package net.ripe.rpki.commons.crypto.util;

import com.google.common.io.ByteStreams;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import net.ripe.rpki.commons.util.UTC;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/util/KeyStoreUtil.class */
public final class KeyStoreUtil {
    public static final char[] KEYSTORE_PASSPHRASE = "4AD8A8BD-A001-4400-8DAC-5F3B97F07DE5".toCharArray();
    static final String KEYSTORE_KEY_ALIAS = "mykey1";

    private KeyStoreUtil() {
    }

    public static KeyStore createKeyStoreForKeyPair(KeyPair keyPair, String str, String str2, String str3) {
        return createKeyStoreForKeyPair(keyPair, str, str2, str3, KeyStoreUtil::defaultLoadKeyStore);
    }

    private static void defaultLoadKeyStore(KeyStore keyStore) {
        try {
            keyStore.load(null, KEYSTORE_PASSPHRASE);
        } catch (IOException | GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    public static KeyStore createKeyStoreForKeyPair(KeyPair keyPair, String str, String str2, String str3, Consumer<KeyStore> consumer) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str3, str);
            consumer.accept(keyStore);
            keyStore.aliases();
            keyStore.setKeyEntry(KEYSTORE_KEY_ALIAS, keyPair.getPrivate(), KEYSTORE_PASSPHRASE, new Certificate[]{generateCertificate(keyPair, str2)});
            return keyStore;
        } catch (GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    public static KeyPair getKeyPairFromKeyStore(byte[] bArr, String str, String str2) {
        return getKeyPairFromKeyStore(loadKeyStore(bArr, str, str2));
    }

    public static KeyPair getKeyPairFromKeyStore(byte[] bArr, String str, String str2, BiConsumer<KeyStore, InputStream> biConsumer) {
        return getKeyPairFromKeyStore(loadKeyStore(bArr, str, str2, biConsumer));
    }

    public static byte[] storeKeyStore(KeyStore keyStore) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, KEYSTORE_PASSPHRASE);
            byteArrayOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    public static KeyStore clearKeyStore(byte[] bArr, String str, String str2) {
        return clearKeyStore(loadKeyStore(bArr, str, str2));
    }

    public static void clearKeyStore(byte[] bArr, String str, String str2, BiConsumer<KeyStore, InputStream> biConsumer) {
        clearKeyStore(loadKeyStore(bArr, str, str2, biConsumer));
    }

    private static KeyStore clearKeyStore(KeyStore keyStore) {
        try {
            if (keyStore.containsAlias(KEYSTORE_KEY_ALIAS)) {
                keyStore.deleteEntry(KEYSTORE_KEY_ALIAS);
                keyStore.store(ByteStreams.nullOutputStream(), KEYSTORE_PASSPHRASE);
            }
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    private static KeyPair getKeyPairFromKeyStore(KeyStore keyStore) {
        try {
            return new KeyPair(keyStore.getCertificateChain(KEYSTORE_KEY_ALIAS)[0].getPublicKey(), (PrivateKey) keyStore.getKey(KEYSTORE_KEY_ALIAS, KEYSTORE_PASSPHRASE));
        } catch (GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    private static KeyStore loadKeyStore(byte[] bArr, String str, String str2) {
        return loadKeyStore(bArr, str, str2, (keyStore, inputStream) -> {
            try {
                keyStore.load(new ByteArrayInputStream(bArr), KEYSTORE_PASSPHRASE);
            } catch (Exception e) {
                throw new KeyStoreException(e);
            }
        });
    }

    private static KeyStore loadKeyStore(byte[] bArr, String str, String str2, BiConsumer<KeyStore, InputStream> biConsumer) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str2, str);
            biConsumer.accept(keyStore, new ByteArrayInputStream(bArr));
            return keyStore;
        } catch (GeneralSecurityException e) {
            throw new KeyStoreException(e);
        }
    }

    public static X509Certificate generateCertificate(KeyPair keyPair, String str) {
        DateTime dateTime = UTC.dateTime();
        try {
            return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Principal("CN=issuer"), BigInteger.ONE, dateTime.minusYears(2).toDate(), dateTime.minusYears(1).toDate(), new X500Principal("CN=subject"), keyPair.getPublic()).build(new JcaContentSignerBuilder(X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM).setProvider(str).build(keyPair.getPrivate())));
        } catch (OperatorCreationException | CertificateException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
