package org.xipki.security.pkcs12;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Enumeration;
import java.util.HashSet;
import org.bouncycastle.jcajce.interfaces.EdDSAKey;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-5.3.7.jar:org/xipki/security/pkcs12/KeypairWithCert.class */
public class KeypairWithCert {
    private final PrivateKey key;
    private final PublicKey publicKey;
    private final X509Certificate[] certificateChain;

    public KeypairWithCert(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.key = (PrivateKey) Args.notNull(privateKey, "key");
        this.certificateChain = (X509Certificate[]) Args.notNull(x509CertificateArr, "certificateChain");
        Args.min(x509CertificateArr.length, "certificateChain.length", 1);
        this.publicKey = x509CertificateArr[0].getPublicKey();
    }

    public static KeypairWithCert fromKeystore(String str, InputStream inputStream, char[] cArr, String str2, char[] cArr2, X509Certificate x509Certificate) throws XiSecurityException {
        return fromKeystore(str, inputStream, cArr, str2, cArr2, x509Certificate == null ? null : new X509Certificate[]{x509Certificate});
    }

    public static KeypairWithCert fromKeystore(String str, InputStream inputStream, char[] cArr, String str2, char[] cArr2, X509Certificate[] x509CertificateArr) throws XiSecurityException {
        if (!"PKCS12".equalsIgnoreCase(str) && !"JCEKS".equalsIgnoreCase(str)) {
            throw new IllegalArgumentException("unsupported keystore type: " + str);
        }
        Args.notNull(inputStream, "keystoreStream");
        Args.notNull(cArr, "keystorePassword");
        Args.notNull(cArr2, "keyPassword");
        try {
            KeyStore keyStore = KeyUtil.getKeyStore(str);
            try {
                try {
                    keyStore.load(inputStream, cArr);
                    return fromKeystore(keyStore, str2, cArr2, x509CertificateArr);
                } catch (IOException | ClassCastException | NoSuchAlgorithmException | CertificateException e) {
                    throw new XiSecurityException(e.getMessage(), e);
                }
            } finally {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                }
            }
        } catch (KeyStoreException e3) {
            throw new XiSecurityException(e3.getMessage(), e3);
        }
    }

    public static KeypairWithCert fromKeystore(KeyStore keyStore, String str, char[] cArr, X509Certificate[] x509CertificateArr) throws XiSecurityException {
        X509Certificate x509Certificate;
        Args.notNull(cArr, "keyPassword");
        String str2 = str;
        try {
            if (str2 == null) {
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        str2 = nextElement;
                        break;
                    }
                }
            } else if (!keyStore.isKeyEntry(str2)) {
                throw new XiSecurityException("unknown key named " + str2);
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, cArr);
            if (!(privateKey instanceof RSAPrivateKey) && !(privateKey instanceof DSAPrivateKey) && !(privateKey instanceof ECPrivateKey) && !(privateKey instanceof EdDSAKey) && !(privateKey instanceof XDHKey)) {
                throw new XiSecurityException("unsupported key " + privateKey.getClass().getName());
            }
            HashSet hashSet = new HashSet();
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
            } else {
                x509Certificate = x509CertificateArr[0];
                int length = x509CertificateArr.length;
                if (length > 1) {
                    for (int i = 1; i < length; i++) {
                        hashSet.add(x509CertificateArr[i]);
                    }
                }
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain.length > 1) {
                for (int i2 = 1; i2 < certificateChain.length; i2++) {
                    hashSet.add(certificateChain[i2]);
                }
            }
            return new KeypairWithCert(privateKey, X509Util.buildCertPath(x509Certificate, hashSet));
        } catch (ClassCastException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertPathBuilderException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    public PrivateKey getKey() {
        return this.key;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X509Certificate[] getCertificateChain() {
        return this.certificateChain;
    }
}
