package io.fabric8.kubernetes.client.internal;

import io.fabric8.kubernetes.client.KubernetesClientException;
import io.fabric8.kubernetes.client.utils.Utils;
import io.quarkus.vertx.http.runtime.security.annotation.MTLSAuthentication;
import io.smallrye.openapi.runtime.io.OpenAPIDefinitionIO;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.concurrent.Callable;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/fabric8/kubernetes/client/internal/CertUtils.class */
public class CertUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertUtils.class);
    private static final String TRUST_STORE_SYSTEM_PROPERTY = "javax.net.ssl.trustStore";
    private static final String TRUST_STORE_PASSWORD_SYSTEM_PROPERTY = "javax.net.ssl.trustStorePassword";
    private static final String TRUST_STORE_TYPE_SYSTEM_PROPERTY = "javax.net.ssl.trustStoreType";
    private static final String KEY_STORE_SYSTEM_PROPERTY = "javax.net.ssl.keyStore";
    private static final String KEY_STORE_PASSWORD_SYSTEM_PROPERTY = "javax.net.ssl.keyStorePassword";
    private static final String KEY_STORE_DEFAULT_PASSWORD = "changeit";

    private CertUtils() {
    }

    public static ByteArrayInputStream getInputStreamFromDataOrFile(String str, String str2) throws IOException {
        return str != null ? createInputStreamFromBase64EncodedString(str) : new ByteArrayInputStream(new String(Files.readAllBytes(Paths.get(str2, new String[0]))).trim().getBytes());
    }

    public static KeyStore createTrustStore(String str, String str2, String str3, String str4) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        return mergePemCertsIntoTrustStore(getInputStreamFromDataOrFile(str, str2), loadTrustStore(str3, getPassphrase("javax.net.ssl.trustStorePassword", str4)), true);
    }

    static KeyStore loadTrustStore(String str, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, FileNotFoundException {
        KeyStore keyStore = KeyStore.getInstance(System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()));
        if (Utils.isNotNullOrEmpty(str)) {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            loadDefaultTrustStoreFile(keyStore, cArr);
        }
        return keyStore;
    }

    static KeyStore mergePemCertsIntoTrustStore(ByteArrayInputStream byteArrayInputStream, KeyStore keyStore, boolean z) throws CertificateException, KeyStoreException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(MTLSAuthentication.AUTH_MECHANISM_SCHEME);
        while (byteArrayInputStream.available() > 0) {
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                try {
                    keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName() + "_" + x509Certificate.getSerialNumber().toString(16), x509Certificate);
                    z = false;
                } catch (KeyStoreException e) {
                    if (!z) {
                        throw e;
                    }
                    byteArrayInputStream.reset();
                    KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
                    try {
                        keyStore2.load(null, null);
                        Iterator it = Collections.list(keyStore.aliases()).iterator();
                        while (it.hasNext()) {
                            String str = (String) it.next();
                            keyStore2.setCertificateEntry(str, keyStore.getCertificate(str));
                        }
                        return mergePemCertsIntoTrustStore(byteArrayInputStream, keyStore2, false);
                    } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                        throw e;
                    }
                }
            } catch (CertificateException e3) {
                if (byteArrayInputStream.available() > 0) {
                    throw e3;
                }
                LOG.debug("The trailing entry generated a certificate exception.  More than likely the contents end with comments.", (Throwable) e3);
            }
        }
        return keyStore;
    }

    public static KeyStore createKeyStore(InputStream inputStream, InputStream inputStream2, String str, char[] cArr, String str2, char[] cArr2) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(MTLSAuthentication.AUTH_MECHANISM_SCHEME).generateCertificates(inputStream);
        PrivateKey loadKey = loadKey(inputStream2, str);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (Utils.isNotNullOrEmpty(str2)) {
            FileInputStream fileInputStream = new FileInputStream(str2);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr2);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            loadDefaultKeyStoreFile(keyStore, cArr2);
        }
        keyStore.setKeyEntry((String) generateCertificates.stream().map(certificate -> {
            return ((X509Certificate) certificate).getIssuerX500Principal().getName();
        }).collect(Collectors.joining("_")), loadKey, cArr, (Certificate[]) generateCertificates.toArray(new Certificate[0]));
        return keyStore;
    }

    private static PrivateKey loadKey(InputStream inputStream, String str) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        if (str == null) {
            str = "RSA";
        }
        if (str.equals("EC")) {
            return handleECKey(inputStream);
        }
        if (str.equals("RSA")) {
            return handleOtherKeys(inputStream, str);
        }
        throw new InvalidKeySpecException("Unknown type of PKCS8 Private Key, tried RSA and ECDSA");
    }

