package com.sun.enterprise.security.admin.cli;

import com.sun.enterprise.config.serverbeans.AdminService;
import com.sun.enterprise.config.serverbeans.AuthRealm;
import com.sun.enterprise.config.serverbeans.SecureAdminHelper;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.enterprise.security.auth.realm.file.FileRealm;
import com.sun.enterprise.security.auth.realm.file.FileRealmUser;
import com.sun.enterprise.security.ssl.SSLUtils;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.glassfish.security.common.MasterPassword;
import org.jvnet.hk2.annotations.Inject;
import org.jvnet.hk2.annotations.Scoped;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.component.PerLookup;

@Service
@Scoped(PerLookup.class)
/* loaded from: input_file:com/sun/enterprise/security/admin/cli/SecureAdminHelperImpl.class */
public class SecureAdminHelperImpl implements SecureAdminHelper {
    private static final String DOMAIN_ADMIN_GROUP_NAME = "asadmin";

    @Inject
    private SSLUtils sslUtils;

    @Inject(name = "Security SSL Password Provider Service")
    private MasterPassword masterPasswordHelper;

    @Inject
    private volatile AdminService as;

    public String getDN(String str, boolean z) throws IOException, KeyStoreException {
        if (!z) {
            return str;
        }
        KeyStore trustStore = this.sslUtils.getTrustStore();
        if (trustStore == null) {
            throw new RuntimeException(Strings.get("noTruststore"));
        }
        Certificate certificate = trustStore.getCertificate(str);
        if (certificate == null) {
            throw new IllegalArgumentException(Strings.get("noAlias", str));
        }
        if (certificate instanceof X509Certificate) {
            return ((X509Certificate) certificate).getSubjectX500Principal().getName();
        }
        throw new IllegalArgumentException(Strings.get("certNotX509Certificate", str));
    }

    public void validateInternalUsernameAndPasswordAlias(String str, String str2) {
        try {
            validateUser(str);
            validatePasswordAlias(str2);
        } catch (Exception e) {
            throw new RuntimeException(Strings.get("errVal"), e);
        }
    }

    private void validateUser(String str) throws BadRealmException, NoSuchRealmException {
        AuthRealm associatedAuthRealm = this.as.getAssociatedAuthRealm();
        if (FileRealm.class.getName().equals(associatedAuthRealm.getClassname())) {
            try {
                for (String str2 : ((FileRealmUser) new FileRealm(associatedAuthRealm.getPropertyValue(FileRealm.PARAM_KEYFILE)).getUser(str)).getGroups()) {
                    if (str2.equals(DOMAIN_ADMIN_GROUP_NAME)) {
                        return;
                    }
                }
                throw new RuntimeException(Strings.get("notAdminUser", str));
            } catch (NoSuchUserException e) {
                throw new RuntimeException(Strings.get("notAdminUser", str));
            }
        }
    }

    private void validatePasswordAlias(String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchAlgorithmException, IOException {
        if (!this.masterPasswordHelper.getMasterPasswordAdapter().aliasExists(str)) {
            throw new RuntimeException(Strings.get("noAlias", str));
        }
    }
}
