package org.springframework.boot.ssl.pem;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.HexFormat;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser.class */
final class PemPrivateKeyParser {
    private static final String PKCS1_RSA_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS1_RSA_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String PKCS8_ENCRYPTED_HEADER = "-+BEGIN\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS8_ENCRYPTED_FOOTER = "-+END\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String SEC1_EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String SEC1_EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
    public static final int BASE64_TEXT_GROUP = 1;
    private static final EncodedOid RSA_ALGORITHM = EncodedOid.OID_1_2_840_113549_1_1_1;
    private static final EncodedOid ELLIPTIC_CURVE_ALGORITHM = EncodedOid.OID_1_2_840_10045_2_1;
    private static final EncodedOid ELLIPTIC_CURVE_384_BIT = EncodedOid.OID_1_3_132_0_34;
    private static final Map<EncodedOid, String> ALGORITHMS;
    private static final List<PemParser> PEM_PARSERS;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$DerElement.class */
    public static final class DerElement {
        private final ValueType valueType;
        private final long tagType;
        private final ByteBuffer contents;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$DerElement$TagType.class */
        public enum TagType {
            INTEGER(2),
            OCTET_STRING(4),
            OBJECT_IDENTIFIER(6),
            SEQUENCE(16);

            private final int number;

            TagType(int i) {
                this.number = i;
            }

            int getNumber() {
                return this.number;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$DerElement$ValueType.class */
        public enum ValueType {
            PRIMITIVE,
            ENCODED
        }

        private DerElement(ByteBuffer byteBuffer) {
            byte b = byteBuffer.get();
            this.valueType = (b & 32) == 0 ? ValueType.PRIMITIVE : ValueType.ENCODED;
            this.tagType = decodeTagType(b, byteBuffer);
            int decodeLength = decodeLength(byteBuffer);
            byteBuffer.limit(byteBuffer.position() + decodeLength);
            this.contents = byteBuffer.slice();
            byteBuffer.limit(byteBuffer.capacity());
            byteBuffer.position(byteBuffer.position() + decodeLength);
        }

        private long decodeTagType(byte b, ByteBuffer byteBuffer) {
            long j = b & 31;
            if (j != 31) {
                return j;
            }
            long j2 = 0;
            byte b2 = byteBuffer.get();
            while (true) {
                if ((b2 & 128) == 0) {
                    return j2;
                }
                j2 = (j2 << 7) | (r6 & Byte.MAX_VALUE);
                b2 = byteBuffer.get();
            }
        }

        private int decodeLength(ByteBuffer byteBuffer) {
            byte b = byteBuffer.get();
            if ((b & 128) == 0) {
                return b & Byte.MAX_VALUE;
            }
            int i = b & Byte.MAX_VALUE;
            Assert.state(i != 0, "Infinite length encoding is not supported");
            Assert.state(i != 127, "Reserved length encoding is not supported");
            Assert.state(i <= 4, "Length overflow");
            int i2 = 0;
            for (int i3 = 0; i3 < i; i3++) {
                i2 = (i2 << 8) | (byteBuffer.get() & 255);
            }
            return i2;
        }

        boolean isType(ValueType valueType) {
            return this.valueType == valueType;
        }

        boolean isType(ValueType valueType, TagType tagType) {
            return this.valueType == valueType && this.tagType == ((long) tagType.getNumber());
        }

        ByteBuffer getContents() {
            return this.contents;
        }

        static DerElement of(byte[] bArr) {
            return of(ByteBuffer.wrap(bArr));
        }

        static DerElement of(ByteBuffer byteBuffer) {
            if (byteBuffer.remaining() > 0) {
                return new DerElement(byteBuffer);
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$DerEncoder.class */
    public static class DerEncoder {
        private final ByteArrayOutputStream stream = new ByteArrayOutputStream();

