package org.apache.commons.ssl;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.cassandra.auth.IAuthenticator;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.ssl.asn1.ASN1EncodableVector;
import org.apache.commons.ssl.asn1.DERInteger;
import org.apache.commons.ssl.asn1.DERSequence;

/* loaded from: input_file:org/apache/commons/ssl/KeyStoreBuilder.class */
public class KeyStoreBuilder {
    private static final String PKCS7_ENCRYPTED = "1.2.840.113549.1.7.6";

    /* loaded from: input_file:org/apache/commons/ssl/KeyStoreBuilder$BuildResult.class */
    public static class BuildResult {
        protected final List keys;
        protected final List chains;
        protected final KeyStore jks;

        protected BuildResult(List list, List list2, KeyStore keyStore) {
            if (list == null || list.isEmpty()) {
                this.keys = null;
            } else {
                this.keys = Collections.unmodifiableList(list);
            }
            this.jks = keyStore;
            LinkedList linkedList = new LinkedList();
            if (list2 != null) {
                Iterator it = list2.iterator();
                while (it.hasNext()) {
                    Certificate[] certificateArr = (Certificate[]) it.next();
                    if (certificateArr != null && certificateArr.length > 0) {
                        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
                        for (int i = 0; i < x509CertificateArr.length; i++) {
                            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
                        }
                        linkedList.add(x509CertificateArr);
                    }
                }
            }
            if (linkedList == null || linkedList.isEmpty()) {
                this.chains = null;
            } else {
                this.chains = Collections.unmodifiableList(linkedList);
            }
        }
    }

    public static KeyStore build(byte[] bArr, char[] cArr) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, ProbablyBadPasswordException, UnrecoverableKeyException {
        return build(bArr, null, cArr);
    }

    public static KeyStore build(byte[] bArr, byte[] bArr2, char[] cArr) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, ProbablyBadPasswordException, UnrecoverableKeyException {
        return build(bArr, bArr2, cArr, null);
    }

    public static KeyStore build(byte[] bArr, byte[] bArr2, char[] cArr, char[] cArr2) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, ProbablyBadPasswordException, UnrecoverableKeyException {
        if (cArr2 == null || cArr2.length <= 0) {
            cArr2 = cArr;
        }
        BuildResult parse = parse(bArr, cArr, cArr2);
        BuildResult buildResult = null;
        KeyStore keyStore = null;
        if (parse.jks != null) {
            keyStore = parse.jks;
        } else if (bArr2 != null && bArr2.length > 0) {
            buildResult = parse(bArr2, cArr, cArr2);
            if (buildResult.jks != null) {
                keyStore = buildResult.jks;
            }
        }
        if (keyStore != null) {
            parse = validate(keyStore, cArr2);
            if (parse == null) {
                return keyStore;
            }
        }
        List list = parse.keys;
        List list2 = parse.chains;
        if ((list == null || list2 == null || list.isEmpty() || list2.isEmpty()) && buildResult != null) {
            if (buildResult.keys != null && !buildResult.keys.isEmpty()) {
                list = buildResult.keys;
            }
            if (list2 == null || list2.isEmpty()) {
                list2 = buildResult.chains;
            }
        }
        if (list == null || list2 == null || list.isEmpty() || list2.isEmpty()) {
            String str = list == null ? " [Private key missing (bad password?)]" : "";
            if (list2 == null) {
                str = new StringBuffer().append(str).append(" [Certificate chain missing]").toString();
            }
            throw new KeyStoreException(new StringBuffer().append("Can't build keystore:").append(str).toString());
        }
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore2.load(null, cArr);
        Iterator it = list.iterator();
        Iterator it2 = list2.iterator();
        int i = 1;
        while (it.hasNext() && it2.hasNext()) {
            Key key = (Key) it.next();
            Certificate[] certificateArr = (Certificate[]) it2.next();
            X509Certificate buildChain = buildChain(key, certificateArr);
            int i2 = i;
            i++;
            String stringBuffer = new StringBuffer().append("alias_").append(i2).toString();
            if (buildChain != null) {
                certificateArr = Certificates.trimChain(certificateArr);
                stringBuffer = Certificates.getCN(buildChain).replace(' ', '_');
            }
            keyStore2.setKeyEntry(stringBuffer, key, cArr2, certificateArr);
        }
        return keyStore2;
    }

