package com.palantir.conjure.java.config.ssl;

import com.google.common.base.Throwables;
import com.google.common.io.BaseEncoding;
import com.palantir.conjure.java.config.ssl.pkcs1.Pkcs1Readers;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/palantir/conjure/java/config/ssl/KeyStores.class */
final class KeyStores {
    private static final Pattern KEY_PATTERN = Pattern.compile("-----BEGIN RSA PRIVATE KEY-----\n?(.+?)\n?-----END RSA PRIVATE KEY-----", 32);
    private static final Pattern CERT_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----\n?(.+?)\n?-----END CERTIFICATE-----", 32);
    private static final FileFilter VISIBLE_FILE_FILTER = new FileFilter() { // from class: com.palantir.conjure.java.config.ssl.KeyStores.1
        @Override // java.io.FileFilter
        public boolean accept(File file) {
            return !file.isHidden();
        }
    };

    private KeyStores() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createTrustStoreFromCertificates(Path path) {
        KeyStore createKeyStore = createKeyStore();
        for (File file : getFilesForPath(path)) {
            try {
                InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
                Throwable th = null;
                try {
                    try {
                        createKeyStore.setCertificateEntry(file.getName(), readX509Certificate(newInputStream));
                        if (newInputStream != null) {
                            if (0 != 0) {
                                try {
                                    newInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                newInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException(String.format("IOException encountered when opening '%s'", file.toPath()), e);
            } catch (KeyStoreException | CertificateException e2) {
                throw new RuntimeException(String.format("Could not read file at \"%s\" as an X.509 certificate", file.toPath()), e2);
            }
        }
        return createKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createTrustStoreFromCertificates(Map<String, PemX509Certificate> map) {
        KeyStore createKeyStore = createKeyStore();
        for (Map.Entry<String, PemX509Certificate> entry : map.entrySet()) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(entry.getValue().pemCertificate().getBytes(StandardCharsets.UTF_8));
                Throwable th = null;
                try {
                    try {
                        createKeyStore.setCertificateEntry(entry.getKey(), readX509Certificate(byteArrayInputStream));
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw Throwables.propagate(e);
            } catch (KeyStoreException | CertificateException e2) {
                throw new RuntimeException(String.format("Could not read certificate alias \"%s\" as an X.509 certificate", entry.getKey()), e2);
            }
        }
        return createKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createKeyStoreFromCombinedPems(Path path, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, str.toCharArray());
            for (File file : getFilesForPath(path)) {
                KeyStore.PrivateKeyEntry readKeyEntryFromPems = readKeyEntryFromPems(file.toPath(), file.toPath());
                keyStore.setKeyEntry(file.getName(), readKeyEntryFromPems.getPrivateKey(), str.toCharArray(), readKeyEntryFromPems.getCertificateChain());
            }
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createKeyStoreFromPemDirectories(Path path, String str, Path path2, String str2, String str3) {
        if (!path.toFile().isDirectory()) {
            throw new IllegalStateException(String.format("keyDirPath is not a directory: \"%s\"", path));
        }
        if (!path2.toFile().isDirectory()) {
            throw new IllegalStateException(String.format("certDirPath is not a directory: \"%s\"", path2));
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, str3.toCharArray());
            for (File file : getFilesForPath(path)) {
                String name = file.getName();
                if (name.endsWith(str)) {
                    String substring = name.substring(0, name.length() - str.length());
                    KeyStore.PrivateKeyEntry readKeyEntryFromPems = readKeyEntryFromPems(file.toPath(), path2.resolve(substring + str2));
                    keyStore.setKeyEntry(substring, readKeyEntryFromPems.getPrivateKey(), str3.toCharArray(), readKeyEntryFromPems.getCertificateChain());
                }
            }
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Failed to create key store from PEM directories", e);
        }
    }

    private static File[] getFilesForPath(Path path) {
        File[] fileArr;
        File file = path.toFile();
        if (file.isDirectory()) {
            fileArr = file.listFiles(VISIBLE_FILE_FILTER);
            if (fileArr == null) {
                throw new IllegalStateException(String.format("failed to list visible files in directory %s", path));
            }
        } else {
            fileArr = new File[]{file};
        }
        return fileArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore loadKeyStore(String str, Path path, Optional<String> optional) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                keyStore.load(newInputStream, optional.isPresent() ? optional.get().toCharArray() : null);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (IOException | GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore newKeyStoreWithEntry(KeyStore keyStore, String str, String str2) {
        try {
            KeyStore keyStore2 = KeyStore.getInstance(keyStore.getType());
            keyStore2.load(null, str.toCharArray());
            Key key = keyStore.getKey(str2, str.toCharArray());
            if (key == null) {
                throw new IllegalStateException(String.format("Could not find key with alias \"%s\" in key store", str2));
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain == null) {
                throw new IllegalStateException(String.format("Could not find certificate chain with alias \"%s\" in key store", str2));
            }
            keyStore2.setKeyEntry(str2, key, str.toCharArray(), certificateChain);
            return keyStore2;
        } catch (IOException | GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    private static KeyStore createKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw Throwables.propagate(e);
        }
    }

    private static Certificate readX509Certificate(InputStream inputStream) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    private static KeyStore.PrivateKeyEntry readKeyEntryFromPems(Path path, Path path2) {
        try {
            String readFileAsString = readFileAsString(path);
            try {
                return new KeyStore.PrivateKeyEntry(getPrivateKeyFromString(readFileAsString), (Certificate[]) getCertificatesFromString(path.equals(path2) ? readFileAsString : readFileAsString(path2)).toArray(new Certificate[0]));
            } catch (IOException | GeneralSecurityException e) {
                throw new RuntimeException(String.format("Failed to read certificates from file at \"%s\"", path2), e);
            }
        } catch (IOException | GeneralSecurityException e2) {
            throw new RuntimeException(String.format("Failed to read private key from file at \"%s\"", path), e2);
        }
    }

    private static String readFileAsString(Path path) throws IOException {
        return new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
    }

    private static PrivateKey getPrivateKeyFromString(String str) throws IOException, GeneralSecurityException {
        Matcher matcher = KEY_PATTERN.matcher(str);
        if (matcher.find()) {
            return KeyFactory.getInstance("RSA").generatePrivate(Pkcs1Readers.getInstance().readPrivateKey(BaseEncoding.base64().decode(matcher.group(1).replace("\n", ""))));
        }
        throw new GeneralSecurityException(String.format("unable to find valid RSA key in the provided string: %s", str));
    }

    private static List<Certificate> getCertificatesFromString(String str) throws IOException, CertificateException {
        Matcher matcher = CERT_PATTERN.matcher(str);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(matcher.group().getBytes(StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    arrayList.add(generateCertificate);
                } finally {
                }
            } catch (Throwable th3) {
                if (byteArrayInputStream != null) {
                    if (th != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                throw th3;
            }
        }
        return arrayList;
    }
}
