package io.fabric8.kubernetes.client.internal;

import io.fabric8.kubernetes.client.KubernetesClientException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;

/* loaded from: input_file:io/fabric8/kubernetes/client/internal/PKCS1Util.class */
class PKCS1Util {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/fabric8/kubernetes/client/internal/PKCS1Util$Asn1Object.class */
    public static class Asn1Object {
        private final int type;
        private final byte[] value;
        private final int tag;

        public Asn1Object(int i, byte[] bArr) {
            this.tag = i;
            this.type = i & 31;
            this.value = bArr;
        }

        public byte[] getValue() {
            return this.value;
        }

        BigInteger getInteger() throws IOException {
            if (this.type != 2) {
                throw new IOException("Invalid DER: object is not integer");
            }
            return new BigInteger(this.value);
        }

        void validateSequence() throws IOException {
            if (this.type != 16) {
                throw new IOException("Invalid DER: not a sequence");
            }
            if ((this.tag & 32) != 32) {
                throw new IOException("Invalid DER: can't parse primitive entity");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/fabric8/kubernetes/client/internal/PKCS1Util$DerParser.class */
    public static class DerParser {
        private static final int SEQUENCE = 16;
        private static final int INTEGER = 2;
        private static final int OBJECT_IDENTIFIER = 6;
        private InputStream in;

        DerParser(byte[] bArr) {
            this.in = new ByteArrayInputStream(bArr);
        }

        Asn1Object read() throws IOException {
            int read = this.in.read();
            if (read == -1) {
                throw new IOException("Invalid DER: stream too short, missing tag");
            }
            int length = getLength();
            byte[] bArr = new byte[length];
            if (this.in.read(bArr) < length) {
                throw new IOException("Invalid DER: stream too short, missing value");
            }
            return new Asn1Object(read, bArr);
        }

        private int getLength() throws IOException {
            int read = this.in.read();
            if (read == -1) {
                throw new IOException("Invalid DER: length missing");
            }
            if ((read & (-128)) == 0) {
                return read;
            }
            int i = read & 127;
            if (read >= 255 || i > 4) {
                throw new IOException("Invalid DER: length field too big (" + read + ")");
            }
            byte[] bArr = new byte[i];
            if (this.in.read(bArr) < i) {
                throw new IOException("Invalid DER: length too short");
            }
            return new BigInteger(1, bArr).intValue();
        }
    }

    private PKCS1Util() {
    }

    public static RSAPrivateCrtKeySpec decodePKCS1(byte[] bArr) throws IOException {
        Asn1Object read = new DerParser(bArr).read();
        read.validateSequence();
        DerParser derParser = new DerParser(read.getValue());
        derParser.read();
        return new RSAPrivateCrtKeySpec(next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser), next(derParser));
    }

    private static BigInteger next(DerParser derParser) throws IOException {
        return derParser.read().getInteger();
    }

    public static ECPrivateKeySpec getECKeySpec(byte[] bArr) throws IOException {
        Asn1Object read = new DerParser(bArr).read();
        if (read.type != 16) {
            throw new KubernetesClientException("Invalid DER: not a sequence");
        }
        DerParser derParser = new DerParser(read.value);
        Asn1Object read2 = derParser.read();
        if (read2.type != 2) {
            throw new KubernetesClientException(String.format("Invalid DER: 'version' field must be of type INTEGER (2) but found type `%d`", Integer.valueOf(read2.type)));
        }
        if (read2.getInteger().intValue() != 1) {
            throw new KubernetesClientException(String.format("Invalid DER: expected 'version' field to have value '1' but found '%d'", Integer.valueOf(read2.getInteger().intValue())));
        }
        byte[] value = derParser.read().getValue();
        Asn1Object read3 = new DerParser(derParser.read().getValue()).read();
        if (read3.type != 6) {
            throw new KubernetesClientException(String.format("Invalid DER: expected to find an OBJECT_IDENTIFIER (6) in 'parameters' but found type '%d'", Integer.valueOf(read3.type)));
        }
        return new ECPrivateKeySpec(new BigInteger(1, value), getECParameterSpec(oidToString(read3.getValue())));
    }

    private static ECParameterSpec getECParameterSpec(String str) {
        GeneralSecurityException generalSecurityException = null;
        for (Provider provider : Security.getProviders()) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", provider);
                keyPairGenerator.initialize(new ECGenParameterSpec(str));
                return ((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams();
            } catch (GeneralSecurityException e) {
                generalSecurityException = e;
            }
        }
        throw new KubernetesClientException("Cannot determine EC parameter spec for curve name/OID" + (Security.getProvider("BC") != null || Security.getProvider("BCFIPS") != null ? "" : ". A BouncyCastle provider is not installed, it may be needed for this EC algorithm."), generalSecurityException);
    }

    private static String oidToString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        int i = bArr[0] & 255;
        sb.append(i / 40).append(".").append(i % 40);
        int i2 = 1;
        while (i2 < bArr.length) {
            byte b = bArr[i2];
            if (b < 0) {
                int i3 = b & Byte.MAX_VALUE;
                i2++;
                if (i2 == bArr.length) {
                    throw new IllegalArgumentException("Invalid OID");
                }
                sb.append(".").append((i3 << 7) | (bArr[i2] & Byte.MAX_VALUE));
            } else {
                sb.append(".").append((int) b);
            }
            i2++;
        }
        return sb.toString();
    }
}
