package org.infinispan.server.configuration.security;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Properties;
import java.util.function.Supplier;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.attributes.AttributeDefinition;
import org.infinispan.commons.configuration.attributes.AttributeSerializer;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.commons.configuration.attributes.ConfigurationElement;
import org.infinispan.commons.configuration.io.ConfigurationWriter;
import org.infinispan.configuration.parsing.ParseUtils;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.Attribute;
import org.infinispan.server.configuration.Element;
import org.infinispan.server.configuration.ServerConfigurationSerializer;
import org.infinispan.server.security.ElytronPasswordProviderSupplier;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.credential.source.impl.CommandCredentialSource;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.CredentialStoreSpi;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.util.PasswordBasedEncryptionUtil;

/* loaded from: input_file:org/infinispan/server/configuration/security/CredentialStoreConfiguration.class */
public class CredentialStoreConfiguration extends ConfigurationElement<CredentialStoresConfiguration> {
    public static final AttributeDefinition<String> NAME = AttributeDefinition.builder(Attribute.NAME, (Object) null, String.class).build();
    public static final AttributeDefinition<String> PATH = AttributeDefinition.builder(Attribute.PATH, (Object) null, String.class).build();
    public static final AttributeDefinition<String> RELATIVE_TO = AttributeDefinition.builder(Attribute.RELATIVE_TO, Server.INFINISPAN_SERVER_CONFIG_PATH, String.class).autoPersist(false).build();
    public static final AttributeDefinition<String> TYPE = AttributeDefinition.builder(Attribute.TYPE, "pkcs12", String.class).build();
    static final AttributeDefinition<Supplier<CredentialSource>> CREDENTIAL = AttributeDefinition.builder(Attribute.CREDENTIAL, (Object) null, Supplier.class).serializer(ServerConfigurationSerializer.CREDENTIAL_PROXY).build();
    private CredentialStoreSpi credentialStore;

    /* loaded from: input_file:org/infinispan/server/configuration/security/CredentialStoreConfiguration$ClearTextCredentialSource.class */
    public static class ClearTextCredentialSource implements CredentialSource {
        final char[] secret;

        public ClearTextCredentialSource(char[] cArr) {
            this.secret = cArr;
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
            return cls == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
            return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", this.secret)));
        }
    }

    /* loaded from: input_file:org/infinispan/server/configuration/security/CredentialStoreConfiguration$ClearTextCredentialSupplier.class */
    public static class ClearTextCredentialSupplier implements Supplier<CredentialSource>, AttributeSerializer<ClearTextCredentialSupplier> {
        private final ClearTextCredentialSource credential;

        public ClearTextCredentialSupplier(char[] cArr) {
            this.credential = new ClearTextCredentialSource(cArr);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public CredentialSource get() {
            return this.credential;
        }

        public void serialize(ConfigurationWriter configurationWriter, String str, ClearTextCredentialSupplier clearTextCredentialSupplier) {
            configurationWriter.writeStartElement(Element.CLEAR_TEXT_CREDENTIAL);
            if (configurationWriter.clearTextSecrets()) {
                configurationWriter.writeAttribute(Attribute.CLEAR_TEXT, new String(this.credential.secret));
            } else {
                configurationWriter.writeAttribute(str, "***");
            }
            configurationWriter.writeEndElement();
        }
    }

    /* loaded from: input_file:org/infinispan/server/configuration/security/CredentialStoreConfiguration$CommandCredentialSupplier.class */
    public static class CommandCredentialSupplier implements Supplier<CredentialSource>, AttributeSerializer<CommandCredentialSupplier> {
        private final String command;
        private final CommandCredentialSource source;

        public CommandCredentialSupplier(String str) {
            this.command = str;
            CommandCredentialSource.Builder builder = CommandCredentialSource.builder();
            builder.setPasswordFactoryProvider(WildFlyElytronPasswordProvider.getInstance());
            for (String str2 : str.split("(?<!\\\\) ")) {
                if (str2.indexOf(92) != -1) {
                    builder.addCommand(str2.replaceAll("\\\\ ", " "));
                } else {
                    builder.addCommand(str2);
                }
            }
            try {
                this.source = builder.build();
            } catch (GeneralSecurityException e) {
                throw new CacheConfigurationException(e);
            }
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public CredentialSource get() {
            return this.source;
        }

        public void serialize(ConfigurationWriter configurationWriter, String str, CommandCredentialSupplier commandCredentialSupplier) {
            configurationWriter.writeStartElement(Element.COMMAND_CREDENTIAL);
            configurationWriter.writeAttribute(Attribute.COMMAND, this.command);
            configurationWriter.writeEndElement();
        }
    }

