package org.forgerock.openidm.security.impl;

import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.LinkedHashMap;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.BadRequestException;
import org.forgerock.json.resource.ConflictException;
import org.forgerock.json.resource.NotSupportedException;
import org.forgerock.json.resource.PatchRequest;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.Resource;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResultHandler;
import org.forgerock.json.resource.ServerContext;
import org.forgerock.json.resource.SingletonResourceProvider;
import org.forgerock.json.resource.UpdateRequest;
import org.forgerock.openidm.repo.RepositoryService;
import org.forgerock.openidm.security.KeyStoreHandler;
import org.forgerock.openidm.security.KeyStoreManager;
import org.forgerock.openidm.util.ResourceUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/security/impl/KeystoreResourceProvider.class */
public class KeystoreResourceProvider extends SecurityResourceProvider implements SingletonResourceProvider {
    private static final Logger logger = LoggerFactory.getLogger(KeystoreResourceProvider.class);

    public KeystoreResourceProvider(String str, KeyStoreHandler keyStoreHandler, KeyStoreManager keyStoreManager, RepositoryService repositoryService) {
        super(str, keyStoreHandler, keyStoreManager, repositoryService);
    }

    public void actionInstance(ServerContext serverContext, ActionRequest actionRequest, ResultHandler<JsonValue> resultHandler) {
        try {
            String asString = actionRequest.getContent().get("alias").asString();
            if (!SecurityResourceProvider.ACTION_GENERATE_CERT.equalsIgnoreCase(actionRequest.getAction()) && !SecurityResourceProvider.ACTION_GENERATE_CSR.equalsIgnoreCase(actionRequest.getAction())) {
                resultHandler.handleError(new BadRequestException("Unsupported action " + actionRequest.getAction()));
            } else {
                if (asString == null) {
                    throw ResourceException.getException(400, "A valid resource ID must be specified in the request");
                }
                String asString2 = actionRequest.getContent().get("algorithm").defaultTo(SecurityResourceProvider.DEFAULT_ALGORITHM).asString();
                String asString3 = actionRequest.getContent().get("signatureAlgorithm").defaultTo(SecurityResourceProvider.DEFAULT_SIGNATURE_ALGORITHM).asString();
                int intValue = actionRequest.getContent().get("keySize").defaultTo(Integer.valueOf(SecurityResourceProvider.DEFAULT_KEY_SIZE)).asInteger().intValue();
                JsonValue jsonValue = null;
                if (!SecurityResourceProvider.ACTION_GENERATE_CERT.equalsIgnoreCase(actionRequest.getAction())) {
                    Pair<PKCS10CertificationRequest, PrivateKey> generateCSR = generateCSR(asString, asString2, asString3, intValue, actionRequest.getContent());
                    jsonValue = returnCertificateRequest(asString, (PKCS10CertificationRequest) generateCSR.getKey());
                    if (actionRequest.getContent().get("returnPrivateKey").defaultTo(false).asBoolean().booleanValue()) {
                        jsonValue.put("privateKey", getKeyMap((Key) generateCSR.getRight()));
                    }
                } else if (this.store.getStore().containsAlias(asString)) {
                    resultHandler.handleError(new ConflictException("The resource with ID '" + asString + "' could not be created because there is already another resource with the same ID"));
                } else {
                    logger.info("Generating a new self-signed certificate with the alias {}", asString);
                    Pair<X509Certificate, PrivateKey> generateCertificate = generateCertificate(actionRequest.getContent().get("domainName").required().asString(), asString2, intValue, asString3, actionRequest.getContent().get("validFrom").asString(), actionRequest.getContent().get("validTo").asString());
                    Certificate certificate = (Certificate) generateCertificate.getKey();
                    PrivateKey privateKey = (PrivateKey) generateCertificate.getValue();
                    logger.debug("Adding certificate entry under the alias {}", asString);
                    this.store.getStore().setEntry(asString, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate}), new KeyStore.PasswordProtection(this.store.getPassword().toCharArray()));
                    this.store.store();
                    this.manager.reload();
                    saveStore();
                    jsonValue = returnCertificate(asString, certificate);
                    if (actionRequest.getContent().get("returnPrivateKey").defaultTo(false).asBoolean().booleanValue()) {
                        jsonValue.put("privateKey", getKeyMap(privateKey));
                    }
                }
                resultHandler.handleResult(jsonValue);
            }
        } catch (Throwable th) {
            resultHandler.handleError(ResourceUtil.adapt(th));
        }
    }

    public void patchInstance(ServerContext serverContext, PatchRequest patchRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Patch operations are not supported"));
    }

    public void readInstance(ServerContext serverContext, ReadRequest readRequest, ResultHandler<Resource> resultHandler) {
        try {
            JsonValue jsonValue = new JsonValue(new LinkedHashMap(5));
            jsonValue.put("type", this.store.getStore().getType());
            jsonValue.put("provider", this.store.getStore().getProvider());
            Enumeration<String> aliases = this.store.getStore().aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            jsonValue.put("aliases", arrayList);
            resultHandler.handleResult(new Resource(this.resourceName, (String) null, jsonValue));
        } catch (Throwable th) {
            resultHandler.handleError(ResourceUtil.adapt(th));
        }
    }

    public void updateInstance(ServerContext serverContext, UpdateRequest updateRequest, ResultHandler<Resource> resultHandler) {
        resultHandler.handleError(new NotSupportedException("Update operations are not supported"));
    }
}
