package fi.protonode.reloadingkeystore;

import fi.protonode.reloadingkeystore.PemReader;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fi/protonode/reloadingkeystore/PemCredentialFactory.class */
public class PemCredentialFactory {
    private static final Logger log = LoggerFactory.getLogger(PemCredentialFactory.class);

    private PemCredentialFactory() {
    }

    public static Certificate[] generateCertificates(Path path) throws IOException, CertificateException {
        log.debug("Loading PEM certificate(s) from {}", path);
        ArrayList arrayList = new ArrayList();
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(newInputStream).iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            if (newInputStream != null) {
                newInputStream.close();
            }
            return (Certificate[]) arrayList.toArray(new Certificate[0]);
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static PrivateKey generatePrivateKey(Path path) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        PemReader.Block decode;
        log.debug("Loading PEM private key from {}", path);
        PemReader pemReader = new PemReader(path);
        do {
            decode = pemReader.decode();
            if (decode == null) {
                break;
            }
        } while (!decode.getType().equals("PRIVATE KEY"));
        if (decode == null) {
            log.error("Cannot find PRIVATE KEY PEM block in {}", path);
            throw new IllegalArgumentException("PEM file does not have private key");
        }
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode.getBytes());
        PrivateKey tryDecodePkey = tryDecodePkey("RSA", pKCS8EncodedKeySpec);
        if (tryDecodePkey == null) {
            tryDecodePkey = tryDecodePkey("EC", pKCS8EncodedKeySpec);
        }
        if (tryDecodePkey != null) {
            return tryDecodePkey;
        }
        log.error("Cannot decode private key {}", path);
        throw new InvalidKeySpecException("Invalid private key");
    }

    private static PrivateKey tryDecodePkey(String str, PKCS8EncodedKeySpec pKCS8EncodedKeySpec) throws NoSuchAlgorithmException {
        PrivateKey privateKey = null;
        try {
            privateKey = KeyFactory.getInstance(str).generatePrivate(pKCS8EncodedKeySpec);
            log.debug("Found {} private key", str);
        } catch (InvalidKeySpecException e) {
        }
        return privateKey;
    }
}