        DerEncoder() {
        }

        void objectIdentifier(EncodedOid encodedOid) throws IOException {
            codeLengthBytes(encodedOid != null ? 6 : 5, encodedOid != null ? encodedOid.toByteArray() : null);
        }

        void integer(int... iArr) throws IOException {
            codeLengthBytes(2, bytes(iArr));
        }

        void octetString(byte[] bArr) throws IOException {
            codeLengthBytes(4, bArr);
        }

        void sequence(byte[] bArr) throws IOException {
            codeLengthBytes(48, bArr);
        }

        void codeLengthBytes(int i, byte[] bArr) throws IOException {
            this.stream.write(i);
            int length = bArr != null ? bArr.length : 0;
            if (length <= 127) {
                this.stream.write(length & 255);
            } else {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                while (length != 0) {
                    byteArrayOutputStream.write(length & 255);
                    length >>= 8;
                }
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                this.stream.write(128 | byteArray.length);
                for (int length2 = byteArray.length - 1; length2 >= 0; length2--) {
                    this.stream.write(byteArray[length2]);
                }
            }
            if (bArr != null) {
                this.stream.write(bArr);
            }
        }

        private static byte[] bytes(int... iArr) {
            if (iArr == null) {
                return null;
            }
            byte[] bArr = new byte[iArr.length];
            for (int i = 0; i < iArr.length; i++) {
                bArr[i] = (byte) iArr[i];
            }
            return bArr;
        }

        byte[] toSequence() throws IOException {
            DerEncoder derEncoder = new DerEncoder();
            derEncoder.sequence(toByteArray());
            return derEncoder.toByteArray();
        }

        byte[] toByteArray() {
            return this.stream.toByteArray();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$EncodedOid.class */
    public static final class EncodedOid {
        static final EncodedOid OID_1_2_840_10040_4_1 = of("2a8648ce380401");
        static final EncodedOid OID_1_2_840_113549_1_1_1 = of("2A864886F70D010101");
        static final EncodedOid OID_1_2_840_113549_1_1_10 = of("2a864886f70d01010a");
        static final EncodedOid OID_1_3_101_110 = of("2b656e");
        static final EncodedOid OID_1_3_101_111 = of("2b656f");
        static final EncodedOid OID_1_3_101_112 = of("2b6570");
        static final EncodedOid OID_1_3_101_113 = of("2b6571");
        static final EncodedOid OID_1_2_840_10045_2_1 = of("2a8648ce3d0201");
        static final EncodedOid OID_1_3_132_0_34 = of("2b81040022");
        private final byte[] value;

        private EncodedOid(byte[] bArr) {
            this.value = bArr;
        }

        byte[] toByteArray() {
            return (byte[]) this.value.clone();
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Arrays.equals(this.value, ((EncodedOid) obj).value);
        }

        public int hashCode() {
            return Arrays.hashCode(this.value);
        }

        static EncodedOid of(String str) {
            return of(HexFormat.of().parseHex(str));
        }

        static EncodedOid of(DerElement derElement) {
            return of(derElement.getContents());
        }

        static EncodedOid of(ByteBuffer byteBuffer) {
            return of(byteBuffer.array(), byteBuffer.arrayOffset() + byteBuffer.position(), byteBuffer.remaining());
        }

        static EncodedOid of(byte[] bArr) {
            return of(bArr, 0, bArr.length);
        }

        static EncodedOid of(byte[] bArr, int i, int i2) {
            byte[] bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
            return new EncodedOid(bArr2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$PemParser.class */
    public static class PemParser {
        private final Pattern pattern;
        private final BiFunction<byte[], String, PKCS8EncodedKeySpec> keySpecFactory;
        private final String[] algorithms;

        PemParser(String str, String str2, BiFunction<byte[], String, PKCS8EncodedKeySpec> biFunction, String... strArr) {
            this.pattern = Pattern.compile(str + "([a-z0-9+/=\\r\\n]+)" + str2, 2);
            this.keySpecFactory = biFunction;
            this.algorithms = strArr;
        }

