package org.xipki.ca.server.mgmt;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.mgmt.CaConf;
import org.xipki.ca.api.mgmt.CaConfType;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaProfileEntry;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.mgmt.entry.KeypairGenEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.api.mgmt.entry.SignerEntry;
import org.xipki.ca.server.CaUtil;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.util.JSON;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.FileOrValue;
import org.xipki.util.LogUtil;
import org.xipki.util.exception.InvalidConfException;
import org.xipki.util.exception.ObjectCreationException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/ca-server-6.4.0.jar:org/xipki/ca/server/mgmt/ConfLoader.class */
public class ConfLoader {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ConfLoader.class);
    private final CaManagerImpl manager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfLoader(CaManagerImpl caManagerImpl) {
        this.manager = (CaManagerImpl) Args.notNull(caManagerImpl, "manager");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, X509Cert> loadConf(InputStream inputStream) throws CaMgmtException {
        this.manager.assertMasterModeAndSetuped();
        Args.notNull(inputStream, "zippedConfStream");
        SecurityFactory securityFactory = this.manager.securityFactory;
        try {
            CaConf caConf = new CaConf(inputStream, securityFactory);
            HashMap hashMap = new HashMap(2);
            for (String str : caConf.getDbSchemaNames()) {
                this.manager.addDbSchema(str, caConf.getDbSchema(str));
            }
            for (String str2 : caConf.getKeypairGenNames()) {
                KeypairGenEntry keypairGen = caConf.getKeypairGen(str2);
                KeypairGenEntry keypairGenEntry = this.manager.keypairGenDbEntries.get(str2);
                if (keypairGenEntry == null) {
                    try {
                        this.manager.addKeypairGen(keypairGen);
                        LOG.info("added keypairGen {}", str2);
                    } catch (CaMgmtException e) {
                        String str3 = "could not add keypairGen " + str2;
                        LogUtil.error(LOG, e, str3);
                        throw new CaMgmtException(str3);
                    }
                } else {
                    if (!keypairGen.equals(keypairGenEntry)) {
                        throw logAndCreateException("keypairGen " + str2 + " existed, could not re-added it");
                    }
                    LOG.info("ignore existed keypairGen {}", str2);
                }
            }
            for (String str4 : caConf.getSignerNames()) {
                SignerEntry signer = caConf.getSigner(str4);
                SignerEntry signerEntry = this.manager.signerDbEntries.get(str4);
                if (signerEntry == null) {
                    try {
                        this.manager.addSigner(signer);
                        LOG.info("added signer {}", str4);
                    } catch (CaMgmtException e2) {
                        String str5 = "could not add signer " + str4;
                        LogUtil.error(LOG, e2, str5);
                        throw new CaMgmtException(str5);
                    }
                } else {
                    if (!signer.equals(signerEntry)) {
                        throw logAndCreateException("signer " + str4 + " existed, could not re-added it");
                    }
                    LOG.info("ignore existed signer {}", str4);
                }
            }
            for (String str6 : caConf.getRequestorNames()) {
                RequestorEntry requestor = caConf.getRequestor(str6);
                RequestorEntry requestor2 = this.manager.getRequestor(str6);
                if (requestor2 == null) {
                    try {
                        this.manager.addRequestor(requestor);
                        LOG.info("added cert-based requestor {}", str6);
                    } catch (CaMgmtException e3) {
                        String str7 = "could not add cert-based requestor " + str6;
                        LogUtil.error(LOG, e3, str7);
                        throw new CaMgmtException(str7);
                    }
                } else {
                    if (!requestor.equals(requestor2, true)) {
                        throw logAndCreateException("cert-based requestor " + str6 + " existed, could not re-added it");
                    }
                    LOG.info("ignore existed cert-based requestor {}", str6);
                }
            }
            for (String str8 : caConf.getPublisherNames()) {
