package nl.altindag.ssl.pem.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import nl.altindag.ssl.exception.GenericIOException;
import nl.altindag.ssl.pem.decryptor.BouncyFunction;
import nl.altindag.ssl.pem.decryptor.PemDecryptor;
import nl.altindag.ssl.pem.decryptor.Pkcs8Decryptor;
import nl.altindag.ssl.pem.exception.CertificateParseException;
import nl.altindag.ssl.pem.exception.PemParseException;
import nl.altindag.ssl.pem.exception.PrivateKeyParseException;
import nl.altindag.ssl.pem.exception.PublicKeyParseException;
import nl.altindag.ssl.util.KeyManagerUtils;
import nl.altindag.ssl.util.TrustManagerUtils;
import nl.altindag.ssl.util.internal.CollectorsUtils;
import nl.altindag.ssl.util.internal.IOUtils;
import nl.altindag.ssl.util.internal.ValidationUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.X509TrustedCertificateBlock;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:nl/altindag/ssl/pem/util/PemUtils.class */
public final class PemUtils {
    private static final String EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE = "Failed to load the certificate from the provided InputStream because it is null";
    private static final UnaryOperator<String> CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE = str -> {
        return String.format("Failed to load the certificate from the classpath for the given path: [%s]", str);
    };
    private static final char[] NO_PASSWORD = null;
    private static final PemUtils INSTANCE = new PemUtils(new BouncyCastleProvider(), new JcaPEMKeyConverter(), new JcaX509CertificateConverter());
    private final JcaPEMKeyConverter keyConverter;
    private final JcaX509CertificateConverter certificateConverter;

    PemUtils(BouncyCastleProvider bouncyCastleProvider, JcaPEMKeyConverter jcaPEMKeyConverter, JcaX509CertificateConverter jcaX509CertificateConverter) {
        Security.addProvider(bouncyCastleProvider);
        this.keyConverter = jcaPEMKeyConverter;
        this.certificateConverter = jcaX509CertificateConverter;
    }

    public static X509ExtendedTrustManager loadTrustMaterial(String... strArr) {
        return TrustManagerUtils.createTrustManager(loadCertificate(strArr));
    }

    public static X509ExtendedTrustManager loadTrustMaterial(Path... pathArr) {
        return TrustManagerUtils.createTrustManager(loadCertificate(pathArr));
    }

    public static X509ExtendedTrustManager loadTrustMaterial(InputStream... inputStreamArr) {
        return TrustManagerUtils.createTrustManager(loadCertificate(inputStreamArr));
    }

    public static List<X509Certificate> loadCertificate(String... strArr) {
        return loadCertificate(strArr, str -> {
            return (InputStream) ValidationUtils.requireNotNull(IOUtils.getResourceAsStream(str), (String) CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE.apply(str));
        });
    }

    public static List<X509Certificate> loadCertificate(Path... pathArr) {
        return loadCertificate(pathArr, IOUtils::getFileAsStream);
    }

    public static List<X509Certificate> loadCertificate(InputStream... inputStreamArr) {
        return loadCertificate(inputStreamArr, inputStream -> {
            return (InputStream) ValidationUtils.requireNotNull(inputStream, EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE);
        });
    }

    private static <T> List<X509Certificate> loadCertificate(T[] tArr, Function<T, InputStream> function) {
        return (List) Arrays.stream(tArr).map(function).map(IOUtils::getContent).map(PemUtils::parseCertificate).flatMap((v0) -> {
            return v0.stream();
        }).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static List<X509Certificate> parseCertificate(String str) {
        PemType pemType = PemType.CERTIFICATE;
        Objects.requireNonNull(pemType);
        return ValidationUtils.requireNotEmpty((List) parsePemContent(str, (v1) -> {
            return r1.equals(v1);
        }).stream().map(PemUtils::extractCertificate).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(CollectorsUtils.toUnmodifiableList()), (Supplier<RuntimeException>) () -> {
            return new CertificateParseException("Received an unsupported certificate type");
        });
    }

    private static List<Object> parsePemContent(String str, Predicate<PemType> predicate) {
        try {
            StringReader stringReader = new StringReader(PemFormatter.reformatIfNeeded(str));
            try {
                PEMParser pEMParser = new PEMParser(stringReader);
                try {
                    ArrayList arrayList = new ArrayList();
                    for (Object readObject = pEMParser.readObject(); readObject != null; readObject = pEMParser.readObject()) {
                        if (predicate.test(PemType.from(readObject))) {
                            arrayList.add(readObject);
                        }
                    }
                    pEMParser.close();
                    stringReader.close();
                    return arrayList;
                } catch (Throwable th) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new PemParseException(e);
        }
    }

