package org.elasticsearch.xpack.ssl;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import javax.security.auth.x500.X500Principal;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.cli.EnvironmentAwareCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.network.InetAddresses;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.common.xcontent.ConstructingObjectParser;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.ObjectParser;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.ml.job.process.autodetect.writer.RecordWriter;

/* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool.class */
public class CertificateTool extends EnvironmentAwareCommand {
    private static final String AUTO_GEN_CA_DN = "CN=Elastic Certificate Tool Autogenerated CA";
    private static final String DESCRIPTION = "Simplifies certificate creation for use with the Elastic Stack";
    private static final String DEFAULT_CSR_FILE = "csr-bundle.zip";
    private static final String DEFAULT_CERT_FILE = "certificate-bundle.zip";
    private static final int DEFAULT_DAYS = 1095;
    private static final int FILE_EXTENSION_LENGTH = 4;
    static final int MAX_FILENAME_LENGTH = 251;
    private static final Pattern ALLOWED_FILENAME_CHAR_PATTERN;
    private static final int DEFAULT_KEY_SIZE = 2048;
    private final OptionSpec<String> outputPathSpec;
    private final OptionSpec<Void> csrSpec;
    private final OptionSpec<String> caCertPathSpec;
    private final OptionSpec<String> caKeyPathSpec;
    private final OptionSpec<String> caPasswordSpec;
    private final OptionSpec<String> caDnSpec;
    private final OptionSpec<Integer> keysizeSpec;
    private final OptionSpec<String> inputFileSpec;
    private final OptionSpec<Integer> daysSpec;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool$CAInfo.class */
    public static class CAInfo {
        final X509Certificate caCert;
        final PrivateKey privateKey;
        final boolean generated;
        final char[] password;

        CAInfo(X509Certificate x509Certificate, PrivateKey privateKey) {
            this(x509Certificate, privateKey, false, null);
        }

        CAInfo(X509Certificate x509Certificate, PrivateKey privateKey, boolean z, char[] cArr) {
            this.caCert = x509Certificate;
            this.privateKey = privateKey;
            this.generated = z;
            this.password = cArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool$CertificateInformation.class */
    public static class CertificateInformation {
        final Name name;
        final List<String> ipAddresses;
        final List<String> dnsNames;

        CertificateInformation(String str, String str2, List<String> list, List<String> list2) {
            this.name = Name.fromUserProvidedName(str, str2);
            this.ipAddresses = list == null ? Collections.emptyList() : list;
            this.dnsNames = list2 == null ? Collections.emptyList() : list2;
        }

        List<String> validate() {
            ArrayList arrayList = new ArrayList();
            if (this.name.error != null) {
                arrayList.add(this.name.error);
            }
            for (String str : this.ipAddresses) {
                if (!InetAddresses.isInetAddress(str)) {
                    arrayList.add("[" + str + "] is not a valid IP address");
                }
            }
            for (String str2 : this.dnsNames) {
                if (!DERIA5String.isIA5String(str2)) {
                    arrayList.add("[" + str2 + "] is not a valid DNS name");
                }
            }
            return arrayList;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool$CertificateToolParser.class */
    public static class CertificateToolParser {
        private static final ObjectParser<List<CertificateInformation>, Void> PARSER = new ObjectParser<>("certgen");

        private CertificateToolParser() {
        }

        static {
            ConstructingObjectParser constructingObjectParser = new ConstructingObjectParser("instances", objArr -> {
                return new CertificateInformation((String) objArr[0], (String) (objArr[1] == null ? objArr[0] : objArr[1]), (List) objArr[2], (List) objArr[3]);
            });
            constructingObjectParser.declareString(ConstructingObjectParser.constructorArg(), new ParseField("name", new String[0]));
            constructingObjectParser.declareString(ConstructingObjectParser.optionalConstructorArg(), new ParseField("filename", new String[0]));
            constructingObjectParser.declareStringArray(ConstructingObjectParser.optionalConstructorArg(), new ParseField("ip", new String[0]));
            constructingObjectParser.declareStringArray(ConstructingObjectParser.optionalConstructorArg(), new ParseField("dns", new String[0]));
            PARSER.declareObjectArray((v0, v1) -> {
                v0.addAll(v1);
            }, constructingObjectParser, new ParseField("instances", new String[0]));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool$Name.class */
    public static class Name {
        final String originalName;
        final X500Principal x500Principal;
        final String filename;
        final String error;

