package org.opends.server.extensions;

import java.security.KeyStore;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.server.PKCS11TrustManagerProviderCfg;
import org.forgerock.opendj.server.config.server.TrustManagerProviderCfg;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/extensions/PKCS11TrustManagerProvider.class */
public class PKCS11TrustManagerProvider extends TrustManagerProvider<PKCS11TrustManagerProviderCfg> implements ConfigurationChangeListener<PKCS11TrustManagerProviderCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final String PKCS11_TRUSTSTORE_TYPE = "PKCS11";
    private char[] trustStorePIN;
    private PKCS11TrustManagerProviderCfg currentConfig;

    @Override // org.opends.server.api.TrustManagerProvider
    public void initializeTrustManagerProvider(PKCS11TrustManagerProviderCfg pKCS11TrustManagerProviderCfg) throws ConfigException, InitializationException {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        this.currentConfig = pKCS11TrustManagerProviderCfg;
        this.trustStorePIN = getTrustStorePIN(pKCS11TrustManagerProviderCfg, configChangeResult);
        if (!configChangeResult.getMessages().isEmpty()) {
            throw new InitializationException(configChangeResult.getMessages().get(0));
        }
        pKCS11TrustManagerProviderCfg.addPKCS11ChangeListener(this);
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public void finalizeTrustManagerProvider() {
        this.currentConfig.removePKCS11ChangeListener(this);
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public TrustManager[] getTrustManagers() throws DirectoryException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11");
            keyStore.load(null, this.trustStorePIN);
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (Exception e) {
                logger.traceException(e);
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PKCS11_TRUSTMANAGER_CANNOT_CREATE_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Exception e2) {
            logger.traceException(e2);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PKCS11_KEYMANAGER_CANNOT_LOAD.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.TrustManagerProvider
    public boolean isConfigurationAcceptable(TrustManagerProviderCfg trustManagerProviderCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((PKCS11TrustManagerProviderCfg) trustManagerProviderCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(PKCS11TrustManagerProviderCfg pKCS11TrustManagerProviderCfg, List<LocalizableMessage> list) {
        int size = list.size();
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        getTrustStorePIN(pKCS11TrustManagerProviderCfg, configChangeResult);
        list.addAll(configChangeResult.getMessages());
        return size == list.size();
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(PKCS11TrustManagerProviderCfg pKCS11TrustManagerProviderCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        char[] trustStorePIN = getTrustStorePIN(pKCS11TrustManagerProviderCfg, configChangeResult);
        if (configChangeResult.getResultCode() == ResultCode.SUCCESS) {
            this.currentConfig = pKCS11TrustManagerProviderCfg;
            this.trustStorePIN = trustStorePIN;
        }
        return configChangeResult;
    }

    private char[] getTrustStorePIN(PKCS11TrustManagerProviderCfg pKCS11TrustManagerProviderCfg, ConfigChangeResult configChangeResult) {
        try {
            return FileBasedKeyManagerProvider.getKeyStorePIN(pKCS11TrustManagerProviderCfg.getTrustStorePinProperty(), pKCS11TrustManagerProviderCfg.getTrustStorePinEnvironmentVariable(), pKCS11TrustManagerProviderCfg.getTrustStorePinFile(), pKCS11TrustManagerProviderCfg.getTrustStorePin(), pKCS11TrustManagerProviderCfg.dn(), ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_PROPERTY_NOT_SET, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_ENVAR_NOT_SET, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_NO_SUCH_FILE, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_FILE_CANNOT_READ, ExtensionMessages.ERR_FILE_TRUSTMANAGER_PIN_FILE_EMPTY);
        } catch (InitializationException e) {
            configChangeResult.setResultCode(DirectoryServer.getCoreConfigManager().getServerErrorResultCode());
            configChangeResult.addMessage(e.getMessageObject());
            return null;
        }
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(PKCS11TrustManagerProviderCfg pKCS11TrustManagerProviderCfg, List list) {
        return isConfigurationChangeAcceptable2(pKCS11TrustManagerProviderCfg, (List<LocalizableMessage>) list);
    }
}
