package org.apache.accumulo.test.util;

import com.beust.jcommander.JCommander;
import com.beust.jcommander.Parameter;
import com.google.common.base.Predicate;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.apache.accumulo.core.cli.Help;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.DefaultConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.conf.SiteConfiguration;
import org.apache.commons.io.FileExistsException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/test/util/CertUtils.class */
public class CertUtils {
    private static final Logger log = LoggerFactory.getLogger(CertUtils.class);
    private String issuerDirString;
    private String keystoreType;
    private String encryptionAlgorithm;
    private int keysize;
    private String signingAlgorithm;

    /* loaded from: input_file:org/apache/accumulo/test/util/CertUtils$Opts.class */
    static class Opts extends Help {

        @Parameter(description = "generate-all | generate-local | generate-self-trusted", required = true, arity = 1)
        List<String> operation = null;

        @Parameter(names = {"--local-keystore"}, description = "Target path for generated keystore")
        String localKeystore = null;

        @Parameter(names = {"--root-keystore"}, description = "Path to root truststore, generated with generate-all, or used for signing with generate-local")
        String rootKeystore = null;

        @Parameter(names = {"--root-truststore"}, description = "Target path for generated public root truststore")
        String truststore = null;

        @Parameter(names = {"--keystore-type"}, description = "Type of keystore file to use")
        String keystoreType = "JKS";

        @Parameter(names = {"--root-keystore-password"}, description = "Password for root keystore, falls back to --keystore-password if not provided")
        String rootKeystorePassword = null;

        @Parameter(names = {"--keystore-password"}, description = "Password used to encrypt keystores.  If omitted, the instance-wide secret will be used.  If specified, the password must also be explicitly configured in Accumulo.")
        String keystorePassword = null;

        @Parameter(names = {"--truststore-password"}, description = "Password used to encrypt the truststore. If omitted, empty password is used")
        String truststorePassword = "";

        @Parameter(names = {"--key-name-prefix"}, description = "Prefix for names of generated keys")
        String keyNamePrefix = CertUtils.class.getSimpleName();

        @Parameter(names = {"--issuer-rdn"}, description = "RDN string for issuer, for example: 'c=US,o=My Organization,cn=My Name'")
        String issuerDirString = "o=Apache Accumulo";

        @Parameter(names = {"--site-file"}, description = "Load configuration from the given site file")
        public String siteFile = null;

        @Parameter(names = {"--signing-algorithm"}, description = "Algorithm used to sign certificates")
        public String signingAlg = "SHA256WITHRSA";

        @Parameter(names = {"--encryption-algorithm"}, description = "Algorithm used to encrypt private keys")
        public String encryptionAlg = "RSA";

        @Parameter(names = {"--keysize"}, description = "Key size used by encryption algorithm")
        public int keysize = 2048;

        Opts() {
        }

        public AccumuloConfiguration getConfiguration() {
            return this.siteFile == null ? SiteConfiguration.getInstance(DefaultConfiguration.getInstance()) : new AccumuloConfiguration() { // from class: org.apache.accumulo.test.util.CertUtils.Opts.1
                Configuration xml = new Configuration();

                {
                    this.xml.addResource(new Path(Opts.this.siteFile));
                }

                public Iterator<Map.Entry<String, String>> iterator() {
                    TreeMap treeMap = new TreeMap();
                    Iterator it = DefaultConfiguration.getInstance().iterator();
                    while (it.hasNext()) {
                        Map.Entry entry = (Map.Entry) it.next();
                        treeMap.put(entry.getKey(), entry.getValue());
                    }
                    Iterator it2 = this.xml.iterator();
                    while (it2.hasNext()) {
                        Map.Entry entry2 = (Map.Entry) it2.next();
                        treeMap.put(entry2.getKey(), entry2.getValue());
                    }
                    return treeMap.entrySet().iterator();
                }

                public String get(Property property) {
                    String str = this.xml.get(property.getKey());
                    return str != null ? str : DefaultConfiguration.getInstance().get(property);
                }

                public void getProperties(Map<String, String> map, Predicate<String> predicate) {
                    Iterator<Map.Entry<String, String>> it = iterator();
                    while (it.hasNext()) {
                        Map.Entry<String, String> next = it.next();
                        if (predicate.apply(next.getKey())) {
                            map.put(next.getKey(), next.getValue());
                        }
                    }
                }
            };
        }
    }

    public static void main(String[] strArr) throws Exception {
        Opts opts = new Opts();
        opts.parseArgs(CertUtils.class.getName(), strArr, new Object[0]);
        String str = opts.operation.get(0);
        String str2 = opts.keystorePassword;
        if (str2 == null) {
            str2 = getDefaultKeyPassword();
        }
        String str3 = opts.rootKeystorePassword;
        if (str3 == null) {
            str3 = str2;
        }
        CertUtils certUtils = new CertUtils(opts.keystoreType, opts.issuerDirString, opts.encryptionAlg, opts.keysize, opts.signingAlg);
        if ("generate-all".equals(str)) {
            certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new File(opts.truststore), opts.keyNamePrefix, str3, str2, opts.truststorePassword);
            return;
        }
        if ("generate-local".equals(str)) {
            certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local", str2, opts.rootKeystore, str3);
            return;
        }
        if ("generate-self-trusted".equals(str)) {
            certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted", str2);
            return;
        }
        JCommander jCommander = new JCommander(opts);
        jCommander.setProgramName(CertUtils.class.getName());
        jCommander.usage();
        System.err.println("Unrecognized operation: " + opts.operation);
        System.exit(0);
    }

    private static String getDefaultKeyPassword() {
        return SiteConfiguration.getInstance(DefaultConfiguration.getInstance()).get(Property.INSTANCE_SECRET);
    }

