package fish.payara.admin.servermgmt.cli;

import com.sun.enterprise.admin.cli.CLIConstants;
import com.sun.enterprise.admin.servermgmt.cli.ChangeMasterPasswordCommandDAS;
import com.sun.enterprise.admin.servermgmt.cli.LocalDomainCommand;
import com.sun.enterprise.universal.i18n.LocalStringsImpl;
import com.sun.enterprise.util.HostAndPort;
import com.sun.enterprise.util.net.NetUtils;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.glassfish.api.admin.CommandException;
import org.glassfish.hk2.api.PerLookup;
import org.glassfish.security.common.FileProtectionUtility;
import org.jvnet.hk2.annotations.Service;

@Service(name = "generate-encryption-key")
@PerLookup
/* loaded from: input_file:fish/payara/admin/servermgmt/cli/GenerateEncryptionKey.class */
public class GenerateEncryptionKey extends LocalDomainCommand {
    private static final String DATAGRID_KEY_FILE = "datagrid-key";
    private static final LocalStringsImpl SERVERMGMT_CLI_STRINGS = new LocalStringsImpl(ChangeMasterPasswordCommandDAS.class);
    private static final Random random = new SecureRandom();
    private static final String PBKDF_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final int ITERATION_COUNT = 65556;
    private static final int KEYSIZE = 256;
    private static final String AES = "AES";
    private static final String AES_ALGORITHM = "AES/CBC/PKCS5Padding";

    @Override // com.sun.enterprise.admin.cli.CLICommand
    protected int executeCommand() throws CommandException {
        checkDomainIsNotRunning();
        char[] verifyMasterPassword = verifyMasterPassword();
        File file = new File(getServerDirs().getConfigDir(), DATAGRID_KEY_FILE);
        if (!file.exists()) {
            createDatagridEncryptionKeyFile(file);
        }
        try {
            Files.write(file.toPath(), generateAndEncryptKey(verifyMasterPassword), new OpenOption[0]);
            return 0;
        } catch (IOException e) {
            throw new CommandException("Error writing encoded key to file", e);
        }
    }

    private void checkDomainIsNotRunning() throws CommandException {
        HostAndPort adminAddress = getAdminAddress();
        if (NetUtils.isRunning(adminAddress.getHost(), adminAddress.getPort())) {
            throw new CommandException(SERVERMGMT_CLI_STRINGS.get("domain.is.running", getDomainName(), getDomainRootDir()));
        }
    }

    private char[] verifyMasterPassword() throws CommandException {
        String readFromMasterPasswordFile = super.readFromMasterPasswordFile();
        if (readFromMasterPasswordFile == null) {
            readFromMasterPasswordFile = this.passwords.get(CLIConstants.MASTER_PASSWORD);
            if (readFromMasterPasswordFile == null) {
                char[] readPassword = super.readPassword(SERVERMGMT_CLI_STRINGS.get("current.mp"));
                readFromMasterPasswordFile = readPassword != null ? new String(readPassword) : null;
            }
        }
        if (readFromMasterPasswordFile == null) {
            throw new CommandException(SERVERMGMT_CLI_STRINGS.get("no.console"));
        }
        if (super.verifyMasterPassword(readFromMasterPasswordFile)) {
            return readFromMasterPasswordFile.toCharArray();
        }
        throw new CommandException(SERVERMGMT_CLI_STRINGS.get("incorrect.mp"));
    }

    private void createDatagridEncryptionKeyFile(File file) throws CommandException {
        try {
            Files.createFile(file.toPath(), new FileAttribute[0]);
            FileProtectionUtility.chmod0600(file);
        } catch (IOException e) {
            throw new CommandException(e.getMessage(), e);
        }
    }

    private byte[] generateAndEncryptKey(char[] cArr) throws CommandException {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(PBKDF_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, ITERATION_COUNT, 256)).getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
            cipher.init(1, secretKeySpec);
            byte[] iv = ((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV();
            byte[] bArr2 = new byte[32];
            random.nextBytes(bArr2);
            byte[] doFinal = cipher.doFinal(bArr2);
            byte[] bArr3 = new byte[bArr.length + iv.length + doFinal.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(iv, 0, bArr3, bArr.length, iv.length);
            System.arraycopy(doFinal, 0, bArr3, bArr.length + iv.length, doFinal.length);
            return bArr3;
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CommandException(e.getMessage(), e);
        }
    }
}
