package com.tencent.kona.pkix.tool;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.crypto.KonaCryptoProvider;
import com.tencent.kona.javax.crypto.EncryptedPrivateKeyInfo;
import com.tencent.kona.pkix.KonaPKIXProvider;
import com.tencent.kona.pkix.PKIXInsts;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/tencent/kona/pkix/tool/KeyStoreTool.class */
public class KeyStoreTool {
    private static final String BEGIN_KEY = "BEGIN PRIVATE KEY";
    private static final String END_KEY = "END PRIVATE KEY";
    private static final String BEGIN_ENC_KEY = "BEGIN ENCRYPTED PRIVATE KEY";
    private static final String END_ENC_KEY = "END ENCRYPTED PRIVATE KEY";
    private static final String BEGIN_CERT = "BEGIN CERTIFICATE";
    private static final String END_CERT = "END CERTIFICATE";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/tencent/kona/pkix/tool/KeyStoreTool$Arguments.class */
    public static class Arguments {
        private static final String HINT = "KeyStoreTool is a handy utility for creating key store with the existing keys and certificates.\nFor creating new keys and certificates, please use KeyTool.\n\nUsages:\n  -type        Store type, PKCS12 or JKS. PKCS12 is the default.\n  -alias       One or multiple aliases, separated by comma, like alias1,alias2,alieas3\n  -keyAlgo     Private key algorithm, like EC or RS\n  -key         A PEM file containing a PKCS#8 private key\n  -keyPasswd   Private key password\n  -certs       A PEM file containing trust certificates or certificate chain\n  -store       Store file path\n  -storePasswd Store file password";
        String type;
        String[] alias;
        String keyAlgo;
        String key;
        char[] keyPasswd;
        String certs;
        String store;
        char[] storePasswd;

        /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0031. Please report as an issue. */
        Arguments(String[] strArr) {
            this.type = "PKCS12";
            for (int i = 0; i < strArr.length; i += 2) {
                String lowerCase = strArr[i].trim().toLowerCase(Locale.ROOT);
                String str = strArr[i + 1];
                boolean z = -1;
                switch (lowerCase.hashCode()) {
                    case -1428705232:
                        if (lowerCase.equals("-keypasswd")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 1446674:
                        if (lowerCase.equals("-key")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 45134055:
                        if (lowerCase.equals("-type")) {
                            z = false;
                            break;
                        }
                        break;
                    case 301986917:
                        if (lowerCase.equals("-keyalgo")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 498126962:
                        if (lowerCase.equals("-storepasswd")) {
                            z = 7;
                            break;
                        }
                        break;
                    case 1381214787:
                        if (lowerCase.equals("-alias")) {
                            z = true;
                            break;
                        }
                        break;
                    case 1382862530:
                        if (lowerCase.equals("-certs")) {
                            z = 5;
                            break;
                        }
                        break;
                    case 1398082772:
                        if (lowerCase.equals("-store")) {
                            z = 6;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        this.type = str;
                        break;
                    case true:
                        this.alias = str.split(",");
                        break;
                    case true:
                        this.keyAlgo = str;
                        break;
                    case true:
                        this.key = str;
                        break;
                    case true:
                        this.keyPasswd = str.toCharArray();
                        break;
                    case true:
                        this.certs = str;
                        break;
                    case true:
                        this.store = str;
                        break;
                    case true:
                        this.storePasswd = str.toCharArray();
                        break;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isKeyStore() {
            return (this.keyAlgo == null || this.key == null || this.keyPasswd == null) ? false : true;
        }
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr == null || strArr.length == 0 || strArr.length % 2 != 0) {
            System.out.println("KeyStoreTool is a handy utility for creating key store with the existing keys and certificates.\nFor creating new keys and certificates, please use KeyTool.\n\nUsages:\n  -type        Store type, PKCS12 or JKS. PKCS12 is the default.\n  -alias       One or multiple aliases, separated by comma, like alias1,alias2,alieas3\n  -keyAlgo     Private key algorithm, like EC or RS\n  -key         A PEM file containing a PKCS#8 private key\n  -keyPasswd   Private key password\n  -certs       A PEM file containing trust certificates or certificate chain\n  -store       Store file path\n  -storePasswd Store file password");
            return;
        }
        Arguments arguments = new Arguments(strArr);
        try {
            if (arguments.isKeyStore()) {
                createKeyStore(arguments);
            } else {
                createTrustStore(arguments);
            }
        } finally {
            cleanPasswd(arguments.keyPasswd);
            cleanPasswd(arguments.storePasswd);
        }
    }

