package org.wildfly.security.pem;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.function.BiFunction;
import java.util.regex.Pattern;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser;
import org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyPairResourceWriter;
import org.apache.sshd.common.session.SessionContext;
import org.wildfly.common.Assert;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.x500.cert.PKCS10CertificateSigningRequest;
import org.wildfly.security.x500.cert._private.ElytronMessages;
import org.wildfly.security.x500.cert.acme.Acme;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/pem/Pem.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-x500-cert-1.17.1.Final.jar:org/wildfly/security/pem/Pem.class */
public final class Pem {
    private static final Pattern VALID_LABEL = Pattern.compile("[^ -~&&[^-]]");
    private static final String PUBLIC_KEY_FORMAT = "PUBLIC KEY";
    private static final String CERTIFICATE_FORMAT = "CERTIFICATE";
    private static final String PRIVATE_KEY_FORMAT = "PRIVATE KEY";
    private static final String CERTIFICATE_REQUEST_FORMAT = "CERTIFICATE REQUEST";
    public static final String OPENSSH_PRIVATE_KEY_FORMAT = "OPENSSH PRIVATE KEY";

    public static <R> R parsePemContent(CodePointIterator codePointIterator, BiFunction<String, ByteIterator, R> biFunction) throws IllegalArgumentException {
        Assert.checkNotNullParam("pemContent", codePointIterator);
        Assert.checkNotNullParam("contentFunction", biFunction);
        long j = -1;
        while (true) {
            if (!codePointIterator.hasNext()) {
                break;
            }
            if (codePointIterator.next() == 45) {
                long index = codePointIterator.getIndex();
                if (!codePointIterator.limitedTo(10L).contentEquals("----BEGIN ")) {
                    while (codePointIterator.getIndex() > index) {
                        codePointIterator.previous();
                    }
                } else {
                    if (!VALID_LABEL.matcher(codePointIterator.delimitedBy(45).drainToString()).find() && codePointIterator.limitedTo(5L).contentEquals(OpenSSHKeyPairResourceWriter.DASHES)) {
                        j = index;
                        break;
                    }
                    while (codePointIterator.getIndex() > index) {
                        codePointIterator.previous();
                    }
                }
            }
        }
        if (j == -1) {
            return null;
        }
        while (codePointIterator.getIndex() > j) {
            codePointIterator.previous();
        }
        if (!codePointIterator.limitedTo(10L).contentEquals("----BEGIN ")) {
            throw ElytronMessages.log.malformedPemContent(codePointIterator.getIndex());
        }
        String drainToString = codePointIterator.delimitedBy(45).drainToString();
        if (VALID_LABEL.matcher(drainToString).find()) {
            throw ElytronMessages.log.malformedPemContent(r0.start() + 11);
        }
        if (!codePointIterator.limitedTo(5L).contentEquals(OpenSSHKeyPairResourceWriter.DASHES)) {
            throw ElytronMessages.log.malformedPemContent(codePointIterator.getIndex());
        }
        CodePointIterator skipCrLf = codePointIterator.delimitedBy(45).skip(Character::isWhitespace).skipCrLf();
        R apply = biFunction.apply(drainToString, skipCrLf.base64Decode());
        skipCrLf.skipAll();
        if (!codePointIterator.limitedTo(9L).contentEquals("-----END ")) {
            throw ElytronMessages.log.malformedPemContent(codePointIterator.getIndex());
        }
        if (!codePointIterator.limitedTo(drainToString.length()).contentEquals(drainToString)) {
            throw ElytronMessages.log.malformedPemContent(codePointIterator.getIndex());
        }
        if (codePointIterator.limitedTo(5L).contentEquals(OpenSSHKeyPairResourceWriter.DASHES)) {
            return apply;
        }
        throw ElytronMessages.log.malformedPemContent(codePointIterator.getIndex());
    }

    public static Iterator<PemEntry<?>> parsePemContent(final CodePointIterator codePointIterator) {
        return new Iterator<PemEntry<?>>() { // from class: org.wildfly.security.pem.Pem.1
            private PemEntry<?> next;