    static Optional<X509Certificate> extractCertificate(Object obj) {
        try {
            X509Certificate x509Certificate = null;
            if (obj instanceof X509CertificateHolder) {
                x509Certificate = getInstance().getCertificateConverter().getCertificate((X509CertificateHolder) obj);
            } else if (obj instanceof X509TrustedCertificateBlock) {
                x509Certificate = getInstance().getCertificateConverter().getCertificate(((X509TrustedCertificateBlock) obj).getCertificateHolder());
            }
            return Optional.ofNullable(x509Certificate);
        } catch (CertificateException e) {
            throw new CertificateParseException(e);
        }
    }

    public static X509ExtendedTrustManager parseTrustMaterial(String... strArr) {
        return (X509ExtendedTrustManager) Arrays.stream(strArr).map(PemUtils::parseCertificate).flatMap((v0) -> {
            return v0.stream();
        }).collect(CollectorsUtils.toListAndThen(TrustManagerUtils::createTrustManager));
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(String str, String str2) {
        return loadIdentityMaterial(str, str2, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(String str, String str2, char[] cArr) {
        return loadIdentityMaterial(str, str2, cArr, str3 -> {
            return (InputStream) ValidationUtils.requireNotNull(IOUtils.getResourceAsStream(str3), (String) CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE.apply(str3));
        });
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(InputStream inputStream, InputStream inputStream2) {
        return loadIdentityMaterial(inputStream, inputStream2, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(InputStream inputStream, InputStream inputStream2, char[] cArr) {
        return loadIdentityMaterial(inputStream, inputStream2, cArr, inputStream3 -> {
            return (InputStream) ValidationUtils.requireNotNull(inputStream3, EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE);
        });
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(Path path, Path path2) {
        return loadIdentityMaterial(path, path2, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(Path path, Path path2, char[] cArr) {
        return loadIdentityMaterial(path, path2, cArr, IOUtils::getFileAsStream);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(String str) {
        return loadIdentityMaterial(str, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(String str, char[] cArr) {
        return loadIdentityMaterial(str, cArr, (Function<String, InputStream>) str2 -> {
            return (InputStream) ValidationUtils.requireNotNull(IOUtils.getResourceAsStream(str2), (String) CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE.apply(str2));
        });
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(Path path) {
        return loadIdentityMaterial(path, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(Path path, char[] cArr) {
        return loadIdentityMaterial(path, cArr, (Function<Path, InputStream>) IOUtils::getFileAsStream);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(InputStream inputStream) {
        return loadIdentityMaterial(inputStream, NO_PASSWORD);
    }

    public static X509ExtendedKeyManager loadIdentityMaterial(InputStream inputStream, char[] cArr) {
        return loadIdentityMaterial(inputStream, cArr, (Function<InputStream, InputStream>) inputStream2 -> {
            return (InputStream) ValidationUtils.requireNotNull(inputStream2, EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE);
        });
    }

    private static <T> X509ExtendedKeyManager loadIdentityMaterial(T t, T t2, char[] cArr, Function<T, InputStream> function) {
        try {
            InputStream apply = function.apply(t);
            try {
                InputStream apply2 = function.apply(t2);
                try {
                    X509ExtendedKeyManager parseIdentityMaterial = parseIdentityMaterial(IOUtils.getContent(apply), IOUtils.getContent(apply2), cArr);
                    if (apply2 != null) {
                        apply2.close();
                    }
                    if (apply != null) {
                        apply.close();
                    }
                    return parseIdentityMaterial;
                } catch (Throwable th) {
                    if (apply2 != null) {
                        try {
                            apply2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new GenericIOException(e);
        }
    }

    private static <T> X509ExtendedKeyManager loadIdentityMaterial(T t, char[] cArr, Function<T, InputStream> function) {
        try {
            InputStream apply = function.apply(t);
            try {
                String content = IOUtils.getContent(apply);
                X509ExtendedKeyManager parseIdentityMaterial = parseIdentityMaterial(content, content, cArr);
                if (apply != null) {
                    apply.close();
                }
                return parseIdentityMaterial;
            } finally {
            }
        } catch (IOException e) {
            throw new GenericIOException(e);
        }
    }

    public static X509ExtendedKeyManager parseIdentityMaterial(String str) {
        return parseIdentityMaterial(str, str, null);
    }

    public static X509ExtendedKeyManager parseIdentityMaterial(String str, char[] cArr) {
        return parseIdentityMaterial(str, str, cArr);
    }

    public static X509ExtendedKeyManager parseIdentityMaterial(String str, String str2, char[] cArr) {
        return KeyManagerUtils.createKeyManager(parsePrivateKey(str2, cArr), (Certificate[]) parseCertificate(str).toArray(new Certificate[0]));
    }

    public static PrivateKey loadPrivateKey(String str) {
        return loadPrivateKey(str, NO_PASSWORD);
    }

    public static PrivateKey loadPrivateKey(String str, char[] cArr) {
        return loadPrivateKey(str, cArr, str2 -> {
            return (InputStream) ValidationUtils.requireNotNull(IOUtils.getResourceAsStream(str2), (String) CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE.apply(str2));
        });
    }

