package org.apache.kafka.test;

import java.io.ByteArrayOutputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.Mode;
import org.apache.kafka.common.security.auth.SslEngineFactory;
import org.apache.kafka.common.security.ssl.DefaultSslEngineFactory;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERT61String;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/kafka/test/TestSslUtils.class */
public class TestSslUtils {
    public static final String TRUST_STORE_PASSWORD = "TrustStorePassword";
    public static final String DEFAULT_TLS_PROTOCOL_FOR_TESTS = SslConfigs.DEFAULT_SSL_PROTOCOL;

    /* loaded from: input_file:org/apache/kafka/test/TestSslUtils$CertificateBuilder.class */
    public static class CertificateBuilder {
        private final int days;
        private final String algorithm;
        private byte[] subjectAltName;

        public CertificateBuilder() {
            this(30, "SHA1withRSA");
        }

        public CertificateBuilder(int i, String str) {
            this.days = i;
            this.algorithm = str;
        }

        public CertificateBuilder sanDnsNames(String... strArr) throws IOException {
            GeneralName[] generalNameArr = new GeneralName[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                generalNameArr[i] = new GeneralName(2, strArr[i]);
            }
            this.subjectAltName = GeneralNames.getInstance(new DERSequence(generalNameArr)).getEncoded();
            return this;
        }

        public CertificateBuilder sanIpAddress(InetAddress inetAddress) throws IOException {
            this.subjectAltName = new GeneralNames(new GeneralName(7, new DEROctetString(inetAddress.getAddress()))).getEncoded();
            return this;
        }

        public X509Certificate generate(String str, KeyPair keyPair) throws CertificateException {
            return generate(new X500Name(str), keyPair);
        }

        public X509Certificate generate(String str, String str2, boolean z, KeyPair keyPair) throws CertificateException {
            RDN[] rdnArr = new RDN[2];
            rdnArr[0] = new RDN(new AttributeTypeAndValue(BCStyle.CN, z ? new DERUTF8String(str) : new DERT61String(str)));
            rdnArr[1] = new RDN(new AttributeTypeAndValue(BCStyle.O, z ? new DERUTF8String(str2) : new DERT61String(str2)));
            return generate(new X500Name(rdnArr), keyPair);
        }

        public X509Certificate generate(X500Name x500Name, KeyPair keyPair) throws CertificateException {
            BcRSAContentSignerBuilder bcECContentSignerBuilder;
            try {
                Security.addProvider(new BouncyCastleProvider());
                AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(this.algorithm);
                AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
                AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
                String algorithm = keyPair.getPublic().getAlgorithm();
                if (algorithm.equals("RSA")) {
                    bcECContentSignerBuilder = new BcRSAContentSignerBuilder(find, find2);
                } else if (algorithm.equals("DSA")) {
                    bcECContentSignerBuilder = new BcDSAContentSignerBuilder(find, find2);
                } else {
                    if (!algorithm.equals("EC")) {
                        throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
                    }
                    bcECContentSignerBuilder = new BcECContentSignerBuilder(find, find2);
                }
                ContentSigner build = bcECContentSignerBuilder.build(createKey);
                Date date = new Date();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), date, new Date(date.getTime() + (this.days * 86400000)), x500Name, subjectPublicKeyInfo);
                if (this.subjectAltName != null) {
                    x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, this.subjectAltName);
                }
                return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(build));
            } catch (CertificateException e) {
                throw e;
            } catch (Exception e2) {
                throw new CertificateException(e2);
            }
        }
    }

