package com.broadcom.blazesv.api.client.utils;

import com.broadcom.blazect.logging.SimpleBlazeLogger;
import com.broadcom.blazect.logging.SimpleBlazeLoggerFactory;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Objects;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

/* loaded from: input_file:com/broadcom/blazesv/api/client/utils/KeyStoreUtils.class */
public final class KeyStoreUtils {
    static final String PUBLIC_CERT_ALIAS_PREFIX = "cert-";
    static final String PRIVATE_KEY_ALIAS = "private_key";
    private static final SimpleBlazeLogger LOGGER = SimpleBlazeLoggerFactory.getLogger(KeyStoreUtils.class);

    private KeyStoreUtils() {
    }

    public static KeyStore buildTrustStoreFromPem(String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        return buildKeystoreFromPublicAndPrivatePems(str, null, null);
    }

    public static KeyStore buildKeystoreFromPublicAndPrivatePems(String str, String str2, String str3) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        if (str2 != null && org.apache.commons.lang3.StringUtils.isEmpty(str3)) {
            throw new IllegalArgumentException("A password is required to store private key information into a keystore");
        }
        LOGGER.info("Creating keystore from the following trust materials:");
        LOGGER.info("Public certs: {}", str);
        LOGGER.info("Private key: {}", str2);
        LOGGER.info("Keystore will {} be password protected", str3 != null ? "" : "NOT");
        Certificate[] extractCertificatesFromPem = extractCertificatesFromPem(str);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, str3 != null ? str3.toCharArray() : null);
        LOGGER.info("Storing {} public certificates into newly created keystore", Integer.valueOf(extractCertificatesFromPem.length));
        for (int i = 0; i < extractCertificatesFromPem.length; i++) {
            keyStore.setCertificateEntry(String.format("%s%d", PUBLIC_CERT_ALIAS_PREFIX, Integer.valueOf(i)), extractCertificatesFromPem[i]);
        }
        if (str2 != null) {
            KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(extractPrivateKeyFromPem(str2), extractCertificatesFromPem);
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str3.toCharArray());
            LOGGER.info("Storing private key info into keystore as alias {}", PRIVATE_KEY_ALIAS);
            keyStore.setEntry(PRIVATE_KEY_ALIAS, privateKeyEntry, passwordProtection);
        }
        return keyStore;
    }

    private static PrivateKey extractPrivateKeyFromPem(String str) throws IOException {
        PEMParser pemParser = getPemParser(str);
        PrivateKey privateKey = null;
        while (true) {
            Object readObject = pemParser.readObject();
            if (readObject == null) {
                break;
            }
            if (readObject instanceof PrivateKeyInfo) {
                privateKey = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) readObject);
                break;
            }
        }
        return privateKey;
    }

    private static Certificate[] extractCertificatesFromPem(String str) throws IOException, CertificateException {
        PEMParser pemParser = getPemParser(str);
        ArrayList arrayList = new ArrayList();
        while (true) {
            Object readObject = pemParser.readObject();
            if (readObject == null) {
                return (Certificate[]) arrayList.toArray(new Certificate[0]);
            }
            if (readObject instanceof X509CertificateHolder) {
                arrayList.add(new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject));
            }
        }
    }

    private static PEMParser getPemParser(String str) throws IOException {
        Objects.requireNonNull(str, "PEM file path cannot be null!");
        return new PEMParser(new InputStreamReader(FileUtils.openInputStream(Paths.get(str, new String[0]).toFile()), StandardCharsets.UTF_8));
    }
}
