package org.graylog2.plugin.inputs.transports.util;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.Iterators;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteStreams;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.graylog2.indexer.MongoIndexSet;
import org.graylog2.inputs.InputImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/plugin/inputs/transports/util/KeyUtil.class */
public class KeyUtil {
    private static final Logger LOG = LoggerFactory.getLogger(KeyUtil.class);
    private static final Joiner JOINER = Joiner.on(",").skipNulls();
    private static final Pattern KEY_PATTERN = Pattern.compile("-{5}BEGIN (?:(RSA|DSA|EC)? )?(ENCRYPTED )?PRIVATE KEY-{5}\\r?\\n([A-Z0-9a-z+/\\r\\n]+={0,2})\\r?\\n-{5}END (?:(?:RSA|DSA|EC)? )?(?:ENCRYPTED )?PRIVATE KEY-{5}\\r?\\n$", 8);

    public static TrustManager[] initTrustStore(File file) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        loadCertificates(keyStore, file, CertificateFactory.getInstance("X.509"));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Client authentication certificate file: {}", file);
            LOG.debug("Aliases: {}", join(keyStore.aliases()));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    @VisibleForTesting
    protected static void loadCertificates(KeyStore keyStore, File file, CertificateFactory certificateFactory) throws CertificateException, KeyStoreException, IOException {
        if (!file.isFile()) {
            if (file.isDirectory()) {
                DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(file.toPath());
                Throwable th = null;
                try {
                    try {
                        Iterator<Path> it = newDirectoryStream.iterator();
                        while (it.hasNext()) {
                            loadCertificates(keyStore, it.next().toFile(), certificateFactory);
                        }
                        if (newDirectoryStream != null) {
                            if (0 == 0) {
                                newDirectoryStream.close();
                                return;
                            }
                            try {
                                newDirectoryStream.close();
                                return;
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                                return;
                            }
                        }
                        return;
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (newDirectoryStream != null) {
                        if (th != null) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                    throw th4;
                }
            }
            return;
        }
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        Throwable th6 = null;
        try {
            try {
                int i = 0;
                for (Certificate certificate : certificateFactory.generateCertificates(newInputStream)) {
                    String str = file.getAbsolutePath() + MongoIndexSet.SEPARATOR + i;
                    keyStore.setCertificateEntry(str, certificate);
                    i++;
                    LOG.debug("Added certificate with alias {} to trust store: {}", str, certificate);
                }
                if (newInputStream != null) {
                    if (0 == 0) {
                        newInputStream.close();
                        return;
                    }
                    try {
                        newInputStream.close();
                    } catch (Throwable th7) {
                        th6.addSuppressed(th7);
                    }
                }
            } catch (Throwable th8) {
                th6 = th8;
                throw th8;
            }
        } catch (Throwable th9) {
            if (newInputStream != null) {
                if (th6 != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th10) {
                        th6.addSuppressed(th10);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th9;
        }
    }

    public static KeyManager[] initKeyStore(File file, File file2, String str) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(file2.toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                PrivateKey loadPrivateKey = loadPrivateKey(file, str);
                char[] charArray = Strings.nullToEmpty(str).toCharArray();
                keyStore.setKeyEntry(InputImpl.FIELD_STATIC_FIELD_KEY, loadPrivateKey, charArray, (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]));
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Private key file: {}", file);
                    LOG.debug("Certificate file: {}", file2);
                    LOG.debug("Aliases: {}", join(keyStore.aliases()));
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, charArray);
                return keyManagerFactory.getKeyManagers();
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static String join(Enumeration<String> enumeration) {
        return JOINER.join(Iterators.forEnumeration(enumeration));
    }

    @VisibleForTesting
    protected static PrivateKey loadPrivateKey(File file, String str) throws IOException, GeneralSecurityException {
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            byte[] byteArray = ByteStreams.toByteArray(newInputStream);
            Matcher matcher = KEY_PATTERN.matcher(new String(byteArray, StandardCharsets.US_ASCII));
            byte[] bArr = byteArray;
            if (matcher.matches()) {
                if (!Strings.isNullOrEmpty(matcher.group(1))) {
                    throw new IllegalArgumentException("Unsupported key type PKCS#1, please convert to PKCS#8");
                }
                bArr = BaseEncoding.base64().decode(matcher.group(3).replaceAll("[\\r\\n]", ""));
            }
            PKCS8EncodedKeySpec createKeySpec = createKeySpec(bArr, str);
            if (createKeySpec == null) {
                throw new IllegalArgumentException("Unsupported key type: " + file);
            }
            for (String str2 : new String[]{"RSA", "DSA", "EC"}) {
                try {
                    return KeyFactory.getInstance(str2).generatePrivate(createKeySpec);
                } catch (InvalidKeySpecException e) {
                    LOG.debug("Loading {} private key from \"{}\" failed", new Object[]{str2, file, e});
                }
            }
            throw new IllegalArgumentException("Unsupported key type: " + file);
        } finally {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newInputStream.close();
                }
            }
        }
    }

    private static PKCS8EncodedKeySpec createKeySpec(byte[] bArr, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (Strings.isNullOrEmpty(str)) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str.toCharArray()));
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }
}
