package jp.ad.sinet.stream.utils;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import jp.ad.sinet.stream.api.SinetStreamIOException;
import org.apache.commons.rng.RestorableUniformRandomProvider;
import org.apache.commons.rng.simple.RandomSource;
import org.apache.commons.text.RandomStringGenerator;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:jp/ad/sinet/stream/utils/KeyStoreUtil.class */
public class KeyStoreUtil {
    private final Map<String, String> params;

    private KeyStoreUtil(Map<String, String> map) {
        this.params = map;
    }

    public static Map<String, String> setupKeyStore(Map<String, String> map) {
        return new KeyStoreUtil(map).getKeyStoreParams();
    }

    private Map<String, String> getKeyStoreParams() {
        HashMap hashMap = new HashMap();
        String generatePassword = generatePassword();
        String generatePassword2 = generatePassword();
        Optional.ofNullable(this.params.get("ca_certs")).ifPresent(str -> {
            try {
                hashMap.put("trustStore", x509ToKeyStore(str, generatePassword, "ca").toAbsolutePath().normalize().toString());
                hashMap.put("trustStoreType", "JKS");
                hashMap.put("trustStorePassword", generatePassword);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new SinetStreamIOException(e);
            }
        });
        Optional.ofNullable(this.params.get("certfile")).ifPresent(str2 -> {
            try {
                hashMap.put("keyStore", keyPairToKeyStore(str2, this.params.get("keyfile"), this.params.get("keyfilePassword"), generatePassword2).toAbsolutePath().normalize().toString());
                hashMap.put("keyStoreType", "JKS");
                hashMap.put("keyStorePassword", generatePassword2);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new SinetStreamIOException(e);
            }
        });
        return hashMap;
    }

    private String generatePassword() {
        RestorableUniformRandomProvider create = RandomSource.create(RandomSource.MT);
        RandomStringGenerator.Builder withinRange = new RandomStringGenerator.Builder().withinRange(33, 126);
        create.getClass();
        return withinRange.usingRandom(create::nextInt).build().generate(16);
    }

    private Path x509ToKeyStore(String str, String str2, String str3) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore;
        Path createTempFile;
        OutputStream newOutputStream;
        Throwable th;
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th2 = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, str2.toCharArray());
                keyStore.setCertificateEntry(str3, x509Certificate);
                createTempFile = Files.createTempFile(null, ".jks", new FileAttribute[0]);
                newOutputStream = Files.newOutputStream(createTempFile, new OpenOption[0]);
                th = null;
            } finally {
            }
            try {
                try {
                    keyStore.store(newOutputStream, str2.toCharArray());
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    createTempFile.toFile().deleteOnExit();
                    return createTempFile;
                } finally {
                }
            } catch (Throwable th5) {
                if (newOutputStream != null) {
                    if (th != null) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (newInputStream != null) {
                if (th2 != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th8) {
                        th2.addSuppressed(th8);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th7;
        }
    }

    private Path keyPairToKeyStore(String str, String str2, String str3, String str4) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, str4.toCharArray());
        X509Certificate loadX509File = loadX509File(str);
        keyStore.setCertificateEntry("client", loadX509File);
        keyStore.setEntry("client", new KeyStore.PrivateKeyEntry(loadPrivateKey(str2, str3), new Certificate[]{loadX509File}), new KeyStore.PasswordProtection(str4.toCharArray()));
        Path createTempFile = Files.createTempFile(null, ".jks", new FileAttribute[0]);
        OutputStream newOutputStream = Files.newOutputStream(createTempFile, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.store(newOutputStream, str4.toCharArray());
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                createTempFile.toFile().deleteOnExit();
                return createTempFile;
            } finally {
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th3;
        }
    }

    private X509Certificate loadX509File(String str) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    private PrivateKey loadPrivateKey(String str, String str2) throws IOException {
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(Paths.get(str, new String[0])));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            if (readObject instanceof PEMEncryptedKeyPair) {
                PrivateKey privateKey = jcaPEMKeyConverter.getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str2.toCharArray())).getPrivateKeyInfo());
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return privateKey;
            }
            PrivateKey privateKey2 = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return privateKey2;
        } catch (Throwable th4) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th4;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