    public static X509Certificate buildChain(Key key, Certificate[] certificateArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        X509Certificate x509Certificate = null;
        if (key instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
            BigInteger publicExponent = rSAPrivateCrtKey.getPublicExponent();
            BigInteger modulus = rSAPrivateCrtKey.getModulus();
            for (Certificate certificate : certificateArr) {
                X509Certificate x509Certificate2 = (X509Certificate) certificate;
                PublicKey publicKey = x509Certificate2.getPublicKey();
                if (publicKey instanceof RSAPublicKey) {
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                    BigInteger publicExponent2 = rSAPublicKey.getPublicExponent();
                    BigInteger modulus2 = rSAPublicKey.getModulus();
                    if (publicExponent.equals(publicExponent2) && modulus.equals(modulus2)) {
                        x509Certificate = x509Certificate2;
                    }
                }
            }
            if (x509Certificate == null) {
                throw new KeyStoreException("Can't build keystore: [No certificates belong to the private-key]");
            }
            X509Certificate[] buildPath = X509CertificateChainBuilder.buildPath(x509Certificate, certificateArr);
            Arrays.fill(certificateArr, (Object) null);
            System.arraycopy(buildPath, 0, certificateArr, 0, buildPath.length);
        }
        return x509Certificate;
    }

    public static BuildResult validate(KeyStore keyStore, char[] cArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, UnrecoverableKeyException {
        Enumeration<String> aliases = keyStore.aliases();
        boolean z = false;
        boolean z2 = false;
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                try {
                    PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
                    z = true;
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain != null) {
                        X509Certificate[] x509ifyChain = Certificates.x509ifyChain(certificateChain);
                        if (buildChain(privateKey, x509ifyChain) != null) {
                            x509ifyChain = (X509Certificate[]) Certificates.trimChain(x509ifyChain);
                            keyStore.deleteEntry(nextElement);
                            keyStore.setKeyEntry(nextElement, privateKey, cArr, x509ifyChain);
                        }
                        linkedList.add(privateKey);
                        linkedList2.add(x509ifyChain);
                    }
                } catch (GeneralSecurityException e) {
                    z2 = true;
                }
            }
        }
        if (!z) {
            throw new KeyStoreException("No private keys found in keystore!");
        }
        if (z2) {
            return new BuildResult(linkedList, linkedList2, null);
        }
        return null;
    }

    public static BuildResult parse(byte[] bArr, char[] cArr, char[] cArr2) throws IOException, CertificateException, KeyStoreException, ProbablyBadPasswordException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        PrivateKey privateKey = null;
        X509Certificate[] x509CertificateArr = null;
        try {
            privateKey = new PKCS8Key(bArr, cArr).getPrivateKey();
        } catch (ProbablyBadPasswordException e) {
            throw e;
        } catch (GeneralSecurityException e2) {
        }
        LinkedList linkedList = new LinkedList();
        for (PEMItem pEMItem : PEMUtil.decode(bArr)) {
            byte[] derBytes = pEMItem.getDerBytes();
            String upperCase = pEMItem.pemType.trim().toUpperCase();
            if (upperCase.startsWith("CERT") || upperCase.startsWith("X509") || upperCase.startsWith("PKCS7")) {
                linkedList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(derBytes)));
            }
            x509CertificateArr = toChain(linkedList);
        }
        if (x509CertificateArr != null || privateKey != null) {
            return new BuildResult(privateKey != null ? Collections.singletonList(privateKey) : null, x509CertificateArr != null ? Collections.singletonList(x509CertificateArr) : null, null);
        }
        boolean z = false;
        boolean z2 = false;
        ASN1Structure aSN1Structure = null;
        try {
            aSN1Structure = ASN1Util.analyze(bArr);
            z2 = true;
            z = aSN1Structure.oids.contains(PKCS7_ENCRYPTED);
            if (!z && aSN1Structure.bigPayload != null) {
                aSN1Structure = ASN1Util.analyze(aSN1Structure.bigPayload);
                z = aSN1Structure.oids.contains(PKCS7_ENCRYPTED);
            }
        } catch (Exception e3) {
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        BuildResult tryJKS = tryJKS(KeyStore.getDefaultType(), byteArrayInputStream, cArr, cArr2);
        if (tryJKS == null) {
            tryJKS = tryJKS("jks", byteArrayInputStream, cArr, cArr2);
            if (tryJKS == null) {
                tryJKS = tryJKS("jceks", byteArrayInputStream, cArr, cArr2);
                if (tryJKS == null) {
                    tryJKS = tryJKS("BKS", byteArrayInputStream, cArr, cArr2);
                    if (tryJKS == null) {
                        tryJKS = tryJKS("UBER", byteArrayInputStream, cArr, cArr2);
                    }
                }
            }
        }
        if (tryJKS != null) {
            return tryJKS;
        }
        if (!z2) {
            byteArrayInputStream.reset();
            try {
                LinkedList linkedList2 = new LinkedList();
                Iterator<? extends Certificate> it = certificateFactory.generateCertificates(byteArrayInputStream).iterator();
                while (it.hasNext()) {
                    linkedList2.add((X509Certificate) it.next());
                }
                X509Certificate[] chain = toChain(linkedList2);
                if (chain != null && chain.length > 0) {
                    return new BuildResult(null, Collections.singletonList(chain), null);
                }
            } catch (CertificateException e4) {
            }
            byteArrayInputStream.reset();
            try {
                X509Certificate[] chain2 = toChain(Collections.singleton((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream)));
                if (chain2 != null && chain2.length > 0) {
                    return new BuildResult(null, Collections.singletonList(chain2), null);
                }
            } catch (CertificateException e5) {
            }
        } else if (z) {
            return tryJKS("pkcs12", byteArrayInputStream, cArr, null);
        }
        BuildResult tryJKS2 = tryJKS("pkcs12", byteArrayInputStream, cArr, null);
        if (tryJKS2 == null) {
            throw new KeyStoreException("failed to extract any certificates or private keys - maybe bad password?");
        }
        System.out.println("Please report bug!");
        System.out.println("PKCS12 detection failed to realize this was PKCS12!");
        System.out.println(aSN1Structure);
        return tryJKS2;
    }

