package net.handle.apps.simple;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.StringReader;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import net.cnri.util.SimpleCommandLine;
import net.cnri.util.StreamUtil;
import net.handle.hdllib.Encoder;
import net.handle.hdllib.GsonUtility;
import net.handle.hdllib.HSG;
import net.handle.hdllib.HandleException;
import net.handle.hdllib.SecureResolver;
import net.handle.hdllib.Util;
import org.apache.commons.codec.binary.Base64;
import org.apache.logging.log4j.util.ProcessIdUtil;
import org.joni.Config;

/* loaded from: input_file:net/handle/apps/simple/KeyConverter.class */
public class KeyConverter {
    private static Pattern firstLinePattern = Pattern.compile("^\\s*-----BEGIN (.*) KEY-----\\s*$");
    private final byte[] bytes;
    private final boolean encrypt;
    private String outputFilename;
    private byte[] passIn;
    private byte[] passOut;
    private String format;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/handle/apps/simple/KeyConverter$BytesAndKeyType.class */
    public static class BytesAndKeyType {
        byte[] bytes;
        String keyType;

        public BytesAndKeyType(byte[] bArr, String str) {
            this.bytes = bArr;
            this.keyType = str;
        }
    }

    private static BytesAndKeyType readPemFile(Reader reader) {
        BufferedReader bufferedReader = reader instanceof BufferedReader ? (BufferedReader) reader : new BufferedReader(reader);
        StringBuilder sb = new StringBuilder();
        String str = null;
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return new BytesAndKeyType(Base64.decodeBase64(sb.toString()), str);
                }
                String trim = readLine.trim();
                if (!trim.isEmpty()) {
                    if (str == null) {
                        Matcher matcher = firstLinePattern.matcher(trim);
                        str = matcher.matches() ? matcher.group(1) : "";
                    }
                    if (!trim.startsWith("-----")) {
                        sb.append(trim);
                    }
                }
            } catch (IOException e) {
                throw new AssertionError(e);
            }
        }
    }

    public static String toX509Pem(PublicKey publicKey) {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN PUBLIC KEY-----\r\n");
        byte[] encodeBase64 = Base64.encodeBase64(publicKey.getEncoded(), true);
        for (byte b : encodeBase64) {
            sb.append((char) b);
        }
        if (encodeBase64[encodeBase64.length - 1] != 10) {
            sb.append("\r\n");
        }
        sb.append("-----END PUBLIC KEY-----\r\n");
        return sb.toString();
    }

    public static PublicKey publicKeyFromBytes(byte[] bArr) throws Exception {
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
            try {
                return KeyFactory.getInstance(HSG.KEY_ALGORITHM).generatePublic(x509EncodedKeySpec);
            } catch (InvalidKeySpecException e) {
                return KeyFactory.getInstance(SecureResolver.DEFAULT_ALGORITHM).generatePublic(x509EncodedKeySpec);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        } catch (InvalidKeySpecException e3) {
            throw new Exception("Neither RSA nor DSA public key generator can parse", e3);
        }
    }

    public static PublicKey fromX509Pem(String str) throws Exception {
        BytesAndKeyType readPemFile = readPemFile(new StringReader(str));
        if ("PUBLIC".equals(readPemFile.keyType)) {
            return publicKeyFromBytes(readPemFile.bytes);
        }
        throw new Exception("Expected -----BEGIN PUBLIC KEY-----");
    }

    public static String toPkcs8UnencryptedPem(PrivateKey privateKey) {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN PRIVATE KEY-----\r\n");
        byte[] encodeBase64 = Base64.encodeBase64(privateKey.getEncoded(), true);
        for (byte b : encodeBase64) {
            sb.append((char) b);
        }
        if (encodeBase64[encodeBase64.length - 1] != 10) {
            sb.append("\r\n");
        }
        sb.append("-----END PRIVATE KEY-----\r\n");
        return sb.toString();
    }

