package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.batik.transcoder.print.PrintTranscoder;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.jruby.Ruby;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.CipherSpec;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-338.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/PKey.class */
public abstract class PKey extends RubyObject {
    private static final long serialVersionUID = 6114668087816965720L;

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-338.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/PKey$PKeyModule.class */
    public static class PKeyModule {
        @JRubyMethod(name = {"read"}, meta = true, required = 1, optional = 1)
        public static IRubyObject read(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
            IRubyObject iRubyObject2;
            char[] charArray;
            Ruby ruby = threadContext.runtime;
            switch (iRubyObjectArr.length) {
                case 1:
                    iRubyObject2 = iRubyObjectArr[0];
                    charArray = null;
                    break;
                default:
                    iRubyObject2 = iRubyObjectArr[0];
                    charArray = iRubyObjectArr[1].isNil() ? null : iRubyObjectArr[1].toString().toCharArray();
                    break;
            }
            byte[] readX509PEM = StringHelper.readX509PEM(threadContext, iRubyObject2);
            KeyPair keyPair = null;
            try {
                keyPair = org.jruby.ext.openssl.impl.PKey.readPrivateKey(readX509PEM);
            } catch (IOException e) {
            } catch (GeneralSecurityException e2) {
            }
            if (keyPair == null) {
                try {
                    keyPair = PEMInputOutput.readPrivateKey(new InputStreamReader(new ByteArrayInputStream(readX509PEM)), charArray);
                } catch (IOException e3) {
                }
            }
            if (keyPair != null) {
                if (keyPair.getPublic().getAlgorithm().equals("RSA")) {
                    return new PKeyRSA(ruby, PKey._PKey(ruby).getClass("RSA"), (RSAPrivateCrtKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
                }
                if (keyPair.getPublic().getAlgorithm().equals("DSA")) {
                    return new PKeyDSA(ruby, PKey._PKey(ruby).getClass("DSA"), (DSAPrivateKey) keyPair.getPrivate(), (DSAPublicKey) keyPair.getPublic());
                }
            }
            PublicKey publicKey = null;
            try {
                publicKey = org.jruby.ext.openssl.impl.PKey.readPublicKey(readX509PEM);
            } catch (IOException e4) {
            } catch (GeneralSecurityException e5) {
            }
            if (publicKey == null) {
                try {
                    publicKey = PEMInputOutput.readPubKey(new InputStreamReader(new ByteArrayInputStream(readX509PEM)));
                } catch (IOException e6) {
                }
            }
            if (publicKey != null) {
                if (publicKey.getAlgorithm().equals("RSA")) {
                    return new PKeyRSA(ruby, (RSAPublicKey) publicKey);
                }
                if (keyPair.getPublic().getAlgorithm().equals("DSA")) {
                    return new PKeyDSA(ruby, (DSAPublicKey) publicKey);
                }
            }
            throw ruby.newArgumentError("Could not parse PKey");
        }
    }

    public static void createPKey(Ruby ruby, RubyModule rubyModule) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder("PKey");
        defineModuleUnder.defineAnnotatedMethods(PKeyModule.class);
        RubyClass defineClassUnder = defineModuleUnder.defineClassUnder("PKey", ruby.getObject(), ObjectAllocator.NOT_ALLOCATABLE_ALLOCATOR);
        RubyClass rubyClass = rubyModule.getClass("OpenSSLError");
        defineModuleUnder.defineClassUnder("PKeyError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(PKey.class);
        PKeyRSA.createPKeyRSA(ruby, defineModuleUnder, defineClassUnder);
        PKeyDSA.createPKeyDSA(ruby, defineModuleUnder, defineClassUnder);
        PKeyDH.createPKeyDH(ruby, defineModuleUnder, defineClassUnder);
    }

    public static RaiseException newPKeyError(Ruby ruby, String str) {
        return Utils.newError(ruby, _PKey(ruby).getClass("PKeyError"), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyModule _PKey(Ruby ruby) {
        return (RubyModule) ruby.getModule("OpenSSL").getConstantAt("PKey");
    }

    public PKey(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
    }

    @Override // org.jruby.RubyObject
    @JRubyMethod(visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext) {
        return this;
    }

    public abstract PublicKey getPublicKey();

    public abstract PrivateKey getPrivateKey();

    public String getAlgorithm() {
        return "NONE";
    }

    public abstract RubyString to_der();

    public abstract RubyString to_pem(IRubyObject[] iRubyObjectArr);

    @Deprecated
    public RubyString export(IRubyObject[] iRubyObjectArr) {
        return to_pem(iRubyObjectArr);
    }

