package com.appiancorp.security.ssl;

import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.sharepoint.webpart.Base64;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.google.common.base.Charsets;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import java.io.File;
import java.io.FileReader;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.sql.Date;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.ssl.PKCS8Key;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PasswordException;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.encoders.DecoderException;

/* loaded from: input_file:com/appiancorp/security/ssl/PEMProcessor.class */
public class PEMProcessor {
    private static final Logger LOG = Logger.getLogger(PEMProcessor.class);
    private CryptographerProvider systemCryptographerProvider;
    private JcaPEMKeyConverter keyConverter = new JcaPEMKeyConverter();
    private JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter();

    public PEMProcessor(CryptographerProvider cryptographerProvider) {
        this.systemCryptographerProvider = cryptographerProvider;
    }

    public CertificateData buildCertificateData(File file, Optional<String> optional, CertificateData.CertificateType certificateType) {
        try {
            try {
                try {
                    PEMParser pEMParser = new PEMParser(new FileReader(file));
                    Throwable th = null;
                    try {
                        try {
                            PrivateKey privateKey = null;
                            ArrayList arrayList = new ArrayList();
                            char[] charArray = ((String) optional.or("")).toCharArray();
                            String str = null;
                            X500Principal x500Principal = null;
                            for (Object readObject = pEMParser.readObject(); readObject != null; readObject = pEMParser.readObject()) {
                                if (readObject instanceof PEMEncryptedKeyPair) {
                                    privateKey = this.keyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(charArray))).getPrivate();
                                    str = privateKey.getAlgorithm();
                                } else if (readObject instanceof PEMKeyPair) {
                                    privateKey = this.keyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate();
                                    str = privateKey.getAlgorithm();
                                } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                                    privateKey = new PKCS8Key(((PKCS8EncryptedPrivateKeyInfo) readObject).getEncoded(), charArray).getPrivateKey();
                                    str = privateKey.getAlgorithm();
                                } else if (readObject instanceof PrivateKeyInfo) {
                                    privateKey = this.keyConverter.getPrivateKey((PrivateKeyInfo) readObject);
                                    str = privateKey.getAlgorithm();
                                } else if (readObject instanceof X509CertificateHolder) {
                                    X509Certificate certificate = this.certificateConverter.getCertificate((X509CertificateHolder) readObject);
                                    x500Principal = certificate.getIssuerX500Principal();
                                    arrayList.add(certificate);
                                    str = certificate.getPublicKey().getAlgorithm();
                                } else {
                                    LOG.error(String.format("PEM file contains object of unknown type [%s]", readObject.getClass().getName()));
                                }
                            }
                            X509Certificate[] x509CertificateArr = arrayList.size() == 0 ? null : (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
                            assertKeyAndCertPresent(certificateType, privateKey, x509CertificateArr);
                            CertificateData buildCertificateData = buildCertificateData(certificateType, privateKey, x509CertificateArr, str, x500Principal);
                            if (pEMParser != null) {
                                if (0 != 0) {
                                    try {
                                        pEMParser.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    pEMParser.close();
                                }
                            }
                            return buildCertificateData;
                        } finally {
                        }
                    } catch (Throwable th3) {
                        if (pEMParser != null) {
                            if (th != null) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        throw th3;
                    }
                } catch (EncryptionException | BadPaddingException | PasswordException e) {
                    throw new AppianRuntimeException(e, ErrorCode.CLIENT_CERTIFICATE_INVALID_PASSWORD, new Object[0]);
                }
            } catch (PKCSException | PEMException e2) {
                if (ExceptionUtils.getRootCause(e2) instanceof NoSuchAlgorithmException) {
                    throw new AppianRuntimeException(e2, ErrorCode.CLIENT_CERTIFICATE_PEM_ENCRYPED_WITH_UNSUPPORTED_ALGORITHM, new Object[0]);
                }
                throw new AppianRuntimeException(e2, ErrorCode.CLIENT_CERTIFICATE_INVALID_PASSWORD, new Object[0]);
            } catch (NullPointerException | DecoderException e3) {
                throw new AppianRuntimeException(e3, ErrorCode.CLIENT_CERTIFICATE_INVALID_PEM_FILE, new Object[0]);
            }
        } catch (Exception e4) {
            throw new AppianRuntimeException(e4, ErrorCode.CLIENT_CERTIFICATE_IMPORT_FAILED, new Object[0]);
        } catch (AppianRuntimeException e5) {
            throw e5;
        }
    }

    private void assertKeyAndCertPresent(CertificateData.CertificateType certificateType, PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws AppianRuntimeException {
        if (privateKey == null && !CertificateData.CertificateType.TRUSTED.equals(certificateType)) {
            throw new AppianRuntimeException(ErrorCode.CLIENT_CERTIFICATE_PEM_MISSING_PRIVATE_KEY, new Object[0]);
        }
        if (x509CertificateArr == null && !CertificateData.CertificateType.DKIM.equals(certificateType)) {
            throw new AppianRuntimeException(ErrorCode.CLIENT_CERTIFICATE_PEM_MISSING_CERTIFICATE, new Object[0]);
        }
    }

    private CertificateData buildCertificateData(CertificateData.CertificateType certificateType, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str, Principal principal) throws Exception {
        CertificateData certificateData = new CertificateData();
        certificateData.setAlias(UUID.randomUUID().toString());
        certificateData.setKeyType(str);
        certificateData.setCertType(certificateType);
        if (!CertificateData.CertificateType.DKIM.equals(certificateType)) {
            certificateData.setIssuer(principal.getName());
            certificateData.setSerializedCertificateChain(serializeCertificateChain(x509CertificateArr));
            certificateData.setCommonName(x509CertificateArr[0].getSubjectX500Principal().getName("RFC1779"));
            certificateData.setDateOfExpiration(new Date(x509CertificateArr[0].getNotAfter().getTime()));
            certificateData.setDateOfIssue(new Date(x509CertificateArr[0].getNotBefore().getTime()));
            certificateData.setSerialNumber(x509CertificateArr[0].getSerialNumber().toString());
            certificateData.setThumbprint(DigestUtils.shaHex(x509CertificateArr[0].getEncoded()));
        }
        certificateData.setSerializedKey(this.systemCryptographerProvider.get().encrypt(new String(serializePrivateKey(privateKey), Charsets.UTF_8)).getBytes());
        return certificateData;
    }

    private byte[] serializePrivateKey(PrivateKey privateKey) {
        return Base64.encodeObject(privateKey, 2).getBytes();
    }

    private List<byte[]> serializeCertificateChain(X509Certificate[] x509CertificateArr) {
        ArrayList newArrayList = Lists.newArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            newArrayList.add(Base64.encodeObject(x509Certificate, 2).getBytes());
        }
        return newArrayList;
    }
}
