package org.neo4j.driver.internal.pki;

import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HexFormat;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.function.Function;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats.class */
final class PemFormats {
    private static final KeyFactory RSA_KEY_FACTORY;
    private static final KeyFactory DSA_KEY_FACTORY;
    private static final KeyFactory EC_KEY_FACTORY;
    private static final Function<PKCS8EncodedKeySpec, PrivateKey> ALL_KEY_FACTORIES;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$DecryptSchema.class */
    public enum DecryptSchema {
        DES_CBC(8, "DES", "DES/CBC/PKCS5Padding"),
        DES_EDE3_CBC(24, "DESede", "DESede/CBC/PKCS5Padding"),
        AES_128_CBC(16, "AES", "AES/CBC/PKCS5Padding"),
        AES_192_CBC(24, "AES", "AES/CBC/PKCS5Padding"),
        AES_256_CBC(32, "AES", "AES/CBC/PKCS5Padding");

        final int keySize;
        final String family;
        final String cipher;

        DecryptSchema(int i, String str, String str2) {
            this.keySize = i;
            this.family = str;
            this.cipher = str2;
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$PemFormat.class */
    interface PemFormat {
        PrivateKey decodePrivate(byte[] bArr, Map<String, String> map, String str) throws KeyException;

        PublicKey decodePublicKey(byte[] bArr) throws KeyException;
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$PemLegacy.class */
    static abstract class PemLegacy implements PemFormat {
        PemLegacy() {
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PrivateKey decodePrivate(byte[] bArr, Map<String, String> map, String str) throws KeyException {
            String str2 = map.get("Proc-Type");
            if (str2 == null || !str2.equals("4,ENCRYPTED")) {
                PemFormats.assertNoPassword(str);
            } else {
                PemFormats.assertPassword(str);
                String str3 = map.get("DEK-Info");
                if (str3 == null) {
                    throw new KeyException("Missing 'DEK-Info' in encrypted PRIVATE KEY.");
                }
                StringTokenizer stringTokenizer = new StringTokenizer(str3, ",");
                bArr = PemFormats.decryptLegacyPem(bArr, stringTokenizer.nextToken(), HexFormat.of().parseHex(stringTokenizer.nextToken()), str);
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            if (DerUtils.beginDerSequence(wrap) != wrap.remaining()) {
                throw new IllegalArgumentException("Malformed ASN.1 input.");
            }
            if (!version().equals(DerUtils.readDerInteger(wrap))) {
                throw new IllegalArgumentException("PrivateKey version mismatch.");
            }
            try {
                return decodePrivate0(wrap);
            } catch (InvalidKeySpecException e) {
                throw new KeyException(e);
            }
        }

        protected abstract PrivateKey decodePrivate0(ByteBuffer byteBuffer) throws InvalidKeySpecException;

        protected abstract BigInteger version();
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$PemPKCS1Dsa.class */
    static class PemPKCS1Dsa extends PemLegacy {
        static final String PRIVATE_LABEL = "DSA PRIVATE KEY";

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PublicKey decodePublicKey(byte[] bArr) {
            throw new UnsupportedOperationException();
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected PrivateKey decodePrivate0(ByteBuffer byteBuffer) throws InvalidKeySpecException {
            BigInteger readDerInteger = DerUtils.readDerInteger(byteBuffer);
            BigInteger readDerInteger2 = DerUtils.readDerInteger(byteBuffer);
            BigInteger readDerInteger3 = DerUtils.readDerInteger(byteBuffer);
            DerUtils.readDerInteger(byteBuffer);
            return PemFormats.DSA_KEY_FACTORY.generatePrivate(new DSAPrivateKeySpec(DerUtils.readDerInteger(byteBuffer), readDerInteger, readDerInteger2, readDerInteger3));
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected BigInteger version() {
            return BigInteger.ZERO;
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$PemPKCS1Ec.class */
    static class PemPKCS1Ec extends PemLegacy {
        static final String PRIVATE_LABEL = "EC PRIVATE KEY";

