package skuber.api.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Some;
import scala.collection.Iterable$;
import scala.collection.JavaConverters$;
import scala.collection.TraversableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.reflect.ClassTag$;
import scala.util.Either;
import scala.util.Left;
import scala.util.Right;

/* compiled from: SecurityHelper.scala */
/* loaded from: input_file:skuber/api/security/SecurityHelper$.class */
public final class SecurityHelper$ {
    public static final SecurityHelper$ MODULE$ = null;

    static {
        new SecurityHelper$();
    }

    public List<X509Certificate> readCertificates(InputStream inputStream) {
        return ((TraversableOnce) ((TraversableLike) JavaConverters$.MODULE$.collectionAsScalaIterableConverter(CertificateFactory.getInstance("X509").generateCertificates(inputStream)).asScala()).collect(new SecurityHelper$$anonfun$readCertificates$1(), Iterable$.MODULE$.canBuildFrom())).toList();
    }

    private InputStream createInputStreamForPathOrData(Either<String, byte[]> either) {
        InputStream newInputStream;
        if (either instanceof Right) {
            newInputStream = new ByteArrayInputStream((byte[]) ((Right) either).b());
        } else {
            if (!(either instanceof Left)) {
                throw new MatchError(either);
            }
            newInputStream = Files.newInputStream(Paths.get((String) ((Left) either).a(), new String[0]), new OpenOption[0]);
        }
        return newInputStream;
    }

    public List<X509Certificate> getCertificates(Either<String, byte[]> either) {
        return readCertificates(createInputStreamForPathOrData(either));
    }

    public KeyStore createTrustStore(List<X509Certificate> list) {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        return (KeyStore) list.foldLeft(keyStore, new SecurityHelper$$anonfun$createTrustStore$1());
    }

    public PrivateKey readPrivateKey(InputStream inputStream) {
        PrivateKey privateKey;
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
        Some apply = Option$.MODULE$.apply(new PEMParser(new InputStreamReader(inputStream)).readObject());
        if (!(apply instanceof Some)) {
            if (None$.MODULE$.equals(apply)) {
                throw new IOException("could not read private key");
            }
            throw new MatchError(apply);
        }
        Object x = apply.x();
        if (x instanceof PEMKeyPair) {
            privateKey = provider.getPrivateKey(((PEMKeyPair) x).getPrivateKeyInfo());
        } else {
            if (!(x instanceof PrivateKeyInfo)) {
                throw new MatchError(x);
            }
            privateKey = provider.getPrivateKey((PrivateKeyInfo) x);
        }
        return privateKey;
    }

    public PrivateKey getPrivateKey(Either<String, byte[]> either) {
        return readPrivateKey(createInputStreamForPathOrData(either));
    }

    public KeyStore createKeyStore(String str, List<X509Certificate> list, PrivateKey privateKey, Option<String> option) {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        char[] charArray = ((String) option.orElse(new SecurityHelper$$anonfun$1()).get()).toCharArray();
        keyStore.load(null, charArray);
        keyStore.setKeyEntry(str, privateKey, charArray, (Certificate[]) list.toArray(ClassTag$.MODULE$.apply(Certificate.class)));
        return keyStore;
    }

    public Option<String> createKeyStore$default$4() {
        return None$.MODULE$;
    }

    private SecurityHelper$() {
        MODULE$ = this;
    }
}
