package com.datastax.bdp.util;

import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.security.KeyStoreUtil;
import com.diffplug.common.base.Suppliers;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.Enumeration;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/util/SSLUtil.class */
public class SSLUtil {
    public static final Supplier<String[]> DEFAULT_CIPHER_SUITES = Suppliers.memoize(() -> {
        try {
            return SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Cannot get the default set of cipher suites.", e);
        }
    });
    private static final Logger LOGGER = LoggerFactory.getLogger(SSLUtil.class);

    /* loaded from: input_file:com/datastax/bdp/util/SSLUtil$PemHeader.class */
    public enum PemHeader {
        CERTIFICATE("CERTIFICATE"),
        PRIVATE_KEY("PRIVATE KEY");

        private final String header;

        PemHeader(String str) {
            this.header = str;
        }

        public String getBegin() {
            return String.format("-----BEGIN %s-----", this.header);
        }

        public String getEnd() {
            return String.format("-----END %s-----", this.header);
        }
    }

    public static TrustManagerFactory initTrustManagerFactory(@Nullable String str, @Nullable String str2, @Nullable String str3) throws IOException, GeneralSecurityException {
        return initTrustManagerFactory(str == null ? null : KeyStoreUtil.loadTrustStore(str, str2, str3));
    }

    public static TrustManagerFactory initTrustManagerFactory(@Nullable KeyStore keyStore) throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static KeyManagerFactory initKeyManagerFactory(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4) throws IOException, GeneralSecurityException {
        return initKeyManagerFactory(str == null ? null : KeyStoreUtil.loadKeyStore(str, str2, str3), str4);
    }

    public static KeyManagerFactory initKeyManagerFactory(@Nullable KeyStore keyStore, @Nullable String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory;
    }

    public static SSLContext initSSLContext(@Nullable TrustManagerFactory trustManagerFactory, @Nullable KeyManagerFactory keyManagerFactory, @Nonnull String str) throws GeneralSecurityException {
        TrustManager[] trustManagers = trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
        KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null;
        SSLContext sSLContext = SSLContext.getInstance(str);
        sSLContext.init(keyManagers, trustManagers, new SecureRandom());
        return sSLContext;
    }

    public static Optional<SSLContext> createSSLContext(@Nonnull ClientConfiguration clientConfiguration) throws IOException, GeneralSecurityException {
        if (!clientConfiguration.isSslEnabled()) {
            return Optional.empty();
        }
        TrustManagerFactory initTrustManagerFactory = initTrustManagerFactory(clientConfiguration.getSslTruststorePath(), clientConfiguration.getSslTruststoreType(), clientConfiguration.getSslTruststorePassword());
        KeyManagerFactory keyManagerFactory = null;
        if (clientConfiguration.isKeyStoreConfigured()) {
            keyManagerFactory = initKeyManagerFactory(clientConfiguration.getSslKeystorePath(), clientConfiguration.getSslKeystoreType(), clientConfiguration.getSslKeystorePassword(), clientConfiguration.getSslKeystorePassword());
        }
        return Optional.of(initSSLContext(initTrustManagerFactory, keyManagerFactory, clientConfiguration.getSslProtocol()));
    }

    public static KeyStore makeTrustStoreFromKeyStore(@Nullable String str, @Nullable String str2, @Nullable String str3) throws IOException, GeneralSecurityException {
        KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(str, str2, str3);
        String orDefaultTrustStoreType = getOrDefaultTrustStoreType(loadKeyStore.getType());
        LOGGER.info("Make truststore of type {} using keystore {}", orDefaultTrustStoreType, str);
        KeyStore keyStore = KeyStore.getInstance(orDefaultTrustStoreType);
        keyStore.load(null, null);
        Enumeration<String> aliases = loadKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = loadKeyStore.getCertificate(nextElement);
            if (certificate != null) {
                keyStore.setCertificateEntry(nextElement, certificate);
            }
        }
        return keyStore;
    }

