package org.commonjava.util.jhttpc.INTERNAL.util;

import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.commonjava.util.jhttpc.JHttpCException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/commonjava/util/jhttpc/INTERNAL/util/BouncyCastleUtils.class */
public class BouncyCastleUtils {
    private static final String KEY_TYPE_PATTERN = "BEGIN (.+) PRIVATE KEY";

    public static KeyStore readKeyAndCertFromPem(String str, String str2) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, JHttpCException {
        Logger logger = LoggerFactory.getLogger((Class<?>) BouncyCastleUtils.class);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int i = 0;
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        InputDecryptorProvider build = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bouncyCastleProvider).build(str2.toCharArray());
        ArrayList arrayList = new ArrayList();
        PrivateKey privateKey = null;
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        while (true) {
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                break;
            }
            logger.trace("Got PEM object: {}", readObject);
            if (readObject instanceof X509CertificateHolder) {
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate((X509CertificateHolder) readObject);
                arrayList.add(certificate);
                HashSet<String> hashSet = new HashSet();
                hashSet.add("certificate" + i);
                SSLUtils.extractAliases(certificate, hashSet);
                KeyStore.TrustedCertificateEntry trustedCertificateEntry = new KeyStore.TrustedCertificateEntry(certificate);
                for (String str3 : hashSet) {
                    keyStore.setEntry(str3, trustedCertificateEntry, null);
                    logger.trace("Storing trusted cert under alias: {}\n  with DN: {}", str3, certificate.getSubjectDN().getName());
                }
                i++;
            } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                try {
                    privateKey = new JcaPEMKeyConverter().getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(build));
                } catch (PKCSException e) {
                    throw new JHttpCException("Failed to decrypt key/certificate: %s", e, e.getMessage());
                }
            } else if (readObject instanceof PEMEncryptedKeyPair) {
                privateKey = new JcaPEMKeyConverter().getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new BcPEMDecryptorProvider(str2.toCharArray())).getPrivateKeyInfo());
            } else {
                logger.trace("Got unrecognized PEM object: {} (class: {})", readObject, readObject == null ? "NULL" : readObject.getClass().getName());
            }
            logger.trace("Got private key:\n{}\n", privateKey);
        }
        if (privateKey == null || arrayList.isEmpty()) {
            logger.warn("No private key found in PEM!");
        } else {
            logger.trace("Setting key entry: {}", privateKey);
            keyStore.setKeyEntry("key", privateKey, str2.toCharArray(), (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
        }
        return keyStore;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
