package org.apache.knox.gateway.services.security.impl;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.nio.channels.Channels;
import java.nio.channels.FileChannel;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.filefilter.PrefixFileFilter;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.knox.gateway.GatewayMessages;
import org.apache.knox.gateway.GatewayResources;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.i18n.resources.ResourcesFactory;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.security.KeystoreService;
import org.apache.knox.gateway.services.security.KeystoreServiceException;
import org.apache.knox.gateway.services.security.MasterService;
import org.apache.knox.gateway.util.X509CertificateUtil;

/* loaded from: input_file:org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.class */
public class DefaultKeystoreService implements KeystoreService {
    private static final String DN_TEMPLATE = "CN={0},OU=ONYX,O=OPTIMASIDATA,L=Jakarta,ST=Jakarta,C=ID";
    public static final String CREDENTIALS_SUFFIX = "-credentials.";
    private static final String CERT_GEN_MODE = "hadoop.gateway.cert.gen.mode";
    private static final String CERT_GEN_MODE_LOCALHOST = "localhost";
    private static final String CERT_GEN_MODE_HOSTNAME = "hostname";
    private static GatewayMessages LOG = (GatewayMessages) MessagesFactory.get(GatewayMessages.class);
    private static GatewayResources RES = (GatewayResources) ResourcesFactory.get(GatewayResources.class);
    Cache<CacheKey, String> cache;
    private GatewayConfig config;
    private MasterService masterService;
    private Path keyStoreDirPath;
    private String credentialStoreAlgorithm;
    private String credentialStoreType;
    private String credentialsSuffix;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/knox/gateway/services/security/impl/DefaultKeystoreService$CacheKey.class */
    public static class CacheKey {
        private final String clusterName;
        private final String alias;

        private CacheKey(String str, String str2) {
            this.clusterName = str;
            this.alias = str2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static CacheKey of(String str, String str2) {
            return new CacheKey(str, str2);
        }

        public int hashCode() {
            return HashCodeBuilder.reflectionHashCode(this, new String[0]);
        }

        public boolean equals(Object obj) {
            return EqualsBuilder.reflectionEquals(this, obj, new String[0]);
        }
    }

    public void setMasterService(MasterService masterService) {
        this.masterService = masterService;
    }

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        this.config = gatewayConfig;
        this.keyStoreDirPath = Paths.get(gatewayConfig.getGatewayKeystoreDir(), new String[0]);
        if (Files.notExists(this.keyStoreDirPath, new LinkOption[0])) {
            try {
                Files.createDirectories(this.keyStoreDirPath, new FileAttribute[0]);
            } catch (IOException e) {
                throw new ServiceLifecycleException(RES.failedToCreateKeyStoreDirectory(this.keyStoreDirPath.toString()));
            }
        }
        if (this.cache == null) {
            this.cache = Caffeine.newBuilder().expireAfterAccess(gatewayConfig.getKeystoreCacheEntryTimeToLiveInMinutes(), TimeUnit.MINUTES).maximumSize(gatewayConfig.getKeystoreCacheSizeLimit()).build();
        }
        this.credentialStoreAlgorithm = gatewayConfig.getCredentialStoreAlgorithm();
        this.credentialStoreType = gatewayConfig.getCredentialStoreType();
        this.credentialsSuffix = CREDENTIALS_SUFFIX + this.credentialStoreType.toLowerCase(Locale.ROOT);
    }

    public void start() throws ServiceLifecycleException {
    }

    public void stop() throws ServiceLifecycleException {
    }

    public void createKeystoreForGateway() throws KeystoreServiceException {
        createKeyStore(Paths.get(this.config.getIdentityKeystorePath(), new String[0]), this.config.getIdentityKeystoreType(), getKeyStorePassword(this.config.getIdentityKeystorePasswordAlias()));
    }

    public KeyStore getKeystoreForGateway() throws KeystoreServiceException {
        return getKeystore(Paths.get(this.config.getIdentityKeystorePath(), new String[0]), this.config.getIdentityKeystoreType(), this.config.getIdentityKeystorePasswordAlias(), true);
    }

    public KeyStore getTruststoreForHttpClient() throws KeystoreServiceException {
        String httpClientTruststorePath = this.config.getHttpClientTruststorePath();
        if (httpClientTruststorePath == null) {
            return null;
        }
        return getKeystore(Paths.get(httpClientTruststorePath, new String[0]), this.config.getHttpClientTruststoreType(), this.config.getHttpClientTruststorePasswordAlias(), true);
    }

    public KeyStore getSigningKeystore() throws KeystoreServiceException {
        return getSigningKeystore(null);
    }