    public static String toPkcs8EncryptedPem(PrivateKey privateKey, String str) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        try {
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, Config.MAX_MULTI_BYTE_RANGES_NUM);
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWithSHA1AndDESede").generateSecret(new PBEKeySpec(str.toCharArray()));
            Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
            cipher.init(1, generateSecret, pBEParameterSpec);
            byte[] doFinal = cipher.doFinal(privateKey.getEncoded());
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
            algorithmParameters.init(pBEParameterSpec);
            byte[] encoded = new EncryptedPrivateKeyInfo(algorithmParameters, doFinal).getEncoded();
            StringBuilder sb = new StringBuilder();
            sb.append("-----BEGIN ENCRYPTED PRIVATE KEY-----\r\n");
            byte[] encodeBase64 = Base64.encodeBase64(encoded, true);
            for (byte b : encodeBase64) {
                sb.append((char) b);
            }
            if (encodeBase64[encodeBase64.length - 1] != 10) {
                sb.append("\r\n");
            }
            sb.append("-----END ENCRYPTED PRIVATE KEY-----\r\n");
            return sb.toString();
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.security.spec.KeySpec] */
    public static PrivateKey privateKeyFromBytes(byte[] bArr, boolean z, String str) throws Exception {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec;
        if (!z) {
            pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
        } else {
            if (str == null) {
                throw new Exception("Encrypted key, passphrase required");
            }
            try {
                pKCS8EncodedKeySpec = keySpecFromEncryptedBytes(bArr, str);
            } catch (Exception e) {
                throw new Exception("Unable to decrypt private key", e);
            }
        }
        try {
            try {
                return KeyFactory.getInstance(HSG.KEY_ALGORITHM).generatePrivate(pKCS8EncodedKeySpec);
            } catch (InvalidKeySpecException e2) {
                return KeyFactory.getInstance(SecureResolver.DEFAULT_ALGORITHM).generatePrivate(pKCS8EncodedKeySpec);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new AssertionError(e3);
        } catch (InvalidKeySpecException e4) {
            throw new Exception("Neither RSA nor DSA private key generator can parse", e4);
        }
    }

    public static PrivateKey fromPkcs8Pem(String str, String str2) throws Exception {
        BytesAndKeyType readPemFile = readPemFile(new StringReader(str));
        boolean equals = "ENCRYPTED PRIVATE".equals(readPemFile.keyType);
        if (equals || "PRIVATE".equals(readPemFile.keyType)) {
            return privateKeyFromBytes(readPemFile.bytes, equals, str2);
        }
        throw new Exception("Expected -----BEGIN [ENCRYPTED] PRIVATE KEY-----");
    }

    private static KeySpec keySpecFromEncryptedBytes(byte[] bArr, String str) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException {
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str.toCharArray())), encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    private static void printUsageAndExit() {
        System.err.println("arguments: [-crypt] [-passin input-password] [-passout output-password] [-format format] [input-filename] [-o output-filename]");
        System.err.println();
        System.err.println("This utility converts public and private keys multidirectionally between");
        System.err.println("Handle protocol format, JWK format, and standard PEM format: public keys");
        System.err.println("in X.509 SubjectPublicKeyInfo format (with files beginning");
        System.err.println("-----BEGIN PUBLIC KEY-----) and private keys in PKCS#8 PrivateKeyInfo");
        System.err.println("format (with files beginning -----BEGIN PRIVATE KEY----- or");
        System.err.println("-----BEGIN ENCRYPTED PRIVATE KEY-----).");
        System.err.println();
        System.err.println("If input and/or output filename is omitted or -, the utility will use standard");
        System.err.println("input and/or output.");
        System.err.println();
        System.err.println("The -f or -format option can be used to specify the output format.  If omitted");
        System.err.println("Handle protocol format is assumed, unless the input has that format, in which");
        System.err.println("case PEM format is assumed.  Allowed values: jwk, pem, handle.");
        System.err.println();
        System.err.println("The -passin option argument will be used to decrypt an input encrypted private");
        System.err.println("key.  If absent the utility will ask the user for a passphrase.");
        System.err.println();
        System.err.println("If the -crypt option is given with a private key, the utility will encrypt any");
        System.err.println("private key output using the -passout option argument (if present) or using a");
        System.err.println("passphrase obtained by asking the user.");
    }

