package org.apache.qpid.server.security;

import java.io.IOException;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.KeyStore;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;

@ManagedObject(category = false)
/* loaded from: input_file:org/apache/qpid/server/security/FileKeyStoreImpl.class */
public class FileKeyStoreImpl extends AbstractConfiguredObject<FileKeyStoreImpl> implements FileKeyStore<FileKeyStoreImpl> {

    @ManagedAttributeField
    private String _type;

    @ManagedAttributeField
    private String _keyStoreType;

    @ManagedAttributeField
    private String _certificateAlias;

    @ManagedAttributeField
    private String _keyManagerFactoryAlgorithm;

    @ManagedAttributeField
    private String _path;

    @ManagedAttributeField
    private String _password;
    private Broker<?> _broker;

    @ManagedObjectFactoryConstructor
    public FileKeyStoreImpl(Map<String, Object> map, Broker<?> broker) {
        super(parentsMap(broker), map);
        this._broker = broker;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        validateKeyStoreAttributes(this);
    }

    @Override // org.apache.qpid.server.model.ConfiguredObject
    public State getState() {
        return State.ACTIVE;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject, org.apache.qpid.server.model.ConfiguredObject
    public Object getAttribute(String str) {
        return "state".equals(str) ? getState() : super.getAttribute(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public boolean setState(State state) {
        if (state != State.DELETED) {
            return false;
        }
        String name = getName();
        for (Port port : new ArrayList(this._broker.getPorts())) {
            if (port.getKeyStore() == this) {
                throw new IntegrityViolationException("Key store '" + name + "' can't be deleted as it is in use by a port:" + port.getName());
            }
        }
        deleted();
        return true;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    protected void authoriseSetDesiredState(State state) throws AccessControlException {
        if (state == State.DELETED && !this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.DELETE)) {
            throw new AccessControlException("Deletion of key store is denied");
        }
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    protected void authoriseSetAttributes(ConfiguredObject<?> configuredObject, Set<String> set) throws AccessControlException {
        if (!this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), KeyStore.class, Operation.UPDATE)) {
            throw new AccessControlException("Setting key store attributes is denied");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        FileKeyStore<?> fileKeyStore = (FileKeyStore) configuredObject;
        if (set.contains(ConfiguredObject.DESIRED_STATE) && fileKeyStore.getDesiredState() == State.DELETED) {
            return;
        }
        if (set.contains(ConfiguredObject.NAME) && !getName().equals(fileKeyStore.getName())) {
            throw new IllegalConfigurationException("Changing the key store name is not allowed");
        }
        validateKeyStoreAttributes(fileKeyStore);
    }

    private void validateKeyStoreAttributes(FileKeyStore<?> fileKeyStore) {
        try {
            java.security.KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(fileKeyStore.getPath(), fileKeyStore.getPassword(), fileKeyStore.getKeyStoreType());
            if (fileKeyStore.getCertificateAlias() != null) {
                try {
                    if (initializedKeyStore.getCertificate(fileKeyStore.getCertificateAlias()) == null) {
                        throw new IllegalConfigurationException("Cannot find a certificate with alias " + fileKeyStore.getCertificateAlias() + "in key store : " + fileKeyStore.getPath());
                    }
                } catch (KeyStoreException e) {
                    throw new ServerScopedRuntimeException("Key store has not been initialized", e);
                }
            }
            try {
                KeyManagerFactory.getInstance(fileKeyStore.getKeyManagerFactoryAlgorithm());
                if (!fileKeyStore.isDurable()) {
                    throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalConfigurationException("Unknown keyManagerFactoryAlgorithm: " + fileKeyStore.getKeyManagerFactoryAlgorithm());
            }
        } catch (Exception e3) {
            throw new IllegalConfigurationException("Cannot instantiate key store at " + fileKeyStore.getPath(), e3);
        }
    }

    @Override // org.apache.qpid.server.security.FileKeyStore
    public String getPath() {
        return this._path;
    }

    @Override // org.apache.qpid.server.security.FileKeyStore
    public String getCertificateAlias() {
        return this._certificateAlias;
    }

    @Override // org.apache.qpid.server.security.FileKeyStore
    public String getKeyManagerFactoryAlgorithm() {
        return this._keyManagerFactoryAlgorithm;
    }

    @Override // org.apache.qpid.server.security.FileKeyStore
    public String getKeyStoreType() {
        return this._keyStoreType;
    }

    @Override // org.apache.qpid.server.security.FileKeyStore
    public String getPassword() {
        return this._password;
    }

    public void setPassword(String str) {
        this._password = str;
    }

    @Override // org.apache.qpid.server.model.KeyStore
    public KeyManager[] getKeyManagers() throws GeneralSecurityException {
        try {
            if (this._certificateAlias != null) {
                return new KeyManager[]{new QpidClientX509KeyManager(this._certificateAlias, this._path, this._keyStoreType, getPassword(), this._keyManagerFactoryAlgorithm)};
            }
            java.security.KeyStore initializedKeyStore = SSLUtil.getInitializedKeyStore(this._path, getPassword(), this._keyStoreType);
            char[] charArray = getPassword() == null ? null : getPassword().toCharArray();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this._keyManagerFactoryAlgorithm);
            keyManagerFactory.init(initializedKeyStore, charArray);
            return keyManagerFactory.getKeyManagers();
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
