package io.opentelemetry.testing.internal.armeria.internal.common.util;

import io.opentelemetry.testing.internal.armeria.common.TlsKeyPair;
import io.opentelemetry.testing.internal.armeria.common.annotation.Nullable;
import io.opentelemetry.testing.internal.armeria.internal.shaded.guava.collect.ImmutableList;
import io.opentelemetry.testing.internal.armeria.internal.shaded.guava.io.ByteStreams;
import java.io.BufferedInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:io/opentelemetry/testing/internal/armeria/internal/common/util/KeyStoreUtil.class */
public final class KeyStoreUtil {
    static final /* synthetic */ boolean $assertionsDisabled;

    public static TlsKeyPair load(File file, @Nullable String str, @Nullable String str2, @Nullable String str3) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            TlsKeyPair load = load(fileInputStream, str, str2, str3, file);
            fileInputStream.close();
            return load;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static TlsKeyPair load(InputStream inputStream, @Nullable String str, @Nullable String str2, @Nullable String str3) throws IOException, GeneralSecurityException {
        return load(inputStream, str, str2, str3, null);
    }

    private static TlsKeyPair load(InputStream inputStream, @Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable File file) throws IOException, GeneralSecurityException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream, 8192);
        try {
            bufferedInputStream.mark(4);
            String detectFormat = detectFormat(bufferedInputStream);
            bufferedInputStream.reset();
            if (detectFormat == null) {
                throw newException("unknown key store format", file, "(expected: PKCS#12 or JKS format)");
            }
            KeyStore keyStore = KeyStore.getInstance(detectFormat);
            keyStore.load(bufferedInputStream, str != null ? str.toCharArray() : null);
            PrivateKey privateKey = null;
            List list = null;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (str3 == null || str3.equals(nextElement)) {
                    if (keyStore.isKeyEntry(nextElement)) {
                        PrivateKey privateKey2 = (PrivateKey) keyStore.getKey(nextElement, keyPassword(str, str2));
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain == null || certificateChain.length == 0) {
                            throw newException("the key pair contains no certificate chain", file, "(Specify the alias to choose the right key pair or ensure the key pair has a certificate chain.");
                        }
                        if (privateKey != null) {
                            throw newException("found more than one key pair from key store", file, "(Specify the alias to choose the right key pair or use the key store that has only one key pair.)");
                        }
                        privateKey = privateKey2;
                        Stream stream = Arrays.stream(certificateChain);
                        Class<X509Certificate> cls = X509Certificate.class;
                        Objects.requireNonNull(X509Certificate.class);
                        list = (List) stream.map((v1) -> {
                            return r1.cast(v1);
                        }).collect(ImmutableList.toImmutableList());
                    }
                }
            }
            if (privateKey == null) {
                throw newException("no key pair found from key store", file, "(Use the key store that has at least one key pair.)");
            }
            if (!$assertionsDisabled && list == null) {
                throw new AssertionError();
            }
            TlsKeyPair of = TlsKeyPair.of(privateKey, list);
            bufferedInputStream.close();
            return of;
        } catch (Throwable th) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Nullable
    private static String detectFormat(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[4];
        try {
            ByteStreams.readFully(inputStream, bArr);
            if (bArr[0] == 48 && bArr[1] == -126) {
                return "PKCS12";
            }
            if (bArr[0] == -2 && bArr[1] == -19 && bArr[2] == -2 && bArr[3] == -19) {
                return "JKS";
            }
            return null;
        } catch (EOFException e) {
            return null;
        }
    }

    @Nullable
    private static char[] keyPassword(@Nullable String str, @Nullable String str2) {
        if (str2 != null) {
            return str2.toCharArray();
        }
        if (str != null) {
            return str.toCharArray();
        }
        return null;
    }

    private static IllegalArgumentException newException(String str, @Nullable File file, String str2) {
        return file != null ? new IllegalArgumentException(str + ": " + file + ' ' + str2) : new IllegalArgumentException(str + ' ' + str2);
    }

    private KeyStoreUtil() {
    }

    static {
        $assertionsDisabled = !KeyStoreUtil.class.desiredAssertionStatus();
    }
}
