package org.neo4j.server.security.ssl;

import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.LinkedList;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.neo4j.io.fs.FileUtils;

/* loaded from: input_file:org/neo4j/server/security/ssl/Certificates.class */
public class Certificates {
    private static final boolean useInsecureCertificateGeneration = Boolean.getBoolean("org.neo4j.useInsecureCertificateGeneration");
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String DEFAULT_ENCRYPTION = "RSA";
    private final SecureRandom random;

    public Certificates() {
        Security.addProvider(new BouncyCastleProvider());
        this.random = useInsecureCertificateGeneration ? new InsecureRandom() : new SecureRandom();
    }

    public void createSelfSignedCertificate(File file, File file2, String str) throws GeneralSecurityException, IOException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate(str, this.random, 1024);
        file.getParentFile().mkdirs();
        file2.getParentFile().mkdirs();
        FileUtils.moveFile(selfSignedCertificate.certificate(), file);
        FileUtils.moveFile(selfSignedCertificate.privateKey(), file2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Certificate[] loadCertificates(File file) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
        Collection linkedList = new LinkedList();
        PemReader pemReader = new PemReader(new FileReader(file));
        Throwable th = null;
        try {
            for (PemObject readPemObject = pemReader.readPemObject(); readPemObject != null; readPemObject = pemReader.readPemObject()) {
                linkedList.addAll(certificateFactory.generateCertificates(new ByteArrayInputStream(readPemObject.getContent())));
            }
            if (linkedList.size() == 0) {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th2 = null;
                try {
                    try {
                        linkedList = certificateFactory.generateCertificates(fileInputStream);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (fileInputStream != null) {
                        if (th2 != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th4;
                }
            }
            return (Certificate[]) linkedList.toArray(new Certificate[linkedList.size()]);
        } finally {
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    pemReader.close();
                }
            }
        }
    }

    public PrivateKey loadPrivateKey(File file) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        PemReader pemReader = new PemReader(new FileReader(file));
        Throwable th = null;
        try {
            PemObject readPemObject = pemReader.readPemObject();
            if (readPemObject == null) {
                DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
                Throwable th2 = null;
                try {
                    try {
                        byte[] bArr = new byte[(int) file.length()];
                        dataInputStream.readFully(bArr);
                        PrivateKey generatePrivate = KeyFactory.getInstance(DEFAULT_ENCRYPTION).generatePrivate(new PKCS8EncodedKeySpec(bArr));
                        if (dataInputStream != null) {
                            if (0 != 0) {
                                try {
                                    dataInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                dataInputStream.close();
                            }
                        }
                        return generatePrivate;
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (dataInputStream != null) {
                        if (th2 != null) {
                            try {
                                dataInputStream.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            dataInputStream.close();
                        }
                    }
                    throw th4;
                }
            }
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(readPemObject.getContent());
            try {
                PrivateKey generatePrivate2 = KeyFactory.getInstance(DEFAULT_ENCRYPTION).generatePrivate(pKCS8EncodedKeySpec);
                if (pemReader != null) {
                    if (0 != 0) {
                        try {
                            pemReader.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        pemReader.close();
                    }
                }
                return generatePrivate2;
            } catch (InvalidKeySpecException e) {
                try {
                    PrivateKey generatePrivate3 = KeyFactory.getInstance("DSA").generatePrivate(pKCS8EncodedKeySpec);
                    if (pemReader != null) {
                        if (0 != 0) {
                            try {
                                pemReader.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        } else {
                            pemReader.close();
                        }
                    }
                    return generatePrivate3;
                } catch (InvalidKeySpecException e2) {
                    try {
                        PrivateKey generatePrivate4 = KeyFactory.getInstance("EC").generatePrivate(pKCS8EncodedKeySpec);
                        if (pemReader != null) {
                            if (0 != 0) {
                                try {
                                    pemReader.close();
                                } catch (Throwable th8) {
                                    th.addSuppressed(th8);
                                }
                            } else {
                                pemReader.close();
                            }
                        }
                        return generatePrivate4;
                    } catch (InvalidKeySpecException e3) {
                        throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e3);
                    }
                }
            }
        } finally {
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    pemReader.close();
                }
            }
        }
    }
}
