package kl.ssl.util;

import c.b.a.a.a;
import java.io.IOException;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import kl.ssl.gmvpn.crypto.TlsCertificate;
import kl.ssl.gmvpn.crypto.TlsCrypto;
import kl.ssl.gmvpn.crypto.impl.jcajce.JcaTlsCertificate;
import kl.ssl.gmvpn.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: classes2.dex */
public class CertUtil {
    public static final String CERTIFICATE = "CERTIFICATE";
    public static final String PRIVATE_KEY = "PRIVATE KEY";

    public static String formatCert(String str) {
        return !str.contains(CERTIFICATE) ? a.O("-----BEGIN CERTIFICATE-----\n", str, "\n-----END CERTIFICATE-----\n") : str;
    }

    public static String formatCertStr(String str) {
        return !str.contains(CERTIFICATE) ? a.O("-----BEGIN CERTIFICATE-----\n", str, "\n-----END CERTIFICATE-----\n") : str;
    }

    public static PrivateKey loadJcaPkcs8PrivateKey(JcaTlsCrypto jcaTlsCrypto, byte[] bArr) throws GeneralSecurityException {
        ASN1ObjectIdentifier algorithm = PrivateKeyInfo.getInstance(bArr).getPrivateKeyAlgorithm().getAlgorithm();
        return jcaTlsCrypto.getHelper().createKeyFactory(X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm) ? "EC" : (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm) || PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algorithm)) ? "RSA" : algorithm.getId()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PrivateKey loadJcaPrivateKey(TlsCrypto tlsCrypto, String str) throws IOException {
        return loadJcaPrivateKey((JcaTlsCrypto) tlsCrypto, str);
    }

    public static PrivateKey loadJcaPrivateKey(JcaTlsCrypto jcaTlsCrypto, String str) throws IOException {
        PemObject loadPemContent = loadPemContent(str);
        if (PRIVATE_KEY.equals(loadPemContent.getType())) {
            try {
                return loadJcaPkcs8PrivateKey(jcaTlsCrypto, loadPemContent.getContent());
            } catch (GeneralSecurityException e2) {
                e = e2;
            }
        } else {
            e = null;
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid private key", e);
    }

    public static JcaTlsCertificate loadJcaTlsCertificate(TlsCrypto tlsCrypto, String str) throws IOException {
        return (JcaTlsCertificate) loadTlsCertificate(tlsCrypto, str);
    }

    public static PemObject loadPemContent(String str) throws IOException {
        PemReader pemReader = new PemReader(new StringReader(str));
        PemObject readPemObject = pemReader.readPemObject();
        pemReader.close();
        return readPemObject;
    }

    public static TlsCertificate loadTlsCertificate(TlsCrypto tlsCrypto, String str) throws IOException {
        PemObject loadPemContent = loadPemContent(formatCertStr(str));
        if (loadPemContent.getType().endsWith(CERTIFICATE)) {
            return tlsCrypto.createCertificate(loadPemContent.getContent());
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
    }
}
