package org.apache.nifi.toolkit.tls.standalone;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
import org.apache.nifi.toolkit.tls.manager.TlsClientManager;
import org.apache.nifi.toolkit.tls.manager.writer.NifiPropertiesTlsClientConfigWriter;
import org.apache.nifi.toolkit.tls.properties.NiFiPropertiesWriterFactory;
import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.class */
public class TlsToolkitStandalone {
    public static final String NIFI_KEY = "nifi-key";
    public static final String NIFI_CERT = "nifi-cert";
    public static final String NIFI_PROPERTIES = "nifi.properties";
    private final Logger logger;
    private final OutputStreamFactory outputStreamFactory;

    public TlsToolkitStandalone() {
        this(FileOutputStream::new);
    }

    public TlsToolkitStandalone(OutputStreamFactory outputStreamFactory) {
        this.logger = LoggerFactory.getLogger(TlsToolkitStandalone.class);
        this.outputStreamFactory = outputStreamFactory;
    }

    public void createNifiKeystoresAndTrustStores(File file, TlsConfig tlsConfig, NiFiPropertiesWriterFactory niFiPropertiesWriterFactory, List<String> list, List<String> list2, List<String> list3, List<String> list4, int i) throws GeneralSecurityException, IOException {
        String signingAlgorithm = tlsConfig.getSigningAlgorithm();
        int days = tlsConfig.getDays();
        String keyPairAlgorithm = tlsConfig.getKeyPairAlgorithm();
        int keySize = tlsConfig.getKeySize();
        KeyStore.PrivateKeyEntry orGenerateCertificateAuthority = new TlsCertificateAuthorityManager(tlsConfig).getOrGenerateCertificateAuthority();
        X509Certificate x509Certificate = (X509Certificate) orGenerateCertificateAuthority.getCertificateChain()[0];
        KeyPair keyPair = new KeyPair(x509Certificate.getPublicKey(), orGenerateCertificateAuthority.getPrivateKey());
        if (!file.exists() && !file.mkdirs()) {
            throw new IOException(file + " doesn't exist and unable to create it.");
        }
        if (!file.isDirectory()) {
            throw new IOException("Expected directory to output to");
        }
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Running standalone certificate generation with output directory " + file + " and hostnames " + list);
        }
        File file2 = new File(file, "nifi-cert.pem");
        if (file2.exists()) {
            throw new IOException(file2.getAbsolutePath() + " exists already.");
        }
        File file3 = new File(file, "nifi-key.key");
        if (file3.exists()) {
            throw new IOException(file3.getAbsolutePath() + " exists already.");
        }
        for (String str : list) {
            File file4 = new File(file, str);
            if (file4.exists()) {
                throw new IOException("Output destination for host " + str + " (" + file4.getAbsolutePath() + ") exists already.");
            }
        }
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(this.outputStreamFactory.create(file2)));
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new JcaMiscPEMGenerator(x509Certificate));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                pemWriter = new PemWriter(new OutputStreamWriter(this.outputStreamFactory.create(file3)));
                Throwable th3 = null;
                try {
                    try {
                        pemWriter.writeObject(new JcaMiscPEMGenerator(keyPair));
                        if (pemWriter != null) {
                            if (0 != 0) {
                                try {
                                    pemWriter.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                pemWriter.close();
                            }
                        }
                        for (int i2 = 0; i2 < list.size(); i2++) {
                            String str2 = list.get(i2);
                            File file5 = new File(file, str2);
                            if (!file5.mkdirs()) {
                                throw new IOException("Unable to make directory: " + file5.getAbsolutePath());
                            }
                            TlsClientConfig tlsClientConfig = new TlsClientConfig(tlsConfig);
                            tlsClientConfig.setKeyStore(new File(file5, BaseCommandLine.KEYSTORE + tlsClientConfig.getKeyStoreType().toLowerCase()).getAbsolutePath());
                            tlsClientConfig.setKeyStorePassword(list2.get(i2));
                            tlsClientConfig.setKeyPassword(list3.get(i2));
                            tlsClientConfig.setTrustStore(new File(file5, BaseCommandLine.TRUSTSTORE + tlsClientConfig.getTrustStoreType().toLowerCase()).getAbsolutePath());
                            tlsClientConfig.setTrustStorePassword(list4.get(i2));
                            TlsClientManager tlsClientManager = new TlsClientManager(tlsClientConfig);
                            KeyPair generateKeyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize);
                            tlsClientManager.addPrivateKeyToKeyStore(generateKeyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(TlsConfig.calcDefaultDn(str2), generateKeyPair.getPublic(), x509Certificate, keyPair, signingAlgorithm, days), x509Certificate);
                            tlsClientManager.setCertificateEntry(NIFI_CERT, x509Certificate);
                            tlsClientManager.addClientConfigurationWriter(new NifiPropertiesTlsClientConfigWriter(niFiPropertiesWriterFactory, this.outputStreamFactory, new File(file5, NIFI_PROPERTIES), str2, i));
                            tlsClientManager.write(this.outputStreamFactory);
                            if (this.logger.isInfoEnabled()) {
                                this.logger.info("Successfully generated TLS configuration for " + str2 + ":" + i + " in " + file5);
                            }
                        }
                        if (this.logger.isInfoEnabled()) {
                            this.logger.info("Successfully generated TLS configuration for all hosts");
                        }
                    } catch (Throwable th5) {
                        th3 = th5;
                        throw th5;
                    }
                } finally {
                }
            } catch (Throwable th6) {
                th = th6;
                throw th6;
            }
        } finally {
        }
    }
}
