package org.opends.server.util;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.opends.server.authorization.dseecompat.Aci;
import org.opends.server.tools.ToolConstants;
import org.opends.server.types.OperatingSystem;
import org.opends.server.types.PublicAPI;
import org.opends.server.types.StabilityLevel;

@PublicAPI(stability = StabilityLevel.VOLATILE, mayInstantiate = true, mayExtend = false, mayInvoke = true)
/* loaded from: input_file:org/opends/server/util/CertificateManager.class */
public final class CertificateManager {
    public static final String KEYTOOL_COMMAND;
    public static final String KEY_STORE_TYPE_JKS = "JKS";
    public static final String KEY_STORE_TYPE_PKCS11 = "PKCS11";
    public static final String KEY_STORE_TYPE_PKCS12 = "PKCS12";
    public static final String KEY_STORE_PATH_PKCS11 = "NONE";
    private KeyStore keyStore;
    private String keyStorePIN;
    private String keyStorePath;
    private String keyStoreType;

    public static boolean mayUseCertificateManager() {
        return KEYTOOL_COMMAND != null;
    }

    public CertificateManager(String str, String str2, String str3) throws IllegalArgumentException, NullPointerException, UnsupportedOperationException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ToolConstants.OPTION_LONG_KEYSTOREPATH);
        }
        if (str2 == null || str2.length() == 0) {
            throw new NullPointerException("keyStoreType");
        }
        if (str3 == null || str3.length() == 0) {
            throw new NullPointerException("keyStorePIN");
        }
        if (str2.equals("PKCS11")) {
            if (!str.equals(KEY_STORE_PATH_PKCS11)) {
                throw new IllegalArgumentException("Invalid key store path for PKCS11 keystore -- it must be NONE");
            }
        } else {
            if (!str2.equals(KEY_STORE_TYPE_JKS) && !str2.equals(KEY_STORE_TYPE_PKCS12)) {
                throw new IllegalArgumentException("Invalid key store type -- it must be one of JKS, PKCS11, or PKCS12");
            }
            File file = new File(str);
            if (!file.exists()) {
                File parentFile = file.getParentFile();
                if (parentFile == null || !parentFile.exists() || !parentFile.isDirectory()) {
                    throw new IllegalArgumentException("Parent directory for key store path " + str + " does not exist or is not a directory.");
                }
            } else if (!file.isFile()) {
                throw new IllegalArgumentException("Key store path " + str + " exists but is not a file.");
            }
        }
        this.keyStorePath = str;
        this.keyStoreType = str2;
        this.keyStorePIN = str3;
        this.keyStore = null;
    }

    public boolean aliasInUse(String str) throws KeyStoreException, NullPointerException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return false;
        }
        return keyStore.containsAlias(str);
    }

    public String[] getCertificateAliases() throws KeyStoreException {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            return null;
        }
        Enumeration<String> aliases = keyStore.aliases();
        if (aliases == null) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            arrayList.add(aliases.nextElement());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public Certificate getCertificate(String str) throws KeyStoreException, NullPointerException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            throw new KeyStoreException("The key store does not exist.");
        }
        return keyStore.getCertificate(str);
    }

    public void generateSelfSignedCertificate(String str, String str2, int i) throws KeyStoreException, IllegalArgumentException, NullPointerException, UnsupportedOperationException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        if (str2 == null || str2.length() == 0) {
            throw new NullPointerException("subjectDN");
        }
        if (i <= 0) {
            throw new IllegalArgumentException("The validity must be positive.");
        }
        if (KEYTOOL_COMMAND == null) {
            throw new UnsupportedOperationException("The certificate manager may not be used to alter the contents of key stores on this system.");
        }
        if (aliasInUse(str)) {
            throw new IllegalArgumentException("A certificate with alias " + str + " already exists in the key store.");
        }
        this.keyStore = null;
        runKeyTool(new String[]{KEYTOOL_COMMAND, getGenKeyCommand(), "-alias", str, "-dname", str2, "-keyalg", "rsa", "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
        runKeyTool(new String[]{KEYTOOL_COMMAND, "-selfcert", "-alias", str, "-validity", String.valueOf(i), "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
    }

