package com.sun.identity.workflow;

import com.google.common.annotations.VisibleForTesting;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.services.util.JCEEncryption;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.password.plugins.RandomPasswordGenerator;
import com.sun.identity.password.ui.model.PWResetException;
import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.jar.JarEntry;
import java.util.jar.JarInputStream;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.ArrayUtils;
import org.forgerock.openam.shared.security.crypto.KeyStoreBuilder;
import org.forgerock.openam.shared.security.crypto.KeyStoreType;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;
import org.forgerock.util.encode.Base64;

/* loaded from: input_file:com/sun/identity/workflow/CreateSoapSTSDeployment.class */
public class CreateSoapSTSDeployment extends Task {
    private static final String REALM_PARAM = "realm";
    private static final String OPENAM_URL_PARAM = "openAMUrl";
    private static final String SOAP_AGENT_NAME_PARAM = "soapAgentName";
    private static final String SOAP_AGENT_PASSWORD_PARAM = "soapAgentPassword";
    private static final String SOAP_AGENT_RETRY_NUMBER_PARAM = "soapAgentRetryNumber";
    private static final String SOAP_AGENT_RETRY_INITIAL_INTERVAL_PARAM = "soapAgentRetryInitialInterval";
    private static final String SOAP_AGENT_RETRY_MULTIPLIER_PARAM = "soapAgentRetryMultiplier";
    private static final String KEYSTORE_FILE_NAMES_PARAM = "keystoreFileNames";
    private static final String WSDL_FILE_NAMES_PARAM = "wsdlFileNames";
    private static final String SOAP_DEPLOYMENT_DIRECTORY_NAME = "soapstsdeployment";
    private static final String SOAP_STS_SERVER_JAR_FILE_PREFIX = "openam-soap-sts-server";
    private static final String DEPLOYABLE_SOAP_STS_SERVER_JAR_FILE_PREFIX = "deployable-soap-sts-server";
    private static final String SOAP_PROPERTY_FILE_JAR_ENTRY_NAME = "WEB-INF/classes/config.properties";
    private static final String CLASSES_WAR_DIRECTORY = "WEB-INF/classes/";
    private static final String SOAP_PROPERTY_FILE_AM_DEPLOYMENT_URL_KEY = "am_deployment_url";
    private static final String SOAP_PROPERTY_FILE_AM_SESSION_COOKIE_NAME_KEY = "am_session_cookie_name";
    private static final String SOAP_PROPERTY_FILE_SOAP_STS_AGENT_USERNAME_KEY = "soap_sts_agent_username";
    private static final String SOAP_PROPERTY_FILE_SOAP_STS_AGENT_PASSWORD_KEY = "soap_sts_agent_password";
    private static final String SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_NUMBER_KEY = "soap_sts_agent_retry_number";
    private static final String SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_INITIAL_INTERVAL_KEY = "soap_sts_agent_retry_initial_interval";
    private static final String SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_MULTIPLIER_KEY = "soap_sts_agent_retry_multiplier";
    private static final String SOAP_PROPERTY_FILE_REALM_KEY = "am_realm";
    private static final String COMMA = ",";
    private static final String[] NO_MULTI_VALUE_ENTRIES = new String[0];
    private static final String SOAP_KEYSTORE_JAR_ENTRY_NAME = "WEB-INF/classes/am_soap_sts.jks";
    private static final String SECRET_KEY_ALGORITHM_TYPE = "PBEWithMD5AndDES";

    @Override // com.sun.identity.workflow.ITask
    public String execute(Locale locale, Map map) throws WorkflowException {
        try {
            validatePresenceOfMandatoryParams(map);
            JarInputStream jarInputStream = getJarInputStream();
            Path outputJarFilePath = getOutputJarFilePath(getStringParam(map, "realm"));
            processFileContents(jarInputStream, getJarOutputStream(outputJarFilePath, jarInputStream.getManifest()), map);
            return getCompletionMessage(locale, outputJarFilePath);
        } catch (WorkflowException e) {
            Debug.getInstance("workflow").error("Exception caught in CreateSoapSTSDeployment#execute: " + e.getMessage());
            throw e;
        }
    }

    private void validatePresenceOfMandatoryParams(Map map) throws WorkflowException {
        for (String str : new String[]{"realm", OPENAM_URL_PARAM, SOAP_AGENT_NAME_PARAM, SOAP_AGENT_PASSWORD_PARAM}) {
            if (StringUtils.isEmpty(getStringParam(map, str))) {
                throw new WorkflowException("soap.sts.deployment.workflow.error.missing.param", str);
            }
        }
    }