                PublisherEntry publisher = caConf.getPublisher(str8);
                PublisherEntry publisher2 = this.manager.getPublisher(str8);
                if (publisher2 == null) {
                    try {
                        this.manager.addPublisher(publisher);
                        LOG.info("added publisher {}", str8);
                    } catch (CaMgmtException e4) {
                        String str9 = "could not add publisher " + str8;
                        LogUtil.error(LOG, e4, str9);
                        throw new CaMgmtException(str9);
                    }
                } else {
                    if (!publisher.equals(publisher2, true)) {
                        throw logAndCreateException("publisher " + str8 + " existed, could not re-added it");
                    }
                    LOG.info("ignore existed publisher {}", str8);
                }
            }
            for (String str10 : caConf.getCertprofileNames()) {
                CertprofileEntry certprofile = caConf.getCertprofile(str10);
                CertprofileEntry certprofile2 = this.manager.getCertprofile(str10);
                if (certprofile2 == null) {
                    try {
                        this.manager.addCertprofile(certprofile);
                        LOG.info("added certprofile {}", str10);
                    } catch (CaMgmtException e5) {
                        String str11 = "could not add certprofile " + str10;
                        LogUtil.error(LOG, e5, str11);
                        throw new CaMgmtException(str11);
                    }
                } else {
                    if (!certprofile.equals(certprofile2, true)) {
                        throw logAndCreateException("certprofile " + str10 + " existed, could not re-added it");
                    }
                    LOG.info("ignore existed certprofile {}", str10);
                }
            }
            for (String str12 : caConf.getCaNames()) {
                CaConf.SingleCa ca = caConf.getCa(str12);
                CaConf.GenSelfIssued genSelfIssued = ca.getGenSelfIssued();
                CaEntry caEntry = ca.getCaEntry();
                if (caEntry != null) {
                    if (this.manager.caInfos.containsKey(str12)) {
                        CaEntry caEntry2 = this.manager.caInfos.get(str12).getCaEntry();
                        if (caEntry.getCert() == null && genSelfIssued != null) {
                            try {
                                ConcurrentContentSigner createSigner = securityFactory.createSigner(caEntry.getSignerType(), new SignerConf(caEntry.getSignerConf()), (X509Cert) null);
                                try {
                                    caEntry.setCert(createSigner.getCertificate());
                                    if (createSigner != null) {
                                        createSigner.close();
                                    }
                                } catch (Throwable th) {
                                    if (createSigner != null) {
                                        try {
                                            createSigner.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    }
                                    throw th;
                                }
                            } catch (IOException | ObjectCreationException e6) {
                                throw new CaMgmtException("could not create signer for CA " + str12, e6);
                            }
                        }
                        if (!caEntry.equals(caEntry2, true, true)) {
                            throw logAndCreateException("CA " + str12 + " existed, could not re-added it");
                        }
                        LOG.info("ignore existing CA {}", str12);
                    } else if (genSelfIssued != null) {
                        X509Cert generateRootCa = this.manager.generateRootCa(caEntry, genSelfIssued.getProfile(), genSelfIssued.getSubject(), genSelfIssued.getSerialNumber(), genSelfIssued.getNotBefore(), genSelfIssued.getNotAfter());
                        LOG.info("generated root CA {}", str12);
                        hashMap.put(str12, generateRootCa);
                    } else {
                        try {
                            this.manager.addCa(caEntry);
                            LOG.info("added CA {}", str12);
                        } catch (CaMgmtException e7) {
                            String str13 = "could not add CA " + str12;
                            LogUtil.error(LOG, e7, str13);
                            throw new CaMgmtException(str13);
                        }
                    }
