package org.jolokia.jvmagent.security;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.Iterator;
import org.jolokia.Version;
import org.jolokia.jvmagent.security.asn1.DERBitString;
import org.jolokia.jvmagent.security.asn1.DERDirect;
import org.jolokia.jvmagent.security.asn1.DERInteger;
import org.jolokia.jvmagent.security.asn1.DERNull;
import org.jolokia.jvmagent.security.asn1.DERObject;
import org.jolokia.jvmagent.security.asn1.DERObjectIdentifier;
import org.jolokia.jvmagent.security.asn1.DEROctetString;
import org.jolokia.jvmagent.security.asn1.DERSequence;
import org.jolokia.jvmagent.security.asn1.DERSet;
import org.jolokia.jvmagent.security.asn1.DERTaggedObject;
import org.jolokia.jvmagent.security.asn1.DERUtcTime;
import org.jolokia.util.Base64Util;

/* loaded from: input_file:WEB-INF/lib/jolokia-jvm-1.7.0.jar:org/jolokia/jvmagent/security/KeyStoreUtil.class */
public class KeyStoreUtil {
    private KeyStoreUtil() {
    }

    public static void updateWithCaPem(KeyStore keyStore, File file) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X509").generateCertificates(fileInputStream).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            }
        } finally {
            fileInputStream.close();
        }
    }

    public static void updateWithServerPems(KeyStore keyStore, File file, File file2, String str, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        Key generatePrivate;
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
            byte[] decodePem = decodePem(file2);
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            try {
                generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodePem));
            } catch (InvalidKeySpecException e) {
                generatePrivate = keyFactory.generatePrivate(PKCS1Util.decodePKCS1(decodePem));
            }
            keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), generatePrivate, cArr, new Certificate[]{x509Certificate});
            fileInputStream.close();
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static void updateWithSelfSignedServerCertificate(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        String[] strArr = {"Jolokia Agent " + Version.getAgentVersion(), "JVM", "jolokia.org", "Pegnitz", "Franconia", "DE"};
        KeyPair createKeyPair = createKeyPair();
        keyStore.setKeyEntry("jolokia-agent", createKeyPair.getPrivate(), new char[0], new X509Certificate[]{getSelfCertificate(createKeyPair, strArr, new Date(), 315360000L)});
    }

    private static KeyPair createKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }

    private static X509Certificate getSelfCertificate(KeyPair keyPair, String[] strArr, Date date, long j) {
        DERTaggedObject dERTaggedObject = new DERTaggedObject(DERTaggedObject.TagClass.ContextSpecific, false, 0, new DERInteger(2));
        DERInteger dERInteger = new DERInteger(85165814);
        DERSequence dERSequence = new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_sha1WithRSAEncryption), new DERNull()});
        DERSequence dERSequence2 = new DERSequence(new DERObject[]{new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_countryName), new DEROctetString((byte) 19, strArr[5])})}), new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_stateOrProvinceName), new DEROctetString((byte) 19, strArr[4])})}), new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_localityName), new DEROctetString((byte) 19, strArr[3])})}), new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_organizationName), new DEROctetString((byte) 19, strArr[2])})}), new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_organizationalUnitName), new DEROctetString((byte) 19, strArr[1])})}), new DERSet(new DERObject[]{new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_commonName), new DEROctetString((byte) 19, strArr[0])})})});
        DERSequence dERSequence3 = new DERSequence(new DERObject[]{dERTaggedObject, dERInteger, dERSequence, dERSequence2, new DERSequence(new DERObject[]{new DERUtcTime(date), new DERUtcTime(new Date(date.getTime() + j))}), dERSequence2, new DERDirect(keyPair.getPublic().getEncoded())});
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(keyPair.getPrivate(), SecureRandom.getInstance("SHA1PRNG"));
            signature.update(dERSequence3.getEncoded());
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(new DERSequence(new DERObject[]{dERSequence3, new DERSequence(new DERObject[]{new DERObjectIdentifier(DERObjectIdentifier.OID_sha1WithRSAEncryption), new DERNull()}), new DERBitString(signature.sign())}).getEncoded()));
        } catch (InvalidKeyException e) {
            throw new IllegalStateException("The getSelfCertificate-method threw an error.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("The getSelfCertificate-method threw an error.", e2);
        } catch (SignatureException e3) {
            throw new IllegalStateException("The getSelfCertificate-method threw an error.", e3);
        } catch (CertificateException e4) {
            throw new IllegalStateException("The getSelfCertificate-method threw an error.", e4);
        }
    }

    private static byte[] decodePem(File file) throws IOException {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        do {
            try {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    throw new IOException("PEM " + file + " is invalid: no begin marker");
                }
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        } while (!readLine.contains("-----BEGIN "));
        byte[] readBytes = readBytes(file, bufferedReader, readLine.trim().replace("BEGIN", "END"));
        bufferedReader.close();
        return readBytes;
    }

    private static byte[] readBytes(File file, BufferedReader bufferedReader, String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException(file + " is invalid : No end marker");
            }
            if (readLine.indexOf(str) != -1) {
                return Base64Util.decode(stringBuffer.toString());
            }
            stringBuffer.append(readLine.trim());
        }
    }
}