    /* loaded from: input_file:org/infinispan/server/configuration/security/CredentialStoreConfiguration$MaskedCredentialSupplier.class */
    public static class MaskedCredentialSupplier implements Supplier<CredentialSource>, AttributeSerializer<MaskedCredentialSupplier> {
        private final CredentialSource credential;
        private final String masked;

        public MaskedCredentialSupplier(String str) {
            this.masked = str;
            String[] split = str.split(";");
            if (split.length != 3) {
                throw Server.log.wrongMaskedPasswordFormat();
            }
            String str2 = split[1];
            try {
                try {
                    this.credential = new ClearTextCredentialSource(new PasswordBasedEncryptionUtil.Builder().picketBoxCompatibility().salt(str2).iteration(Integer.parseInt(split[2])).decryptMode().build().decodeAndDecrypt(split[0]));
                } catch (GeneralSecurityException e) {
                    throw new CacheConfigurationException(e);
                }
            } catch (NumberFormatException e2) {
                throw Server.log.wrongMaskedPasswordFormat();
            }
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public CredentialSource get() {
            return this.credential;
        }

        public void serialize(ConfigurationWriter configurationWriter, String str, MaskedCredentialSupplier maskedCredentialSupplier) {
            configurationWriter.writeStartElement(Element.MASKED_CREDENTIAL);
            configurationWriter.writeAttribute(Attribute.MASKED, this.masked);
            configurationWriter.writeEndElement();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AttributeSet attributeDefinitionSet() {
        KeyStore.getDefaultType();
        return new AttributeSet(CredentialStoreConfiguration.class, new AttributeDefinition[]{NAME, PATH, RELATIVE_TO, TYPE, CREDENTIAL});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialStoreConfiguration(AttributeSet attributeSet) {
        super(Element.CREDENTIAL_STORE, attributeSet, new ConfigurationElement[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init(Properties properties) {
        if (this.credentialStore == null) {
            if (this.attributes.attribute(PATH).isNull()) {
                throw new IllegalStateException("file has to be specified");
            }
            String resolvePath = ParseUtils.resolvePath((String) this.attributes.attribute(PATH).get(), properties.getProperty((String) this.attributes.attribute(RELATIVE_TO).get()));
            this.credentialStore = new KeyStoreCredentialStore();
            HashMap hashMap = new HashMap();
            hashMap.put("location", resolvePath);
            hashMap.put("create", "false");
            hashMap.put("keyStoreType", (String) this.attributes.attribute(TYPE).get());
            try {
                this.credentialStore.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(((CredentialSource) ((Supplier) this.attributes.attribute(CREDENTIAL).get()).get()).getCredential(PasswordCredential.class))), ElytronPasswordProviderSupplier.PROVIDERS);
            } catch (Exception e) {
                if (!e.getMessage().startsWith("ELY09518")) {
                    throw new CacheConfigurationException(e);
                }
            }
        }
    }

    public <C extends Credential> C getCredential(String str, Class<C> cls) {
        if (str == null) {
            try {
                if (this.credentialStore.getAliases().size() != 1) {
                    throw Server.log.unspecifiedCredentialAlias();
                }
                str = (String) this.credentialStore.getAliases().iterator().next();
            } catch (CredentialStoreException e) {
                throw new CacheConfigurationException(e);
            }
        }
        return (C) this.credentialStore.retrieve(str, cls, (String) null, (AlgorithmParameterSpec) null, (CredentialStore.ProtectionParameter) null);
    }
}