    /* loaded from: input_file:org/apache/kafka/test/TestSslUtils$SslConfigsBuilder.class */
    public static class SslConfigsBuilder {
        final Mode mode;
        boolean useClientCert;
        boolean createTrustStore;
        File trustStoreFile;
        Password keyStorePassword;
        Password keyPassword;
        String certAlias;
        String cn;
        List<String> cipherSuites;
        String algorithm;
        CertificateBuilder certBuilder;
        boolean usePem;
        String tlsProtocol = TestSslUtils.DEFAULT_TLS_PROTOCOL_FOR_TESTS;
        Password trustStorePassword = new Password(TestSslUtils.TRUST_STORE_PASSWORD);

        public SslConfigsBuilder(Mode mode) {
            this.mode = mode;
            this.keyStorePassword = mode == Mode.SERVER ? new Password("ServerPassword") : new Password("ClientPassword");
            this.keyPassword = this.keyStorePassword;
            this.certBuilder = new CertificateBuilder();
            this.cn = "localhost";
            this.certAlias = mode.name().toLowerCase(Locale.ROOT);
            this.cipherSuites = Collections.emptyList();
            this.algorithm = "RSA";
            this.createTrustStore = true;
        }

        public SslConfigsBuilder tlsProtocol(String str) {
            this.tlsProtocol = str;
            return this;
        }

        public SslConfigsBuilder createNewTrustStore(File file) {
            this.trustStoreFile = file;
            this.createTrustStore = true;
            return this;
        }

        public SslConfigsBuilder useExistingTrustStore(File file) {
            this.trustStoreFile = file;
            this.createTrustStore = false;
            return this;
        }

        public SslConfigsBuilder useClientCert(boolean z) {
            this.useClientCert = z;
            return this;
        }

        public SslConfigsBuilder certAlias(String str) {
            this.certAlias = str;
            return this;
        }

        public SslConfigsBuilder cn(String str) {
            this.cn = str;
            return this;
        }

        public SslConfigsBuilder cipherSuites(List<String> list) {
            this.cipherSuites = list;
            return this;
        }

        public SslConfigsBuilder algorithm(String str) {
            this.algorithm = str;
            return this;
        }

        public SslConfigsBuilder certBuilder(CertificateBuilder certificateBuilder) {
            this.certBuilder = certificateBuilder;
            return this;
        }

        public SslConfigsBuilder usePem(boolean z) {
            this.usePem = z;
            return this;
        }

        public Map<String, Object> build() throws IOException, GeneralSecurityException {
            return this.usePem ? buildPem() : buildJks();
        }

        public Map<String, String> buildProperties() throws IOException, GeneralSecurityException {
            return this.usePem ? buildPemProperties() : buildJksProperties();
        }

        private Map<String, Object> buildJks() throws IOException, GeneralSecurityException {
            HashMap hashMap = new HashMap();
            File file = null;
            if (this.mode == Mode.CLIENT && this.useClientCert) {
                file = TestUtils.tempFile("clientKS", ".jks");
                KeyPair generateKeyPair = TestSslUtils.generateKeyPair(this.algorithm);
                X509Certificate generate = this.certBuilder.generate("CN=" + this.cn + ", O=A client", generateKeyPair);
                TestSslUtils.createKeyStore(file.getPath(), this.keyStorePassword, this.keyPassword, "client", generateKeyPair.getPrivate(), generate);
                hashMap.put(this.certAlias, generate);
            } else if (this.mode == Mode.SERVER) {
                file = TestUtils.tempFile("serverKS", ".jks");
                KeyPair generateKeyPair2 = TestSslUtils.generateKeyPair(this.algorithm);
                X509Certificate generate2 = this.certBuilder.generate("CN=" + this.cn + ", O=A server", generateKeyPair2);
                TestSslUtils.createKeyStore(file.getPath(), this.keyStorePassword, this.keyPassword, "server", generateKeyPair2.getPrivate(), generate2);
                hashMap.put(this.certAlias, generate2);
                file.deleteOnExit();
            }
            if (this.createTrustStore) {
                TestSslUtils.createTrustStore(this.trustStoreFile.getPath(), this.trustStorePassword, hashMap);
                this.trustStoreFile.deleteOnExit();
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put("ssl.protocol", this.tlsProtocol);
            if (this.mode == Mode.SERVER || (this.mode == Mode.CLIENT && file != null)) {
                hashMap2.put("ssl.keystore.location", file.getPath());
                hashMap2.put("ssl.keystore.type", "JKS");
                hashMap2.put("ssl.keymanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
                hashMap2.put("ssl.keystore.password", this.keyStorePassword);
                hashMap2.put("ssl.key.password", this.keyPassword);
            }
            hashMap2.put("ssl.truststore.location", this.trustStoreFile.getPath());
            hashMap2.put("ssl.truststore.password", this.trustStorePassword);
            hashMap2.put("ssl.truststore.type", "JKS");
            hashMap2.put("ssl.trustmanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.tlsProtocol);
            hashMap2.put("ssl.enabled.protocols", arrayList);
            hashMap2.put("ssl.cipher.suites", this.cipherSuites);
            return hashMap2;
        }

