package com.jetbrains.service.util.ssl;

import com.jetbrains.service.util.BundleProperty;
import com.jetbrains.service.util.properties.ServiceConfigurationHelper;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/jetbrains/service/util/ssl/KeystoreUtil.class */
public class KeystoreUtil {
    public static final String SERVER_CERT_ADDITIONAL_KEYSTORE_ALIAS = "secureKeyStoreAlias";

    @NotNull
    public static SSLContext buildSSLContext(@NotNull String str, @Nullable String str2, @Nullable String str3) throws NoSuchAlgorithmException, KeyManagementException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException {
        KeyStore loadKeyStoreWithoutServerPrivateKey = loadKeyStoreWithoutServerPrivateKey(str, str2);
        CompositeX509KeyManager buildCompositeKeyManager = str3 != null ? buildCompositeKeyManager(loadKeyStoreWithoutServerPrivateKey, str3, null) : buildCompositeKeyManager(null, null, null);
        CompositeX509TrustManager buildCompositeTrustManager = buildCompositeTrustManager(new KeyStore[]{loadKeyStoreWithoutServerPrivateKey, null});
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(new KeyManager[]{buildCompositeKeyManager}, new TrustManager[]{buildCompositeTrustManager}, null);
        return sSLContext;
    }

    @Nullable
    public static <T> SSLContext buildSSLContext(@NotNull ServiceConfigurationHelper<T> serviceConfigurationHelper, @NotNull T t) throws NoSuchAlgorithmException, KeyManagementException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException {
        String serviceProperty = serviceConfigurationHelper.getServiceProperty(t, BundleProperty.ADDITIONAL_KEYSTORE_PATH.getPrefixedName());
        if (serviceProperty == null) {
            return null;
        }
        String serviceProperty2 = serviceConfigurationHelper.getServiceProperty(t, BundleProperty.ADDITIONAL_KEYSTORE_PASSWORD.getPrefixedName());
        return buildSSLContext(serviceProperty, serviceProperty2, serviceProperty2);
    }

    @NotNull
    public static KeyStore loadKeyStoreWithoutServerPrivateKey(@NotNull String str, @Nullable String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore loadKeyStore = loadKeyStore(Paths.get(str, new String[0]), str2);
        removeServerPrivateKey(loadKeyStore);
        return loadKeyStore;
    }

    @NotNull
    public static KeyStore removeServerPrivateKey(@NotNull KeyStore keyStore) throws KeyStoreException {
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str != null && str.equalsIgnoreCase(SERVER_CERT_ADDITIONAL_KEYSTORE_ALIAS) && keyStore.isKeyEntry(str)) {
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                keyStore.deleteEntry(str);
                if (certificateChain != null) {
                    for (int i = 0; i < certificateChain.length; i++) {
                        keyStore.setCertificateEntry(str + i, certificateChain[i]);
                    }
                }
            }
        }
        return keyStore;
    }

    @NotNull
    public static KeyStore loadKeyStore(@NotNull Path path, @Nullable String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        loadToExistingKeyStore(keyStore, path, str);
        return keyStore;
    }

    public static void loadToExistingKeyStore(@NotNull KeyStore keyStore, @NotNull Path path, @Nullable String str) throws IOException, NoSuchAlgorithmException, CertificateException {
        char[] charArray;
        if (!Files.exists(path, new LinkOption[0])) {
            keyStore.load(null, null);
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(path.toFile());
        Throwable th = null;
        if (str != null) {
            try {
                try {
                    charArray = str.toCharArray();
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            charArray = null;
        }
        keyStore.load(fileInputStream, charArray);
        if (fileInputStream != null) {
            if (0 == 0) {
                fileInputStream.close();
                return;
            }
            try {
                fileInputStream.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    public static void saveKeyStore(@NotNull KeyStore keyStore, @NotNull String str, @Nullable String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        saveKeyStore(keyStore, Paths.get(str, new String[0]), str2);
    }

    public static void saveKeyStore(@NotNull KeyStore keyStore, @NotNull Path path, @Nullable String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        Path parent = path.getParent();
        if (parent != null && Files.notExists(parent, new LinkOption[0])) {
            Files.createDirectories(parent, new FileAttribute[0]);
        }
        char[] charArray = str != null ? str.toCharArray() : null;
        FileOutputStream fileOutputStream = new FileOutputStream(path.toFile());
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, charArray);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    @NotNull
    public static CompositeX509TrustManager buildCompositeTrustManager(@NotNull KeyStore[] keyStoreArr) throws NoSuchAlgorithmException, KeyStoreException {
        ArrayList arrayList = new ArrayList();
        String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        arrayList.add(getTrustManager(defaultAlgorithm, null));
        for (KeyStore keyStore : keyStoreArr) {
            if (keyStore != null) {
                arrayList.add(getTrustManager(defaultAlgorithm, keyStore));
            }
        }
        return new CompositeX509TrustManager((X509TrustManager[]) arrayList.toArray(new X509TrustManager[0]));
    }

    @NotNull
    public static CompositeX509KeyManager buildCompositeKeyManager(@Nullable KeyStore keyStore, @Nullable String str, @Nullable KeyStore keyStore2) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getKeyManager(KeyManagerFactory.getDefaultAlgorithm(), null, null));
        if (keyStore2 != null) {
            arrayList.add(getKeyManager(KeyManagerFactory.getDefaultAlgorithm(), keyStore2, str));
        }
        if (keyStore != null && str != null) {
            arrayList.add(getKeyManager(KeyManagerFactory.getDefaultAlgorithm(), keyStore, str));
        }
        return new CompositeX509KeyManager((X509KeyManager[]) arrayList.toArray(new X509KeyManager[0]));
    }

    @Nullable
    public static X509KeyManager getKeyManager(@NotNull String str, @Nullable KeyStore keyStore, @Nullable String str2) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, str2 != null ? str2.toCharArray() : null);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    @Nullable
    public static X509TrustManager getTrustManager(@NotNull String str, @Nullable KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }
}
