package com.jn.langx.security.crypto.key.spec.pem;

import com.jn.langx.codec.base64.Base64;
import com.jn.langx.registry.GenericRegistry;
import com.jn.langx.security.SecurityException;
import com.jn.langx.security.Securitys;
import com.jn.langx.security.crypto.digest.MessageDigests;
import com.jn.langx.security.crypto.key.PKIs;
import com.jn.langx.security.crypto.key.spec.KeyFileFormatException;
import com.jn.langx.security.crypto.key.spec.der.DerParser;
import com.jn.langx.security.crypto.key.spec.der.DsaPrivateKeySpecParser;
import com.jn.langx.security.crypto.key.spec.der.EcPrivateKeySpecParser;
import com.jn.langx.security.crypto.key.spec.der.RsaPkcs1PrivateKeySpecParser;
import com.jn.langx.util.Chars;
import com.jn.langx.util.Preconditions;
import com.jn.langx.util.function.Supplier0;
import com.jn.langx.util.io.Charsets;
import com.jn.langx.util.io.IOs;
import com.jn.langx.util.io.file.Files;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/jn/langx/security/crypto/key/spec/pem/PEMs.class */
public class PEMs extends Securitys {
    private static final String HEADER = "-----BEGIN";
    public static final String PKCS1 = "PKCS#1";
    public static final String PKCS8 = "PKCS#8";
    public static final String PKCS8_ENCRYPTED = "PKCS#8:ENCRYPTED";
    public static final String OPENSSL_DSA = "OPENSSL::DSA";
    public static final String OPENSSL_DSA_PARAMS = "OPENSSL::DSA::PARAMS";
    public static final String OPENSSL_EC = "OPENSSL::EC";
    public static final String OPENSSL_EC_PARAMS = "OPENSSL::EC::PARAMS";
    private static final GenericRegistry<PemKeyFormat> DEFAULT_PEM_STYLE_REGISTRY = new GenericRegistry<>();

    public static GenericRegistry<PemKeyFormat> getDefaultPemStyleRegistry() {
        return DEFAULT_PEM_STYLE_REGISTRY;
    }

    private PEMs() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static PrivateKey readPrivateKey(File file, Supplier0<char[]> supplier0) throws GeneralSecurityException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(Files.openInputStream(file), Charsets.UTF_8));
            PrivateKey readPrivateKey = readPrivateKey(bufferedReader, supplier0);
            IOs.close(bufferedReader);
            return readPrivateKey;
        } catch (Throwable th) {
            IOs.close(bufferedReader);
            throw th;
        }
    }

    public static PrivateKey readPrivateKey(BufferedReader bufferedReader, Supplier0<char[]> supplier0) throws GeneralSecurityException {
        try {
            String readLine = bufferedReader.readLine();
            while (null != readLine && !readLine.startsWith(HEADER)) {
                readLine = bufferedReader.readLine();
            }
            if (null == readLine) {
                throw new KeyFileFormatException("Error parsing Private Key,file is empty");
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(PKCS8_ENCRYPTED).getHeader().equals(readLine.trim())) {
                char[] cArr = supplier0.get();
                if (cArr == null) {
                    throw new KeyFileFormatException("Cannot read encrypted key without a password");
                }
                return parsePKCS8Encrypted(bufferedReader, cArr);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(PKCS8).getHeader().equals(readLine.trim())) {
                return parsePKCS8(bufferedReader);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(PKCS1).getHeader().equals(readLine.trim())) {
                return parsePKCS1Rsa(bufferedReader, supplier0);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_DSA).getHeader().equals(readLine.trim())) {
                return parseOpenSslDsa(bufferedReader, supplier0);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_DSA_PARAMS).getHeader().equals(readLine.trim())) {
                return parseOpenSslDsa(removeDsaHeaders(bufferedReader), supplier0);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_EC).getHeader().equals(readLine.trim())) {
                return parseOpenSslEC(bufferedReader, supplier0);
            }
            if (DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_EC_PARAMS).getHeader().equals(readLine.trim())) {
                return parseOpenSslEC(removeECHeaders(bufferedReader), supplier0);
            }
            throw new KeyFileFormatException("error parsing Private Key, file does not contain a supported key format");
        } catch (IOException e) {
            throw new SecurityException("private key file cannot be parsed", e);
        }
    }

    private static BufferedReader removeECHeaders(BufferedReader bufferedReader) throws IOException {
        String readLine = bufferedReader.readLine();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_EC_PARAMS).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, EC Parameters footer is missing");
        }
        if (DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_EC).getHeader().equals(bufferedReader.readLine())) {
            return bufferedReader;
        }
        throw new IOException("Malformed PEM file, EC Key header is missing");
    }