    private static void cleanPasswd(char[] cArr) {
        if (cArr != null) {
            Arrays.fill(cArr, ' ');
        }
    }

    private static void createTrustStore(Arguments arguments) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore loadStore = loadStore(arguments.type, arguments.store, arguments.storePasswd);
        List<X509Certificate> certs = certs(arguments);
        int size = certs.size();
        for (int i = 0; i < size; i++) {
            loadStore.setCertificateEntry(arguments.alias[i].trim(), certs.get(i));
        }
        saveStore(loadStore, arguments.store, arguments.storePasswd);
    }

    private static void createKeyStore(Arguments arguments) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
        KeyStore loadStore = loadStore(arguments.type, arguments.store, arguments.storePasswd);
        loadStore.setKeyEntry(arguments.alias[0], key(arguments), arguments.keyPasswd, (Certificate[]) certs(arguments).toArray(new X509Certificate[0]));
        saveStore(loadStore, arguments.store, arguments.storePasswd);
    }

    private static KeyStore loadStore(String str, String str2, char[] cArr) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = PKIXInsts.getKeyStore(str);
        if (Files.exists(Paths.get(str2, new String[0]), new LinkOption[0])) {
            FileInputStream fileInputStream = new FileInputStream(str2);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            keyStore.load(null, null);
        }
        return keyStore;
    }

    private static void saveStore(KeyStore keyStore, String str, char[] cArr) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:27:0x00a0  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.PrivateKey key(com.tencent.kona.pkix.tool.KeyStoreTool.Arguments r6) throws java.io.IOException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, javax.crypto.NoSuchPaddingException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException, java.security.InvalidKeyException {
        /*
            Method dump skipped, instructions count: 229
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tencent.kona.pkix.tool.KeyStoreTool.key(com.tencent.kona.pkix.tool.KeyStoreTool$Arguments):java.security.PrivateKey");
    }

    private static List<X509Certificate> certs(Arguments arguments) throws IOException, CertificateException {
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = new BufferedReader(new FileReader(arguments.certs));
        Throwable th = null;
        try {
            try {
                StringBuilder sb = new StringBuilder();
                boolean z = false;
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    if (readLine.contains(BEGIN_CERT)) {
                        sb.append(readLine).append("\n");
                        z = true;
                    } else if (readLine.contains(END_CERT)) {
                        sb.append(readLine);
                        arrayList.add(cert(sb.toString()));
                        z = false;
                        sb = new StringBuilder();
                    } else if (z) {
                        sb.append(readLine).append("\n");
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedReader != null) {
                if (th != null) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            throw th3;
        }
    }

    private static X509Certificate cert(String str) throws CertificateException {
        return (X509Certificate) PKIXInsts.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
    }

    private static PrivateKey key(String str, String str2, char[] cArr) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
        byte[] decode = Base64.getMimeDecoder().decode(str2);
        if (cArr != null) {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(decode);
            String algName = encryptedPrivateKeyInfo.getAlgName();
            AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
            SecretKey generateSecret = SecretKeyFactory.getInstance(algName).generateSecret(new PBEKeySpec(cArr));
            Cipher cipher = CryptoInsts.getCipher(algName);
            cipher.init(2, generateSecret, algParameters);
            decode = cipher.doFinal(encryptedPrivateKeyInfo.getEncryptedData());
        }
        return CryptoInsts.getKeyFactory(str).generatePrivate(new PKCS8EncodedKeySpec(decode));
    }

    static {
        Security.addProvider(new KonaCryptoProvider());
        Security.addProvider(new KonaPKIXProvider());
    }
}
