package org.apache.catalina.tribes.membership.cloud;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.jsse.PEMFile;

/* loaded from: input_file:BOOT-INF/lib/tomcat-tribes-9.0.46.jar:org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.class */
public class CertificateStreamProvider extends AbstractStreamProvider {
    private static final Log log = LogFactory.getLog((Class<?>) CertificateStreamProvider.class);
    private final SSLSocketFactory factory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateStreamProvider(String str, String str2, String str3, String str4, String str5) throws Exception {
        KeyManager[] configureClientCert = configureClientCert(str, str2, str3 != null ? str3.toCharArray() : new char[0], str4);
        TrustManager[] configureCaCert = configureCaCert(str5);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(configureClientCert, configureCaCert, null);
        this.factory = sSLContext.getSocketFactory();
    }

    @Override // org.apache.catalina.tribes.membership.cloud.AbstractStreamProvider
    protected SSLSocketFactory getSocketFactory() {
        return this.factory;
    }

    private static KeyManager[] configureClientCert(String str, String str2, char[] cArr, String str3) throws Exception {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
                    PrivateKey privateKey = new PEMFile(str2, new String(cArr), str3).getPrivateKey();
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(null, null);
                    keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), privateKey, cArr, new Certificate[]{x509Certificate});
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, cArr);
                    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return keyManagers;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            log.error(sm.getString("certificateStream.clientCertError", str, str2));
            throw e;
        }
    }
}