        PrivateKey parse(String str, String str2) {
            Matcher matcher = this.pattern.matcher(str);
            if (matcher.find()) {
                return parse(decodeBase64(matcher.group(1)), str2);
            }
            return null;
        }

        private static byte[] decodeBase64(String str) {
            return Base64.getDecoder().decode(str.replaceAll(StringUtils.CR, "").replaceAll("\n", "").getBytes());
        }

        private PrivateKey parse(byte[] bArr, String str) {
            PKCS8EncodedKeySpec apply = this.keySpecFactory.apply(bArr, str);
            if (apply.getAlgorithm() != null) {
                try {
                    return KeyFactory.getInstance(apply.getAlgorithm()).generatePrivate(apply);
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                }
            }
            for (String str2 : this.algorithms) {
                try {
                    return KeyFactory.getInstance(str2).generatePrivate(apply);
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:org/springframework/boot/ssl/pem/PemPrivateKeyParser$Pkcs8PrivateKeyDecryptor.class */
    static class Pkcs8PrivateKeyDecryptor {
        public static final String PBES2_ALGORITHM = "PBES2";

        Pkcs8PrivateKeyDecryptor() {
        }

        static PKCS8EncodedKeySpec decrypt(byte[] bArr, String str) {
            Assert.notNull(str, "Password is required for an encrypted private key");
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
                String encryptionAlgorithm = getEncryptionAlgorithm(algParameters, encryptedPrivateKeyInfo.getAlgName());
                SecretKey generateSecret = SecretKeyFactory.getInstance(encryptionAlgorithm).generateSecret(new PBEKeySpec(str.toCharArray()));
                Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
                cipher.init(2, generateSecret, algParameters);
                return encryptedPrivateKeyInfo.getKeySpec(cipher);
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalArgumentException("Error decrypting private key", e);
            }
        }

        private static String getEncryptionAlgorithm(AlgorithmParameters algorithmParameters, String str) {
            return (algorithmParameters == null || !PBES2_ALGORITHM.equals(str)) ? str : algorithmParameters.toString();
        }
    }

    private PemPrivateKeyParser() {
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs1Rsa(byte[] bArr, String str) {
        return createKeySpecForAlgorithm(bArr, RSA_ALGORITHM, null);
    }

    private static PKCS8EncodedKeySpec createKeySpecForSec1Ec(byte[] bArr, String str) {
        DerElement of = DerElement.of(bArr);
        Assert.state(of.isType(DerElement.ValueType.ENCODED, DerElement.TagType.SEQUENCE), "Key spec should be an ASN.1 encoded sequence");
        DerElement of2 = DerElement.of(of.getContents());
        Assert.state(of2 != null && of2.isType(DerElement.ValueType.PRIMITIVE, DerElement.TagType.INTEGER), "Key spec should start with version");
        Assert.state(of2.getContents().remaining() == 1 && of2.getContents().get() == 1, "Key spec version must be 1");
        DerElement of3 = DerElement.of(of.getContents());
        Assert.state(of3 != null && of3.isType(DerElement.ValueType.PRIMITIVE, DerElement.TagType.OCTET_STRING), "Key spec should contain private key");
        return createKeySpecForAlgorithm(bArr, ELLIPTIC_CURVE_ALGORITHM, getEcParameters(DerElement.of(of.getContents())));
    }

    private static EncodedOid getEcParameters(DerElement derElement) {
        if (derElement == null) {
            return ELLIPTIC_CURVE_384_BIT;
        }
        Assert.state(derElement.isType(DerElement.ValueType.ENCODED), "Key spec should contain encoded parameters");
        DerElement of = DerElement.of(derElement.getContents());
        Assert.state(of != null && of.isType(DerElement.ValueType.PRIMITIVE, DerElement.TagType.OBJECT_IDENTIFIER), "Key spec parameters should contain object identifier");
        return EncodedOid.of(of);
    }

