package com.bettercloud.vault;

import com.sshtools.ssh.components.jce.JCEAlgorithms;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:test-dependencies/configuration-as-code.hpi:WEB-INF/lib/vault-java-driver-4.0.0.jar:com/bettercloud/vault/SslConfig.class */
public class SslConfig implements Serializable {
    private static final long serialVersionUID = 1;
    private static final String VAULT_SSL_VERIFY = "VAULT_SSL_VERIFY";
    private static final String VAULT_SSL_CERT = "VAULT_SSL_CERT";
    private boolean verify;
    private transient SSLContext sslContext;
    private transient KeyStore trustStore;
    private transient KeyStore keyStore;
    private String keyStorePassword;
    private String pemUTF8;
    private String clientPemUTF8;
    private String clientKeyPemUTF8;
    private Boolean verifyObject;
    private EnvironmentLoader environmentLoader;

    /* JADX INFO: Access modifiers changed from: protected */
    public SslConfig environmentLoader(EnvironmentLoader environmentLoader) {
        this.environmentLoader = environmentLoader;
        return this;
    }

    public SslConfig verify(Boolean bool) {
        this.verifyObject = bool;
        return this;
    }

    public SslConfig keyStore(KeyStore keyStore, String str) {
        this.keyStore = keyStore;
        this.keyStorePassword = str;
        return this;
    }

    public SslConfig keyStoreFile(File file, String str) throws VaultException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    this.keyStore = inputStreamToKeyStore(fileInputStream, str);
                    this.keyStorePassword = str;
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig keyStoreResource(String str, String str2) throws VaultException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                try {
                    this.keyStore = inputStreamToKeyStore(resourceAsStream, str2);
                    this.keyStorePassword = str2;
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig trustStore(KeyStore keyStore) {
        this.trustStore = keyStore;
        return this;
    }

    public SslConfig trustStoreFile(File file) throws VaultException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                this.trustStore = inputStreamToKeyStore(fileInputStream, null);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return this;
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig trustStoreResource(String str) throws VaultException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                this.trustStore = inputStreamToKeyStore(resourceAsStream, null);
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                return this;
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig pemUTF8(String str) {
        this.pemUTF8 = str;
        return this;
    }

    public SslConfig pemFile(File file) throws VaultException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    this.pemUTF8 = inputStreamToUTF8(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig pemResource(String str) throws VaultException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                try {
                    this.pemUTF8 = inputStreamToUTF8(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig clientPemUTF8(String str) {
        this.clientPemUTF8 = str;
        return this;
    }

    public SslConfig clientPemFile(File file) throws VaultException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    this.clientPemUTF8 = inputStreamToUTF8(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig clientPemResource(String str) throws VaultException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                try {
                    this.clientPemUTF8 = inputStreamToUTF8(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig clientKeyPemUTF8(String str) {
        this.clientKeyPemUTF8 = str;
        return this;
    }

    public SslConfig clientKeyPemFile(File file) throws VaultException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    this.clientKeyPemUTF8 = inputStreamToUTF8(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig clientKeyPemResource(String str) throws VaultException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                try {
                    this.clientKeyPemUTF8 = inputStreamToUTF8(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return this;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new VaultException(e);
        }
    }

    public SslConfig build() throws VaultException {
        if (this.environmentLoader == null) {
            this.environmentLoader = new EnvironmentLoader();
        }
        if (this.verifyObject == null && this.environmentLoader.loadVariable(VAULT_SSL_VERIFY) != null) {
            this.verify = Boolean.valueOf(this.environmentLoader.loadVariable(VAULT_SSL_VERIFY)).booleanValue();
        } else if (this.verifyObject != null) {
            this.verify = this.verifyObject.booleanValue();
        } else {
            this.verify = true;
        }
        if (this.verify && this.pemUTF8 == null && this.environmentLoader.loadVariable(VAULT_SSL_CERT) != null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(this.environmentLoader.loadVariable(VAULT_SSL_CERT)));
                Throwable th = null;
                try {
                    try {
                        this.pemUTF8 = inputStreamToUTF8(fileInputStream);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new VaultException(e);
            }
        }
        buildSsl();
        return this;
    }

    private void buildSsl() throws VaultException {
        if (this.verify) {
            if (this.keyStore != null || this.trustStore != null) {
                this.sslContext = buildSslContextFromJks();
            } else {
                if (this.pemUTF8 == null && this.clientPemUTF8 == null && this.clientKeyPemUTF8 == null) {
                    return;
                }
                this.sslContext = buildSslContextFromPem();
            }
        }
    }

    private SSLContext buildSslContextFromJks() throws VaultException {
        TrustManager[] trustManagerArr = null;
        if (this.trustStore != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(this.trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                throw new VaultException(e);
            }
        }
        KeyManager[] keyManagerArr = null;
        if (this.keyStore != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(this.keyStore, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
                throw new VaultException(e2);
            }
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e3) {
            throw new VaultException(e3);
        }
    }

    private SSLContext buildSslContextFromPem() throws VaultException {
        ByteArrayInputStream byteArrayInputStream;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(JCEAlgorithms.JCE_X509);
            TrustManager[] trustManagerArr = null;
            if (this.pemUTF8 != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                byteArrayInputStream = new ByteArrayInputStream(this.pemUTF8.getBytes(StandardCharsets.UTF_8));
                Throwable th = null;
                try {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(null);
                        keyStore.setCertificateEntry("caCert", x509Certificate);
                        trustManagerFactory.init(keyStore);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                    } finally {
                    }
                } finally {
                }
            }
            KeyManager[] keyManagerArr = null;
            if (this.clientPemUTF8 != null && this.clientKeyPemUTF8 != null) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                byteArrayInputStream = new ByteArrayInputStream(this.clientPemUTF8.getBytes(StandardCharsets.UTF_8));
                Throwable th3 = null;
                try {
                    try {
                        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(this.clientKeyPemUTF8.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", ""))));
                        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore2.load(null, "password".toCharArray());
                        keyStore2.setCertificateEntry("clientCert", x509Certificate2);
                        keyStore2.setKeyEntry("key", generatePrivate, "password".toCharArray(), new Certificate[]{x509Certificate2});
                        keyManagerFactory.init(keyStore2, "password".toCharArray());
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    } finally {
                    }
                } finally {
                }
            }
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            return sSLContext;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | InvalidKeySpecException e) {
            throw new VaultException(e);
        }
    }

    private KeyStore inputStreamToKeyStore(InputStream inputStream, String str) throws VaultException {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(inputStream, str == null ? null : str.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new VaultException(e);
        }
    }

    private static String inputStreamToUTF8(InputStream inputStream) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder("");
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return sb.toString();
            }
            sb.append(readLine).append(System.lineSeparator());
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        try {
            buildSsl();
        } catch (VaultException e) {
            throw new IOException(e);
        }
    }

    public boolean isVerify() {
        return this.verify;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    protected String getPemUTF8() {
        return this.pemUTF8;
    }
}