    KeyConverter(byte[] bArr, boolean z, String str) {
        this.bytes = bArr;
        this.encrypt = z;
        this.format = str;
    }

    public KeyConverter(byte[] bArr, boolean z, String str, byte[] bArr2, byte[] bArr3, String str2) {
        this.bytes = bArr;
        this.encrypt = z;
        this.outputFilename = str;
        this.passIn = bArr2;
        this.passOut = bArr3;
        this.format = str2;
    }

    byte[] getPassIn() throws Exception {
        return this.passIn != null ? this.passIn : Util.getPassphrase("Enter the passphrase to decrypt the input private key: ");
    }

    byte[] getPassOut() throws Exception {
        if (this.passOut != null) {
            return this.passOut;
        }
        while (true) {
            byte[] passphrase = Util.getPassphrase("\nPlease enter the passphrase to encrypt the output private key: ");
            if (Util.equals(passphrase, Util.getPassphrase("\nPlease re-enter the private key passphrase: "))) {
                return passphrase;
            }
            System.err.println("\nPassphrases do not match!  Try again.\n");
        }
    }

    private static void convert(String str, String str2, boolean z, byte[] bArr, byte[] bArr2, String str3) throws Exception {
        byte[] readFully;
        if (str == null) {
            readFully = StreamUtil.readFully(System.in);
        } else {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            try {
                readFully = StreamUtil.readFully(bufferedInputStream);
                bufferedInputStream.close();
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        new KeyConverter(readFully, z, str2, bArr, bArr2, str3).convert();
    }

    void convert() throws Exception {
        if (Util.looksLikeBinary(this.bytes)) {
            convertFromHs();
        } else {
            convertToHs();
        }
    }

    private static boolean isPrivateKey(byte[] bArr) {
        return Encoder.readInt(bArr, 0) < 9;
    }

    private void convertFromHs() throws Exception {
        if (this.format == null) {
            this.format = "pem";
        }
        if (!isPrivateKey(this.bytes)) {
            outputPublicKey(Util.getPublicKeyFromBytes(this.bytes));
            return;
        }
        byte[] bArr = null;
        if (Util.requiresSecretKey(this.bytes)) {
            bArr = getPassIn();
        }
        outputPrivateKey(Util.getPrivateKeyFromBytes(Util.decrypt(this.bytes, bArr)));
    }

    private void convertToHs() throws Exception {
        if (this.format == null) {
            this.format = "handle";
        }
        String str = new String(this.bytes, "UTF-8");
        try {
            convertJwk(JsonParser.parseString(str).getAsJsonObject());
        } catch (Exception e) {
            BytesAndKeyType readPemFile = readPemFile(new StringReader(str));
            byte[] bArr = readPemFile.bytes;
            if ("PUBLIC".equals(readPemFile.keyType)) {
                outputPublicKey(publicKeyFromBytes(bArr));
                return;
            }
            boolean equals = "ENCRYPTED PRIVATE".equals(readPemFile.keyType);
            if (!equals && !"PRIVATE".equals(readPemFile.keyType)) {
                throw new Exception("Unrecognized input file");
            }
            String str2 = null;
            if (equals) {
                str2 = Util.decodeString(getPassIn());
            }
            outputPrivateKey(privateKeyFromBytes(bArr, equals, str2));
        }
    }

    private void convertJwk(JsonObject jsonObject) throws Exception {
        boolean has;
        if (this.format == null) {
            this.format = "handle";
        }
        String asString = jsonObject.get("kty").getAsString();
        if (SecureResolver.DEFAULT_ALGORITHM.equalsIgnoreCase(asString)) {
            has = jsonObject.has("x");
        } else {
            if (!HSG.KEY_ALGORITHM.equalsIgnoreCase(asString)) {
                throw new Exception("Unexpected kty " + asString);
            }
            has = jsonObject.has("d");
        }
        if (has) {
            outputPrivateKey((PrivateKey) GsonUtility.getGson().fromJson((JsonElement) jsonObject, PrivateKey.class));
        } else {
            outputPublicKey((PublicKey) GsonUtility.getGson().fromJson((JsonElement) jsonObject, PublicKey.class));
        }
    }

