package org.apache.kerby.kerberos.tool.admin.local.cmd;

import com.jcraft.jsch.ChannelSftp;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.SftpException;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Properties;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.text.CharacterPredicate;
import org.apache.commons.text.CharacterPredicates;
import org.apache.commons.text.RandomStringGenerator;
import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.admin.LocalHadmin;
import org.apache.kerby.util.IOUtil;
import org.bouncycastle.x509.X509V1CertificateGenerator;

/* loaded from: input_file:org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand.class */
public class DeployHTTPSCertsCommand extends HadminCommand {
    private static final String USAGE = "\nUsage: deploy_certs [Hosts-File] [truststore_file] [truststore_password] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n\tExample:\n\t\tdeploy_https hosts.txt /etc/has/truststore.jks 123456 /etc/has 22 username password\n";

    /* loaded from: input_file:org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand$KeyStoreInfo.class */
    private final class KeyStoreInfo {
        KeyStore keyStore;
        String keyPasswd;

        private KeyStoreInfo(KeyStore keyStore, String str) {
            this.keyStore = keyStore;
            this.keyPasswd = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getKeyPasswd() {
            return this.keyPasswd;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public KeyStore getKeyStore() {
            return this.keyStore;
        }
    }

    public DeployHTTPSCertsCommand(LocalHadmin localHadmin) {
        super(localHadmin);
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.genKeyPair();
    }

    private static X509Certificate generateCertificate(String str, KeyPair keyPair) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException {
        Date date = new Date();
        Date date2 = new Date(date.getTime() + 7776000000L);
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        X500Principal x500Principal = new X500Principal(str);
        x509V1CertificateGenerator.setSerialNumber(bigInteger);
        x509V1CertificateGenerator.setIssuerDN(x500Principal);
        x509V1CertificateGenerator.setNotBefore(date);
        x509V1CertificateGenerator.setNotAfter(date2);
        x509V1CertificateGenerator.setSubjectDN(x500Principal);
        x509V1CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V1CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        return x509V1CertificateGenerator.generate(keyPair.getPrivate());
    }

    private static File saveKeyStore(String str, KeyStore keyStore, String str2) throws GeneralSecurityException, IOException {
        File file = new File(str);
        if (file.exists() && !file.delete()) {
            throw new IOException("Failed to delete original file: " + str);
        }
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, str2.toCharArray());
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            return file;
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    private File createClientSSLConfig(String str, String str2, String str3) throws HasException {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream("/ssl-client.conf.template");
            Throwable th = null;
            try {
                try {
                    File file = new File("ssl-client.conf");
                    IOUtil.writeFile(IOUtil.readInput(resourceAsStream).replaceAll("_location_", str).replaceAll("_password_", str2).replaceAll("_keyPassword_", str3), file);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return file;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new HasException("Failed to create client ssl configuration file", e);
        }
    }