    @VisibleForTesting
    protected JarInputStream getJarInputStream() throws WorkflowException {
        try {
            DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(getDeploymentBaseDirectory(), "openam-soap-sts-server*.war");
            Throwable th = null;
            try {
                try {
                    Iterator<Path> it = newDirectoryStream.iterator();
                    if (!it.hasNext()) {
                        if (newDirectoryStream != null) {
                            if (0 != 0) {
                                try {
                                    newDirectoryStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                newDirectoryStream.close();
                            }
                        }
                        throw new WorkflowException("soap.sts.deployment.workflow.error.no.soap.sts.server.jar.file", null);
                    }
                    JarInputStream jarInputStream = new JarInputStream(Files.newInputStream(it.next(), StandardOpenOption.READ));
                    if (newDirectoryStream != null) {
                        if (0 != 0) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                    return jarInputStream;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new WorkflowException("soap.sts.deployment.workflow.error.read.exception.soap.sts.server.jar.file", e.getMessage());
        }
        throw new WorkflowException("soap.sts.deployment.workflow.error.read.exception.soap.sts.server.jar.file", e.getMessage());
    }

    @VisibleForTesting
    protected JarOutputStream getJarOutputStream(Path path, Manifest manifest) throws WorkflowException {
        try {
            return new JarOutputStream(Files.newOutputStream(path, StandardOpenOption.CREATE_NEW), manifest);
        } catch (IOException e) {
            throw new WorkflowException("soap.sts.deployment.workflow.error.output.jar.open.error", e.toString());
        }
    }

    @VisibleForTesting
    protected String getCompletionMessage(Locale locale, Path path) {
        return MessageFormat.format(getMessage("soap.sts.deployment.workflow.complete", locale), path.toString());
    }

    /* JADX WARN: Finally extract failed */
    private void processFileContents(JarInputStream jarInputStream, JarOutputStream jarOutputStream, Map map) throws WorkflowException {
        Throwable th = null;
        try {
            try {
                Throwable th2 = null;
                try {
                    try {
                        byte[] bArr = new byte[4096];
                        String agentPasswordEncryptionKey = getAgentPasswordEncryptionKey();
                        String encryptAgentPassword = encryptAgentPassword(agentPasswordEncryptionKey, getStringParam(map, SOAP_AGENT_PASSWORD_PARAM));
                        JarEntry nextJarEntry = jarInputStream.getNextJarEntry();
                        while (nextJarEntry != null) {
                            if (SOAP_PROPERTY_FILE_JAR_ENTRY_NAME.equals(nextJarEntry.getName())) {
                                updatePropertyFile(jarInputStream, jarOutputStream, map, encryptAgentPassword);
                            } else {
                                writeBitsToModifiedWar(jarInputStream, jarOutputStream, nextJarEntry, bArr);
                            }
                            nextJarEntry = jarInputStream.getNextJarEntry();
                        }
                        processUserSpecifiedKeystoreAndCustomWsdlFiles(jarOutputStream, map);
                        addAgentPasswordKeystore(jarOutputStream, agentPasswordEncryptionKey);
                        if (jarOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    jarOutputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                jarOutputStream.close();
                            }
                        }
                        if (jarInputStream != null) {
                            if (0 != 0) {
                                try {
                                    jarInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                jarInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (jarOutputStream != null) {
                        if (th2 != null) {
                            try {
                                jarOutputStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            jarOutputStream.close();
                        }
                    }
                    throw th5;
                }
            } catch (IOException | PWResetException e) {
                throw new WorkflowException("soap.sts.deployment.workflow.error.exception.transferring.jar.file.contents", e.toString());
            }
        } catch (Throwable th7) {
            if (jarInputStream != null) {
                if (0 != 0) {
                    try {
                        jarInputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    jarInputStream.close();
                }
            }
            throw th7;
        }
    }

