package com.netflix.spinnaker.kork.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Objects;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.Encodable;

/* loaded from: input_file:com/netflix/spinnaker/kork/crypto/TrustStores.class */
public final class TrustStores {
    private TrustStores() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }

    public static KeyStore loadPEM(Path path) throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore pKCS12KeyStore = StandardCrypto.getPKCS12KeyStore();
        pKCS12KeyStore.load(null, null);
        PEMParser pEMParser = new PEMParser(Files.newBufferedReader(path));
        try {
            CertificateFactory x509CertificateFactory = StandardCrypto.getX509CertificateFactory();
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    pEMParser.close();
                    return pKCS12KeyStore;
                }
                Certificate generateCertificate = x509CertificateFactory.generateCertificate(new ByteArrayInputStream(((Encodable) readObject).getEncoded()));
                pKCS12KeyStore.setCertificateEntry(X509Identity.generateAlias(generateCertificate), generateCertificate);
            }
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static X509TrustManager loadTrustManager(KeyStore keyStore) throws KeyStoreException {
        TrustManagerFactory pKIXTrustManagerFactory = StandardCrypto.getPKIXTrustManagerFactory();
        pKIXTrustManagerFactory.init(keyStore);
        Stream of = Stream.of((Object[]) pKIXTrustManagerFactory.getTrustManagers());
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        Stream filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509TrustManager> cls2 = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        return (X509TrustManager) filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("Provided KeyStore does not contain any X.509 certificates");
        });
    }

    public static X509TrustManager getSystemTrustManager() {
        TrustManagerFactory pKIXTrustManagerFactory = StandardCrypto.getPKIXTrustManagerFactory();
        try {
            pKIXTrustManagerFactory.init((KeyStore) null);
            Stream of = Stream.of((Object[]) pKIXTrustManagerFactory.getTrustManagers());
            Class<X509TrustManager> cls = X509TrustManager.class;
            Objects.requireNonNull(X509TrustManager.class);
            Stream filter = of.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509TrustManager> cls2 = X509TrustManager.class;
            Objects.requireNonNull(X509TrustManager.class);
            return (X509TrustManager) filter.map((v1) -> {
                return r1.cast(v1);
            }).findFirst().orElseThrow(() -> {
                return new IllegalStateException("No system default trust store configured");
            });
        } catch (KeyStoreException e) {
            throw new NestedSecurityRuntimeException(e);
        }
    }
}
