package de.gesellix.docker.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gesellix/docker/ssl/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static final Logger log = LoggerFactory.getLogger(KeyStoreUtil.class);
    public static final char[] KEY_STORE_PASSWORD;

    public static KeyStore createDockerKeyStore(String str) throws IOException, GeneralSecurityException {
        PrivateKey loadPrivateKey = loadPrivateKey(new File(str, "key.pem").getAbsolutePath());
        Certificate[] certificateArr = (Certificate[]) loadCertificates(new File(str, "cert.pem").getAbsolutePath()).toArray(new Certificate[0]);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setKeyEntry("docker", loadPrivateKey, KEY_STORE_PASSWORD, certificateArr);
        addCA(keyStore, new File(str, "ca.pem").getAbsolutePath());
        return keyStore;
    }

    public static PrivateKey loadPrivateKey(String str) throws IOException, GeneralSecurityException {
        Object readObject;
        PEMParser pEMParser = new PEMParser(new FileReader(str));
        Throwable th = null;
        do {
            try {
                readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw new GeneralSecurityException("Cannot generate private key from file: " + str);
                }
                if (readObject instanceof PEMKeyPair) {
                    PrivateKey generatePrivateKey = generatePrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return generatePrivateKey;
                }
            } finally {
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
            }
        } while (!(readObject instanceof PrivateKeyInfo));
        PrivateKey generatePrivateKey2 = generatePrivateKey((PrivateKeyInfo) readObject);
        if (pEMParser != null) {
            if (0 != 0) {
                try {
                    pEMParser.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                pEMParser.close();
            }
        }
        return generatePrivateKey2;
    }

    public static PrivateKey generatePrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException {
        try {
            return new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
        } catch (Exception e) {
            if (e.getCause() instanceof InvalidKeySpecException) {
                log.error("couldn't create private key for asn1oid '" + privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId() + "'", e.getCause());
            }
            throw e;
        }
    }

    public static void addCA(KeyStore keyStore, String str) throws KeyStoreException, CertificateException {
        Iterator<? extends Certificate> it = loadCertificates(str).iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
        }
    }

    public static Collection<? extends Certificate> loadCertificates(String str) throws CertificateException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X509").generateCertificates(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return generateCertificates;
            } finally {
            }
        } catch (IOException e) {
            return Collections.emptyList();
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        KEY_STORE_PASSWORD = "docker".toCharArray();
    }
}