    @JRubyMethod(name = {JsonWebKey.KEY_OPER_SIGN})
    public IRubyObject sign(IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        if (!callMethod(getRuntime().getCurrentContext(), "private?").isTrue()) {
            throw getRuntime().newArgumentError("Private key is needed.");
        }
        try {
            Signature signature = SecurityHelper.getSignature(((Digest) iRubyObject).getShortAlgorithm() + "WITH" + getAlgorithm());
            signature.initSign(getPrivateKey());
            signature.update(iRubyObject2.convertToString().getBytes());
            return RubyString.newString(getRuntime(), signature.sign());
        } catch (GeneralSecurityException e) {
            throw newPKeyError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod(name = {JsonWebKey.KEY_OPER_VERIFY})
    public IRubyObject verify(IRubyObject iRubyObject, IRubyObject iRubyObject2, IRubyObject iRubyObject3) {
        if (!(iRubyObject instanceof Digest)) {
            throw newPKeyError(getRuntime(), "invalid digest");
        }
        if (!(iRubyObject2 instanceof RubyString)) {
            throw newPKeyError(getRuntime(), "invalid signature");
        }
        if (!(iRubyObject3 instanceof RubyString)) {
            throw newPKeyError(getRuntime(), "invalid data");
        }
        byte[] bytes = ((RubyString) iRubyObject2).getBytes();
        byte[] bytes2 = ((RubyString) iRubyObject3).getBytes();
        String str = ((Digest) iRubyObject).getShortAlgorithm() + "WITH" + getAlgorithm();
        try {
            Signature signature = SecurityHelper.getSignature(str);
            signature.initVerify(getPublicKey());
            signature.update(bytes2);
            return getRuntime().newBoolean(signature.verify(bytes));
        } catch (InvalidKeyException e) {
            throw newPKeyError(getRuntime(), "invalid key");
        } catch (NoSuchAlgorithmException e2) {
            throw newPKeyError(getRuntime(), "unsupported algorithm: " + str);
        } catch (SignatureException e3) {
            throw newPKeyError(getRuntime(), "invalid signature");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKey tryPKCS8EncodedKey(Ruby ruby, KeyFactory keyFactory, byte[] bArr) {
        try {
            return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (RuntimeException e) {
            if (!isKeyGenerationFailure(e)) {
                OpenSSL.debugStackTrace(ruby, e);
                return null;
            }
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (PKCS8) private key", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (PKCS8) private key", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isKeyGenerationFailure(RuntimeException runtimeException) {
        String message;
        return (runtimeException instanceof ClassCastException) && (message = runtimeException.getMessage()) != null && message.contains("DLSequence cannot be cast to");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PublicKey tryX509EncodedKey(Ruby ruby, KeyFactory keyFactory, byte[] bArr) {
        try {
            return keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
        } catch (RuntimeException e) {
            if (!isKeyGenerationFailure(e)) {
                OpenSSL.debugStackTrace(ruby, e);
                return null;
            }
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (X509) public key", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (X509) public key", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addSplittedAndFormatted(StringBuilder sb, BigInteger bigInteger) {
        String bigInteger2 = bigInteger.toString(16);
        if (bigInteger2.length() % 2 != 0) {
            bigInteger2 = "0" + bigInteger2;
        }
        String str = "";
        for (int i = 0; i < bigInteger2.length(); i += 2) {
            sb.append(str);
            if (i % 30 == 0) {
                sb.append("\n    ");
            }
            sb.append(bigInteger2.substring(i, i + 2));
            str = ":";
        }
        sb.append("\n");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CipherSpec cipherSpec(IRubyObject iRubyObject) {
        if (iRubyObject == null || iRubyObject.isNil()) {
            return null;
        }
        Cipher cipher = (Cipher) iRubyObject;
        return new CipherSpec(cipher.getCipherInstance(), cipher.getName(), cipher.getKeyLength() * 8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static char[] password(IRubyObject iRubyObject) {
        if (iRubyObject == null || iRubyObject.isNil()) {
            return null;
        }
        return iRubyObject.toString().toCharArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static char[] passwordPrompt(ThreadContext threadContext) {
        return passwordPrompt(threadContext, "Enter PEM pass phrase:");
    }

    protected static char[] passwordPrompt(ThreadContext threadContext, String str) {
        RubyModule kernel = threadContext.runtime.getKernel();
        kernel.callMethod(PrintTranscoder.VALUE_MEDIA_PRINT, threadContext.runtime.newString(str));
        RubyString convertToString = kernel.callMethod(threadContext, "gets").convertToString();
        convertToString.chomp_bang(threadContext);
        return convertToString.toString().toCharArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean ttySTDIN(ThreadContext threadContext) {
        IRubyObject iRubyObject = threadContext.runtime.getGlobalVariables().get("$stdin");
        if (iRubyObject == null || iRubyObject.isNil()) {
            return false;
        }
        try {
            IRubyObject callMethod = iRubyObject.callMethod(threadContext, "tty?");
            if (!callMethod.isNil()) {
                if (callMethod != threadContext.runtime.getFalse()) {
                    return true;
                }
            }
            return false;
        } catch (RaiseException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Object readPrivateKey(RubyString rubyString, char[] cArr) throws PEMInputOutput.PasswordRequiredException, IOException {
        return PEMInputOutput.readPrivateKey(new StringReader(rubyString.toString()), cArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RubyString readInitArg(ThreadContext threadContext, IRubyObject iRubyObject) {
        return StringHelper.readPossibleDERInput(threadContext, iRubyObject);
    }

    static void supportedSignatureAlgorithm(Ruby ruby, RubyClass rubyClass, PKey pKey, Digest digest) {
        String algorithm = pKey.getAlgorithm();
        String shortAlgorithm = digest.getShortAlgorithm();
        if (("DSA".equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(shortAlgorithm)) || (("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(digest.name().toString())) || ("DSA".equalsIgnoreCase(algorithm) && "SHA1".equals(digest.name().toString())))) {
            throw Utils.newError(ruby, rubyClass, "unsupported key / digest algorithm ( " + pKey + " / " + shortAlgorithm + " )");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void supportedSignatureAlgorithm(Ruby ruby, PKey pKey, Digest digest) {
        supportedSignatureAlgorithm(ruby, OpenSSL._OpenSSLError(ruby), pKey, digest);
    }
}
