package com.github.khazrak.jdocker.ssl;

import com.github.khazrak.jdocker.exception.DockerClientException;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/khazrak/jdocker/ssl/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static Logger logger = LoggerFactory.getLogger(KeyStoreUtil.class);
    static char[] KEY_STORE_PASSWORD = "docker".toCharArray();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createDockerKeyStore(String str) throws IOException, GeneralSecurityException {
        PrivateKey loadPrivateKey = loadPrivateKey(new File(str, "key.pem").getAbsolutePath());
        Collection<Certificate> loadCertificates = loadCertificates(new File(str, "cert.pem").getAbsolutePath());
        Certificate[] certificateArr = new Certificate[loadCertificates.size()];
        int i = 0;
        Iterator<Certificate> it = loadCertificates.iterator();
        while (it.hasNext()) {
            certificateArr[i] = it.next();
            i++;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load((KeyStore.LoadStoreParameter) null);
        keyStore.setKeyEntry("docker", loadPrivateKey, KEY_STORE_PASSWORD, certificateArr);
        addCA(keyStore, new File(str, "ca.pem").getAbsolutePath());
        return keyStore;
    }

    static PrivateKey loadPrivateKey(String str) throws IOException, GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(((PEMKeyPair) loadPEM(str)).getPrivateKeyInfo().getEncoded()));
    }

    static <T> T loadPEM(String str) throws IOException {
        return (T) new PEMParser(new BufferedReader(new FileReader(str))).readObject();
    }

    static void addCA(KeyStore keyStore, String str) throws KeyStoreException, FileNotFoundException, CertificateException {
        loadCertificates(str).forEach(certificate -> {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            try {
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            } catch (KeyStoreException e) {
                throw new DockerClientException("Exception during adding CA to keystore", e);
            }
        });
    }

    static Collection<Certificate> loadCertificates(String str) throws FileNotFoundException, CertificateException {
        return CertificateFactory.getInstance("X509").generateCertificates(new FileInputStream(str));
    }
}
