package org.springframework.vault.support;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/vault/support/KeystoreUtil.class */
class KeystoreUtil {
    private static final CertificateFactory CERTIFICATE_FACTORY;
    private static final KeyFactory RSA_KEY_FACTORY;
    private static final KeyFactory EC_KEY_FACTORY;

    KeystoreUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createKeyStore(String str, KeySpec keySpec, char[] cArr, X509Certificate... x509CertificateArr) throws GeneralSecurityException, IOException {
        Assert.notNull(cArr, "keyPassword must not be null");
        PrivateKey generatePrivate = ((keySpec instanceof RSAPrivateKeySpec) || (keySpec instanceof PKCS8EncodedKeySpec)) ? RSA_KEY_FACTORY.generatePrivate(keySpec) : EC_KEY_FACTORY.generatePrivate(keySpec);
        KeyStore createKeyStore = createKeyStore();
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, x509CertificateArr);
        createKeyStore.setKeyEntry(str, generatePrivate, cArr, (java.security.cert.Certificate[]) arrayList.toArray(new java.security.cert.Certificate[arrayList.size()]));
        return createKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore createKeyStore(X509Certificate... x509CertificateArr) throws GeneralSecurityException, IOException {
        KeyStore createKeyStore = createKeyStore();
        int i = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            int i2 = i;
            i++;
            createKeyStore.setCertificateEntry(String.format("cert_%d", Integer.valueOf(i2)), x509Certificate);
        }
        return createKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate getCertificate(byte[] bArr) throws CertificateException {
        return getCertificates(CERTIFICATE_FACTORY, bArr).stream().findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("No X509Certificate found");
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> getCertificates(byte[] bArr) throws CertificateException {
        return getCertificates(CERTIFICATE_FACTORY, bArr);
    }

    private static KeyStore createKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, new char[0]);
        return keyStore;
    }

    private static List<X509Certificate> getCertificates(CertificateFactory certificateFactory, byte[] bArr) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        while (byteArrayInputStream.available() > 0) {
            java.security.cert.Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            if (generateCertificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) generateCertificate);
            }
        }
        return arrayList;
    }

    static {
        try {
            CERTIFICATE_FACTORY = CertificateFactory.getInstance("X.509");
            try {
                RSA_KEY_FACTORY = KeyFactory.getInstance("RSA");
                try {
                    EC_KEY_FACTORY = KeyFactory.getInstance("EC");
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalStateException("No EC KeyFactory available", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("No RSA KeyFactory available", e2);
            }
        } catch (CertificateException e3) {
            throw new IllegalStateException("No X.509 Certificate available", e3);
        }
    }
}
