package com.amazon.opendistro.elasticsearch.performanceanalyzer;

import com.amazon.opendistro.elasticsearch.performanceanalyzer.config.PluginSettings;
import java.io.File;
import java.io.FileReader;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.annotation.Nullable;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;

/* loaded from: input_file:com/amazon/opendistro/elasticsearch/performanceanalyzer/CertificateUtils.class */
public class CertificateUtils {
    public static final String ALIAS_IDENTITY = "identity";
    public static final String ALIAS_CERT = "cert";
    public static final String IN_MEMORY_PWD = "opendistro";
    public static final String CERTIFICATE_FILE_PATH = "certificate-file-path";
    public static final String PRIVATE_KEY_FILE_PATH = "private-key-file-path";
    public static final String TRUSTED_CAS_FILE_PATH = "trusted-cas-file-path";
    public static final String CLIENT_PREFIX = "client-";
    public static final String CLIENT_CERTIFICATE_FILE_PATH = "client-certificate-file-path";
    public static final String CLIENT_PRIVATE_KEY_FILE_PATH = "client-private-key-file-path";
    public static final String CLIENT_TRUSTED_CAS_FILE_PATH = "client-trusted-cas-file-path";
    private static final Logger LOGGER = LogManager.getLogger(CertificateUtils.class);

    public static Certificate getCertificate(FileReader fileReader) throws Exception {
        PEMParser pEMParser = new PEMParser(fileReader);
        try {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) pEMParser.readObject());
            pEMParser.close();
            return certificate;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static PrivateKey getPrivateKey(FileReader fileReader) throws Exception {
        PEMParser pEMParser = new PEMParser(fileReader);
        try {
            PrivateKey privateKey = BouncyCastleProvider.getPrivateKey((PrivateKeyInfo) pEMParser.readObject());
            pEMParser.close();
            return privateKey;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static KeyStore createKeyStore() throws Exception {
        String settingValue = PluginSettings.instance().getSettingValue(CERTIFICATE_FILE_PATH);
        String settingValue2 = PluginSettings.instance().getSettingValue(PRIVATE_KEY_FILE_PATH);
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(IN_MEMORY_PWD.toCharArray());
        PrivateKey privateKey = getPrivateKey(new FileReader(settingValue2));
        KeyStore createEmptyStore = createEmptyStore();
        createEmptyStore.setEntry(ALIAS_IDENTITY, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{getCertificate(new FileReader(settingValue))}), passwordProtection);
        return createEmptyStore;
    }

    public static TrustManager[] getTrustManagers(boolean z) throws Exception {
        String settingValue = z ? PluginSettings.instance().getSettingValue(TRUSTED_CAS_FILE_PATH) : PluginSettings.instance().getSettingValue(CLIENT_TRUSTED_CAS_FILE_PATH);
        if (settingValue == null || settingValue.isEmpty()) {
            return new TrustManager[]{new X509TrustManager() { // from class: com.amazon.opendistro.elasticsearch.performanceanalyzer.CertificateUtils.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }
            }};
        }
        KeyStore createEmptyStore = createEmptyStore();
        createEmptyStore.setCertificateEntry(ALIAS_CERT, getCertificate(new FileReader(settingValue)));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(createEmptyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public static KeyStore createEmptyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, IN_MEMORY_PWD.toCharArray());
        return keyStore;
    }

    public static File getCertificateFile() {
        return new File(PluginSettings.instance().getSettingValue(CERTIFICATE_FILE_PATH));
    }

    public static File getPrivateKeyFile() {
        return new File(PluginSettings.instance().getSettingValue(PRIVATE_KEY_FILE_PATH));
    }

    @Nullable
    public static File getTrustedCasFile() {
        String settingValue = PluginSettings.instance().getSettingValue(TRUSTED_CAS_FILE_PATH);
        if (settingValue == null || settingValue.isEmpty()) {
            return null;
        }
        return new File(settingValue);
    }

    public static File getClientCertificateFile() {
        String settingValue = PluginSettings.instance().getSettingValue(CLIENT_CERTIFICATE_FILE_PATH);
        return (settingValue == null || settingValue.isEmpty()) ? getCertificateFile() : new File(settingValue);
    }

    public static File getClientPrivateKeyFile() {
        String settingValue = PluginSettings.instance().getSettingValue(CLIENT_PRIVATE_KEY_FILE_PATH);
        return (settingValue == null || settingValue.isEmpty()) ? getPrivateKeyFile() : new File(settingValue);
    }

    @Nullable
    public static File getClientTrustedCasFile() {
        String settingValue = PluginSettings.instance().getSettingValue(CLIENT_TRUSTED_CAS_FILE_PATH);
        return (settingValue == null || settingValue.isEmpty()) ? getTrustedCasFile() : new File(settingValue);
    }
}
