package org.wildfly.extension.elytron;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceContainer;
import org.jboss.msc.service.ServiceRegistry;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.x500.cert.acme.AcmeAccount;
import org.wildfly.security.x500.cert.acme.CertificateAuthority;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/AcmeAccountService.class */
public class AcmeAccountService implements Service<AcmeAccount> {
    private final InjectedValue<KeyStore> keyStoreInjector = new InjectedValue<>();
    private final InjectedValue<ExceptionSupplier<CredentialSource, Exception>> credentialSourceSupplierInjector = new InjectedValue<>();
    private final String certificateAuthorityName;
    private final List<String> contactUrlsList;
    private final String alias;
    private final String keyStoreName;
    private volatile AcmeAccount acmeAccount;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcmeAccountService(String str, List<String> list, String str2, String str3) {
        this.certificateAuthorityName = str;
        this.contactUrlsList = list;
        this.alias = str2;
        this.keyStoreName = str3;
    }

    public void start(StartContext startContext) throws StartException {
        try {
            ServiceContainer serviceContainer = startContext.getController().getServiceContainer();
            ModifiableKeyStoreService modifiableKeyStoreService = CertificateAuthorityAccountDefinition.getModifiableKeyStoreService((ServiceRegistry) serviceContainer, this.keyStoreName);
            char[] resolveKeyPassword = resolveKeyPassword((KeyStoreService) modifiableKeyStoreService);
            KeyStore keyStore = (KeyStore) this.keyStoreInjector.getValue();
            CertificateAuthority certificateAuthority = this.certificateAuthorityName.equalsIgnoreCase(CertificateAuthority.LETS_ENCRYPT.getName()) ? CertificateAuthority.LETS_ENCRYPT : (CertificateAuthority) CertificateAuthorityDefinition.getCertificateAuthorityService(serviceContainer, this.certificateAuthorityName).getValue();
            AcmeAccount.Builder serverUrl = AcmeAccount.builder().setServerUrl(certificateAuthority.getUrl());
            if (certificateAuthority.getStagingUrl() != null) {
                serverUrl.setStagingServerUrl(certificateAuthority.getStagingUrl());
            }
            if (!this.contactUrlsList.isEmpty()) {
                serverUrl = serverUrl.setContactUrls((String[]) this.contactUrlsList.toArray(new String[this.contactUrlsList.size()]));
            }
            boolean z = false;
            if (keyStore.containsAlias(this.alias)) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(this.alias);
                if (x509Certificate == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificateAuthorityAccountCertificate(this.alias);
                }
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(this.alias, resolveKeyPassword);
                if (privateKey == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unableToObtainCertificateAuthorityAccountPrivateKey(this.alias);
                }
                serverUrl = serverUrl.setKey(x509Certificate, privateKey);
            } else {
                z = true;
            }
            this.acmeAccount = serverUrl.build();
            if (z) {
                saveCertificateAuthorityAccountKey(modifiableKeyStoreService, resolveKeyPassword);
            }
        } catch (Exception e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToStartService(e);
        }
    }

    public void stop(StopContext stopContext) {
        this.acmeAccount = null;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public AcmeAccount m1getValue() throws IllegalStateException, IllegalArgumentException {
        return this.acmeAccount;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<KeyStore> getKeyStoreInjector() {
        return this.keyStoreInjector;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<ExceptionSupplier<CredentialSource, Exception>> getCredentialSourceSupplierInjector() {
        return this.credentialSourceSupplierInjector;
    }

    char[] resolveKeyPassword(KeyStoreService keyStoreService) throws RuntimeException {
        try {
            return keyStoreService.resolveKeyPassword((ExceptionSupplier) this.credentialSourceSupplierInjector.getOptionalValue());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void saveCertificateAuthorityAccountKey(OperationContext operationContext) throws OperationFailedException {
        ModifiableKeyStoreService modifiableKeyStoreService = CertificateAuthorityAccountDefinition.getModifiableKeyStoreService(operationContext, this.keyStoreName);
        saveCertificateAuthorityAccountKey(modifiableKeyStoreService, resolveKeyPassword((KeyStoreService) modifiableKeyStoreService));
    }

    private void saveCertificateAuthorityAccountKey(ModifiableKeyStoreService modifiableKeyStoreService, char[] cArr) throws OperationFailedException {
        try {
            modifiableKeyStoreService.getModifiableValue().setKeyEntry(this.alias, this.acmeAccount.getPrivateKey(), cArr, new X509Certificate[]{this.acmeAccount.getCertificate()});
            ((KeyStoreService) modifiableKeyStoreService).save();
        } catch (KeyStoreException e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToUpdateCertificateAuthorityAccountKeyStore(e, e.getLocalizedMessage());
        }
    }
}