                }
                if (ca.getAliases() != null) {
                    Set<String> aliasesForCa = this.manager.getAliasesForCa(str12);
                    for (String str14 : ca.getAliases()) {
                        if (aliasesForCa == null || !aliasesForCa.contains(str14)) {
                            try {
                                this.manager.addCaAlias(str14, str12);
                                LOG.info("associated alias {} to CA {}", str14, str12);
                            } catch (CaMgmtException e8) {
                                String str15 = "could not associate alias " + str14 + " to CA " + str12;
                                LogUtil.error(LOG, e8, str15);
                                throw new CaMgmtException(str15);
                            }
                        } else {
                            LOG.info("ignored adding existing CA alias {} to CA {}", str14, str12);
                        }
                    }
                }
                if (ca.getProfileNames() != null) {
                    for (String str16 : ca.getProfileNames()) {
                        try {
                            this.manager.addCertprofileToCa(str16, str12);
                            LOG.info("added certprofile {} to CA {}", str16, str12);
                        } catch (CaMgmtException e9) {
                            String str17 = "could not add certprofile " + str16 + " to CA " + str12;
                            LogUtil.error(LOG, e9, str17);
                            throw new CaMgmtException(str17);
                        }
                    }
                }
                if (ca.getPublisherNames() != null) {
                    Set<String> set = this.manager.caHasPublishers.get(str12);
                    for (String str18 : ca.getPublisherNames()) {
                        if (set == null || !set.contains(str18)) {
                            try {
                                this.manager.addPublisherToCa(str18, str12);
                                LOG.info("added publisher {} to CA {}", str18, str12);
                            } catch (CaMgmtException e10) {
                                String str19 = "could not add publisher " + str18 + " to CA " + str12;
                                LogUtil.error(LOG, e10, str19);
                                throw new CaMgmtException(str19);
                            }
                        } else {
                            LOG.info("ignored adding publisher {} to CA {}", str18, str12);
                        }
                    }
                }
                if (ca.getRequestors() != null) {
                    Set<CaHasRequestorEntry> set2 = this.manager.caHasRequestors.get(str12);
                    for (CaHasRequestorEntry caHasRequestorEntry : ca.getRequestors()) {
                        String name = caHasRequestorEntry.getRequestorIdent().getName();
                        CaHasRequestorEntry caHasRequestorEntry2 = null;
                        if (set2 != null) {
                            Iterator<CaHasRequestorEntry> it = set2.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                CaHasRequestorEntry next = it.next();
                                if (next.getRequestorIdent().getName().equals(name)) {
                                    caHasRequestorEntry2 = next;
                                    break;
                                }
                            }
                        }
                        if (caHasRequestorEntry2 == null) {
                            try {
                                this.manager.addRequestorToCa(caHasRequestorEntry, str12);
                                LOG.info("added publisher {} to CA {}", name, str12);
                            } catch (CaMgmtException e11) {
                                String str20 = "could not add requestor " + name + " to CA " + str12;
                                LogUtil.error(LOG, e11, str20);
                                throw new CaMgmtException(str20);
                            }
                        } else {
                            if (!caHasRequestorEntry.equals(caHasRequestorEntry2, true)) {
                                throw logAndCreateException("could not add requestor " + name + " to CA" + str12);
                            }
                            LOG.info("ignored adding requestor {} to CA {}", name, str12);
                        }
                    }
                }
            }
            if (hashMap.isEmpty()) {
                return null;
            }
            return hashMap;
        } catch (IOException | InvalidConfException e12) {
