package io.helidon.common.pki;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.System;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:io/helidon/common/pki/PemReader.class */
public final class PemReader {
    private static final System.Logger LOGGER = System.getLogger(PemReader.class.getName());
    private static final Pattern CERT_PATTERN = Pattern.compile("-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*CERTIFICATE[^-]*-+", 2);
    private static final Pattern KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*PRIVATE\\s+KEY[^-]*-+", 2);
    private static final Pattern PUBLIC_KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PUBLIC\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n\\s]+)-+END\\s+.*PUBLIC\\s+KEY[^-]*-+", 2);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/common/pki/PemReader$PrivateKeyInfo.class */
    public static final class PrivateKeyInfo {
        private final String type;
        private final byte[] bytes;

        PrivateKeyInfo(String str, byte[] bArr) {
            this.type = str;
            this.bytes = bArr;
        }
    }

    private PemReader() {
    }

    public static List<X509Certificate> readCertificates(InputStream inputStream) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                try {
                    String readContent = readContent(inputStream);
                    safeClose(inputStream);
                    ArrayList arrayList = new ArrayList();
                    Matcher matcher = CERT_PATTERN.matcher(readContent);
                    for (int i = 0; matcher.find(i); i = matcher.end()) {
                        try {
                            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII)))));
                        } catch (Exception e) {
                            throw new PkiException("Failed to read certificate from bytes", e);
                        }
                    }
                    if (arrayList.isEmpty()) {
                        throw new PkiException("Found no certificates in input stream");
                    }
                    return arrayList;
                } catch (IOException e2) {
                    throw new PkiException("Failed to read certificate input stream", e2);
                }
            } catch (Throwable th) {
                safeClose(inputStream);
                throw th;
            }
        } catch (CertificateException e3) {
            throw new PkiException("Failed to create certificate factory", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey readPublicKey(InputStream inputStream) {
        X509EncodedKeySpec generatePublicKeySpec = generatePublicKeySpec(readPublicKeyBytes(inputStream));
        try {
            return KeyFactory.getInstance("RSA").generatePublic(generatePublicKeySpec);
        } catch (Exception e) {
            try {
                return KeyFactory.getInstance("DSA").generatePublic(generatePublicKeySpec);
            } catch (Exception e2) {
                try {
                    return KeyFactory.getInstance("EC").generatePublic(generatePublicKeySpec);
                } catch (Exception e3) {
                    throw new PkiException("Failed to get public key. It is not RSA, DSA or EC.", e3);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey readPrivateKey(InputStream inputStream, char[] cArr) {
        PrivateKeyInfo readPrivateKeyBytes = readPrivateKeyBytes(inputStream);
        String str = readPrivateKeyBytes.type;
        boolean z = -1;
        switch (str.hashCode()) {
            case 76183021:
                if (str.equals("PKCS8")) {
                    z = 3;
                    break;
                }
                break;
            case 755405099:
                if (str.equals("PKCS1-DSA")) {
                    z = true;
                    break;
                }
                break;
            case 755418553:
                if (str.equals("PKCS1-RSA")) {
                    z = false;
                    break;
                }
                break;
            case 1825483237:
                if (str.equals("PKCS1-EC")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return rsaPrivateKey(Pkcs1Util.pkcs1RsaKeySpec(readPrivateKeyBytes.bytes));
            case true:
                throw new UnsupportedOperationException("PKCS#1 DSA private key is not supported");
            case true:
                throw new UnsupportedOperationException("PKCS#1 EC private key is not supported");
            case true:
            default:
                return pkcs8(generateKeySpec(readPrivateKeyBytes.bytes, cArr));
        }
    }

    private static PrivateKey pkcs8(KeySpec keySpec) {
        try {
            return rsaPrivateKey(keySpec);
        } catch (Exception e) {
            try {
                return dsaPrivateKey(keySpec);
            } catch (Exception e2) {
                try {
                    return ecPrivateKey(keySpec);
                } catch (Exception e3) {
                    PkiException pkiException = new PkiException("Failed to get private key. It is not RSA, DSA or EC.");
                    pkiException.addSuppressed(e);
                    pkiException.addSuppressed(e2);
                    pkiException.addSuppressed(e3);
                    throw pkiException;
                }
            }
        }
    }

    private static PrivateKey ecPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("EC").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new PkiException("Failed to get EC private key", e);
        }
    }

    private static PrivateKey dsaPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("DSA").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new PkiException("Failed to get DSA private key", e);
        }
    }

    private static PrivateKey rsaPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new PkiException("Failed to get RSA private key", e);
        }
    }

    private static KeySpec generateKeySpec(byte[] bArr, char[] cArr) {
        if (cArr == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            return encryptedPrivateKeyInfo.getKeySpec(cipher);
        } catch (Exception e) {
            throw new PkiException("Failed to create key spec for key", e);
        }
    }

    private static X509EncodedKeySpec generatePublicKeySpec(byte[] bArr) {
        return new X509EncodedKeySpec(bArr);
    }

    static PrivateKeyInfo readPrivateKeyBytes(InputStream inputStream) {
        String str;
        try {
            try {
                String readContent = readContent(inputStream);
                safeClose(inputStream);
                Matcher matcher = KEY_PATTERN.matcher(readContent);
                if (!matcher.find()) {
                    throw new PkiException("Could not find a PKCS#8 private key in input stream");
                }
                byte[] bytes = matcher.group(1).getBytes(StandardCharsets.US_ASCII);
                if (readContent.startsWith("-----BEGIN PRIVATE KEY-----") || readContent.startsWith("-----BEGIN ENCRYPTED PRIVATE KEY-----")) {
                    str = "PKCS8";
                } else if (readContent.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
                    str = "PKCS1-RSA";
                } else if (readContent.startsWith("-----BEGIN DSA PRIVATE KEY-----")) {
                    str = "PKCS1-DSA";
                } else {
                    if (!readContent.startsWith("-----BEGIN EC PRIVATE KEY-----")) {
                        int indexOf = readContent.indexOf("\n");
                        if (indexOf < 1) {
                            throw new PkiException("Could not find a PKCS#8 private key in input stream");
                        }
                        throw new PkiException("Unsupported key type: " + readContent.substring(0, indexOf));
                    }
                    str = "PKCS1-EC";
                }
                return new PrivateKeyInfo(str, Base64.getMimeDecoder().decode(bytes));
            } catch (IOException e) {
                throw new PkiException("Failed to read key input stream", e);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            throw th;
        }
    }

    private static byte[] readPublicKeyBytes(InputStream inputStream) {
        try {
            try {
                String readContent = readContent(inputStream);
                safeClose(inputStream);
                Matcher matcher = PUBLIC_KEY_PATTERN.matcher(readContent);
                if (!matcher.find()) {
                    throw new PkiException("Could not find a X509 public key in input stream");
                }
                return Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII));
            } catch (IOException e) {
                throw new PkiException("Failed to read key input stream", e);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            throw th;
        }
    }

    private static String readContent(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] bArr = new byte[8192];
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.US_ASCII.name());
                    safeClose(byteArrayOutputStream);
                    return byteArrayOutputStream2;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            safeClose(byteArrayOutputStream);
            throw th;
        }
    }

    private static void safeClose(InputStream inputStream) {
        try {
            inputStream.close();
        } catch (IOException e) {
            LOGGER.log(System.Logger.Level.WARNING, "Failed to close a stream.", e);
        }
    }

    private static void safeClose(OutputStream outputStream) {
        try {
            outputStream.close();
        } catch (IOException e) {
            LOGGER.log(System.Logger.Level.WARNING, "Failed to close a stream.", e);
        }
    }
}
