package org.opendaylight.netconf.keystore.legacy.impl;

import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.util.encoders.DecoderException;

/* loaded from: input_file:org/opendaylight/netconf/keystore/legacy/impl/SecurityHelper.class */
public final class SecurityHelper {
    private CertificateFactory certFactory;
    private Provider bcProv;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey generatePrivateKey(byte[] bArr, String str) throws GeneralSecurityException {
        return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate generateCertificate(byte[] bArr) throws GeneralSecurityException {
        if (this.certFactory == null) {
            this.certFactory = CertificateFactory.getInstance("X.509");
        }
        return (X509Certificate) this.certFactory.generateCertificate(new ByteArrayInputStream(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair generateKeyPair(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException {
        return new KeyPair(KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr2)), generatePrivateKey(bArr, str));
    }

    @VisibleForTesting
    public KeyPair decodePrivateKey(String str, String str2) throws IOException {
        PEMKeyPair pEMKeyPair;
        if (this.bcProv == null) {
            Provider provider = Security.getProvider("BC");
            this.bcProv = provider != null ? provider : new BouncyCastleProvider();
        }
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str.replace("\\n", "\n")));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PEMEncryptedKeyPair) {
                    pEMKeyPair = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(this.bcProv).build(str2.toCharArray()));
                } else {
                    if (!(readObject instanceof PEMKeyPair)) {
                        throw new IOException("Unhandled private key " + String.valueOf(readObject.getClass()));
                    }
                    pEMKeyPair = (PEMKeyPair) readObject;
                }
                KeyPair keyPair = new JcaPEMKeyConverter().getKeyPair(pEMKeyPair);
                pEMParser.close();
                return keyPair;
            } finally {
            }
        } catch (DecoderException e) {
            throw new IOException("Invalid input.", e);
        }
    }

    @VisibleForTesting
    public static X509Certificate decodeCertificate(String str) throws IOException, GeneralSecurityException {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str.replace("\\n", "\n")));
            try {
                Object readObject = pEMParser.readObject();
                if (!(readObject instanceof X509CertificateHolder)) {
                    throw new IOException("Unhandled certificate " + String.valueOf(readObject.getClass()));
                }
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
                pEMParser.close();
                return certificate;
            } finally {
            }
        } catch (DecoderException e) {
            throw new IOException("Invalid input.", e);
        }
    }
}
