package io.axual.common.tools;

import io.axual.common.config.PasswordConfig;
import io.axual.common.config.SslConfig;
import io.axual.common.config.SslEngineConfig;
import io.axual.common.exception.ClientException;
import io.axual.common.exception.InvalidKeystoreException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.kafka.common.KafkaException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/axual/common/tools/SslUtil.class */
public final class SslUtil {
    private static final Logger LOG = LoggerFactory.getLogger(SslUtil.class);
    private static final String DEFAULT_KEYSTORE_TYPE = "jks";

    private SslUtil() {
    }

    public static SSLContext createSslContext(SslConfig sslConfig) {
        try {
            SslEngineConfig sslEngineConfig = new SslEngineConfig(KafkaUtil.getKafkaConfigs(sslConfig));
            KeyStore keystore = sslEngineConfig.keystore();
            KeyStore truststore = sslEngineConfig.truststore();
            validateKeystore(keystore);
            if (sslConfig.getEnableValidateTruststore()) {
                validateKeystore(truststore);
            }
            return SSLContexts.custom().loadTrustMaterial(sslEngineConfig.truststore(), (TrustStrategy) null).loadKeyMaterial(sslEngineConfig.keystore(), keyPassword(sslConfig)).build();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | KafkaException e) {
            throw new ClientException(String.format("Exception occurred while creating SSLContext from %s", e.getMessage()), e);
        }
    }

    public static void validateKeystore(KeyStore keyStore) {
        Date date = new Date();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    logValidationResult(date, nextElement, x509Certificate, x509Certificate.getSubjectX500Principal().toString());
                }
            }
        } catch (KeyStoreException e) {
            throw new InvalidKeystoreException("Could not validate keystore", e);
        }
    }

    private static void logValidationResult(Date date, String str, X509Certificate x509Certificate, String str2) {
        if (date.before(x509Certificate.getNotBefore())) {
            LOG.error("Key with alias \"{}\": {} will become valid at {}", new Object[]{str, str2, x509Certificate.getNotBefore()});
        } else if (date.after(x509Certificate.getNotAfter())) {
            LOG.error("Key with alias \"{}\": {} became invalid at {}", new Object[]{str, str2, x509Certificate.getNotAfter()});
        } else if ((x509Certificate.getNotAfter().getTime() - date.getTime()) / 86400000 < 30) {
            LOG.warn("Key expiration imminent. Key with alias \"{}\": {} will expire in {} days", new Object[]{str, str2, x509Certificate.getNotAfter()});
        }
    }

    private static char[] keyPassword(SslConfig sslConfig) {
        if (sslConfig.getKeyPassword() == null || sslConfig.getKeyPassword().getValue() == null) {
            return null;
        }
        return sslConfig.getKeyPassword().getValue().toCharArray();
    }

    @Deprecated
    public static KeyStore loadKeyStore(String str, PasswordConfig passwordConfig) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        return loadKeyStore(str, passwordConfig, null);
    }

    @Deprecated
    public static KeyStore loadKeyStore(String str, PasswordConfig passwordConfig, String str2) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        String str3 = (str2 == null || str2.trim().isEmpty()) ? DEFAULT_KEYSTORE_TYPE : str2;
        LOG.debug("Getting {} keystore instance...", str3);
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream openStream = ResourceUtil.getResourcePath(str).openStream();
        Throwable th = null;
        try {
            try {
                keyStore.load(openStream, passwordConfig.getValue().toCharArray());
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    @Deprecated
    public static void printKeyStore(String str, String str2, PasswordConfig passwordConfig) {
        LOG.info("Using {} at location {}", str, str2);
        try {
            KeyStore loadKeyStore = loadKeyStore(str2, passwordConfig);
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                LOG.info("Found key with alias \"{}\": {}", nextElement, loadKeyStore.getCertificate(nextElement));
            }
        } catch (Exception e) {
            LOG.error("Error during loading and printing of keystore: {}", e.getMessage(), e);
        }
        LOG.info("End of {} at location {}", str, str2);
    }

    @Deprecated
    public static void validateCertificateStore(String str, String str2, PasswordConfig passwordConfig, boolean z) {
        validateCertificateStore(str, str2, passwordConfig, null, z);
    }

    @Deprecated
    public static void validateCertificateStore(String str, String str2, PasswordConfig passwordConfig, String str3, boolean z) {
        Date date = new Date();
        try {
            KeyStore loadKeyStore = loadKeyStore(str2, passwordConfig, str3);
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = loadKeyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String x500Principal = x509Certificate.getSubjectX500Principal().toString();
                    if (z) {
                        logValidationResult(date, nextElement, x509Certificate, x500Principal);
                    }
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new InvalidKeystoreException(String.format("Could not validate %s from %s", str, str2), e);
        }
    }
}
