package org.apache.nifi.key.service.reader;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UncheckedIOException;
import java.security.PrivateKey;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.class */
public class BouncyCastlePrivateKeyReader implements PrivateKeyReader {
    private static final String INVALID_PEM = "Invalid PEM";
    private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();

    @Override // org.apache.nifi.key.service.reader.PrivateKeyReader
    public PrivateKey readPrivateKey(InputStream inputStream, char[] cArr) {
        PrivateKeyInfo readEncryptedPrivateKey;
        try {
            PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PrivateKeyInfo) {
                    readEncryptedPrivateKey = (PrivateKeyInfo) readObject;
                } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                    readEncryptedPrivateKey = readEncryptedPrivateKey((PKCS8EncryptedPrivateKeyInfo) readObject, cArr);
                } else if (readObject instanceof PEMKeyPair) {
                    readEncryptedPrivateKey = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                } else {
                    if (!(readObject instanceof PEMEncryptedKeyPair)) {
                        throw new IllegalArgumentException(String.format("Private Key [%s] not supported", readObject == null ? INVALID_PEM : readObject.getClass().getName()));
                    }
                    readEncryptedPrivateKey = readEncryptedPrivateKey((PEMEncryptedKeyPair) readObject, cArr);
                }
                PrivateKey convertPrivateKey = convertPrivateKey(readEncryptedPrivateKey);
                pEMParser.close();
                return convertPrivateKey;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException("Read Private Key stream failed", e);
        }
    }

    private PrivateKeyInfo readEncryptedPrivateKey(PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo, char[] cArr) {
        try {
            return pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(BOUNCY_CASTLE_PROVIDER).build(cArr));
        } catch (OperatorCreationException e) {
            throw new PrivateKeyException("Preparing Private Key Decryption failed", e);
        } catch (PKCSException e2) {
            throw new PrivateKeyException("Decrypting Private Key failed", e2);
        }
    }

    private PrivateKeyInfo readEncryptedPrivateKey(PEMEncryptedKeyPair pEMEncryptedKeyPair, char[] cArr) {
        try {
            return pEMEncryptedKeyPair.decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(BOUNCY_CASTLE_PROVIDER).build(cArr)).getPrivateKeyInfo();
        } catch (IOException e) {
            throw new PrivateKeyException("Decrypting Private Key Pair failed", e);
        }
    }

    private PrivateKey convertPrivateKey(PrivateKeyInfo privateKeyInfo) {
        try {
            return new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
        } catch (PEMException e) {
            throw new PrivateKeyException("Convert Private Key failed", e);
        }
    }
}
