package org.openziti.identity;

import java.io.File;
import java.io.FileInputStream;
import java.io.StringReader;
import java.net.URI;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.jetbrains.annotations.NotNull;
import org.openziti.util.CertsKt;
import org.openziti.util.ZitiLog;

/* compiled from: util.kt */
@Metadata(mv = {1, 6, 0}, k = 2, xi = 48, d1 = {"��$\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0019\n��\u001a\u0010\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0003H��\u001a\u0010\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0005\u001a\u00020\u0006H��\u001a\u0018\u0010\u0007\u001a\u00020\u00032\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH��¨\u0006\f"}, d2 = {"findIdentityAlias", "", "ks", "Ljava/security/KeyStore;", "keystoreFromConfig", "id", "Lorg/openziti/identity/IdentityConfig;", "loadKeystore", "f", "Ljava/io/File;", "pwd", "", "ziti"})
/* loaded from: input_file:org/openziti/identity/UtilKt.class */
public final class UtilKt {
    @NotNull
    public static final String findIdentityAlias(@NotNull KeyStore ks) {
        Intrinsics.checkNotNullParameter(ks, "ks");
        Enumeration<String> aliases = ks.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "ks.aliases()");
        Iterator it = CollectionsKt.iterator(aliases);
        while (it.hasNext()) {
            String a = (String) it.next();
            if (ks.isKeyEntry(a)) {
                Intrinsics.checkNotNullExpressionValue(a, "a");
                return a;
            }
        }
        throw new IllegalStateException("no suitable key entry".toString());
    }

    @NotNull
    public static final KeyStore keystoreFromConfig(@NotNull IdentityConfig id) {
        Intrinsics.checkNotNullParameter(id, "id");
        KeyStore ks = KeyStore.getInstance("PKCS12");
        ks.load(null);
        List<X509Certificate> readCerts = CertsKt.readCerts(StringsKt.replace$default(id.getId().getCert(), "pem:", "", false, 4, (Object) null));
        URI create = URI.create(id.getZtAPI());
        String str = "ziti://" + ((Object) create.getHost()) + ':' + create.getPort() + '/' + new X500Name(readCerts.get(0).getSubjectDN().getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue().toASN1Primitive().toString();
        PrivateKey readKey = CertsKt.readKey(new StringReader(StringsKt.replace$default(id.getId().getKey(), "pem:", "", false, 4, (Object) null)));
        Object[] array = readCerts.toArray(new X509Certificate[0]);
        if (array == null) {
            throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
        }
        ks.setEntry(str, new KeyStore.PrivateKeyEntry(readKey, (Certificate[]) array), new KeyStore.PasswordProtection(new char[0]));
        String ca = id.getId().getCa();
        if (ca != null) {
            for (X509Certificate x509Certificate : CertsKt.readCerts(StringsKt.replace$default(ca, "pem:", "", false, 4, (Object) null))) {
                ks.setCertificateEntry(str + "-ca-" + x509Certificate.getSerialNumber(), x509Certificate);
            }
        }
        Intrinsics.checkNotNullExpressionValue(ks, "ks");
        return ks;
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull File f, @NotNull char[] pwd) {
        Intrinsics.checkNotNullParameter(f, "f");
        Intrinsics.checkNotNullParameter(pwd, "pwd");
        ZitiLog zitiLog = new ZitiLog();
        KeyStore ks = KeyStore.getInstance("PKCS12");
        try {
            ks.load(new FileInputStream(f), pwd);
            Intrinsics.checkNotNullExpressionValue(ks, "ks");
            return ks;
        } catch (Exception e) {
            try {
                return keystoreFromConfig(IdentityConfig.Companion.load(f));
            } catch (Exception e2) {
                zitiLog.w(Intrinsics.stringPlus("failed to load identity config: ", e2.getLocalizedMessage()));
                throw new IllegalArgumentException("unsupported format");
            }
        }
    }
}