    private static BuildResult tryJKS(String str, ByteArrayInputStream byteArrayInputStream, char[] cArr, char[] cArr2) throws ProbablyBadPasswordException {
        byteArrayInputStream.reset();
        if (cArr2 == null || cArr2.length <= 0) {
            cArr2 = cArr;
        }
        String lowerCase = str.trim().toLowerCase();
        boolean equalsIgnoreCase = "pkcs12".equalsIgnoreCase(lowerCase);
        try {
            Key key = null;
            Certificate[] certificateArr = null;
            UnrecoverableKeyException unrecoverableKeyException = null;
            KeyStore keyStore = KeyStore.getInstance(lowerCase);
            keyStore.load(byteArrayInputStream, cArr);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    try {
                        key = keyStore.getKey(nextElement, cArr2);
                        if (key != null && (key instanceof PrivateKey)) {
                            certificateArr = keyStore.getCertificateChain(nextElement);
                            break;
                        }
                    } catch (UnrecoverableKeyException e) {
                        unrecoverableKeyException = e;
                    } catch (GeneralSecurityException e2) {
                    }
                }
                if (equalsIgnoreCase && aliases.hasMoreElements()) {
                    System.out.println("what kind of weird pkcs12 file has more than one alias?");
                }
            }
            if (key == null && unrecoverableKeyException != null) {
                throw new ProbablyBadPasswordException(new StringBuffer().append("Probably bad JKS-Key password: ").append(unrecoverableKeyException).toString());
            }
            if (equalsIgnoreCase) {
                keyStore = null;
            }
            return new BuildResult(Collections.singletonList(key), Collections.singletonList(certificateArr), keyStore);
        } catch (IOException e3) {
            String message = e3.getMessage();
            String lowerCase2 = message != null ? message.trim().toLowerCase() : "";
            if (equalsIgnoreCase) {
                if (Math.max(lowerCase2.indexOf("failed to decrypt"), lowerCase2.indexOf("verify mac")) >= 0) {
                    throw new ProbablyBadPasswordException(new StringBuffer().append("Probably bad PKCS12 password: ").append(e3).toString());
                }
                return null;
            }
            if (lowerCase2.indexOf(IAuthenticator.PASSWORD_KEY) >= 0) {
                throw new ProbablyBadPasswordException(new StringBuffer().append("Probably bad JKS password: ").append(e3).toString());
            }
            return null;
        } catch (ProbablyBadPasswordException e4) {
            throw e4;
        } catch (GeneralSecurityException e5) {
            return null;
        }
    }

