package io.helidon.common.pki;

import java.io.InputStream;
import java.lang.System;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/common/pki/PkiUtil.class */
public final class PkiUtil {
    private static final System.Logger LOGGER = System.getLogger(PkiUtil.class.getName());

    private PkiUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore loadKeystore(String str, InputStream inputStream, char[] cArr, String str2) {
        Objects.requireNonNull(inputStream, "Keystore input stream must not be null");
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            return keyStore;
        } catch (Exception e) {
            throw new PkiException("Failed to read " + str + " keystore: " + str2, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey loadPrivateKey(KeyStore keyStore, String str, char[] cArr) {
        try {
            Key key = keyStore.getKey(str, cArr);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new PkiException("Key stored under alias " + str + " is not a private key, but: " + String.valueOf(key));
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new PkiException("Failed to load private key under alias " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> loadCertChain(KeyStore keyStore, String str) {
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (null == certificateChain) {
                throw new PkiException("There is no X.509 certificate chain under alias " + str);
            }
            return (List) Stream.of((Object[]) certificateChain).map(certificate -> {
                return (X509Certificate) certificate;
            }).collect(Collectors.toList());
        } catch (KeyStoreException e) {
            throw new PkiException("Failed to load certificate under alias " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate loadCertificate(KeyStore keyStore, String str) {
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (null == certificate) {
                throw new PkiException("There is no X.509 certificate under alias " + str);
            }
            if (certificate instanceof X509Certificate) {
                return (X509Certificate) certificate;
            }
            throw new PkiException("Certificate under alias " + str + " is not an X.509 certificate, but: " + String.valueOf(certificate));
        } catch (KeyStoreException e) {
            throw new PkiException("Failed to load certificate under alias " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> loadCertificates(KeyStore keyStore) {
        LinkedList linkedList = new LinkedList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    linkedList.add(x509Certificate);
                    if (LOGGER.isLoggable(System.Logger.Level.DEBUG)) {
                        LOGGER.log(System.Logger.Level.DEBUG, "Added certificate under alis " + nextElement + " for " + x509Certificate.getIssuerX500Principal().getName() + " to list of certificates");
                    }
                }
            }
            return linkedList;
        } catch (KeyStoreException e) {
            throw new PkiException("Failed to load certificates from keystore: " + String.valueOf(keyStore), e);
        }
    }
}
