package com.nuodb.agent;

import com.nuodb.impl.util.Env;
import com.nuodb.jdbc.RemConnection;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.Socket;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Enumeration;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/nuodb/agent/TLSUtils.class */
public class TLSUtils {
    public static final String ENABLE_TLS_PROP = "enableTLS";
    public static final boolean ENABLE_TLS_DEFAULT = false;
    public static final String KEY_STORE_PROP = "keyStore";
    public static final String KEY_STORE_TYPE_PROP = "keyStoreType";
    public static final String KEY_PASSWORD_PROP = "keyPassword";
    public static final String KEY_STORE_PASSWORD_PROP = "keyStorePassword";
    public static final String PEER_CONFIG_PROP = "peerConfig";
    public static final String defaultKeyStoreSubDir = "keys";
    public static final String defaultKeyStoreFileName = "hostkey.p12";
    public static final String defaultKeyStorePass = "changeit";
    public static final String defaultKeyStoreType = "PKCS12";
    public static final String defaultPeerConfigFileName = "peerConfig.xml";

    public static String getDefaultKeyStorePath(String str, String str2) {
        return Paths.get(Env.configDir(str, str2), defaultKeyStoreSubDir, defaultKeyStoreFileName).toString();
    }

    public static String getDefaultPeerConfigPath(String str, String str2) {
        return Paths.get(Env.configDir(str, str2), defaultPeerConfigFileName).toString();
    }

    public static KeyStore getKeyStore(File file, String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(new FileInputStream(file), str2.toCharArray());
        return keyStore;
    }

    public static Certificate getCertFromKeyStore(KeyStore keyStore) throws IOException, KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            throw new IOException("The keyfile contains no certificates!");
        }
        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
        if (aliases.hasMoreElements()) {
            throw new IOException("The keyfile contains more than one certificate!");
        }
        if (certificate == null) {
            throw new IOException("The keyfile can not be processed");
        }
        return certificate;
    }

    public static void writeCertToDisk(File file, String str, String str2, String str3, Certificate certificate, KeyPair keyPair) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null, str2.toCharArray());
            keyStore.setKeyEntry(str3, keyPair.getPrivate(), str2.toCharArray(), new Certificate[]{certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            Throwable th = null;
            try {
                try {
                    keyStore.store(fileOutputStream, str2.toCharArray());
                    fileOutputStream.flush();
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("Failure while loading the keystore " + file.getAbsolutePath(), e);
        }
    }

    public static Certificate readCert(File file, String str, String str2) throws IOException {
        try {
            return getCertFromKeyStore(getKeyStore(file, str, str2));
        } catch (Exception e) {
            throw new IOException("Failure while loading the keystore " + file.getAbsolutePath(), e);
        }
    }

    private static KeyManagerFactory readKeyManagerFactory(File file, String str, String str2) throws IOException {
        try {
            KeyStore keyStore = getKeyStore(file, str, str2);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            keyManagerFactory.init(keyStore, str2.toCharArray());
            return keyManagerFactory;
        } catch (Exception e) {
            throw new IOException("Failure while loading the keystore " + file.getAbsolutePath(), e);
        }
    }

    public static void validateKeyStoreConfig(String str, String str2, String str3) throws IOException {
        File file = new File(str);
        try {
            readKeyManagerFactory(file, str2, str3);
        } catch (Exception e) {
            throw new IOException("Failure while loading the keystore " + file.getAbsolutePath(), e);
        }
    }

    public static SSLSocket generateSSLSocket(String str, Map<String, TLSCertificate> map, Socket socket, String str2, String str3, File file) throws Exception {
        KeyStore keyStore = getKeyStore(file, str2, str3);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
        keyManagerFactory.init(keyStore, str3.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance(RemConnection.JKS_KEYSTORE_TYPE);
        keyStore2.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (Map.Entry<String, TLSCertificate> entry : map.entrySet()) {
            keyStore2.setCertificateEntry(entry.getKey(), certificateFactory.generateCertificate(entry.getValue().toInputStream()));
        }
        keyStore2.setCertificateEntry(str, getCertFromKeyStore(keyStore));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
        trustManagerFactory.init(keyStore2);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        return (SSLSocket) sSLContext.getSocketFactory().createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
    }
}
