package org.wildfly.extension.elytron;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLReason;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.ServiceLoader;
import javax.security.auth.x500.X500Principal;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.operations.validation.IntRangeValidator;
import org.jboss.as.controller.operations.validation.LongRangeValidator;
import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
import org.jboss.as.controller.operations.validation.StringLengthValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.pem.Pem;
import org.wildfly.security.x500.X500;
import org.wildfly.security.x500.cert.PKCS10CertificateSigningRequest;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.X509CertificateChainAndSigningKey;
import org.wildfly.security.x500.cert.acme.AcmeAccount;
import org.wildfly.security.x500.cert.acme.AcmeClientSpi;
import org.wildfly.security.x500.cert.acme.AcmeException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator.class */
public class AdvancedModifiableKeyStoreDecorator extends ModifiableKeyStoreDecorator {
    static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
    static final DateTimeFormatter NOT_VALID_BEFORE_FORMATTER = DateTimeFormatter.ofPattern(DATE_FORMAT).withZone(ZoneId.systemDefault());
    static final SimpleAttributeDefinition ALIAS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALIAS, ModelType.STRING).setAllowExpression(true).setMinSize(1).build();
    static final SimpleAttributeDefinition SIGNATURE_ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SIGNATURE_ALGORITHM, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).build();
    static final SimpleAttributeDefinition NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING).setAllowExpression(true).setMinSize(1).build();
    static final SimpleAttributeDefinition CRITICAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CRITICAL, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    static final SimpleAttributeDefinition VALUE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.VALUE, ModelType.STRING).setAllowExpression(true).setMinSize(1).build();
    static final ObjectTypeAttributeDefinition EXTENSION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.EXTENSION, new AttributeDefinition[]{NAME, CRITICAL, VALUE}).build();
    static final ObjectListAttributeDefinition EXTENSIONS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.EXTENSIONS, EXTENSION).setRequired(false).setAllowDuplicates(false).build();
    static final ObjectTypeAttributeDefinition CREDENTIAL_REFERENCE = CredentialReference.getAttributeBuilder(true, true).build();
    static final SimpleAttributeDefinition PATH = new SimpleAttributeDefinitionBuilder(FileAttributeDefinitions.PATH).setRequired(true).build();
    private static final AcmeClientSpi acmeClient = loadAcmeClient();

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$ChangeAliasHandler.class */
    static class ChangeAliasHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition NEW_ALIAS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NEW_ALIAS, ModelType.STRING).setAllowExpression(true).setMinSize(1).build();

        ChangeAliasHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.CHANGE_ALIAS, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, NEW_ALIAS, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE}).setRuntimeOnly().build(), new ChangeAliasHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            KeyStore.Entry entry;
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            String asString2 = NEW_ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            ExceptionSupplier exceptionSupplier = null;
            ModelNode resolveModelAttribute = AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE.resolveModelAttribute(operationContext, modelNode);
            if (resolveModelAttribute.isDefined()) {
                exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, modelNode, (ServiceBuilder) null);
            }
            char[] resolveKeyPassword = AdvancedModifiableKeyStoreDecorator.resolveKeyPassword((KeyStoreService) modifiableKeyStoreService, exceptionSupplier);
            try {
                if (!modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotExist(asString);
                }
                if (modifiableValue.containsAlias(asString2)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasAlreadyExists(asString2);
                }
                KeyStore.PasswordProtection passwordProtection = null;
                try {
                    entry = modifiableValue.getEntry(asString, null);
                } catch (UnrecoverableEntryException e) {
                    passwordProtection = new KeyStore.PasswordProtection(resolveKeyPassword);
                    try {
                        entry = modifiableValue.getEntry(asString, passwordProtection);
                    } catch (UnrecoverableEntryException e2) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainEntry(asString);
                    }
                }
                if (entry == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainEntry(asString);
                }
                modifiableValue.setEntry(asString2, entry, passwordProtection);
                if (modifiableValue.containsAlias(asString)) {
                    modifiableValue.deleteEntry(asString);
                }
            } catch (Exception e3) {
                CredentialReference.rollbackCredentialStoreUpdate(AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, operationContext, resolveModelAttribute);
                if (!(e3 instanceof OperationFailedException)) {
                    throw new RuntimeException((Throwable) e3);
                }
                throw e3;
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$ExportCertificateHandler.class */
    static class ExportCertificateHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition PEM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PEM, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();

        ExportCertificateHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.EXPORT_CERTIFICATE, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, AdvancedModifiableKeyStoreDecorator.PATH, FileAttributeDefinitions.RELATIVE_TO, PEM}).setRuntimeOnly().build(), new ExportCertificateHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            KeyStoreService keyStoreService = (KeyStoreService) modifiableKeyStoreService;
            File resolvedPath = keyStoreService.getResolvedPath(FileAttributeDefinitions.pathResolver(), AdvancedModifiableKeyStoreDecorator.PATH.resolveModelAttribute(operationContext, modelNode).asString(), FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull());
            boolean asBoolean = PEM.resolveModelAttribute(operationContext, modelNode).asBoolean();
            try {
                if (!modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotExist(asString);
                }
                X509Certificate x509Certificate = (X509Certificate) modifiableValue.getCertificate(asString);
                if (x509Certificate == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificate(asString);
                }
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(resolvedPath);
                    Throwable th = null;
                    if (asBoolean) {
                        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
                        Pem.generatePemX509Certificate(byteStringBuilder, x509Certificate);
                        fileOutputStream.write(byteStringBuilder.toArray());
                    } else {
                        fileOutputStream.write(x509Certificate.getEncoded());
                    }
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Exception e) {
                if (!(e instanceof OperationFailedException)) {
                    throw new RuntimeException((Throwable) e);
                }
                throw e;
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$GenerateCertificateSigningRequestHandler.class */
    static class GenerateCertificateSigningRequestHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition DISTINGUISHED_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DISTINGUISHED_NAME, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).build();

        GenerateCertificateSigningRequestHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.GENERATE_CERTIFICATE_SIGNING_REQUEST, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, AdvancedModifiableKeyStoreDecorator.SIGNATURE_ALGORITHM, DISTINGUISHED_NAME, AdvancedModifiableKeyStoreDecorator.EXTENSIONS, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, AdvancedModifiableKeyStoreDecorator.PATH, FileAttributeDefinitions.RELATIVE_TO}).setRuntimeOnly().build(), new GenerateCertificateSigningRequestHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            String asStringOrNull = AdvancedModifiableKeyStoreDecorator.SIGNATURE_ALGORITHM.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            String asStringOrNull2 = DISTINGUISHED_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            ModelNode resolveModelAttribute = AdvancedModifiableKeyStoreDecorator.EXTENSIONS.resolveModelAttribute(operationContext, modelNode);
            ModelNode resolveModelAttribute2 = AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE.resolveModelAttribute(operationContext, modelNode);
            char[] resolveKeyPassword = AdvancedModifiableKeyStoreDecorator.resolveKeyPassword((KeyStoreService) modifiableKeyStoreService, resolveModelAttribute2.isDefined() ? CredentialReference.getCredentialSourceSupplier(operationContext, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, modelNode, (ServiceBuilder) null) : null);
            File resolvedPath = ((KeyStoreService) modifiableKeyStoreService).getResolvedPath(FileAttributeDefinitions.pathResolver(), AdvancedModifiableKeyStoreDecorator.PATH.resolveModelAttribute(operationContext, modelNode).asString(), FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull());
            try {
                if (!modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotExist(asString);
                }
                if (!modifiableValue.entryInstanceOf(asString, KeyStore.PrivateKeyEntry.class)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotIdentifyPrivateKeyEntry(asString);
                }
                try {
                    PrivateKey privateKey = (PrivateKey) modifiableValue.getKey(asString, resolveKeyPassword);
                    if (privateKey == null) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainPrivateKey(asString);
                    }
                    Certificate certificate = modifiableValue.getCertificate(asString);
                    if (certificate == null) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificate(asString);
                    }
                    PKCS10CertificateSigningRequest.Builder builder = PKCS10CertificateSigningRequest.builder();
                    builder.setSigningKey(privateKey);
                    builder.setCertificate(certificate);
                    if (asStringOrNull != null) {
                        builder.setSignatureAlgorithmName(asStringOrNull);
                    }
                    if (asStringOrNull2 != null) {
                        builder.setSubjectDn(new X500Principal(asStringOrNull2));
                    }
                    if (resolveModelAttribute.isDefined()) {
                        for (ModelNode modelNode2 : resolveModelAttribute.asList()) {
                            builder.addExtension(Boolean.valueOf(AdvancedModifiableKeyStoreDecorator.CRITICAL.resolveModelAttribute(operationContext, modelNode2).asBoolean()).booleanValue(), AdvancedModifiableKeyStoreDecorator.NAME.resolveModelAttribute(operationContext, modelNode2).asString(), AdvancedModifiableKeyStoreDecorator.VALUE.resolveModelAttribute(operationContext, modelNode2).asString());
                        }
                    }
                    PKCS10CertificateSigningRequest build = builder.build();
                    FileOutputStream fileOutputStream = new FileOutputStream(resolvedPath);
                    Throwable th = null;
                    try {
                        try {
                            fileOutputStream.write(build.getPem());
                            if (fileOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        fileOutputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileOutputStream.close();
                                }
                            }
                        } finally {
                        }
                    } finally {
                    }
                } catch (UnrecoverableKeyException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainPrivateKey(asString);
                }
            } catch (Exception e2) {
                CredentialReference.rollbackCredentialStoreUpdate(AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, operationContext, resolveModelAttribute2);
                if (e2 instanceof OperationFailedException) {
                    throw e2;
                }
                if (!(e2 instanceof IllegalArgumentException)) {
                    throw new RuntimeException((Throwable) e2);
                }
                throw new OperationFailedException(e2);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$GenerateKeyPairHandler.class */
    static class GenerateKeyPairHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).build();
        static final SimpleAttributeDefinition KEY_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_SIZE, ModelType.INT, true).setAllowExpression(true).setValidator(new KeySizeValidator()).build();
        static final SimpleAttributeDefinition DISTINGUISHED_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DISTINGUISHED_NAME, ModelType.STRING).setAllowExpression(true).setMinSize(1).build();
        static final SimpleAttributeDefinition NOT_BEFORE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NOT_BEFORE, ModelType.STRING, true).setAllowExpression(true).setValidator(new NotBeforeValidator()).build();
        static final SimpleAttributeDefinition VALIDITY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.VALIDITY, ModelType.LONG, true).setAllowExpression(true).setValidator(new LongRangeValidator(1)).setDefaultValue(new ModelNode(90)).build();

        GenerateKeyPairHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.GENERATE_KEY_PAIR, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, ALGORITHM, AdvancedModifiableKeyStoreDecorator.SIGNATURE_ALGORITHM, KEY_SIZE, DISTINGUISHED_NAME, NOT_BEFORE, VALIDITY, AdvancedModifiableKeyStoreDecorator.EXTENSIONS, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE}).setRuntimeOnly().build(), new GenerateKeyPairHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            String asStringOrNull = ALGORITHM.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            String asStringOrNull2 = AdvancedModifiableKeyStoreDecorator.SIGNATURE_ALGORITHM.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            Integer asIntOrNull = KEY_SIZE.resolveModelAttribute(operationContext, modelNode).asIntOrNull();
            String asString2 = DISTINGUISHED_NAME.resolveModelAttribute(operationContext, modelNode).asString();
            String asStringOrNull3 = NOT_BEFORE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            Long valueOf = Long.valueOf(VALIDITY.resolveModelAttribute(operationContext, modelNode).asLong());
            ModelNode resolveModelAttribute = AdvancedModifiableKeyStoreDecorator.EXTENSIONS.resolveModelAttribute(operationContext, modelNode);
            ModelNode resolveModelAttribute2 = AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE.resolveModelAttribute(operationContext, modelNode);
            char[] resolveKeyPassword = AdvancedModifiableKeyStoreDecorator.resolveKeyPassword((KeyStoreService) modifiableKeyStoreService, resolveModelAttribute2.isDefined() ? CredentialReference.getCredentialSourceSupplier(operationContext, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, modelNode, (ServiceBuilder) null) : null);
            try {
                if (modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasAlreadyExists(asString);
                }
                SelfSignedX509CertificateAndSigningKey.Builder builder = SelfSignedX509CertificateAndSigningKey.builder();
                builder.setDn(new X500Principal(asString2));
                if (asStringOrNull != null) {
                    builder.setKeyAlgorithmName(asStringOrNull);
                }
                if (asStringOrNull2 != null) {
                    builder.setSignatureAlgorithmName(asStringOrNull2);
                }
                if (asIntOrNull != null) {
                    builder.setKeySize(asIntOrNull.intValue());
                }
                ZonedDateTime from = asStringOrNull3 != null ? ZonedDateTime.from(AdvancedModifiableKeyStoreDecorator.NOT_VALID_BEFORE_FORMATTER.parse(asStringOrNull3)) : ZonedDateTime.now();
                builder.setNotValidBefore(from);
                builder.setNotValidAfter(from.plusDays(valueOf.longValue()));
                if (resolveModelAttribute.isDefined()) {
                    for (ModelNode modelNode2 : resolveModelAttribute.asList()) {
                        builder.addExtension(Boolean.valueOf(AdvancedModifiableKeyStoreDecorator.CRITICAL.resolveModelAttribute(operationContext, modelNode2).asBoolean()).booleanValue(), AdvancedModifiableKeyStoreDecorator.NAME.resolveModelAttribute(operationContext, modelNode2).asString(), AdvancedModifiableKeyStoreDecorator.VALUE.resolveModelAttribute(operationContext, modelNode2).asString());
                    }
                }
                SelfSignedX509CertificateAndSigningKey build = builder.build();
                modifiableValue.setKeyEntry(asString, build.getSigningKey(), resolveKeyPassword, new X509Certificate[]{build.getSelfSignedCertificate()});
            } catch (Exception e) {
                CredentialReference.rollbackCredentialStoreUpdate(AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, operationContext, resolveModelAttribute2);
                if (!(e instanceof IllegalArgumentException)) {
                    throw new RuntimeException(e);
                }
                throw new OperationFailedException(e);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$ImportCertificateHandler.class */
    static class ImportCertificateHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition TRUST_CACERTS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TRUST_CACERTS, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
        static final SimpleAttributeDefinition VALIDATE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.VALIDATE, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.TRUE).build();

        ImportCertificateHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.IMPORT_CERTIFICATE, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, AdvancedModifiableKeyStoreDecorator.PATH, FileAttributeDefinitions.RELATIVE_TO, TRUST_CACERTS, VALIDATE}).setRuntimeOnly().build(), new ImportCertificateHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            FileInputStream fileInputStream;
            X509Certificate[] asOrderedX509CertificateChain;
            String certificateAlias;
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            ExceptionSupplier exceptionSupplier = null;
            ModelNode resolveModelAttribute = AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE.resolveModelAttribute(operationContext, modelNode);
            if (resolveModelAttribute.isDefined()) {
                exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, modelNode, (ServiceBuilder) null);
            }
            char[] resolveKeyPassword = AdvancedModifiableKeyStoreDecorator.resolveKeyPassword((KeyStoreService) modifiableKeyStoreService, exceptionSupplier);
            File resolvedPath = ((KeyStoreService) modifiableKeyStoreService).getResolvedPath(FileAttributeDefinitions.pathResolver(), AdvancedModifiableKeyStoreDecorator.PATH.resolveModelAttribute(operationContext, modelNode).asString(), FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull());
            boolean asBoolean = TRUST_CACERTS.resolveModelAttribute(operationContext, modelNode).asBoolean();
            boolean asBoolean2 = VALIDATE.resolveModelAttribute(operationContext, modelNode).asBoolean();
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (!modifiableValue.entryInstanceOf(asString, KeyStore.PrivateKeyEntry.class)) {
                    if (!modifiableValue.containsAlias(asString)) {
                        try {
                            fileInputStream = new FileInputStream(resolvedPath);
                            Throwable th = null;
                            try {
                                try {
                                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                                    if (fileInputStream != null) {
                                        if (0 != 0) {
                                            try {
                                                fileInputStream.close();
                                            } catch (Throwable th2) {
                                                th.addSuppressed(th2);
                                            }
                                        } else {
                                            fileInputStream.close();
                                        }
                                    }
                                    if (asBoolean2) {
                                        String certificateAlias2 = modifiableValue.getCertificateAlias(x509Certificate);
                                        if (certificateAlias2 != null) {
                                            throw ElytronSubsystemMessages.ROOT_LOGGER.trustedCertificateAlreadyInKeyStore(certificateAlias2);
                                        }
                                        KeyStore cacertsKeyStore = getCacertsKeyStore(asBoolean);
                                        if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                                            x509Certificate.verify(x509Certificate.getPublicKey());
                                            if (cacertsKeyStore != null && (certificateAlias = cacertsKeyStore.getCertificateAlias(x509Certificate)) != null) {
                                                throw ElytronSubsystemMessages.ROOT_LOGGER.trustedCertificateAlreadyInCacertsKeyStore(certificateAlias);
                                            }
                                            CertificateChainAttributeDefinitions.writeCertificate(operationContext.getResult().get(ElytronDescriptionConstants.CERTIFICATE), x509Certificate);
                                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToDetermineIfCertificateIsTrusted();
                                        }
                                        try {
                                            X500.createX509CertificateChain(x509Certificate, getKeyStoreCertificates(modifiableValue, cacertsKeyStore));
                                        } catch (IllegalArgumentException e) {
                                            CertificateChainAttributeDefinitions.writeCertificate(operationContext.getResult().get(ElytronDescriptionConstants.CERTIFICATE), x509Certificate);
                                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToDetermineIfCertificateIsTrusted();
                                        }
                                    }
                                    modifiableValue.setCertificateEntry(asString, x509Certificate);
                                } finally {
                                }
                            } finally {
                            }
                        } catch (FileNotFoundException e2) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.certificateFileDoesNotExist(e2);
                        }
                    }
                }
                try {
                    PrivateKey privateKey = (PrivateKey) modifiableValue.getKey(asString, resolveKeyPassword);
                    if (privateKey == null) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainPrivateKey(asString);
                    }
                    Certificate certificate = modifiableValue.getCertificate(asString);
                    if (certificate == null) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificate(asString);
                    }
                    PublicKey publicKey = certificate.getPublicKey();
                    try {
                        fileInputStream = new FileInputStream(resolvedPath);
                        Throwable th3 = null;
                        try {
                            try {
                                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
                                if (fileInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            fileInputStream.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        fileInputStream.close();
                                    }
                                }
                                if (generateCertificates.isEmpty()) {
                                    throw ElytronSubsystemMessages.ROOT_LOGGER.noCertificatesFoundInCertificateReply();
                                }
                                Certificate[] certificateArr = (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]);
                                if (certificateArr.length == 1) {
                                    X509Certificate x509Certificate2 = (X509Certificate) certificateArr[0];
                                    if (!x509Certificate2.getPublicKey().equals(publicKey)) {
                                        throw ElytronSubsystemMessages.ROOT_LOGGER.publicKeyFromCertificateReplyDoesNotMatchKeyStore();
                                    }
                                    if (x509Certificate2.equals(certificate)) {
                                        throw ElytronSubsystemMessages.ROOT_LOGGER.certificateReplySameAsCertificateFromKeyStore();
                                    }
                                    asOrderedX509CertificateChain = X500.createX509CertificateChain(x509Certificate2, getKeyStoreCertificates(modifiableValue, getCacertsKeyStore(asBoolean)));
                                } else {
                                    asOrderedX509CertificateChain = X500.asOrderedX509CertificateChain(publicKey, certificateArr);
                                    if (asBoolean2) {
                                        X509Certificate x509Certificate3 = asOrderedX509CertificateChain[asOrderedX509CertificateChain.length - 1];
                                        X509Certificate certificateOrIssuerFromKeyStores = getCertificateOrIssuerFromKeyStores(x509Certificate3, modifiableValue, getCacertsKeyStore(asBoolean));
                                        if (certificateOrIssuerFromKeyStores == null) {
                                            CertificateChainAttributeDefinitions.writeCertificate(operationContext.getResult().get(ElytronDescriptionConstants.CERTIFICATE), x509Certificate3);
                                            throw ElytronSubsystemMessages.ROOT_LOGGER.topMostCertificateFromCertificateReplyNotTrusted();
                                        }
                                        if (!x509Certificate3.equals(certificateOrIssuerFromKeyStores)) {
                                            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(asOrderedX509CertificateChain, asOrderedX509CertificateChain.length + 1);
                                            x509CertificateArr[x509CertificateArr.length - 1] = certificateOrIssuerFromKeyStores;
                                            asOrderedX509CertificateChain = x509CertificateArr;
                                        }
                                    }
                                }
                                modifiableValue.setKeyEntry(asString, privateKey, resolveKeyPassword, asOrderedX509CertificateChain);
                            } finally {
                            }
                        } finally {
                        }
                    } catch (FileNotFoundException e3) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.certificateFileDoesNotExist(e3);
                    }
                } catch (UnrecoverableKeyException e4) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainPrivateKey(asString);
                }
            } catch (Exception e5) {
                CredentialReference.rollbackCredentialStoreUpdate(AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, operationContext, resolveModelAttribute);
                if (!(e5 instanceof OperationFailedException)) {
                    throw new RuntimeException((Throwable) e5);
                }
                throw e5;
            }
        }

