package org.apache.qpid.server.model.adapter;

import java.io.IOException;
import java.lang.reflect.Type;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.MapValueConverter;
import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;

/* loaded from: input_file:org/apache/qpid/server/model/adapter/KeyStoreAdapter.class */
public class KeyStoreAdapter extends AbstractKeyStoreAdapter implements KeyStore {
    public static final Map<String, Type> ATTRIBUTE_TYPES = Collections.unmodifiableMap(new HashMap<String, Type>() { // from class: org.apache.qpid.server.model.adapter.KeyStoreAdapter.1
        {
            put("name", String.class);
            put("path", String.class);
            put("password", String.class);
            put("type", String.class);
            put(KeyStore.CERTIFICATE_ALIAS, String.class);
            put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, String.class);
        }
    });
    public static final Map<String, Object> DEFAULTS = Collections.unmodifiableMap(new HashMap<String, Object>() { // from class: org.apache.qpid.server.model.adapter.KeyStoreAdapter.2
        {
            put("type", AbstractKeyStoreAdapter.DEFAULT_KEYSTORE_TYPE);
            put(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM, KeyManagerFactory.getDefaultAlgorithm());
        }
    });
    private Broker _broker;

    public KeyStoreAdapter(UUID uuid, Broker broker, Map<String, Object> map) {
        super(uuid, broker, DEFAULTS, MapValueConverter.convert(map, ATTRIBUTE_TYPES));
        this._broker = broker;
        String str = (String) getAttribute("path");
        String password = getPassword();
        validateKeyStoreAttributes((String) getAttribute("type"), str, password, (String) getAttribute(KeyStore.CERTIFICATE_ALIAS), (String) getAttribute(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM));
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter, org.apache.qpid.server.model.ConfiguredObject
    public Collection<String> getAttributeNames() {
        return AVAILABLE_ATTRIBUTES;
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected boolean setState(State state, State state2) {
        if (state2 != State.DELETED) {
            return false;
        }
        String name = getName();
        for (Port port : new ArrayList(this._broker.getPorts())) {
            if (name.equals(port.getAttribute(Port.KEY_STORE))) {
                throw new IntegrityViolationException("Key store '" + name + "' can't be deleted as it is in use by a port:" + port.getName());
            }
        }
        return true;
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetDesiredState(State state, State state2) throws AccessControlException {
        if (state2 == State.DELETED && !this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.DELETE)) {
            throw new AccessControlException("Deletion of key store is denied");
        }
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetAttribute(String str, Object obj, Object obj2) throws AccessControlException {
        authoriseSetAttribute();
    }

    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    protected void authoriseSetAttributes(Map<String, Object> map) throws AccessControlException {
        authoriseSetAttribute();
    }

    private void authoriseSetAttribute() {
        if (!this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.UPDATE)) {
            throw new AccessControlException("Setting key store attributes is denied");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.adapter.AbstractAdapter
    public void changeAttributes(Map<String, Object> map) {
        Map<String, Object> convert = MapValueConverter.convert(map, ATTRIBUTE_TYPES);
        if (convert.containsKey("name")) {
            if (!getName().equals((String) convert.get("name"))) {
                throw new IllegalConfigurationException("Changing the key store name is not allowed");
            }
        }
        Map<String, Object> generateEffectiveAttributes = generateEffectiveAttributes(convert);
        String str = (String) generateEffectiveAttributes.get("path");
        String str2 = (String) generateEffectiveAttributes.get("password");
        validateKeyStoreAttributes((String) generateEffectiveAttributes.get("type"), str, str2, (String) generateEffectiveAttributes.get(KeyStore.CERTIFICATE_ALIAS), (String) generateEffectiveAttributes.get(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM));
        super.changeAttributes(convert);
    }

    private void validateKeyStoreAttributes(String str, String str2, String str3, String str4, String str5) {
        try {
            java.security.KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(str2, str3, str);
            if (str4 != null) {
                try {
                    if (initializedKeyStore.getCertificate(str4) == null) {
                        throw new IllegalConfigurationException("Cannot find a certificate with alias " + str4 + "in key store : " + str2);
                    }
                } catch (KeyStoreException e) {
                    throw new RuntimeException("Key store has not been initialized", e);
                }
            }
            try {
                KeyManagerFactory.getInstance(str5);
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalConfigurationException("Unknown keyManagerFactoryAlgorithm: " + str5);
            }
        } catch (Exception e3) {
            throw new IllegalConfigurationException("Cannot instantiate key store at " + str2, e3);
        }
    }

    @Override // org.apache.qpid.server.model.KeyStore
    public KeyManager[] getKeyManagers() throws GeneralSecurityException {
        String str = (String) getAttribute("path");
        String password = getPassword();
        String str2 = (String) getAttribute("type");
        String str3 = (String) getAttribute(KeyStore.KEY_MANAGER_FACTORY_ALGORITHM);
        String str4 = (String) getAttribute(KeyStore.CERTIFICATE_ALIAS);
        try {
            if (str4 != null) {
                return new KeyManager[]{new QpidClientX509KeyManager(str4, str, str2, password, str3)};
            }
            java.security.KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(str, password, str2);
            char[] charArray = password == null ? null : password.toCharArray();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str3);
            keyManagerFactory.init(initializedKeyStore, charArray);
            return keyManagerFactory.getKeyManagers();
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
