package org.thingsboard.server.common.transport.config.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.thingsboard.server.common.data.StringUtils;

/* loaded from: input_file:org/thingsboard/server/common/transport/config/ssl/AbstractSslCredentials.class */
public abstract class AbstractSslCredentials implements SslCredentials {
    private char[] keyPasswordArray;
    private KeyStore keyStore;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private X509Certificate[] chain;
    private X509Certificate[] trusts;

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public void init(boolean z) throws IOException, GeneralSecurityException {
        String keyPassword = getKeyPassword();
        if (StringUtils.isEmpty(keyPassword)) {
            this.keyPasswordArray = new char[0];
        } else {
            this.keyPasswordArray = keyPassword.toCharArray();
        }
        this.keyStore = loadKeyStore(z, this.keyPasswordArray);
        this.trusts = (X509Certificate[]) getTrustedCerts(this.keyStore, z).toArray(new X509Certificate[0]);
        if (z) {
            return;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        String keyAlias = getKeyAlias();
        if (StringUtils.isEmpty(keyAlias)) {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                privateKeyEntry = tryGetPrivateKeyEntry(this.keyStore, nextElement, this.keyPasswordArray);
                if (privateKeyEntry != null) {
                    updateKeyAlias(nextElement);
                    break;
                }
            }
        } else {
            privateKeyEntry = tryGetPrivateKeyEntry(this.keyStore, keyAlias, this.keyPasswordArray);
        }
        if (privateKeyEntry == null) {
            throw new IllegalArgumentException("Failed to get private key from the keystore or pem files. Please check if the private key exists in the keystore or pem files and if the provided private key password is valid.");
        }
        this.chain = asX509Certificates(privateKeyEntry.getCertificateChain());
        this.privateKey = privateKeyEntry.getPrivateKey();
        if (this.chain.length > 0) {
            this.publicKey = this.chain[0].getPublicKey();
        }
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public X509Certificate[] getCertificateChain() {
        return this.chain;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public X509Certificate[] getTrustedCertificates() {
        return this.trusts;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public TrustManagerFactory createTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(this.keyStore);
        return trustManagerFactory;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public KeyManagerFactory createKeyManagerFactory() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.keyStore, this.keyPasswordArray);
        return keyManagerFactory;
    }

    @Override // org.thingsboard.server.common.transport.config.ssl.SslCredentials
    public String getValueFromSubjectNameByKey(String str, String str2) {
        Optional findFirst = Arrays.stream(str.split(",")).filter(str3 -> {
            return str3.contains(str2 + "=");
        }).findFirst();
        String replace = findFirst.isPresent() ? ((String) findFirst.get()).replace(str2 + "=", "") : null;
        if (StringUtils.isNotEmpty(replace)) {
            return replace;
        }
        return null;
    }

    protected abstract boolean canUse();

    protected abstract KeyStore loadKeyStore(boolean z, char[] cArr) throws IOException, GeneralSecurityException;

    protected abstract void updateKeyAlias(String str);

    private static X509Certificate[] asX509Certificates(Certificate[] certificateArr) {
        if (null == certificateArr || 0 == certificateArr.length) {
            throw new IllegalArgumentException("certificates missing!");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; certificateArr.length > i; i++) {
            if (null == certificateArr[i]) {
                throw new IllegalArgumentException("[" + i + "] is null!");
            }
            try {
                x509CertificateArr[i] = (X509Certificate) certificateArr[i];
            } catch (ClassCastException e) {
                throw new IllegalArgumentException("[" + i + "] is not a x509 certificate! Instead it's a " + certificateArr[i].getClass().getName());
            }
        }
        return x509CertificateArr;
    }

    private static KeyStore.PrivateKeyEntry tryGetPrivateKeyEntry(KeyStore keyStore, String str, char[] cArr) {
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        try {
            if (keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
                try {
                    privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
                } catch (UnsupportedOperationException e) {
                    privateKeyEntry = new KeyStore.PrivateKeyEntry((PrivateKey) keyStore.getKey(str, cArr), keyStore.getCertificateChain(str));
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e2) {
        }
        return privateKeyEntry;
    }

    private static Set<X509Certificate> getTrustedCerts(KeyStore keyStore, boolean z) {
        Certificate[] certificateChain;
        HashSet hashSet = new HashSet();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        if (!z) {
                            hashSet.add((X509Certificate) certificate);
                        } else if (((X509Certificate) certificate).getBasicConstraints() >= 0) {
                            hashSet.add((X509Certificate) certificate);
                        }
                    }
                } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                    if (z) {
                        for (Certificate certificate2 : certificateChain) {
                            if (((X509Certificate) certificate2).getBasicConstraints() >= 0) {
                                hashSet.add((X509Certificate) certificate2);
                            }
                        }
                    } else {
                        hashSet.add((X509Certificate) certificateChain[0]);
                    }
                }
            }
        } catch (KeyStoreException e) {
        }
        return Collections.unmodifiableSet(hashSet);
    }
}
