package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.impl.pem.MiscPEMGenerator;
import org.jruby.ext.openssl.impl.pem.PEMDecryptor;
import org.jruby.ext.openssl.impl.pem.PEMDecryptorProvider;
import org.jruby.ext.openssl.impl.pem.PEMEncryptedKeyPair;
import org.jruby.ext.openssl.impl.pem.PEMException;
import org.jruby.ext.openssl.impl.pem.PEMKeyPair;
import org.jruby.ext.openssl.impl.pem.PEMParser;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-422.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/PEMUtils.class */
public abstract class PEMUtils {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-422.zip:modules/system/layers/fuse/org/apache/camel/script/jruby/main/jruby-complete-1.7.26.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/PEMUtils$PEMDecryptorImpl.class */
    public static class PEMDecryptorImpl implements PEMDecryptorProvider, PEMDecryptor {
        private char[] password;
        private String dekAlgName;

        PEMDecryptorImpl(char[] cArr) {
            this.password = cArr;
        }

        @Override // org.jruby.ext.openssl.impl.pem.PEMDecryptorProvider
        public PEMDecryptor get(String str) throws OperatorCreationException {
            this.dekAlgName = str;
            return this;
        }

        @Override // org.jruby.ext.openssl.impl.pem.PEMDecryptor
        public byte[] decrypt(byte[] bArr, byte[] bArr2) throws PEMException {
            return decrypt(bArr, this.password, this.dekAlgName, bArr2);
        }

        static byte[] decrypt(byte[] bArr, char[] cArr, String str, byte[] bArr2) throws PEMException {
            return decrypt(SecurityHelper.getSecurityProvider(), bArr, cArr, str, bArr2);
        }

        static byte[] decrypt(Provider provider, byte[] bArr, char[] cArr, String str, byte[] bArr2) throws PEMException {
            String str2;
            int i;
            SecretKey secretKeySpec;
            AlgorithmParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            String str3 = JCAConstants.CIPHER_MODE_CBC;
            String str4 = "PKCS5Padding";
            if (str.endsWith("-CFB")) {
                str3 = "CFB";
                str4 = JCAConstants.CIPHER_PADDING_NONE;
            }
            if (str.endsWith("-ECB") || ASN1Registry.SN_des_ede_ecb.equals(str) || ASN1Registry.SN_des_ede3_ecb.equals(str)) {
                str3 = JCAConstants.CIPHER_MODE_ECB;
                ivParameterSpec = null;
            }
            if (str.endsWith("-OFB")) {
                str3 = "OFB";
                str4 = JCAConstants.CIPHER_PADDING_NONE;
            }
            if (str.startsWith(ASN1Registry.SN_des_ede_ecb)) {
                str2 = JCAConstants.KEY_ALGO_DESEDE;
                secretKeySpec = secretKeySpec(cArr, str2, 24, bArr2, !str.startsWith(ASN1Registry.SN_des_ede3_ecb));
            } else if (str.startsWith("DES-")) {
                str2 = "DES";
                secretKeySpec = secretKeySpec(cArr, str2, 8, bArr2);
            } else if (str.startsWith("BF-")) {
                str2 = "Blowfish";
                secretKeySpec = secretKeySpec(cArr, str2, 16, bArr2);
            } else if (str.startsWith("RC2-")) {
                str2 = CipherStrings.SSL_TXT_RC2;
                int i2 = 128;
                if (str.startsWith("RC2-40-")) {
                    i2 = 40;
                } else if (str.startsWith("RC2-64-")) {
                    i2 = 64;
                }
                secretKeySpec = secretKeySpec(cArr, str2, i2 / 8, bArr2);
                ivParameterSpec = ivParameterSpec == null ? new RC2ParameterSpec(i2) : new RC2ParameterSpec(i2, bArr2);
            } else {
                if (!str.startsWith("AES-")) {
                    throw new PEMException("unknown encryption with private key");
                }
                str2 = "AES";
                byte[] bArr3 = bArr2;
                if (bArr3.length > 8) {
                    bArr3 = new byte[8];
                    System.arraycopy(bArr2, 0, bArr3, 0, 8);
                }
                if (str.startsWith("AES-128-")) {
                    i = 128;
                } else if (str.startsWith("AES-192-")) {
                    i = 192;
                } else {
                    if (!str.startsWith("AES-256-")) {
                        throw new PEMException("unknown AES encryption with private key");
                    }
                    i = 256;
                }
                secretKeySpec = secretKeySpec(cArr, "AES", i / 8, bArr3);
            }
            try {
                javax.crypto.Cipher cipher = SecurityHelper.getCipher(str2 + "/" + str3 + "/" + str4);
                if (ivParameterSpec == null) {
                    cipher.init(2, secretKeySpec);
                } else {
                    cipher.init(2, secretKeySpec, ivParameterSpec);
                }
                return cipher.doFinal(bArr);
            } catch (Exception e) {
                throw new PEMException("exception using cipher - please check password and data.", e);
            }
        }

