package org.teiid.spring.util;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:org/teiid/spring/util/KeystoreUtil.class */
public class KeystoreUtil {
    public static void createKeystore(String str, String str2, String str3, String str4, String str5) throws Exception {
        PrivateKey generatePrivate;
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, str5.toCharArray());
        List<X509Certificate> readCertificateChain = readCertificateChain(str2);
        for (X509Certificate x509Certificate : readCertificateChain) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
        }
        List<byte[]> decodePem = decodePem(str);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        try {
            generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodePem.get(0)));
        } catch (InvalidKeySpecException e) {
            generatePrivate = keyFactory.generatePrivate(PKCS1Util.decodePKCS1(decodePem.get(0)));
        }
        keyStore.setKeyEntry("key-alias", generatePrivate, str5.toCharArray(), (Certificate[]) readCertificateChain.stream().toArray(i -> {
            return new Certificate[i];
        }));
        File file = new File(str3);
        if (file.exists()) {
            updateWithCaPem(keyStore, file);
        }
        FileOutputStream fileOutputStream = new FileOutputStream(str4);
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, str5.toCharArray());
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    public static void updateWithCaPem(KeyStore keyStore, File file) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X509").generateCertificates(fileInputStream).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            }
        } finally {
            fileInputStream.close();
        }
    }

    private static List<X509Certificate> readCertificateChain(String str) throws IOException, GeneralSecurityException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        Iterator<byte[]> it = decodePem(str).iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next())));
        }
        return arrayList;
    }

    private static byte[] base64Decode(String str) {
        return Base64.getMimeDecoder().decode(str.getBytes(StandardCharsets.US_ASCII));
    }

    private static List<byte[]> decodePem(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.contains("-----BEGIN ")) {
                    arrayList.add(readBytes(bufferedReader, readLine.trim().replace("BEGIN", "END")));
                }
            } finally {
                bufferedReader.close();
            }
        }
        if (arrayList.isEmpty()) {
            throw new IOException("PEM " + str + " is invalid: no begin marker");
        }
        return arrayList;
    }

    private static byte[] readBytes(BufferedReader bufferedReader, String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException("Certificate is invalid : No end marker");
            }
            if (readLine.indexOf(str) != -1) {
                return base64Decode(stringBuffer.toString());
            }
            stringBuffer.append(readLine.trim());
        }
    }
}
