package org.jkiss.dbeaver.model.impl.app;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.DBPDataSourceContainer;
import org.jkiss.dbeaver.model.app.DBACertificateStorage;
import org.jkiss.dbeaver.model.impl.preferences.AbstractPreferenceStore;
import org.jkiss.dbeaver.model.meta.Property;
import org.jkiss.utils.Base64;

/* loaded from: input_file:org/jkiss/dbeaver/model/impl/app/DefaultCertificateStorage.class */
public class DefaultCertificateStorage implements DBACertificateStorage {
    private static final Log log = Log.getLog(DefaultCertificateStorage.class);
    public static final char[] DEFAULT_PASSWORD = AbstractPreferenceStore.STRING_DEFAULT_DEFAULT.toCharArray();
    public static final String JKS_EXTENSION = ".jks";
    public static final String CA_CERT_ALIAS = "ca-cert";
    public static final String CLIENT_CERT_ALIAS = "client-cert";
    public static final String KEY_CERT_ALIAS = "key-cert";
    private final File localPath;

    public DefaultCertificateStorage(File file) {
        this.localPath = file;
        if (!file.exists()) {
            if (file.mkdirs()) {
                return;
            }
            log.error("Can't create directory for security manager: " + file.getAbsolutePath());
            return;
        }
        File[] listFiles = file.listFiles();
        if (listFiles != null) {
            for (File file2 : listFiles) {
                if (!file2.delete()) {
                    log.warn("Can't delete old keystore '" + file2.getAbsolutePath() + "'");
                }
            }
        }
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public KeyStore getKeyStore(DBPDataSourceContainer dBPDataSourceContainer, String str) throws DBException {
        try {
            File keyStorePath = getKeyStorePath(dBPDataSourceContainer, str);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (keyStorePath.exists()) {
                Throwable th = null;
                try {
                    FileInputStream fileInputStream = new FileInputStream(keyStorePath);
                    try {
                        keyStore.load(fileInputStream, DEFAULT_PASSWORD);
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                    } catch (Throwable th2) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } else {
                keyStore.load(null, DEFAULT_PASSWORD);
                saveKeyStore(dBPDataSourceContainer, str, keyStore);
            }
            return keyStore;
        } catch (Exception e) {
            throw new DBException("Error opening keystore", e);
        }
    }

    private void saveKeyStore(DBPDataSourceContainer dBPDataSourceContainer, String str, KeyStore keyStore) throws Exception {
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(getKeyStorePath(dBPDataSourceContainer, str));
            try {
                keyStore.store(fileOutputStream, DEFAULT_PASSWORD);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public static byte[] readEncryptedString(InputStream inputStream) throws IOException {
        Throwable th = null;
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
            try {
                byte[] readEncryptedString = readEncryptedString(inputStreamReader);
                if (inputStreamReader != null) {
                    inputStreamReader.close();
                }
                return readEncryptedString;
            } catch (Throwable th2) {
                if (inputStreamReader != null) {
                    inputStreamReader.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public static byte[] readEncryptedString(Reader reader) throws IOException {
        StringBuilder sb = new StringBuilder(4000);
        Throwable th = null;
        try {
            BufferedReader bufferedReader = new BufferedReader(reader);
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null || readLine.isEmpty()) {
                        break;
                    }
                    if (!readLine.startsWith("-") && !readLine.startsWith(Property.DEFAULT_LOCAL_STRING)) {
                        sb.append(readLine);
                    }
                } catch (Throwable th2) {
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                    throw th2;
                }
            }
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            return Base64.decode(sb.toString());
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public void addCertificate(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws DBException {
        KeyStore keyStore = getKeyStore(dBPDataSourceContainer, str);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            if (bArr != null) {
                keyStore.setCertificateEntry(CA_CERT_ALIAS, certificateFactory.generateCertificate(new ByteArrayInputStream(bArr)));
            }
            if (bArr2 != null) {
                Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2));
                keyStore.setCertificateEntry(CLIENT_CERT_ALIAS, generateCertificate);
                arrayList.add(generateCertificate);
            }
            if (bArr3 != null) {
                keyStore.setKeyEntry(KEY_CERT_ALIAS, loadPrivateKeyFromPEM(bArr3), DEFAULT_PASSWORD, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
            }
            saveKeyStore(dBPDataSourceContainer, str, keyStore);
        } catch (Throwable th) {
            throw new DBException("Error adding certificate to keystore", th);
        }
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public void addSelfSignedCertificate(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull String str, @NotNull String str2) throws DBException {
        KeyStore keyStore = getKeyStore(dBPDataSourceContainer, str);
        try {
            ArrayList arrayList = new ArrayList();
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
            Certificate generateCertificate = CertificateGenHelper.generateCertificate(str2, generateKeyPair, 365, "SHA256withRSA");
            keyStore.setCertificateEntry(CLIENT_CERT_ALIAS, generateCertificate);
            arrayList.add(generateCertificate);
            keyStore.setKeyEntry(KEY_CERT_ALIAS, generateKeyPair.getPrivate(), DEFAULT_PASSWORD, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
            saveKeyStore(dBPDataSourceContainer, str, keyStore);
        } catch (Throwable th) {
            throw new DBException("Error adding self signed certificate to keystore", th);
        }
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public void deleteCertificate(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull String str) throws DBException {
        KeyStore keyStore = getKeyStore(dBPDataSourceContainer, str);
        try {
            keyStore.deleteEntry(CA_CERT_ALIAS);
            keyStore.deleteEntry(CLIENT_CERT_ALIAS);
            keyStore.deleteEntry(KEY_CERT_ALIAS);
            saveKeyStore(dBPDataSourceContainer, str, keyStore);
        } catch (Exception e) {
            throw new DBException("Error deleting certificate from keystore", e);
        }
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public File getKeyStorePath(DBPDataSourceContainer dBPDataSourceContainer, String str) {
        return new File(this.localPath, String.valueOf(dBPDataSourceContainer.getId()) + "-" + str + JKS_EXTENSION);
    }

    @Override // org.jkiss.dbeaver.model.app.DBACertificateStorage
    public String getKeyStoreType(DBPDataSourceContainer dBPDataSourceContainer) {
        return KeyStore.getDefaultType();
    }

    public static PrivateKey loadPrivateKeyFromPEM(byte[] bArr) throws GeneralSecurityException, IOException {
        String str = new String(bArr);
        if (str.contains("-----BEGIN PRIVATE KEY-----")) {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PRIVATE KEY-----", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT).replace("-----END PRIVATE KEY-----", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT).replaceAll("\\s", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT))));
        }
        if (str.contains("-----BEGIN RSA PRIVATE KEY-----")) {
            return PKCS1Util.loadPrivateKeyFromPKCS1(str.replace("-----BEGIN RSA PRIVATE KEY-----", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT).replace("-----END RSA PRIVATE KEY-----", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT).replaceAll("\\s", AbstractPreferenceStore.STRING_DEFAULT_DEFAULT));
        }
        throw new GeneralSecurityException("Not supported format of a private key");
    }
}
