package org.apache.nifi.toolkit.tls.util;

import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/util/TlsHelper.class */
public class TlsHelper {
    private static final Logger logger = LoggerFactory.getLogger(TlsHelper.class);
    private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128;
    public static final String JCE_URL = "http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html";
    public static final String ILLEGAL_KEY_SIZE = "illegal key size";
    private static boolean isUnlimitedStrengthCryptographyEnabled;

    private static void logTruncationWarning(File file) {
        String file2 = file.toString();
        String name = file.getName();
        logger.warn("**********************************************************************************");
        logger.warn("                                    WARNING!!!!");
        logger.warn("**********************************************************************************");
        logger.warn("Unlimited JCE Policy is not installed which means we cannot utilize a");
        logger.warn("PKCS12 password longer than 7 characters.");
        logger.warn("Autogenerated password has been reduced to 7 characters.");
        logger.warn("");
        logger.warn("Please strongly consider installing Unlimited JCE Policy at");
        logger.warn(JCE_URL);
        logger.warn("");
        logger.warn("Another alternative is to add a stronger password with the openssl tool to the");
        logger.warn("resulting client certificate: " + file2);
        logger.warn("");
        logger.warn("openssl pkcs12 -in '" + file2 + "' -out '/tmp/" + name + "'");
        logger.warn("openssl pkcs12 -export -in '/tmp/" + name + "' -out '" + file2 + "'");
        logger.warn("rm -f '/tmp/" + name + "'");
        logger.warn("");
        logger.warn("**********************************************************************************");
    }

    private TlsHelper() {
    }

    public static boolean isUnlimitedStrengthCryptographyEnabled() {
        return isUnlimitedStrengthCryptographyEnabled;
    }

    public static String writeKeyStore(KeyStore keyStore, OutputStreamFactory outputStreamFactory, File file, String str, boolean z) throws IOException, GeneralSecurityException {
        try {
            OutputStream create = outputStreamFactory.create(file);
            Throwable th = null;
            try {
                try {
                    keyStore.store(create, str.toCharArray());
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            create.close();
                        }
                    }
                    return str;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            if (!e.getMessage().toLowerCase().contains(ILLEGAL_KEY_SIZE) || isUnlimitedStrengthCryptographyEnabled()) {
                throw e;
            }
            if (!z) {
                throw new GeneralSecurityException("Specified password for " + file + " too long to work without unlimited JCE policy installed." + System.lineSeparator() + "Please see " + JCE_URL);
            }
            file.delete();
            String substring = str.substring(0, 7);
            OutputStream create2 = outputStreamFactory.create(file);
            Throwable th3 = null;
            try {
                keyStore.store(create2, substring.toCharArray());
                if (create2 != null) {
                    if (0 != 0) {
                        try {
                            create2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        create2.close();
                    }
                }
                logTruncationWarning(file);
                return substring;
            } catch (Throwable th5) {
                if (create2 != null) {
                    if (0 != 0) {
                        try {
                            create2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        create2.close();
                    }
                }
                throw th5;
            }
        }
    }

    private static KeyPairGenerator createKeyPairGenerator(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator;
    }

    public static byte[] calculateHMac(String str, PublicKey publicKey) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "RAW");
        Mac mac = Mac.getInstance("Hmac-SHA256", "BC");
        mac.init(secretKeySpec);
        return mac.doFinal(getKeyIdentifier(publicKey));
    }

    public static byte[] getKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException {
        return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getKeyIdentifier();
    }

    public static String pemEncodeJcaObject(Object obj) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new JcaMiscPEMGenerator(obj));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    public static JcaPKCS10CertificationRequest parseCsr(String str) throws IOException {
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            if (!PKCS10CertificationRequest.class.isInstance(readObject)) {
                throw new IOException("Expecting instance of " + PKCS10CertificationRequest.class + " but got " + readObject);
            }
            JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) readObject);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return jcaPKCS10CertificationRequest;
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    public static X509Certificate parseCertificate(Reader reader) throws IOException, CertificateException {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) parsePem(X509CertificateHolder.class, reader));
    }

    public static KeyPair parseKeyPair(Reader reader) throws IOException {
        return new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) parsePem(PEMKeyPair.class, reader));
    }

    public static <T> T parsePem(Class<T> cls, Reader reader) throws IOException {
        PEMParser pEMParser = new PEMParser(reader);
        Throwable th = null;
        try {
            try {
                T t = (T) pEMParser.readObject();
                if (!cls.isInstance(t)) {
                    throw new IOException("Expected " + cls);
                }
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return t;
            } finally {
            }
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (th != null) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    public static KeyPair generateKeyPair(String str, int i) throws NoSuchAlgorithmException {
        return createKeyPairGenerator(str, i).generateKeyPair();
    }

    public static JcaPKCS10CertificationRequest generateCertificationRequest(String str, String str2, KeyPair keyPair, String str3) throws OperatorCreationException {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(str), keyPair.getPublic());
        if (StringUtils.isNotBlank(str2)) {
            try {
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createDomainAlternativeNamesExtensions(str2));
            } catch (IOException e) {
                throw new OperatorCreationException("Error while adding " + str2 + " as Subject Alternative Name.", e);
            }
        }
        return new JcaPKCS10CertificationRequest(jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(str3).build(keyPair.getPrivate())));
    }

    public static Extensions createDomainAlternativeNamesExtensions(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            arrayList.add(new GeneralName(2, str2));
        }
        GeneralNames generalNames = new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0]));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
        return extensionsGenerator.generate();
    }

    static {
        try {
            isUnlimitedStrengthCryptographyEnabled = Cipher.getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        } catch (NoSuchAlgorithmException e) {
            isUnlimitedStrengthCryptographyEnabled = false;
        }
    }
}
