package com.atlassian.bamboo.security;

import com.atlassian.bamboo.fileserver.SystemDirectory;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.db.config.password.Cipher;
import com.atlassian.security.random.SecureRandomFactory;
import io.atlassian.util.concurrent.Lazy;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.activemq.broker.SslContext;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/security/JmsSslManagementUtils.class */
public class JmsSslManagementUtils {
    private static final String BROKER_KEY_ALIAS = "jmsbrokerkey";
    private static final String AGENT_KEY_ALIAS = "jmsclientkey";
    private static final Logger log = Logger.getLogger(JmsSslManagementUtils.class);
    private static final Supplier<Cipher> cipher = Lazy.supplier(() -> {
        try {
            return (Cipher) Class.forName(SystemProperty.BAMBOO_JMS_SSL_CIPHER.getValue("com.atlassian.db.config.password.ciphers.base64.Base64Cipher")).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new RuntimeException(e);
        }
    });

    @NotNull
    public static KeyStore getBrokerKeyStore(KeyStoreFactory keyStoreFactory, char[] cArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        return getKeyStore(FileUtils.getFile(SystemDirectory.getConfigDirectory(), new String[]{"broker.ks"}), keyStoreFactory, BROKER_KEY_ALIAS, "Bamboo ActiveMQ Broker", cArr);
    }

    @NotNull
    public static KeyStore getClientKeyStore(File file, KeyStoreFactory keyStoreFactory, char[] cArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        return getKeyStore(file, keyStoreFactory, AGENT_KEY_ALIAS, "Bamboo ActiveMQ Client", cArr);
    }

    @NotNull
    public static KeyStore getBrokerKeyStore(KeyStoreFactory keyStoreFactory) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        File file = FileUtils.getFile(new String[]{SystemProperty.BAMBOO_JMS_SSL_KEYSTORE.getValue()});
        if (file.exists()) {
            return getKeyStore(file, keyStoreFactory, BROKER_KEY_ALIAS, "Bamboo ActiveMQ Broker", decodePassword(SystemProperty.BAMBOO_JMS_SSL_KEYSTORE_PASSWORD.getValue("")).toCharArray());
        }
        throw new IllegalStateException("Keystore " + file.getAbsolutePath() + " not found");
    }

    public static String decodePassword(String str) {
        return StringUtils.isNotBlank(str) ? cipher.get().decrypt(str) : str;
    }

    @NotNull
    private static KeyStore getKeyStore(File file, KeyStoreFactory keyStoreFactory, String str, String str2, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore generateKeyStore;
        if (file.exists()) {
            log.info("Loading an existing key store from " + file);
            generateKeyStore = keyStoreFactory.loadKeyStore(file, cArr);
            log.info("Keystore successfully loaded");
        } else {
            log.info("Generating a new key store...");
            generateKeyStore = keyStoreFactory.generateKeyStore(str, str2, cArr, cArr);
            log.info("Saving key store for future use...");
            OutputStream newOutputStream = Files.newOutputStream(file.toPath(), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    generateKeyStore.store(newOutputStream, cArr);
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (newOutputStream != null) {
                    if (th != null) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                throw th3;
            }
        }
        return generateKeyStore;
    }

    @NotNull
    public static SslContext newSslContext(KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        trustManagerFactory.init(keyStore);
        return new SslContext(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), SecureRandomFactory.newInstance());
    }

    public static boolean isJmsKeystoreAutomaticManagementDisabled() {
        return !SystemProperty.BAMBOO_MANAGED_JMS_SSL.getTypedValue() && StringUtils.isNotBlank(System.getProperty("javax.net.ssl.keyStore"));
    }

    public static Certificate getBrokerCertificate(KeyStore keyStore) throws KeyStoreException {
        return keyStore.getCertificate(BROKER_KEY_ALIAS);
    }

    public static void createTrustStore(File file, Certificate certificate) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("broker", certificate);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, ArrayUtils.EMPTY_CHAR_ARRAY);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }
}
