package com.netflix.spinnaker.kork.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.util.ArrayList;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;

/* loaded from: input_file:com/netflix/spinnaker/kork/crypto/PEMIdentitySource.class */
public class PEMIdentitySource implements X509IdentitySource {
    private final Path keyFile;
    private final Path certificateFile;
    private Instant lastLoaded = Instant.MIN;
    private Instant expiresAt = Instant.MAX;

    @Override // com.netflix.spinnaker.kork.crypto.X509IdentitySource
    public Instant getLastModified() {
        try {
            return Files.getLastModifiedTime(this.certificateFile, new LinkOption[0]).toInstant();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    @Override // com.netflix.spinnaker.kork.crypto.X509IdentitySource
    public X509Identity load() throws IOException {
        PrivateKeyInfo privateKeyInfo;
        try {
            PEMParser pEMParser = new PEMParser(Files.newBufferedReader(this.keyFile));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PrivateKeyInfo) {
                    privateKeyInfo = (PrivateKeyInfo) readObject;
                } else {
                    if (!(readObject instanceof PEMKeyPair)) {
                        throw new UnsupportedEncodingException("Unsupported private key data type: " + readObject.getClass());
                    }
                    privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                }
                PrivateKey generatePrivate = KeyFactories.getKeyFactory(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
                pEMParser.close();
                ArrayList arrayList = new ArrayList();
                try {
                    pEMParser = new PEMParser(Files.newBufferedReader(this.certificateFile));
                    try {
                        CertificateFactory x509CertificateFactory = StandardCrypto.getX509CertificateFactory();
                        while (true) {
                            Object readObject2 = pEMParser.readObject();
                            if (readObject2 == null) {
                                pEMParser.close();
                                this.lastLoaded = Instant.now();
                                return new StaticX509Identity(generatePrivate, (X509Certificate[]) arrayList.toArray(i -> {
                                    return new X509Certificate[i];
                                }));
                            }
                            X509Certificate x509Certificate = (X509Certificate) x509CertificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) readObject2).getEncoded()));
                            Instant instant = x509Certificate.getNotAfter().toInstant();
                            if (this.expiresAt.isAfter(instant)) {
                                this.expiresAt = instant;
                            }
                            arrayList.add(x509Certificate);
                        }
                    } finally {
                        try {
                            pEMParser.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                } catch (CertificateException e) {
                    throw new NestedSecurityIOException(e);
                }
            } finally {
            }
        } catch (InvalidKeySpecException e2) {
            throw new NestedSecurityIOException(e2);
        }
    }

    public PEMIdentitySource(Path path, Path path2) {
        this.keyFile = path;
        this.certificateFile = path2;
    }

    @Override // com.netflix.spinnaker.kork.crypto.X509IdentitySource
    public Instant getLastLoaded() {
        return this.lastLoaded;
    }

    @Override // com.netflix.spinnaker.kork.crypto.X509IdentitySource
    public Instant getExpiresAt() {
        return this.expiresAt;
    }
}
