package org.openziti.identity;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.openziti.IdentityConfig;
import org.openziti.util.CertsKt;
import org.openziti.util.ZitiLog;

/* compiled from: util.kt */
@Metadata(mv = {2, 1, 0}, k = 2, xi = 48, d1 = {"��N\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0019\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u001e\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\u0010\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0003H��\u001a\u0010\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0005\u001a\u00020\u0006H��\u001a\u0010\u0010\u0007\u001a\u00020\u00032\u0006\u0010\b\u001a\u00020\tH��\u001a\u0018\u0010\u0007\u001a\u00020\u00032\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH��\u001a\u0018\u0010\u0007\u001a\u00020\u00032\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\f\u001a\u00020\rH��\u001a\"\u0010\u0007\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u0010\u001a\u00020\u0011H��\u001a0\u0010\u0012\u001a\u00020\u00132\b\u0010\u0014\u001a\u0004\u0018\u00010\u00152\u000e\u0010\u0016\u001a\n\u0012\u0004\u0012\u00020\u0018\u0018\u00010\u00172\f\u0010\u0019\u001a\b\u0012\u0004\u0012\u00020\u00180\u0017H��¨\u0006\u001a"}, d2 = {"findIdentityAlias", "", "ks", "Ljava/security/KeyStore;", "keystoreFromConfig", "id", "Lorg/openziti/IdentityConfig;", "loadKeystore", "i", "", "f", "Ljava/io/File;", "pwd", "", "stream", "Ljava/io/InputStream;", "log", "Lorg/openziti/util/ZitiLog;", "makeSSLContext", "Ljavax/net/ssl/SSLContext;", "key", "Ljava/security/PrivateKey;", "certs", "", "Ljava/security/cert/X509Certificate;", "ca", "ziti"})
@SourceDebugExtension({"SMAP\nutil.kt\nKotlin\n*S Kotlin\n*F\n+ 1 util.kt\norg/openziti/identity/UtilKt\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n*L\n1#1,163:1\n1563#2:164\n1634#2,3:165\n774#2:168\n865#2,2:169\n1563#2:171\n1634#2,3:172\n37#3:175\n36#3,3:176\n37#3:179\n36#3,3:180\n*S KotlinDebug\n*F\n+ 1 util.kt\norg/openziti/identity/UtilKt\n*L\n57#1:164\n57#1:165,3\n58#1:168\n58#1:169,2\n59#1:171\n59#1:172,3\n64#1:175\n64#1:176,3\n144#1:179\n144#1:180,3\n*E\n"})
/* loaded from: input_file:org/openziti/identity/UtilKt.class */
public final class UtilKt {
    @NotNull
    public static final String findIdentityAlias(@NotNull KeyStore keyStore) {
        Intrinsics.checkNotNullParameter(keyStore, "ks");
        Enumeration<String> aliases = keyStore.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "aliases(...)");
        Iterator it = CollectionsKt.iterator(aliases);
        while (it.hasNext()) {
            String str = (String) it.next();
            if (keyStore.isKeyEntry(str)) {
                Intrinsics.checkNotNull(str);
                return str;
            }
        }
        throw new IllegalStateException("no suitable key entry".toString());
    }

