package org.eclipse.hono.config;

import ch.qos.logback.core.net.ssl.SSL;
import io.vertx.core.Vertx;
import io.vertx.core.net.impl.pkcs1.PrivateKeyParser;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import org.eclipse.hono.config.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/hono-core-1.0.4.jar:org/eclipse/hono/config/KeyLoader.class */
public final class KeyLoader {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KeyLoader.class);
    private final PrivateKey privateKey;
    private final List<Certificate> certs = new ArrayList();

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:BOOT-INF/lib/hono-core-1.0.4.jar:org/eclipse/hono/config/KeyLoader$PemProcessor.class */
    public interface PemProcessor<R> {
        R process(List<PemReader.Entry> list) throws Exception;
    }

    private KeyLoader(PrivateKey privateKey, List<Certificate> list) {
        this.privateKey = privateKey;
        if (list != null) {
            this.certs.addAll(list);
        }
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public Certificate[] getCertificateChain() {
        if (this.certs.isEmpty()) {
            return null;
        }
        return (Certificate[]) this.certs.toArray(new Certificate[this.certs.size()]);
    }

    public PublicKey getPublicKey() {
        if (this.certs.isEmpty()) {
            return null;
        }
        return this.certs.get(0).getPublicKey();
    }

    public static KeyLoader fromKeyStore(Vertx vertx, String str, char[] cArr) {
        String str2;
        Objects.requireNonNull(vertx);
        Objects.requireNonNull(str);
        if (!vertx.fileSystem().existsBlocking((String) Objects.requireNonNull(str))) {
            throw new IllegalArgumentException("key store does not exist");
        }
        FileFormat detect = FileFormat.detect(str);
        switch (detect) {
            case JKS:
                str2 = SSL.DEFAULT_KEYSTORE_TYPE;
                break;
            case PKCS12:
                str2 = "PKCS12";
                break;
            default:
                throw new IllegalArgumentException("key store must be JKS or PKCS format but is: " + detect);
        }
        return loadKeysFromStore(vertx, str2, str, cArr);
    }

    public static KeyLoader fromFiles(Vertx vertx, String str, String str2) {
        PrivateKey privateKey = null;
        List<Certificate> list = null;
        if (str != null) {
            privateKey = loadPrivateKeyFromFile(vertx, str);
        }
        if (str2 != null) {
            list = loadCertsFromFile(vertx, str2);
        }
        return new KeyLoader(privateKey, list);
    }

    private static PrivateKey generatePrivateKey(String str, KeySpec keySpec) throws GeneralSecurityException {
        return KeyFactory.getInstance(str).generatePrivate(keySpec);
    }

    private static <R> R processFile(Vertx vertx, String str, PemProcessor<R> pemProcessor) {
        Path path = Paths.get(str, new String[0]);
        if (!vertx.fileSystem().existsBlocking(str)) {
            throw new IllegalArgumentException(String.format("%s: PEM file does not exist", path));
        }
        try {
            List<PemReader.Entry> readAllBlocking = PemReader.readAllBlocking(vertx, path);
            if (readAllBlocking.isEmpty()) {
                throw new IllegalArgumentException(String.format("%s: File is empty", path));
            }
            return pemProcessor.process(readAllBlocking);
        } catch (IllegalArgumentException e) {
            throw e;
        } catch (Exception e2) {
            throw new IllegalArgumentException(String.format("%s: Failed to load PEM file: ", str), e2);
        }
    }

    private static PrivateKey loadPrivateKeyFromFile(Vertx vertx, String str) {
        return (PrivateKey) processFile(vertx, str, list -> {
            PemReader.Entry entry = (PemReader.Entry) list.get(0);
            String type = entry.getType();
            boolean z = -1;
            switch (type.hashCode()) {
                case -170985982:
                    if (type.equals("PRIVATE KEY")) {
                        z = false;
                        break;
                    }
                    break;
                case 2121838594:
                    if (type.equals("RSA PRIVATE KEY")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    String pKCS8EncodedKeyAlgorithm = PrivateKeyParser.getPKCS8EncodedKeyAlgorithm(entry.getPayload());
                    if (!"RSA".equals(pKCS8EncodedKeyAlgorithm) && !"EC".equals(pKCS8EncodedKeyAlgorithm)) {
                        throw new IllegalArgumentException(String.format("%s: Unsupported key algorithm: %s", str, pKCS8EncodedKeyAlgorithm));
                    }
                    return generatePrivateKey(pKCS8EncodedKeyAlgorithm, new PKCS8EncodedKeySpec(entry.getPayload()));
                case true:
                    return generatePrivateKey("RSA", PrivateKeyParser.getRSAKeySpec(entry.getPayload()));
                default:
                    throw new IllegalArgumentException(String.format("%s: Unsupported key type: %s", str, entry.getType()));
            }
        });
    }

    private static List<Certificate> loadCertsFromFile(Vertx vertx, String str) {
        return (List) processFile(vertx, str, list -> {
            return (List) list.stream().filter(entry -> {
                return "CERTIFICATE".equals(entry.getType());
            }).map(entry2 -> {
                try {
                    return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(entry2.getPayload()));
                } catch (CertificateException e) {
                    return null;
                }
            }).filter(certificate -> {
                return certificate != null;
            }).collect(Collectors.toList());
        });
    }

    private static KeyLoader loadKeysFromStore(Vertx vertx, String str, String str2, char[] cArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(vertx.fileSystem().readFileBlocking(str2).getBytes());
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(byteArrayInputStream, cArr);
                LOG.debug("loading keys from key store containing {} entries", Integer.valueOf(keyStore.size()));
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    LOG.debug("current alias: {}", nextElement);
                    if (keyStore.isKeyEntry(nextElement)) {
                        LOG.debug("loading private key [{}]", nextElement);
                        PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
                        LOG.debug("loading public key [{}]", nextElement);
                        KeyLoader keyLoader = new KeyLoader(privateKey, (List) Optional.of(keyStore.getCertificateChain(nextElement)).map(certificateArr -> {
                            return Arrays.asList(certificateArr);
                        }).orElse(Collections.emptyList()));
                        byteArrayInputStream.close();
                        return keyLoader;
                    }
                    LOG.debug("skipping non-private key entry");
                }
                byteArrayInputStream.close();
            } finally {
            }
        } catch (IOException | GeneralSecurityException e) {
            LOG.error("cannot load keys", e);
        }
        throw new IllegalArgumentException(String.format("%s: Key store doesn't contain private key", str2));
    }
}
