package com.netflix.spinnaker.kork.crypto;

import java.security.KeyManagementException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Destroyable;
import javax.security.auth.x500.X500PrivateCredential;
import org.bouncycastle.crypto.digests.SHAKEDigest;

/* loaded from: input_file:com/netflix/spinnaker/kork/crypto/X509Identity.class */
public interface X509Identity extends Destroyable {
    X500PrivateCredential getPrivateCredential();

    X509Certificate[] getCertificateChain();

    default SSLContext createSSLContext() throws KeyManagementException {
        SSLContext tLSContext = StandardCrypto.getTLSContext();
        tLSContext.init(new KeyManager[]{new IdentityX509KeyManager(this)}, null, null);
        return tLSContext;
    }

    default SSLContext createSSLContext(X509TrustManager x509TrustManager) throws KeyManagementException {
        SSLContext tLSContext = StandardCrypto.getTLSContext();
        tLSContext.init(new KeyManager[]{new IdentityX509KeyManager(this)}, new TrustManager[]{x509TrustManager}, null);
        return tLSContext;
    }

    default SSLContext createSSLContext(X509TrustManager x509TrustManager, SecureRandom secureRandom) throws KeyManagementException {
        SSLContext tLSContext = StandardCrypto.getTLSContext();
        tLSContext.init(new KeyManager[]{new IdentityX509KeyManager(this)}, new TrustManager[]{x509TrustManager}, secureRandom);
        return tLSContext;
    }

    static String generateAlias(Certificate certificate) {
        byte[] encoded = certificate.getPublicKey().getEncoded();
        SHAKEDigest sHAKEDigest = new SHAKEDigest();
        sHAKEDigest.update(encoded, 0, encoded.length);
        byte[] bArr = new byte[15];
        sHAKEDigest.doFinal(bArr, 0, bArr.length);
        return Base64.getEncoder().encodeToString(bArr);
    }
}
