package org.apache.nifi.toolkit.tls.manager;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.manager.writer.ConfigurationWriter;
import org.apache.nifi.toolkit.tls.util.InputStreamFactory;
import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
import org.apache.nifi.toolkit.tls.util.PasswordUtil;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.apache.nifi.util.StringUtils;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/manager/TlsClientManager.class */
public class TlsClientManager extends BaseTlsManager {
    private final TlsClientConfig tlsClientConfig;
    private final KeyStore trustStore;
    private final List<ConfigurationWriter<TlsClientConfig>> configurationWriters;
    private final Set<String> certificateAliases;
    private File certificateAuthorityDirectory;

    public TlsClientManager(TlsClientConfig tlsClientConfig) throws GeneralSecurityException, IOException {
        this(tlsClientConfig, new PasswordUtil(), FileInputStream::new);
    }

    public TlsClientManager(TlsClientConfig tlsClientConfig, PasswordUtil passwordUtil, InputStreamFactory inputStreamFactory) throws GeneralSecurityException, IOException {
        super(tlsClientConfig, passwordUtil, inputStreamFactory);
        this.trustStore = loadKeystore(tlsClientConfig.getTrustStore(), tlsClientConfig.getTrustStoreType(), tlsClientConfig.getTrustStorePassword());
        this.tlsClientConfig = tlsClientConfig;
        this.configurationWriters = new ArrayList();
        this.certificateAliases = new HashSet();
    }

    public void setCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.trustStore.setCertificateEntry(str, certificate);
        this.certificateAliases.add(str);
    }

    public void setCertificateAuthorityDirectory(File file) {
        this.certificateAuthorityDirectory = file;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.nifi.toolkit.tls.manager.BaseTlsManager
    public void write(OutputStreamFactory outputStreamFactory) throws IOException, GeneralSecurityException {
        super.write(outputStreamFactory);
        String trustStorePassword = this.tlsClientConfig.getTrustStorePassword();
        boolean z = false;
        if (StringUtils.isEmpty(trustStorePassword)) {
            trustStorePassword = getPasswordUtil().generatePassword();
            z = true;
        }
        this.tlsClientConfig.setTrustStorePassword(TlsHelper.writeKeyStore(this.trustStore, outputStreamFactory, new File(this.tlsClientConfig.getTrustStore()), trustStorePassword, z));
        Iterator<ConfigurationWriter<TlsClientConfig>> it = this.configurationWriters.iterator();
        while (it.hasNext()) {
            it.next().write(this.tlsClientConfig, outputStreamFactory);
        }
        if (this.certificateAuthorityDirectory != null) {
            Iterator it2 = Collections.list(this.trustStore.aliases()).iterator();
            while (it2.hasNext()) {
                String str = (String) it2.next();
                try {
                    KeyStore.Entry entry = this.trustStore.getEntry(str, null);
                    if (entry instanceof KeyStore.TrustedCertificateEntry) {
                        Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                        OutputStream create = outputStreamFactory.create(new File(this.certificateAuthorityDirectory, str + ".pem"));
                        Throwable th = null;
                        try {
                            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(create);
                            Throwable th2 = null;
                            try {
                                PemWriter pemWriter = new PemWriter(outputStreamWriter);
                                Throwable th3 = null;
                                try {
                                    try {
                                        pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate));
                                        if (pemWriter != null) {
                                            if (0 != 0) {
                                                try {
                                                    pemWriter.close();
                                                } catch (Throwable th4) {
                                                    th3.addSuppressed(th4);
                                                }
                                            } else {
                                                pemWriter.close();
                                            }
                                        }
                                        if (outputStreamWriter != null) {
                                            if (0 != 0) {
                                                try {
                                                    outputStreamWriter.close();
                                                } catch (Throwable th5) {
                                                    th2.addSuppressed(th5);
                                                }
                                            } else {
                                                outputStreamWriter.close();
                                            }
                                        }
                                        if (create != null) {
                                            if (0 != 0) {
                                                try {
                                                    create.close();
                                                } catch (Throwable th6) {
                                                    th.addSuppressed(th6);
                                                }
                                            } else {
                                                create.close();
                                            }
                                        }
                                    } catch (Throwable th7) {
                                        th3 = th7;
                                        throw th7;
                                    }
                                } catch (Throwable th8) {
                                    if (pemWriter != null) {
                                        if (th3 != null) {
                                            try {
                                                pemWriter.close();
                                            } catch (Throwable th9) {
                                                th3.addSuppressed(th9);
                                            }
                                        } else {
                                            pemWriter.close();
                                        }
                                    }
                                    throw th8;
                                }
                            } catch (Throwable th10) {
                                if (outputStreamWriter != null) {
                                    if (0 != 0) {
                                        try {
                                            outputStreamWriter.close();
                                        } catch (Throwable th11) {
                                            th2.addSuppressed(th11);
                                        }
                                    } else {
                                        outputStreamWriter.close();
                                    }
                                }
                                throw th10;
                            }
                        } catch (Throwable th12) {
                            if (create != null) {
                                if (0 != 0) {
                                    try {
                                        create.close();
                                    } catch (Throwable th13) {
                                        th.addSuppressed(th13);
                                    }
                                } else {
                                    create.close();
                                }
                            }
                            throw th12;
                        }
                    }
                } catch (UnrecoverableEntryException e) {
                }
            }
        }
    }

    public void addClientConfigurationWriter(ConfigurationWriter<TlsClientConfig> configurationWriter) {
        this.configurationWriters.add(configurationWriter);
    }
}
