package com.sap.cloud.sdk.cloudplatform;

import com.sap.cloud.sdk.cloudplatform.exception.CloudPlatformException;
import io.vavr.control.Try;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.lang.invoke.SerializedLambda;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import javax.annotation.Nonnull;
import javax.net.ssl.SSLContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/AbstractX509SslContextProvider.class */
abstract class AbstractX509SslContextProvider implements PlatformSslContextProvider {
    @Nonnull
    Try<SSLContext> tryGetContext(@Nonnull String str, @Nonnull String str2) {
        return tryGetContext(new StringReader(str), new StringReader(str2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Try<SSLContext> tryGetContext(@Nonnull Reader reader, @Nonnull Reader reader2) {
        SSLContextBuilder create = SSLContextBuilder.create();
        try {
            Certificate[] loadCertificates = loadCertificates(reader);
            try {
                PrivateKey loadPrivateKey = loadPrivateKey(reader2);
                return Try.of(() -> {
                    return KeyStore.getInstance("JKS");
                }).andThenTry(keyStore -> {
                    keyStore.load(null);
                }).andThenTry(keyStore2 -> {
                    keyStore2.setKeyEntry("instance-identity", loadPrivateKey, "changeit".toCharArray(), loadCertificates);
                }).mapTry(keyStore3 -> {
                    return create.loadKeyMaterial(keyStore3, "changeit".toCharArray());
                }).mapTry((v0) -> {
                    return v0.build();
                });
            } catch (Exception e) {
                return Try.failure(new CloudPlatformException("Failed to load platform key", e));
            }
        } catch (Exception e2) {
            return Try.failure(new CloudPlatformException("Failed to load platform certificate", e2));
        }
    }

    @Nonnull
    static Certificate[] loadCertificates(@Nonnull Reader reader) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        PEMParser pEMParser = new PEMParser(reader);
        while (true) {
            try {
                PemObject readPemObject = pEMParser.readPemObject();
                if (readPemObject == null) {
                    break;
                }
                if (readPemObject.getType().equals("CERTIFICATE")) {
                    arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(readPemObject.getContent())));
                }
            } catch (Throwable th) {
                try {
                    pEMParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        pEMParser.close();
        if (arrayList.isEmpty()) {
            throw new CloudPlatformException("Provided certificate data did not contain any valid X.509 certificates.");
        }
        return (Certificate[]) arrayList.toArray(new Certificate[0]);
    }

    @Nonnull
    static PrivateKey loadPrivateKey(@Nonnull Reader reader) throws IOException {
        PEMParser pEMParser = new PEMParser(reader);
        try {
            PEMKeyPair pEMKeyPair = (PEMKeyPair) pEMParser.readObject();
            if (pEMKeyPair == null) {
                throw new CloudPlatformException("Provided key data did not contain a valid PEM key.");
            }
            PrivateKey privateKey = new JcaPEMKeyConverter().getKeyPair(pEMKeyPair).getPrivate();
            pEMParser.close();
            return privateKey;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 94094958:
                if (implMethodName.equals("build")) {
                    z = true;
                    break;
                }
                break;
            case 686926646:
                if (implMethodName.equals("lambda$tryGetContext$4b8e4c3e$1")) {
                    z = 2;
                    break;
                }
                break;
            case 784280989:
                if (implMethodName.equals("lambda$tryGetContext$e734f2ae$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/AbstractX509SslContextProvider") && serializedLambda.getImplMethodSignature().equals("()Ljava/security/KeyStore;")) {
                    return () -> {
                        return KeyStore.getInstance("JKS");
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/apache/http/ssl/SSLContextBuilder") && serializedLambda.getImplMethodSignature().equals("()Ljavax/net/ssl/SSLContext;")) {
                    return (v0) -> {
                        return v0.build();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/AbstractX509SslContextProvider") && serializedLambda.getImplMethodSignature().equals("(Lorg/apache/http/ssl/SSLContextBuilder;Ljava/security/KeyStore;)Lorg/apache/http/ssl/SSLContextBuilder;")) {
                    SSLContextBuilder sSLContextBuilder = (SSLContextBuilder) serializedLambda.getCapturedArg(0);
                    return keyStore3 -> {
                        return sSLContextBuilder.loadKeyMaterial(keyStore3, "changeit".toCharArray());
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
