package org.apache.hadoop.hdds.security.x509.keys;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.ssl.KeyStoresFactory;
import org.apache.hadoop.hdds.security.ssl.PemFileBasedKeyStoresFactory;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.exception.CertificateException;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/keys/SecurityUtil.class */
public final class SecurityUtil {
    private SecurityUtil() {
    }

    public static PrivateKey getPrivateKey(byte[] bArr, SecurityConfig securityConfig) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return KeyFactory.getInstance(securityConfig.getKeyAlgo(), securityConfig.getProvider()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            return null;
        }
    }

    public static PublicKey getPublicKey(byte[] bArr, SecurityConfig securityConfig) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return KeyFactory.getInstance(securityConfig.getKeyAlgo(), securityConfig.getProvider()).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            return null;
        }
    }

    public static KeyStoresFactory getServerKeyStoresFactory(SecurityConfig securityConfig, CertificateClient certificateClient, boolean z) throws CertificateException {
        PemFileBasedKeyStoresFactory pemFileBasedKeyStoresFactory = new PemFileBasedKeyStoresFactory(securityConfig, certificateClient);
        try {
            pemFileBasedKeyStoresFactory.init(KeyStoresFactory.Mode.SERVER, z);
            return pemFileBasedKeyStoresFactory;
        } catch (IOException | GeneralSecurityException e) {
            throw new CertificateException("Failed to init keyStoresFactory", e, CertificateException.ErrorCode.KEYSTORE_ERROR);
        }
    }

    public static KeyStoresFactory getClientKeyStoresFactory(SecurityConfig securityConfig, CertificateClient certificateClient, boolean z) throws CertificateException {
        PemFileBasedKeyStoresFactory pemFileBasedKeyStoresFactory = new PemFileBasedKeyStoresFactory(securityConfig, certificateClient);
        try {
            pemFileBasedKeyStoresFactory.init(KeyStoresFactory.Mode.CLIENT, z);
            return pemFileBasedKeyStoresFactory;
        } catch (IOException | GeneralSecurityException e) {
            throw new CertificateException("Failed to init keyStoresFactory", e, CertificateException.ErrorCode.KEYSTORE_ERROR);
        }
    }
}
