package de.rwh.utils.crypto.io;

import de.rwh.utils.crypto.CertificateHelper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/rwh/utils/crypto/io/PemIo.class */
public final class PemIo extends AbstractCertIo {
    public static final String PEM_FILE_EXTENSION = ".pem";
    private static final int LINE_LENGTH = 64;
    private static final String PUBLIC_KEY_BEGIN = "-----BEGIN PUBLIC KEY-----";
    private static final String PUBLIC_KEY_END = "-----END PUBLIC KEY-----";
    private static final String CERTIFICATE_BEGIN = "-----BEGIN CERTIFICATE-----";
    private static final String CERTIFICATE_END = "-----END CERTIFICATE-----";
    private static final Logger logger = LoggerFactory.getLogger(PemIo.class);
    private static final Charset CHAR_SET = StandardCharsets.UTF_8;

    private PemIo() {
    }

    public static void writeX509CertificateToPem(X509Certificate x509Certificate, Path path) throws IOException, CertificateEncodingException {
        writeEncoded(x509Certificate.getEncoded(), path, CERTIFICATE_BEGIN, CERTIFICATE_END, CHAR_SET, LINE_LENGTH);
    }

    public static String writeX509Certificate(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        return writeEncoded(x509Certificate.getEncoded(), CERTIFICATE_BEGIN, CERTIFICATE_END, CHAR_SET, LINE_LENGTH);
    }

    public static void writePublicKeyToPem(RSAPublicKey rSAPublicKey, Path path) throws IOException {
        writeEncoded(rSAPublicKey.getEncoded(), path, PUBLIC_KEY_BEGIN, PUBLIC_KEY_END, CHAR_SET, LINE_LENGTH);
    }

    public static X509Certificate readX509CertificateFromPem(Path path) throws IOException, CertificateException {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(readEncoded(path, CERTIFICATE_BEGIN, CERTIFICATE_END, CHAR_SET, LINE_LENGTH)));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new IllegalStateException("certificate not a X509Certificate");
    }

    public static X509Certificate readX509CertificateFromPem(String str) throws IOException, CertificateException {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(readEncoded(str, CERTIFICATE_BEGIN, CERTIFICATE_END)));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new IllegalStateException("certificate not a X509Certificate");
    }

    public static RSAPublicKey readPublicKeyFromPem(Path path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        PublicKey generatePublic = KeyFactory.getInstance(CertificateHelper.DEFAULT_KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(readEncoded(path, PUBLIC_KEY_BEGIN, PUBLIC_KEY_END, CHAR_SET, LINE_LENGTH)));
        if (generatePublic instanceof RSAPublicKey) {
            return (RSAPublicKey) generatePublic;
        }
        throw new IllegalStateException("public key not a RSAPublicKey");
    }

    public static PrivateKey readPrivateKeyFromPem(Path path) throws IOException, PKCSException {
        return readPrivateKeyFromPem(path, (char[]) null);
    }

    public static PrivateKey readPrivateKeyFromPem(BouncyCastleProvider bouncyCastleProvider, Path path) throws IOException, PKCSException {
        return readPrivateKeyFromPem(bouncyCastleProvider, path, null);
    }

    public static PrivateKey readPrivateKeyFromPem(Path path, char[] cArr) throws IOException, PKCSException {
        return readPrivateKeyFromPem(new BouncyCastleProvider(), path, cArr);
    }

