package be.atbash.ee.security.octopus.keys.reader;

import be.atbash.ee.security.octopus.exception.MissingPasswordException;
import be.atbash.ee.security.octopus.exception.MissingPasswordLookupException;
import be.atbash.ee.security.octopus.exception.ResourceNotFoundException;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.reader.password.KeyResourcePasswordLookup;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.bc.BouncyCastleProviderSingleton;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import be.atbash.util.resource.ResourceUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:be/atbash/ee/security/octopus/keys/reader/KeyReaderPEM.class */
public class KeyReaderPEM {
    public List<AtbashKey> readResource(String str, KeyResourcePasswordLookup keyResourcePasswordLookup) {
        try {
            ResourceUtil resourceUtil = ResourceUtil.getInstance();
            if (!resourceUtil.resourceExists(str)) {
                throw new ResourceNotFoundException(str);
            }
            InputStream stream = resourceUtil.getStream(str);
            if (stream == null) {
                throw new KeyResourceNotFoundException(str);
            }
            return parseContent(new InputStreamReader(stream), str, keyResourcePasswordLookup);
        } catch (IOException | PKCSException | OperatorCreationException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    public List<AtbashKey> parseContent(String str) {
        return parseContent(str, null);
    }

    public List<AtbashKey> parseContent(String str, KeyResourcePasswordLookup keyResourcePasswordLookup) {
        try {
            return parseContent(new StringReader(str), "inline", keyResourcePasswordLookup);
        } catch (IOException | PKCSException | OperatorCreationException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<AtbashKey> parseContent(Reader reader, String str, KeyResourcePasswordLookup keyResourcePasswordLookup) throws IOException, OperatorCreationException, PKCSException {
        ArrayList arrayList = new ArrayList();
        Object readObject = new PEMParser(reader).readObject();
        reader.close();
        BouncyCastleProvider bouncyCastleProviderSingleton = BouncyCastleProviderSingleton.getInstance();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(bouncyCastleProviderSingleton);
        if (readObject instanceof PEMEncryptedKeyPair) {
            if (keyResourcePasswordLookup == null) {
                throw new MissingPasswordLookupException();
            }
            PEMEncryptedKeyPair pEMEncryptedKeyPair = (PEMEncryptedKeyPair) readObject;
            char[] resourcePassword = keyResourcePasswordLookup.getResourcePassword(str);
            if (StringUtils.isEmpty(resourcePassword)) {
                throw new MissingPasswordException(MissingPasswordException.ObjectType.STORE, str);
            }
            KeyPair keyPair = provider.getKeyPair(pEMEncryptedKeyPair.decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(bouncyCastleProviderSingleton).build(resourcePassword)));
            arrayList.add(new AtbashKey(str, keyPair.getPrivate()));
            arrayList.add(new AtbashKey(str, keyPair.getPublic()));
        }
        if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
            if (keyResourcePasswordLookup == null) {
                throw new MissingPasswordLookupException();
            }
            PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) readObject;
            JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
            jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider(bouncyCastleProviderSingleton);
            char[] resourcePassword2 = keyResourcePasswordLookup.getResourcePassword(str);
            if (StringUtils.isEmpty(resourcePassword2)) {
                throw new MissingPasswordException(MissingPasswordException.ObjectType.STORE, str);
            }
            arrayList.add(new AtbashKey(str, provider.getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(resourcePassword2)))));
        }
        if (readObject instanceof SubjectPublicKeyInfo) {
            arrayList.add(new AtbashKey(str, provider.getPublicKey((SubjectPublicKeyInfo) readObject)));
        }
        if (readObject instanceof PrivateKeyInfo) {
            readObject = convertPrivateKeyFromPKCS8ToPKCS1((PrivateKeyInfo) readObject);
        }
        if (readObject instanceof PEMKeyPair) {
            PEMKeyPair pEMKeyPair = (PEMKeyPair) readObject;
            PrivateKey privateKey = provider.getPrivateKey(pEMKeyPair.getPrivateKeyInfo());
            PublicKey publicKey = provider.getPublicKey(pEMKeyPair.getPublicKeyInfo());
            arrayList.add(new AtbashKey(str, privateKey));
            arrayList.add(new AtbashKey(str, publicKey));
        }
        return arrayList;
    }

    private static PEMKeyPair convertPrivateKeyFromPKCS8ToPKCS1(PrivateKeyInfo privateKeyInfo) throws IOException {
        RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
        RSAPublicKey rSAPublicKey = new RSAPublicKey(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
        return new PEMKeyPair(new SubjectPublicKeyInfo(algorithmIdentifier, rSAPublicKey), new PrivateKeyInfo(algorithmIdentifier, rSAPrivateKey));
    }
}