    public File generateCertificateSigningRequest(String str, String str2) throws KeyStoreException, IOException, NullPointerException, UnsupportedOperationException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        if (str2 == null || str2.length() == 0) {
            throw new NullPointerException("subjectDN");
        }
        if (KEYTOOL_COMMAND == null) {
            throw new UnsupportedOperationException("The certificate manager may not be used to alter the contents of key stores on this system.");
        }
        if (aliasInUse(str)) {
            throw new IllegalArgumentException("A certificate with alias " + str + " already exists in the key store.");
        }
        this.keyStore = null;
        runKeyTool(new String[]{KEYTOOL_COMMAND, getGenKeyCommand(), "-alias", str, "-dname", str2, "-keyalg", "rsa", "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
        File createTempFile = File.createTempFile("CertificateManager-", ".csr");
        createTempFile.deleteOnExit();
        runKeyTool(new String[]{KEYTOOL_COMMAND, "-certreq", "-alias", str, "-file", createTempFile.getAbsolutePath(), "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
        return createTempFile;
    }

    public void addCertificate(String str, File file) throws IllegalArgumentException, KeyStoreException, NullPointerException, UnsupportedOperationException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        if (file == null) {
            throw new NullPointerException("certificateFile");
        }
        if (!file.exists() || !file.isFile()) {
            throw new IllegalArgumentException("Certificate file " + file.getAbsolutePath() + " does not exist or is not a file.");
        }
        if (KEYTOOL_COMMAND == null) {
            throw new UnsupportedOperationException("The certificate manager may not be used to alter the contents of key stores on this system.");
        }
        this.keyStore = null;
        runKeyTool(new String[]{KEYTOOL_COMMAND, "-import", "-noprompt", "-alias", str, "-file", file.getAbsolutePath(), "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
    }

    public void removeCertificate(String str) throws IllegalArgumentException, KeyStoreException, NullPointerException, UnsupportedOperationException {
        if (str == null || str.length() == 0) {
            throw new NullPointerException(ServerConstants.OC_ALIAS);
        }
        if (KEYTOOL_COMMAND == null) {
            throw new UnsupportedOperationException("The certificate manager may not be used to alter the contents of key stores on this system.");
        }
        if (!aliasInUse(str)) {
            throw new IllegalArgumentException("There is no certificate with alias " + str + " in the key store.");
        }
        this.keyStore = null;
        runKeyTool(new String[]{KEYTOOL_COMMAND, "-delete", "-alias", str, "-keystore", this.keyStorePath, "-storetype", this.keyStoreType}, this.keyStorePIN, this.keyStorePIN, true);
    }

