package org.apache.nifi.toolkit.tls.manager;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.writer.ConfigurationWriter;
import org.apache.nifi.toolkit.tls.util.InputStreamFactory;
import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
import org.apache.nifi.toolkit.tls.util.PasswordUtil;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.apache.nifi.util.StringUtils;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/manager/BaseTlsManager.class */
public class BaseTlsManager {
    private final TlsConfig tlsConfig;
    private final PasswordUtil passwordUtil;
    private final InputStreamFactory inputStreamFactory;
    private final KeyStore keyStore;
    private final List<ConfigurationWriter<TlsConfig>> configurationWriters;
    private boolean differentKeyAndKeyStorePassword;
    private boolean keyStorePasswordGenerated;

    public BaseTlsManager(TlsConfig tlsConfig) throws GeneralSecurityException, IOException {
        this(tlsConfig, new PasswordUtil(), FileInputStream::new);
    }

    public BaseTlsManager(TlsConfig tlsConfig, PasswordUtil passwordUtil, InputStreamFactory inputStreamFactory) throws GeneralSecurityException, IOException {
        this.differentKeyAndKeyStorePassword = false;
        this.keyStorePasswordGenerated = false;
        this.tlsConfig = tlsConfig;
        this.passwordUtil = passwordUtil;
        this.inputStreamFactory = inputStreamFactory;
        this.keyStore = loadKeystore(tlsConfig.getKeyStore(), tlsConfig.getKeyStoreType(), getKeyStorePassword());
        this.configurationWriters = new ArrayList();
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public KeyStore.Entry getEntry(String str) throws GeneralSecurityException {
        String keyPassword = getKeyPassword();
        return this.keyStore.getEntry(str, new KeyStore.PasswordProtection(keyPassword == null ? null : keyPassword.toCharArray()));
    }

    public KeyStore.Entry addPrivateKeyToKeyStore(KeyPair keyPair, String str, Certificate... certificateArr) throws GeneralSecurityException {
        String keyPassword = getKeyPassword();
        this.keyStore.setKeyEntry(str, keyPair.getPrivate(), keyPassword == null ? null : keyPassword.toCharArray(), certificateArr);
        return getEntry(str);
    }

    public void setDifferentKeyAndKeyStorePassword(boolean z) {
        this.differentKeyAndKeyStorePassword = z;
    }

    private String getKeyPassword() {
        if (this.keyStore.getType().equalsIgnoreCase(KeystoreType.PKCS12.toString())) {
            this.tlsConfig.setKeyPassword(null);
            return null;
        }
        String keyPassword = this.tlsConfig.getKeyPassword();
        if (StringUtils.isEmpty(keyPassword)) {
            keyPassword = this.differentKeyAndKeyStorePassword ? this.passwordUtil.generatePassword() : getKeyStorePassword();
            this.tlsConfig.setKeyPassword(keyPassword);
        }
        return keyPassword;
    }

    private String getKeyStorePassword() {
        String keyStorePassword = this.tlsConfig.getKeyStorePassword();
        if (StringUtils.isEmpty(keyStorePassword)) {
            keyStorePassword = this.passwordUtil.generatePassword();
            this.keyStorePasswordGenerated = true;
            this.tlsConfig.setKeyStorePassword(keyStorePassword);
        }
        return keyStorePassword;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore loadKeystore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStoreUtils.getKeyStore(str2);
        File file = new File(str);
        if (!file.exists()) {
            keyStore.load(null, null);
            return keyStore;
        }
        InputStream create = this.inputStreamFactory.create(file);
        Throwable th = null;
        try {
            keyStore.load(create, str3.toCharArray());
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public void write(OutputStreamFactory outputStreamFactory) throws IOException, GeneralSecurityException {
        this.tlsConfig.setKeyStorePassword(TlsHelper.writeKeyStore(this.keyStore, outputStreamFactory, new File(this.tlsConfig.getKeyStore()), getKeyStorePassword(), this.keyStorePasswordGenerated));
        Iterator<ConfigurationWriter<TlsConfig>> it = this.configurationWriters.iterator();
        while (it.hasNext()) {
            it.next().write(this.tlsConfig, outputStreamFactory);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordUtil getPasswordUtil() {
        return this.passwordUtil;
    }

    public void addConfigurationWriter(ConfigurationWriter<TlsConfig> configurationWriter) {
        this.configurationWriters.add(configurationWriter);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsConfig getTlsConfig() {
        return this.tlsConfig;
    }
}
