package org.apache.qpid.server.model.adapter;

import java.lang.reflect.Type;
import java.security.AccessControlException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.TrustManagerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.MapValueConverter;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;

/* loaded from: input_file:org/apache/qpid/server/model/adapter/TrustStoreAdapter.class */
public class TrustStoreAdapter extends AbstractKeyStoreAdapter implements TrustStore {
    public static final Map<String, Type> ATTRIBUTE_TYPES = Collections.unmodifiableMap(new HashMap<String, Type>() { // from class: org.apache.qpid.server.model.adapter.TrustStoreAdapter.1
        {
            put("name", String.class);
            put("path", String.class);
            put("password", String.class);
            put("type", String.class);
            put(TrustStore.PEERS_ONLY, Boolean.class);
            put(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM, String.class);
        }
    });
    public static final Map<String, Object> DEFAULTS = Collections.unmodifiableMap(new HashMap<String, Object>() { // from class: org.apache.qpid.server.model.adapter.TrustStoreAdapter.2
        {
            put("type", AbstractKeyStoreAdapter.DEFAULT_KEYSTORE_TYPE);
            put(TrustStore.PEERS_ONLY, Boolean.FALSE);
            put(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM, TrustManagerFactory.getDefaultAlgorithm());
        }
    });
    private Broker _broker;

    public TrustStoreAdapter(UUID uuid, Broker broker, Map<String, Object> map) {
        super(uuid, broker, DEFAULTS, MapValueConverter.convert(map, ATTRIBUTE_TYPES));
        this._broker = broker;
        validateTrustStoreAttributes((String) getAttribute("type"), (String) getAttribute("path"), getPassword(), (String) getAttribute(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM));
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractKeyStoreAdapter, org.apache.qpid.server.model.adapter.AbstractAdapter, org.apache.qpid.server.model.ConfiguredObject
    public Collection<String> getAttributeNames() {
        return AVAILABLE_ATTRIBUTES;
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected boolean setState(State state, State state2) {
        if (state2 != State.DELETED) {
            return false;
        }
        String name = getName();
        for (Port port : new ArrayList(this._broker.getPorts())) {
            Iterator<TrustStore> it = port.getTrustStores().iterator();
            while (it.hasNext()) {
                if (name.equals(it.next().getAttribute("name"))) {
                    throw new IntegrityViolationException("Trust store '" + name + "' can't be deleted as it is in use by a port: " + port.getName());
                }
            }
        }
        return true;
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetDesiredState(State state, State state2) throws AccessControlException {
        if (state2 == State.DELETED && !this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), TrustStore.class, Operation.DELETE)) {
            throw new AccessControlException("Deletion of key store is denied");
        }
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetAttribute(String str, Object obj, Object obj2) throws AccessControlException {
        authoriseSetAttribute();
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetAttributes(Map<String, Object> map) throws AccessControlException {
        authoriseSetAttribute();
    }

    private void authoriseSetAttribute() {
        if (!this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), TrustStore.class, Operation.UPDATE)) {
            throw new AccessControlException("Setting key store attributes is denied");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    public void changeAttributes(Map<String, Object> map) {
        Map<String, Object> convert = MapValueConverter.convert(map, ATTRIBUTE_TYPES);
        if (convert.containsKey("name")) {
            if (!getName().equals((String) convert.get("name"))) {
                throw new IllegalConfigurationException("Changing the trust store name is not allowed");
            }
        }
        Map<String, Object> generateEffectiveAttributes = generateEffectiveAttributes(convert);
        validateTrustStoreAttributes((String) generateEffectiveAttributes.get("type"), (String) generateEffectiveAttributes.get("path"), (String) generateEffectiveAttributes.get("password"), (String) generateEffectiveAttributes.get(TrustStore.TRUST_MANAGER_FACTORY_ALGORITHM));
        super.changeAttributes(convert);
    }

    private void validateTrustStoreAttributes(String str, String str2, String str3, String str4) {
        try {
            SSLUtil.getInitializedKeyStore(str2, str3, str);
            try {
                TrustManagerFactory.getInstance(str4);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalConfigurationException("Unknown trustManagerFactoryAlgorithm: " + str4);
            }
        } catch (Exception e2) {
            throw new IllegalConfigurationException("Cannot instantiate trust store at " + str2, e2);
        }
    }
}
