package com.cloudbees.jenkins.ha;

import com.sun.jna.Function;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.CopyOption;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/cloudbees/jenkins/ha/KeyStoreGenerator.class */
public class KeyStoreGenerator {
    private static final String SYM_ALG = "AES";
    private static final String KEY_STORE_NAME = "jgroups_sym_encrypt.keystore";
    private static final String STORE_PASS = "changeit";
    private static final String ALIAS = "jgroupsKey";
    public static final String STORE_TYPE;
    public static final String JGROUPS_KEYSTORE_TYPE = "JGROUPS_KEYSTORE_TYPE";
    private static int KEY_SIZE = Function.MAX_NARGS;
    private static Logger LOGGER = Logger.getLogger(KeyStoreGenerator.class.getName());

    private KeyStoreGenerator() {
    }

    public static void generateKey(File file) {
        if (!file.isDirectory()) {
            throw new RuntimeException(String.format("%s is not a directory", file.getAbsolutePath()));
        }
        try {
            File secretsDirectory = getSecretsDirectory(file);
            if (Files.exists(Paths.get(secretsDirectory.getAbsolutePath(), KEY_STORE_NAME), new LinkOption[0])) {
                LOGGER.log(Level.FINE, "JGroups keystore file already exists. Skipping creation");
                return;
            }
            try {
                LOGGER.log(Level.INFO, String.format("Trying to create keystore file '%s' using algorithm '%s' size '%d'", KEY_STORE_NAME, SYM_ALG, Integer.valueOf(KEY_SIZE)));
                File createTempFile = File.createTempFile("jgroups_sym_encrypt", ".keystore", Paths.get(secretsDirectory.getAbsolutePath(), new String[0]).toFile());
                FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    SecretKey createSecretKey = createSecretKey();
                    KeyStore keyStore = KeyStore.getInstance(STORE_TYPE);
                    keyStore.load(null, null);
                    keyStore.setKeyEntry(ALIAS, createSecretKey, STORE_PASS.toCharArray(), null);
                    keyStore.store(fileOutputStream, STORE_PASS.toCharArray());
                    fileOutputStream.close();
                    try {
                        Files.move(createTempFile.toPath(), Paths.get(secretsDirectory.getAbsolutePath(), KEY_STORE_NAME), new CopyOption[0]);
                        LOGGER.info("Keystore created successfully");
                    } catch (FileAlreadyExistsException e) {
                        LOGGER.log(Level.INFO, "Another HA node already created the keystore. Skipping creation.");
                        LOGGER.log(Level.FINE, "Stacktrace", (Throwable) e);
                    }
                } finally {
                }
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        }
    }

    private static SecretKey createSecretKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(SYM_ALG);
        keyGenerator.init(KEY_SIZE);
        return keyGenerator.generateKey();
    }

    private static File getSecretsDirectory(File file) throws IOException {
        File file2 = new File(file, "secrets");
        if (file2.exists() && file2.isDirectory()) {
            return file2;
        }
        if (file2.mkdirs() && isUnix()) {
            Files.setPosixFilePermissions(file2.toPath(), (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE}).collect(Collectors.toCollection(HashSet::new)));
        }
        return file2;
    }

    private static boolean isUnix() {
        return File.pathSeparatorChar != ';';
    }

    static {
        if (Security.getProvider("BCFIPS") != null) {
            STORE_TYPE = "BCFKS";
        } else {
            STORE_TYPE = "JCEKS";
        }
    }
}