        private Map<String, String> buildJksProperties() throws IOException, GeneralSecurityException {
            HashMap hashMap = new HashMap();
            File file = null;
            if (this.mode == Mode.CLIENT && this.useClientCert) {
                file = File.createTempFile("clientKS", ".jks");
                KeyPair generateKeyPair = TestSslUtils.generateKeyPair(this.algorithm);
                X509Certificate generate = this.certBuilder.generate("CN=" + this.cn + ", O=A client", generateKeyPair);
                TestSslUtils.createKeyStore(file.getPath(), this.keyStorePassword, this.keyPassword, "client", generateKeyPair.getPrivate(), generate);
                hashMap.put(this.certAlias, generate);
            } else if (this.mode == Mode.SERVER) {
                file = File.createTempFile("serverKS", ".jks");
                KeyPair generateKeyPair2 = TestSslUtils.generateKeyPair(this.algorithm);
                X509Certificate generate2 = this.certBuilder.generate("CN=" + this.cn + ", O=A server", generateKeyPair2);
                TestSslUtils.createKeyStore(file.getPath(), this.keyStorePassword, this.keyPassword, "server", generateKeyPair2.getPrivate(), generate2);
                hashMap.put(this.certAlias, generate2);
                file.deleteOnExit();
            }
            if (this.createTrustStore) {
                TestSslUtils.createTrustStore(this.trustStoreFile.getPath(), this.trustStorePassword, hashMap);
                this.trustStoreFile.deleteOnExit();
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put("ssl.protocol", this.tlsProtocol);
            if (this.mode == Mode.SERVER || (this.mode == Mode.CLIENT && file != null)) {
                hashMap2.put("ssl.keystore.location", file.getPath());
                hashMap2.put("ssl.keystore.type", "JKS");
                hashMap2.put("ssl.keymanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
                hashMap2.put("ssl.keystore.password", this.keyStorePassword.value());
                hashMap2.put("ssl.key.password", this.keyPassword.value());
            }
            hashMap2.put("ssl.truststore.location", this.trustStoreFile.getPath());
            hashMap2.put("ssl.truststore.password", this.trustStorePassword.value());
            hashMap2.put("ssl.truststore.type", "JKS");
            hashMap2.put("ssl.trustmanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.tlsProtocol);
            hashMap2.put("ssl.enabled.protocols", String.join(",", arrayList));
            hashMap2.put("ssl.cipher.suites", String.join(",", this.cipherSuites));
            return hashMap2;
        }

        private Map<String, Object> buildPem() throws IOException, GeneralSecurityException {
            if (!this.createTrustStore) {
                throw new IllegalArgumentException("PEM configs cannot be created with existing trust stores");
            }
            HashMap hashMap = new HashMap();
            hashMap.put("ssl.protocol", this.tlsProtocol);
            hashMap.put("ssl.enabled.protocols", Collections.singletonList(this.tlsProtocol));
            if (this.mode != Mode.CLIENT || this.useClientCert) {
                KeyPair generateKeyPair = TestSslUtils.generateKeyPair(this.algorithm);
                X509Certificate generate = this.certBuilder.generate("CN=" + this.cn + ", O=A " + this.mode.name().toLowerCase(Locale.ROOT), generateKeyPair);
                Password password = new Password(TestSslUtils.pem(generateKeyPair.getPrivate(), this.keyPassword));
                Password password2 = new Password(TestSslUtils.pem(generate));
                hashMap.put("ssl.keystore.type", "PEM");
                hashMap.put("ssl.truststore.type", "PEM");
                hashMap.put("ssl.keystore.key", password);
                hashMap.put("ssl.keystore.certificate.chain", password2);
                hashMap.put("ssl.key.password", this.keyPassword);
                hashMap.put("ssl.truststore.certificates", password2);
            }
            return hashMap;
        }

