package org.springframework.boot.ssl.pem;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-3.3.2.jar:org/springframework/boot/ssl/pem/PemCertificateParser.class */
final class PemCertificateParser {
    private static final String HEADER = "-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
    private static final String FOOTER = "-+END\\s+.*CERTIFICATE[^-]*-+";
    private static final Pattern PATTERN = Pattern.compile("-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*CERTIFICATE[^-]*-+", 2);

    private PemCertificateParser() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> parse(String str) {
        if (str == null) {
            return null;
        }
        CertificateFactory certificateFactory = getCertificateFactory();
        ArrayList arrayList = new ArrayList();
        Objects.requireNonNull(arrayList);
        readCertificates(str, certificateFactory, (v1) -> {
            r2.add(v1);
        });
        Assert.state(!CollectionUtils.isEmpty(arrayList), "Missing certificates or unrecognized format");
        return List.copyOf(arrayList);
    }

    private static CertificateFactory getCertificateFactory() {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException("Unable to get X.509 certificate factory", e);
        }
    }

    private static void readCertificates(String str, CertificateFactory certificateFactory, Consumer<X509Certificate> consumer) {
        try {
            Matcher matcher = PATTERN.matcher(str);
            while (matcher.find()) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodeBase64(matcher.group(1)));
                while (byteArrayInputStream.available() > 0) {
                    consumer.accept((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream));
                }
            }
        } catch (CertificateException e) {
            throw new IllegalStateException("Error reading certificate: " + e.getMessage(), e);
        }
    }

    private static byte[] decodeBase64(String str) {
        return Base64.getDecoder().decode(str.replaceAll("\r", "").replaceAll("\n", "").getBytes());
    }
}
