package org.apache.beam.sdk.io.snowflake;

import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.beam.vendor.guava.v32_1_2_jre.com.google.common.base.Strings;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/apache/beam/sdk/io/snowflake/KeyPairUtils.class */
public class KeyPairUtils {
    private static final String ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY";
    private static final String UNENCRYPTED_PRIVATE_KEY = "PRIVATE KEY";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/beam/sdk/io/snowflake/KeyPairUtils$KeyEncryptionState.class */
    public enum KeyEncryptionState {
        ENCRYPT,
        UNENCRYPTED,
        UNKNOWN
    }

    public static PrivateKey preparePrivateKey(String str, String str2) {
        byte[] content;
        try {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                KeyEncryptionState guessKeyEncryptionState = guessKeyEncryptionState(str);
                if (guessKeyEncryptionState == KeyEncryptionState.ENCRYPT && Strings.isNullOrEmpty(str2)) {
                    throw new RuntimeException("The private key is encrypted but no private key key passphrase has been provided.");
                }
                if (guessKeyEncryptionState == KeyEncryptionState.UNENCRYPTED && !Strings.isNullOrEmpty(str2)) {
                    throw new RuntimeException("The private key is unencrypted but private key key passphrase has been provided.");
                }
                if (guessKeyEncryptionState == KeyEncryptionState.UNKNOWN) {
                    content = Base64.decode(str);
                } else {
                    PemReader pemReader = new PemReader(new StringReader(str));
                    content = pemReader.readPemObject().getContent();
                    pemReader.close();
                }
                if (Strings.isNullOrEmpty(str2)) {
                    return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(content));
                }
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(content);
                return keyFactory.generatePrivate(encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str2.toCharArray()))));
            } catch (IOException | IllegalArgumentException | NullPointerException | InvalidKeyException | InvalidKeySpecException | DecoderException e) {
                throw new RuntimeException("Can't create private key: " + e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Private key encryption algorithm not supported. This may mean that the private key was generated by OpenSSL 1.1.1g or newer which uses an encryption algorithm by default which has compatibility issues in some JVM environments. For details, see: https://community.snowflake.com/s/article/Private-key-provided-is-invalid-or-not-supported-rsa-key-p8--data-isn-t-an-object-ID " + e2.getMessage());
        }
    }

    private static KeyEncryptionState guessKeyEncryptionState(String str) {
        try {
            PemObject readPemObject = new PemReader(new StringReader(str)).readPemObject();
            if (readPemObject == null) {
                return KeyEncryptionState.UNKNOWN;
            }
            if (ENCRYPTED_PRIVATE_KEY.equals(readPemObject.getType())) {
                return KeyEncryptionState.ENCRYPT;
            }
            if (UNENCRYPTED_PRIVATE_KEY.equals(readPemObject.getType())) {
                return KeyEncryptionState.UNENCRYPTED;
            }
            throw new RuntimeException("Invalid type of PEM file: " + readPemObject.getType() + ". Supported types: " + ENCRYPTED_PRIVATE_KEY + ", " + UNENCRYPTED_PRIVATE_KEY);
        } catch (IOException e) {
            throw new RuntimeException("Can't read parse private key");
        }
    }

    public static String readPrivateKeyFile(String str) {
        try {
            return new String(Files.readAllBytes(Paths.get(str, new String[0])), StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw new RuntimeException("Can't read private key from provided path");
        }
    }
}
