package org.eclipse.jetty.quic.quiche;

import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/jetty/quic/quiche/PemExporter.class */
public class PemExporter {
    private static final Logger LOG = LoggerFactory.getLogger(PemExporter.class);
    private static final byte[] BEGIN_KEY = "-----BEGIN PRIVATE KEY-----".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] END_KEY = "-----END PRIVATE KEY-----".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] BEGIN_CERT = "-----BEGIN CERTIFICATE-----".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] END_CERT = "-----END CERTIFICATE-----".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] LINE_SEPARATOR = System.getProperty("line.separator").getBytes(StandardCharsets.US_ASCII);
    private static final Base64.Encoder ENCODER = Base64.getMimeEncoder(64, LINE_SEPARATOR);

    private PemExporter() {
    }

    public static Path exportTrustStore(KeyStore keyStore, Path path) throws Exception {
        if (!Files.isDirectory(path, new LinkOption[0])) {
            throw new IllegalArgumentException("Target folder is not a directory: " + path);
        }
        Path createTempFile = Files.createTempFile(path, "truststore-", ".crt", new FileAttribute[0]);
        OutputStream newOutputStream = Files.newOutputStream(createTempFile, new OpenOption[0]);
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                writeAsPEM(newOutputStream, keyStore.getCertificate(aliases.nextElement()));
            }
            if (newOutputStream != null) {
                newOutputStream.close();
            }
            return createTempFile;
        } catch (Throwable th) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static Path[] exportKeyPair(KeyStore keyStore, String str, char[] cArr, Path path) throws Exception {
        OutputStream newOutputStream;
        if (!Files.isDirectory(path, new LinkOption[0])) {
            throw new IllegalArgumentException("Target folder is not a directory: " + path);
        }
        Path[] pathArr = new Path[2];
        pathArr[1] = path.resolve(str + ".crt");
        try {
            newOutputStream = Files.newOutputStream(pathArr[1], new OpenOption[0]);
        } catch (UnsupportedOperationException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Unable to set Posix file permissions", e);
            }
        }
        try {
            for (Certificate certificate : keyStore.getCertificateChain(str)) {
                writeAsPEM(newOutputStream, certificate);
            }
            Files.setPosixFilePermissions(pathArr[1], Set.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
            if (newOutputStream != null) {
                newOutputStream.close();
            }
            pathArr[0] = path.resolve(str + ".key");
            try {
                newOutputStream = Files.newOutputStream(pathArr[0], new OpenOption[0]);
                try {
                    writeAsPEM(newOutputStream, keyStore.getKey(str, cArr));
                    Files.setPosixFilePermissions(pathArr[0], Set.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                } finally {
                }
            } catch (UnsupportedOperationException e2) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Unable to set Posix file permissions", e2);
                }
            }
            return pathArr;
        } finally {
        }
    }

    private static void writeAsPEM(OutputStream outputStream, Key key) throws IOException {
        byte[] encode = ENCODER.encode(key.getEncoded());
        outputStream.write(BEGIN_KEY);
        outputStream.write(LINE_SEPARATOR);
        outputStream.write(encode);
        outputStream.write(LINE_SEPARATOR);
        outputStream.write(END_KEY);
        outputStream.write(LINE_SEPARATOR);
    }

    private static void writeAsPEM(OutputStream outputStream, Certificate certificate) throws CertificateEncodingException, IOException {
        byte[] encode = ENCODER.encode(certificate.getEncoded());
        outputStream.write(BEGIN_CERT);
        outputStream.write(LINE_SEPARATOR);
        outputStream.write(encode);
        outputStream.write(LINE_SEPARATOR);
        outputStream.write(END_CERT);
        outputStream.write(LINE_SEPARATOR);
    }
}
