package com.sshtools.common.ssh.x509;

import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.ssh.components.jce.JCEAlgorithms;
import com.sshtools.common.ssh.components.jce.Ssh2DsaPrivateKey;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPrivateKey;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:com/sshtools/common/ssh/x509/X509Helper.class */
public class X509Helper {
    public SshKeyPair[] loadKeystore(InputStream inputStream, String str, String str2, String str3) throws IOException {
        return loadKeystore(inputStream, str, str2, str3, "PKCS12");
    }

    public SshKeyPair[] loadKeystore(InputStream inputStream, String str, String str2, String str3, String str4) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str4);
            keyStore.load(inputStream, str2.toCharArray());
            Key key = keyStore.getKey(str, str3.toCharArray());
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            String algorithm = key.getAlgorithm();
            SshKeyPair sshKeyPair = new SshKeyPair();
            if (algorithm.equals("RSA")) {
                if (x509Certificate.getSigAlgName().equalsIgnoreCase(JCEAlgorithms.JCE_SHA1WithRSA)) {
                    sshKeyPair.setPublicKey(new SshX509RsaSha1PublicKey(x509Certificate));
                    sshKeyPair.setPrivateKey(new Ssh2RsaPrivateKey((RSAPrivateKey) key));
                    SshKeyPair sshKeyPair2 = new SshKeyPair();
                    sshKeyPair2.setPublicKey(new SshX509RsaPublicKey(x509Certificate));
                    sshKeyPair2.setPrivateKey(new Ssh2RsaPrivateKey((RSAPrivateKey) key));
                    SshKeyPair sshKeyPair3 = new SshKeyPair();
                    sshKeyPair3.setPublicKey(new SshX509RsaPublicKeyRfc6187(certificateChain));
                    sshKeyPair3.setPrivateKey(new Ssh2RsaPrivateKey((RSAPrivateKey) key));
                    return new SshKeyPair[]{sshKeyPair, sshKeyPair2, sshKeyPair3};
                }
                if (x509Certificate.getSigAlgName().equalsIgnoreCase(JCEAlgorithms.JCE_SHA256WithRSA) && ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() >= 2048) {
                    sshKeyPair.setPublicKey(new SshX509Rsa2048Sha256Rfc6187(certificateChain));
                    sshKeyPair.setPrivateKey(new Ssh2RsaPrivateKey((RSAPrivateKey) key));
                    if (!Boolean.getBoolean("maverick.backwardCompatibleSHA2")) {
                        return new SshKeyPair[]{sshKeyPair};
                    }
                    SshKeyPair sshKeyPair4 = new SshKeyPair();
                    sshKeyPair4.setPublicKey(new SshX509RsaPublicKey(x509Certificate));
                    sshKeyPair4.setPrivateKey(new Ssh2RsaPrivateKey((RSAPrivateKey) key));
                    return new SshKeyPair[]{sshKeyPair, sshKeyPair4};
                }
            } else if (algorithm.equals(JCEAlgorithms.JCE_DSA)) {
                sshKeyPair.setPublicKey(new SshX509DsaPublicKey(x509Certificate));
                sshKeyPair.setPrivateKey(new Ssh2DsaPrivateKey((DSAPrivateKey) key, (DSAPublicKey) x509Certificate.getPublicKey()));
                SshKeyPair sshKeyPair5 = new SshKeyPair();
                sshKeyPair5.setPublicKey(new SshX509DsaPublicKeyRfc6187(certificateChain));
                sshKeyPair5.setPrivateKey(new Ssh2DsaPrivateKey((DSAPrivateKey) key));
                return new SshKeyPair[]{sshKeyPair, sshKeyPair5};
            }
            throw new IOException(algorithm + " is an unsupported certificate type");
        } catch (Throwable th) {
            throw new IOException("Could not load keystore from stream: " + th.getMessage());
        }
    }

    public SshKeyPair[] loadKeystore(File file, String str, String str2, String str3) throws IOException {
        return loadKeystore(file, str, str2, str3, "PKCS12");
    }

    public SshKeyPair[] loadKeystore(File file, String str, String str2, String str3, String str4) throws IOException {
        return loadKeystore(new FileInputStream(file), str, str2, str3, str4);
    }
}
