package io.nessus.common.rest;

import io.nessus.common.AssertArg;
import io.nessus.common.AssertState;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/nessus/common/rest/SSLContextBuilder.class */
public class SSLContextBuilder {
    static final Logger LOG = LoggerFactory.getLogger(SSLContextBuilder.class);
    private Path keystorePath;
    private String keystoreType = KeyStore.getDefaultType();
    private char[] keystorePassword = "changeit".toCharArray();
    private List<KeyMaterial> privKeyMaterials = new ArrayList();
    private List<KeyMaterial> certMaterials = new ArrayList();
    private List<KeyMaterial> pemMaterials = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/nessus/common/rest/SSLContextBuilder$KeyMaterial.class */
    public static class KeyMaterial {
        final String alias;
        final Path path;

        KeyMaterial(String str, Path path) {
            this.alias = str;
            this.path = path;
        }
    }

    public SSLContextBuilder keystorePath(Path path) {
        this.keystorePath = path;
        return this;
    }

    public SSLContextBuilder addPem(String str, Path path) {
        this.pemMaterials.add(new KeyMaterial(str, path));
        return this;
    }

    public SSLContextBuilder addCertificate(String str, Path path) {
        this.certMaterials.add(new KeyMaterial(str, path));
        return this;
    }

    public SSLContextBuilder addPrivateKey(String str, Path path) {
        this.privKeyMaterials.add(new KeyMaterial(str, path));
        return this;
    }

    public SSLContextBuilder keystoreType(String str) {
        this.keystoreType = str;
        return this;
    }

    public SSLContextBuilder keystorePassword(String str) {
        this.keystorePassword = str.toCharArray();
        return this;
    }

    public SSLContext build() throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = loadKeyStore(this.keystorePath, this.keystoreType, this.keystorePassword);
        try {
            KeyManager[] buildKeyManagers = buildKeyManagers(loadKeyStore, this.keystorePassword);
            TrustManager[] buildTrustManagers = buildTrustManagers(loadKeyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(buildKeyManagers, buildTrustManagers, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IOException("Unable to create and initialise the SSLContext", e);
        }
    }

    private KeyStore loadKeyStore(Path path, String str, char[] cArr) throws IOException, GeneralSecurityException {
        AssertArg.notNull(path, "Null keystorePath");
        AssertArg.notNull(str, "Null keystoreType");
        AssertArg.notNull(cArr, "Null keysPassword");
        KeyStore keyStore = KeyStore.getInstance(str);
        if (path.toFile().isFile()) {
            LOG.info("Loading keystore file: {}", path);
            FileInputStream fileInputStream = new FileInputStream(path.toFile());
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            LOG.info("Creating keystore ...");
            path.toFile().getParentFile().mkdirs();
            keyStore.load(null, cArr);
        }
        int i = 0;
        if (!this.pemMaterials.isEmpty()) {
            Iterator<KeyMaterial> it = this.pemMaterials.iterator();
            while (it.hasNext()) {
                KeyMaterial next = it.next();
                Path path2 = next.path;
                String str2 = next.alias;
                LOG.info("Adding pem material: {}", path2);
                Certificate readCertificate = readCertificate(path2);
                if (readCertificate != null) {
                    keyStore.setCertificateEntry(str2, readCertificate);
                }
                RSAPrivateKey readPrivateKey = readPrivateKey(path2);
                if (readPrivateKey != null) {
                    keyStore.setEntry(str2, new KeyStore.PrivateKeyEntry(readPrivateKey, new Certificate[]{readCertificate}), new KeyStore.PasswordProtection(cArr));
                }
                it.remove();
                i++;
            }
        }
        if (!this.certMaterials.isEmpty()) {
            Iterator<KeyMaterial> it2 = this.certMaterials.iterator();
            while (it2.hasNext()) {
                KeyMaterial next2 = it2.next();
                Path path3 = next2.path;
                String str3 = next2.alias;
                LOG.info("Adding certificate material: {}", path3);
                Certificate readCertificate2 = readCertificate(path3);
                AssertState.notNull(readCertificate2, "Null certificate");
                keyStore.setCertificateEntry(str3, readCertificate2);
                it2.remove();
                i++;
            }
            if (!this.privKeyMaterials.isEmpty()) {
                Iterator<KeyMaterial> it3 = this.privKeyMaterials.iterator();
                while (it3.hasNext()) {
                    KeyMaterial next3 = it3.next();
                    Path path4 = next3.path;
                    String str4 = next3.alias;
                    LOG.info("Adding private key material: {}", path4);
                    RSAPrivateKey readPrivateKey2 = readPrivateKey(path4);
                    AssertState.notNull(readPrivateKey2, "Null private key");
                    Certificate certificate = keyStore.getCertificate(str4);
                    AssertState.notNull(certificate, "Cannot find certificate for: " + str4);
                    keyStore.setEntry(str4, new KeyStore.PrivateKeyEntry(readPrivateKey2, new Certificate[]{certificate}), new KeyStore.PasswordProtection(cArr));
                    it3.remove();
                    i++;
                }
            }
        }
        if (i > 0) {
            LOG.info("Storing keystore file: {}", path);
            FileOutputStream fileOutputStream = new FileOutputStream(path.toFile());
            Throwable th5 = null;
            try {
                try {
                    keyStore.store(fileOutputStream, cArr);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th7) {
                if (fileOutputStream != null) {
                    if (th5 != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th7;
            }
        }
        return keyStore;
    }

    private Certificate readCertificate(Path path) throws IOException, GeneralSecurityException {
        String readPemContent = readPemContent(path, "CERTIFICATE");
        if (readPemContent.length() == 0) {
            return null;
        }
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(readPemContent)));
    }

    private RSAPublicKey readPublicKey(Path path) throws IOException, GeneralSecurityException {
        String readPemContent = readPemContent(path, "PUBLIC KEY");
        if (readPemContent.length() == 0) {
            return null;
        }
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(readPemContent)));
    }

    private RSAPrivateKey readPrivateKey(Path path) throws IOException, GeneralSecurityException {
        String readPemContent = readPemContent(path, "PRIVATE KEY");
        if (readPemContent.length() == 0) {
            return null;
        }
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(readPemContent)));
    }

    private String readPemContent(Path path, String str) throws IOException {
        String str2 = "-----BEGIN " + str + "-----";
        String str3 = "-----END " + str + "-----";
        boolean z = false;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new BufferedInputStream(new ByteArrayInputStream(Files.readAllBytes(path)))));
        StringWriter stringWriter = new StringWriter();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str4 = readLine;
            if (str4 == null) {
                return stringWriter.toString();
            }
            if (!z && str4.equals(str2)) {
                z = true;
            } else if (z && str4.equals(str3)) {
                z = false;
            } else if (z) {
                stringWriter.write(str4);
            }
            readLine = bufferedReader.readLine();
        }
    }

    private KeyManager[] buildKeyManagers(KeyStore keyStore, char[] cArr) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory.getKeyManagers();
    }

    private TrustManager[] buildTrustManagers(KeyStore keyStore) throws IOException, GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