        private Map<String, String> buildPemProperties() throws IOException, GeneralSecurityException {
            if (!this.createTrustStore) {
                throw new IllegalArgumentException("PEM configs cannot be created with existing trust stores");
            }
            HashMap hashMap = new HashMap();
            hashMap.put("ssl.protocol", this.tlsProtocol);
            hashMap.put("ssl.enabled.protocols", String.join(",", Collections.singletonList(this.tlsProtocol)));
            if (this.mode != Mode.CLIENT || this.useClientCert) {
                KeyPair generateKeyPair = TestSslUtils.generateKeyPair(this.algorithm);
                String pem = TestSslUtils.pem(this.certBuilder.generate("CN=" + this.cn + ", O=A " + this.mode.name().toLowerCase(Locale.ROOT), generateKeyPair));
                hashMap.put("ssl.keystore.type", "PEM");
                hashMap.put("ssl.truststore.type", "PEM");
                hashMap.put("ssl.keystore.key", TestSslUtils.pem(generateKeyPair.getPrivate(), this.keyPassword));
                hashMap.put("ssl.keystore.certificate.chain", pem);
                hashMap.put("ssl.key.password", this.keyPassword.value());
                hashMap.put("ssl.truststore.certificates", pem);
            }
            return hashMap;
        }
    }

    /* loaded from: input_file:org/apache/kafka/test/TestSslUtils$TestSslEngineFactory.class */
    public static final class TestSslEngineFactory implements SslEngineFactory {
        public boolean closed = false;
        DefaultSslEngineFactory defaultSslEngineFactory = new DefaultSslEngineFactory();

        public SSLEngine createClientSslEngine(String str, int i, String str2) {
            return this.defaultSslEngineFactory.createClientSslEngine(str, i, str2);
        }

        public SSLEngine createServerSslEngine(String str, int i) {
            return this.defaultSslEngineFactory.createServerSslEngine(str, i);
        }

        public boolean shouldBeRebuilt(Map<String, Object> map) {
            return this.defaultSslEngineFactory.shouldBeRebuilt(map);
        }

        public Set<String> reconfigurableConfigs() {
            return this.defaultSslEngineFactory.reconfigurableConfigs();
        }

        public KeyStore keystore() {
            return this.defaultSslEngineFactory.keystore();
        }

        public KeyStore truststore() {
            return this.defaultSslEngineFactory.truststore();
        }

        public void close() throws IOException {
            this.defaultSslEngineFactory.close();
            this.closed = true;
        }

        public void configure(Map<String, ?> map) {
            this.defaultSslEngineFactory.configure(map);
        }
    }

    public static X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2) throws CertificateException {
        return new CertificateBuilder(i, str2).generate(str, keyPair);
    }

    public static KeyPair generateKeyPair(String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(str.equals("EC") ? 256 : 2048);
        return keyPairGenerator.genKeyPair();
    }

    private static KeyStore createEmptyKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    private static void saveKeyStore(KeyStore keyStore, String str, Password password) throws GeneralSecurityException, IOException {
        OutputStream newOutputStream = Files.newOutputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.store(newOutputStream, password.value().toCharArray());
                if (newOutputStream != null) {
                    if (0 == 0) {
                        newOutputStream.close();
                        return;
                    }
                    try {
                        newOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th4;
        }
    }

    public static void createKeyStore(String str, Password password, Password password2, String str2, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str2, key, password2.value().toCharArray(), new Certificate[]{certificate});
        saveKeyStore(createEmptyKeyStore, str, password);
    }