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PublicKey decodePublicKey(byte[] bArr) {
            throw new UnsupportedOperationException();
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected PrivateKey decodePrivate0(ByteBuffer byteBuffer) throws InvalidKeySpecException {
            try {
                BigInteger bigInteger = new BigInteger(1, DerUtils.readDerOctetString(byteBuffer));
                byte[] derContext = DerUtils.getDerContext(byteBuffer, (byte) 0);
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
                algorithmParameters.init(derContext);
                return PemFormats.EC_KEY_FACTORY.generatePrivate(new ECPrivateKeySpec(bigInteger, (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
            } catch (IOException | NoSuchAlgorithmException | InvalidParameterSpecException e) {
                throw new IllegalArgumentException("Failed to decode EC private key", e);
            }
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected BigInteger version() {
            return BigInteger.ONE;
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$PemPKCS1Rsa.class */
    static class PemPKCS1Rsa extends PemLegacy {
        static final String PRIVATE_LABEL = "RSA PRIVATE KEY";
        static final String PUBLIC_LABEL = "RSA PUBLIC KEY";

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PublicKey decodePublicKey(byte[] bArr) throws KeyException {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            if (DerUtils.beginDerSequence(wrap) != wrap.remaining()) {
                throw new IllegalArgumentException("Malformed RSAPublicKey");
            }
            try {
                return PemFormats.RSA_KEY_FACTORY.generatePublic(new RSAPublicKeySpec(DerUtils.readDerInteger(wrap), DerUtils.readDerInteger(wrap)));
            } catch (InvalidKeySpecException e) {
                throw new KeyException(e);
            }
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected PrivateKey decodePrivate0(ByteBuffer byteBuffer) throws InvalidKeySpecException {
            return PemFormats.RSA_KEY_FACTORY.generatePrivate(new RSAPrivateCrtKeySpec(DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer), DerUtils.readDerInteger(byteBuffer)));
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemLegacy
        protected BigInteger version() {
            return BigInteger.ZERO;
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$Pkcs8.class */
    static class Pkcs8 implements PemFormat {
        static final String PRIVATE_LABEL = "PRIVATE KEY";
        static final String PUBLIC_LABEL = "PUBLIC KEY";

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PrivateKey decodePrivate(byte[] bArr, Map<String, String> map, String str) throws KeyException {
            PemFormats.assertNoPassword(str);
            return PemFormats.ALL_KEY_FACTORIES.apply(new PKCS8EncodedKeySpec(bArr));
        }

        @Override // org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PublicKey decodePublicKey(byte[] bArr) throws KeyException {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
            try {
                return PemFormats.RSA_KEY_FACTORY.generatePublic(x509EncodedKeySpec);
            } catch (InvalidKeySpecException e) {
                try {
                    return PemFormats.DSA_KEY_FACTORY.generatePublic(x509EncodedKeySpec);
                } catch (InvalidKeySpecException e2) {
                    try {
                        return PemFormats.EC_KEY_FACTORY.generatePublic(x509EncodedKeySpec);
                    } catch (InvalidKeySpecException e3) {
                        e.addSuppressed(e2);
                        e.addSuppressed(e3);
                        throw new KeyException("Public key does not match RSA, DSA or EC spec.", e);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:org/neo4j/driver/internal/pki/PemFormats$Pkcs8Encrypted.class */
    static class Pkcs8Encrypted extends Pkcs8 {
        static final String ENCRYPTED_LABEL = "ENCRYPTED PRIVATE KEY";

