package io.vertx.core.net.impl;

import ch.qos.logback.core.net.ssl.SSL;
import io.netty.util.internal.PlatformDependent;
import io.vertx.core.VertxException;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.TrustOptions;
import io.vertx.core.net.impl.pkcs1.PrivateKeyParser;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:BOOT-INF/lib/vertx-core-3.9.3.jar:io/vertx/core/net/impl/KeyStoreHelper.class */
public class KeyStoreHelper {
    private static final String DUMMY_PASSWORD = "dummy";
    private static final String DUMMY_CERT_ALIAS = "cert-";
    private static final Pattern BEGIN_PATTERN = Pattern.compile("-----BEGIN ([A-Z ]+)-----");
    private static final Pattern END_PATTERN = Pattern.compile("-----END ([A-Z ]+)-----");
    private final String password;
    private final KeyStore store;
    private final Map<String, X509KeyManager> wildcardMgrMap = new HashMap();
    private final Map<String, X509KeyManager> mgrMap = new HashMap();
    private final Map<String, TrustManagerFactory> trustMgrMap = new HashMap();

    public static KeyStoreHelper create(VertxInternal vertxInternal, KeyCertOptions keyCertOptions) throws Exception {
        Supplier supplier;
        Supplier supplier2;
        if (keyCertOptions instanceof JksOptions) {
            JksOptions jksOptions = (JksOptions) keyCertOptions;
            if (jksOptions.getPath() != null) {
                supplier2 = () -> {
                    return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(jksOptions.getPath()).getAbsolutePath());
                };
            } else {
                if (jksOptions.getValue() == null) {
                    return null;
                }
                jksOptions.getClass();
                supplier2 = jksOptions::getValue;
            }
            return new KeyStoreHelper(loadJKSOrPKCS12(SSL.DEFAULT_KEYSTORE_TYPE, jksOptions.getPassword(), supplier2), jksOptions.getPassword());
        }
        if (keyCertOptions instanceof PfxOptions) {
            PfxOptions pfxOptions = (PfxOptions) keyCertOptions;
            if (pfxOptions.getPath() != null) {
                supplier = () -> {
                    return vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(pfxOptions.getPath()).getAbsolutePath());
                };
            } else {
                if (pfxOptions.getValue() == null) {
                    return null;
                }
                pfxOptions.getClass();
                supplier = pfxOptions::getValue;
            }
            return new KeyStoreHelper(loadJKSOrPKCS12("PKCS12", pfxOptions.getPassword(), supplier), pfxOptions.getPassword());
        }
        if (!(keyCertOptions instanceof PemKeyCertOptions)) {
            return null;
        }
        PemKeyCertOptions pemKeyCertOptions = (PemKeyCertOptions) keyCertOptions;
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = pemKeyCertOptions.getKeyPaths().iterator();
        while (it.hasNext()) {
            arrayList.add(vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(it.next()).getAbsolutePath()));
        }
        arrayList.addAll(pemKeyCertOptions.getKeyValues());
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it2 = pemKeyCertOptions.getCertPaths().iterator();
        while (it2.hasNext()) {
            arrayList2.add(vertxInternal.fileSystem().readFileBlocking(vertxInternal.resolveFile(it2.next()).getAbsolutePath()));
        }
        arrayList2.addAll(pemKeyCertOptions.getCertValues());
        return new KeyStoreHelper(loadKeyCert(arrayList, arrayList2), DUMMY_PASSWORD);
    }

    public static KeyStoreHelper create(VertxInternal vertxInternal, TrustOptions trustOptions) throws Exception {
        if (trustOptions instanceof KeyCertOptions) {
            return create(vertxInternal, (KeyCertOptions) trustOptions);
        }
        if (!(trustOptions instanceof PemTrustOptions)) {
            return null;
        }
        PemTrustOptions pemTrustOptions = (PemTrustOptions) trustOptions;
        Stream<R> map = pemTrustOptions.getCertPaths().stream().map(str -> {
            return vertxInternal.resolveFile(str).getAbsolutePath();
        });
        FileSystem fileSystem = vertxInternal.fileSystem();
        fileSystem.getClass();
        return new KeyStoreHelper(loadCA(Stream.concat(map.map(fileSystem::readFileBlocking), pemTrustOptions.getCertValues().stream())), null);
    }

