package com.twitter.finagle.ssl;

import ch.qos.logback.core.net.ssl.SSL;
import com.twitter.io.Files$;
import com.twitter.io.StreamIO$;
import com.twitter.io.TempDirectory$;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.util.Random;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$any2stringadd$;
import scala.Some;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.StringBuilder;
import scala.runtime.BoxedUnit;
import scala.runtime.RichInt$;

/* compiled from: PEMEncodedKeyManager.scala */
/* loaded from: input_file:com/twitter/finagle/ssl/PEMEncodedKeyManager$.class */
public final class PEMEncodedKeyManager$ {
    public static final PEMEncodedKeyManager$ MODULE$ = null;

    static {
        new PEMEncodedKeyManager$();
    }

    public KeyManager[] apply(String str, String str2, Option<String> option) {
        return makeKeystore(Files$.MODULE$.readBytes(new File(str), Files$.MODULE$.readBytes$default$2()), Files$.MODULE$.readBytes(new File(str2), Files$.MODULE$.readBytes$default$2()), option.map(new PEMEncodedKeyManager$$anonfun$apply$1()));
    }

    private char[] secret(int i) {
        Random random = new Random();
        random.setSeed(System.currentTimeMillis());
        char[] cArr = new char[i];
        RichInt$.MODULE$.until$extension0(Predef$.MODULE$.intWrapper(0), i).foreach$mVc$sp(new PEMEncodedKeyManager$$anonfun$secret$1(random, cArr));
        return cArr;
    }

    private KeyManager[] makeKeystore(byte[] bArr, byte[] bArr2, Option<byte[]> option) {
        File create = TempDirectory$.MODULE$.create(TempDirectory$.MODULE$.create$default$1());
        Shell$.MODULE$.run(new String[]{"chmod", "0700", create.getAbsolutePath()});
        char[] secret = secret(24);
        String str = new String(secret);
        String str2 = new String(secret(12));
        String stringBuilder = new StringBuilder().append((Object) Predef$any2stringadd$.MODULE$.$plus$extension(Predef$.MODULE$.any2stringadd(create), File.separator)).append((Object) new StringOps(Predef$.MODULE$.augmentString("%s.pem")).format(Predef$.MODULE$.genericWrapArray(new Object[]{str2}))).toString();
        String stringBuilder2 = new StringBuilder().append((Object) Predef$any2stringadd$.MODULE$.$plus$extension(Predef$.MODULE$.any2stringadd(create), File.separator)).append((Object) new StringOps(Predef$.MODULE$.augmentString("%s.p12")).format(Predef$.MODULE$.genericWrapArray(new Object[]{str2}))).toString();
        String stringBuilder3 = new StringBuilder().append((Object) Predef$any2stringadd$.MODULE$.$plus$extension(Predef$.MODULE$.any2stringadd(create), File.separator)).append((Object) new StringOps(Predef$.MODULE$.augmentString("%s.jks")).format(Predef$.MODULE$.genericWrapArray(new Object[]{str2}))).toString();
        FileOutputStream fileOutputStream = new FileOutputStream(new File(stringBuilder));
        if (option instanceof Some) {
            StreamIO$.MODULE$.copy(new ByteArrayInputStream((byte[]) ((Some) option).x()), fileOutputStream, StreamIO$.MODULE$.copy$default$3());
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (!None$.MODULE$.equals(option)) {
                throw new MatchError(option);
            }
            StreamIO$.MODULE$.copy(new ByteArrayInputStream(bArr), fileOutputStream, StreamIO$.MODULE$.copy$default$3());
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
        StreamIO$.MODULE$.copy(new ByteArrayInputStream(bArr2), fileOutputStream, StreamIO$.MODULE$.copy$default$3());
        fileOutputStream.close();
        Shell$.MODULE$.run(new String[]{"openssl", "pkcs12", "-export", "-password", new StringOps(Predef$.MODULE$.augmentString("pass:%s")).format(Predef$.MODULE$.genericWrapArray(new Object[]{str})), "-in", stringBuilder, "-out", stringBuilder2});
        Shell$.MODULE$.run(new String[]{"keytool", "-importkeystore", "-srckeystore", stringBuilder2, "-srcstoretype", "PKCS12", "-destkeystore", stringBuilder3, "-trustcacerts", "-srcstorepass", str, "-keypass", str, "-storepass", str});
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Files$.MODULE$.readBytes(new File(stringBuilder3), Files$.MODULE$.readBytes$default$2()));
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyStore.load(byteArrayInputStream, secret);
        keyManagerFactory.init(keyStore, secret);
        Predef$.MODULE$.refArrayOps(new String[]{stringBuilder, stringBuilder2, stringBuilder3}).foreach(new PEMEncodedKeyManager$$anonfun$makeKeystore$1());
        create.delete();
        return keyManagerFactory.getKeyManagers();
    }

    private PEMEncodedKeyManager$() {
        MODULE$ = this;
    }
}
