package tigase.push.apns;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import tigase.push.monitor.SSLCertificateExpirationAware;
import tigase.util.Base64;

/* loaded from: input_file:tigase/push/apns/APNSUtil.class */
public class APNSUtil {
    public static KeyStore loadCertificate(InputStream inputStream, String str) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(inputStream, str.toCharArray());
            return keyStore;
        } catch (Exception e) {
            throw new IOException("Could not load key store", e);
        }
    }

    public static PrivateKey loadPrivateKey(String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return loadPrivateKey(Base64.decode((String) Arrays.stream(str.replace("\r\n", "\n").split("\n")).filter(str2 -> {
            return !str2.startsWith("-----");
        }).collect(Collectors.joining())));
    }

    public static PrivateKey loadPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static InputStream inputStreamFromBase64(String str) {
        return new ByteArrayInputStream(Base64.decode(str));
    }

    public static Stream<SSLCertificateExpirationAware.Result> getCertificateValidPeriodFromBase64(String str, String str2) throws IOException {
        return getCertificateValidPeriod(loadCertificate(inputStreamFromBase64(str), str2));
    }

    public static Stream<SSLCertificateExpirationAware.Result> getCertificateValidPeriodFromFile(String str, String str2) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            Stream<SSLCertificateExpirationAware.Result> certificateValidPeriod = getCertificateValidPeriod(loadCertificate(fileInputStream, str2));
            fileInputStream.close();
            return certificateValidPeriod;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r4v4, types: [java.time.LocalDateTime] */
    /* JADX WARN: Type inference failed for: r5v5, types: [java.time.LocalDateTime] */
    public static Stream<SSLCertificateExpirationAware.Result> getCertificateValidPeriod(KeyStore keyStore) throws IOException {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    arrayList.add(new SSLCertificateExpirationAware.Result(x509Certificate.getSubjectDN().toString(), x509Certificate.getNotBefore().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime(), x509Certificate.getNotAfter().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime()));
                }
            }
            return arrayList.stream();
        } catch (KeyStoreException e) {
            throw new IOException("Could not validate key store", e);
        }
    }
}