    private static X509Certificate[] toChain(Collection collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[collection.size()];
        collection.toArray(x509CertificateArr);
        return x509CertificateArr;
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length < 2) {
            System.out.println("KeyStoreBuilder:  creates '[alias].jks' (Java Key Store)");
            System.out.println("    -topk8 mode:  creates '[alias].pem' (x509 chain + unencrypted pkcs8)");
            System.out.println("[alias] will be set to the first CN value of the X509 certificate.");
            System.out.println("-------------------------------------------------------------------");
            System.out.println("Usage1: [password] [file:pkcs12]");
            System.out.println("Usage2: [password] [file:private-key] [file:certificate-chain]");
            System.out.println("Usage3: -topk8 [password] [file:jks]");
            System.out.println("-------------------------------------------------------------------");
            System.out.println("[private-key] can be openssl format, or pkcs8.");
            System.out.println("[password] decrypts [private-key], and also encrypts outputted JKS file.");
            System.out.println("All files can be PEM or DER.");
            System.exit(1);
        }
        char[] charArray = strArr[0].toCharArray();
        boolean z = false;
        if ("-topk8".equalsIgnoreCase(strArr[0])) {
            z = true;
            charArray = strArr[1].toCharArray();
            strArr[1] = strArr[2];
            strArr[2] = null;
        }
        byte[] streamToBytes = Util.streamToBytes(new FileInputStream(strArr[1]));
        byte[] bArr = null;
        if (strArr.length > 2 && strArr[2] != null) {
            bArr = Util.streamToBytes(new FileInputStream(strArr[2]));
        }
        KeyStore build = build(streamToBytes, bArr, charArray);
        Enumeration<String> aliases = build.aliases();
        String str = "keystorebuilder";
        int i = 0;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            try {
                byte[] encoded = ((PrivateKey) build.getKey(nextElement, charArray)).getEncoded();
                int length = encoded != null ? encoded.length : 0;
                if (length >= i) {
                    i = length;
                    str = nextElement;
                }
            } catch (Exception e) {
            }
        }
        String str2 = z ? ".pem" : ".jks";
        String str3 = str;
        Certificate[] certificateChain = build.getCertificateChain(str);
        if (certificateChain != null && certificateChain[0] != null) {
            String cn = Certificates.getCN((X509Certificate) certificateChain[0]);
            String trim = cn != null ? cn.trim() : "";
            if (!"".equals(trim)) {
                str3 = trim;
            }
        }
        File file = new File(new StringBuffer().append(str3).append(str2).toString());
        int i2 = 1;
        while (file.exists()) {
            file = new File(new StringBuffer().append(str).append("_").append(i2).append(str2).toString());
            i2++;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        if (z) {
            LinkedList linkedList = new LinkedList();
            PrivateKey privateKey = (PrivateKey) build.getKey(str, charArray);
            Certificate[] certificateChain2 = build.getCertificateChain(str);
            byte[] bArr2 = null;
            if (privateKey instanceof RSAPrivateCrtKey) {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new DERInteger(BigInteger.ZERO));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getModulus()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPublicExponent()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPrivateExponent()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPrimeP()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPrimeQ()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPrimeExponentP()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getPrimeExponentQ()));
                aSN1EncodableVector.add(new DERInteger(rSAPrivateCrtKey.getCrtCoefficient()));
                bArr2 = new PKCS8Key(PKCS8Key.encode(new DERSequence(aSN1EncodableVector)), (char[]) null).getDecryptedBytes();
            } else if (privateKey instanceof DSAPrivateKey) {
                DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
                DSAParams params = dSAPrivateKey.getParams();
                BigInteger g = params.getG();
                BigInteger p = params.getP();
                BigInteger q = params.getQ();
                BigInteger x = dSAPrivateKey.getX();
                BigInteger modPow = q.modPow(x, p);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new DERInteger(BigInteger.ZERO));
                aSN1EncodableVector2.add(new DERInteger(p));
                aSN1EncodableVector2.add(new DERInteger(q));
                aSN1EncodableVector2.add(new DERInteger(g));
                aSN1EncodableVector2.add(new DERInteger(modPow));
                aSN1EncodableVector2.add(new DERInteger(x));
                bArr2 = new PKCS8Key(PKCS8Key.encode(new DERSequence(aSN1EncodableVector2)), (char[]) null).getDecryptedBytes();
            }
            if (certificateChain2 != null && certificateChain2.length > 0) {
                for (Certificate certificate : certificateChain2) {
                    linkedList.add(new PEMItem(((X509Certificate) certificate).getEncoded(), "CERTIFICATE"));
                }
            }
            if (bArr2 != null) {
                linkedList.add(new PEMItem(bArr2, PKCS8Key.PKCS8_UNENCRYPTED));
            }
            fileOutputStream.write(PEMUtil.encode(linkedList));
        } else {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, charArray);
            keyStore.setKeyEntry(str, build.getKey(str, charArray), charArray, build.getCertificateChain(str));
            keyStore.store(fileOutputStream, charArray);
        }
        fileOutputStream.flush();
        fileOutputStream.close();
        System.out.println(new StringBuffer().append("Successfuly wrote: [").append(file.getPath()).append(DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END).toString());
    }
}
