package org.graylog.security.certutil.ca;

import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.graylog.security.certutil.ca.exceptions.CACreationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/security/certutil/ca/PemCaReader.class */
public class PemCaReader {
    private static final Logger LOG = LoggerFactory.getLogger(PemCaReader.class);
    static final String PADDING = "-----";
    static final String BEGIN = "-----BEGIN";
    static final String END = "-----END";

    X509Certificate readCert(String str) throws IOException, CertificateException {
        Object readObject = new PEMParser(new StringReader(str)).readObject();
        if (readObject instanceof X509Certificate) {
            return (X509Certificate) readObject;
        }
        if (readObject instanceof X509CertificateHolder) {
            return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
        }
        return null;
    }

    Optional<RSAPrivateKey> readPrivateKey(String str, char[] cArr) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            Object readObject = pEMParser.readObject();
            if (!(readObject instanceof PEMEncryptedKeyPair)) {
                return Optional.of((RSAPrivateKey) jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate());
            }
            return Optional.of((RSAPrivateKey) jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(cArr))).getPrivate());
        } catch (Exception e) {
            LOG.error("Could not decode private key from pem: " + e.getMessage(), e);
            return Optional.empty();
        }
    }

    List<String> splitPem(String str) {
        ArrayList arrayList = new ArrayList();
        while (str.contains(BEGIN) && str.contains(END)) {
            int indexOf = str.indexOf(BEGIN);
            int indexOf2 = str.indexOf(PADDING, str.indexOf(END) + END.length()) + PADDING.length();
            arrayList.add(str.substring(indexOf, indexOf2));
            str = str.substring(indexOf2);
        }
        return arrayList;
    }

    Optional<String> findCert(List<String> list, String str) {
        return list.stream().filter(str2 -> {
            return str2.startsWith(str);
        }).findFirst();
    }

    void addCert(KeyStore keyStore, char[] cArr, RSAPrivateKey rSAPrivateKey, String str, String str2) {
        try {
            keyStore.setKeyEntry(str2, rSAPrivateKey, cArr, new X509Certificate[]{readCert(str)});
        } catch (Exception e) {
            LOG.error("Could not find certificate: " + e.getMessage(), e);
        }
    }

    public KeyStore readCA(KeyStore keyStore, char[] cArr, String str) throws CACreationException {
        try {
            List<String> splitPem = splitPem(str);
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) findCert(splitPem, "-----BEGIN RSA PRIVATE KEY").flatMap(str2 -> {
                return readPrivateKey(str2, cArr);
            }).orElseThrow();
            splitPem.remove(findCert(splitPem, "-----BEGIN RSA PRIVATE KEY").orElse(null));
            findCert(splitPem, "-----BEGIN CERTIFICATE").ifPresent(str3 -> {
                addCert(keyStore, cArr, rSAPrivateKey, str3, "root");
                splitPem.remove(str3);
            });
            findCert(splitPem, "-----BEGIN CERTIFICATE").ifPresent(str4 -> {
                addCert(keyStore, cArr, rSAPrivateKey, str4, "ca");
                splitPem.remove(str4);
            });
            return keyStore;
        } catch (Exception e) {
            throw new CACreationException("Failed to create a Certificate Authority", e);
        }
    }
}
