package org.jolokia.jvmagent.security;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import org.jolokia.Version;
import org.jolokia.util.Base64Util;
import org.jolokia.util.ClassUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630348.jar:jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/jvmagent/security/KeyStoreUtil.class
 */
/* loaded from: input_file:WEB-INF/lib/jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/jvmagent/security/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static final String KEYGEN_CLASS_JDK8_SUN = "sun.security.tools.keytool.CertAndKeyGen";
    private static final String KEYGEN_CLASS_JDK7_SUN = "sun.security.x509.CertAndKeyGen";
    private static final String KEYGEN_CLASS_JDK8_IBM = "com.ibm.security.tools.CertAndKeyGen";
    private static final String KEYGEN_CLASS_JDK7_IBM = "com.ibm.security.x509.CertAndKeyGen";
    private static final String X500_NAME_SUN = "sun.security.x509.X500Name";
    private static final String X500_NAME_IBM = "com.ibm.security.x509.X500Name";

    private KeyStoreUtil() {
    }

    public static void updateWithCaPem(KeyStore keyStore, File file) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            fileInputStream.close();
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static void updateWithServerPems(KeyStore keyStore, File file, File file2, String str, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        Key generatePrivate;
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
            byte[] decodePem = decodePem(file2);
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            try {
                generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodePem));
            } catch (InvalidKeySpecException e) {
                generatePrivate = keyFactory.generatePrivate(PKCS1Util.decodePKCS1(decodePem));
            }
            keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), generatePrivate, cArr, new Certificate[]{x509Certificate});
            fileInputStream.close();
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static void updateWithSelfSignedServerCertificate(KeyStore keyStore) throws NoSuchProviderException, NoSuchAlgorithmException, IOException, InvalidKeyException, CertificateException, SignatureException, KeyStoreException {
        Object newInstance;
        Object[] objArr = {"Jolokia Agent " + Version.getAgentVersion(), "JVM", "jolokia.org", "Pegnitz", "Franconia", "DE"};
        if (ClassUtil.checkForClass(X500_NAME_SUN)) {
            newInstance = ClassUtil.newInstance(X500_NAME_SUN, objArr);
        } else {
            if (!ClassUtil.checkForClass(X500_NAME_IBM)) {
                throw new IllegalStateException("Neither Sun- nor IBM-style JVM found.");
            }
            newInstance = ClassUtil.newInstance(X500_NAME_IBM, objArr);
        }
        Object createKeyPair = createKeyPair();
        keyStore.setKeyEntry("jolokia-agent", getPrivateKey(createKeyPair), new char[0], new X509Certificate[]{getSelfCertificate(createKeyPair, newInstance, new Date(), 315360000L)});
    }

    private static Object createKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        Object newInstance = ClassUtil.newInstance((Class<Object>) lookupKeyGenClass(), "RSA", "SHA1WithRSA");
        ClassUtil.applyMethod(newInstance, "generate", 2048);
        return newInstance;
    }

    private static X509Certificate getSelfCertificate(Object obj, Object obj2, Date date, long j) {
        try {
            Method declaredMethod = obj.getClass().getDeclaredMethod("getSelfCertificate", ClassUtil.checkForClass(X500_NAME_SUN) ? ClassUtil.classForName(X500_NAME_SUN, false, new ClassLoader[0]) : ClassUtil.classForName(X500_NAME_IBM, false, new ClassLoader[0]), Date.class, Long.TYPE);
            declaredMethod.setAccessible(true);
            return (X509Certificate) declaredMethod.invoke(obj, obj2, date, Long.valueOf(j));
        } catch (IllegalAccessException e) {
            throw new IllegalStateException("Not allowed to access getSelfCertificate-method.", e);
        } catch (NoSuchMethodException e2) {
            throw new IllegalStateException("Found no getSelfCertificate-method with the expected signature.", e2);
        } catch (InvocationTargetException e3) {
            throw new IllegalStateException("The getSelfCertificate-method threw an error.", e3);
        }
    }

    private static PrivateKey getPrivateKey(Object obj) {
        return (PrivateKey) ClassUtil.applyMethod(obj, "getPrivateKey", new Object[0]);
    }

    private static Class lookupKeyGenClass() {
        Class cls = null;
        for (String str : new String[]{KEYGEN_CLASS_JDK8_SUN, KEYGEN_CLASS_JDK7_SUN, KEYGEN_CLASS_JDK8_IBM, KEYGEN_CLASS_JDK7_IBM}) {
            cls = ClassUtil.classForName(str, new ClassLoader[0]);
            if (cls != null) {
                break;
            }
        }
        if (cls == null) {
            throw new IllegalStateException("Cannot find any key-generator class: Tried Sun Java 8's sun.security.tools.keytool.CertAndKeyGen, Sun Java 7's sun.security.x509.CertAndKeyGen, IBM Java 8's com.ibm.security.tools.CertAndKeyGen and IBM Java 7's com.ibm.security.x509.CertAndKeyGen");
        }
        return cls;
    }

    private static byte[] decodePem(File file) throws IOException {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        do {
            try {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    throw new IOException("PEM " + file + " is invalid: no begin marker");
                }
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        } while (!readLine.contains("-----BEGIN "));
        byte[] readBytes = readBytes(file, bufferedReader, readLine.trim().replace("BEGIN", "END"));
        bufferedReader.close();
        return readBytes;
    }

    private static byte[] readBytes(File file, BufferedReader bufferedReader, String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException(file + " is invalid : No end marker");
            }
            if (readLine.indexOf(str) != -1) {
                return Base64Util.decode(stringBuffer.toString());
            }
            stringBuffer.append(readLine.trim());
        }
    }
}