    public KeyStore getSigningKeystore(String str) throws KeystoreServiceException {
        Path path;
        String signingKeystoreType;
        String signingKeystorePasswordAlias;
        if (str != null) {
            path = this.keyStoreDirPath.resolve(String.valueOf(str) + ".jks");
            signingKeystoreType = "jks";
            signingKeystorePasswordAlias = null;
        } else {
            path = Paths.get(this.config.getSigningKeystorePath(), new String[0]);
            signingKeystoreType = this.config.getSigningKeystoreType();
            signingKeystorePasswordAlias = this.config.getSigningKeystorePasswordAlias();
        }
        return getKeystore(path, signingKeystoreType, signingKeystorePasswordAlias, true);
    }

    public void addSelfSignedCertForGateway(String str, char[] cArr) throws KeystoreServiceException {
        addSelfSignedCertForGateway(str, cArr, null);
    }

    public void addSelfSignedCertForGateway(String str, char[] cArr, String str2) throws KeystoreServiceException {
        addCertForGateway(str, cArr, str2);
    }

    private synchronized void addCertForGateway(String str, char[] cArr, String str2) throws KeystoreServiceException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (str2 == null) {
                str2 = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST);
            }
            X509Certificate generateCertificate = str2.equals(CERT_GEN_MODE_HOSTNAME) ? X509CertificateUtil.generateCertificate(buildDistinguishedName(InetAddress.getLocalHost().getHostName()), generateKeyPair, 365, "SHA1withRSA") : X509CertificateUtil.generateCertificate(buildDistinguishedName(str2), generateKeyPair, 365, "SHA1withRSA");
            KeyStore keystoreForGateway = getKeystoreForGateway();
            keystoreForGateway.setKeyEntry(str, generateKeyPair.getPrivate(), cArr, new Certificate[]{generateCertificate});
            writeKeyStoreToFile(keystoreForGateway, Paths.get(this.config.getIdentityKeystorePath(), new String[0]), getKeyStorePassword(this.config.getIdentityKeystorePasswordAlias()));
        } catch (IOException | GeneralSecurityException e) {
            LOG.failedToAddSeflSignedCertForGateway(str, e);
            throw new KeystoreServiceException(e);
        }
    }

    private String buildDistinguishedName(String str) {
        return new MessageFormat(DN_TEMPLATE, Locale.ROOT).format(new String[]{str});
    }

    public void createCredentialStoreForCluster(String str) throws KeystoreServiceException {
        checkExistingCredentialStore(str);
        createKeyStore(this.keyStoreDirPath.resolve(String.valueOf(str) + this.credentialsSuffix), this.credentialStoreType, this.masterService.getMasterSecret());
    }

    private void checkExistingCredentialStore(String str) {
        File[] listFiles = this.keyStoreDirPath.toFile().listFiles((FileFilter) new PrefixFileFilter(String.valueOf(str) + CREDENTIALS_SUFFIX));
        if (listFiles != null) {
            for (File file : listFiles) {
                String extension = FilenameUtils.getExtension(file.getName());
                if (!this.credentialStoreType.equals(extension)) {
                    LOG.credentialStoreForClusterFoundWithDifferentType(str, extension);
                }
            }
        }
    }

    public boolean isCredentialStoreForClusterAvailable(String str) throws KeystoreServiceException {
        try {
            return isKeyStoreAvailable(this.keyStoreDirPath.resolve(String.valueOf(str) + this.credentialsSuffix), this.credentialStoreType, this.masterService.getMasterSecret());
        } catch (IOException | KeyStoreException e) {
            throw new KeystoreServiceException(e);
        }
    }

    public boolean isKeystoreForGatewayAvailable() throws KeystoreServiceException {
        try {
            return isKeyStoreAvailable(Paths.get(this.config.getIdentityKeystorePath(), new String[0]), this.config.getIdentityKeystoreType(), getKeyStorePassword(this.config.getIdentityKeystorePasswordAlias()));
        } catch (IOException | KeyStoreException e) {
            throw new KeystoreServiceException(e);
        }
    }

    public Key getKeyForGateway(char[] cArr) throws KeystoreServiceException {
        return getKeyForGateway(this.config.getIdentityKeyAlias(), cArr);
    }

    public Key getKeyForGateway(String str, char[] cArr) throws KeystoreServiceException {
        return getKeyFromKeystore(getKeystoreForGateway(), str, cArr);
    }