            throw new CaMgmtException("could not parse the CA configuration", e12);
        } catch (RuntimeException e13) {
            throw new CaMgmtException("caught RuntimeException while parsing the CA configuration", e13);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InputStream exportConf(List<String> list) throws CaMgmtException, IOException {
        ArrayList arrayList;
        this.manager.assertMasterModeAndSetuped();
        if (list != null) {
            ArrayList arrayList2 = new ArrayList(list.size());
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                String lowerCase = it.next().toLowerCase();
                if (this.manager.x509cas.containsKey(lowerCase)) {
                    arrayList2.add(lowerCase);
                }
            }
            arrayList = arrayList2;
        } else {
            arrayList = new ArrayList(this.manager.x509cas.keySet());
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1048576);
        CaConfType.CaSystem caSystem = new CaConfType.CaSystem();
        ZipOutputStream zipOutputStream = new ZipOutputStream(byteArrayOutputStream);
        try {
            zipOutputStream.setLevel(1);
            caSystem.setDbSchemas(this.manager.getDbSchemas());
            if (CollectionUtil.isNotEmpty(arrayList)) {
                LinkedList linkedList = new LinkedList();
                for (String str : this.manager.x509cas.keySet()) {
                    if (arrayList.contains(str)) {
                        CaConfType.Ca ca = new CaConfType.Ca();
                        ca.setName(str);
                        Set<String> aliasesForCa = this.manager.getAliasesForCa(str);
                        if (CollectionUtil.isNotEmpty(aliasesForCa)) {
                            ca.setAliases(new ArrayList(aliasesForCa));
                        }
                        Set<CaHasRequestorEntry> set = this.manager.caHasRequestors.get(str);
                        if (CollectionUtil.isNotEmpty(set)) {
                            ca.setRequestors(new ArrayList());
                            for (CaHasRequestorEntry caHasRequestorEntry : set) {
                                String name = caHasRequestorEntry.getRequestorIdent().getName();
                                CaConfType.CaHasRequestor caHasRequestor = new CaConfType.CaHasRequestor();
                                caHasRequestor.setRequestorName(name);
                                caHasRequestor.setProfiles(new ArrayList(caHasRequestorEntry.getProfiles()));
                                caHasRequestor.setPermissions(CaUtil.getPermissions(caHasRequestorEntry.getPermission()));
                                ca.getRequestors().add(caHasRequestor);
                            }
                        }
                        Set<CaProfileEntry> set2 = this.manager.caHasProfiles.get(str);
                        if (CollectionUtil.isNotEmpty(set2)) {
                            ArrayList arrayList3 = new ArrayList(set2.size());
                            Iterator<CaProfileEntry> it2 = set2.iterator();
                            while (it2.hasNext()) {
                                arrayList3.add(it2.next().getEncoded());
                            }
                            Collections.sort(arrayList3);
                            ca.setProfiles(arrayList3);
                        }
                        Set<String> set3 = this.manager.caHasPublishers.get(str);
                        if (CollectionUtil.isNotEmpty(set3)) {
                            ca.setPublishers(new ArrayList(set3));
                        }
                        CaConfType.CaInfo caInfo = new CaConfType.CaInfo();
                        ca.setCaInfo(caInfo);
                        CaEntry caEntry = this.manager.x509cas.get(str).getCaInfo().getCaEntry();
                        CaUris caUris = caEntry.getCaUris();
                        if (caUris != null) {
                            CaConfType.CaUris caUris2 = new CaConfType.CaUris();
                            caUris2.setCacertUris(caUris.getCacertUris());
                            caUris2.setOcspUris(caUris.getOcspUris());
                            caUris2.setCrlUris(caUris.getCrlUris());
                            caUris2.setDeltaCrlUris(caUris.getDeltaCrlUris());
                            caInfo.setCaUris(caUris2);
                        }
                        caInfo.setCert(CaUtil.createFileOrBinary(zipOutputStream, caEntry.getCert().getEncoded(), "files/ca-" + str + "-cert.der"));
                        List<X509Cert> certchain = caEntry.getCertchain();
                        if (CollectionUtil.isNotEmpty(certchain)) {
