package org.springframework.vault.support;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;
import org.springframework.vault.VaultException;

@JsonIgnoreProperties(ignoreUnknown = true)
/* loaded from: input_file:org/springframework/vault/support/CertificateBundle.class */
public class CertificateBundle extends Certificate {
    private final String privateKey;

    @Nullable
    private final String privateKeyType;
    private final List<String> caChain;

    CertificateBundle(@JsonProperty("serial_number") String str, @JsonProperty("certificate") String str2, @JsonProperty("issuing_ca") String str3, @JsonProperty("ca_chain") List<String> list, @JsonProperty("private_key") String str4, @Nullable @JsonProperty("private_key_type") String str5) {
        super(str, str2, str3);
        this.privateKey = str4;
        this.privateKeyType = str5;
        this.caChain = list;
    }

    public static CertificateBundle of(String str, String str2, String str3, String str4) {
        Assert.hasText(str, "Serial number must not be empty");
        Assert.hasText(str2, "Certificate must not be empty");
        Assert.hasText(str3, "Issuing CA certificate must not be empty");
        Assert.hasText(str4, "Private key must not be empty");
        return new CertificateBundle(str, str2, str3, Collections.singletonList(str3), str4, null);
    }

    public static CertificateBundle of(String str, String str2, String str3, String str4, @Nullable String str5) {
        Assert.hasText(str, "Serial number must not be empty");
        Assert.hasText(str2, "Certificate must not be empty");
        Assert.hasText(str3, "Issuing CA certificate must not be empty");
        Assert.hasText(str4, "Private key must not be empty");
        Assert.hasText(str5, "Private key type must not be empty");
        return new CertificateBundle(str, str2, str3, Collections.singletonList(str3), str4, str5);
    }

    public String getPrivateKey() {
        return this.privateKey;
    }

    @Nullable
    public String getPrivateKeyType() {
        return this.privateKeyType;
    }

    public String getRequiredPrivateKeyType() {
        String privateKeyType = getPrivateKeyType();
        if (privateKeyType == null) {
            throw new IllegalStateException("Private key type is not set");
        }
        return privateKeyType;
    }

    public KeySpec getPrivateKeySpec() {
        try {
            return getPrivateKey(getPrivateKey(), getRequiredPrivateKeyType());
        } catch (IOException | GeneralSecurityException e) {
            throw new VaultException("Cannot create KeySpec from private key", e);
        }
    }

    public KeyStore createKeyStore(String str) {
        return createKeyStore(str, false);
    }

    public KeyStore createKeyStore(String str, CharSequence charSequence) {
        return createKeyStore(str, false, charSequence);
    }

    public KeyStore createKeyStore(String str, char[] cArr) {
        return createKeyStore(str, false, cArr);
    }

    public KeyStore createKeyStore(String str, boolean z) {
        return createKeyStore(str, z, new char[0]);
    }

    public KeyStore createKeyStore(String str, boolean z, CharSequence charSequence) {
        Assert.notNull(charSequence, "Password must not be null");
        char[] cArr = new char[charSequence.length()];
        for (int i = 0; i < cArr.length; i++) {
            cArr[i] = charSequence.charAt(i);
        }
        return createKeyStore(str, z, cArr);
    }

    public KeyStore createKeyStore(String str, boolean z, char[] cArr) {
        Assert.hasText(str, "Key alias must not be empty");
        Assert.notNull(cArr, "Password must not be null");
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(getX509Certificate());
            if (z) {
                arrayList.addAll(getX509IssuerCertificates());
            } else {
                arrayList.add(getX509IssuerCertificate());
            }
            return KeystoreUtil.createKeyStore(str, getPrivateKeySpec(), cArr, (X509Certificate[]) arrayList.toArray(new X509Certificate[0]));
        } catch (IOException | GeneralSecurityException e) {
            throw new VaultException("Cannot create KeyStore", e);
        }
    }

    public List<X509Certificate> getX509IssuerCertificates() {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = this.caChain.iterator();
        while (it.hasNext()) {
            try {
                arrayList.addAll(getCertificates(it.next()));
            } catch (CertificateException e) {
                throw new VaultException("Cannot create Certificate from issuing CA certificate", e);
            }
        }
        return arrayList;
    }

    private static KeySpec getPrivateKey(String str, String str2) throws GeneralSecurityException, IOException {
        Assert.hasText(str, "Private key must not be empty");
        Assert.hasText(str2, "Private key type must not be empty");
        if (!PemObject.isPemEncoded(str)) {
            return getPrivateKey(Base64Utils.decodeFromString(str), str2);
        }
        for (PemObject pemObject : PemObject.parse(str)) {
            if (pemObject.isPrivateKey()) {
                return getPrivateKey(pemObject.getContent(), str2);
            }
        }
        throw new IllegalArgumentException("No private key found in PEM-encoded key spec");
    }

    private static KeySpec getPrivateKey(byte[] bArr, String str) throws GeneralSecurityException, IOException {
        String lowerCase = str.toLowerCase(Locale.ROOT);
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 3230:
                if (lowerCase.equals("ec")) {
                    z = true;
                    break;
                }
                break;
            case 113216:
                if (lowerCase.equals("rsa")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return KeyFactories.RSA_PRIVATE.getKey(bArr);
            case true:
                return KeyFactories.EC.getKey(bArr);
            default:
                throw new IllegalArgumentException(String.format("Key type %s not supported. Supported types are: rsa, ec.", str));
        }
    }
}
