package org.cloudfoundry.identity.uaa.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.12.0.jar:org/cloudfoundry/identity/uaa/util/KeyWithCert.class */
public class KeyWithCert {
    private X509Certificate cert;
    private KeyPair pkey;

    public KeyWithCert(String str, String str2, String str3) throws CertificateException {
        str2 = str2 == null ? "" : str2;
        PEMParser pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(str.getBytes())));
        try {
            try {
                Object readObject = pEMParser.readObject();
                JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
                if (readObject instanceof PEMEncryptedKeyPair) {
                    this.pkey = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str2.toCharArray())));
                } else if (readObject instanceof PEMKeyPair) {
                    this.pkey = provider.getKeyPair((PEMKeyPair) readObject);
                } else if (readObject instanceof PrivateKeyInfo) {
                    this.pkey = new KeyPair(null, provider.getPrivateKey((PrivateKeyInfo) readObject));
                }
                try {
                    pEMParser.close();
                    if (this.pkey == null) {
                        throw new CertificateException("Failed to read private key. The security provider could not parse it.");
                    }
                    PEMParser pEMParser2 = new PEMParser(new InputStreamReader(new ByteArrayInputStream(str3.getBytes())));
                    try {
                        try {
                            Object readObject2 = pEMParser2.readObject();
                            if (!(readObject2 instanceof X509CertificateHolder)) {
                                throw new CertificateException("Unsupported certificate type, not an X509CertificateHolder.");
                            }
                            this.cert = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) readObject2);
                            try {
                                pEMParser2.close();
                                if (this.cert == null) {
                                    throw new CertificateException("Failed to read certificate. The security provider could not parse it.");
                                }
                                if (!this.cert.getPublicKey().equals(this.pkey.getPublic())) {
                                    throw new CertificateException("Certificate does not match private key.");
                                }
                            } catch (IOException e) {
                                throw new CertificateException("Failed to close certificate reader.", e);
                            }
                        } catch (IOException e2) {
                            throw new CertificateException("Failed to read certificate.", e2);
                        }
                    } catch (Throwable th) {
                        try {
                            pEMParser2.close();
                            throw th;
                        } catch (IOException e3) {
                            throw new CertificateException("Failed to close certificate reader.", e3);
                        }
                    }
                } catch (IOException e4) {
                    throw new CertificateException("Failed to close key reader", e4);
                }
            } catch (IOException e5) {
                throw new CertificateException("Failed to read private key.", e5);
            }
        } catch (Throwable th2) {
            try {
                pEMParser.close();
                throw th2;
            } catch (IOException e6) {
                throw new CertificateException("Failed to close key reader", e6);
            }
        }
    }

    public X509Certificate getCert() {
        return this.cert;
    }

    public KeyPair getPkey() {
        return this.pkey;
    }
}
