package org.italiangrid.voms.util;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* loaded from: input_file:org/italiangrid/voms/util/CredentialsUtils.class */
public class CredentialsUtils {
    public static final PrivateKeyEncoding DEFAULT_ENCONDING = PrivateKeyEncoding.PKCS_1;

    /* loaded from: input_file:org/italiangrid/voms/util/CredentialsUtils$PrivateKeyEncoding.class */
    public enum PrivateKeyEncoding {
        PKCS_1,
        PKCS_8
    }

    public static void savePrivateKey(OutputStream outputStream, PrivateKey privateKey, PrivateKeyEncoding privateKeyEncoding) throws IOException {
        switch (privateKeyEncoding) {
            case PKCS_1:
                savePrivateKeyPKCS1(outputStream, privateKey);
                return;
            case PKCS_8:
                savePrivateKeyPKCS8(outputStream, privateKey);
                return;
            default:
                throw new IllegalArgumentException("Unsupported private key encoding: " + privateKeyEncoding.name());
        }
    }

    private static void savePrivateKeyPKCS8(OutputStream outputStream, PrivateKey privateKey) throws IllegalArgumentException, IOException {
        CertificateUtils.savePrivateKey(outputStream, privateKey, CertificateUtils.Encoding.PEM, (String) null, (char[]) null);
    }

    private static void savePrivateKeyPKCS1(OutputStream outputStream, PrivateKey privateKey) throws IllegalArgumentException, IOException {
        CertificateUtils.savePrivateKey(outputStream, privateKey, CertificateUtils.Encoding.PEM, (String) null, new char[0], true);
    }

    public static void saveProxyCredentials(OutputStream outputStream, X509Credential x509Credential, PrivateKeyEncoding privateKeyEncoding) throws IOException {
        X509Certificate[] sortChain = CertificateHelpers.sortChain(Arrays.asList(x509Credential.getCertificateChain()));
        PrivateKey key = x509Credential.getKey();
        CertificateUtils.saveCertificate(outputStream, x509Credential.getCertificate(), CertificateUtils.Encoding.PEM);
        if (key != null) {
            savePrivateKey(outputStream, key, privateKeyEncoding);
        }
        for (int i = 1; i < sortChain.length; i++) {
            X509Certificate x509Certificate = sortChain[i];
            if (x509Certificate.getBasicConstraints() < 0) {
                CertificateUtils.saveCertificate(outputStream, x509Certificate, CertificateUtils.Encoding.PEM);
            }
        }
        outputStream.flush();
    }

    public static void saveProxyCredentials(OutputStream outputStream, X509Credential x509Credential) throws IOException {
        saveProxyCredentials(outputStream, x509Credential, DEFAULT_ENCONDING);
    }

    public static void saveProxyCredentials(String str, X509Credential x509Credential, PrivateKeyEncoding privateKeyEncoding) throws IOException {
        RandomAccessFile randomAccessFile = new RandomAccessFile(new File(str), "rws");
        FileChannel channel = randomAccessFile.getChannel();
        FilePermissionHelper.setProxyPermissions(str);
        channel.truncate(0L);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        saveProxyCredentials(byteArrayOutputStream, x509Credential, privateKeyEncoding);
        byteArrayOutputStream.close();
        channel.write(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()));
        channel.close();
        randomAccessFile.close();
    }

    public static void saveProxyCredentials(String str, X509Credential x509Credential) throws IOException {
        saveProxyCredentials(str, x509Credential, DEFAULT_ENCONDING);
    }
}
