package cz.scholz.kafka.x509configprovider;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.ConfigData;
import org.apache.kafka.common.config.provider.ConfigProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cz/scholz/kafka/x509configprovider/X509KeystoreConfigProvider.class */
public class X509KeystoreConfigProvider extends AbstractX509ConfigProvider implements ConfigProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(X509KeystoreConfigProvider.class);

    public ConfigData get(String str) {
        if (str == null || str.isEmpty()) {
            throw new KafkaException("Private key and at least one public key need to be specified in order to create a keystore");
        }
        return getKeyStoreConfig(str, new HashSet());
    }

    public ConfigData get(String str, Set<String> set) {
        if (str == null || str.isEmpty() || set == null || set.isEmpty()) {
            throw new KafkaException("Private key and at least one public key need to be specified in order to create a keystore");
        }
        return getKeyStoreConfig(str, set);
    }

    public void close() {
        LOGGER.info("Closing X509KeystoreConfigProvider");
    }

    public void configure(Map<String, ?> map) {
        LOGGER.info("Configuring X509KeystoreConfigProvider: {}", map);
    }

    private ConfigData getKeyStoreConfig(String str, Set<String> set) {
        LOGGER.info("Generating keystore with public keys {} and private key {}", set, str);
        String absolutePath = setupKeystoreStore("".toCharArray(), str, set).getAbsolutePath();
        HashMap hashMap = new HashMap();
        hashMap.put(str, absolutePath);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), absolutePath);
        }
        LOGGER.info("New keystore {} is ready", absolutePath);
        return new ConfigData(hashMap);
    }

    private File setupKeystoreStore(char[] cArr, String str, Set<String> set) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry("private-key", loadRSAPrivateKey(str), cArr, (Certificate[]) certificates(set).toArray(new Certificate[0]));
            return store(cArr, keyStore);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private PrivateKey loadRSAPrivateKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decodePrivateKey(str)));
        } catch (IOException e) {
            throw new KafkaException("Failed to read the file " + str, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KafkaException("KeyFactory implementing algorithm RSA was not found", e2);
        } catch (InvalidKeySpecException e3) {
            throw new KafkaException("Failed to load the private key from file " + str, e3);
        }
    }

    private byte[] decodePrivateKey(String str) throws IOException {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0])));
        do {
            try {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    throw new KafkaException("PEM is invalid: no begin marker");
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } while (!readLine.contains("-----BEGIN "));
        byte[] readBytesUntilEndMarker = readBytesUntilEndMarker(bufferedReader, readLine.trim().replace("BEGIN", "END"));
        bufferedReader.close();
        return readBytesUntilEndMarker;
    }

    private byte[] readBytesUntilEndMarker(BufferedReader bufferedReader, String str) throws IOException {
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new KafkaException("PEM is invalid: No end marker");
            }
            if (readLine.contains(str)) {
                return Base64.getDecoder().decode(sb.toString());
            }
            sb.append(readLine.trim());
        }
    }
}