        private Name(String str, X500Principal x500Principal, String str2, String str3) {
            this.originalName = str;
            this.x500Principal = x500Principal;
            this.filename = str2;
            this.error = str3;
        }

        static Name fromUserProvidedName(String str, String str2) {
            if ("ca".equals(str)) {
                return new Name(str, null, null, "[ca] may not be used as an instance name");
            }
            try {
                X500Principal x500Principal = str.contains("=") ? new X500Principal(str) : new X500Principal("CN=" + str);
                return !isValidFilename(str2) ? new Name(str, x500Principal, null, "[" + str2 + "] is not a valid filename") : new Name(str, x500Principal, Strings.cleanPath(str2), null);
            } catch (IllegalArgumentException e) {
                return new Name(str, null, null, "[" + str + "] could not be converted to a valid DN\n" + e.getMessage() + "\n" + ExceptionsHelper.stackTrace(e));
            }
        }

        static boolean isValidFilename(String str) {
            return CertificateTool.ALLOWED_FILENAME_CHAR_PATTERN.matcher(Strings.cleanPath(str)).matches() && !str.startsWith(RecordWriter.CONTROL_FIELD_NAME);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/CertificateTool$Writer.class */
    public interface Writer {
        void write(ZipOutputStream zipOutputStream, JcaPEMWriter jcaPEMWriter) throws Exception;
    }

    CertificateTool() {
        super(DESCRIPTION);
        this.outputPathSpec = this.parser.accepts("out", "path of the zip file that the output should be written to").withRequiredArg();
        this.csrSpec = this.parser.accepts("csr", "only generate certificate signing requests");
        this.caCertPathSpec = this.parser.accepts("cert", "path to an existing ca certificate").availableUnless(this.csrSpec, new OptionSpec[0]).withRequiredArg();
        this.caKeyPathSpec = this.parser.accepts("key", "path to an existing ca private key").availableIf(this.caCertPathSpec, new OptionSpec[0]).requiredIf(this.caCertPathSpec, new OptionSpec[0]).withRequiredArg();
        this.caPasswordSpec = this.parser.accepts("pass", "password for an existing ca private key or the generated ca private key").availableUnless(this.csrSpec, new OptionSpec[0]).withOptionalArg();
        this.caDnSpec = this.parser.accepts("dn", "distinguished name to use for the generated ca. defaults to CN=Elastic Certificate Tool Autogenerated CA").availableUnless(this.caCertPathSpec, new OptionSpec[0]).withRequiredArg();
        this.keysizeSpec = this.parser.accepts("keysize", "size in bits of RSA keys").withRequiredArg().ofType(Integer.class);
        this.inputFileSpec = this.parser.accepts("in", "file containing details of the instances in yaml format").withRequiredArg();
        this.daysSpec = this.parser.accepts("days", "number of days that the generated certificates are valid").withRequiredArg().ofType(Integer.class);
    }

    public static void main(String[] strArr) throws Exception {
        new CertificateTool().main(strArr, Terminal.DEFAULT);
    }

    protected void execute(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
        boolean has = optionSet.has(this.csrSpec);
        printIntro(terminal, has);
        Path outputFile = getOutputFile(terminal, (String) this.outputPathSpec.value(optionSet), environment, has ? DEFAULT_CSR_FILE : DEFAULT_CERT_FILE);
        String str = (String) this.inputFileSpec.value(optionSet);
        int intValue = optionSet.has(this.keysizeSpec) ? ((Integer) this.keysizeSpec.value(optionSet)).intValue() : DEFAULT_KEY_SIZE;
        if (has) {
            generateAndWriteCsrs(outputFile, getCertificateInformationList(terminal, str, environment), intValue);
        } else {
            String str2 = optionSet.has(this.caDnSpec) ? (String) this.caDnSpec.value(optionSet) : AUTO_GEN_CA_DN;
            boolean has2 = optionSet.has(this.caPasswordSpec);
            char[] charArray = optionSet.hasArgument(this.caPasswordSpec) ? ((String) this.caPasswordSpec.value(optionSet)).toCharArray() : null;
            int intValue2 = optionSet.hasArgument(this.daysSpec) ? ((Integer) this.daysSpec.value(optionSet)).intValue() : DEFAULT_DAYS;
            generateAndWriteSignedCertificates(outputFile, getCertificateInformationList(terminal, str, environment), getCAInfo(terminal, str2, (String) this.caCertPathSpec.value(optionSet), (String) this.caKeyPathSpec.value(optionSet), charArray, has2, environment, intValue, intValue2), intValue, intValue2);
        }
        printConclusion(terminal, has, outputFile);
    }