        private static KeyStore getCacertsKeyStore(boolean z) throws Exception {
            KeyStore keyStore = null;
            if (z) {
                FileInputStream fileInputStream = new FileInputStream(new File(System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"));
                Throwable th = null;
                try {
                    try {
                        keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(fileInputStream, null);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            }
            return keyStore;
        }

        private static HashMap<Principal, HashSet<X509Certificate>> getKeyStoreCertificates(KeyStore... keyStoreArr) throws KeyStoreException {
            HashMap<Principal, HashSet<X509Certificate>> hashMap = new HashMap<>();
            for (KeyStore keyStore : keyStoreArr) {
                if (keyStore != null) {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                        if (certificate != null && (certificate instanceof X509Certificate)) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            HashSet<X509Certificate> hashSet = hashMap.get(x509Certificate.getSubjectDN());
                            if (hashSet == null) {
                                hashSet = new HashSet<>();
                                hashMap.put(x509Certificate.getSubjectDN(), hashSet);
                            }
                            hashSet.add(x509Certificate);
                        }
                    }
                }
            }
            return hashMap;
        }

        private static X509Certificate getCertificateOrIssuerFromKeyStores(X509Certificate x509Certificate, KeyStore... keyStoreArr) throws KeyStoreException {
            for (KeyStore keyStore : keyStoreArr) {
                if (keyStore != null) {
                    if (keyStore.getCertificateAlias(x509Certificate) != null) {
                        return x509Certificate;
                    }
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                        if (certificate != null && (certificate instanceof X509Certificate)) {
                            X509Certificate x509Certificate2 = (X509Certificate) certificate;
                            if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                                try {
                                    x509Certificate.verify(x509Certificate2.getPublicKey());
                                    return x509Certificate2;
                                } catch (Exception e) {
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$KeySizeValidator.class */
    static class KeySizeValidator extends IntRangeValidator {
        KeySizeValidator() {
            super(1);
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined()) {
                int asInt = modelNode.asInt();
                if ((asInt & (asInt - 1)) != 0) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.invalidKeySize(asInt);
                }
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$NotBeforeValidator.class */
    static class NotBeforeValidator extends StringLengthValidator {
        NotBeforeValidator() {
            super(1, true, true);
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined()) {
                try {
                    AdvancedModifiableKeyStoreDecorator.NOT_VALID_BEFORE_FORMATTER.parse(modelNode.asString());
                } catch (DateTimeParseException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.invalidNotBefore(e, e.getLocalizedMessage());
                }
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$ObtainCertificateHandler.class */
    static class ObtainCertificateHandler extends ElytronRuntimeOnlyHandler {
        static final StringListAttributeDefinition DOMAIN_NAMES = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.DOMAIN_NAMES).build();
        static final SimpleAttributeDefinition CERTIFICATE_AUTHORITY_ACCOUNT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CERTIFICATE_AUTHORITY_ACCOUNT, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.certificate-authority-account", "org.wildfly.security.key-store", true).build();
        static final SimpleAttributeDefinition AGREE_TO_TERMS_OF_SERVICE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AGREE_TO_TERMS_OF_SERVICE, ModelType.BOOLEAN, true).setAllowExpression(true).build();
        static final SimpleAttributeDefinition STAGING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.STAGING, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
        static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringAllowedValuesValidator(new String[]{"RSA", "EC"})).setDefaultValue(new ModelNode("RSA")).setMinSize(1).build();
        static final SimpleAttributeDefinition KEY_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_SIZE, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(2048)).setValidator(new KeySizeValidator()).build();

        ObtainCertificateHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.OBTAIN_CERTIFICATE, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, DOMAIN_NAMES, CERTIFICATE_AUTHORITY_ACCOUNT, AGREE_TO_TERMS_OF_SERVICE, STAGING, ALGORITHM, KEY_SIZE, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE}).setRuntimeOnly().build(), new ObtainCertificateHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            List unwrap = DOMAIN_NAMES.unwrap(operationContext, modelNode);
            String asString2 = CERTIFICATE_AUTHORITY_ACCOUNT.resolveModelAttribute(operationContext, modelNode).asString();
            Boolean asBooleanOrNull = AGREE_TO_TERMS_OF_SERVICE.resolveModelAttribute(operationContext, modelNode).asBooleanOrNull();
            boolean asBoolean = STAGING.resolveModelAttribute(operationContext, modelNode).asBoolean();
            String asString3 = ALGORITHM.resolveModelAttribute(operationContext, modelNode).asString();
            Integer valueOf = Integer.valueOf(KEY_SIZE.resolveModelAttribute(operationContext, modelNode).asInt());
            ExceptionSupplier exceptionSupplier = null;
            ModelNode resolveModelAttribute = AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE.resolveModelAttribute(operationContext, modelNode);
            if (resolveModelAttribute.isDefined()) {
                exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, modelNode, (ServiceBuilder) null);
            }
            char[] resolveKeyPassword = AdvancedModifiableKeyStoreDecorator.resolveKeyPassword((KeyStoreService) modifiableKeyStoreService, exceptionSupplier);
            try {
                AcmeAccount acmeAccount = AdvancedModifiableKeyStoreDecorator.getAcmeAccount(operationContext, asString2, asBoolean);
                if (asBooleanOrNull != null) {
                    acmeAccount.setTermsOfServiceAgreed(asBooleanOrNull.booleanValue());
                }
                boolean z = false;
                if (acmeAccount.getAccountUrl() == null) {
                    z = AdvancedModifiableKeyStoreDecorator.acmeClient.createAccount(acmeAccount, asBoolean);
                }
                if (!z) {
                    AdvancedModifiableKeyStoreDecorator.acmeClient.updateAccount(acmeAccount, asBoolean, acmeAccount.isTermsOfServiceAgreed(), acmeAccount.getContactUrls());
                }
                X509CertificateChainAndSigningKey obtainCertificateChain = AdvancedModifiableKeyStoreDecorator.acmeClient.obtainCertificateChain(acmeAccount, asBoolean, asString3, valueOf.intValue(), (String[]) unwrap.toArray(new String[unwrap.size()]));
                modifiableValue.setKeyEntry(asString, obtainCertificateChain.getSigningKey(), resolveKeyPassword, obtainCertificateChain.getCertificateChain());
                ((KeyStoreService) modifiableKeyStoreService).save();
            } catch (Exception e) {
                CredentialReference.rollbackCredentialStoreUpdate(AdvancedModifiableKeyStoreDecorator.CREDENTIAL_REFERENCE, operationContext, resolveModelAttribute);
                if (!(e instanceof IllegalArgumentException) && !(e instanceof AcmeException)) {
                    throw new RuntimeException(e);
                }
                throw new OperationFailedException(e);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$RevokeCertificateHandler.class */
    static class RevokeCertificateHandler extends ElytronRuntimeOnlyHandler {
        static final String UNSPECIFIED = "UNSPECIFIED";
        static final String KEY_COMPROMISE = "KEYCOMPROMISE";
        static final String CA_COMPROMISE = "CACOMPROMISE";
        static final String AFFILIATION_CHANGED = "AFFILIATIONCHANGED";
        static final String SUPERSEDED = "SUPERSEDED";
        static final String CESSATION_OF_OPERATION = "CESSATIONOFOPERATION";
        static final String CERTIFICATE_HOLD = "CERTIFICATEHOLD";
        static final String REMOVE_FROM_CRL = "REMOVEFROMCRL";
        static final String PRIVILEGE_WITHDRAWN = "PRIVILEGEWITHDRAWN";
        static final String AA_COMPROMISE = "AACOMPROMISE";
        static final String[] ALLOWED_VALUES = {UNSPECIFIED, KEY_COMPROMISE, CA_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, REMOVE_FROM_CRL, PRIVILEGE_WITHDRAWN, AA_COMPROMISE};
        static final SimpleAttributeDefinition REASON = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REASON, ModelType.STRING, true).setAllowExpression(true).setAllowedValues(ALLOWED_VALUES).setMinSize(1).build();
        static final SimpleAttributeDefinition CERTIFICATE_AUTHORITY_ACCOUNT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CERTIFICATE_AUTHORITY_ACCOUNT, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.certificate-authority-account", "org.wildfly.security.key-store", true).build();
        static final SimpleAttributeDefinition STAGING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.STAGING, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();

        RevokeCertificateHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.REVOKE_CERTIFICATE, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, REASON, CERTIFICATE_AUTHORITY_ACCOUNT, STAGING}).setRuntimeOnly().build(), new RevokeCertificateHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModifiableKeyStoreService modifiableKeyStoreService = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext);
            KeyStore modifiableValue = modifiableKeyStoreService.getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            String asStringOrNull = REASON.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            String asString2 = CERTIFICATE_AUTHORITY_ACCOUNT.resolveModelAttribute(operationContext, modelNode).asString();
            boolean asBoolean = STAGING.resolveModelAttribute(operationContext, modelNode).asBoolean();
            try {
                if (!modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotExist(asString);
                }
                X509Certificate x509Certificate = (X509Certificate) modifiableValue.getCertificate(asString);
                if (x509Certificate == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificate(asString);
                }
                AcmeAccount acmeAccount = AdvancedModifiableKeyStoreDecorator.getAcmeAccount(operationContext, asString2, asBoolean);
                if (asStringOrNull != null) {
                    AdvancedModifiableKeyStoreDecorator.acmeClient.revokeCertificate(acmeAccount, asBoolean, x509Certificate, getCRLReason(asStringOrNull));
                } else {
                    AdvancedModifiableKeyStoreDecorator.acmeClient.revokeCertificate(acmeAccount, asBoolean, x509Certificate);
                }
                modifiableValue.deleteEntry(asString);
                ((KeyStoreService) modifiableKeyStoreService).save();
            } catch (IllegalArgumentException | AcmeException e) {
                throw new OperationFailedException(e);
            } catch (KeyStoreException e2) {
                throw new RuntimeException(e2);
            }
        }

        static CRLReason getCRLReason(String str) throws OperationFailedException {
            String upperCase = str.toUpperCase(Locale.ENGLISH);
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case -1932685884:
                    if (upperCase.equals(AFFILIATION_CHANGED)) {
                        z = 3;
                        break;
                    }
                    break;
                case -1215042090:
                    if (upperCase.equals(SUPERSEDED)) {
                        z = 4;
                        break;
                    }
                    break;
                case -1103806471:
                    if (upperCase.equals(KEY_COMPROMISE)) {
                        z = true;
                        break;
                    }
                    break;
                case -912588646:
                    if (upperCase.equals(AA_COMPROMISE)) {
                        z = 9;
                        break;
                    }
                    break;
                case -715664995:
                    if (upperCase.equals(CESSATION_OF_OPERATION)) {
                        z = 5;
                        break;
                    }
                    break;
                case -654423208:
                    if (upperCase.equals(CA_COMPROMISE)) {
                        z = 2;
                        break;
                    }
                    break;
                case 200224438:
                    if (upperCase.equals(CERTIFICATE_HOLD)) {
                        z = 6;
                        break;
                    }
                    break;
                case 273756947:
                    if (upperCase.equals(PRIVILEGE_WITHDRAWN)) {
                        z = 8;
                        break;
                    }
                    break;
                case 526786327:
                    if (upperCase.equals(UNSPECIFIED)) {
                        z = false;
                        break;
                    }
                    break;
                case 2052756687:
                    if (upperCase.equals(REMOVE_FROM_CRL)) {
                        z = 7;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return CRLReason.UNSPECIFIED;
                case true:
                    return CRLReason.KEY_COMPROMISE;
                case true:
                    return CRLReason.CA_COMPROMISE;
                case true:
                    return CRLReason.AFFILIATION_CHANGED;
                case true:
                    return CRLReason.SUPERSEDED;
                case true:
                    return CRLReason.CESSATION_OF_OPERATION;
                case true:
                    return CRLReason.CERTIFICATE_HOLD;
                case true:
                    return CRLReason.REMOVE_FROM_CRL;
                case true:
                    return CRLReason.PRIVILEGE_WITHDRAWN;
                case true:
                    return CRLReason.AA_COMPROMISE;
                default:
                    throw ElytronSubsystemMessages.ROOT_LOGGER.invalidCertificateRevocationReason(str);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/AdvancedModifiableKeyStoreDecorator$ShouldRenewCertificateHandler.class */
    static class ShouldRenewCertificateHandler extends ElytronRuntimeOnlyHandler {
        static final SimpleAttributeDefinition EXPIRATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.EXPIRATION, ModelType.LONG, true).setAllowExpression(true).setValidator(new LongRangeValidator(1)).setDefaultValue(new ModelNode(30)).build();

        ShouldRenewCertificateHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.SHOULD_RENEW_CERTIFICATE, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{AdvancedModifiableKeyStoreDecorator.ALIAS, EXPIRATION}).setRuntimeOnly().build(), new ShouldRenewCertificateHandler());
        }

