package org.graylog.security.certutil.ca;

import java.io.IOException;
import java.io.StringReader;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.graylog.security.certutil.ca.exceptions.CACreationException;

/* loaded from: input_file:org/graylog/security/certutil/ca/PemCaReader.class */
public class PemCaReader {

    /* loaded from: input_file:org/graylog/security/certutil/ca/PemCaReader$CA.class */
    public static final class CA extends Record {
        private final List<Certificate> certificates;
        private final PrivateKey privateKey;

        public CA(List<Certificate> list, PrivateKey privateKey) {
            this.certificates = list;
            this.privateKey = privateKey;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CA.class), CA.class, "certificates;privateKey", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->certificates:Ljava/util/List;", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->privateKey:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CA.class), CA.class, "certificates;privateKey", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->certificates:Ljava/util/List;", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->privateKey:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CA.class, Object.class), CA.class, "certificates;privateKey", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->certificates:Ljava/util/List;", "FIELD:Lorg/graylog/security/certutil/ca/PemCaReader$CA;->privateKey:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public List<Certificate> certificates() {
            return this.certificates;
        }

        public PrivateKey privateKey() {
            return this.privateKey;
        }
    }

    private List<Object> readPemObjects(PEMParser pEMParser) throws IOException {
        ArrayList arrayList = new ArrayList();
        while (true) {
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                return Collections.unmodifiableList(arrayList);
            }
            arrayList.add(readObject);
        }
    }

    public CA readCA(String str, String str2) throws CACreationException {
        try {
            try {
                StringReader stringReader = new StringReader(str);
                try {
                    PEMParser pEMParser = new PEMParser(stringReader);
                    JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                    ArrayList arrayList = new ArrayList();
                    PrivateKey privateKey = null;
                    for (Object obj : readPemObjects(pEMParser)) {
                        if (obj instanceof X509Certificate) {
                            arrayList.add((X509Certificate) obj);
                        } else if (obj instanceof X509CertificateHolder) {
                            arrayList.add(new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) obj));
                        } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
                            PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) obj;
                            if (str2 == null || str2.isBlank()) {
                                throw new CACreationException("Private key is encrypted, but no password was supplied!");
                            }
                            privateKey = provider.getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(str2.toCharArray())));
                        } else if (obj instanceof PrivateKeyInfo) {
                            privateKey = provider.getPrivateKey((PrivateKeyInfo) obj);
                        }
                    }
                    if (privateKey == null) {
                        throw new CACreationException("No private key supplied in CA bundle!");
                    }
                    if (arrayList.isEmpty()) {
                        throw new CACreationException("No certificate supplied in CA bundle!");
                    }
                    CA ca = new CA(arrayList, privateKey);
                    stringReader.close();
                    return ca;
                } catch (Throwable th) {
                    try {
                        stringReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (PKCSException e) {
                throw new CACreationException("Error while decrypting private key. Wrong password?", e);
            }
        } catch (IOException | CertificateException | OperatorCreationException e2) {
            throw new CACreationException("Failed to parse CA bundle: ", e2);
        }
    }
}