    public Certificate getCertificateForGateway() throws KeystoreServiceException, KeyStoreException {
        KeyStore keystoreForGateway = getKeystoreForGateway();
        if (keystoreForGateway == null) {
            return null;
        }
        return keystoreForGateway.getCertificate(this.config.getIdentityKeyAlias());
    }

    public Key getSigningKey(String str, char[] cArr) throws KeystoreServiceException {
        return getSigningKey(null, str, cArr);
    }

    public Key getSigningKey(String str, String str2, char[] cArr) throws KeystoreServiceException {
        return getKeyFromKeystore(getSigningKeystore(str), str2, cArr);
    }

    private Key getKeyFromKeystore(KeyStore keyStore, String str, char[] cArr) {
        Key key = null;
        if (cArr == null) {
            cArr = this.masterService.getMasterSecret();
            LOG.assumingKeyPassphraseIsMaster();
        }
        if (keyStore != null) {
            try {
                key = keyStore.getKey(str, cArr);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                LOG.failedToGetKeyForGateway(str, e);
            }
        }
        return key;
    }

    public KeyStore getCredentialStoreForCluster(String str) throws KeystoreServiceException {
        return getKeystore(this.keyStoreDirPath.resolve(String.valueOf(str) + this.credentialsSuffix), this.credentialStoreType, null, false);
    }

    public void addCredentialForCluster(String str, String str2, String str3) throws KeystoreServiceException {
        addCredentialsForCluster(str, Collections.singletonMap(str2, str3));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v16, types: [org.apache.knox.gateway.services.security.impl.DefaultKeystoreService] */
    /* JADX WARN: Type inference failed for: r0v22 */
    /* JADX WARN: Type inference failed for: r0v5 */
    public void addCredentialsForCluster(String str, Map<String, String> map) throws KeystoreServiceException {
        ?? r0 = this;
        synchronized (r0) {
            removeFromCache(str, map.keySet());
            KeyStore credentialStoreForCluster = getCredentialStoreForCluster(str);
            r0 = credentialStoreForCluster;
            if (r0 != 0) {
                try {
                    for (Map.Entry<String, String> entry : map.entrySet()) {
                        credentialStoreForCluster.setKeyEntry(entry.getKey(), new SecretKeySpec(entry.getValue().getBytes(StandardCharsets.UTF_8), this.credentialStoreAlgorithm), this.masterService.getMasterSecret(), null);
                    }
                    writeKeyStoreToFile(credentialStoreForCluster, this.keyStoreDirPath.resolve(String.valueOf(str) + this.credentialsSuffix), this.masterService.getMasterSecret());
                    r0 = this;
                    r0.addToCache(str, map);
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    LOG.failedToAddCredentialForCluster(str, e);
                }
            }
            r0 = r0;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't remove SSA var: r0v8 java.security.KeyStore, still in use, count: 1, list:
          (r0v8 java.security.KeyStore) from 0x0021: INVOKE (r0v12 ?? I:char[]) = 
          (r5v0 'this' org.apache.knox.gateway.services.security.impl.DefaultKeystoreService A[IMMUTABLE_TYPE, THIS])
          (r6v0 java.lang.String)
          (r7v0 java.lang.String)
          (r0v8 java.security.KeyStore)
         VIRTUAL call: org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.getCredentialForCluster(java.lang.String, java.lang.String, java.security.KeyStore):char[] A[Catch: KeystoreServiceException -> 0x0028, all -> 0x003b, MD:(java.lang.String, java.lang.String, java.security.KeyStore):char[] throws org.apache.knox.gateway.services.security.KeystoreServiceException (m)]
        	at jadx.core.utils.InsnRemover.removeSsaVar(InsnRemover.java:151)
        	at jadx.core.utils.InsnRemover.unbindResult(InsnRemover.java:116)
        	at jadx.core.dex.visitors.shrink.CodeShrinkVisitor.simplifyMoveInsns(CodeShrinkVisitor.java:289)
        	at jadx.core.dex.visitors.shrink.CodeShrinkVisitor.shrinkMethod(CodeShrinkVisitor.java:49)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.processForceInlineInsns(RegionMakerVisitor.java:83)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.postProcessRegions(RegionMakerVisitor.java:64)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:60)
        */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v12, types: [char[]] */
    /* JADX WARN: Type inference failed for: r0v5 */
    /* JADX WARN: Type inference failed for: r0v9 */
    public char[] getCredentialForCluster(java.lang.String r6, java.lang.String r7) throws org.apache.knox.gateway.services.security.KeystoreServiceException {
        /*
            r5 = this;
            r0 = r5
            r1 = r0
            r9 = r1
            monitor-enter(r0)
            r0 = r5
            r1 = r6
            r2 = r7
            char[] r0 = r0.checkCache(r1, r2)     // Catch: java.lang.Throwable -> L3b
            r8 = r0
            r0 = r8
            if (r0 != 0) goto L35
            r0 = r5
            r1 = r6
            java.security.KeyStore r0 = r0.getCredentialStoreForCluster(r1)     // Catch: java.lang.Throwable -> L3b
            r10 = r0
            r0 = r10
            if (r0 == 0) goto L35
            r0 = r5
            r1 = r6
            r2 = r7
            r3 = r10
            char[] r0 = r0.getCredentialForCluster(r1, r2, r3)     // Catch: org.apache.knox.gateway.services.security.KeystoreServiceException -> L28 java.lang.Throwable -> L3b
            r8 = r0
            goto L35
        L28:
            r11 = move-exception
            org.apache.knox.gateway.GatewayMessages r0 = org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.LOG     // Catch: java.lang.Throwable -> L3b
            r1 = r6
            r2 = r11
            r0.failedToGetCredentialForCluster(r1, r2)     // Catch: java.lang.Throwable -> L3b
        L35:
            r0 = r9
            monitor-exit(r0)     // Catch: java.lang.Throwable -> L3b
            goto L3f
        L3b:
            r1 = move-exception
            monitor-exit(r1)     // Catch: java.lang.Throwable -> L3b
            throw r0     // Catch: java.lang.Throwable -> L3b
        L3f:
            r0 = r8
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.getCredentialForCluster(java.lang.String, java.lang.String):char[]");
    }