    public static PrivateKey readPrivateKeyFromPem(BouncyCastleProvider bouncyCastleProvider, Path path, char[] cArr) throws IOException, PKCSException {
        Objects.requireNonNull(bouncyCastleProvider, "provider");
        Objects.requireNonNull(path, "pemFile");
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(bouncyCastleProvider);
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(newInputStream);
            try {
                PEMParser pEMParser = new PEMParser(inputStreamReader);
                try {
                    Object readObject = pEMParser.readObject();
                    if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        if (cArr == null) {
                            throw new IOException("password is null");
                        }
                        PrivateKey privateKey = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bouncyCastleProvider).build(cArr)));
                        pEMParser.close();
                        inputStreamReader.close();
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                        return privateKey;
                    }
                    if (readObject instanceof PrivateKeyInfo) {
                        if (cArr != null) {
                            logger.warn("Private key not encrypted, ignoring password");
                        }
                        PrivateKey privateKey2 = provider.getPrivateKey((PrivateKeyInfo) readObject);
                        pEMParser.close();
                        inputStreamReader.close();
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                        return privateKey2;
                    }
                    if (readObject instanceof PEMEncryptedKeyPair) {
                        if (cArr == null) {
                            throw new IOException("password is null");
                        }
                        PrivateKey privateKey3 = provider.getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new BcPEMDecryptorProvider(cArr)).getPrivateKeyInfo());
                        pEMParser.close();
                        inputStreamReader.close();
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                        return privateKey3;
                    }
                    if (!(readObject instanceof PEMKeyPair)) {
                        throw new IOException(readObject.getClass().getName() + " not supported");
                    }
                    if (cArr != null) {
                        logger.warn("Key pair not encrypted, ignoring password");
                    }
                    PrivateKey privateKey4 = provider.getPrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
                    pEMParser.close();
                    inputStreamReader.close();
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                    return privateKey4;
                } catch (Throwable th) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    public static void write3DesEncryptedPrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToPkcs8(bouncyCastleProvider, path, privateKey, cArr, PKCSObjectIdentifiers.des_EDE3_CBC);
    }

    public static void writeAes128EncryptedPrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToPkcs8(bouncyCastleProvider, path, privateKey, cArr, NISTObjectIdentifiers.id_aes128_CBC);
    }

    public static void writeAes256EncryptedPrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToPkcs8(bouncyCastleProvider, path, privateKey, cArr, NISTObjectIdentifiers.id_aes256_CBC);
    }

    private static void writeEncryptedPrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws OperatorCreationException, IOException {
        writePrivateKeyToPkcs8(bouncyCastleProvider, path, privateKey, cArr, new JcePKCSPBEOutputEncryptorBuilder(new PBKDF2Config.Builder().withPRF(PBKDF2Config.PRF_SHA256).withIterationCount(2048).build(), aSN1ObjectIdentifier).setProvider(bouncyCastleProvider).build(cArr));
    }

    public static void writeNotEncryptedPrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey) throws OperatorCreationException, IOException {
        writePrivateKeyToPkcs8(bouncyCastleProvider, path, privateKey, null, null);
    }

    private static void writePrivateKeyToPkcs8(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr, OutputEncryptor outputEncryptor) throws OperatorCreationException, IOException {
        OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(newOutputStream);
            try {
                PemWriter pemWriter = new PemWriter(outputStreamWriter);
                try {
                    pemWriter.writeObject(new PKCS8Generator(PrivateKeyInfo.getInstance(privateKey.getEncoded()), outputEncryptor));
                    pemWriter.close();
                    outputStreamWriter.close();
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                } catch (Throwable th) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    public static void write3DesEncryptedPrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToOpenSslClassicPem(bouncyCastleProvider, path, privateKey, cArr, "DES-EDE3-CBC");
    }

    public static void writeAes128EncryptedPrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToOpenSslClassicPem(bouncyCastleProvider, path, privateKey, cArr, "AES-128-CBC");
    }

    public static void writeAes256EncryptedPrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr) throws OperatorCreationException, IOException {
        writeEncryptedPrivateKeyToOpenSslClassicPem(bouncyCastleProvider, path, privateKey, cArr, "AES-256-CBC");
    }

    private static void writeEncryptedPrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr, String str) throws OperatorCreationException, IOException {
        writePrivateKeyToOpenSslClassicPem(bouncyCastleProvider, path, privateKey, cArr, new JcePEMEncryptorBuilder(str).setProvider(bouncyCastleProvider).build(cArr));
    }

    public static void writeNotEncryptedPrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey) throws OperatorCreationException, IOException {
        writePrivateKeyToOpenSslClassicPem(bouncyCastleProvider, path, privateKey, null, null);
    }

    private static void writePrivateKeyToOpenSslClassicPem(BouncyCastleProvider bouncyCastleProvider, Path path, PrivateKey privateKey, char[] cArr, PEMEncryptor pEMEncryptor) throws OperatorCreationException, IOException {
        OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(newOutputStream);
            try {
                PemWriter pemWriter = new PemWriter(outputStreamWriter);
                try {
                    pemWriter.writeObject(new MiscPEMGenerator(PrivateKeyInfo.getInstance(privateKey.getEncoded()), pEMEncryptor));
                    pemWriter.close();
                    outputStreamWriter.close();
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                } catch (Throwable th) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