    private void runKeyTool(String[] strArr, String str, String str2, boolean z) throws KeyStoreException {
        String property = System.getProperty("line.separator");
        if (property == null) {
            property = "\n";
        }
        File file = new File(this.keyStorePath);
        boolean z2 = !((file.exists() && (file.length() > 0L ? 1 : (file.length() == 0L ? 0 : -1)) > 0) || "PKCS11".equals(this.keyStoreType)) && (getGenKeyCommand().equalsIgnoreCase(strArr[1]) || "-import".equalsIgnoreCase(strArr[1]));
        boolean equalsIgnoreCase = getGenKeyCommand().equalsIgnoreCase(strArr[1]);
        boolean z3 = !"-import".equalsIgnoreCase(strArr[1]);
        try {
            ProcessBuilder processBuilder = new ProcessBuilder(strArr);
            processBuilder.redirectErrorStream(true);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[Aci.ACI_WRITE_DELETE];
            Process start = processBuilder.start();
            InputStream inputStream = start.getInputStream();
            OutputStream outputStream = start.getOutputStream();
            if (!isJDK15() && SetupUtils.getOperatingSystem() == OperatingSystem.AIX) {
                try {
                    Thread.sleep(1500L);
                } catch (Throwable th) {
                }
            }
            outputStream.write(str.getBytes());
            outputStream.write(property.getBytes());
            outputStream.flush();
            if (!isJDK15() && z2) {
                if (SetupUtils.getOperatingSystem() == OperatingSystem.AIX) {
                    try {
                        Thread.sleep(1500L);
                    } catch (Throwable th2) {
                    }
                }
                outputStream.write(str.getBytes());
                outputStream.write(property.getBytes());
                outputStream.flush();
            }
            if (z3) {
                outputStream.write(str2.getBytes());
                outputStream.write(property.getBytes());
                outputStream.flush();
                if (!isJDK15() && equalsIgnoreCase && SetupUtils.getOperatingSystem() != OperatingSystem.AIX) {
                    outputStream.write(str2.getBytes());
                    outputStream.write(property.getBytes());
                    outputStream.flush();
                }
            }
            outputStream.close();
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                } else if (read > 0) {
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            }
            start.waitFor();
            int exitValue = start.exitValue();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (exitValue == 0) {
                if (z || byteArray == null || byteArray.length <= 0) {
                    return;
                }
                throw new KeyStoreException("Unexpected output generated by the keytool utility:  '" + new String(byteArray) + "'.");
            }
            StringBuilder sb = new StringBuilder();
            sb.append("Unexpected exit code of ");
            sb.append(exitValue);
            sb.append(" returned from the keytool utility.");
            if (byteArray != null && byteArray.length > 0) {
                sb.append("  The generated output was:  '");
                sb.append(new String(byteArray));
                sb.append("'.");
            }
            throw new KeyStoreException(sb.toString());
        } catch (KeyStoreException e) {
            throw e;
        } catch (Exception e2) {
            throw new KeyStoreException("Could not invoke the KeyTool.run method:  " + e2, e2);
        }
    }

    private KeyStore getKeyStore() throws KeyStoreException {
        if (this.keyStore != null) {
            return this.keyStore;
        }
        FileInputStream fileInputStream = null;
        if (this.keyStoreType.equals(KEY_STORE_TYPE_JKS) || this.keyStoreType.equals(KEY_STORE_TYPE_PKCS12)) {
            File file = new File(this.keyStorePath);
            if (!file.exists()) {
                return null;
            }
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Exception e) {
                throw new KeyStoreException(String.valueOf(e), e);
            }
        }
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        try {
            try {
                keyStore.load(fileInputStream, this.keyStorePIN.toCharArray());
                this.keyStore = keyStore;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th) {
                    }
                }
                return keyStore;
            } catch (Exception e2) {
                throw new KeyStoreException(String.valueOf(e2), e2);
            }
        } catch (Throwable th2) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Throwable th3) {
                }
            }
            throw th2;
        }
    }

    private boolean isJDK15() {
        boolean z = false;
        try {
            z = System.getProperty("java.version").startsWith("1.5");
        } catch (Throwable th) {
            System.err.println("Cannot get the java version: " + th);
        }
        return z;
    }

    private String getGenKeyCommand() {
        return !isJDK15() ? "-genkeypair" : "-genkey";
    }

    static {
        String str;
        try {
            String str2 = System.getProperty("java.home") + File.separator + "bin" + File.separator + "keytool";
            File file = new File(str2);
            if (file.exists()) {
                str = file.getAbsolutePath();
            } else {
                File file2 = new File(str2 + ".exe");
                str = file2.exists() ? file2.getAbsolutePath() : null;
            }
        } catch (Exception e) {
            str = null;
        }
        KEYTOOL_COMMAND = SetupUtils.getScriptPath(str);
    }
}
