package de.brendamour.jpasskit.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/brendamour/jpasskit/util/CertUtils.class */
public class CertUtils {
    private static final String PREFIX_UID = "uid=";
    private static final String TOPIC_OID = "1.2.840.113635.100.6.3.6";

    public static InputStream toInputStream(String str) throws FileNotFoundException {
        File file = new File(str);
        if (!file.exists()) {
            URL resource = CertUtils.class.getClassLoader().getResource(str);
            if (resource == null) {
                throw new FileNotFoundException("File at " + str + " not found");
            }
            file = new File(resource.getFile());
        }
        return new FileInputStream(file);
    }

    public static KeyStore toKeyStore(InputStream inputStream, char[] cArr) throws CertificateException {
        Assert.notNull(inputStream, "InputStream of key store is mandatory", new Object[0]);
        Assert.notNull(cArr, "Password for key store is mandatory", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(inputStream, cArr);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to load signing information", e);
        }
    }

    public static X509Certificate toX509Certificate(InputStream inputStream) throws CertificateException {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509", getProviderName()).generateCertificate(inputStream);
            if (!(generateCertificate instanceof X509Certificate)) {
                throw new IllegalStateException("The key from the input stream could not be decrypted");
            }
            ((X509Certificate) generateCertificate).checkValidity();
            return (X509Certificate) generateCertificate;
        } catch (NoSuchProviderException e) {
            throw new IllegalStateException("The key from the input stream could not be decrypted", e);
        }
    }

    public static ImmutablePair<PrivateKey, X509Certificate> extractCertificateWithKey(KeyStore keyStore, char[] cArr) {
        Assert.notNull(keyStore, "KeyStore is mandatory", new Object[0]);
        Assert.notNull(cArr, "Password for key store is mandatory", new Object[0]);
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Key key = keyStore.getKey(nextElement, cArr);
                if (key instanceof PrivateKey) {
                    PrivateKey privateKey = (PrivateKey) key;
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        return ImmutablePair.of(privateKey, (X509Certificate) certificate);
                    }
                }
            }
            throw new IllegalStateException("No valid key-certificate pair in the key store");
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IllegalStateException("Failed to extract a valid key-certificate pair from key store", e);
        }
    }

    public static Set<String> extractApnsTopics(X509Certificate x509Certificate) throws IOException {
        HashSet hashSet = new HashSet();
        Optional map = Arrays.stream(x509Certificate.getSubjectX500Principal().getName().split(",")).filter(str -> {
            return str.toLowerCase().startsWith(PREFIX_UID);
        }).findAny().map(str2 -> {
            return str2.substring(PREFIX_UID.length());
        });
        Objects.requireNonNull(hashSet);
        map.ifPresent((v1) -> {
            r1.add(v1);
        });
        byte[] extensionValue = x509Certificate.getExtensionValue(TOPIC_OID);
        if (extensionValue != null) {
            ASN1Sequence parseExtensionValue = JcaX509ExtensionUtils.parseExtensionValue(extensionValue);
            if (parseExtensionValue instanceof ASN1Sequence) {
                Iterator it = parseExtensionValue.iterator();
                while (it.hasNext()) {
                    Object next = it.next();
                    if (next instanceof ASN1String) {
                        hashSet.add(String.valueOf(next));
                    }
                }
            }
        }
        return hashSet;
    }

    public static String getProviderName() {
        return "BC";
    }

    static {
        if (Security.getProvider(getProviderName()) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
