package org.openqa.jetty.util;

import com.beust.jcommander.Parameters;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;

/* loaded from: input_file:WEB-INF/lib/selenium-server-standalone-2.29.0.jar:org/openqa/jetty/util/KeyPairTool.class */
public class KeyPairTool {
    private File keyStoreFile = new File(System.getProperty("user.home"), ".keystore");
    private String keyStoreType = KeyStore.getDefaultType();
    private Password keyStorePassword = null;
    private Password keyPassword = null;
    private String alias = "mykey";
    private File privateKeyFile = null;
    private File certFile = null;
    private String providerClassName = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String usageString = "Tool to insert a private key/certificate pair into a keystore.\nParameters:\n -key        FILENAME, location of private key [MANDATORY]\n -cert       FILENAME, location of certificate [MANDATORY]\n -storepass  PASSWORD, keystore password       [OPTIONAL - security RISK!]\n -keypass    PASSWORD, password for new entry  [=STOREPASS]\n -keystore   FILENAME, location of keystore,   [~/.keystore]\n -storetype  STRING,   name/type of keystore,  [" + KeyStore.getDefaultType() + "]\n -alias      NAME,     alias used to store key [mykey]\n -provider   NAME,     name of provider class [org.bouncycastle.jce.provider.BouncyCastleProvider]\n\nThe keystore and key passwords will be prompted for or can be\nset with the following JVM system properties:\n  jetty.ssl.password\n  jetty.ssl.keypassword";

    public static void main(String[] strArr) {
        new KeyPairTool().doit(strArr);
    }

    private void doit(String[] strArr) {
        try {
            loadParameters(strArr);
            importKeyPair();
        } catch (Exception e) {
            System.out.println("Exception: " + e.getMessage());
            e.printStackTrace();
            System.exit(23);
        }
    }

    private void importKeyPair() throws IOException, GeneralSecurityException, Exception {
        PrivateKey loadPrivateKey = loadPrivateKey(this.privateKeyFile);
        Certificate[] loadCertChain = loadCertChain(this.certFile);
        if (this.keyPassword == null) {
            this.keyPassword = this.keyStorePassword;
        }
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(this.keyStoreFile);
            System.out.println("Will load " + this.keyStoreType + " keystore: " + this.keyStoreFile);
        } catch (FileNotFoundException unused) {
            System.out.println("Creating keystore: " + this.keyStoreFile);
        }
        keyStore.load(fileInputStream, this.keyStorePassword.toString().toCharArray());
        if (fileInputStream != null) {
            fileInputStream.close();
            System.out.println("Keystore loaded OK...");
        }
        keyStore.setKeyEntry(this.alias, loadPrivateKey, this.keyPassword.toString().toCharArray(), loadCertChain);
        FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
        keyStore.store(fileOutputStream, this.keyStorePassword.toString().toCharArray());
        fileOutputStream.close();
        System.out.println("Keys have been written to keystore");
    }

    private Certificate[] loadCertChain(File file) throws Exception {
        DataInputStream dataInputStream = null;
        try {
            dataInputStream = new DataInputStream(new FileInputStream(file));
            byte[] bArr = new byte[dataInputStream.available()];
            dataInputStream.readFully(bArr);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            while (byteArrayInputStream.available() > 0) {
                arrayList.add(certificateFactory.generateCertificate(byteArrayInputStream));
            }
            Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
            System.out.println("Loaded the cert chain. Depth = " + certificateArr.length);
            IO.close(dataInputStream);
            return certificateArr;
        } catch (Throwable th) {
            IO.close(dataInputStream);
            throw th;
        }
    }

    private PrivateKey loadPrivateKey(File file) throws Exception {
        System.out.println("Loading private key from " + file + ", using " + this.providerClassName + " as the private key loading provider");
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[(int) file.length()];
            fileInputStream.read(bArr);
            IO.close(fileInputStream);
            Provider provider = (Provider) Loader.loadClass(getClass(), this.providerClassName).newInstance();
            Security.insertProviderAt(provider, 1);
            try {
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
                System.out.println("Loaded " + generatePrivate.getAlgorithm() + " " + generatePrivate.getFormat() + " private key.");
                return generatePrivate;
            } finally {
                Security.removeProvider(provider.getName());
            }
        } catch (Throwable th) {
            IO.close(fileInputStream);
            throw th;
        }
    }

    private static void usage() {
        System.out.println(usageString);
        System.exit(23);
    }

    private void loadParameters(String[] strArr) {
        int i = 0;
        while (i < strArr.length && strArr[i].startsWith(Parameters.DEFAULT_OPTION_PREFIXES)) {
            String str = strArr[i];
            if (str.equalsIgnoreCase("-key")) {
                i++;
                this.privateKeyFile = new File(strArr[i]);
            } else if (str.equalsIgnoreCase("-cert")) {
                i++;
                this.certFile = new File(strArr[i]);
            } else if (str.equalsIgnoreCase("-keystore")) {
                i++;
                this.keyStoreFile = new File(strArr[i]);
            } else if (str.equalsIgnoreCase("-storetype")) {
                i++;
                this.keyStoreType = strArr[i];
            } else if (str.equalsIgnoreCase("-alias")) {
                i++;
                this.alias = strArr[i];
            } else if (str.equalsIgnoreCase("-provider")) {
                i++;
                this.providerClassName = strArr[i];
            } else {
                System.err.println("Illegal parameter: " + str);
                usage();
            }
            i++;
        }
        if (this.privateKeyFile == null || this.certFile == null) {
            usage();
        }
        this.keyStorePassword = Password.getPassword("jetty.ssl.password", null, null);
        this.keyPassword = Password.getPassword("jetty.ssl.keypassword", null, this.keyStorePassword.toString());
    }
}