                            LinkedList linkedList2 = new LinkedList();
                            for (int i = 0; i < certchain.size(); i++) {
                                linkedList2.add(CaUtil.createFileOrBinary(zipOutputStream, certchain.get(i).getEncoded(), "files/ca-" + str + "-certchain-" + i + ".der"));
                            }
                            caInfo.setCertchain(linkedList2);
                        }
                        if (caEntry.getCrlControl() != null) {
                            caInfo.setCrlControl(new HashMap(new ConfPairs(caEntry.getCrlControl().getConf()).asMap()));
                        }
                        if (caEntry.getCrlSignerName() != null) {
                            caInfo.setCrlSignerName(caEntry.getCrlSignerName());
                        }
                        if (caEntry.getCtlogControl() != null) {
                            caInfo.setCtlogControl(new HashMap(new ConfPairs(caEntry.getCtlogControl().getConf()).asMap()));
                        }
                        caInfo.setExpirationPeriod(Integer.valueOf(caEntry.getExpirationPeriod()));
                        if (caEntry.getExtraControl() != null) {
                            caInfo.setExtraControl(caEntry.getExtraControl().asMap());
                        }
                        caInfo.setKeepExpiredCertDays(Integer.valueOf(caEntry.getKeepExpiredCertInDays()));
                        caInfo.setMaxValidity(caEntry.getMaxValidity().toString());
                        caInfo.setNextCrlNo(caEntry.getNextCrlNumber());
                        caInfo.setNumCrls(Integer.valueOf(caEntry.getNumCrls()));
                        caInfo.setPermissions(CaUtil.getPermissions(caEntry.getPermission()));
                        if (caEntry.getRevokeSuspendedControl() != null) {
                            caInfo.setRevokeSuspendedControl(new HashMap(new ConfPairs(caEntry.getRevokeSuspendedControl().getConf()).asMap()));
                        }
                        caInfo.setSaveCert(caEntry.isSaveCert());
                        caInfo.setSaveKeypair(caEntry.isSaveKeypair());
                        if (caEntry.getKeypairGenNames() != null) {
                            caInfo.setKeypairGenNames(caEntry.getKeypairGenNames());
                        }
                        caInfo.setSignerConf(CaUtil.createFileOrValue(zipOutputStream, caEntry.getSignerConf(), "files/ca-" + str + "-signerconf.conf"));
                        caInfo.setSignerType(caEntry.getSignerType());
                        caInfo.setSnSize(caEntry.getSerialNoLen());
                        caInfo.setStatus(caEntry.getStatus().getStatus());
                        caInfo.setValidityMode(caEntry.getValidityMode().name());
                        linkedList.add(ca);
                    }
                }
                if (!linkedList.isEmpty()) {
                    caSystem.setCas(linkedList);
                }
            }
            if (CollectionUtil.isNotEmpty(this.manager.requestorDbEntries)) {
                LinkedList linkedList3 = new LinkedList();
                for (String str2 : this.manager.requestorDbEntries.keySet()) {
                    RequestorEntry requestorEntry = this.manager.requestorDbEntries.get(str2);
                    CaConfType.Requestor requestor = new CaConfType.Requestor();
                    requestor.setName(str2);
                    requestor.setType(requestorEntry.getType());
                    if (RequestorEntry.TYPE_CERT.equalsIgnoreCase(requestorEntry.getType())) {
                        requestor.setBinaryConf(CaUtil.createFileOrBinary(zipOutputStream, Base64.decode(requestorEntry.getConf()), "files/requestor-" + str2 + ".der"));
                    } else {
                        requestor.setConf(CaUtil.createFileOrValue(zipOutputStream, requestorEntry.getConf(), "files/requestor-" + str2 + ".conf"));
                    }
                    linkedList3.add(requestor);
                }
                if (!linkedList3.isEmpty()) {
                    caSystem.setRequestors(linkedList3);
                }
            }
            if (CollectionUtil.isNotEmpty(this.manager.publisherDbEntries)) {
                LinkedList linkedList4 = new LinkedList();
                for (String str3 : this.manager.publisherDbEntries.keySet()) {
                    PublisherEntry publisherEntry = this.manager.publisherDbEntries.get(str3);
                    CaConfType.NameTypeConf nameTypeConf = new CaConfType.NameTypeConf();
                    nameTypeConf.setName(str3);
                    nameTypeConf.setType(publisherEntry.getType());