    public CertUtils(String str, String str2, String str3, int i, String str4) {
        this.keystoreType = str;
        this.issuerDirString = str2;
        this.encryptionAlgorithm = str3;
        this.keysize = i;
        this.signingAlgorithm = str4;
    }

    public void createAll(File file, File file2, File file3, String str, String str2, String str3, String str4) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, OperatorCreationException, AccumuloSecurityException, NoSuchProviderException, UnrecoverableKeyException, FileNotFoundException {
        createSelfSignedCert(file, str + "-root", str2);
        createSignedCert(file2, str + "-local", str3, file.getAbsolutePath(), str2);
        createPublicCert(file3, str + "-public", file.getAbsolutePath(), str2, str4);
    }

    public void createPublicCert(File file, String str, String str2, String str3, String str4) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException {
        KeyStore keyStore;
        FileOutputStream fileOutputStream;
        Throwable th;
        KeyStore keyStore2 = KeyStore.getInstance(this.keystoreType);
        char[] charArray = str3.toCharArray();
        FileInputStream fileInputStream = new FileInputStream(str2);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(fileInputStream, charArray);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Certificate findCert = findCert(keyStore2);
                keyStore = KeyStore.getInstance(this.keystoreType);
                keyStore.load(null, null);
                keyStore.setCertificateEntry(str + "Cert", findCert);
                fileOutputStream = new FileOutputStream(file);
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    keyStore.store(fileOutputStream, str4.toCharArray());
                    if (fileOutputStream != null) {
                        if (0 == 0) {
                            fileOutputStream.close();
                            return;
                        }
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } catch (Throwable th7) {
                if (fileOutputStream != null) {
                    if (th != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (fileInputStream != null) {
                if (th2 != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th9;
        }
    }

    public void createSignedCert(File file, String str, String str2, String str3, String str4) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, OperatorCreationException, AccumuloSecurityException, UnrecoverableKeyException, NoSuchProviderException {
        char[] charArray;
        KeyStore keyStore;
        FileOutputStream fileOutputStream;
        Throwable th;
        KeyStore keyStore2 = KeyStore.getInstance(this.keystoreType);
        char[] charArray2 = str4.toCharArray();
        FileInputStream fileInputStream = new FileInputStream(str3);
        Throwable th2 = null;
        try {
            try {
                keyStore2.load(fileInputStream, charArray2);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                Certificate findCert = findCert(keyStore2);
                PrivateKey findPrivateKey = findPrivateKey(keyStore2, charArray2);
                KeyPair generateKeyPair = generateKeyPair();
                Certificate generateCert = generateCert(str, generateKeyPair, false, findCert.getPublicKey(), findPrivateKey);
                charArray = str2.toCharArray();
                keyStore = KeyStore.getInstance(this.keystoreType);
                keyStore.load(null, null);
                keyStore.setCertificateEntry(str + "Cert", generateCert);
                keyStore.setKeyEntry(str + "Key", generateKeyPair.getPrivate(), charArray, new Certificate[]{generateCert, findCert});
                fileOutputStream = new FileOutputStream(file);
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    keyStore.store(fileOutputStream, charArray);
                    if (fileOutputStream != null) {
                        if (0 == 0) {
                            fileOutputStream.close();
                            return;
                        }
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } catch (Throwable th7) {
                if (fileOutputStream != null) {
                    if (th != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (fileInputStream != null) {
                if (th2 != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th9;
        }
    }

    public void createSelfSignedCert(File file, String str, String str2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, OperatorCreationException, AccumuloSecurityException, NoSuchProviderException {
        if (file.exists()) {
            throw new FileExistsException(file);
        }
        KeyPair generateKeyPair = generateKeyPair();
        Certificate generateCert = generateCert(str, generateKeyPair, true, generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        char[] charArray = str2.toCharArray();
        KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry(str + "Cert", generateCert);
        keyStore.setKeyEntry(str + "Key", generateKeyPair.getPrivate(), charArray, new Certificate[]{generateCert});
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, charArray);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.encryptionAlgorithm);
        keyPairGenerator.initialize(this.keysize);
        return keyPairGenerator.generateKeyPair();
    }

    private X509CertificateObject generateCert(String str, KeyPair keyPair, boolean z, PublicKey publicKey, PrivateKey privateKey) throws IOException, CertIOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 100);
        BigInteger valueOf = BigInteger.valueOf(calendar.getTimeInMillis());
        X500Name x500Name = new X500Name(IETFUtils.rDNsFromString(this.issuerDirString, RFC4519Style.INSTANCE));
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, valueOf, calendar.getTime(), calendar2.getTime(), x500Name, keyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(z));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey));
        if (z) {
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(4));
        }
        return new X509CertificateObject(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.signingAlgorithm).build(privateKey)).toASN1Structure());
    }

    static Certificate findCert(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        Certificate certificate = null;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                if (certificate == null) {
                    certificate = keyStore.getCertificate(nextElement);
                } else {
                    log.warn("Found multiple certificates in keystore.  Ignoring " + nextElement);
                }
            }
        }
        if (certificate == null) {
            throw new KeyStoreException("Could not find cert in keystore");
        }
        return certificate;
    }

    static PrivateKey findPrivateKey(KeyStore keyStore, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        Enumeration<String> aliases = keyStore.aliases();
        PrivateKey privateKey = null;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                if (privateKey == null) {
                    privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
                } else {
                    log.warn("Found multiple keys in keystore.  Ignoring " + nextElement);
                }
            }
        }
        if (privateKey == null) {
            throw new KeyStoreException("Could not find private key in keystore");
        }
        return privateKey;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
