package org.graylog2.shared.security.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.graylog2.inputs.InputImpl;

/* loaded from: input_file:org/graylog2/shared/security/tls/PemKeyStore.class */
public final class PemKeyStore {
    private static final char[] EMPTY_CHAR_ARRAY = new char[0];

    protected static PKCS8EncodedKeySpec generateKeySpec(char[] cArr, byte[] bArr) throws IOException, PKCSException, OperatorCreationException {
        if (cArr == null || cArr.length == 0) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        return new PKCS8EncodedKeySpec(new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(new PKCS8EncryptedPrivateKeyInfo(bArr).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(cArr))).getEncoded());
    }

    public static KeyStore buildKeyStore(Path path, Path path2, char[] cArr) throws GeneralSecurityException {
        try {
            return doBuildKeyStore(path, path2, cArr);
        } catch (IOException | KeyException | KeyStoreException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException | PKCSException | OperatorCreationException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private static KeyStore doBuildKeyStore(Path path, Path path2, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, KeyException, IOException, PKCSException, OperatorCreationException {
        PrivateKey generatePrivate;
        char[] cArr2 = cArr == null ? EMPTY_CHAR_ARRAY : cArr;
        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(cArr, PemReader.readPrivateKey(path2));
        try {
            generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(generateKeySpec);
        } catch (InvalidKeySpecException e) {
            try {
                generatePrivate = KeyFactory.getInstance("DSA").generatePrivate(generateKeySpec);
            } catch (InvalidKeySpecException e2) {
                try {
                    generatePrivate = KeyFactory.getInstance("EC").generatePrivate(generateKeySpec);
                } catch (InvalidKeySpecException e3) {
                    throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e3);
                }
            }
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        List<byte[]> readCertificates = PemReader.readCertificates(path);
        ArrayList arrayList = new ArrayList(readCertificates.size());
        Iterator<byte[]> it = readCertificates.iterator();
        while (it.hasNext()) {
            arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(it.next())));
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, cArr2);
        keyStore.setKeyEntry(InputImpl.FIELD_STATIC_FIELD_KEY, generatePrivate, cArr2, (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
        return keyStore;
    }
}
