package io.helidon.common.pki;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:io/helidon/common/pki/PemReader.class */
final class PemReader {
    private static final Logger LOGGER = Logger.getLogger(PemReader.class.getName());
    private static final Pattern CERT_PATTERN = Pattern.compile("-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*CERTIFICATE[^-]*-+", 2);
    private static final Pattern KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*PRIVATE\\s+KEY[^-]*-+", 2);
    private static final Pattern PUBLIC_KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PUBLIC\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n\\s]+)-+END\\s+.*PUBLIC\\s+KEY[^-]*-+", 2);

    private PemReader() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey readPublicKey(InputStream inputStream) {
        X509EncodedKeySpec generatePublicKeySpec = generatePublicKeySpec(readPublicKeyBytes(inputStream));
        try {
            return KeyFactory.getInstance("RSA").generatePublic(generatePublicKeySpec);
        } catch (Exception e) {
            try {
                return KeyFactory.getInstance("DSA").generatePublic(generatePublicKeySpec);
            } catch (Exception e2) {
                try {
                    return KeyFactory.getInstance("EC").generatePublic(generatePublicKeySpec);
                } catch (Exception e3) {
                    throw new PkiException("Failed to get public key. It is not RSA, DSA or EC.", e3);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey readPrivateKey(InputStream inputStream, char[] cArr) {
        PKCS8EncodedKeySpec generateKeySpec = generateKeySpec(readPrivateKeyBytes(inputStream), cArr);
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(generateKeySpec);
        } catch (Exception e) {
            try {
                return KeyFactory.getInstance("DSA").generatePrivate(generateKeySpec);
            } catch (Exception e2) {
                try {
                    return KeyFactory.getInstance("EC").generatePrivate(generateKeySpec);
                } catch (Exception e3) {
                    throw new PkiException("Failed to get private key. It is not RSA, DSA or EC.", e3);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509Certificate> readCertificates(InputStream inputStream) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                try {
                    String readContent = readContent(inputStream);
                    safeClose(inputStream);
                    ArrayList arrayList = new ArrayList();
                    Matcher matcher = CERT_PATTERN.matcher(readContent);
                    for (int i = 0; matcher.find(i); i = matcher.end()) {
                        try {
                            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII)))));
                        } catch (Exception e) {
                            throw new PkiException("Failed to read certificate from bytes", e);
                        }
                    }
                    if (arrayList.isEmpty()) {
                        throw new PkiException("Found no certificates in input stream");
                    }
                    return arrayList;
                } catch (IOException e2) {
                    throw new PkiException("Failed to read certificate input stream", e2);
                }
            } catch (Throwable th) {
                safeClose(inputStream);
                throw th;
            }
        } catch (CertificateException e3) {
            throw new PkiException("Failed to create certificate factory", e3);
        }
    }

    private static PKCS8EncodedKeySpec generateKeySpec(byte[] bArr, char[] cArr) {
        if (cArr == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            return encryptedPrivateKeyInfo.getKeySpec(cipher);
        } catch (Exception e) {
            throw new PkiException("Failed to create key spec for key", e);
        }
    }

    private static X509EncodedKeySpec generatePublicKeySpec(byte[] bArr) {
        return new X509EncodedKeySpec(bArr);
    }

    private static byte[] readPrivateKeyBytes(InputStream inputStream) {
        try {
            try {
                String readContent = readContent(inputStream);
                safeClose(inputStream);
                Matcher matcher = KEY_PATTERN.matcher(readContent);
                if (!matcher.find()) {
                    throw new PkiException("Could not find a PKCS#8 private key in input stream");
                }
                return Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII));
            } catch (IOException e) {
                throw new PkiException("Failed to read key input stream", e);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            throw th;
        }
    }

    private static byte[] readPublicKeyBytes(InputStream inputStream) {
        try {
            try {
                String readContent = readContent(inputStream);
                safeClose(inputStream);
                Matcher matcher = PUBLIC_KEY_PATTERN.matcher(readContent);
                if (!matcher.find()) {
                    throw new PkiException("Could not find a X509 public key in input stream");
                }
                return Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII));
            } catch (IOException e) {
                throw new PkiException("Failed to read key input stream", e);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            throw th;
        }
    }

    private static String readContent(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.US_ASCII.name());
                    safeClose(byteArrayOutputStream);
                    return byteArrayOutputStream2;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            safeClose(byteArrayOutputStream);
            throw th;
        }
    }

    private static void safeClose(InputStream inputStream) {
        try {
            inputStream.close();
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to close a stream.", (Throwable) e);
        }
    }

    private static void safeClose(OutputStream outputStream) {
        try {
            outputStream.close();
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to close a stream.", (Throwable) e);
        }
    }
}
