package org.apache.directory.server.core.security;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.NotImplementedException;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.LdapPrincipal;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.util.SingletonEnumeration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/security/CoreKeyStoreSpi.class */
public class CoreKeyStoreSpi extends KeyStoreSpi {
    private static final String APACHEDS_ALIAS = "apacheds";
    private static final Logger LOG = LoggerFactory.getLogger(CoreKeyStoreSpi.class);
    private DirectoryService directoryService;

    public CoreKeyStoreSpi(DirectoryService directoryService) {
        LOG.debug("Constructor called.");
        this.directoryService = directoryService;
    }

    private ServerEntry getTlsEntry() throws Exception {
        DN dn = new DN("uid=admin,ou=system");
        dn.normalize(this.directoryService.getSchemaManager().getNormalizerMapping());
        return this.directoryService.getSession(new LdapPrincipal(dn, AuthenticationLevel.SIMPLE)).lookup(dn);
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        LOG.debug("engineAliases() called.");
        return new SingletonEnumeration(APACHEDS_ALIAS);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        LOG.debug("engineContainsAlias({}) called.", str);
        return str.equalsIgnoreCase(APACHEDS_ALIAS);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        LOG.debug("engineDeleteEntry({}) called.", str);
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        LOG.debug("engineGetCertificate({}) called.", str);
        if (!str.equalsIgnoreCase(APACHEDS_ALIAS)) {
            return null;
        }
        try {
            return TlsKeyGenerator.getCertificate(getTlsEntry());
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_65, new Object[0]), e);
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        LOG.debug("engineGetCertificateAlias({}) called.", certificate);
        if (certificate instanceof X509Certificate) {
            LOG.debug("Certificate in alias request is X.509 based.");
            if (((X509Certificate) certificate).getSubjectDN().toString().equals(TlsKeyGenerator.CERTIFICATE_PRINCIPAL_DN)) {
                return APACHEDS_ALIAS;
            }
        }
        try {
            if (ArrayUtils.isEquals(certificate.getEncoded(), getTlsEntry().get(TlsKeyGenerator.USER_CERTIFICATE_AT).getBytes())) {
                return APACHEDS_ALIAS;
            }
            return null;
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_66, new Object[0]), e);
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        LOG.debug("engineGetCertificateChain({}) called.", str);
        try {
            ServerEntry tlsEntry = getTlsEntry();
            LOG.debug("Entry:\n{}", tlsEntry);
            return new Certificate[]{TlsKeyGenerator.getCertificate(tlsEntry)};
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_66, new Object[0]), e);
            return new Certificate[0];
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        LOG.debug("engineGetCreationDate({}) called.", str);
        return new Date();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        LOG.debug("engineGetKey({}, {}) called.", str, cArr);
        try {
            return TlsKeyGenerator.getKeyPair(getTlsEntry()).getPrivate();
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_68, new Object[0]), e);
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        LOG.debug("engineIsCertificateEntry({}) called.", str);
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        LOG.debug("engineIsKeyEntry({}) called.", str);
        return true;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        LOG.debug("engineLoad({}, {}) called.", inputStream, cArr);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        LOG.debug("engineSetCertificateEntry({}, {}) called.", str, certificate);
        throw new NotImplementedException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        LOG.debug("engineSetKeyEntry({}, key, {}) called.", str, certificateArr);
        throw new NotImplementedException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        LOG.debug("engineSetKeyEntry({}, key, {}, chain) called.", str, new String(cArr));
        throw new NotImplementedException();
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        LOG.debug("engineSize() called.");
        return 1;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        LOG.debug("engineStore(stream, {}) called.", new String(cArr));
    }
}
