package net.ravendb.client.util;

import com.google.common.primitives.Bytes;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import net.ravendb.client.exceptions.RavenException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:net/ravendb/client/util/CertificateUtils.class */
public class CertificateUtils {
    private static final String PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PKCS8_FOOTER = "-----END PRIVATE KEY-----";
    private static final String PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----";

    private CertificateUtils() {
    }

    public static KeyStore createKeystore(String str) throws IOException, GeneralSecurityException {
        return createKeystore(str, str);
    }

    public static KeyStore createKeystore(String str, String str2) throws IOException, GeneralSecurityException {
        Certificate readCertificate = readCertificate(str);
        PrivateKey readPrivateKey = readPrivateKey(str2);
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry("a", readPrivateKey, "".toCharArray(), new Certificate[]{readCertificate});
        return keyStore;
    }

    public static Certificate readCertificate(String str) throws CertificateException, FileNotFoundException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(str));
    }

    public static PrivateKey readPrivateKey(String str) throws GeneralSecurityException, IOException {
        byte[] byteArray = IOUtils.toByteArray(new FileInputStream(str));
        String str2 = new String(byteArray, StandardCharsets.UTF_8);
        if (str2.contains(PKCS1_HEADER)) {
            return readPkcs1PrivateKey(parseDERFromPEM(byteArray, PKCS1_HEADER, PKCS1_FOOTER));
        }
        if (str2.contains(PKCS8_HEADER)) {
            return readPkcs8PrivateKey(parseDERFromPEM(byteArray, PKCS8_HEADER, PKCS8_FOOTER));
        }
        throw new RavenException("Unable to detect private key type. Expected '-----BEGIN PRIVATE KEY-----' or '-----BEGIN RSA PRIVATE KEY-----'");
    }

    protected static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) {
        return Base64.decodeBase64(new String(bArr).split(str)[1].split(str2)[0]);
    }

    private static PrivateKey readPkcs8PrivateKey(byte[] bArr) throws GeneralSecurityException {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (InvalidKeySpecException e) {
            throw new IllegalArgumentException("Unexpected key format!", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    private static PrivateKey readPkcs1PrivateKey(byte[] bArr) throws GeneralSecurityException {
        int length = bArr.length;
        int i = length + 22;
        return readPkcs8PrivateKey(Bytes.concat((byte[][]) new byte[]{new byte[]{48, -126, (byte) ((i >> 8) & 255), (byte) (i & 255), 2, 1, 0, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 4, -126, (byte) ((length >> 8) & 255), (byte) (length & 255)}, bArr}));
    }

    public static String extractThumbprintFromCertificate(KeyStore keyStore) {
        try {
            ArrayList list = Collections.list(keyStore.aliases());
            if (list.size() != 1) {
                throw new IllegalStateException("Expected single certificate in keystore.");
            }
            String str = (String) list.get(0);
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                throw new IllegalStateException("Unable to find certificate for alias: '" + str + "'. If you generated certificate using RavenDB server, then it might be related to: https://github.com/dotnet/corefx/issues/30946. Please try to create Keystore using *.crt and *.key files instead of *.pfx using CertificateUtils.createKeystore");
            }
            return Hex.encodeHexString(MessageDigest.getInstance("SHA-1").digest(certificate.getEncoded()));
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new IllegalStateException("Unable to extract certificate thumbprint " + e.getMessage(), e);
        }
    }
}
