package de.gwdg.cdstar.server.jetty;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gwdg/cdstar/server/jetty/PemReader.class */
public class PemReader {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PemReader.class);
    private final Path pem;
    PKCS8EncodedKeySpec privateKey;
    Pattern reBegin = Pattern.compile("^-+BEGIN\\s+(.*?)\\s*-+$", 2);
    Pattern reEnd = Pattern.compile("^-+END\\s+(.*?)\\s*-+$", 2);
    List<X509Certificate> certificates = new ArrayList();

    /* JADX WARN: Code restructure failed: missing block: B:30:0x00d3, code lost:
    
        throw new java.lang.IllegalStateException("END marker does not match BEGIN: " + r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public PemReader(java.nio.file.Path r6) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 288
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.gwdg.cdstar.server.jetty.PemReader.<init>(java.nio.file.Path):void");
    }

    private void addSection(String str, byte[] bArr) throws IOException {
        if (str.equalsIgnoreCase("CERTIFICATE")) {
            addCertificate(bArr);
        } else {
            if (!str.equalsIgnoreCase("PRIVATE KEY")) {
                throw new IOException("Unknoen section: " + str);
            }
            addPrivateKey(bArr);
        }
    }

    private void addPrivateKey(byte[] bArr) throws IOException {
        if (this.privateKey != null) {
            throw new IOException("Found more than one private key");
        }
        this.privateKey = new PKCS8EncodedKeySpec(bArr);
        log.debug("Found private key: {}", this.privateKey.getFormat());
    }

    private void addCertificate(byte[] bArr) throws IOException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            this.certificates.add(x509Certificate);
            log.debug("Found certificate: {}", x509Certificate);
        } catch (CertificateException e) {
            throw new IOException("Failed to read or parse certificate", e);
        }
    }

    public KeyStore buildKeyStore(char[] cArr) throws GeneralSecurityException {
        if (this.privateKey == null) {
            throw new IllegalStateException("No private key in: " + this.pem.toString());
        }
        if (this.certificates.isEmpty()) {
            throw new IllegalStateException("No certificates in: " + this.pem.toString());
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(this.privateKey);
        KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
        try {
            keyStore.load(null, null);
            keyStore.setKeyEntry("private", rSAPrivateKey, cArr, (Certificate[]) this.certificates.stream().toArray(i -> {
                return new Certificate[i];
            }));
            return keyStore;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore loadTrustStore() throws GeneralSecurityException {
        if (this.certificates.isEmpty()) {
            throw new IllegalStateException("No certificates in: " + this.pem.toString());
        }
        KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
        try {
            keyStore.load(null, null);
            for (X509Certificate x509Certificate : this.certificates) {
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
            }
            return keyStore;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
