package com.addc.server.commons.security;

import com.addc.commons.Constants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/addc/server/commons/security/PemSecretKeyHelper.class */
public final class PemSecretKeyHelper {
    private static final String BC = "BC";
    private static final int ITERATIONS = 2048;
    private static final ASN1ObjectIdentifier AES256_CBC = PKCS8Generator.AES_256_CBC;
    private static final Logger LOGGER = LoggerFactory.getLogger(PemSecretKeyHelper.class);
    private static final PemSecretKeyHelper INSTANCE = new PemSecretKeyHelper();
    private final SecureRandom secrand = new SecureRandom();

    public static PemSecretKeyHelper getInstance() {
        return INSTANCE;
    }

    public SecretKey readPrivateKeyFromPEM(String str, char[] cArr) throws IOException, GeneralSecurityException {
        if (!str.startsWith("classpath:")) {
            return readSecretKeyFromPEM(new File(str), cArr);
        }
        String substring = str.substring("classpath:".length());
        InputStream resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(substring);
        if (resourceAsStream == null) {
            LOGGER.error("Cannot find {} on classpath", substring);
            throw new FileNotFoundException(substring + " not found on classpath");
        }
        try {
            SecretKey readSecretKeyFromPEM = readSecretKeyFromPEM(resourceAsStream, cArr);
            resourceAsStream.close();
            return readSecretKeyFromPEM;
        } catch (Throwable th) {
            resourceAsStream.close();
            throw th;
        }
    }

    public SecretKey readSecretKeyFromPEM(File file, char[] cArr) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            SecretKey readSecretKeyFromPEM = readSecretKeyFromPEM(fileInputStream, cArr);
            fileInputStream.close();
            return readSecretKeyFromPEM;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public SecretKey readSecretKeyFromPEM(InputStream inputStream, char[] cArr) throws GeneralSecurityException, IOException {
        PemReader pemReader = new PemReader(new InputStreamReader(inputStream, Constants.UTF8));
        Throwable th = null;
        try {
            try {
                EncryptedSecretKeyInfo encryptedSecretKeyInfo = new EncryptedSecretKeyInfo(ASN1Primitive.fromByteArray(pemReader.readPemObject().getContent()));
                PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(encryptedSecretKeyInfo.getEncryptionAlgorithm().getParameters());
                KeyDerivationFunc keyDerivationFunc = pBES2Parameters.getKeyDerivationFunc();
                EncryptionScheme encryptionScheme = pBES2Parameters.getEncryptionScheme();
                PBKDF2Params parameters = keyDerivationFunc.getParameters();
                int intValue = parameters.getIterationCount().intValue();
                byte[] salt = parameters.getSalt();
                String id = encryptionScheme.getAlgorithm().getId();
                PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
                pKCS5S2ParametersGenerator.init(PBEParametersGenerator.PKCS5PasswordToBytes(cArr), salt, intValue);
                SecretKeySpec secretKeySpec = new SecretKeySpec(pKCS5S2ParametersGenerator.generateDerivedParameters(256).getKey(), id);
                Cipher cipher = Cipher.getInstance(id, BC);
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(id, BC);
                algorithmParameters.init(encryptionScheme.getParameters().toASN1Primitive().getEncoded());
                cipher.init(2, secretKeySpec, algorithmParameters);
                SecretKeySpec secretKeySpec2 = new SecretKeySpec(cipher.doFinal(encryptedSecretKeyInfo.getEncryptedData()), encryptedSecretKeyInfo.getAlgorithmName());
                if (pemReader != null) {
                    if (0 != 0) {
                        try {
                            pemReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemReader.close();
                    }
                }
                return secretKeySpec2;
            } finally {
            }
        } catch (Throwable th3) {
            if (pemReader != null) {
                if (th != null) {
                    try {
                        pemReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemReader.close();
                }
            }
            throw th3;
        }
    }

    public void writeSecretKeyToPEM(SecretKey secretKey, String str, char[] cArr) throws GeneralSecurityException, IOException {
        writeSecretKeyToPEM(secretKey, new File(str), cArr);
    }

    public void writeSecretKeyToPEM(SecretKey secretKey, File file, char[] cArr) throws GeneralSecurityException, IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            writeSecretKeyToPEM(secretKey, fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    public void writeSecretKeyToPEM(SecretKey secretKey, OutputStream outputStream, char[] cArr) throws GeneralSecurityException, IOException {
        Cipher cipher = Cipher.getInstance(AES256_CBC.getId(), BC);
        AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(AES256_CBC.getId(), BC);
        byte[] encoded = secretKey.getEncoded();
        byte[] bArr = new byte[20];
        this.secrand.nextBytes(bArr);
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(PBEParametersGenerator.PKCS5PasswordToBytes(cArr), bArr, ITERATIONS);
        SecretKeySpec secretKeySpec = new SecretKeySpec(pKCS5S2ParametersGenerator.generateDerivedParameters(256).getKey(), AES256_CBC.getId());
        AlgorithmParameters generateParameters = algorithmParameterGenerator.generateParameters();
        cipher.init(1, secretKeySpec, generateParameters);
        PemObject pemObject = new PemObject("ENCRYPTED SECRET KEY", new EncryptedSecretKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(bArr, ITERATIONS)), new EncryptionScheme(AES256_CBC, ASN1Primitive.fromByteArray(generateParameters.getEncoded())))), secretKey.getAlgorithm(), cipher.doFinal(encoded)).toASN1Primitive().getEncoded());
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(outputStream, Constants.UTF8));
        try {
            jcaPEMWriter.writeObject(pemObject);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
        } catch (Throwable th) {
            jcaPEMWriter.close();
            throw th;
        }
    }

    private PemSecretKeyHelper() {
    }
}
