package de.fhg.aisec.ids.tpm2d;

import de.fhg.aisec.ids.tpm2d.messages.TpmAttestation;
import java.io.FileInputStream;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: TpmHelper.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = TpmAttestation.HashAlgLen.SHA384_VALUE, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0019\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010 \n\u0002\b\u0003\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u000b\u001a\u00020\fJ\u000e\u0010\r\u001a\u00020\t2\u0006\u0010\u000e\u001a\u00020\u000fJ\u001e\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0017J\u000e\u0010\u0018\u001a\u00020\u00112\u0006\u0010\u0019\u001a\u00020\u0013J\u001c\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u00110\u001b2\u0006\u0010\u001c\u001a\u00020\u00132\u0006\u0010\u001d\u001a\u00020\u0015R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001e"}, d2 = {"Lde/fhg/aisec/ids/tpm2d/TpmHelper;", "", "()V", "LOG", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "sr", "Ljava/security/SecureRandom;", "calculateHash", "", "nonce", "certificate", "Ljava/security/cert/Certificate;", "generateNonce", "numBytes", "", "loadCertificateFromKeystore", "Ljava/security/cert/X509Certificate;", "keyStorePath", "Ljava/nio/file/Path;", "keyStorePassword", "", "keyAlias", "", "loadCertificateFromPem", "path", "loadCertificatesFromTruststore", "", "trustStorePath", "trustStorePassword", "idscp2-ra-tpm2d"})
/* loaded from: input_file:de/fhg/aisec/ids/tpm2d/TpmHelper.class */
public final class TpmHelper {

    @NotNull
    public static final TpmHelper INSTANCE = new TpmHelper();
    private static final Logger LOG = LoggerFactory.getLogger(TpmHelper.class);

    @NotNull
    private static final SecureRandom sr = new SecureRandom();

    private TpmHelper() {
    }

    @NotNull
    public final byte[] generateNonce(int i) {
        byte[] bArr = new byte[i];
        sr.nextBytes(bArr);
        return bArr;
    }

    @NotNull
    public final byte[] calculateHash(@NotNull byte[] bArr, @NotNull Certificate certificate) {
        byte[] bArr2;
        Intrinsics.checkNotNullParameter(bArr, "nonce");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(bArr);
            messageDigest.update(certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            Intrinsics.checkNotNullExpressionValue(digest, "{\n            val digest…digest.digest()\n        }");
            bArr2 = digest;
        } catch (Exception e) {
            LOG.error("Could not create hash of own nonce and local certificate", e);
            bArr2 = bArr;
        }
        return bArr2;
    }

    @NotNull
    public final List<X509Certificate> loadCertificatesFromTruststore(@NotNull Path path, @NotNull char[] cArr) {
        Intrinsics.checkNotNullParameter(path, "trustStorePath");
        Intrinsics.checkNotNullParameter(cArr, "trustStorePassword");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(\"PKCS12\")");
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, cArr);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(newInputStream, (Throwable) null);
                Stream<TrustAnchor> stream = new PKIXParameters(keyStore).getTrustAnchors().stream();
                TpmHelper$loadCertificatesFromTruststore$2 tpmHelper$loadCertificatesFromTruststore$2 = new Function1<TrustAnchor, X509Certificate>() { // from class: de.fhg.aisec.ids.tpm2d.TpmHelper$loadCertificatesFromTruststore$2
                    public final X509Certificate invoke(TrustAnchor trustAnchor) {
                        return trustAnchor.getTrustedCert();
                    }
                };
                Object collect = stream.map((v1) -> {
                    return loadCertificatesFromTruststore$lambda$1(r1, v1);
                }).collect(Collectors.toList());
                Intrinsics.checkNotNullExpressionValue(collect, "trustAnchors.stream().ma…lect(Collectors.toList())");
                return (List) collect;
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(newInputStream, th);
            throw th2;
        }
    }

    @NotNull
    public final X509Certificate loadCertificateFromKeystore(@NotNull Path path, @NotNull char[] cArr, @NotNull String str) {
        Intrinsics.checkNotNullParameter(path, "keyStorePath");
        Intrinsics.checkNotNullParameter(cArr, "keyStorePassword");
        Intrinsics.checkNotNullParameter(str, "keyAlias");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, cArr);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(newInputStream, (Throwable) null);
                Certificate certificate = keyStore.getCertificate(str);
                Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                X509Certificate x509Certificate = (X509Certificate) certificate;
                keyStore.getKey(str, cArr);
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(newInputStream, th);
            throw th2;
        }
    }

    @NotNull
    public final X509Certificate loadCertificateFromPem(@NotNull Path path) {
        Intrinsics.checkNotNullParameter(path, "path");
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(path.toFile()));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    private static final X509Certificate loadCertificatesFromTruststore$lambda$1(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (X509Certificate) function1.invoke(obj);
    }
}
