package com.tc.net.core.security;

import com.tc.config.schema.SecurityConfig;
import com.tc.license.LicenseManager;
import com.tc.net.core.BufferManagerFactory;
import com.tc.net.core.ssl.IllegalCertificateURIException;
import com.tc.net.core.ssl.SSLBufferManagerFactory;
import com.tc.net.core.ssl.URISyntaxException;
import com.tc.util.runtime.Os;
import com.terracotta.management.keychain.KeyChain;
import com.terracotta.management.keychain.URIKeyName;
import com.terracotta.management.security.SecretProvider;
import com.terracotta.management.security.SecretUtils;
import com.terracotta.management.user.UserRole;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:L1/terracotta-l1-ee-4.3.2.2.15.jar/com/tc/net/core/security/AbstractTCSecurityManager.class_terracotta */
abstract class AbstractTCSecurityManager implements TCSecurityManager {
    private final KeyChain keyChain;
    private final SecurityConfig securityConfig;
    private final SSLBufferManagerFactory bufferManagerFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractTCSecurityManager(SecurityConfig securityConfig, KeyChain keyChain) {
        LicenseManager.verifySecurityCapability();
        this.securityConfig = securityConfig;
        this.keyChain = keyChain;
        performExtraInitialization();
        try {
            this.bufferManagerFactory = initSslBufferManagerFactory(SSLBufferManagerFactory.createSSLContext(getKeyManagers(this.securityConfig, this.keyChain)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.tc.net.core.security.TCSecurityManager
    public SSLContext getSslContext() {
        return this.bufferManagerFactory.getSslContext();
    }

    @Override // com.tc.net.core.security.TCSecurityManager
    public boolean isUserInRole(Principal principal, String str) {
        if (!(principal instanceof TCPrincipal)) {
            return false;
        }
        Iterator<UserRole> it = ((TCPrincipalImpl) principal).getRoles().iterator();
        while (it.hasNext()) {
            if (it.next().toString().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.tc.net.core.security.TCSecurityManager
    public final BufferManagerFactory getBufferManagerFactory() {
        return this.bufferManagerFactory;
    }

    @Override // com.tc.security.PwProvider
    public char[] getPasswordFor(URI uri) {
        URIKeyName uRIKeyName = new URIKeyName(uri);
        byte[] password = this.keyChain.getPassword(SecretProvider.getSecret(), uRIKeyName);
        if (password != null) {
            return SecretUtils.toCharsAndWipe(password);
        }
        StringBuilder append = new StringBuilder("No password found for ").append(uRIKeyName).append(" in KeyChain");
        if (this.securityConfig != null) {
            append.append(" located at ").append(this.securityConfig.getKeyChainUrl());
        }
        append.append(". Check your configuration.");
        throw new NullPointerException(append.toString());
    }

    private String getKeyChainUrl() {
        return this.securityConfig == null ? System.getProperty("com.tc.security.keychain.url") : this.securityConfig.getKeyChainUrl();
    }

    @Override // com.tc.security.PwProvider
    public char[] getPasswordForTC(String str, String str2, int i) {
        return getPasswordFor(TCSecurityManagerUtils.createTcURI(str, str2, i));
    }

    private SSLBufferManagerFactory initSslBufferManagerFactory(SSLContext sSLContext) throws GeneralSecurityException {
        return new SSLBufferManagerFactory(sSLContext);
    }

    protected void performExtraInitialization() {
    }

    protected abstract KeyManager[] getKeyManagers(SecurityConfig securityConfig, KeyChain keyChain) throws URISyntaxException, IllegalCertificateURIException, IOException, GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final void unlockKeyChain() {
        initSecretProvider();
        if (this.keyChain != null) {
            this.keyChain.unlock(SecretProvider.getSecret());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SSLBufferManagerFactory getSSLBufferManagerFactory() {
        return this.bufferManagerFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SecurityConfig getSecurityConfig() {
        return this.securityConfig;
    }

    private void initSecretProvider() {
        try {
            SecretUtils.initProviderAndFetchSecret(this.securityConfig != null ? this.securityConfig.getSecretProviderImplClass() : null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String sanitizeWindowsJKS(String str, boolean z) {
        if (Os.isWindows() || z) {
            str = str.replace('\\', '/');
        }
        return str;
    }
}
