package nl.nn.adapterframework.util;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.URL;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-core-7.6.5.jar:nl/nn/adapterframework/util/PkiUtil.class */
public class PkiUtil {
    private static Logger log = LogUtil.getLogger(MethodHandles.lookup().lookupClass());

    public static KeyManager[] createKeyManagers(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing key manager");
        if (StringUtils.isEmpty(str2)) {
            str2 = KeyManagerFactory.getDefaultAlgorithm();
            log.debug("using default KeyManager algorithm [" + str2 + "]");
        } else {
            log.debug("using configured KeyManager algorithm [" + str2 + "]");
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str2);
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        return keyManagerFactory.getKeyManagers();
    }

    public static TrustManager[] createTrustManagers(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Keystore may not be null");
        }
        log.debug("Initializing trust manager");
        if (StringUtils.isEmpty(str)) {
            str = TrustManagerFactory.getDefaultAlgorithm();
            log.debug("using default TrustManager algorithm [" + str + "]");
        } else {
            log.debug("using configured TrustManager algorithm [" + str + "]");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public static KeyStore createKeyStore(URL url, String str, String str2, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (url == null) {
            throw new IllegalArgumentException("Keystore url for " + str3 + " may not be null");
        }
        log.info("Initializing keystore for " + str3 + " from " + url.toString());
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(url.openStream(), str != null ? str.toCharArray() : null);
        if (log.isInfoEnabled()) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                log.info(str3 + " alias [" + nextElement + "]:");
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    log.info("  Subject DN: " + x509Certificate.getSubjectDN());
                    log.info("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                    log.info("  Valid from: " + x509Certificate.getNotBefore());
                    log.info("  Valid until: " + x509Certificate.getNotAfter());
                    log.info("  Issuer: " + x509Certificate.getIssuerDN());
                }
            }
        }
        return keyStore;
    }

    public static byte[] loadPEM(URL url) throws IOException {
        return Base64.decodeBase64(Pattern.compile("(?m)(?s)^---*BEGIN.*---*$(.*)^---*END.*---*$.*").matcher(StreamUtil.streamToString(url.openStream(), null, "ISO_8859_1")).replaceFirst("$1"));
    }

    public static PrivateKey getPrivateKeyFromPem(URL url) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(loadPEM(url)));
    }

    public static Certificate getCertificateFromPem(URL url) throws CertificateException, IOException {
        return CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(url.openStream());
    }
}