        /* JADX WARN: Type inference failed for: r0v19, types: [java.time.ZonedDateTime] */
        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            KeyStore modifiableValue = ModifiableKeyStoreDecorator.getModifiableKeyStoreService(operationContext).getModifiableValue();
            String asString = AdvancedModifiableKeyStoreDecorator.ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
            Long valueOf = Long.valueOf(EXPIRATION.resolveModelAttribute(operationContext, modelNode).asLong());
            try {
                if (!modifiableValue.containsAlias(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreAliasDoesNotExist(asString);
                }
                X509Certificate x509Certificate = (X509Certificate) modifiableValue.getCertificate(asString);
                if (x509Certificate == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificate(asString);
                }
                long between = ChronoUnit.DAYS.between(ZonedDateTime.now().withZoneSameInstant(ZoneId.of("UTC")).withNano(0), ZonedDateTime.ofInstant(x509Certificate.getNotAfter().toInstant(), ZoneId.of("UTC")));
                ModelNode result = operationContext.getResult();
                if (between <= 0) {
                    result.get(ElytronDescriptionConstants.SHOULD_RENEW_CERTIFICATE).set(ModelNode.TRUE);
                    between = 0;
                } else if (between <= valueOf.longValue()) {
                    result.get(ElytronDescriptionConstants.SHOULD_RENEW_CERTIFICATE).set(ModelNode.TRUE);
                } else {
                    result.get(ElytronDescriptionConstants.SHOULD_RENEW_CERTIFICATE).set(ModelNode.FALSE);
                }
                result.get(ElytronDescriptionConstants.DAYS_TO_EXPIRY).set(new ModelNode(between));
            } catch (KeyStoreException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private static AcmeClientSpi loadAcmeClient() {
        Iterator it = ServiceLoader.load(AcmeClientSpi.class, ElytronSubsystemMessages.class.getClassLoader()).iterator();
        if (it.hasNext()) {
            return (AcmeClientSpi) it.next();
        }
        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToInstatiateAcmeClientSpiImplementation();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition wrap(ResourceDefinition resourceDefinition) {
        return new AdvancedModifiableKeyStoreDecorator(resourceDefinition);
    }

    private AdvancedModifiableKeyStoreDecorator(ResourceDefinition resourceDefinition) {
        super(resourceDefinition);
    }

    @Override // org.wildfly.extension.elytron.ModifiableKeyStoreDecorator
    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        StandardResourceDescriptionResolver resourceDescriptionResolver = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.MODIFIABLE_KEY_STORE);
        if (ElytronExtension.isServerOrHostController(managementResourceRegistration)) {
            GenerateKeyPairHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            GenerateCertificateSigningRequestHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            ImportCertificateHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            ExportCertificateHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            ChangeAliasHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            ObtainCertificateHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            RevokeCertificateHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            ShouldRenewCertificateHandler.register(managementResourceRegistration, resourceDescriptionResolver);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static char[] resolveKeyPassword(KeyStoreService keyStoreService, ExceptionSupplier<CredentialSource, Exception> exceptionSupplier) throws RuntimeException {
        try {
            return keyStoreService.resolveKeyPassword(exceptionSupplier);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AcmeAccount getAcmeAccount(OperationContext operationContext, String str, boolean z) throws OperationFailedException {
        ServiceRegistry serviceRegistry = operationContext.getServiceRegistry(true);
        ServiceName capabilityServiceName = Capabilities.CERTIFICATE_AUTHORITY_ACCOUNT_RUNTIME_CAPABILITY.fromBaseCapability(str).getCapabilityServiceName();
        ServiceController requiredService = ElytronExtension.getRequiredService(serviceRegistry, capabilityServiceName, AcmeAccount.class);
        ServiceController.State state = requiredService.getState();
        if (state != ServiceController.State.UP) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.requiredServiceNotUp(capabilityServiceName, state);
        }
        return resetAcmeAccount((AcmeAccount) requiredService.getService().getValue(), z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AcmeAccount resetAcmeAccount(AcmeAccount acmeAccount, boolean z) {
        String accountUrl = acmeAccount.getAccountUrl();
        if (accountUrl != null && acmeAccount.getStagingServerUrl() != null) {
            String substring = acmeAccount.getStagingServerUrl().substring(0, acmeAccount.getStagingServerUrl().indexOf("/directory"));
            if ((accountUrl.startsWith(substring) && !z) || (!accountUrl.startsWith(substring) && z)) {
                AcmeAccount.Builder builder = AcmeAccount.builder();
                builder.setServerUrl(acmeAccount.getServerUrl()).setStagingServerUrl(acmeAccount.getStagingServerUrl()).setDn(acmeAccount.getDn()).setKey(acmeAccount.getCertificate(), acmeAccount.getPrivateKey()).setTermsOfServiceAgreed(acmeAccount.isTermsOfServiceAgreed());
                if (acmeAccount.getContactUrls() != null) {
                    builder.setContactUrls(acmeAccount.getContactUrls());
                }
                return builder.build();
            }
        }
        return acmeAccount;
    }
}