    public static <T extends Certificate> void createTrustStore(String str, Password password, Map<String, T> map) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    keyStore.load(newInputStream, password.value().toCharArray());
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (EOFException e) {
            keyStore = createEmptyKeyStore();
        }
        for (Map.Entry<String, T> entry : map.entrySet()) {
            keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
        }
        saveKeyStore(keyStore, str, password);
    }

    private static Map<String, Object> createSslConfig(Mode mode, File file, Password password, Password password2, File file2, Password password3) {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.protocol", "TLSv1.2");
        if (mode == Mode.SERVER || (mode == Mode.CLIENT && file != null)) {
            hashMap.put("ssl.keystore.location", file.getPath());
            hashMap.put("ssl.keystore.type", "JKS");
            hashMap.put("ssl.keymanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
            hashMap.put("ssl.keystore.password", password);
            hashMap.put("ssl.key.password", password2);
        }
        hashMap.put("ssl.engine.factory.class", "org.apache.kafka.common.security.ssl.NettySslEngineFactory");
        hashMap.put("ssl.truststore.location", file2.getPath());
        hashMap.put("ssl.truststore.password", password3);
        hashMap.put("ssl.truststore.type", "JKS");
        hashMap.put("ssl.trustmanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLSv1.2");
        hashMap.put("ssl.enabled.protocols", arrayList);
        return hashMap;
    }

    public static Map<String, Object> createSslConfig(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("ssl.protocol", str3);
        hashMap.put("ssl.keymanager.algorithm", str);
        hashMap.put("ssl.trustmanager.algorithm", str2);
        ArrayList arrayList = new ArrayList();
        arrayList.add(str3);
        hashMap.put("ssl.enabled.protocols", arrayList);
        return hashMap;
    }

    public static Map<String, Object> createSslConfig(boolean z, boolean z2, Mode mode, File file, String str) throws IOException, GeneralSecurityException {
        return createSslConfig(z, z2, mode, file, str, "localhost");
    }

    public static Map<String, Object> createSslConfig(boolean z, boolean z2, Mode mode, File file, String str, String str2) throws IOException, GeneralSecurityException {
        return createSslConfig(z, z2, mode, file, str, str2, new CertificateBuilder());
    }

    public static Map<String, Object> createSslConfig(boolean z, boolean z2, Mode mode, File file, String str, String str2, CertificateBuilder certificateBuilder) throws IOException, GeneralSecurityException {
        SslConfigsBuilder certBuilder = new SslConfigsBuilder(mode).useClientCert(z).certAlias(str).cn(str2).certBuilder(certificateBuilder);
        return (z2 ? certBuilder.createNewTrustStore(file) : certBuilder.useExistingTrustStore(file)).build();
    }

    public static void convertToPem(Map<String, Object> map, boolean z, boolean z2) throws Exception {
        String str = (String) map.get("ssl.truststore.location");
        String str2 = (String) map.get("ssl.truststore.type");
        Password password = (Password) map.remove("ssl.truststore.password");
        Object obj = (Password) map.remove("ssl.truststore.certificates");
        if (obj == null && str != null) {
            obj = exportCertificates(str, password, str2);
        }
        if (obj != null) {
            if (str == null) {
                str = TestUtils.tempFile("truststore", ".pem").getPath();
                map.put("ssl.truststore.location", str);
            }
            map.put("ssl.truststore.type", "PEM");
            if (z) {
                writeToFile(str, obj);
            } else {
                map.put("ssl.truststore.certificates", obj);
                map.remove("ssl.truststore.location");
            }
        }
        String str3 = (String) map.get("ssl.keystore.location");
        Object obj2 = (Password) map.remove("ssl.keystore.certificate.chain");
        Object obj3 = (Password) map.remove("ssl.keystore.key");
        if (obj2 == null && str3 != null) {
            String str4 = (String) map.get("ssl.keystore.type");
            Password password2 = (Password) map.remove("ssl.keystore.password");
            Password password3 = (Password) map.get("ssl.key.password");
            obj2 = exportCertificates(str3, password2, str4);
            obj3 = exportPrivateKey(str3, password2, password3, str4, z2 ? password3 : null);
            if (!z2) {
                map.remove("ssl.key.password");
            }
        }
        if (obj2 != null) {
            if (str3 == null) {
                str3 = TestUtils.tempFile("keystore", ".pem").getPath();
                map.put("ssl.keystore.location", str3);
            }
            map.put("ssl.keystore.type", "PEM");
            if (z) {
                writeToFile(str3, obj3, obj2);
                return;
            }
            map.put("ssl.keystore.key", obj3);
            map.put("ssl.keystore.certificate.chain", obj2);
            map.remove("ssl.keystore.location");
        }
    }

