package org.opends.server.extensions;

import java.security.KeyStore;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.adapter.server3x.Adapters;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.security.KeyStoreParameters;
import org.forgerock.opendj.security.OpenDJProvider;
import org.forgerock.opendj.server.config.server.LDAPTrustManagerProviderCfg;
import org.forgerock.opendj.server.config.server.TrustManagerProviderCfg;
import org.forgerock.util.Factory;
import org.forgerock.util.Options;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.util.ExpirationCheckTrustManager;
import org.opends.server.util.StaticUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:embedded-opendj/opendj.zip:opendj/lib/opendj.jar:org/opends/server/extensions/LDAPTrustManagerProvider.class
 */
/* loaded from: input_file:embedded-opendj/opendj.zip:opendj/lib/org.openidentityplatform.opendj.opendj-server-legacy.jar:org/opends/server/extensions/LDAPTrustManagerProvider.class */
public class LDAPTrustManagerProvider extends TrustManagerProvider<LDAPTrustManagerProviderCfg> implements ConfigurationChangeListener<LDAPTrustManagerProviderCfg> {
    private LDAPTrustManagerProviderCfg currentConfig;
    private Factory<char[]> passwordFactory;
    private KeyStore keyStore;

    @Override // org.opends.server.api.TrustManagerProvider
    public void initializeTrustManagerProvider(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg) throws InitializationException {
        configure(lDAPTrustManagerProviderCfg);
        lDAPTrustManagerProviderCfg.addLDAPChangeListener(this);
    }

    private synchronized void configure(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg) throws InitializationException {
        this.keyStore = null;
        this.passwordFactory = OpenDJProvider.newClearTextPasswordFactory(getTrustStorePIN(lDAPTrustManagerProviderCfg));
        this.currentConfig = lDAPTrustManagerProviderCfg;
    }

    private synchronized KeyStore getKeyStore() {
        if (this.keyStore == null) {
            this.keyStore = OpenDJProvider.newLDAPKeyStore(Adapters.newRootConnectionFactory(), this.currentConfig.getBaseDN(), Options.defaultOptions().set(KeyStoreParameters.GLOBAL_PASSWORD, this.passwordFactory));
        }
        return this.keyStore;
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public synchronized void finalizeTrustManagerProvider() {
        this.keyStore = null;
        this.currentConfig.removeLDAPChangeListener(this);
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public TrustManager[] getTrustManagers() throws DirectoryException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(getKeyStore());
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            TrustManager[] trustManagerArr = new TrustManager[trustManagers.length];
            for (int i = 0; i < trustManagers.length; i++) {
                trustManagerArr[i] = new ExpirationCheckTrustManager((X509TrustManager) trustManagers[i]);
            }
            return trustManagerArr;
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_LDAP_TRUSTMANAGER_CANNOT_CREATE_FACTORY.get(this.currentConfig.getBaseDN(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public boolean isConfigurationAcceptable(TrustManagerProviderCfg trustManagerProviderCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((LDAPTrustManagerProviderCfg) trustManagerProviderCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg, List<LocalizableMessage> list) {
        try {
            getTrustStorePIN(lDAPTrustManagerProviderCfg);
            return true;
        } catch (InitializationException e) {
            list.add(e.getMessageObject());
            return false;
        }
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        try {
            configure(lDAPTrustManagerProviderCfg);
        } catch (InitializationException e) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
        }
        return configChangeResult;
    }

    private static char[] getTrustStorePIN(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg) throws InitializationException {
        return FileBasedKeyManagerProvider.getKeyStorePIN(lDAPTrustManagerProviderCfg.getTrustStorePinProperty(), lDAPTrustManagerProviderCfg.getTrustStorePinEnvironmentVariable(), lDAPTrustManagerProviderCfg.getTrustStorePinFile(), lDAPTrustManagerProviderCfg.getTrustStorePin(), lDAPTrustManagerProviderCfg.dn(), ExtensionMessages.ERR_LDAP_TRUSTMANAGER_PIN_PROPERTY_NOT_SET, ExtensionMessages.ERR_LDAP_TRUSTMANAGER_PIN_ENVAR_NOT_SET, ExtensionMessages.ERR_LDAP_TRUSTMANAGER_PIN_NO_SUCH_FILE, ExtensionMessages.ERR_LDAP_TRUSTMANAGER_PIN_FILE_CANNOT_READ, ExtensionMessages.ERR_LDAP_TRUSTMANAGER_PIN_FILE_EMPTY);
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(LDAPTrustManagerProviderCfg lDAPTrustManagerProviderCfg, List list) {
        return isConfigurationChangeAcceptable2(lDAPTrustManagerProviderCfg, (List<LocalizableMessage>) list);
    }
}