    public KeyStoreHelper(KeyStore keyStore, String str) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (keyStore.isCertificateEntry(nextElement) && !nextElement.startsWith(DUMMY_CERT_ALIAS)) {
                KeyStore createEmptyKeyStore = createEmptyKeyStore();
                createEmptyKeyStore.setCertificateEntry("cert-1", certificate);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(createEmptyKeyStore);
                this.trustMgrMap.put(nextElement, trustManagerFactory);
            }
            if (keyStore.isKeyEntry(nextElement) && (certificate instanceof X509Certificate)) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                ArrayList<String> arrayList = new ArrayList();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        if (list.size() == 2 && (list.get(0) instanceof Number) && ((Number) list.get(0)).intValue() == 2) {
                            arrayList.add(list.get(1).toString());
                        }
                    }
                }
                arrayList.addAll(getX509CertificateCommonNames(x509Certificate.getSubjectX500Principal().getName()));
                if (!arrayList.isEmpty()) {
                    final PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, str != null ? str.toCharArray() : null);
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain != null) {
                        final List list2 = (List) Arrays.asList(certificateChain).stream().map(certificate2 -> {
                            return (X509Certificate) certificate2;
                        }).collect(Collectors.toList());
                        X509KeyManager x509KeyManager = new X509KeyManager() { // from class: io.vertx.core.net.impl.KeyStoreHelper.1
                            @Override // javax.net.ssl.X509KeyManager
                            public String[] getClientAliases(String str2, Principal[] principalArr) {
                                throw new UnsupportedOperationException();
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                                throw new UnsupportedOperationException();
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String[] getServerAliases(String str2, Principal[] principalArr) {
                                throw new UnsupportedOperationException();
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public String chooseServerAlias(String str2, Principal[] principalArr, Socket socket) {
                                throw new UnsupportedOperationException();
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public X509Certificate[] getCertificateChain(String str2) {
                                return (X509Certificate[]) list2.toArray(new X509Certificate[list2.size()]);
                            }

                            @Override // javax.net.ssl.X509KeyManager
                            public PrivateKey getPrivateKey(String str2) {
                                return privateKey;
                            }
                        };
                        for (String str2 : arrayList) {
                            if (str2.startsWith("*.")) {
                                this.wildcardMgrMap.put(str2.substring(2), x509KeyManager);
                            } else {
                                this.mgrMap.put(str2, x509KeyManager);
                            }
                        }
                    }
                }
            }
        }
        this.store = keyStore;
        this.password = str;
    }

    public KeyManagerFactory getKeyMgrFactory() throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.store, this.password != null ? this.password.toCharArray() : null);
        return keyManagerFactory;
    }

    public X509KeyManager getKeyMgr(String str) {
        int indexOf;
        X509KeyManager x509KeyManager = this.mgrMap.get(str);
        if (x509KeyManager == null && !this.wildcardMgrMap.isEmpty() && (indexOf = str.indexOf(46) + 1) > 0) {
            x509KeyManager = this.wildcardMgrMap.get(str.substring(indexOf));
        }
        return x509KeyManager;
    }

    public KeyManager[] getKeyMgr() throws Exception {
        return getKeyMgrFactory().getKeyManagers();
    }

    public TrustManager[] getTrustMgr(String str) {
        TrustManagerFactory trustManagerFactory = this.trustMgrMap.get(str);
        if (trustManagerFactory != null) {
            return trustManagerFactory.getTrustManagers();
        }
        return null;
    }

    public TrustManagerFactory getTrustMgrFactory(VertxInternal vertxInternal) throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.store);
        return trustManagerFactory;
    }

    public TrustManager[] getTrustMgrs(VertxInternal vertxInternal) throws Exception {
        return getTrustMgrFactory(vertxInternal).getTrustManagers();
    }

    public KeyStore store() {
        return this.store;
    }

    public static List<String> getX509CertificateCommonNames(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (PlatformDependent.isAndroid()) {
            for (String str2 : str.trim().split("[,;]")) {
                String[] split = str2.trim().split("=");
                if (split.length == 2 && "cn".equalsIgnoreCase(split[0])) {
                    arrayList.add(split[1]);
                }
            }
        } else {
            for (Rdn rdn : new LdapName(str).getRdns()) {
                if (rdn.getType().equalsIgnoreCase("cn")) {
                    arrayList.add(rdn.getValue().toString());
                }
            }
        }
        return arrayList;
    }