    protected void printAdditionalHelp(Terminal terminal) {
        terminal.println("Simplifies the generation of certificate signing requests and signed");
        terminal.println("certificates. The tool runs interactively unless the 'in' and 'out' parameters");
        terminal.println("are specified. In the interactive mode, the tool will prompt for required");
        terminal.println("values that have not been provided through the use of command line options.");
        terminal.println("");
    }

    static Path getOutputFile(Terminal terminal, String str, Environment environment, String str2) throws IOException {
        Path resolveConfigFile;
        if (str != null) {
            resolveConfigFile = XPackPlugin.resolveConfigFile(environment, Strings.cleanPath(str));
        } else {
            resolveConfigFile = XPackPlugin.resolveConfigFile(environment, str2);
            String readText = terminal.readText("Please enter the desired output file [" + resolveConfigFile + "]: ");
            if (!readText.isEmpty()) {
                resolveConfigFile = XPackPlugin.resolveConfigFile(environment, Strings.cleanPath(readText));
            }
        }
        return resolveConfigFile;
    }

    static Collection<CertificateInformation> getCertificateInformationList(Terminal terminal, String str, Environment environment) throws Exception {
        if (str != null) {
            return parseFile(XPackPlugin.resolveConfigFile(environment, str));
        }
        HashMap hashMap = new HashMap();
        boolean z = false;
        while (!z) {
            String readText = terminal.readText("Enter instance name: ");
            if (readText.isEmpty()) {
                terminal.println("A name must be provided");
            } else {
                boolean isValidFilename = Name.isValidFilename(readText);
                String readText2 = terminal.readText("Enter name for directories and files " + (isValidFilename ? "[" + readText + "]" : "") + ": ");
                if (readText2.isEmpty() && isValidFilename) {
                    readText2 = readText;
                }
                CertificateInformation certificateInformation = new CertificateInformation(readText, readText2, Arrays.asList(Strings.splitStringByCommaToArray(terminal.readText("Enter IP Addresses for instance (comma-separated if more than one) []: "))), Arrays.asList(Strings.splitStringByCommaToArray(terminal.readText("Enter DNS names for instance (comma-separated if more than one) []: "))));
                List<String> validate = certificateInformation.validate();
                if (validate.isEmpty()) {
                    if (hashMap.containsKey(readText)) {
                        terminal.println("Overwriting previously defined instance information [" + readText + "]");
                    }
                    hashMap.put(readText, certificateInformation);
                } else {
                    Iterator<String> it = validate.iterator();
                    while (it.hasNext()) {
                        terminal.println(it.next());
                    }
                    terminal.println("Skipping entry as invalid values were found");
                }
            }
            if (!"y".equals(terminal.readText("Would you like to specify another instance? Press 'y' to continue entering instance information: "))) {
                z = true;
            }
        }
        return hashMap.values();
    }

    static Collection<CertificateInformation> parseFile(Path path) throws Exception {
        BufferedReader newBufferedReader = Files.newBufferedReader(path);
        Throwable th = null;
        try {
            Collection<CertificateInformation> collection = (Collection) CertificateToolParser.PARSER.parse(XContentType.YAML.xContent().createParser(NamedXContentRegistry.EMPTY, newBufferedReader), new ArrayList(), (Object) null);
            if (newBufferedReader != null) {
                if (0 != 0) {
                    try {
                        newBufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newBufferedReader.close();
                }
            }
            return collection;
        } catch (Throwable th3) {
            if (newBufferedReader != null) {
                if (0 != 0) {
                    try {
                        newBufferedReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newBufferedReader.close();
                }
            }
            throw th3;
        }
    }