    private void writeBitsToModifiedWar(InputStream inputStream, JarOutputStream jarOutputStream, JarEntry jarEntry, byte[] bArr) throws IOException {
        jarOutputStream.putNextEntry(new JarEntry(jarEntry));
        writeBits(inputStream, jarOutputStream, bArr);
    }

    private void writeBitsToModifiedWar(InputStream inputStream, JarOutputStream jarOutputStream, String str, byte[] bArr) throws IOException {
        jarOutputStream.putNextEntry(new JarEntry(str));
        writeBits(inputStream, jarOutputStream, bArr);
    }

    private void writeBits(InputStream inputStream, JarOutputStream jarOutputStream, byte[] bArr) throws IOException {
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                jarOutputStream.flush();
                jarOutputStream.closeEntry();
                return;
            }
            jarOutputStream.write(bArr, 0, read);
        }
    }

    private Path getDeploymentBaseDirectory() {
        return Paths.get(SystemProperties.get("com.iplanet.services.configpath"), SOAP_DEPLOYMENT_DIRECTORY_NAME);
    }

    @VisibleForTesting
    protected Path getOutputJarFilePath(String str) throws WorkflowException {
        try {
            Files.createDirectories(Paths.get(getDeploymentBaseDirectory().toString(), str), new FileAttribute[0]);
            return Paths.get(getDeploymentBaseDirectory().toString(), str, "deployable-soap-sts-server_" + getCurrentTimeAsString() + ".war");
        } catch (IOException e) {
            throw new WorkflowException("soap.sts.deployment.workflow.error.exception.creating.output.war.path", e.toString());
        }
    }

    private String getCurrentTimeAsString() {
        return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS").format(Time.getCalendarInstance().getTime());
    }

    private void updatePropertyFile(JarInputStream jarInputStream, JarOutputStream jarOutputStream, Map map, String str) throws IOException {
        Properties properties = new Properties();
        properties.load(jarInputStream);
        properties.setProperty(SOAP_PROPERTY_FILE_REALM_KEY, getStringParam(map, "realm"));
        properties.setProperty(SOAP_PROPERTY_FILE_AM_DEPLOYMENT_URL_KEY, getStringParam(map, OPENAM_URL_PARAM));
        properties.setProperty(SOAP_PROPERTY_FILE_SOAP_STS_AGENT_USERNAME_KEY, getStringParam(map, SOAP_AGENT_NAME_PARAM));
        properties.setProperty(SOAP_PROPERTY_FILE_SOAP_STS_AGENT_PASSWORD_KEY, str);
        properties.setProperty(SOAP_PROPERTY_FILE_AM_SESSION_COOKIE_NAME_KEY, getAMSessionIdCookieNameForDeployment());
        properties.setProperty(SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_NUMBER_KEY, getStringParam(map, SOAP_AGENT_RETRY_NUMBER_PARAM));
        properties.setProperty(SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_INITIAL_INTERVAL_KEY, getStringParam(map, SOAP_AGENT_RETRY_INITIAL_INTERVAL_PARAM));
        properties.setProperty(SOAP_PROPERTY_FILE_SOAP_STS_AGENT_RETRY_MULTIPLIER_KEY, getStringParam(map, SOAP_AGENT_RETRY_MULTIPLIER_PARAM));
        jarOutputStream.putNextEntry(new JarEntry(SOAP_PROPERTY_FILE_JAR_ENTRY_NAME));
        properties.store(jarOutputStream, (String) null);
        jarOutputStream.flush();
        jarOutputStream.closeEntry();
    }

