package net.ripe.rpki.commons.crypto.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import org.apache.commons.io.output.NullOutputStream;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/util/KeyStoreUtil.class */
public final class KeyStoreUtil {
    private static final char[] KEYSTORE_PASSPHRASE = "4AD8A8BD-A001-4400-8DAC-5F3B97F07DE5".toCharArray();
    static final String KEYSTORE_KEY_ALIAS = "mykey1";

    private KeyStoreUtil() {
    }

    public static KeyStore createKeyStoreForKeyPair(KeyPair keyPair, String str, String str2, String str3) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str3, str);
            keyStore.load(null, KEYSTORE_PASSPHRASE);
            keyStore.aliases();
            keyStore.setKeyEntry(KEYSTORE_KEY_ALIAS, keyPair.getPrivate(), KEYSTORE_PASSPHRASE, new Certificate[]{generateCertificate(keyPair, str2)});
            return keyStore;
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (GeneralSecurityException e2) {
            throw new KeyStoreException(e2);
        }
    }

    public static KeyPair getKeyPairFromKeyStore(byte[] bArr, String str, String str2) {
        return getKeyPairFromKeyStore(loadKeyStore(bArr, str, str2));
    }

    public static byte[] storeKeyStore(KeyStore keyStore) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, KEYSTORE_PASSPHRASE);
            byteArrayOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (GeneralSecurityException e2) {
            throw new KeyStoreException(e2);
        }
    }

    public static KeyStore clearKeyStore(byte[] bArr, String str, String str2) {
        KeyStore loadKeyStore = loadKeyStore(bArr, str, str2);
        clearKeyStore(loadKeyStore);
        return loadKeyStore;
    }

    private static KeyStore clearKeyStore(KeyStore keyStore) {
        try {
            if (keyStore.containsAlias(KEYSTORE_KEY_ALIAS)) {
                keyStore.deleteEntry(KEYSTORE_KEY_ALIAS);
                keyStore.store(new NullOutputStream(), KEYSTORE_PASSPHRASE);
            }
            return keyStore;
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (GeneralSecurityException e2) {
            throw new KeyStoreException(e2);
        }
    }

    private static KeyPair getKeyPairFromKeyStore(KeyStore keyStore) {
        try {
            return new KeyPair(keyStore.getCertificateChain(KEYSTORE_KEY_ALIAS)[0].getPublicKey(), (PrivateKey) keyStore.getKey(KEYSTORE_KEY_ALIAS, KEYSTORE_PASSPHRASE));
        } catch (GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    private static KeyStore loadKeyStore(byte[] bArr, String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str2, str);
            keyStore.load(new ByteArrayInputStream(bArr), KEYSTORE_PASSPHRASE);
            return keyStore;
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (GeneralSecurityException e2) {
            throw new KeyStoreException(e2);
        }
    }

    public static X509Certificate generateCertificate(KeyPair keyPair, String str) {
        try {
            return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Principal("CN=issuer"), BigInteger.ONE, new DateTime().minusYears(2).toDate(), new DateTime().minusYears(1).toDate(), new X500Principal("CN=subject"), keyPair.getPublic()).build(new JcaContentSignerBuilder(X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM).setProvider(str).build(keyPair.getPrivate())));
        } catch (OperatorCreationException e) {
            throw new RuntimeException((Throwable) e);
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }
}
