package org.eclipse.kura.core.keystore.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/eclipse/kura/core/keystore/util/CertificateUtil.class */
public class CertificateUtil {
    private CertificateUtil() {
    }

    public static X509Certificate toJavaX509Certificate(Object obj) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        if (obj instanceof X509CertificateHolder) {
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) obj).getEncoded()));
        }
        if (obj instanceof X509Certificate) {
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((X509Certificate) obj).getEncoded()));
        }
        if (obj instanceof X509Certificate) {
            return (X509Certificate) obj;
        }
        if (obj instanceof PemObject) {
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((PemObject) obj).getContent()));
        }
        throw new IllegalArgumentException("Object not one of X509CertificateHolder, X509Certificate or PemObject.");
    }

    public static Set<TrustAnchor> toTrustAnchor(List<X509Certificate> list) throws Exception {
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next(), null));
        }
        return hashSet;
    }

    public static String x509CertificateToPem(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(certificate);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    /* JADX WARN: Finally extract failed */
    public static List<X509Certificate> readPemCertificates(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        Throwable th = null;
        try {
            StringReader stringReader = new StringReader(str);
            try {
                PemReader pemReader = new PemReader(stringReader);
                while (true) {
                    try {
                        PemObject readPemObject = pemReader.readPemObject();
                        if (readPemObject == null) {
                            break;
                        }
                        arrayList.add(toJavaX509Certificate(readPemObject));
                    } catch (Throwable th2) {
                        if (pemReader != null) {
                            pemReader.close();
                        }
                        throw th2;
                    }
                }
                if (pemReader != null) {
                    pemReader.close();
                }
                if (stringReader != null) {
                    stringReader.close();
                }
                return arrayList;
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                if (stringReader != null) {
                    stringReader.close();
                }
                throw th;
            }
        } catch (Throwable th4) {
            if (0 == 0) {
                th = th4;
            } else if (null != th4) {
                th.addSuppressed(th4);
            }
            throw th;
        }
    }

    public static PrivateKey readEncryptedPrivateKey(String str, String str2) throws IOException, PKCSException {
        org.bouncycastle.asn1.pkcs.PrivateKeyInfo privateKeyInfo;
        Throwable th = null;
        try {
            StringReader stringReader = new StringReader(str);
            try {
                PEMParser pEMParser = new PEMParser(stringReader);
                try {
                    JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                    Object readObject = pEMParser.readObject();
                    if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        privateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider("BC").build(str2.toCharArray()));
                    } else {
                        if (!(readObject instanceof PEMEncryptedKeyPair)) {
                            throw new PKCSException("Invalid encrypted private key class: " + readObject.getClass().getName());
                        }
                        privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new BcPEMDecryptorProvider(str2.toCharArray())).getPrivateKeyInfo();
                    }
                    PrivateKey privateKey = provider.getPrivateKey(privateKeyInfo);
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    if (stringReader != null) {
                        stringReader.close();
                    }
                    return privateKey;
                } catch (Throwable th2) {
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                if (stringReader != null) {
                    stringReader.close();
                }
                throw th;
            }
        } catch (Throwable th4) {
            if (0 == 0) {
                th = th4;
            } else if (null != th4) {
                th.addSuppressed(th4);
            }
            throw th;
        }
    }

    public static PublicKey readPublicKey(String str, String str2) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance(str2);
        Throwable th = null;
        try {
            StringReader stringReader = new StringReader(str);
            try {
                PemReader pemReader = new PemReader(stringReader);
                try {
                    PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(pemReader.readPemObject().getContent()));
                    if (pemReader != null) {
                        pemReader.close();
                    }
                    if (stringReader != null) {
                        stringReader.close();
                    }
                    return generatePublic;
                } catch (Throwable th2) {
                    if (pemReader != null) {
                        pemReader.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                if (stringReader != null) {
                    stringReader.close();
                }
                throw th;
            }
        } catch (Throwable th4) {
            if (0 == 0) {
                th = th4;
            } else if (null != th4) {
                th.addSuppressed(th4);
            }
            throw th;
        }
    }

    public static X509Certificate[] generateCertificateChain(KeyPair keyPair, String str, String str2, Date date, Date date2) throws OperatorCreationException, CertificateException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        X500Name x500Name = new X500Name(str2);
        return new X509Certificate[]{new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder(str).setProvider(bouncyCastleProvider).build(keyPair.getPrivate())))};
    }

    public static Store<X509CertificateHolder> toX509CertificateHolderStore(String str) throws Exception {
        return new JcaCertStore((List) readPemCertificates(str).stream().map(x509Certificate -> {
            try {
                return new X509CertificateHolder(x509Certificate.getEncoded());
            } catch (IOException | CertificateEncodingException e) {
                throw new RuntimeException(e);
            }
        }).collect(Collectors.toList()));
    }

    public static CertStore toCertStore(Store<?> store) throws Exception {
        try {
            return CertStore.getInstance("Collection", new CollectionCertStoreParameters((List) store.getMatches((Selector) null).stream().map(obj -> {
                try {
                    return toJavaX509Certificate(obj);
                } catch (Exception unused) {
                    return null;
                }
            }).collect(Collectors.toList())));
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new Exception(e);
        }
    }
}