    @VisibleForTesting
    protected String getAMSessionIdCookieNameForDeployment() {
        return SystemPropertiesManager.get("com.iplanet.am.cookie.name");
    }

    private void processUserSpecifiedKeystoreAndCustomWsdlFiles(JarOutputStream jarOutputStream, Map map) throws WorkflowException {
        String[] multiValuedStringParam = getMultiValuedStringParam(map, KEYSTORE_FILE_NAMES_PARAM);
        byte[] bArr = new byte[4096];
        if (!ArrayUtils.isEmpty(multiValuedStringParam)) {
            addKeystoreOrCustomWsdlFiles(jarOutputStream, multiValuedStringParam, bArr);
        }
        String[] multiValuedStringParam2 = getMultiValuedStringParam(map, WSDL_FILE_NAMES_PARAM);
        if (ArrayUtils.isEmpty(multiValuedStringParam2)) {
            return;
        }
        addKeystoreOrCustomWsdlFiles(jarOutputStream, multiValuedStringParam2, bArr);
    }

    private void addAgentPasswordKeystore(JarOutputStream jarOutputStream, String str) throws WorkflowException {
        try {
            KeyStore initializeKeyStore = initializeKeyStore();
            char[] keystorePassword = getKeystorePassword();
            setAgentPasswordEncryptionKeyEntry(initializeKeyStore, keystorePassword, str);
            storeKeystoreInWar(initializeKeyStore, keystorePassword, jarOutputStream);
        } catch (IOException | IllegalStateException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new WorkflowException("soap.sts.deployment.workflow.error.exception.generating.internal.keystore", e.toString());
        }
    }

    private KeyStore initializeKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        return new KeyStoreBuilder().withKeyStoreType(KeyStoreType.JCEKS).build();
    }

    private void setAgentPasswordEncryptionKeyEntry(KeyStore keyStore, char[] cArr, String str) throws KeyStoreException {
        keyStore.setEntry("soap_sts_pek", new KeyStore.SecretKeyEntry(new SecretKeySpec(str.getBytes(StandardCharsets.US_ASCII), SECRET_KEY_ALGORITHM_TYPE)), new KeyStore.PasswordProtection(cArr));
    }

    private void storeKeystoreInWar(KeyStore keyStore, char[] cArr, JarOutputStream jarOutputStream) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        jarOutputStream.putNextEntry(new JarEntry(SOAP_KEYSTORE_JAR_ENTRY_NAME));
        keyStore.store(jarOutputStream, cArr);
    }

    private char[] getKeystorePassword() {
        return "AQICcQXJAVayPq6zMlamHMDZD0Q4kgtX9wgd".toCharArray();
    }

    private String getAgentPasswordEncryptionKey() throws PWResetException {
        return new RandomPasswordGenerator().generatePassword((AMIdentity) null);
    }

    private String encryptAgentPassword(String str, String str2) throws IllegalStateException {
        JCEEncryption jCEEncryption = new JCEEncryption();
        try {
            jCEEncryption.setPassword(str);
            return Base64.encode(jCEEncryption.encrypt(str2.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new IllegalStateException("Exception thrown from JCEEncryption#setPassword: " + e, e);
        }
    }

    private void addKeystoreOrCustomWsdlFiles(JarOutputStream jarOutputStream, String[] strArr, byte[] bArr) throws WorkflowException {
        for (String str : strArr) {
            try {
                writeBitsToModifiedWar(getInputStreamForKeystoreFileOrCustomWsdlFile(str), jarOutputStream, CLASSES_WAR_DIRECTORY + str, bArr);
            } catch (IOException e) {
                throw new WorkflowException("soap.sts.deployment.workflow.error.exception.writing.wsdl.or.keystore.state", e.toString());
            }
        }
    }

    @VisibleForTesting
    protected InputStream getInputStreamForKeystoreFileOrCustomWsdlFile(String str) throws IOException {
        return Files.newInputStream(Paths.get(getDeploymentBaseDirectory().toString(), str), StandardOpenOption.READ);
    }

    private String getStringParam(Map map, String str) {
        String str2 = null;
        Object obj = map.get(str);
        if (obj != null) {
            if (!(obj instanceof String)) {
                throw new IllegalStateException("Illegal state in CreateSoapSTSDeployment: the state in the params map for key does not have an expected type. The type: " + obj.getClass().getCanonicalName());
            }
            str2 = ((String) obj).trim();
        }
        return str2;
    }

    private String[] getMultiValuedStringParam(Map map, String str) {
        String stringParam = getStringParam(map, str);
        return !StringUtils.isEmpty(stringParam) ? stringParam.split(COMMA) : NO_MULTI_VALUE_ENTRIES;
    }
}
