package org.soulwing.jwt.api.locator;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.soulwing.jwt.api.exceptions.CertificateException;

/* loaded from: input_file:WEB-INF/lib/jwt-api-1.6.0.jar:org/soulwing/jwt/api/locator/PemCertificateChainLoader.class */
public class PemCertificateChainLoader implements CertificateChainLoader {
    static final int MAX_CHAIN_LENGTH = 10;
    private static final PemCertificateChainLoader DEFAULT_INSTANCE = new PemCertificateChainLoader();

    public static PemCertificateChainLoader getDefaultInstance() {
        return DEFAULT_INSTANCE;
    }

    @Override // org.soulwing.jwt.api.locator.CertificateChainLoader
    public List<X509Certificate> load(URI uri) throws CertificateException, IOException {
        assertIsSecure(uri);
        return toCertificates(loadPemObjects(uri));
    }

    private void assertIsSecure(URI uri) throws CertificateException {
        String scheme = uri.getScheme();
        if (scheme != null && scheme.startsWith("http") && !scheme.equals("https")) {
            throw new CertificateException("certificate URL is not secure: " + uri);
        }
    }

    private List<PemObject> loadPemObjects(URI uri) throws IOException {
        InputStream openStream = openStream(uri);
        Throwable th = null;
        try {
            try {
                List<PemObject> loadPemObjects = loadPemObjects(openStream);
                do {
                } while (openStream.read() != -1);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return loadPemObjects;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    protected InputStream openStream(URI uri) throws IOException {
        return uri.toURL().openStream();
    }

    private List<PemObject> loadPemObjects(InputStream inputStream) throws IOException {
        PemReader pemReader = new PemReader(new InputStreamReader(inputStream, StandardCharsets.US_ASCII));
        LinkedList linkedList = new LinkedList();
        PemObject readPemObject = pemReader.readPemObject();
        while (true) {
            PemObject pemObject = readPemObject;
            if (linkedList.size() >= 10 || pemObject == null) {
                break;
            }
            linkedList.add(pemObject);
            readPemObject = pemReader.readPemObject();
        }
        return linkedList;
    }

    private List<X509Certificate> toCertificates(List<PemObject> list) throws CertificateException {
        try {
            ArrayList arrayList = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator<PemObject> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next().getContent())));
            }
            return arrayList;
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }
}
