package com.pspdfkit.signatures;

import A2.C0602c;
import I5.b;
import I9.c;
import M8.t;
import h9.C2469a;
import h9.l;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.regex.Pattern;
import kotlin.jvm.internal.k;
import okhttp3.HttpUrl;

/* loaded from: classes2.dex */
public final class KeyFileHelpersKt {
    public static final KeyStore.PrivateKeyEntry getPrivateKeyEntryFromP12Stream(InputStream inputStream, String str, String str2, String str3) {
        char[] charArray;
        KeyStore.PasswordProtection passwordProtection;
        k.h(inputStream, "inputStream");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        if (str != null) {
            charArray = str.toCharArray();
            k.g(charArray, "toCharArray(...)");
        } else {
            charArray = HttpUrl.FRAGMENT_ENCODE_SET.toCharArray();
            k.g(charArray, "toCharArray(...)");
        }
        keyStore.load(inputStream, charArray);
        if (str2 == null) {
            str2 = keyStore.aliases().nextElement();
        }
        if (!keyStore.isKeyEntry(str2)) {
            throw new CertificateException(b.h("Certificate with alias ", str2, " doesn't exist in passed keystore!"));
        }
        if (str3 == null) {
            passwordProtection = null;
        } else {
            char[] charArray2 = str3.toCharArray();
            k.g(charArray2, "toCharArray(...)");
            passwordProtection = new KeyStore.PasswordProtection(charArray2);
        }
        KeyStore.Entry entry = keyStore.getEntry(str2, passwordProtection);
        if (entry == null) {
            throw new CertificateException(b.h("Certificate with alias ", str2, " doesn't exist in passed keystore!"));
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
        if (privateKeyEntry != null) {
            return privateKeyEntry;
        }
        throw new CertificateException(b.h("Key entry ", str2, " does not have a private key attached!"));
    }

    public static /* synthetic */ KeyStore.PrivateKeyEntry getPrivateKeyEntryFromP12Stream$default(InputStream inputStream, String str, String str2, String str3, int i10, Object obj) {
        if ((i10 & 2) != 0) {
            str = null;
        }
        if ((i10 & 4) != 0) {
            str2 = null;
        }
        if ((i10 & 8) != 0) {
            str3 = null;
        }
        return getPrivateKeyEntryFromP12Stream(inputStream, str, str2, str3);
    }

    public static final PrivateKey getPrivateKeyFromPemFile(InputStream inputStream) {
        k.h(inputStream, "inputStream");
        Charset charset = C2469a.f27299b;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, charset), 8192);
        try {
            String j = C0602c.j(bufferedReader);
            c.b(bufferedReader, null);
            String G10 = l.G(j, "-----BEGIN PRIVATE KEY-----", HttpUrl.FRAGMENT_ENCODE_SET);
            String lineSeparator = System.lineSeparator();
            k.g(lineSeparator, "lineSeparator(...)");
            Pattern compile = Pattern.compile(lineSeparator);
            k.g(compile, "compile(...)");
            String replaceAll = compile.matcher(G10).replaceAll(HttpUrl.FRAGMENT_ENCODE_SET);
            k.g(replaceAll, "replaceAll(...)");
            String G11 = l.G(replaceAll, "-----END PRIVATE KEY-----", HttpUrl.FRAGMENT_ENCODE_SET);
            Base64.Decoder decoder = Base64.getDecoder();
            byte[] bytes = G11.getBytes(charset);
            k.g(bytes, "getBytes(...)");
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoder.decode(bytes)));
            k.g(generatePrivate, "generatePrivate(...)");
            return generatePrivate;
        } finally {
        }
    }

    public static final List<X509Certificate> getX509Certificates(KeyStore.PrivateKeyEntry privateKeyEntry) {
        k.h(privateKeyEntry, "<this>");
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        if (certificateChain == null) {
            certificateChain = new Certificate[]{privateKeyEntry.getCertificate()};
        }
        ArrayList arrayList = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateEncodingException("The certificate inside the private key must be a X.509 certificate.");
            }
            arrayList.add((X509Certificate) certificate);
        }
        return t.h0(arrayList);
    }

    public static final X509Certificate loadCertificateFromFile(File file) {
        k.h(file, "file");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate loadCertificateFromStream = loadCertificateFromStream(fileInputStream);
            c.b(fileInputStream, null);
            return loadCertificateFromStream;
        } finally {
        }
    }

    public static final X509Certificate loadCertificateFromStream(InputStream inputStream) {
        k.h(inputStream, "inputStream");
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        if (generateCertificate == null || !"X.509".equals(generateCertificate.getType())) {
            throw new CertificateException("Loaded certificate is not an X.509 certificate!");
        }
        return (X509Certificate) generateCertificate;
    }
}