    @Override // org.apache.kerby.kerberos.tool.admin.local.cmd.HadminCommand
    public void execute(String[] strArr) throws HasException {
        if (strArr.length < 7 || strArr.length > 8) {
            System.err.println(USAGE);
            return;
        }
        File file = new File(strArr[1]);
        if (!file.exists()) {
            throw new HasException("Host file is not exist.");
        }
        String str = strArr[2];
        String str2 = strArr[3];
        String str3 = strArr[4];
        int intValue = Integer.valueOf(strArr[5]).intValue();
        String str4 = strArr[6];
        String str5 = strArr.length == 8 ? strArr[7] : "";
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
            StringBuilder sb = new StringBuilder();
            while (true) {
                try {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        } else {
                            sb.append(readLine);
                        }
                    } catch (IOException e) {
                        throw new HasException("Failed to read file. " + e.getMessage());
                    }
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                        throw th;
                    } catch (IOException e2) {
                        throw new HasException(e2.getMessage());
                    }
                }
            }
            try {
                bufferedReader.close();
                String[] split = sb.toString().replace(" ", "").split(",");
                HashMap hashMap = new HashMap(16);
                FileInputStream fileInputStream = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        fileInputStream = new FileInputStream(str);
                        keyStore.load(fileInputStream, str2.toCharArray());
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e3) {
                                throw new HasException(e3.getMessage());
                            }
                        }
                        RandomStringGenerator build = new RandomStringGenerator.Builder().withinRange(97, 122).filteredBy(new CharacterPredicate[]{CharacterPredicates.LETTERS, CharacterPredicates.DIGITS}).build();
                        for (String str6 : split) {
                            try {
                                if (!str6.equals(InetAddress.getLocalHost().getHostName())) {
                                    try {
                                        KeyPair generateKeyPair = generateKeyPair();
                                        String generate = build.generate(15);
                                        X509Certificate generateCertificate = generateCertificate("CN=" + str6 + ", O=has", generateKeyPair);
                                        KeyStore keyStore2 = KeyStore.getInstance("JKS");
                                        keyStore2.load(null, null);
                                        keyStore2.setKeyEntry(str6, generateKeyPair.getPrivate(), generate.toCharArray(), new Certificate[]{generateCertificate});
                                        hashMap.put(str6, new KeyStoreInfo(keyStore2, generate));
                                        keyStore.setCertificateEntry(str6, generateCertificate);
                                    } catch (Exception e4) {
                                        throw new HasException("Failed to generate keystore. " + e4.getMessage());
                                    }
                                }
                            } catch (UnknownHostException e5) {
                                throw new HasException("Failed to get local hostname. " + e5.getMessage());
                            }
                        }
                        try {
                            File saveKeyStore = saveKeyStore(str, keyStore, str5);
                            for (String str7 : split) {
                                ArrayList<File> arrayList = new ArrayList(3);
                                try {
                                    KeyStoreInfo keyStoreInfo = (KeyStoreInfo) hashMap.get(str7);
                                    arrayList.add(saveKeyStore(str7 + "_keystore.jks", keyStoreInfo.getKeyStore(), keyStoreInfo.getKeyPasswd()));
                                    arrayList.add(saveKeyStore);
                                    arrayList.add(createClientSSLConfig(str3 + "/truststore.jks", str2, keyStoreInfo.getKeyPasswd()));
                                    try {
                                        Session session = new JSch().getSession(str4, str7, intValue);
                                        session.setPassword(str5);
                                        Properties properties = new Properties();
                                        properties.put("StrictHostKeyChecking", "no");
                                        session.setConfig(properties);
                                        try {
                                            session.connect();
                                            ChannelSftp openChannel = session.openChannel("sftp");
                                            openChannel.connect();
                                            try {
                                                String str8 = "";
                                                String[] split2 = str3.split("/");
                                                for (int i = 1; i < split2.length; i++) {
                                                    str8 = str8 + "/" + split2[i];
                                                    try {
                                                        openChannel.cd(str8);
                                                    } catch (SftpException e6) {
                                                        if (e6.id != 2) {
                                                            throw new HasException(e6.getMessage());
                                                        }
                                                        openChannel.mkdir(str8);
                                                    }
                                                }
                                                for (File file2 : arrayList) {
                                                    try {
                                                        openChannel.put(file2.getAbsolutePath(), file2.getName());
                                                    } catch (SftpException e7) {
                                                        throw new HasException("Failed to send the https cert files. " + e7.getMessage());
                                                    }
                                                }
                                                openChannel.disconnect();
                                            } catch (SftpException e8) {
                                                throw new HasException("Failed to mkdir path: " + e8.getMessage());
                                            }
                                        } catch (JSchException e9) {
                                            throw new HasException("Failed to set the session: " + e9.getMessage());
                                        }
                                    } catch (JSchException e10) {
                                        throw new HasException(e10.getMessage());
                                    }
                                } catch (Exception e11) {
                                    throw new HasException("Failed to generate key store files. " + e11.getMessage());
                                }
                            }
                        } catch (Exception e12) {
                            throw new HasException("Failed to generate trust store files. " + e12.getMessage());
                        }
                    } catch (Exception e13) {
                        throw new HasException("Failed to get truststore from the file: " + str + ". " + e13.getMessage());
                    }
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e14) {
                            throw new HasException(e14.getMessage());
                        }
                    }
                    throw th2;
                }
            } catch (IOException e15) {
                throw new HasException(e15.getMessage());
            }
        } catch (FileNotFoundException e16) {
            throw new HasException("The hosts file: " + file + "is not exist. " + e16.getMessage());
        }
    }
}
