package org.neo4j.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/neo4j/ssl/PkiUtils.class */
public final class PkiUtils {
    public static final String CERTIFICATE_TYPE = "X.509";
    private static final Provider PROVIDER = new BouncyCastleProvider();

    private PkiUtils() {
    }

    public static X509Certificate[] loadCertificates(Path path) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
        LinkedList linkedList = new LinkedList();
        PemReader pemReader = new PemReader(Files.newBufferedReader(path));
        try {
            for (PemObject readPemObject = pemReader.readPemObject(); readPemObject != null; readPemObject = pemReader.readPemObject()) {
                linkedList.addAll(certificateFactory.generateCertificates(new ByteArrayInputStream(readPemObject.getContent())));
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) linkedList.toArray(new X509Certificate[0]);
            pemReader.close();
            return x509CertificateArr;
        } catch (Throwable th) {
            try {
                pemReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static PrivateKey loadPrivateKey(Path path, String str) throws IOException {
        if (str == null) {
            str = "";
        }
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(path));
        try {
            Object readObject = pEMParser.readObject();
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(PROVIDER);
            if (readObject instanceof PEMEncryptedKeyPair) {
                PrivateKey privateKey = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray()))).getPrivate();
                pEMParser.close();
                return privateKey;
            }
            if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                try {
                    PrivateKey privateKey2 = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
                    pEMParser.close();
                    return privateKey2;
                } catch (OperatorCreationException | PKCSException e) {
                    throw new IOException("Unable to decrypt private key.", e);
                }
            }
            if (readObject instanceof PrivateKeyInfo) {
                PrivateKey privateKey3 = provider.getPrivateKey((PrivateKeyInfo) readObject);
                pEMParser.close();
                return privateKey3;
            }
            if (!(readObject instanceof PEMKeyPair)) {
                throw new IOException("Unrecognized private key format.");
            }
            PrivateKey privateKey4 = provider.getKeyPair((PEMKeyPair) readObject).getPrivate();
            pEMParser.close();
            return privateKey4;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        Security.addProvider(PROVIDER);
    }
}