    private static PKCS8EncodedKeySpec createKeySpecForAlgorithm(byte[] bArr, EncodedOid encodedOid, EncodedOid encodedOid2) {
        try {
            DerEncoder derEncoder = new DerEncoder();
            derEncoder.integer(0);
            DerEncoder derEncoder2 = new DerEncoder();
            derEncoder2.objectIdentifier(encodedOid);
            derEncoder2.objectIdentifier(encodedOid2);
            derEncoder.sequence(derEncoder2.toByteArray());
            derEncoder.octetString(bArr);
            return new PKCS8EncodedKeySpec(derEncoder.toSequence());
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs8(byte[] bArr, String str) {
        DerElement of = DerElement.of(bArr);
        Assert.state(of.isType(DerElement.ValueType.ENCODED, DerElement.TagType.SEQUENCE), "Key spec should be an ASN.1 encoded sequence");
        DerElement of2 = DerElement.of(of.getContents());
        Assert.state(of2 != null && of2.isType(DerElement.ValueType.PRIMITIVE, DerElement.TagType.INTEGER), "Key spec should start with version");
        DerElement of3 = DerElement.of(of.getContents());
        Assert.state(of3 != null && of3.isType(DerElement.ValueType.ENCODED, DerElement.TagType.SEQUENCE), "Key spec should contain private key");
        DerElement of4 = DerElement.of(of3.getContents());
        Assert.state(of4 != null && of4.isType(DerElement.ValueType.PRIMITIVE, DerElement.TagType.OBJECT_IDENTIFIER), "Key spec container object identifier");
        String str2 = ALGORITHMS.get(EncodedOid.of(of4));
        return str2 != null ? new PKCS8EncodedKeySpec(bArr, str2) : new PKCS8EncodedKeySpec(bArr);
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs8Encrypted(byte[] bArr, String str) {
        return Pkcs8PrivateKeyDecryptor.decrypt(bArr, str);
    }

    static PrivateKey parse(String str) {
        return parse(str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey parse(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            Iterator<PemParser> it = PEM_PARSERS.iterator();
            while (it.hasNext()) {
                PrivateKey parse = it.next().parse(str, str2);
                if (parse != null) {
                    return parse;
                }
            }
            throw new IllegalStateException("Missing private key or unrecognized format");
        } catch (Exception e) {
            throw new IllegalStateException("Error loading private key file: " + e.getMessage(), e);
        }
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put(EncodedOid.OID_1_2_840_113549_1_1_1, "RSA");
        hashMap.put(EncodedOid.OID_1_2_840_113549_1_1_10, "RSA");
        hashMap.put(EncodedOid.OID_1_2_840_10040_4_1, "DSA");
        hashMap.put(EncodedOid.OID_1_3_101_110, "XDH");
        hashMap.put(EncodedOid.OID_1_3_101_111, "XDH");
        hashMap.put(EncodedOid.OID_1_3_101_112, "EdDSA");
        hashMap.put(EncodedOid.OID_1_3_101_113, "EdDSA");
        hashMap.put(EncodedOid.OID_1_2_840_10045_2_1, "EC");
        ALGORITHMS = Collections.unmodifiableMap(hashMap);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PemParser(PKCS1_RSA_HEADER, PKCS1_RSA_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs1Rsa, "RSA"));
        arrayList.add(new PemParser(SEC1_EC_HEADER, SEC1_EC_FOOTER, PemPrivateKeyParser::createKeySpecForSec1Ec, "EC"));
        arrayList.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, "RSA", "RSASSA-PSS", "EC", "DSA", "EdDSA", "XDH"));
        arrayList.add(new PemParser(PKCS8_ENCRYPTED_HEADER, PKCS8_ENCRYPTED_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, "RSA", "RSASSA-PSS", "EC", "DSA", "EdDSA", "XDH"));
        PEM_PARSERS = Collections.unmodifiableList(arrayList);
    }
}
