package com.sun.enterprise.security.admin.cli;

import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.SecureAdmin;
import com.sun.enterprise.config.serverbeans.SecureAdminHelper;
import com.sun.enterprise.config.serverbeans.SecureAdminPrincipal;
import com.sun.enterprise.security.SecurityLoggerInfo;
import com.sun.enterprise.security.admin.cli.SecureAdminCommand;
import com.sun.enterprise.security.ssl.SSLUtils;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.UUID;
import javax.inject.Inject;
import org.glassfish.api.I18n;
import org.glassfish.api.Param;
import org.glassfish.api.admin.AccessRequired;
import org.glassfish.api.admin.ExecuteOn;
import org.glassfish.api.admin.RestEndpoint;
import org.glassfish.api.admin.RestEndpoints;
import org.glassfish.api.admin.RuntimeType;
import org.glassfish.hk2.api.PerLookup;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.config.TransactionFailure;

@Service(name = "enable-secure-admin")
@AccessRequired(resource = {"domain/secure-admin"}, action = {"enable"})
@I18n("enable.secure.admin.command")
@PerLookup
@ExecuteOn({RuntimeType.DAS, RuntimeType.INSTANCE})
@RestEndpoints({@RestEndpoint(configBean = Domain.class, opType = RestEndpoint.OpType.POST, path = "enable-secure-admin", description = "enable-secure-admin")})
/* loaded from: input_file:com/sun/enterprise/security/admin/cli/EnableSecureAdminCommand.class */
public class EnableSecureAdminCommand extends SecureAdminCommand {

    @Param(optional = true, defaultValue = "s1as")
    public String adminalias;

    @Param(optional = true, defaultValue = "glassfish-instance")
    public String instancealias;

    @Inject
    private SSLUtils sslUtils;

    @Inject
    private SecureAdminHelper secureAdminHelper;
    private KeyStore keystore = null;

    @Override // com.sun.enterprise.security.admin.cli.SecureAdminCommand
    public void run() throws TransactionFailure, SecureAdminHelper.SecureAdminCommandException {
        try {
            ensureNoAdminUsersWithEmptyPassword();
            super.run();
        } catch (SecureAdminHelper.SecureAdminCommandException e) {
            throw e;
        } catch (Exception e2) {
            throw new TransactionFailure(e2.getMessage() != null ? e2.getMessage() : "");
        }
    }

    private void ensureNoAdminUsersWithEmptyPassword() throws SecureAdminHelper.SecureAdminCommandException {
        try {
            if (this.secureAdminHelper.isAnyAdminUserWithoutPassword()) {
                throw new SecureAdminHelper.SecureAdminCommandException(Strings.get("adminsWithEmptyPW"));
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.sun.enterprise.security.admin.cli.SecureAdminCommand
    Iterator<SecureAdminCommand.Work<SecureAdminCommand.TopLevelContext>> secureAdminSteps() {
        return stepsIterator(this.secureAdminSteps);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.enterprise.security.admin.cli.SecureAdminCommand
    public Iterator<SecureAdminCommand.Work<SecureAdminCommand.ConfigLevelContext>> perConfigSteps() {
        return stepsIterator(this.perConfigSteps);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.sun.enterprise.security.admin.cli.EnableSecureAdminCommand$1] */
    private <T extends SecureAdminCommand.Context> Iterator<SecureAdminCommand.Work<T>> stepsIterator(SecureAdminCommand.Step<T>[] stepArr) {
        return new Iterator<SecureAdminCommand.Work<T>>() { // from class: com.sun.enterprise.security.admin.cli.EnableSecureAdminCommand.1
            private SecureAdminCommand.Step<T>[] steps;
            private int nextSlot;

            @Override // java.util.Iterator
            public boolean hasNext() {
                return this.nextSlot < this.steps.length;
            }

            @Override // java.util.Iterator
            public SecureAdminCommand.Work<T> next() {
                SecureAdminCommand.Step<T>[] stepArr2 = this.steps;
                int i = this.nextSlot;
                this.nextSlot = i + 1;
                return stepArr2[i].enableWork();
            }

            @Override // java.util.Iterator
            public void remove() {
                throw new UnsupportedOperationException();
            }

            Iterator<SecureAdminCommand.Work<T>> init(SecureAdminCommand.Step<T>[] stepArr2) {
                this.steps = stepArr2;
                this.nextSlot = 0;
                return this;
            }
        }.init(stepArr);
    }

    @Override // com.sun.enterprise.security.admin.cli.SecureAdminCommand
    protected boolean updateSecureAdminSettings(SecureAdmin secureAdmin) {
        try {
            ArrayList arrayList = new ArrayList();
            secureAdmin.setDasAlias(processAlias(this.adminalias, "s1as", secureAdmin, arrayList));
            secureAdmin.setInstanceAlias(processAlias(this.instancealias, "glassfish-instance", secureAdmin, arrayList));
            ensureSpecialAdminIndicatorIsUnique(secureAdmin);
            if (arrayList.size() > 0) {
                throw new SecureAdminHelper.SecureAdminCommandException(Strings.get("enable.secure.admin.badAlias", Integer.valueOf(arrayList.size()), arrayList.toString()));
            }
            ensureSpecialAdminIndicatorIsUnique(secureAdmin);
            return true;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String processAlias(String str, String str2, SecureAdmin secureAdmin, Collection<String> collection) throws IOException, KeyStoreException {
        boolean validateAlias;
        if (str.equals(str2)) {
            validateAlias = true;
        } else {
            validateAlias = validateAlias(str);
            if (!validateAlias) {
                collection.add(str);
            }
        }
        if (validateAlias) {
            ensureSecureAdminPrincipalForAlias(str, secureAdmin);
        }
        return str;
    }

    @Override // com.sun.enterprise.security.admin.cli.SecureAdminCommand
    protected String transactionErrorMessageKey() {
        return SecurityLoggerInfo.enablingSecureAdminError;
    }

    private void ensureSpecialAdminIndicatorIsUnique(SecureAdmin secureAdmin) {
        if (secureAdmin.getSpecialAdminIndicator().equals("true")) {
            secureAdmin.setSpecialAdminIndicator(UUID.randomUUID().toString());
        }
    }

    private void ensureSecureAdminPrincipalForAlias(String str, SecureAdmin secureAdmin) {
        if (getSecureAdminPrincipalForAlias(str, secureAdmin) != null) {
            return;
        }
        try {
            String dn = this.secureAdminHelper.getDN(str, true);
            SecureAdminPrincipal createChild = secureAdmin.createChild(SecureAdminPrincipal.class);
            createChild.setDn(dn);
            secureAdmin.getSecureAdminPrincipal().add(createChild);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private SecureAdminPrincipal getSecureAdminPrincipalForAlias(String str, SecureAdmin secureAdmin) {
        try {
            String dn = this.secureAdminHelper.getDN(str, true);
            for (SecureAdminPrincipal secureAdminPrincipal : secureAdmin.getSecureAdminPrincipal()) {
                if (secureAdminPrincipal.getDn().equals(dn)) {
                    return secureAdminPrincipal;
                }
            }
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private synchronized KeyStore keyStore() throws IOException {
        if (this.keystore == null) {
            this.keystore = this.sslUtils.getKeyStore();
        }
        return this.keystore;
    }

    private boolean validateAlias(String str) throws IOException, KeyStoreException {
        return keyStore().containsAlias(str);
    }
}