            @Override // java.util.Iterator
            public boolean hasNext() {
                if (this.next != null) {
                    return true;
                }
                if (!CodePointIterator.this.hasNext()) {
                    return false;
                }
                CodePointIterator codePointIterator2 = CodePointIterator.this;
                CodePointIterator codePointIterator3 = CodePointIterator.this;
                this.next = (PemEntry) Pem.parsePemContent(codePointIterator2, (str, byteIterator) -> {
                    boolean z = -1;
                    switch (str.hashCode()) {
                        case -1905985528:
                            if (str.equals(Pem.PUBLIC_KEY_FORMAT)) {
                                z = true;
                                break;
                            }
                            break;
                        case -189606537:
                            if (str.equals(Pem.CERTIFICATE_FORMAT)) {
                                z = false;
                                break;
                            }
                            break;
                        case -170985982:
                            if (str.equals(Pem.PRIVATE_KEY_FORMAT)) {
                                z = 2;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            return new PemEntry(Pem.parsePemX509CertificateContent(str, byteIterator));
                        case true:
                            return new PemEntry(Pem.parsePemPublicKey(str, byteIterator));
                        case true:
                            return new PemEntry(Pem.parsePemPrivateKey(str, byteIterator));
                        default:
                            throw ElytronMessages.log.malformedPemContent(codePointIterator3.getIndex());
                    }
                });
                return this.next != null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public PemEntry<?> next() {
                if (!hasNext()) {
                    throw new NoSuchElementException();
                }
                try {
                    return this.next;
                } finally {
                    this.next = null;
                }
            }
        };
    }

    public static Iterator<PemEntry<?>> parsePemOpenSSHContent(final CodePointIterator codePointIterator, final FilePasswordProvider filePasswordProvider) throws IllegalArgumentException {
        return new Iterator<PemEntry<?>>() { // from class: org.wildfly.security.pem.Pem.2
            private PemEntry<?> next;

            @Override // java.util.Iterator
            public boolean hasNext() {
                if (this.next != null) {
                    return true;
                }
                if (!CodePointIterator.this.hasNext()) {
                    return false;
                }
                CodePointIterator codePointIterator2 = CodePointIterator.this;
                FilePasswordProvider filePasswordProvider2 = filePasswordProvider;
                CodePointIterator codePointIterator3 = CodePointIterator.this;
                this.next = (PemEntry) Pem.parsePemContent(codePointIterator2, (str, byteIterator) -> {
                    boolean z = -1;
                    switch (str.hashCode()) {
                        case -1152480192:
                            if (str.equals(Pem.OPENSSH_PRIVATE_KEY_FORMAT)) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            return new PemEntry(Pem.parseOpenSSHKeys(byteIterator, filePasswordProvider2));
                        default:
                            throw ElytronMessages.log.malformedPemContent(codePointIterator3.getIndex());
                    }
                });
                return this.next != null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public PemEntry<?> next() {
                if (!hasNext()) {
                    throw new NoSuchElementException();
                }
                try {
                    return this.next;
                } finally {
                    this.next = null;
                }
            }
        };
    }

    public static void generatePemContent(ByteStringBuilder byteStringBuilder, String str, ByteIterator byteIterator) throws IllegalArgumentException {
        Assert.checkNotNullParam("target", byteStringBuilder);
        Assert.checkNotNullParam("type", str);
        Assert.checkNotNullParam("content", byteIterator);
        if (VALID_LABEL.matcher(str).find()) {
            throw ElytronMessages.log.invalidPemType("<any valid PEM type>", str);
        }
        byteStringBuilder.append("-----BEGIN ").append(str).append(OpenSSHKeyPairResourceWriter.DASHES);
        byteStringBuilder.append(byteIterator.base64Encode().drainToString(System.lineSeparator(), 64));
        byteStringBuilder.append(System.lineSeparator()).append("-----END ").append(str).append(OpenSSHKeyPairResourceWriter.DASHES).append(System.lineSeparator());
    }