    private static BufferedReader removeDsaHeaders(BufferedReader bufferedReader) throws IOException {
        String readLine = bufferedReader.readLine();
        String header = DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_DSA).getHeader();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_DSA_PARAMS).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, DSA Parameters footer is missing");
        }
        if (header.equals(bufferedReader.readLine())) {
            return bufferedReader;
        }
        throw new IOException("Malformed PEM file, DSA Key header is missing");
    }

    private static PrivateKey parsePKCS8(BufferedReader bufferedReader) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(PKCS8).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            sb.append(readLine.trim());
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, PEM footer is invalid or missing");
        }
        byte[] decodeBase64 = Base64.decodeBase64(sb.toString());
        return PKIs.createPrivateKey(getKeyAlgorithmIdentifier(decodeBase64), (String) null, new PKCS8EncodedKeySpec(decodeBase64));
    }

    private static PrivateKey parseOpenSslEC(BufferedReader bufferedReader, Supplier0<char[]> supplier0) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        HashMap hashMap = new HashMap();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_EC).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            if (readLine.contains(":")) {
                String[] split = readLine.split(":");
                hashMap.put(split[0].trim(), split[1].trim());
            } else {
                sb.append(readLine.trim());
            }
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, PEM footer is invalid or missing");
        }
        return PKIs.createPrivateKey("EC", (String) null, new EcPrivateKeySpecParser().parse(possiblyDecryptPKCS1Key(hashMap, sb.toString(), supplier0)));
    }

    private static PrivateKey parsePKCS1Rsa(BufferedReader bufferedReader, Supplier0<char[]> supplier0) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        HashMap hashMap = new HashMap();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(PKCS1).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            if (readLine.contains(":")) {
                String[] split = readLine.split(":");
                hashMap.put(split[0].trim(), split[1].trim());
            } else {
                sb.append(readLine.trim());
            }
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, PEM footer is invalid or missing");
        }
        return PKIs.createPrivateKey("RSA", (String) null, new RsaPkcs1PrivateKeySpecParser().parse(possiblyDecryptPKCS1Key(hashMap, sb.toString(), supplier0)));
    }

    private static PrivateKey parseOpenSslDsa(BufferedReader bufferedReader, Supplier0<char[]> supplier0) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        HashMap hashMap = new HashMap();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(OPENSSL_DSA).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            if (readLine.contains(":")) {
                String[] split = readLine.split(":");
                hashMap.put(split[0].trim(), split[1].trim());
            } else {
                sb.append(readLine.trim());
            }
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, PEM footer is invalid or missing");
        }
        return PKIs.createPrivateKey("DSA", (String) null, new DsaPrivateKeySpecParser().parse(possiblyDecryptPKCS1Key(hashMap, sb.toString(), supplier0)));
    }

    private static PrivateKey parsePKCS8Encrypted(BufferedReader bufferedReader, char[] cArr) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        String footer = DEFAULT_PEM_STYLE_REGISTRY.get(PKCS8_ENCRYPTED).getFooter();
        while (readLine != null && !footer.equals(readLine.trim())) {
            sb.append(readLine.trim());
            readLine = bufferedReader.readLine();
        }
        if (null == readLine || !footer.equals(readLine.trim())) {
            throw new IOException("Malformed PEM file, PEM footer is invalid or missing");
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(Base64.decodeBase64(sb.toString()));
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
        Arrays.fill(cArr, (char) 0);
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        PKCS8EncodedKeySpec keySpec = encryptedPrivateKeyInfo.getKeySpec(cipher);
        return PKIs.createPrivateKey(getKeyAlgorithmIdentifier(keySpec.getEncoded()), (String) null, keySpec);
    }

    private static byte[] possiblyDecryptPKCS1Key(Map<String, String> map, String str, Supplier0<char[]> supplier0) throws GeneralSecurityException, IOException {
        byte[] decodeBase64 = Base64.decodeBase64(str);
        if (!"4,ENCRYPTED".equals(map.get("Proc-Type"))) {
            return decodeBase64;
        }
        String str2 = map.get("DEK-Info");
        if (null == str2) {
            throw new IOException("Malformed PEM File, DEK-Info header is missing");
        }
        char[] cArr = supplier0.get();
        if (cArr == null) {
            throw new IOException("cannot read encrypted key without a password");
        }
        return getCipherFromParameters(str2, cArr).doFinal(decodeBase64);
    }