                    nameTypeConf.setConf(CaUtil.createFileOrValue(zipOutputStream, publisherEntry.getConf(), "files/publisher-" + str3 + ".conf"));
                    linkedList4.add(nameTypeConf);
                }
                if (!linkedList4.isEmpty()) {
                    caSystem.setPublishers(linkedList4);
                }
            }
            if (CollectionUtil.isNotEmpty(this.manager.certprofileDbEntries)) {
                LinkedList linkedList5 = new LinkedList();
                for (String str4 : this.manager.certprofileDbEntries.keySet()) {
                    CertprofileEntry certprofileEntry = this.manager.certprofileDbEntries.get(str4);
                    CaConfType.NameTypeConf nameTypeConf2 = new CaConfType.NameTypeConf();
                    nameTypeConf2.setName(str4);
                    nameTypeConf2.setType(certprofileEntry.getType());
                    nameTypeConf2.setConf(CaUtil.createFileOrValue(zipOutputStream, certprofileEntry.getConf(), "files/certprofile-" + str4 + ".conf"));
                    linkedList5.add(nameTypeConf2);
                }
                if (!linkedList5.isEmpty()) {
                    caSystem.setProfiles(linkedList5);
                }
            }
            if (CollectionUtil.isNotEmpty(this.manager.signerDbEntries)) {
                LinkedList linkedList6 = new LinkedList();
                for (String str5 : this.manager.signerDbEntries.keySet()) {
                    SignerEntry signerEntry = this.manager.signerDbEntries.get(str5);
                    CaConfType.Signer signer = new CaConfType.Signer();
                    signer.setName(str5);
                    signer.setType(signerEntry.getType());
                    signer.setConf(CaUtil.createFileOrValue(zipOutputStream, signerEntry.getConf(), "files/signer-" + str5 + ".conf"));
                    signer.setCert(CaUtil.createFileOrBase64Value(zipOutputStream, signerEntry.getBase64Cert(), "files/signer-" + str5 + ".der"));
                    linkedList6.add(signer);
                }
                if (!linkedList6.isEmpty()) {
                    caSystem.setSigners(linkedList6);
                }
            }
            if (CollectionUtil.isNotEmpty(this.manager.keypairGenDbEntries)) {
                LinkedList linkedList7 = new LinkedList();
                for (String str6 : this.manager.keypairGenDbEntries.keySet()) {
                    KeypairGenEntry keypairGenEntry = this.manager.keypairGenDbEntries.get(str6);
                    CaConfType.NameTypeConf nameTypeConf3 = new CaConfType.NameTypeConf();
                    nameTypeConf3.setName(str6);
                    nameTypeConf3.setType(keypairGenEntry.getType());
                    if (keypairGenEntry.getConf() != null) {
                        FileOrValue fileOrValue = new FileOrValue();
                        fileOrValue.setValue(keypairGenEntry.getConf());
                        nameTypeConf3.setConf(fileOrValue);
                    }
                    linkedList7.add(nameTypeConf3);
                }
                if (!linkedList7.isEmpty()) {
                    caSystem.setKeypairGens(linkedList7);
                }
            }
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                try {
                    caSystem.validate();
                    JSON.writePrettyJSON(caSystem, byteArrayOutputStream2);
                    zipOutputStream.putNextEntry(new ZipEntry("caconf.json"));
                    try {
                        zipOutputStream.write(byteArrayOutputStream2.toByteArray());
                        zipOutputStream.closeEntry();
                        byteArrayOutputStream2.close();
                        zipOutputStream.close();
                        return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    } catch (Throwable th) {
                        zipOutputStream.closeEntry();
                        throw th;
                    }
                } catch (Throwable th2) {
                    try {
                        byteArrayOutputStream2.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                    throw th2;
                }
            } catch (InvalidConfException e) {
                LogUtil.error(LOG, e, "could not marshal CAConf");
                throw new CaMgmtException("could not marshal CAConf: " + e.getMessage(), e);
            }
        } catch (Throwable th4) {
            try {
                zipOutputStream.close();
            } catch (Throwable th5) {
                th4.addSuppressed(th5);
            }
            throw th4;
        }
    }

    private static CaMgmtException logAndCreateException(String str) {
        LOG.error(str);
        return new CaMgmtException(str);
    }
}