    public static byte[] exportTruststore(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        KeyStore makeTrustStoreFromKeyStore = makeTrustStoreFromKeyStore(str, str2, str3);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            makeTrustStoreFromKeyStore.store(byteArrayOutputStream, new char[0]);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            return byteArray;
        } catch (Throwable th3) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public static String saveTruststore(@Nonnull byte[] bArr, @Nonnull String str, @Nonnull Path path, @Nullable String str2, boolean z) {
        String str3 = str2;
        if (str3 == null) {
            try {
                byte[] bArr2 = new byte[16];
                new SecureRandom().nextBytes(bArr2);
                str3 = new BigInteger(bArr2).toString(36);
            } catch (Exception e) {
                throw new RuntimeException("Failed to save truststore to " + path, e);
            }
        }
        KeyStore keyStore = KeyStore.getInstance(getOrDefaultTrustStoreType(str));
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            try {
                keyStore.load(byteArrayInputStream, new char[0]);
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                Set<PosixFilePermission> fromString = PosixFilePermissions.fromString("rwx------");
                if (!Files.exists(path, new LinkOption[0])) {
                    Files.createFile(path, PosixFilePermissions.asFileAttribute(fromString));
                    z = true;
                }
                OutputStream newOutputStream = Files.newOutputStream(path, FileUtil.fileWriteOpts(z));
                Throwable th3 = null;
                try {
                    try {
                        keyStore.store(newOutputStream, str3.toCharArray());
                        if (newOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    newOutputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                newOutputStream.close();
                            }
                        }
                        return str3;
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    public static void savePem(byte[] bArr, Path path, PemHeader pemHeader) {
        try {
            Files.createFile(path, PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-------")));
            OutputStream newOutputStream = Files.newOutputStream(path, FileUtil.fileWriteOpts(true));
            Throwable th = null;
            try {
                PrintStream printStream = new PrintStream(newOutputStream, true);
                Base64.Encoder mimeEncoder = Base64.getMimeEncoder();
                printStream.println(pemHeader.getBegin());
                printStream.println(mimeEncoder.encodeToString(bArr));
                printStream.println(pemHeader.getEnd());
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to save PEM data to " + path, e);
        }
    }

    public static Optional<byte[]> getCertificateFromTrustStore(@Nonnull String str, @Nullable String str2, @Nullable String str3, Optional<String> optional) {
        try {
            return getCertificate(KeyStoreUtil.loadTrustStore(str, str2, str3), optional);
        } catch (Exception e) {
            throw new RuntimeException(String.format("Cannot get certificate from truststore %s type %s", str, str2), e);
        }
    }

    public static Optional<byte[]> getCertificateFromKeyStore(@Nullable String str, @Nullable String str2, @Nullable String str3, Optional<String> optional) {
        try {
            return getCertificate(KeyStoreUtil.loadKeyStore(str, str2, str3), optional);
        } catch (Exception e) {
            throw new RuntimeException(String.format("Cannot get certificate from keystore %s type %s", str, str2), e);
        }
    }

    private static Optional<byte[]> getCertificate(@Nonnull KeyStore keyStore, Optional<String> optional) {
        Certificate certificate;
        try {
            Optional<String> alias = getAlias(optional, keyStore.aliases());
            return (!alias.isPresent() || (certificate = keyStore.getCertificate(alias.get())) == null) ? Optional.empty() : Optional.of(certificate.getEncoded());
        } catch (Exception e) {
            throw new RuntimeException("Failed to retrieve a certificate", e);
        }
    }

    public static Optional<byte[]> getKeyFromKeyStore(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, Optional<String> optional) {
        try {
            return getKey(KeyStoreUtil.loadKeyStore(str, str2, str3), str4, optional);
        } catch (Exception e) {
            throw new RuntimeException(String.format("Cannot get key from keystore %s type %s", str, str2), e);
        }
    }

    private static Optional<byte[]> getKey(@Nonnull KeyStore keyStore, @Nullable String str, Optional<String> optional) {
        try {
            Optional<String> alias = getAlias(optional, keyStore.aliases());
            if (alias.isPresent()) {
                Key key = keyStore.getKey(alias.get(), str != null ? str.toCharArray() : null);
                if (key != null) {
                    return Optional.of(key.getEncoded());
                }
            }
            return Optional.empty();
        } catch (Exception e) {
            throw new RuntimeException("Failed to retrieve a key", e);
        }
    }

    public static String[] toStringArray(List<String> list) {
        if (list == null) {
            return null;
        }
        return (String[]) list.toArray(new String[0]);
    }

    private static Optional<String> getAlias(Optional<String> optional, Enumeration<String> enumeration) {
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            if (!optional.isPresent()) {
                return Optional.of(nextElement);
            }
            if (optional.get().equals(nextElement)) {
                return optional;
            }
        }
        return Optional.empty();
    }

    private static String getOrDefaultTrustStoreType(String str) {
        if (!KeyStoreUtil.isPKCS11(str)) {
            return str;
        }
        LOGGER.warn("Truststore type {} is not supported. {} is used.", str, "JKS");
        return "JKS";
    }
}