    static void generateAndWriteCsrs(Path path, Collection<CertificateInformation> collection, int i) throws Exception {
        fullyWriteFile(path, (zipOutputStream, jcaPEMWriter) -> {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                CertificateInformation certificateInformation = (CertificateInformation) it.next();
                KeyPair generateKeyPair = CertUtils.generateKeyPair(i);
                PKCS10CertificationRequest generateCSR = CertUtils.generateCSR(generateKeyPair, certificateInformation.name.x500Principal, getSubjectAlternativeNamesValue(certificateInformation.ipAddresses, certificateInformation.dnsNames));
                String str = certificateInformation.name.filename + "/";
                ZipEntry zipEntry = new ZipEntry(str);
                if (!$assertionsDisabled && !zipEntry.isDirectory()) {
                    throw new AssertionError();
                }
                zipOutputStream.putNextEntry(zipEntry);
                zipOutputStream.putNextEntry(new ZipEntry(str + certificateInformation.name.filename + ".csr"));
                jcaPEMWriter.writeObject(generateCSR);
                jcaPEMWriter.flush();
                zipOutputStream.closeEntry();
                zipOutputStream.putNextEntry(new ZipEntry(str + certificateInformation.name.filename + ".key"));
                jcaPEMWriter.writeObject(generateKeyPair.getPrivate());
                jcaPEMWriter.flush();
                zipOutputStream.closeEntry();
            }
        });
    }

    static CAInfo getCAInfo(Terminal terminal, String str, String str2, String str3, char[] cArr, boolean z, Environment environment, int i, int i2) throws Exception {
        if (str2 == null) {
            X500Principal x500Principal = new X500Principal(str);
            KeyPair generateKeyPair = CertUtils.generateKeyPair(i);
            return new CAInfo(CertUtils.generateCACertificate(x500Principal, generateKeyPair, i2), generateKeyPair.getPrivate(), true, z ? terminal.readSecret("Enter password for CA private key: ") : cArr);
        }
        if (!$assertionsDisabled && str3 == null) {
            throw new AssertionError();
        }
        Certificate[] readCertificates = CertUtils.readCertificates(Collections.singletonList(str2), environment);
        if (readCertificates.length != 1) {
            throw new IllegalArgumentException("expected a single certificate in file [" + str2 + "] but found [" + readCertificates.length + "]");
        }
        return new CAInfo((X509Certificate) readCertificates[0], readPrivateKey(str3, cArr, terminal, environment, z));
    }

