package io.opentelemetry.exporter.internal;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:applicationinsights-agent-3.6.2.jar:inst/io/opentelemetry/exporter/internal/TlsUtil.classdata */
public final class TlsUtil {
    private static final String PEM_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PEM_KEY_FOOTER = "-----END PRIVATE KEY-----";
    private static final List<KeyFactory> SUPPORTED_KEY_FACTORIES = new ArrayList();

    private TlsUtil() {
    }

    public static X509KeyManager keyManager(byte[] bArr, byte[] bArr2) throws SSLException {
        Objects.requireNonNull(bArr, "privateKeyPem");
        Objects.requireNonNull(bArr2, "certificatePem");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            keyStore.setKeyEntry("trusted", generatePrivateKey(new PKCS8EncodedKeySpec(decodePem(bArr)), SUPPORTED_KEY_FACTORIES), "".toCharArray(), (Certificate[]) ((List) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr2))).toArray(new Certificate[0]));
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, "".toCharArray());
            return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new SSLException("Could not build KeyManagerFactory from clientKeysPem.", e);
        }
    }

    static PrivateKey generatePrivateKey(PKCS8EncodedKeySpec pKCS8EncodedKeySpec, List<KeyFactory> list) throws SSLException {
        Iterator<KeyFactory> it = list.iterator();
        while (it.hasNext()) {
            try {
                return it.next().generatePrivate(pKCS8EncodedKeySpec);
            } catch (InvalidKeySpecException e) {
            }
        }
        throw new SSLException("Unable to generate key from supported algorithms: " + ((String) list.stream().map((v0) -> {
            return v0.getAlgorithm();
        }).collect(Collectors.joining(",", "[", "]"))));
    }

    public static X509TrustManager trustManager(byte[] bArr) throws SSLException {
        Objects.requireNonNull(bArr, "trustedCertificatesPem");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            int i = 0;
            Iterator it = ((List) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr))).iterator();
            while (it.hasNext()) {
                keyStore.setCertificateEntry("cert_" + i, (Certificate) it.next());
                i++;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SSLException("Could not build TrustManagerFactory from trustedCertificatesPem.", e);
        }
    }

    static byte[] decodePem(byte[] bArr) {
        String trim = new String(bArr, StandardCharsets.UTF_8).trim();
        if (!trim.startsWith(PEM_KEY_HEADER) || !trim.endsWith(PEM_KEY_FOOTER)) {
            return bArr;
        }
        return Base64.getDecoder().decode(trim.substring(PEM_KEY_HEADER.length(), trim.length() - PEM_KEY_FOOTER.length()).replaceAll("\\s", ""));
    }

    static {
        try {
            SUPPORTED_KEY_FACTORIES.add(KeyFactory.getInstance("RSA"));
        } catch (NoSuchAlgorithmException e) {
        }
        try {
            SUPPORTED_KEY_FACTORIES.add(KeyFactory.getInstance("EC"));
        } catch (NoSuchAlgorithmException e2) {
        }
    }
}