    @NotNull
    public static final KeyStore keystoreFromConfig(@NotNull IdentityConfig identityConfig) {
        Intrinsics.checkNotNullParameter(identityConfig, "id");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null);
        String cert = identityConfig.getId().getCert();
        Intrinsics.checkNotNull(cert);
        List<X509Certificate> readCerts = CertsKt.readCerts(cert);
        URI create = URI.create(identityConfig.getController());
        String name = readCerts.get(0).getSubjectX500Principal().getName();
        Intrinsics.checkNotNull(name);
        List split$default = StringsKt.split$default(name, new String[]{","}, false, 0, 6, (Object) null);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(split$default, 10));
        Iterator it = split$default.iterator();
        while (it.hasNext()) {
            arrayList.add(StringsKt.trim((String) it.next()).toString());
        }
        ArrayList arrayList2 = arrayList;
        ArrayList arrayList3 = new ArrayList();
        for (Object obj : arrayList2) {
            if (StringsKt.startsWith((String) obj, "cn=", true)) {
                arrayList3.add(obj);
            }
        }
        ArrayList arrayList4 = arrayList3;
        ArrayList arrayList5 = new ArrayList(CollectionsKt.collectionSizeOrDefault(arrayList4, 10));
        Iterator it2 = arrayList4.iterator();
        while (it2.hasNext()) {
            arrayList5.add((String) StringsKt.split$default((String) it2.next(), new String[]{"="}, false, 2, 2, (Object) null).get(1));
        }
        String str = "ziti://" + create.getHost() + ":" + create.getPort() + "/" + name;
        String key = identityConfig.getId().getKey();
        Intrinsics.checkNotNull(key);
        keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(CertsKt.readKey(key), (Certificate[]) readCerts.toArray(new X509Certificate[0])), new KeyStore.PasswordProtection(new char[0]));
        for (X509Certificate x509Certificate : CertsKt.readCerts(identityConfig.getId().getCa())) {
            keyStore.setCertificateEntry(str + "-ca-" + x509Certificate.getSerialNumber(), x509Certificate);
        }
        Intrinsics.checkNotNull(keyStore);
        return keyStore;
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(bArr, "i");
        ZitiLog zitiLog = new ZitiLog();
        try {
            return keystoreFromConfig(IdentityConfig.Companion.load(new ByteArrayInputStream(bArr)));
        } catch (Exception e) {
            zitiLog.w("failed to load identity config: " + e.getLocalizedMessage());
            throw new IllegalArgumentException("unsupported format");
        }
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull File file, @NotNull char[] cArr) {
        Intrinsics.checkNotNullParameter(file, "f");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        ZitiLog zitiLog = new ZitiLog();
        if (!file.exists() || !file.canRead()) {
            throw new IllegalArgumentException("Failed to parse keystore.  " + file.getAbsolutePath() + " does not exist or can not be read");
        }
        KeyStore loadKeystore = loadKeystore(new FileInputStream(file), cArr, zitiLog);
        if (loadKeystore != null) {
            return loadKeystore;
        }
        zitiLog.t("Trying to load it as a plain identity config");
        try {
            return keystoreFromConfig(IdentityConfig.Companion.load(file));
        } catch (Exception e) {
            zitiLog.w("failed to load identity config: " + e.getLocalizedMessage());
            throw new IllegalArgumentException("unsupported format");
        }
    }

    @NotNull
    public static final KeyStore loadKeystore(@NotNull InputStream inputStream, @NotNull char[] cArr) {
        Intrinsics.checkNotNullParameter(inputStream, "stream");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        ZitiLog zitiLog = new ZitiLog();
        byte[] readNBytes = inputStream.readNBytes(16384);
        Intrinsics.checkNotNull(readNBytes);
        KeyStore loadKeystore = loadKeystore(new ByteArrayInputStream(readNBytes), cArr, zitiLog);
        return loadKeystore != null ? loadKeystore : keystoreFromConfig(IdentityConfig.Companion.load(new ByteArrayInputStream(readNBytes)));
    }

    @Nullable
    public static final KeyStore loadKeystore(@NotNull InputStream inputStream, @NotNull char[] cArr, @NotNull ZitiLog zitiLog) {
        KeyStore keyStore;
        Intrinsics.checkNotNullParameter(inputStream, "stream");
        Intrinsics.checkNotNullParameter(cArr, "pwd");
        Intrinsics.checkNotNullParameter(zitiLog, "log");
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        try {
            keyStore2.load(inputStream, cArr);
            keyStore = keyStore2;
        } catch (Exception e) {
            zitiLog.t("Failed to parse identity file as a keystore: " + e.getLocalizedMessage());
            keyStore = null;
        }
        return keyStore;
    }

    @NotNull
    public static final SSLContext makeSSLContext(@Nullable PrivateKey privateKey, @Nullable Collection<? extends X509Certificate> collection, @NotNull Collection<? extends X509Certificate> collection2) {
        Intrinsics.checkNotNullParameter(collection2, "ca");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        if (privateKey != null) {
            keyStore.setKeyEntry("identity", privateKey, null, collection != null ? (X509Certificate[]) collection.toArray(new X509Certificate[0]) : null);
        }
        for (X509Certificate x509Certificate : collection2) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName() + "-" + CertsKt.fingerprint(x509Certificate), x509Certificate);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
        Intrinsics.checkNotNullExpressionValue(sSLContext, "apply(...)");
        return sSLContext;
    }
}