    static void generateAndWriteSignedCertificates(Path path, Collection<CertificateInformation> collection, CAInfo cAInfo, int i, int i2) throws Exception {
        fullyWriteFile(path, (zipOutputStream, jcaPEMWriter) -> {
            writeCAInfoIfGenerated(zipOutputStream, jcaPEMWriter, cAInfo);
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                CertificateInformation certificateInformation = (CertificateInformation) it.next();
                KeyPair generateKeyPair = CertUtils.generateKeyPair(i);
                X509Certificate generateSignedCertificate = CertUtils.generateSignedCertificate(certificateInformation.name.x500Principal, getSubjectAlternativeNamesValue(certificateInformation.ipAddresses, certificateInformation.dnsNames), generateKeyPair, cAInfo.caCert, cAInfo.privateKey, i2);
                String str = certificateInformation.name.filename + "/";
                ZipEntry zipEntry = new ZipEntry(str);
                if (!$assertionsDisabled && !zipEntry.isDirectory()) {
                    throw new AssertionError();
                }
                zipOutputStream.putNextEntry(zipEntry);
                zipOutputStream.putNextEntry(new ZipEntry(str + certificateInformation.name.filename + ".crt"));
                jcaPEMWriter.writeObject(generateSignedCertificate);
                jcaPEMWriter.flush();
                zipOutputStream.closeEntry();
                zipOutputStream.putNextEntry(new ZipEntry(str + certificateInformation.name.filename + ".key"));
                jcaPEMWriter.writeObject(generateKeyPair.getPrivate());
                jcaPEMWriter.flush();
                zipOutputStream.closeEntry();
            }
        });
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0152: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:92:0x0152 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0156: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:94:0x0156 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x00fe: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:73:0x00fe */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x0103: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:75:0x0103 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.util.zip.ZipOutputStream] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    private static void fullyWriteFile(Path path, Writer writer) throws Exception {
        ?? r12;
        ?? r13;
        boolean z = false;
        try {
            try {
                OutputStream newOutputStream = Files.newOutputStream(path, StandardOpenOption.CREATE_NEW);
                Throwable th = null;
                try {
                    ZipOutputStream zipOutputStream = new ZipOutputStream(newOutputStream, StandardCharsets.UTF_8);
                    Throwable th2 = null;
                    JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(zipOutputStream, StandardCharsets.UTF_8));
                    Throwable th3 = null;
                    try {
                        try {
                            writer.write(zipOutputStream, jcaPEMWriter);
                            PosixFileAttributeView posixFileAttributeView = (PosixFileAttributeView) Files.getFileAttributeView(path, PosixFileAttributeView.class, new LinkOption[0]);
                            if (posixFileAttributeView != null) {
                                posixFileAttributeView.setPermissions(Sets.newHashSet(new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE}));
                            }
                            z = true;
                            if (jcaPEMWriter != null) {
                                if (0 != 0) {
                                    try {
                                        jcaPEMWriter.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    jcaPEMWriter.close();
                                }
                            }
                            if (zipOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        zipOutputStream.close();
                                    } catch (Throwable th5) {
                                        th2.addSuppressed(th5);
                                    }
                                } else {
                                    zipOutputStream.close();
                                }
                            }
                            if (newOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        newOutputStream.close();
                                    } catch (Throwable th6) {
                                        th.addSuppressed(th6);
                                    }
                                } else {
                                    newOutputStream.close();
                                }
                            }
                            if (1 == 0) {
                                Files.deleteIfExists(path);
                            }
                        } catch (Throwable th7) {
                            th3 = th7;
                            throw th7;
                        }
                    } catch (Throwable th8) {
                        if (jcaPEMWriter != null) {
                            if (th3 != null) {
                                try {
                                    jcaPEMWriter.close();
                                } catch (Throwable th9) {
                                    th3.addSuppressed(th9);
                                }
                            } else {
                                jcaPEMWriter.close();
                            }
                        }
                        throw th8;
                    }
                } catch (Throwable th10) {
                    if (r12 != 0) {
                        if (r13 != 0) {
                            try {
                                r12.close();
                            } catch (Throwable th11) {
                                r13.addSuppressed(th11);
                            }
                        } else {
                            r12.close();
                        }
                    }
                    throw th10;
                }
            } catch (Throwable th12) {
                if (!z) {
                    Files.deleteIfExists(path);
                }
                throw th12;
            }
        } finally {
        }
    }

    private static void writeCAInfoIfGenerated(ZipOutputStream zipOutputStream, JcaPEMWriter jcaPEMWriter, CAInfo cAInfo) throws Exception {
        if (cAInfo.generated) {
            ZipEntry zipEntry = new ZipEntry("ca/");
            if (!$assertionsDisabled && !zipEntry.isDirectory()) {
                throw new AssertionError();
            }
            zipOutputStream.putNextEntry(zipEntry);
            zipOutputStream.putNextEntry(new ZipEntry("ca/ca.crt"));
            jcaPEMWriter.writeObject(cAInfo.caCert);
            jcaPEMWriter.flush();
            zipOutputStream.closeEntry();
            zipOutputStream.putNextEntry(new ZipEntry("ca/ca.key"));
            if (cAInfo.password == null || cAInfo.password.length <= 0) {
                jcaPEMWriter.writeObject(cAInfo.privateKey);
            } else {
                try {
                    jcaPEMWriter.writeObject(cAInfo.privateKey, new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(CertUtils.BC_PROV).build(cAInfo.password));
                    Arrays.fill(cAInfo.password, (char) 0);
                } catch (Throwable th) {
                    Arrays.fill(cAInfo.password, (char) 0);
                    throw th;
                }
            }
            jcaPEMWriter.flush();
            zipOutputStream.closeEntry();
        }
    }