    private void outputPrivateKey(PrivateKey privateKey) throws Exception {
        if (!this.encrypt) {
            if (this.format.equalsIgnoreCase("pem")) {
                sendOutput(toPkcs8UnencryptedPem(privateKey));
                return;
            } else if (this.format.equalsIgnoreCase("jwk")) {
                sendOutput(GsonUtility.getPrettyGson().toJson(privateKey));
                return;
            } else {
                if (!this.format.equalsIgnoreCase("handle")) {
                    throw new Exception("Bad format " + this.format);
                }
                sendOutput(Util.encrypt(Util.getBytesFromPrivateKey(privateKey), null, 1));
                return;
            }
        }
        byte[] passOut = getPassOut();
        if (this.format.equalsIgnoreCase("pem")) {
            sendOutput(toPkcs8EncryptedPem(privateKey, Util.decodeString(passOut)));
        } else if (this.format.equalsIgnoreCase("jwk")) {
            System.err.println("Encrypted private key not possible with format jwk");
        } else {
            if (!this.format.equalsIgnoreCase("handle")) {
                throw new Exception("Bad format " + this.format);
            }
            sendOutput(Util.encrypt(Util.getBytesFromPrivateKey(privateKey), passOut));
        }
    }

    private void outputPublicKey(PublicKey publicKey) throws Exception, HandleException {
        if (this.format.equalsIgnoreCase("pem")) {
            sendOutput(toX509Pem(publicKey));
        } else if (this.format.equalsIgnoreCase("jwk")) {
            sendOutput(GsonUtility.getPrettyGson().toJson(publicKey));
        } else {
            if (!this.format.equalsIgnoreCase("handle")) {
                throw new Exception("Bad format " + this.format);
            }
            sendOutput(Util.getBytesFromPublicKey(publicKey));
        }
    }

    void sendOutput(String str) throws Exception {
        if (this.outputFilename == null) {
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(System.out, "UTF-8"));
            bufferedWriter.write(str);
            bufferedWriter.flush();
            return;
        }
        BufferedWriter bufferedWriter2 = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(this.outputFilename), "UTF-8"));
        try {
            bufferedWriter2.write(str);
            bufferedWriter2.close();
        } catch (Throwable th) {
            try {
                bufferedWriter2.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    void sendOutput(byte[] bArr) throws Exception {
        if (this.outputFilename == null) {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(System.out);
            bufferedOutputStream.write(bArr);
            bufferedOutputStream.flush();
            return;
        }
        BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(this.outputFilename));
        try {
            bufferedOutputStream2.write(bArr);
            bufferedOutputStream2.close();
        } catch (Throwable th) {
            try {
                bufferedOutputStream2.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void main(String[] strArr) throws Exception {
        SimpleCommandLine simpleCommandLine = new SimpleCommandLine("o", "output", "passin", "passout", "f", "format");
        simpleCommandLine.parse(strArr);
        if (simpleCommandLine.hasOption("h") || simpleCommandLine.hasOption("help")) {
            printUsageAndExit();
            return;
        }
        boolean hasOption = simpleCommandLine.hasOption("crypt");
        String optionArgument = simpleCommandLine.getOptionArgument("passin");
        byte[] bArr = null;
        if (optionArgument != null) {
            bArr = Util.encodeString(optionArgument);
        }
        String optionArgument2 = simpleCommandLine.getOptionArgument("passout");
        byte[] bArr2 = null;
        if (optionArgument2 != null) {
            bArr2 = Util.encodeString(optionArgument2);
        }
        String optionArgument3 = simpleCommandLine.getOptionArgument("output");
        if (optionArgument3 == null) {
            optionArgument3 = simpleCommandLine.getOptionArgument("o");
        }
        if (optionArgument3 == null && simpleCommandLine.getOperands().size() >= 2) {
            optionArgument3 = simpleCommandLine.getOperands().get(1);
        }
        if (ProcessIdUtil.DEFAULT_PROCESSID.equals(optionArgument3)) {
            optionArgument3 = null;
        }
        String str = null;
        if (!simpleCommandLine.getOperands().isEmpty()) {
            str = simpleCommandLine.getOperands().get(0);
        }
        if (ProcessIdUtil.DEFAULT_PROCESSID.equals(str)) {
            str = null;
        }
        String optionArgument4 = simpleCommandLine.getOptionArgument("format");
        if (optionArgument4 == null) {
            optionArgument4 = simpleCommandLine.getOptionArgument("f");
        }
        convert(str, optionArgument3, hasOption, bArr, bArr2, optionArgument4);
    }
}
