package de.bos_bremen.gov.autent.common;

import de.bos_bremen.gov.autent.common.Utils;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PasswordException;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:de/bos_bremen/gov/autent/common/PemReader.class */
class PemReader {
    private PemReader() {
    }

    static Utils.X509KeyPair readPemKeyPair(InputStream inputStream, char[] cArr) throws IOException, CertificateException {
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream, Utils.ENCODING);
        PEMParser pEMParser = null;
        try {
            pEMParser = new PEMParser(inputStreamReader);
            Utils.X509KeyPair extractKeyPair = extractKeyPair(pEMParser, cArr);
            if (pEMParser != null) {
                pEMParser.close();
            }
            inputStreamReader.close();
            return extractKeyPair;
        } catch (Throwable th) {
            if (pEMParser != null) {
                pEMParser.close();
            }
            inputStreamReader.close();
            throw th;
        }
    }

    private static Utils.X509KeyPair extractKeyPair(PEMParser pEMParser, char[] cArr) throws IOException, CertificateException {
        KeyPair keyPair = null;
        X509Certificate x509Certificate = null;
        while (true) {
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                break;
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                try {
                    keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(cArr)));
                } catch (PasswordException e) {
                    if (cArr != null) {
                        throw e;
                    }
                }
            } else if (readObject instanceof X509CertificateHolder) {
                try {
                    x509Certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) readObject);
                } catch (CertificateException e2) {
                    throw e2;
                }
            } else if (readObject instanceof KeyPair) {
                KeyPair keyPair2 = (KeyPair) readObject;
                if (noMismatch(x509Certificate, keyPair2)) {
                    keyPair = keyPair2;
                }
            } else if (readObject instanceof X509Certificate) {
                X509Certificate x509Certificate2 = (X509Certificate) readObject;
                if (noMismatch(x509Certificate2, keyPair)) {
                    x509Certificate = x509Certificate2;
                }
            }
            if (x509Certificate != null && keyPair != null) {
                break;
            }
        }
        return new Utils.X509KeyPair(keyPair == null ? null : keyPair.getPrivate(), new X509Certificate[]{x509Certificate});
    }

    private static boolean noMismatch(X509Certificate x509Certificate, KeyPair keyPair) {
        return x509Certificate == null || keyPair == null || keyPair.getPublic().equals(x509Certificate.getPublicKey());
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