    private static PrivateKey handleECKey(final InputStream inputStream) {
        try {
            return new Callable<PrivateKey>() { // from class: io.fabric8.kubernetes.client.internal.CertUtils.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public PrivateKey call() throws IOException {
                    if (Security.getProvider("BC") == null && Security.getProvider("BCFIPS") == null) {
                        new Callable<String>() { // from class: io.fabric8.kubernetes.client.internal.CertUtils.1.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.util.concurrent.Callable
                            public String call() {
                                Security.addProvider(new BouncyCastleProvider());
                                return null;
                            }
                        }.call();
                    }
                    Object readObject = new PEMParser(new InputStreamReader(inputStream)).readObject();
                    if (readObject == null) {
                        throw new KubernetesClientException("Got null PEM object from EC key's input stream.");
                    }
                    if (readObject instanceof PEMKeyPair) {
                        return new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) readObject).getPrivate();
                    }
                    if (readObject instanceof PrivateKeyInfo) {
                        return BouncyCastleProvider.getPrivateKey((PrivateKeyInfo) readObject);
                    }
                    throw new KubernetesClientException("Don't know what to do with a " + readObject.getClass().getName());
                }
            }.call();
        } catch (IOException e) {
            throw new KubernetesClientException(e.getMessage());
        } catch (NoClassDefFoundError e2) {
            throw new KubernetesClientException("JcaPEMKeyConverter is provided by BouncyCastle, an optional dependency. To use support for EC Keys you must explicitly add this dependency to classpath.");
        }
    }

    private static PrivateKey handleOtherKeys(InputStream inputStream, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] decodePem = decodePem(inputStream);
        try {
            return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(decodePem));
        } catch (InvalidKeySpecException e) {
            return KeyFactory.getInstance(str).generatePrivate(PKCS1Util.decodePKCS1(decodePem));
        }
    }

    private static void loadDefaultTrustStoreFile(KeyStore keyStore, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (loadDefaultStoreFile(keyStore, getDefaultTrustStoreFile(), cArr)) {
            return;
        }
        keyStore.load(null);
    }

    private static File getDefaultTrustStoreFile() {
        String str = System.getProperty("java.home") + File.separator + "lib" + File.separator + OpenAPIDefinitionIO.PROP_SECURITY + File.separator;
        String property = System.getProperty("javax.net.ssl.trustStore");
        if (Utils.isNotNullOrEmpty(property)) {
            return new File(property);
        }
        File file = new File(str + "jssecacerts");
        return (file.exists() && file.isFile()) ? file : new File(str + "cacerts");
    }

    private static void loadDefaultKeyStoreFile(KeyStore keyStore, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        String property = System.getProperty("javax.net.ssl.keyStore");
        if (Utils.isNotNullOrEmpty(property) && loadDefaultStoreFile(keyStore, new File(property), cArr)) {
            return;
        }
        keyStore.load(null);
    }

    private static boolean loadDefaultStoreFile(KeyStore keyStore, File file, char[] cArr) {
        if (!file.exists() || !file.isFile() || file.length() == 0) {
            return false;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return true;
            } finally {
            }
        } catch (Exception e) {
            if ((cArr == null || cArr.length == 0) && (e.getCause() instanceof UnrecoverableKeyException)) {
                try {
                    FileInputStream fileInputStream2 = new FileInputStream(file);
                    Throwable th3 = null;
                    try {
                        try {
                            keyStore.load(fileInputStream2, KEY_STORE_DEFAULT_PASSWORD.toCharArray());
                            if (fileInputStream2 != null) {
                                if (0 != 0) {
                                    try {
                                        fileInputStream2.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    fileInputStream2.close();
                                }
                            }
                            return true;
                        } catch (Throwable th5) {
                            th3 = th5;
                            throw th5;
                        }
                    } finally {
                    }
                } catch (Exception e2) {
                    LOG.info("There is a problem with reading default keystore/truststore file {} - the file won't be loaded. The reason is: {}", file, e.getMessage());
                    return false;
                }
            }
            LOG.info("There is a problem with reading default keystore/truststore file {} - the file won't be loaded. The reason is: {}", file, e.getMessage());
            return false;
        }
    }

    public static KeyStore createKeyStore(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        return createKeyStore(getInputStreamFromDataOrFile(str, str2), getInputStreamFromDataOrFile(str3, str4), str5, str6.toCharArray(), str7, getPassphrase("javax.net.ssl.keyStorePassword", str8));
    }

    private static char[] getPassphrase(String str, String str2) {
        if (Utils.isNullOrEmpty(str2)) {
            str2 = System.getProperty(str, str2);
        }
        if (str2 != null) {
            return str2.toCharArray();
        }
        return null;
    }

    private static byte[] decodePem(InputStream inputStream) throws IOException {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        Throwable th = null;
        do {
            try {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    throw new IOException("PEM is invalid: no begin marker");
                }
            } catch (Throwable th2) {
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th2;
            }
        } while (!readLine.contains("-----BEGIN "));
        byte[] readBytes = readBytes(bufferedReader, readLine.trim().replace("BEGIN", "END"));
        if (bufferedReader != null) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                bufferedReader.close();
            }
        }
        return readBytes;
    }

    private static byte[] readBytes(BufferedReader bufferedReader, String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException("PEM is invalid : No end marker");
            }
            if (readLine.indexOf(str) != -1) {
                return Base64.getDecoder().decode(stringBuffer.toString());
            }
            stringBuffer.append(readLine.trim());
        }
    }

    private static ByteArrayInputStream createInputStreamFromBase64EncodedString(String str) {
        byte[] bytes;
        try {
            bytes = Base64.getDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            bytes = str.getBytes();
        }
        return new ByteArrayInputStream(bytes);
    }
}
