package org.apache.zeppelin.utils;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/apache/zeppelin/utils/PEMImporter.class */
public class PEMImporter {
    private PEMImporter() {
    }

    public static KeyStore loadTrustStore(File file) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        for (X509Certificate x509Certificate : readCertificateChain(file)) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
        }
        return keyStore;
    }

    public static KeyStore loadKeyStore(File file, File file2, String str) throws IOException, GeneralSecurityException {
        try {
            PrivateKey createPrivateKey = createPrivateKey(file2, str);
            List<X509Certificate> readCertificateChain = readCertificateChain(file);
            if (readCertificateChain.isEmpty()) {
                throw new CertificateException("Certificate file does not contain any certificates: " + file);
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            keyStore.setKeyEntry("key", createPrivateKey, str.toCharArray(), (Certificate[]) readCertificateChain.stream().toArray(i -> {
                return new Certificate[i];
            }));
            return keyStore;
        } catch (OperatorCreationException | IOException | GeneralSecurityException | PKCSException e) {
            throw new GeneralSecurityException("Private Key issues", e);
        }
    }

    private static List<X509Certificate> readCertificateChain(File file) throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        PemReader pemReader = new PemReader(Files.newBufferedReader(file.toPath()));
        Throwable th = null;
        try {
            try {
                for (Certificate certificate : CertificateFactory.getInstance("X509").generateCertificates(new ByteArrayInputStream(pemReader.readPemObject().getContent()))) {
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    }
                }
                if (arrayList.isEmpty()) {
                    throw new IllegalStateException("Unable to decode certificate chain");
                }
                if (pemReader != null) {
                    if (0 != 0) {
                        try {
                            pemReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemReader.close();
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th3) {
            if (pemReader != null) {
                if (th != null) {
                    try {
                        pemReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemReader.close();
                }
            }
            throw th3;
        }
    }

    private static PrivateKey createPrivateKey(File file, String str) throws IOException, GeneralSecurityException, OperatorCreationException, PKCSException {
        KeyPair keyPair;
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(file.toPath()));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            if (readObject instanceof PEMEncryptedKeyPair) {
                keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())));
            } else {
                if (!(readObject instanceof PEMKeyPair)) {
                    if (readObject instanceof PrivateKeyInfo) {
                        PrivateKey privateKey = provider.getPrivateKey((PrivateKeyInfo) readObject);
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return privateKey;
                    }
                    if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                        throw new GeneralSecurityException("Unsupported key type: " + readObject.getClass());
                    }
                    PrivateKey privateKey2 = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return privateKey2;
                }
                keyPair = provider.getKeyPair((PEMKeyPair) readObject);
            }
            PrivateKey privateKey3 = keyPair.getPrivate();
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return privateKey3;
        } catch (Throwable th5) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th5;
        }
    }
}
