMLX509Certificate.JCA_CERT_ID)) {
                    try {
                        ((X509Certificate) certificate).checkValidity();
                        if (z) {
                            hashMap.put(str, certificate);
                        }
                    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                        if (!z) {
                            hashMap.put(str, certificate);
                        }
                    }
                }
            }
            return hashMap;
        } catch (KeyStoreException e2) {
            throw new RepositoryException("Keystore hasn't been initialized.", e2);
        }
    }

    public void copyCert(File file, File file2, String str, String str2) throws RepositoryException {
        File file3 = null;
        String[] strArr = {str2};
        try {
            file3 = new File(file.getParentFile(), str + ".cer");
            new KeytoolExecutor(new String[]{"-export", "-keystore", file.getAbsolutePath(), "-alias", str, "-file", file3.getAbsolutePath()}, 30L, strArr).execute("trustStoreNotCreated", file2);
            new KeytoolExecutor(new String[]{"-import", "-noprompt", "-keystore", file2.getAbsolutePath(), "-alias", str, "-file", file3.getAbsolutePath()}, 30L, strArr).execute("trustStoreNotCreated", file2);
            if (file3 == null || file3.delete()) {
                return;
            }
            SLogger.getLogger().log(Level.WARNING, SLogger.BAD_DELETE_TEMP_CERT_FILE, file3.getAbsolutePath());
        } catch (Throwable th) {
            if (file3 != null && !file3.delete()) {
                SLogger.getLogger().log(Level.WARNING, SLogger.BAD_DELETE_TEMP_CERT_FILE, file3.getAbsolutePath());
            }
            throw th;
        }
    }

    protected void enforcePasswordComplexity(char[] cArr, String str) {
        if (cArr == null || cArr.length < 6) {
            throw new IllegalArgumentException(STRING_MANAGER.getString(str));
        }
    }

    public KeyStore openKeyStore(File file, String str, char[] cArr) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(str);
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }

    public void saveKeyStore(KeyStore keyStore, File file, char[] cArr) throws KeyStoreException {
        enforcePasswordComplexity(cArr, "invalidPassword");
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                keyStore.store(fileOutputStream, cArr);
                fileOutputStream.flush();
                fileOutputStream.close();
            } finally {
            }
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }

    public void addKeyPair(File file, String str, char[] cArr, PrivateKey privateKey, Certificate[] certificateArr, String str2) throws KeyStoreException {
        enforcePasswordComplexity(cArr, "invalidPassword");
        KeyStore openKeyStore = openKeyStore(file, str, cArr);
        openKeyStore.setKeyEntry(str2, privateKey, cArr, certificateArr);
        saveKeyStore(openKeyStore, file, cArr);
    }

    public void addKeyPair(File file, String str, char[] cArr, PrivateKey privateKey, char[] cArr2, Certificate[] certificateArr, String str2) throws KeyStoreException {
        enforcePasswordComplexity(cArr2, "invalidPassword");
        KeyStore openKeyStore = openKeyStore(file, str, cArr);
        openKeyStore.setKeyEntry(str2, privateKey, cArr2, certificateArr);
        saveKeyStore(openKeyStore, file, cArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void changeKeyStorePassword(String str, String str2, File file) throws RepositoryException {
        if (str.equals(str2)) {
            return;
        }
        new KeytoolExecutor(new String[]{"-storepasswd", "-keystore", file.getAbsolutePath()}, 30L, new String[]{str, str2, str2}).execute("keyStorePasswordNotChanged", file);
    }

    public void changeKeyStorePassword(File file, String str, char[] cArr, char[] cArr2) throws KeyStoreException {
        changeKeyStorePassword(file, str, cArr, cArr2, true);
    }

    public void changeKeyStorePassword(File file, String str, char[] cArr, char[] cArr2, boolean z) throws KeyStoreException {
        enforcePasswordComplexity(cArr2, "invalidPassword");
        KeyStore openKeyStore = openKeyStore(file, str, cArr);
        if (z) {
            Enumeration<String> aliases = openKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                try {
                    String nextElement = aliases.nextElement();
                    Key key = openKeyStore.getKey(nextElement, cArr);
                    if (key != null) {
                        openKeyStore.setKeyEntry(nextElement, key, cArr2, openKeyStore.getCertificateChain(nextElement));
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    throw new KeyStoreException(e);
                }
            }
        }
        saveKeyStore(openKeyStore, file, cArr2);
    }

    public void changeKeyPassword(File file, String str, char[] cArr, String str2, char[] cArr2, char[] cArr3) throws KeyStoreException {
        enforcePasswordComplexity(cArr3, "invalidPassword");
        try {
            KeyStore openKeyStore = openKeyStore(file, str, cArr);
            openKeyStore.setKeyEntry(str2, openKeyStore.getKey(str2, cArr), cArr3, openKeyStore.getCertificateChain(str2));
            saveKeyStore(openKeyStore, file, cArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeyStoreException(e);
        }
    }

    public PrivateKey readPlainPKCS8PrivateKey(File file) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(extractPrivateKeyBytes(Files.lines(file.toPath()))));
    }

    public PrivateKey readPlainPKCS8PrivateKey(InputStream inputStream, String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(extractPrivateKeyBytes(new BufferedReader(new InputStreamReader(inputStream)).lines())));
    }