    private static void printIntro(Terminal terminal, boolean z) {
        terminal.println("This tool assists you in the generation of X.509 certificates and certificate");
        terminal.println("signing requests for use with SSL in the Elastic stack. Depending on the command");
        terminal.println("line option specified, you may be prompted for the following:");
        terminal.println("");
        terminal.println("* The path to the output file");
        if (z) {
            terminal.println("    * The output file is a zip file containing the certificate signing requests");
            terminal.println("      and private keys for each instance.");
        } else {
            terminal.println("    * The output file is a zip file containing the signed certificates and");
            terminal.println("      private keys for each instance. If a Certificate Authority was generated,");
            terminal.println("      the certificate and private key will also be included in the output file.");
        }
        terminal.println("* Information about each instance");
        terminal.println("    * An instance is any piece of the Elastic Stack that requires a SSL certificate.");
        terminal.println("      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats");
        terminal.println("      may all require a certificate and private key.");
        terminal.println("    * The minimum required value for each instance is a name. This can simply be the");
        terminal.println("      hostname, which will be used as the Common Name of the certificate. A full");
        terminal.println("      distinguished name may also be used.");
        terminal.println("    * A filename value may be required for each instance. This is necessary when the");
        terminal.println("      name would result in an invalid file or directory name. The name provided here");
        terminal.println("      is used as the directory name (within the zip) and the prefix for the key and");
        terminal.println("      certificate files. The filename is required if you are prompted and the name");
        terminal.println("      is not displayed in the prompt.");
        terminal.println("    * IP addresses and DNS names are optional. Multiple values can be specified as a");
        terminal.println("      comma separated string. If no IP addresses or DNS names are provided, you may");
        terminal.println("      disable hostname verification in your SSL configuration.");
        if (!z) {
            terminal.println("* Certificate Authority private key password");
            terminal.println("    * The password may be left empty if desired.");
        }
        terminal.println("");
        terminal.println("Let's get started...");
        terminal.println("");
    }

    private static void printConclusion(Terminal terminal, boolean z, Path path) {
        if (z) {
            terminal.println("Certificate signing requests written to " + path);
            terminal.println("");
            terminal.println("This file should be properly secured as it contains the private keys for all");
            terminal.println("instances.");
            terminal.println("");
            terminal.println("After unzipping the file, there will be a directory for each instance containing");
            terminal.println("the certificate signing request and the private key. Provide the certificate");
            terminal.println("signing requests to your certificate authority. Once you have received the");
            terminal.println("signed certificate, copy the signed certificate, key, and CA certificate to the");
            terminal.println("configuration directory of the Elastic product that they will be used for and");
            terminal.println("follow the SSL configuration instructions in the product guide.");
            return;
        }
        terminal.println("Certificates written to " + path);
        terminal.println("");
        terminal.println("This file should be properly secured as it contains the private keys for all");
        terminal.println("instances and the certificate authority.");
        terminal.println("");
        terminal.println("After unzipping the file, there will be a directory for each instance containing");
        terminal.println("the certificate and private key. Copy the certificate, key, and CA certificate");
        terminal.println("to the configuration directory of the Elastic product that they will be used for");
        terminal.println("and follow the SSL configuration instructions in the product guide.");
        terminal.println("");
        terminal.println("For client applications, you may only need to copy the CA certificate and");
        terminal.println("configure the client to trust this certificate.");
    }

    private static PrivateKey readPrivateKey(String str, char[] cArr, Terminal terminal, Environment environment, boolean z) throws Exception {
        AtomicReference atomicReference = new AtomicReference(cArr);
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(XPackPlugin.resolveConfigFile(environment, str), StandardCharsets.UTF_8);
            Throwable th = null;
            try {
                try {
                    PrivateKey readPrivateKey = CertUtils.readPrivateKey(newBufferedReader, () -> {
                        if (cArr != null || !z) {
                            return cArr;
                        }
                        char[] readSecret = terminal.readSecret("Enter password for CA private key: ");
                        atomicReference.set(readSecret);
                        return readSecret;
                    });
                    if (newBufferedReader != null) {
                        if (0 != 0) {
                            try {
                                newBufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newBufferedReader.close();
                        }
                    }
                    return readPrivateKey;
                } finally {
                }
            } finally {
            }
        } finally {
            if (atomicReference.get() != null) {
                Arrays.fill((char[]) atomicReference.get(), (char) 0);
            }
        }
    }

    private static GeneralNames getSubjectAlternativeNamesValue(List<String> list, List<String> list2) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(new GeneralName(7, it.next()));
        }
        Iterator<String> it2 = list2.iterator();
        while (it2.hasNext()) {
            hashSet.add(new GeneralName(2, it2.next()));
        }
        if (hashSet.isEmpty()) {
            return null;
        }
        return new GeneralNames((GeneralName[]) hashSet.toArray(new GeneralName[0]));
    }

    static {
        $assertionsDisabled = !CertificateTool.class.desiredAssertionStatus();
        ALLOWED_FILENAME_CHAR_PATTERN = Pattern.compile("[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,251}");
    }
}
