package org.opensearch.common.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import java.util.function.Supplier;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;

/* loaded from: input_file:org/opensearch/common/ssl/PemUtils.class */
final class PemUtils {
    public static final String BCFIPS = "BCFIPS";

    PemUtils() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static PrivateKey readPrivateKey(Path path, Supplier<char[]> supplier) throws IOException, PKCSException {
        return new JcaPEMKeyConverter().getPrivateKey(loadPrivateKeyFromFile(path, supplier));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<Certificate> readCertificates(Collection<Path> collection) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList(collection.size());
        for (Path path : collection) {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(newInputStream);
                if (generateCertificates.isEmpty()) {
                    throw new SslConfigException("Failed to parse any certificate from [" + String.valueOf(path.toAbsolutePath()) + "]");
                }
                arrayList.addAll(generateCertificates);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return arrayList;
    }

    private static PrivateKeyInfo loadPrivateKeyFromFile(Path path, Supplier<char[]> supplier) throws IOException, PKCSException {
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(path, StandardCharsets.UTF_8));
        try {
            Object readObject = readObject(path, pEMParser);
            if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                PrivateKeyInfo decryptPrivateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BCFIPS).build(supplier.get()));
                pEMParser.close();
                return decryptPrivateKeyInfo;
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                PrivateKeyInfo privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(BCFIPS).build(supplier.get())).getPrivateKeyInfo();
                pEMParser.close();
                return privateKeyInfo;
            }
            if (readObject instanceof PEMKeyPair) {
                PrivateKeyInfo privateKeyInfo2 = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                pEMParser.close();
                return privateKeyInfo2;
            }
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new SslConfigException(String.format(Locale.ROOT, "error parsing private key [%s], invalid encrypted private key class: [%s]", path.toAbsolutePath(), readObject.getClass().getName()));
            }
            PrivateKeyInfo privateKeyInfo3 = (PrivateKeyInfo) readObject;
            pEMParser.close();
            return privateKeyInfo3;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static Object readObject(Path path, PEMParser pEMParser) throws IOException {
        while (pEMParser.ready()) {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject != null && !(readObject instanceof ASN1ObjectIdentifier)) {
                    return readObject;
                }
            } catch (IOException e) {
            }
        }
        throw new SslConfigException("Error parsing Private Key [" + String.valueOf(path.toAbsolutePath()) + "]. The file is empty, or does not contain expected key format.");
    }
}