    public char[] getCredentialForCluster(String str, String str2, KeyStore keyStore) throws KeystoreServiceException {
        try {
            char[] cArr = null;
            Key key = keyStore.getKey(str2, this.masterService.getMasterSecret());
            if (key == null) {
                key = keyStore.getKey(str2.toLowerCase(Locale.ROOT), this.masterService.getMasterSecret());
            }
            if (key != null) {
                String str3 = new String(key.getEncoded(), StandardCharsets.UTF_8);
                cArr = str3.toCharArray();
                addToCache(str, str2, str3);
            }
            return cArr;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeystoreServiceException(e);
        }
    }

    public void removeCredentialForCluster(String str, String str2) throws KeystoreServiceException {
        removeCredentialsForCluster(str, Collections.singleton(str2));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v14, types: [org.apache.knox.gateway.services.security.impl.DefaultKeystoreService] */
    /* JADX WARN: Type inference failed for: r0v21 */
    /* JADX WARN: Type inference failed for: r0v4 */
    public void removeCredentialsForCluster(String str, Set<String> set) throws KeystoreServiceException {
        ?? r0 = this;
        synchronized (r0) {
            KeyStore credentialStoreForCluster = getCredentialStoreForCluster(str);
            r0 = credentialStoreForCluster;
            if (r0 != 0) {
                try {
                    for (String str2 : set) {
                        if (credentialStoreForCluster.containsAlias(str2)) {
                            credentialStoreForCluster.deleteEntry(str2);
                        }
                    }
                    removeFromCache(str, set);
                    r0 = this;
                    r0.writeKeyStoreToFile(credentialStoreForCluster, this.keyStoreDirPath.resolve(String.valueOf(str) + this.credentialsSuffix), this.masterService.getMasterSecret());
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    LOG.failedToRemoveCredentialForCluster(str, e);
                }
            }
            r0 = r0;
        }
    }

    private char[] checkCache(String str, String str2) {
        String str3 = (String) this.cache.getIfPresent(CacheKey.of(str, str2));
        if (str3 == null) {
            return null;
        }
        return str3.toCharArray();
    }

    private void addToCache(String str, String str2, String str3) {
        this.cache.put(CacheKey.of(str, str2), str3);
    }

    private void addToCache(String str, Map<String, String> map) {
        for (String str2 : map.keySet()) {
            this.cache.put(CacheKey.of(str, str2), map.get(str2));
        }
    }

    private void removeFromCache(String str, Set<String> set) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(CacheKey.of(str, it.next()));
        }
        this.cache.invalidateAll(hashSet);
    }

    public String getKeystorePath() {
        return this.config.getIdentityKeystorePath();
    }

