package com.github.autermann.sockets.ssl;

import com.github.autermann.utils.Java;
import com.google.common.base.Charsets;
import com.google.common.collect.Lists;
import com.google.common.io.CharStreams;
import com.google.common.io.Closeables;
import com.google.common.io.Closer;
import com.google.common.io.Files;
import com.google.common.io.InputSupplier;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/autermann/sockets/ssl/SSLUtils.class */
public class SSLUtils {
    private static final Logger log = LoggerFactory.getLogger(SSLUtils.class);

    private SSLUtils() {
    }

    public static KeyStore createEmptyKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        return keyStore;
    }

    public static String randomAlias() {
        return UUID.randomUUID().toString();
    }

    public static PrivateKey createKeyFromDER(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(SSLConstants.KEY_ALGORITHM_RSA).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static Certificate[] toChain(List<? extends Certificate> list) {
        return (Certificate[]) Lists.reverse(list).toArray(new Certificate[list.size()]);
    }

    public static Certificate[] readChain(String str) throws CertificateException, IOException {
        return toChain(readCertificates(str));
    }

    public static Certificate[] readChain(File file) throws CertificateException, IOException {
        return toChain(readCertificates(file));
    }

    public static Certificate[] readChain(InputSupplier<? extends InputStream> inputSupplier) throws CertificateException, IOException {
        return toChain(readCertificates(inputSupplier));
    }

    public static PrivateKey readKey(String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return readKey(new File(str));
    }

    public static PrivateKey readKey(File file) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return readKey((InputSupplier<? extends InputStream>) Files.newInputStreamSupplier(file));
    }

    public static PrivateKey readKey(InputSupplier<? extends InputStream> inputSupplier) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        Closer create = Closer.create();
        try {
            try {
                PrivateKey createPrivateKey = createPrivateKey(new PemReader((Reader) create.register((Closeable) CharStreams.newReaderSupplier(inputSupplier, Charsets.UTF_8).getInput())).readPemObject());
                create.close();
                return createPrivateKey;
            } catch (IOException e) {
                throw create.rethrow(e);
            }
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    public static List<X509Certificate> readCertificates(String str) throws CertificateException, IOException {
        return readCertificates(new File(str));
    }

    public static List<X509Certificate> readCertificates(File file) throws CertificateException, IOException {
        return readCertificates((InputSupplier<? extends InputStream>) Files.newInputStreamSupplier(file));
    }

    public static List<X509Certificate> readCertificates(InputSupplier<? extends InputStream> inputSupplier) throws CertificateException, IOException {
        InputStream inputStream = null;
        try {
            try {
                inputStream = (InputStream) inputSupplier.getInput();
                LinkedList linkedList = new LinkedList();
                CertificateFactory certificateFactory = CertificateFactory.getInstance(SSLConstants.CERTIFICATE_TYPE_X509);
                while (inputStream.available() > 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                    linkedList.add(x509Certificate);
                    log.info("Read {}", x509Certificate.getSubjectX500Principal().getName());
                }
                Closeables.close(inputStream, true);
                return linkedList;
            } catch (CertificateParsingException e) {
                if (Java.v6 && e.getMessage() != null && e.getMessage().equals("invalid DER-encoded certificate data")) {
                    log.warn("X509CertificateFactory was not able to parse certificate. Consider switching to Java 7 to overcome this issue.");
                }
                throw e;
            }
        } catch (Throwable th) {
            Closeables.close(inputStream, true);
            throw th;
        }
    }

    private static PrivateKey createPrivateKey(PemObject pemObject) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        return createKeyFromDER(new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), RSAPrivateKey.getInstance(pemObject.getContent())).toASN1Primitive().getEncoded());
    }
}