    public static PrivateKey loadPrivateKey(Path path) {
        return loadPrivateKey(path, NO_PASSWORD);
    }

    public static PrivateKey loadPrivateKey(Path path, char[] cArr) {
        return loadPrivateKey(path, cArr, IOUtils::getFileAsStream);
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) {
        return loadPrivateKey(inputStream, NO_PASSWORD);
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream, char[] cArr) {
        return loadPrivateKey(inputStream, cArr, inputStream2 -> {
            return (InputStream) ValidationUtils.requireNotNull(inputStream2, EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE);
        });
    }

    private static <T> PrivateKey loadPrivateKey(T t, char[] cArr, Function<T, InputStream> function) {
        try {
            InputStream apply = function.apply(t);
            try {
                PrivateKey parsePrivateKey = parsePrivateKey(IOUtils.getContent(apply), cArr);
                if (apply != null) {
                    apply.close();
                }
                return parsePrivateKey;
            } finally {
            }
        } catch (IOException e) {
            throw new GenericIOException(e);
        }
    }

    public static PrivateKey parsePrivateKey(String str) {
        return parsePrivateKey(str, NO_PASSWORD);
    }

    public static PrivateKey parsePrivateKey(String str, char[] cArr) {
        PemType pemType = PemType.KEY;
        Objects.requireNonNull(pemType);
        return (PrivateKey) parsePemContent(str, (v1) -> {
            return r1.equals(v1);
        }).stream().map(obj -> {
            return extractPrivateKeyInfo(obj, cArr);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst().map(PemUtils::extractPrivateKey).orElseThrow(() -> {
            return new PrivateKeyParseException("Received an unsupported private key type");
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Optional<PrivateKeyInfo> extractPrivateKeyInfo(Object obj, char[] cArr) {
        try {
            PrivateKeyInfo privateKeyInfo = null;
            if (obj instanceof PrivateKeyInfo) {
                privateKeyInfo = (PrivateKeyInfo) obj;
            } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
                BouncyFunction<char[], InputDecryptorProvider> pkcs8Decryptor = Pkcs8Decryptor.getInstance();
                PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) obj;
                Objects.requireNonNull(pKCS8EncryptedPrivateKeyInfo);
                privateKeyInfo = (PrivateKeyInfo) pkcs8Decryptor.andThen(pKCS8EncryptedPrivateKeyInfo::decryptPrivateKeyInfo).apply(cArr);
            } else if (obj instanceof PEMKeyPair) {
                privateKeyInfo = ((PEMKeyPair) obj).getPrivateKeyInfo();
            } else if (obj instanceof PEMEncryptedKeyPair) {
                BouncyFunction<char[], PEMDecryptorProvider> pemDecryptor = PemDecryptor.getInstance();
                PEMEncryptedKeyPair pEMEncryptedKeyPair = (PEMEncryptedKeyPair) obj;
                Objects.requireNonNull(pEMEncryptedKeyPair);
                privateKeyInfo = (PrivateKeyInfo) pemDecryptor.andThen(pEMEncryptedKeyPair::decryptKeyPair).andThen((v0) -> {
                    return v0.getPrivateKeyInfo();
                }).apply(cArr);
            }
            return Optional.ofNullable(privateKeyInfo);
        } catch (IOException | OperatorCreationException | PKCSException e) {
            throw new PrivateKeyParseException(e);
        }
    }

    private static PrivateKey extractPrivateKey(PrivateKeyInfo privateKeyInfo) {
        try {
            return getInstance().getKeyConverter().getPrivateKey(privateKeyInfo);
        } catch (PEMException e) {
            throw new PrivateKeyParseException(e);
        }
    }

    public static PublicKey extractPublicKey(PrivateKey privateKey) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                PemWriter pemWriter = new PemWriter(stringWriter);
                try {
                    pemWriter.writeObject(new JcaMiscPEMGenerator(privateKey, null).generate());
                    pemWriter.flush();
                    StringReader stringReader = new StringReader(stringWriter.toString());
                    try {
                        PEMParser pEMParser = new PEMParser(stringReader);
                        try {
                            Object readObject = pEMParser.readObject();
                            if (!(readObject instanceof PEMKeyPair)) {
                                throw new PublicKeyParseException("Could not extract public key for the given private key.");
                            }
                            PublicKey publicKey = getInstance().getKeyConverter().getKeyPair((PEMKeyPair) readObject).getPublic();
                            pEMParser.close();
                            stringReader.close();
                            pemWriter.close();
                            stringWriter.close();
                            return publicKey;
                        } catch (Throwable th) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } catch (Throwable th3) {
                        try {
                            stringReader.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                        throw th3;
                    }
                } catch (Throwable th5) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new PublicKeyParseException(e);
        }
    }

    static PemUtils getInstance() {
        return INSTANCE;
    }

    private JcaPEMKeyConverter getKeyConverter() {
        return this.keyConverter;
    }

    private JcaX509CertificateConverter getCertificateConverter() {
        return this.certificateConverter;
    }
}
