package org.opends.server.util;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.opends.messages.UtilityMessages;
import org.opends.server.types.PublicAPI;
import org.opends.server.types.StabilityLevel;
import org.opends.server.util.Platform;

@PublicAPI(stability = StabilityLevel.VOLATILE, mayInstantiate = true, mayExtend = false, mayInvoke = true)
/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/util/CertificateManager.class */
public final class CertificateManager {
    public static final String KEY_STORE_TYPE_JKS = "JKS";
    public static final String KEY_STORE_TYPE_JCEKS = "JCEKS";
    public static final String KEY_STORE_TYPE_PKCS11 = "PKCS11";
    public static final String KEY_STORE_TYPE_PKCS12 = "PKCS12";
    public static final String KEY_STORE_PATH_PKCS11 = "NONE";
    private static final String KEYSTORE_PATH_MSG = "key store path";
    private static final String KEYSTORE_TYPE_MSG = "key store type";
    private static final String SUBJECT_DN_MSG = "subject DN";
    private static final String CERT_ALIAS_MSG = "certificate alias";
    private static final String CERT_REQUEST_FILE_MSG = "certificate request file";
    private KeyStore keyStore;
    private final String keyStorePath;
    private final String keyStoreType;
    private final char[] password;
    private Boolean realAliases;

    public static boolean mayUseCertificateManager() {
        return true;
    }

    public CertificateManager(String str, String str2, String str3) throws IllegalArgumentException {
        this(str, str2, str3 == null ? null : str3.toCharArray());
    }

    public CertificateManager(String str, String str2, char[] cArr) throws IllegalArgumentException {
        ensureValid(str, KEYSTORE_PATH_MSG);
        ensureValid(str2, KEYSTORE_TYPE_MSG);
        if (str2.equals(KEY_STORE_TYPE_PKCS11)) {
            if (!str.equals("NONE")) {
                throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_INVALID_PKCS11_PATH.get("NONE").toString());
            }
        } else {
            if (!str2.equals(KEY_STORE_TYPE_JKS) && !str2.equals(KEY_STORE_TYPE_JCEKS) && !str2.equals(KEY_STORE_TYPE_PKCS12)) {
                throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_INVALID_STORETYPE.get(KEY_STORE_TYPE_JKS, KEY_STORE_TYPE_JCEKS, KEY_STORE_TYPE_PKCS11, KEY_STORE_TYPE_PKCS12).toString());
            }
            File file = new File(str);
            if (!file.exists()) {
                File parentFile = file.getParentFile();
                if (parentFile == null || !parentFile.exists() || !parentFile.isDirectory()) {
                    throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_INVALID_PARENT.get(str).toString());
                }
            } else if (!file.isFile()) {
                throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_INVALID_KEYSTORE_PATH.get(str).toString());
            }
        }
        this.keyStorePath = str;
        this.keyStoreType = str2;
        this.password = cArr;
        this.keyStore = null;
    }

    public boolean aliasInUse(String str) throws KeyStoreException {
        ensureValid(str, CERT_ALIAS_MSG);
        KeyStore keyStore = getKeyStore();
        return keyStore != null && keyStore.containsAlias(str);
    }

    public String[] getCertificateAliases() throws KeyStoreException {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return null;
        }
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases == null) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            arrayList.add(aliases.nextElement());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        ensureValid(str, CERT_ALIAS_MSG);
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            throw new KeyStoreException(UtilityMessages.ERR_CERTMGR_KEYSTORE_NONEXISTANT.get().toString());
        }
        return keyStore.getCertificate(str);
    }

    public void generateSelfSignedCertificate(Platform.KeyType keyType, String str, String str2, int i) throws KeyStoreException, IllegalArgumentException {
        ensureValid(str, CERT_ALIAS_MSG);
        ensureValid(str2, SUBJECT_DN_MSG);
        if (i <= 0) {
            throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_VALIDITY.get(Integer.valueOf(i)).toString());
        }
        if (aliasInUse(str)) {
            throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(str).toString());
        }
        this.keyStore = null;
        Platform.generateSelfSignedCertificate(getKeyStore(), this.keyStoreType, this.keyStorePath, keyType, str, this.password, str2, i);
    }

    public void addCertificate(String str, File file) throws KeyStoreException, IllegalArgumentException {
        ensureValid(str, CERT_ALIAS_MSG);
        ensureFileValid(file, CERT_REQUEST_FILE_MSG);
        if (!file.exists() || !file.isFile()) {
            throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_INVALID_CERT_FILE.get(file.getAbsolutePath()).toString());
        }
        this.keyStore = null;
        Platform.addCertificate(getKeyStore(), this.keyStoreType, this.keyStorePath, str, this.password, file.getAbsolutePath());
    }

    public void removeCertificate(String str) throws KeyStoreException, IllegalArgumentException {
        ensureValid(str, CERT_ALIAS_MSG);
        if (!aliasInUse(str)) {
            throw new IllegalArgumentException(UtilityMessages.ERR_CERTMGR_ALIAS_CAN_NOT_DELETE.get(str).toString());
        }
        this.keyStore = null;
        Platform.deleteAlias(getKeyStore(), this.keyStorePath, str, this.password);
    }

    private KeyStore getKeyStore() throws KeyStoreException {
        if (this.keyStore != null) {
            return this.keyStore;
        }
        FileInputStream fileInputStream = null;
        if (this.keyStoreType.equals(KEY_STORE_TYPE_JKS) || this.keyStoreType.equals(KEY_STORE_TYPE_JCEKS) || this.keyStoreType.equals(KEY_STORE_TYPE_PKCS12)) {
            File file = new File(this.keyStorePath);
            if (!file.exists()) {
                return null;
            }
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Exception e) {
                throw new KeyStoreException(String.valueOf(e), e);
            }
        }
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        try {
            try {
                keyStore.load(fileInputStream, this.password);
                this.keyStore = keyStore;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th) {
                    }
                }
                return keyStore;
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th3) {
                    }
                }
                throw th2;
            }
        } catch (Exception e2) {
            throw new KeyStoreException(String.valueOf(e2), e2);
        }
    }

    public boolean hasRealAliases() throws KeyStoreException {
        if (this.realAliases == null) {
            String[] certificateAliases = getCertificateAliases();
            if (certificateAliases == null || certificateAliases.length == 0) {
                this.realAliases = Boolean.FALSE;
            } else if (certificateAliases.length > 1) {
                this.realAliases = Boolean.TRUE;
            } else {
                String[] certificateAliases2 = new CertificateManager(this.keyStorePath, this.keyStoreType, this.password).getCertificateAliases();
                if (certificateAliases2 == null || certificateAliases2.length != 1) {
                    this.realAliases = Boolean.FALSE;
                } else {
                    this.realAliases = Boolean.valueOf(certificateAliases[0].equalsIgnoreCase(certificateAliases2[0]));
                }
            }
        }
        return this.realAliases.booleanValue();
    }

    private static void ensureFileValid(File file, String str) {
        if (file == null) {
            throw new NullPointerException(UtilityMessages.ERR_CERTMGR_FILE_NAME_INVALID.get(str).toString());
        }
    }

    private static void ensureValid(String str, String str2) {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(UtilityMessages.ERR_CERTMGR_VALUE_INVALID.get(str2).toString());
        }
    }
}