    private static void writeToFile(String str, Password... passwordArr) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        Throwable th = null;
        try {
            try {
                for (Password password : passwordArr) {
                    fileOutputStream.write(password.value().getBytes(StandardCharsets.UTF_8));
                }
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    public static void convertToPemWithoutFiles(Properties properties) throws Exception {
        String property = properties.getProperty("ssl.truststore.location");
        if (property != null) {
            Password exportCertificates = exportCertificates(property, new Password(properties.getProperty("ssl.truststore.password")), properties.getProperty("ssl.truststore.type"));
            properties.remove("ssl.truststore.location");
            properties.remove("ssl.truststore.password");
            properties.setProperty("ssl.truststore.type", "PEM");
            properties.setProperty("ssl.truststore.certificates", exportCertificates.value());
        }
        String property2 = properties.getProperty("ssl.keystore.location");
        if (property2 != null) {
            String property3 = properties.getProperty("ssl.keystore.type");
            Password password = new Password(properties.getProperty("ssl.keystore.password"));
            Password password2 = new Password(properties.getProperty("ssl.key.password"));
            Password exportCertificates2 = exportCertificates(property2, password, property3);
            Password exportPrivateKey = exportPrivateKey(property2, password, password2, property3, password2);
            properties.remove("ssl.keystore.location");
            properties.remove("ssl.keystore.password");
            properties.setProperty("ssl.keystore.type", "PEM");
            properties.setProperty("ssl.keystore.certificate.chain", exportCertificates2.value());
            properties.setProperty("ssl.keystore.key", exportPrivateKey.value());
        }
    }

    public static Password exportCertificates(String str, Password password, String str2) throws Exception {
        StringBuilder sb = new StringBuilder();
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyStore.load(fileInputStream, password.value().toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            if (!aliases.hasMoreElements()) {
                throw new IllegalArgumentException("No certificates found in file " + str);
            }
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain != null) {
                    for (Certificate certificate : certificateChain) {
                        sb.append(pem(certificate));
                    }
                } else {
                    sb.append(pem(keyStore.getCertificate(nextElement)));
                }
            }
            return new Password(sb.toString());
        } finally {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
        }
    }

    public static Password exportPrivateKey(String str, Password password, Password password2, String str2, Password password3) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str2);
                keyStore.load(fileInputStream, password.value().toCharArray());
                Password password4 = new Password(pem((PrivateKey) keyStore.getKey(keyStore.aliases().nextElement(), password2.value().toCharArray()), password3));
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return password4;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    static String pem(Certificate certificate) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new JcaMiscPEMGenerator(certificate));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    static String pem(PrivateKey privateKey, Password password) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.UTF_8));
        Throwable th = null;
        try {
            if (password == null) {
                pemWriter.writeObject(new JcaPKCS8Generator(privateKey, (OutputEncryptor) null));
            } else {
                JceOpenSSLPKCS8EncryptorBuilder jceOpenSSLPKCS8EncryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
                jceOpenSSLPKCS8EncryptorBuilder.setPassword(password.value().toCharArray());
                try {
                    pemWriter.writeObject(new JcaPKCS8Generator(privateKey, jceOpenSSLPKCS8EncryptorBuilder.build()));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
        } finally {
            if (pemWriter != null) {
                if (0 != 0) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pemWriter.close();
                }
            }
        }
    }
}