    public static byte[] extractDerContent(CodePointIterator codePointIterator) {
        return (byte[]) parsePemContent(codePointIterator, (str, byteIterator) -> {
            return byteIterator.drain();
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate parsePemX509CertificateContent(String str, ByteIterator byteIterator) throws IllegalArgumentException {
        if (!str.equals(CERTIFICATE_FORMAT)) {
            throw ElytronMessages.log.invalidPemType(CERTIFICATE_FORMAT, str);
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteIterator.asInputStream());
        } catch (CertificateException e) {
            throw ElytronMessages.log.certificateParseError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PublicKey parsePemPublicKey(String str, ByteIterator byteIterator) throws IllegalArgumentException {
        if (!str.equals(PUBLIC_KEY_FORMAT)) {
            throw ElytronMessages.log.invalidPemType(PUBLIC_KEY_FORMAT, str);
        }
        try {
            byte[] drain = byteIterator.drain();
            DERDecoder dERDecoder = new DERDecoder(drain);
            dERDecoder.startSequence();
            switch (dERDecoder.peekType()) {
                case 48:
                    dERDecoder.startSequence();
                    String decodeObjectIdentifierAsKeyAlgorithm = dERDecoder.decodeObjectIdentifierAsKeyAlgorithm();
                    if (decodeObjectIdentifierAsKeyAlgorithm != null) {
                        return KeyFactory.getInstance(decodeObjectIdentifierAsKeyAlgorithm).generatePublic(new X509EncodedKeySpec(drain));
                    }
                    throw ElytronMessages.log.asnUnrecognisedAlgorithm(decodeObjectIdentifierAsKeyAlgorithm);
                default:
                    throw ElytronMessages.log.asnUnexpectedTag();
            }
        } catch (Exception e) {
            throw ElytronMessages.log.publicKeyParseError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PrivateKey parsePemPrivateKey(String str, ByteIterator byteIterator) throws IllegalArgumentException {
        if (!str.equals(PRIVATE_KEY_FORMAT)) {
            throw ElytronMessages.log.invalidPemType(PRIVATE_KEY_FORMAT, str);
        }
        try {
            byte[] drain = byteIterator.drain();
            DERDecoder dERDecoder = new DERDecoder(drain);
            dERDecoder.startSequence();
            if (dERDecoder.peekType() != 2) {
                throw ElytronMessages.log.asnUnexpectedTag();
            }
            dERDecoder.skipElement();
            dERDecoder.startSequence();
            String decodeObjectIdentifierAsKeyAlgorithm = dERDecoder.decodeObjectIdentifierAsKeyAlgorithm();
            if (decodeObjectIdentifierAsKeyAlgorithm != null) {
                return KeyFactory.getInstance(decodeObjectIdentifierAsKeyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(drain));
            }
            throw ElytronMessages.log.asnUnrecognisedAlgorithm(decodeObjectIdentifierAsKeyAlgorithm);
        } catch (Exception e) {
            throw ElytronMessages.log.privateKeyParseError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyPair parseOpenSSHKeys(ByteIterator byteIterator, FilePasswordProvider filePasswordProvider) throws IllegalArgumentException {
        try {
            return new OpenSSHKeyPairResourceParser().extractKeyPairs((SessionContext) null, (NamedResource) null, OpenSSHKeyPairResourceParser.BEGIN_MARKER, OpenSSHKeyPairResourceParser.END_MARKER, filePasswordProvider, byteIterator.drain(), (Map<String, String>) null).iterator().next();
        } catch (IOException e) {
            throw ElytronMessages.log.openSshParseError(e.getMessage());
        } catch (GeneralSecurityException e2) {
            throw ElytronMessages.log.openSshGeneratingError(e2.getMessage());
        }
    }

    public static X509Certificate parsePemX509Certificate(CodePointIterator codePointIterator) throws IllegalArgumentException {
        Assert.checkNotNullParam("pemContent", codePointIterator);
        return (X509Certificate) parsePemContent(codePointIterator, Pem::parsePemX509CertificateContent);
    }

    public static PublicKey parsePemPublicKey(CodePointIterator codePointIterator) throws IllegalArgumentException {
        Assert.checkNotNullParam("pemContent", codePointIterator);
        return (PublicKey) parsePemContent(codePointIterator, Pem::parsePemPublicKey);
    }

    public static void generatePemX509Certificate(ByteStringBuilder byteStringBuilder, X509Certificate x509Certificate) {
        Assert.checkNotNullParam("target", byteStringBuilder);
        Assert.checkNotNullParam(Acme.CERTIFICATE, x509Certificate);
        try {
            generatePemContent(byteStringBuilder, CERTIFICATE_FORMAT, ByteIterator.ofBytes(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException e) {
            throw ElytronMessages.log.certificateParseError(e);
        }
    }

    public static void generatePemPublicKey(ByteStringBuilder byteStringBuilder, PublicKey publicKey) {
        Assert.checkNotNullParam("target", byteStringBuilder);
        Assert.checkNotNullParam("publicKey", publicKey);
        try {
            generatePemContent(byteStringBuilder, PUBLIC_KEY_FORMAT, ByteIterator.ofBytes(((X509EncodedKeySpec) KeyFactory.getInstance(publicKey.getAlgorithm()).getKeySpec(publicKey, X509EncodedKeySpec.class)).getEncoded()));
        } catch (Exception e) {
            throw ElytronMessages.log.publicKeyParseError(e);
        }
    }

    public static void generatePemPKCS10CertificateSigningRequest(ByteStringBuilder byteStringBuilder, PKCS10CertificateSigningRequest pKCS10CertificateSigningRequest) {
        Assert.checkNotNullParam("target", byteStringBuilder);
        Assert.checkNotNullParam("certificateSigningRequest", pKCS10CertificateSigningRequest);
        generatePemContent(byteStringBuilder, CERTIFICATE_REQUEST_FORMAT, ByteIterator.ofBytes(pKCS10CertificateSigningRequest.getEncoded()));
    }
}
