package org.openziti.identity;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.URI;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.openziti.net.ZitiProtocol;
import org.openziti.util.CertsKt;
import org.openziti.util.ZitiLog;

/* compiled from: util.kt */
@Metadata(mv = {1, 7, 1}, k = ZitiProtocol.Header.ResultSuccess, xi = 48, d1 = {"��6\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0019\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\u001a\u0010\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0003H��\u001a\u0010\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0005\u001a\u00020\u0006H��\u001a\u0018\u0010\u0007\u001a\u00020\u00032\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH��\u001a\u0018\u0010\u0007\u001a\u00020\u00032\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000bH��\u001a\"\u0010\u0007\u001a\u0004\u0018\u00010\u00032\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000fH��\u001a\u0010\u0010\u0007\u001a\u00020\u00032\u0006\u0010\u0010\u001a\u00020\u0011H��¨\u0006\u0012"}, d2 = {"findIdentityAlias", "", "ks", "Ljava/security/KeyStore;", "keystoreFromConfig", "id", "Lorg/openziti/identity/IdentityConfig;", "loadKeystore", "f", "Ljava/io/File;", "pwd", "", "stream", "Ljava/io/InputStream;", "log", "Lorg/openziti/util/ZitiLog;", "i", "", "ziti"})
/* loaded from: input_file:org/openziti/identity/UtilKt.class */
public final class UtilKt {
    @NotNull
    public static final String findIdentityAlias(@NotNull KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "ks");
        Enumeration<String> aliases = keyStore.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "ks.aliases()");
        Iterator it = CollectionsKt.iterator(aliases);
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore.isKeyEntry(str)) {
                Intrinsics.checkNotNullExpressionValue(str, "a");
                return str;
            }
        }
        throw new IllegalStateException("no suitable key entry".toString());
    }

    @NotNull
    public static final KeyStore keystoreFromConfig(@NotNull IdentityConfig identityConfig) {
        Intrinsics.checkNotNullParameter(identityConfig, "id");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null);
        List<X509Certificate> readCerts = CertsKt.readCerts(StringsKt.replace$default(identityConfig.getId().getCert(), "pem:", "", false, 4, (Object) null));
        URI create = URI.create(identityConfig.getZtAPI());
        String str = "ziti://" + create.getHost() + ':' + create.getPort() + '/' + new X500Name(readCerts.get(0).getSubjectDN().getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue().toASN1Primitive().toString();
        keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(CertsKt.readKey(new StringReader(StringsKt.replace$default(identityConfig.getId().getKey(), "pem:", "", false, 4, (Object) null))), (Certificate[]) readCerts.toArray(new X509Certificate[0])), new KeyStore.PasswordProtection(new char[0]));
        String ca = identityConfig.getId().getCa();
        if (ca != null) {
            for (X509Certificate x509Certificate : CertsKt.readCerts(StringsKt.replace$default(ca, "pem:", "", false, 4, (Object) null))) {
                keyStore.setCertificateEntry(str + "-ca-" + x509Certificate.getSerialNumber(), x509Certificate);
            }
        }
        Intrinsics.checkNotNullExpressionValue(keyStore, "ks");
        return keyStore;
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(bArr, "i");
        ZitiLog zitiLog = new ZitiLog();
        try {
            return keystoreFromConfig(IdentityConfig.Companion.load(new InputStreamReader(new ByteArrayInputStream(bArr), Charsets.UTF_8)));
        } catch (Exception e) {
            zitiLog.w("failed to load identity config: " + e.getLocalizedMessage());
            throw new IllegalArgumentException("unsupported format");
        }
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull File file, @NotNull char[] cArr) {
        Intrinsics.checkNotNullParameter(file, "f");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        ZitiLog zitiLog = new ZitiLog();
        if (!file.exists() || !file.canRead()) {
            throw new IllegalArgumentException("Failed to parse keystore.  " + file.getAbsolutePath() + " does not exist or can not be read");
        }
        KeyStore loadKeystore = loadKeystore(new FileInputStream(file), cArr, zitiLog);
        if (loadKeystore != null) {
            return loadKeystore;
        }
        zitiLog.t("Trying to load it as a plain identity config");
        try {
            return keystoreFromConfig(IdentityConfig.Companion.load(file));
        } catch (Exception e) {
            zitiLog.w("failed to load identity config: " + e.getLocalizedMessage());
            throw new IllegalArgumentException("unsupported format");
        }
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull InputStream inputStream, @NotNull char[] cArr) {
        Intrinsics.checkNotNullParameter(inputStream, "stream");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        KeyStore loadKeystore = loadKeystore(inputStream, cArr, new ZitiLog());
        if (loadKeystore != null) {
            return loadKeystore;
        }
        throw new IllegalArgumentException("unsupported format");
    }

    @Nullable
    public static final KeyStore loadKeystore(@NotNull InputStream inputStream, @NotNull char[] cArr, @NotNull ZitiLog zitiLog) {
        KeyStore keyStore;
        Intrinsics.checkNotNullParameter(inputStream, "stream");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        Intrinsics.checkNotNullParameter(zitiLog, "log");
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        try {
            keyStore2.load(inputStream, cArr);
            keyStore = keyStore2;
        } catch (Exception e) {
            zitiLog.t("Failed to parse identity file as a keystore: " + e.getLocalizedMessage());
            keyStore = (KeyStore) null;
        }
        return keyStore;
    }
}