    private synchronized KeyStore getKeystore(Path path, String str, String str2, boolean z) throws KeystoreServiceException {
        if (z) {
            if (Files.notExists(path, new LinkOption[0])) {
                LOG.keystoreFileDoesNotExist(path.toString());
                throw new KeystoreServiceException("The keystore file does not exist: " + path.toString());
            }
            if (!Files.isRegularFile(path, new LinkOption[0])) {
                LOG.keystoreFileIsNotAFile(path.toString());
                throw new KeystoreServiceException("The keystore file is not a file: " + path.toString());
            }
            if (!Files.isReadable(path)) {
                LOG.keystoreFileIsNotAccessible(path.toString());
                throw new KeystoreServiceException("The keystore file cannot be read: " + path.toString());
            }
        }
        return loadKeyStore(path, str, getKeyStorePassword(str2));
    }

    private synchronized boolean isKeyStoreAvailable(Path path, String str, char[] cArr) throws KeyStoreException, IOException {
        if (!Files.exists(path, new LinkOption[0]) || !Files.isRegularFile(path, new LinkOption[0]) || !Files.isReadable(path)) {
            return false;
        }
        Throwable th = null;
        try {
            try {
                InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
                try {
                    KeyStore.getInstance(str).load(newInputStream, cArr);
                    if (newInputStream == null) {
                        return true;
                    }
                    newInputStream.close();
                    return true;
                } catch (Throwable th2) {
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException | KeyStoreException e) {
            LOG.failedToLoadKeystore(path.toString(), str, e);
            throw e;
        } catch (NoSuchAlgorithmException | CertificateException e2) {
            LOG.failedToLoadKeystore(path.toString(), str, e2);
            return false;
        }
    }

    synchronized KeyStore createKeyStore(Path path, String str, char[] cArr) throws KeystoreServiceException {
        Path parent = path.getParent();
        if (parent != null && !Files.isDirectory(parent, new LinkOption[0])) {
            try {
                Files.createDirectories(parent, new FileAttribute[0]);
            } catch (IOException e) {
                LOG.failedToCreateKeystore(path.toString(), str, e);
                throw new KeystoreServiceException(e);
            }
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null, null);
            writeKeyStoreToFile(keyStore, path, cArr);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            LOG.failedToCreateKeystore(path.toString(), str, e2);
            throw new KeystoreServiceException(e2);
        }
    }

    /* JADX WARN: Finally extract failed */
    synchronized KeyStore loadKeyStore(Path path, String str, char[] cArr) throws KeystoreServiceException {
        Throwable th;
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            if (Files.exists(path, new LinkOption[0])) {
                Throwable th2 = null;
                try {
                    FileChannel open = FileChannel.open(path, StandardOpenOption.READ);
                    try {
                        open.lock(0L, Long.MAX_VALUE, true);
                        th2 = null;
                        try {
                            InputStream newInputStream = Channels.newInputStream(open);
                            try {
                                keyStore.load(newInputStream, cArr);
                                if (newInputStream != null) {
                                    newInputStream.close();
                                }
                                if (open != null) {
                                    open.close();
                                }
                            } catch (Throwable th3) {
                                if (newInputStream != null) {
                                    newInputStream.close();
                                }
                                throw th3;
                            }
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (open != null) {
                            open.close();
                        }
                        throw th4;
                    }
                } finally {
                }
            } else {
                keyStore.load(null, cArr);
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.failedToLoadKeystore(path.toString(), str, e);
            throw new KeystoreServiceException(e);
        }
    }

    /* JADX WARN: Finally extract failed */
    synchronized void writeKeyStoreToFile(KeyStore keyStore, Path path, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        Throwable th = null;
        try {
            FileChannel open = FileChannel.open(path, StandardOpenOption.WRITE, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            try {
                open.lock();
                Throwable th2 = null;
                try {
                    OutputStream newOutputStream = Channels.newOutputStream(open);
                    try {
                        keyStore.store(newOutputStream, cArr);
                        if (newOutputStream != null) {
                            newOutputStream.close();
                        }
                        if (open != null) {
                            open.close();
                        }
                    } catch (Throwable th3) {
                        if (newOutputStream != null) {
                            newOutputStream.close();
                        }
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (0 == 0) {
                        th2 = th4;
                    } else if (null != th4) {
                        th2.addSuppressed(th4);
                    }
                    throw th2;
                }
            } catch (Throwable th5) {
                if (open != null) {
                    open.close();
                }
                throw th5;
            }
        } catch (Throwable th6) {
            if (0 == 0) {
                th = th6;
            } else if (null != th6) {
                th.addSuppressed(th6);
            }
            throw th;
        }
    }

    private char[] getKeyStorePassword(String str) throws KeystoreServiceException {
        char[] cArr = null;
        if (str != null && !str.isEmpty()) {
            cArr = getCredentialForCluster("__gateway", str);
        }
        return cArr == null ? this.masterService.getMasterSecret() : cArr;
    }
}
