package org.keycloak.truststore;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.KeystoreUtil;

/* loaded from: input_file:org/keycloak/truststore/TruststoreBuilder.class */
public class TruststoreBuilder {
    public static final String SYSTEM_TRUSTSTORE_KEY = "javax.net.ssl.trustStore";
    public static final String SYSTEM_TRUSTSTORE_PASSWORD_KEY = "javax.net.ssl.trustStorePassword";
    public static final String SYSTEM_TRUSTSTORE_TYPE_KEY = "javax.net.ssl.trustStoreType";
    private static final String CERT_PROTECTION_ALGORITHM_KEY = "keystore.pkcs12.certProtectionAlgorithm";
    public static final String DUMMY_PASSWORD = "keycloakchangeit";
    static final String PKCS12 = "PKCS12";
    private static final Logger LOGGER = Logger.getLogger(TruststoreBuilder.class);

    public static void setSystemTruststore(String[] strArr, boolean z, String str) {
        System.setProperty(SYSTEM_TRUSTSTORE_KEY, saveTruststore(createMergedTruststore(strArr, z), str, DUMMY_PASSWORD.toCharArray()).getAbsolutePath());
        System.setProperty(SYSTEM_TRUSTSTORE_TYPE_KEY, PKCS12);
        System.setProperty(SYSTEM_TRUSTSTORE_PASSWORD_KEY, DUMMY_PASSWORD);
    }

    static File saveTruststore(KeyStore keyStore, String str, char[] cArr) {
        File file = new File(str, "keycloak-truststore.p12");
        file.getParentFile().mkdirs();
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                String property = System.setProperty(CERT_PROTECTION_ALGORITHM_KEY, "NONE");
                keyStore.store(fileOutputStream, cArr);
                if (property != null) {
                    System.setProperty(CERT_PROTECTION_ALGORITHM_KEY, property);
                } else {
                    System.getProperties().remove(CERT_PROTECTION_ALGORITHM_KEY);
                }
                fileOutputStream.close();
                return file;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to save truststore: " + file.getAbsolutePath(), e);
        }
    }

    static KeyStore createMergedTruststore(String[] strArr, boolean z) {
        KeyStore createPkcs12KeyStore = createPkcs12KeyStore();
        if (z) {
            includeDefaultTruststore(createPkcs12KeyStore);
        }
        ArrayList arrayList = new ArrayList();
        mergeFiles(strArr, createPkcs12KeyStore, true, arrayList);
        if (!arrayList.isEmpty()) {
            LOGGER.infof("Found the following truststore files under directories specified in the truststore paths %s", arrayList);
        }
        return createPkcs12KeyStore;
    }

    private static void mergeFiles(String[] strArr, KeyStore keyStore, boolean z, List<String> list) {
        for (String str : strArr) {
            File file = new File(str);
            if (file.isDirectory()) {
                mergeFiles((String[]) Stream.of((Object[]) file.listFiles()).map((v0) -> {
                    return v0.getAbsolutePath();
                }).toArray(i -> {
                    return new String[i];
                }), keyStore, false, list);
            } else if (str.endsWith(".p12") || str.endsWith(".pfx")) {
                mergeTrustStore(keyStore, str, loadStore(str, PKCS12, null));
                if (!z) {
                    list.add(file.getAbsolutePath());
                }
            } else if (mergePemFile(keyStore, str, z) && !z) {
                list.add(file.getAbsolutePath());
            }
        }
    }

    static KeyStore createPkcs12KeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(PKCS12);
            keyStore.load(null, null);
            return keyStore;
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize truststore: cannot create a PKCS12 keystore", e);
        }
    }

    static void includeDefaultTruststore(KeyStore keyStore) {
        File file;
        String property = System.getProperty("javax.net.ssl.trustStore.orig");
        String str = PKCS12;
        String str2 = null;
        if (property == null) {
            String property2 = System.getProperty(SYSTEM_TRUSTSTORE_KEY);
            if (property2 == null) {
                file = getJRETruststore();
            } else {
                str = System.getProperty(SYSTEM_TRUSTSTORE_TYPE_KEY, KeyStore.getDefaultType());
                str2 = System.getProperty(SYSTEM_TRUSTSTORE_PASSWORD_KEY);
                System.setProperty("javax.net.ssl.trustStore.orig", property2);
                System.setProperty("javax.net.ssl.trustStoreType.orig", str);
                if (str2 == null) {
                    System.getProperties().remove("javax.net.ssl.trustStorePassword.orig");
                } else {
                    System.setProperty("javax.net.ssl.trustStorePassword.orig", str2);
                }
                file = new File(property2);
            }
        } else {
            str = System.getProperty("javax.net.ssl.trustStoreType.orig");
            str2 = System.getProperty("javax.net.ssl.trustStorePassword.orig");
            file = new File(property);
        }
        if (!file.exists()) {
            LOGGER.warnf("Default truststore was to be included, but could not be found at: %s", file);
        } else {
            String absolutePath = file.getAbsolutePath();
            mergeTrustStore(keyStore, absolutePath, loadStore(absolutePath, str, str2));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static File getJRETruststore() {
        String str = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security";
        File file = new File(str, "jssecacerts");
        return (file.exists() && file.isFile()) ? file : new File(str, "cacerts");
    }

    static KeyStore loadStore(String str, String str2, String str3) {
        try {
            return KeystoreUtil.loadKeyStore(str, str3, str2);
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize truststore: " + new File(str).getAbsolutePath() + ", type: " + str2, e);
        }
    }

    private static boolean mergePemFile(KeyStore keyStore, String str, boolean z) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                boolean z2 = false;
                while (fileInputStream.available() > 0) {
                    try {
                        z2 = true;
                        setCertificateEntry(keyStore, (X509Certificate) certificateFactory.generateCertificate(fileInputStream));
                    } catch (CertificateException e) {
                        if (fileInputStream.available() <= 0 && z2) {
                            LOGGER.debugf(e, "The trailing entry for %s generated a certificate exception, assuming instead that the file ends with comments", new File(str).getAbsolutePath());
                        } else {
                            if (z || z2) {
                                throw e;
                            }
                            LOGGER.debugf(e, "The file %s may not be in PEM format, it will not be used to create the merged truststore", new File(str).getAbsolutePath());
                        }
                    }
                }
                boolean z3 = z2;
                fileInputStream.close();
                return z3;
            } finally {
            }
        } catch (Exception e2) {
            throw new RuntimeException("Failed to initialize truststore, could not merge: " + new File(str).getAbsolutePath(), e2);
        }
    }

    private static void setCertificateEntry(KeyStore keyStore, Certificate certificate) throws KeyStoreException {
        String valueOf;
        if (certificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            valueOf = x509Certificate.getSubjectX500Principal().getName() + "_" + x509Certificate.getSerialNumber().toString(16);
        } else {
            valueOf = String.valueOf(Collections.list(keyStore.aliases()).size());
        }
        keyStore.setCertificateEntry(valueOf, certificate);
    }

    private static void mergeTrustStore(KeyStore keyStore, String str, KeyStore keyStore2) {
        try {
            Iterator it = Collections.list(keyStore2.aliases()).iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (keyStore2.isCertificateEntry(str2)) {
                    setCertificateEntry(keyStore, keyStore2.getCertificate(str2));
                }
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize truststore, could not merge: " + new File(str).getAbsolutePath(), e);
        }
    }
}