    byte[] extractPrivateKeyBytes(Stream<String> stream) {
        return Base64.getDecoder().decode((String) stream.filter(str -> {
            return str.charAt(0) != '-';
        }).collect(Collectors.joining()));
    }

    public Collection<? extends Certificate> readPemCertificateChain(File file) throws KeyStoreException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificates(fileInputStream);
                fileInputStream.close();
                return generateCertificates;
            } finally {
            }
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }

    protected void changeS1ASAliasPassword(RepositoryConfig repositoryConfig, String str, String str2, String str3) throws RepositoryException {
        if (str.equals(str2) || str2.equals(str3)) {
            return;
        }
        File keyStore = getFileLayout(repositoryConfig).getKeyStore();
        String str4 = null;
        ArrayList arrayList = new ArrayList();
        try {
            KeyStore keyStore2 = KeyStore.getInstance(keyStore, str.toCharArray());
            str4 = keyStore2.getType();
            Enumeration<String> aliases = keyStore2.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
        } catch (Exception e) {
            arrayList.add("s1as");
        }
        if ("jks".equalsIgnoreCase(str4)) {
            try {
                new KeytoolExecutor(new String[]{"-list", "-keystore", keyStore.getAbsolutePath(), "-alias", "s1as"}, 30L, new String[]{str}).execute("s1asKeyPasswordNotChanged", keyStore);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    new KeytoolExecutor(new String[]{"-keypasswd", "-keystore", keyStore.getAbsolutePath(), "-alias", (String) it.next()}, 30L, new String[]{str, str2, str3, str3}).execute("s1asKeyPasswordNotChanged", keyStore);
                }
            } catch (RepositoryException e2) {
                SLogger.getLogger().log(Level.SEVERE, SLogger.UNHANDLED_EXCEPTION, (Throwable) e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void changeSSLCertificateDatabasePassword(RepositoryConfig repositoryConfig, String str, String str2) throws RepositoryException {
        PEFileLayout fileLayout = getFileLayout(repositoryConfig);
        File keyStore = fileLayout.getKeyStore();
        File trustStore = fileLayout.getTrustStore();
        if (keyStore.exists()) {
            changeKeyStorePassword(str, str2, keyStore);
            try {
                changeS1ASAliasPassword(repositoryConfig, str2, str, str2);
            } catch (Exception e) {
                SLogger.getLogger().log(Level.SEVERE, SLogger.UNHANDLED_EXCEPTION, (Throwable) e);
            }
        } else {
            SLogger.getLogger().log(Level.SEVERE, SLogger.INVALID_FILE_LOCATION, keyStore.getAbsolutePath());
        }
        if (trustStore.exists()) {
            changeKeyStorePassword(str, str2, trustStore);
        } else {
            SLogger.getLogger().log(Level.SEVERE, SLogger.INVALID_FILE_LOCATION, trustStore.getAbsolutePath());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void chmod(String str, File file) throws IOException {
        if (OS.isUNIX()) {
            if (str == null || file == null) {
                throw new IOException(STRING_MANAGER.getString("nullArg"));
            }
            if (!file.exists()) {
                throw new IOException(STRING_MANAGER.getString("fileNotFound"));
            }
            String[] split = str.split(" +");
            ArrayList arrayList = new ArrayList();
            arrayList.add("/bin/chmod");
            arrayList.addAll(Arrays.asList(split));
            arrayList.add(file.getAbsolutePath());
            new ProcessBuilder(arrayList).start();
        }
    }

    public static String getDASCertDN(RepositoryConfig repositoryConfig) {
        return getCertificateDN(repositoryConfig, null);
    }

    public static String getInstanceCertDN(RepositoryConfig repositoryConfig) {
        return getCertificateDN(repositoryConfig, INSTANCE_CN_SUFFIX);
    }

    private static String getCNFromCfg(RepositoryConfig repositoryConfig) {
        String cNFromOption;
        String str = (String) repositoryConfig.get(DomainConfig.KEYTOOLOPTIONS);
        if (str == null || str.length() == 0 || (cNFromOption = getCNFromOption(str)) == null || cNFromOption.length() == 0) {
            return null;
        }
        return cNFromOption;
    }

    private static String getValueFromOptionForName(String str, String str2, boolean z) {
        for (String str3 : Pattern.compile(":").split(str)) {
            String[] split = Pattern.compile("=").split(str3);
            String trim = split[0].trim();
            String trim2 = split[1].trim();
            if (z ? trim.equalsIgnoreCase(str2) : trim.equals(str2)) {
                return trim2;
            }
        }
        return null;
    }

    private static String getCNFromOption(String str) {
        return getValueFromOptionForName(str, OID.CN.getName(), true);
    }

    static {
        KEYTOOL_EXE_NAME = OS.isWindows() ? "keytool.exe" : "keytool";
        STRING_MANAGER = StringManager.getManager(KeystoreManager.class);
        String str = KEYTOOL_EXE_NAME;
        File file = new File(new File(new ASenvPropertyReader().getProps().get(SystemPropertyConstants.JAVA_ROOT_PROPERTY), "bin"), KEYTOOL_EXE_NAME);
        if (file.canExecute()) {
            str = SmartFile.sanitize(file.getPath());
        } else {
            File exe = ProcessUtils.getExe(KEYTOOL_EXE_NAME);
            if (exe != null && exe.canExecute()) {
                str = exe.getPath();
            }
        }
        KEYTOOL_CMD = str;
    }
}
