package nextflow.k8s.client;

import ch.qos.logback.core.net.ssl.SSL;
import com.google.common.primitives.UnsignedBytes;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:nextflow-20.08.0-edge.jar:nextflow/k8s/client/SSLUtils.class */
public class SSLUtils {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:nextflow-20.08.0-edge.jar:nextflow/k8s/client/SSLUtils$Asn1Object.class */
    public static class Asn1Object {
        private final int type;
        private final byte[] value;
        private final int tag;

        public Asn1Object(int i, byte[] bArr) {
            this.tag = i;
            this.type = i & 31;
            this.value = bArr;
        }

        public byte[] getValue() {
            return this.value;
        }

        BigInteger getInteger() throws IOException {
            if (this.type != 2) {
                throw new IOException("Invalid DER: object is not integer");
            }
            return new BigInteger(this.value);
        }

        void validateSequence() throws IOException {
            if (this.type != 16) {
                throw new IOException("Invalid DER: not a sequence");
            }
            if ((this.tag & 32) != 32) {
                throw new IOException("Invalid DER: can't parse primitive entity");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:nextflow-20.08.0-edge.jar:nextflow/k8s/client/SSLUtils$DerParser.class */
    public static class DerParser {
        private InputStream in;

        DerParser(byte[] bArr) throws IOException {
            this.in = new ByteArrayInputStream(bArr);
        }

        Asn1Object read() throws IOException {
            int read = this.in.read();
            if (read == -1) {
                throw new IOException("Invalid DER: stream too short, missing tag");
            }
            int length = getLength();
            byte[] bArr = new byte[length];
            if (this.in.read(bArr) < length) {
                throw new IOException("Invalid DER: stream too short, missing value");
            }
            return new Asn1Object(read, bArr);
        }

        private int getLength() throws IOException {
            int read = this.in.read();
            if (read == -1) {
                throw new IOException("Invalid DER: length missing");
            }
            if ((read & UnsignedBytes.MAX_POWER_OF_TWO) == 0) {
                return read;
            }
            int i = read & 127;
            if (read >= 255 || i > 4) {
                throw new IOException("Invalid DER: length field too big (" + read + ")");
            }
            byte[] bArr = new byte[i];
            if (this.in.read(bArr) < i) {
                throw new IOException("Invalid DER: length too short");
            }
            return new BigInteger(1, bArr).intValue();
        }
    }

    public static boolean isNotNullOrEmpty(String str) {
        return str != null && str.length() > 0;
    }

    public static KeyManager[] keyManagers(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, CertificateException, InvalidKeySpecException, IOException {
        KeyManager[] keyManagerArr = null;
        if ((isNotNullOrEmpty(str) || isNotNullOrEmpty(str2)) && (isNotNullOrEmpty(str3) || isNotNullOrEmpty(str4))) {
            KeyStore createKeyStore = createKeyStore(str, str2, str3, str4, str5, str6, str7, str8);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(createKeyStore, str6.toCharArray());
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        return keyManagerArr;
    }

    public static KeyStore createKeyStore(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        char[] charArray;
        InputStream inputStreamFromDataOrFile = getInputStreamFromDataOrFile(str, str2);
        Throwable th = null;
        try {
            InputStream inputStreamFromDataOrFile2 = getInputStreamFromDataOrFile(str3, str4);
            Throwable th2 = null;
            if (str6 != null) {
                try {
                    try {
                        charArray = str6.toCharArray();
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (inputStreamFromDataOrFile2 != null) {
                        if (th2 != null) {
                            try {
                                inputStreamFromDataOrFile2.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            inputStreamFromDataOrFile2.close();
                        }
                    }
                    throw th3;
                }
            } else {
                charArray = null;
            }
            KeyStore createKeyStore = createKeyStore(inputStreamFromDataOrFile, inputStreamFromDataOrFile2, str5, charArray, str7, getKeyStorePassphrase(str8));
            if (inputStreamFromDataOrFile2 != null) {
                if (0 != 0) {
                    try {
                        inputStreamFromDataOrFile2.close();
                    } catch (Throwable th5) {
                        th2.addSuppressed(th5);
                    }
                } else {
                    inputStreamFromDataOrFile2.close();
                }
            }
            return createKeyStore;
        } finally {
            if (inputStreamFromDataOrFile != null) {
                if (0 != 0) {
                    try {
                        inputStreamFromDataOrFile.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    inputStreamFromDataOrFile.close();
                }
            }
        }
    }

    public static KeyStore createKeyStore(InputStream inputStream, InputStream inputStream2, String str, char[] cArr, String str2, char[] cArr2) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
        PrivateKey generatePrivate;
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
        byte[] decodePem = decodePem(inputStream2);
        KeyFactory keyFactory = KeyFactory.getInstance(str);
        try {
            generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodePem));
        } catch (InvalidKeySpecException e) {
            generatePrivate = keyFactory.generatePrivate(decodePKCS1(decodePem));
        }
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        if (str2 == null || str2.length() <= 0) {
            loadDefaultKeyStoreFile(keyStore, cArr2);
        } else {
            keyStore.load(new FileInputStream(str2), cArr2);
        }
        keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), generatePrivate, cArr, new Certificate[]{x509Certificate});
        return keyStore;
    }

    private static byte[] decodePem(InputStream inputStream) throws IOException {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        do {
            try {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    throw new IOException("PEM is invalid: no begin marker");
                }
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        } while (!readLine.contains("-----BEGIN "));
        byte[] readBytes = readBytes(bufferedReader, readLine.trim().replace("BEGIN", "END"));
        bufferedReader.close();
        return readBytes;
    }

    private static byte[] readBytes(BufferedReader bufferedReader, String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException("PEM is invalid : No end marker");
            }
            if (readLine.indexOf(str) != -1) {
                return Base64.decodeBase64(stringBuffer.toString());
            }
            stringBuffer.append(readLine.trim());
        }
    }

    public static RSAPrivateCrtKeySpec decodePKCS1(byte[] bArr) throws IOException {
        Asn1Object read = new DerParser(bArr).read();
        read.validateSequence();
        DerParser derParser = new DerParser(read.getValue());
        derParser.read();
        return new RSAPrivateCrtKeySpec(next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser));
    }

    private static BigInteger next(DerParser derParser) throws IOException {
        return derParser.read().getInteger();
    }

    private static void loadDefaultKeyStoreFile(KeyStore keyStore, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        String property = System.getProperty("javax.net.ssl.keyStore");
        if (property == null || property.length() <= 0 || !loadDefaultStoreFile(keyStore, new File(property), cArr)) {
            keyStore.load(null);
        }
    }

    private static boolean loadDefaultStoreFile(KeyStore keyStore, File file, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        if (!file.exists() || !file.isFile() || file.length() <= 0) {
            return false;
        }
        keyStore.load(new FileInputStream(file), cArr);
        return true;
    }

    public static InputStream getInputStreamFromDataOrFile(String str, String str2) throws FileNotFoundException {
        if (str != null) {
            return new ByteArrayInputStream(Base64.decodeBase64(str));
        }
        if (str2 != null) {
            return new FileInputStream(str2);
        }
        return null;
    }

    private static char[] getKeyStorePassphrase(String str) {
        return (str == null || str.length() == 0) ? System.getProperty("javax.net.ssl.keyStorePassword", SSL.DEFAULT_KEYSTORE_PASSWORD).toCharArray() : str.toCharArray();
    }
}