    private static Cipher getCipherFromParameters(String str, char[] cArr) throws GeneralSecurityException, IOException {
        SecretKeySpec secretKeySpec;
        String[] split = str.split(",");
        if (split.length != 2) {
            throw new IOException("Malformed PEM file, DEK-Info PEM header is invalid");
        }
        String str2 = split[0];
        try {
            byte[] hexStringToByteArray = hexStringToByteArray(split[1]);
            if ("DES-CBC".equals(str2)) {
                secretKeySpec = new SecretKeySpec(generateOpenSslKey(cArr, hexStringToByteArray, 8), "DES");
            } else if ("DES-EDE3-CBC".equals(str2)) {
                secretKeySpec = new SecretKeySpec(generateOpenSslKey(cArr, hexStringToByteArray, 24), "DESede");
            } else if ("AES-128-CBC".equals(str2)) {
                secretKeySpec = new SecretKeySpec(generateOpenSslKey(cArr, hexStringToByteArray, 16), "AES");
            } else if ("AES-192-CBC".equals(str2)) {
                secretKeySpec = new SecretKeySpec(generateOpenSslKey(cArr, hexStringToByteArray, 24), "AES");
            } else {
                if (!"AES-256-CBC".equals(str2)) {
                    throw new GeneralSecurityException("Private Key encrypted with unsupported algorithm [" + str2 + "]");
                }
                secretKeySpec = new SecretKeySpec(generateOpenSslKey(cArr, hexStringToByteArray, 32), "AES");
            }
            Cipher cipher = Cipher.getInstance(secretKeySpec.getAlgorithm() + "/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, new IvParameterSpec(hexStringToByteArray));
            return cipher;
        } catch (IllegalArgumentException e) {
            throw new IOException("Malformed PEM file, DEK-Info IV is invalid", e);
        }
    }

    private static byte[] generateOpenSslKey(char[] cArr, byte[] bArr, int i) {
        byte[] utf8Bytes = Chars.toUtf8Bytes(cArr);
        MessageDigest newDigest = MessageDigests.newDigest("md5");
        Preconditions.checkNotNull(newDigest);
        byte[] bArr2 = new byte[i];
        int i2 = 0;
        while (i2 < i) {
            int i3 = i - i2;
            newDigest.update(utf8Bytes, 0, utf8Bytes.length);
            newDigest.update(bArr, 0, 8);
            byte[] digest = newDigest.digest();
            int min = Math.min(i3, 16);
            System.arraycopy(digest, 0, bArr2, i2, min);
            i2 += min;
            if (i3 == 0) {
                break;
            }
            newDigest.update(digest, 0, 16);
        }
        Arrays.fill(utf8Bytes, (byte) 0);
        return bArr2;
    }

    private static byte[] hexStringToByteArray(String str) {
        int length = str.length();
        if (length % 2 != 0) {
            throw new IllegalStateException("Hexadecimal string [" + str + "] has odd length and cannot be converted to a byte array");
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            int digit = Character.digit(str.charAt(i), 16);
            int digit2 = Character.digit(str.charAt(i + 1), 16);
            if (digit == -1 || digit2 == -1) {
                throw new IllegalStateException("String [" + str + "] is not hexadecimal");
            }
            bArr[i / 2] = (byte) ((digit << 4) + digit2);
        }
        return bArr;
    }

    private static String getKeyAlgorithmIdentifier(byte[] bArr) throws IOException, SecurityException {
        DerParser parser = new DerParser(bArr).readAsn1Object().getParser();
        parser.readAsn1Object().getInteger();
        String oid = parser.readAsn1Object().getParser().readAsn1Object().getOid();
        if ("1.2.840.10040.4.1".equals(oid)) {
            return "DSA";
        }
        if ("1.2.840.113549.1.1.1".equals(oid)) {
            return "RSA";
        }
        if ("1.2.840.10045.2.1".equals(oid)) {
            return "EC";
        }
        throw new SecurityException("Error parsing key algorithm identifier. Algorithm with OID [" + oid + "] is not supported");
    }

    public static List<Certificate> readCertificates(Collection<File> collection) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList(collection.size());
        for (File file : collection) {
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = Files.openInputStream(file);
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
                if (generateCertificates.isEmpty()) {
                    throw new SecurityException("failed to parse any certificates from [" + file.getAbsolutePath() + "]");
                }
                arrayList.addAll(generateCertificates);
                IOs.close(fileInputStream);
            } catch (Throwable th) {
                IOs.close(fileInputStream);
                throw th;
            }
        }
        return arrayList;
    }

    static {
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(PKCS1, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(PKCS8, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(PKCS8_ENCRYPTED, "-----BEGIN ENCRYPTED PRIVATE KEY-----", "-----END ENCRYPTED PRIVATE KEY-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(OPENSSL_DSA, "-----BEGIN DSA PRIVATE KEY-----", "-----END DSA PRIVATE KEY-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(OPENSSL_DSA_PARAMS, "-----BEGIN DSA PARAMETERS-----", "-----END DSA PARAMETERS-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(OPENSSL_EC, "-----BEGIN EC PRIVATE KEY-----", "-----END EC PRIVATE KEY-----"));
        DEFAULT_PEM_STYLE_REGISTRY.register((GenericRegistry<PemKeyFormat>) new PemKeyFormat(OPENSSL_EC_PARAMS, "-----BEGIN EC PARAMETERS-----", "-----END EC PARAMETERS-----"));
    }
}