    private static KeyStore loadJKSOrPKCS12(String str, String str2, Supplier<Buffer> supplier) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(str);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(supplier.get().getBytes());
        Throwable th = null;
        try {
            keyStore.load(byteArrayInputStream, str2 != null ? str2.toCharArray() : null);
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    private static KeyStore loadKeyCert(List<Buffer> list, List<Buffer> list2) throws Exception {
        if (list.size() < list2.size()) {
            throw new VertxException("Missing private key");
        }
        if (list.size() > list2.size()) {
            throw new VertxException("Missing X.509 certificate");
        }
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        Iterator<Buffer> it = list.iterator();
        Iterator<Buffer> it2 = list2.iterator();
        int i = 0;
        while (it.hasNext() && it2.hasNext()) {
            int i2 = i;
            i++;
            createEmptyKeyStore.setEntry("dummy-entry-" + i2, new KeyStore.PrivateKeyEntry(loadPrivateKey(it.next()), loadCerts(it2.next())), new KeyStore.PasswordProtection(DUMMY_PASSWORD.toCharArray()));
        }
        return createEmptyKeyStore;
    }

    private static PrivateKey loadPrivateKey(Buffer buffer) throws Exception {
        if (buffer == null) {
            throw new RuntimeException("Missing private key path");
        }
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        KeyFactory eCKeyFactory = getECKeyFactory();
        List loadPems = loadPems(buffer, (str, bArr) -> {
            try {
                boolean z = -1;
                switch (str.hashCode()) {
                    case -170985982:
                        if (str.equals("PRIVATE KEY")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2121838594:
                        if (str.equals("RSA PRIVATE KEY")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return Collections.singletonList(keyFactory.generatePrivate(PrivateKeyParser.getRSAKeySpec(bArr)));
                    case true:
                        String pKCS8EncodedKeyAlgorithm = PrivateKeyParser.getPKCS8EncodedKeyAlgorithm(bArr);
                        if (keyFactory.getAlgorithm().equals(pKCS8EncodedKeyAlgorithm)) {
                            return Collections.singletonList(keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr)));
                        }
                        if (eCKeyFactory != null && eCKeyFactory.getAlgorithm().equals(pKCS8EncodedKeyAlgorithm)) {
                            return Collections.singletonList(eCKeyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr)));
                        }
                        break;
                }
                return Collections.emptyList();
            } catch (InvalidKeySpecException e) {
                throw new VertxException(e);
            }
        });
        if (loadPems.isEmpty()) {
            throw new RuntimeException("Missing -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY----- delimiter");
        }
        return (PrivateKey) loadPems.get(0);
    }

    private static KeyFactory getECKeyFactory() {
        try {
            return KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private static KeyStore loadCA(Stream<Buffer> stream) throws Exception {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.load(null, null);
        int i = 0;
        stream.getClass();
        Iterable iterable = stream::iterator;
        Iterator it = iterable.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : loadCerts((Buffer) it.next())) {
                int i2 = i;
                i++;
                createEmptyKeyStore.setCertificateEntry(DUMMY_CERT_ALIAS + i2, x509Certificate);
            }
        }
        return createEmptyKeyStore;
    }

    private static <P> List<P> loadPems(Buffer buffer, BiFunction<String, byte[], Collection<P>> biFunction) throws IOException {
        String buffer2 = buffer.toString();
        ArrayList arrayList = new ArrayList();
        Matcher matcher = BEGIN_PATTERN.matcher(buffer2);
        Matcher matcher2 = END_PATTERN.matcher(buffer2);
        while (matcher.find()) {
            String group = matcher.group(1);
            if (!matcher2.find()) {
                throw new RuntimeException("Missing -----END " + group + "----- delimiter");
            }
            String group2 = matcher2.group(1);
            if (!group.equals(group2)) {
                throw new RuntimeException("Missing -----END " + group + "----- delimiter");
            }
            String replaceAll = buffer2.substring(matcher.end(), matcher2.start()).replaceAll("\\s", "");
            if (replaceAll.length() == 0) {
                throw new RuntimeException("Empty pem file");
            }
            arrayList.addAll(biFunction.apply(group2, Base64.getDecoder().decode(replaceAll)));
        }
        return arrayList;
    }

    private static X509Certificate[] loadCerts(Buffer buffer) throws Exception {
        if (buffer == null) {
            throw new RuntimeException("Missing X.509 certificate path");
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List loadPems = loadPems(buffer, (str, bArr) -> {
            try {
                boolean z = -1;
                switch (str.hashCode()) {
                    case -189606537:
                        if (str.equals("CERTIFICATE")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return certificateFactory.generateCertificates(new ByteArrayInputStream(bArr));
                    default:
                        return Collections.emptyList();
                }
            } catch (CertificateException e) {
                throw new VertxException(e);
            }
        });
        if (loadPems.isEmpty()) {
            throw new RuntimeException("Missing -----BEGIN CERTIFICATE----- delimiter");
        }
        return (X509Certificate[]) loadPems.toArray(new X509Certificate[loadPems.size()]);
    }

    private static KeyStore createEmptyKeyStore() throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        try {
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreException("Failed to initialize the keystore", e);
        }
    }
}
