package org.openziti.util;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.net.URI;
import java.net.URLConnection;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.io.ByteStreamsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.sequences.SequencesKt;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: Certs.kt */
@Metadata(mv = {1, 6, 0}, k = 2, xi = 48, d1 = {"��:\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u001e\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\u001e\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH��\u001a\u0014\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00070\r2\u0006\u0010\u000e\u001a\u00020\u000f\u001a\u0014\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00070\r2\u0006\u0010\u0010\u001a\u00020\u0011\u001a\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u000f\"\u001c\u0010��\u001a\n \u0002*\u0004\u0018\u00010\u00010\u0001X\u0080\u0004¢\u0006\b\n��\u001a\u0004\b\u0003\u0010\u0004¨\u0006\u0015"}, d2 = {"cf", "Ljava/security/cert/CertificateFactory;", "kotlin.jvm.PlatformType", "getCf", "()Ljava/security/cert/CertificateFactory;", "getCACerts", "", "Ljava/security/cert/X509Certificate;", "api", "Ljava/net/URI;", "serverKey", "Ljava/security/Key;", "readCerts", "", "pemInput", "Ljava/io/Reader;", "pem", "", "readKey", "Ljava/security/PrivateKey;", "input", "ziti"})
/* loaded from: input_file:org/openziti/util/CertsKt.class */
public final class CertsKt {
    private static final CertificateFactory cf = CertificateFactory.getInstance("X.509");

    public static final CertificateFactory getCf() {
        return cf;
    }

    @NotNull
    public static final List<X509Certificate> readCerts(@NotNull String pem) {
        Intrinsics.checkNotNullParameter(pem, "pem");
        return readCerts(new StringReader(pem));
    }

    @NotNull
    public static final List<X509Certificate> readCerts(@NotNull Reader pemInput) {
        Intrinsics.checkNotNullParameter(pemInput, "pemInput");
        PemReader pemReader = new PemReader(pemInput);
        Throwable th = null;
        try {
            try {
                final PemReader pemReader2 = pemReader;
                List<X509Certificate> list = SequencesKt.toList(SequencesKt.map(SequencesKt.filter(SequencesKt.generateSequence(new Function0<PemObject>() { // from class: org.openziti.util.CertsKt$readCerts$1$1
                    /* JADX INFO: Access modifiers changed from: package-private */
                    {
                        super(0);
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // kotlin.jvm.functions.Function0
                    @Nullable
                    /* renamed from: invoke */
                    public final PemObject invoke2() {
                        return PemReader.this.readPemObject();
                    }
                }), new Function1<PemObject, Boolean>() { // from class: org.openziti.util.CertsKt$readCerts$1$2
                    @Override // kotlin.jvm.functions.Function1
                    @NotNull
                    public final Boolean invoke(@NotNull PemObject it) {
                        Intrinsics.checkNotNullParameter(it, "it");
                        return Boolean.valueOf(Intrinsics.areEqual(it.getType(), PEMParser.TYPE_CERTIFICATE));
                    }
                }), new Function1<PemObject, X509Certificate>() { // from class: org.openziti.util.CertsKt$readCerts$1$3
                    @Override // kotlin.jvm.functions.Function1
                    @NotNull
                    public final X509Certificate invoke(@NotNull PemObject it) {
                        Intrinsics.checkNotNullParameter(it, "it");
                        CertificateFactory cf2 = CertsKt.getCf();
                        byte[] content = it.getContent();
                        Intrinsics.checkNotNullExpressionValue(content, "it.content");
                        Certificate generateCertificate = cf2.generateCertificate(new ByteArrayInputStream(content));
                        if (generateCertificate == null) {
                            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                        }
                        return (X509Certificate) generateCertificate;
                    }
                }));
                CloseableKt.closeFinally(pemReader, null);
                return list;
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(pemReader, th);
            throw th2;
        }
    }

    @NotNull
    public static final PrivateKey readKey(@NotNull Reader input) {
        PrivateKey privateKey;
        Intrinsics.checkNotNullParameter(input, "input");
        Object readObject = new PEMParser(input).readObject();
        if (readObject instanceof PEMKeyPair) {
            privateKey = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) readObject).getPrivate();
        } else {
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new IllegalStateException("unsupported key format".toString());
            }
            privateKey = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) readObject);
        }
        PrivateKey pk = privateKey;
        Intrinsics.checkNotNullExpressionValue(pk, "pk");
        return pk;
    }

    @NotNull
    public static final Collection<X509Certificate> getCACerts(@NotNull URI api, @NotNull Key serverKey) {
        Intrinsics.checkNotNullParameter(api, "api");
        Intrinsics.checkNotNullParameter(serverKey, "serverKey");
        URLConnection openConnection = api.resolve("/.well-known/est/cacerts").toURL().openConnection();
        if (openConnection == null) {
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.HttpsURLConnection");
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
        httpsURLConnection.setRequestProperty("Accept", "application/pkcs7-mime");
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new KeyTrustManager[]{new KeyTrustManager(serverKey)}, new SecureRandom());
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.setDoInput(true);
        if (httpsURLConnection.getResponseCode() != 200) {
            return CollectionsKt.emptyList();
        }
        InputStream inputStream = httpsURLConnection.getInputStream();
        Throwable th = null;
        try {
            try {
                InputStream it = inputStream;
                Intrinsics.checkNotNullExpressionValue(it, "it");
                byte[] readBytes = ByteStreamsKt.readBytes(it);
                Charset defaultCharset = Charset.defaultCharset();
                Intrinsics.checkNotNullExpressionValue(defaultCharset, "defaultCharset()");
                byte[] bytes = Base64.getMimeDecoder().decode(new String(readBytes, defaultCharset));
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Intrinsics.checkNotNullExpressionValue(bytes, "bytes");
                Collection generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(bytes));
                if (generateCertificates == null) {
                    throw new NullPointerException("null cannot be cast to non-null type kotlin.collections.Collection<java.security.cert.X509Certificate>");
                }
                CloseableKt.closeFinally(inputStream, null);
                return generateCertificates;
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(inputStream, th);
            throw th2;
        }
    }
}