        @Override // org.neo4j.driver.internal.pki.PemFormats.Pkcs8, org.neo4j.driver.internal.pki.PemFormats.PemFormat
        public PrivateKey decodePrivate(byte[] bArr, Map<String, String> map, String str) throws KeyException {
            PemFormats.assertPassword(str);
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                SecretKey secretKey = getSecretKey(encryptedPrivateKeyInfo, str);
                Cipher cipher = getCipher(encryptedPrivateKeyInfo);
                cipher.init(2, secretKey, encryptedPrivateKeyInfo.getAlgParameters());
                return PemFormats.ALL_KEY_FACTORIES.apply(encryptedPrivateKeyInfo.getKeySpec(cipher));
            } catch (Exception e) {
                throw new KeyException("Unable to decrypt private key.", e);
            }
        }

        private static SecretKey getSecretKey(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
            SecretKeyFactory secretKeyFactory;
            try {
                secretKeyFactory = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName());
            } catch (NoSuchAlgorithmException e) {
                secretKeyFactory = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgParameters().toString());
            }
            return secretKeyFactory.generateSecret(new PBEKeySpec(str.toCharArray()));
        }

        private static Cipher getCipher(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws NoSuchPaddingException, NoSuchAlgorithmException {
            try {
                return Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                return Cipher.getInstance(encryptedPrivateKeyInfo.getAlgParameters().toString());
            }
        }
    }

    private PemFormats() {
    }

    private static void assertNoPassword(String str) throws KeyException {
        if (str != null) {
            throw new KeyException("Passphrase was provided but found un-encrypted private key.");
        }
    }

    private static void assertPassword(String str) throws KeyException {
        if (str == null) {
            throw new KeyException("Found encrypted private key but no passphrase was provided.");
        }
    }

    private static byte[] decryptLegacyPem(byte[] bArr, String str, byte[] bArr2, String str2) throws KeyException {
        try {
            try {
                DecryptSchema valueOf = DecryptSchema.valueOf(str.replace("-", "_"));
                byte[] keyDerivationFunction = keyDerivationFunction(bArr2, str2);
                byte[] bArr3 = new byte[valueOf.keySize];
                System.arraycopy(keyDerivationFunction, 0, bArr3, 0, valueOf.keySize);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, valueOf.family);
                Cipher cipher = Cipher.getInstance(valueOf.cipher);
                cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
                return cipher.doFinal(bArr);
            } catch (IllegalArgumentException e) {
                throw new KeyException(String.format("Encryption scheme %s is not supported.", str));
            }
        } catch (Exception e2) {
            throw new KeyException("Failed to decrypt PEM file.", e2);
        }
    }

    private static byte[] keyDerivationFunction(byte[] bArr, String str) throws NoSuchAlgorithmException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(bytes);
        messageDigest.update(bArr, 0, 8);
        byte[] digest = messageDigest.digest();
        messageDigest.update(digest);
        messageDigest.update(bytes);
        messageDigest.update(bArr, 0, 8);
        byte[] digest2 = messageDigest.digest();
        byte[] bArr2 = new byte[32];
        System.arraycopy(digest, 0, bArr2, 0, 16);
        System.arraycopy(digest2, 0, bArr2, 16, 16);
        return bArr2;
    }

    static {
        try {
            RSA_KEY_FACTORY = KeyFactory.getInstance("RSA");
            DSA_KEY_FACTORY = KeyFactory.getInstance("DSA");
            EC_KEY_FACTORY = KeyFactory.getInstance("EC");
            ALL_KEY_FACTORIES = pKCS8EncodedKeySpec -> {
                try {
                    return RSA_KEY_FACTORY.generatePrivate(pKCS8EncodedKeySpec);
                } catch (InvalidKeySpecException e) {
                    try {
                        return DSA_KEY_FACTORY.generatePrivate(pKCS8EncodedKeySpec);
                    } catch (InvalidKeySpecException e2) {
                        try {
                            return EC_KEY_FACTORY.generatePrivate(pKCS8EncodedKeySpec);
                        } catch (InvalidKeySpecException e3) {
                            e.addSuppressed(e2);
                            e.addSuppressed(e3);
                            throw new IllegalStateException("Key does not match RSA, DSA or EC spec.", e);
                        }
                    }
                }
            };
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Non-conforming JDK implementation.", e);
        }
    }
}