        private static SecretKey secretKeySpec(char[] cArr, String str, int i, byte[] bArr) {
            return secretKeySpec(cArr, str, i, bArr, false);
        }

        private static SecretKey secretKeySpec(char[] cArr, String str, int i, byte[] bArr, boolean z) {
            OpenSSLPBEParametersGenerator openSSLPBEParametersGenerator = new OpenSSLPBEParametersGenerator();
            openSSLPBEParametersGenerator.init(PBEParametersGenerator.PKCS5PasswordToBytes(cArr), bArr);
            byte[] key = ((KeyParameter) openSSLPBEParametersGenerator.generateDerivedParameters(i * 8)).getKey();
            if (z && key.length >= 24) {
                System.arraycopy(key, 0, key, 16, 8);
            }
            return new SecretKeySpec(key, str);
        }
    }

    public static KeyPair readKeyPair(Reader reader) throws IOException {
        return readKeyPair(reader, null);
    }

    public static KeyPair readKeyPair(Reader reader, char[] cArr) throws IOException {
        return toKeyPair(readInternal(reader, cArr));
    }

    static PEMKeyPair readInternal(Reader reader, char[] cArr) throws IOException {
        Object readObject = new PEMParser(reader).readObject();
        return readObject instanceof PEMEncryptedKeyPair ? ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new PEMDecryptorImpl(cArr)) : (PEMKeyPair) readObject;
    }

    private static KeyPair toKeyPair(PEMKeyPair pEMKeyPair) throws IOException {
        try {
            KeyFactory keyFactory = PEMInputOutput.getKeyFactory(pEMKeyPair.getPrivateKeyInfo().getPrivateKeyAlgorithm());
            return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(pEMKeyPair.getPublicKeyInfo().getEncoded())), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pEMKeyPair.getPrivateKeyInfo().getEncoded())));
        } catch (Exception e) {
            throw new PEMException("unable to convert key pair: " + e.getMessage(), e);
        }
    }

    public static void writePEM(Writer writer, Object obj, String str, char[] cArr) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(writer);
        pEMWriter.writeObject((PemObjectGenerator) MiscPEMGenerator.newInstance(obj, str, cArr, SecurityHelper.getSecureRandom()));
        pEMWriter.flush();
    }

    public static void writePEM(Writer writer, Object obj) throws IOException {
        writePEM(writer, obj, null, null);
    }

    public static byte[] generatePKCS12(Reader reader, byte[] bArr, String str, char[] cArr) throws IOException, GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = SecurityHelper.getCertificateFactory("X.509").generateCertificates(new ByteArrayInputStream(bArr));
        PEMKeyPair readInternal = readInternal(reader, null);
        PrivateKey generatePrivate = PEMInputOutput.getKeyFactory(readInternal.getPrivateKeyInfo().getPrivateKeyAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(readInternal.getPrivateKeyInfo().getEncoded()));
        KeyStore keyStore = SecurityHelper.getKeyStore("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, generatePrivate, null, (Certificate[]) generateCertificates.toArray(new Certificate[generateCertificates.size()]));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr == null ? new char[0] : cArr);
        return byteArrayOutputStream.toByteArray();
    }
}
