package org.apache.nifi.security.ssl;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.HexFormat;
import java.util.Objects;

/* loaded from: input_file:org/apache/nifi/security/ssl/StandardPemPrivateKeyReader.class */
class StandardPemPrivateKeyReader implements PemPrivateKeyReader {
    static final String RSA_PRIVATE_KEY_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
    static final String RSA_PRIVATE_KEY_FOOTER = "-----END RSA PRIVATE KEY-----";
    static final String PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
    static final String PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
    private static final Charset KEY_CHARACTER_SET = StandardCharsets.US_ASCII;
    private static final PrivateKeyAlgorithmReader privateKeyAlgorithmReader = new PrivateKeyAlgorithmReader();
    private static final Base64.Decoder decoder = Base64.getDecoder();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/nifi/security/ssl/StandardPemPrivateKeyReader$PKCS1EncodedPrivateKey.class */
    public static class PKCS1EncodedPrivateKey implements PrivateKey {
        private static final String PKCS1_FORMAT = "PKCS#1";
        private static final String RSA_ALGORITHM = "RSA";
        private final byte[] encoded;

        private PKCS1EncodedPrivateKey(byte[] bArr) {
            this.encoded = bArr;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return RSA_ALGORITHM;
        }

        @Override // java.security.Key
        public String getFormat() {
            return PKCS1_FORMAT;
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return (byte[]) this.encoded.clone();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/nifi/security/ssl/StandardPemPrivateKeyReader$PrivateKeyAlgorithmReader.class */
    public static class PrivateKeyAlgorithmReader {
        private static final int DER_TAG_MASK = 31;
        private static final int DER_LENGTH_MASK = 255;
        private static final int DER_RESERVED_LENGTH_MASK = 127;
        private static final int DER_LENGTH_BITS = 8;
        private static final int DER_INDEFINITE_LENGTH = 128;
        private static final byte SEQUENCE_DER_TAG_TYPE = 16;
        private static final byte INTEGER_DER_TAG_TYPE = 2;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/apache/nifi/security/ssl/StandardPemPrivateKeyReader$PrivateKeyAlgorithmReader$ObjectIdentifier.class */
        public enum ObjectIdentifier {
            ECDSA("2a8648ce3d0201", "EC"),
            ED25519("2b6570", "Ed25519"),
            RSA("2a864886f70d010101", "RSA");

            private final String encoded;
            private final String algorithm;

            ObjectIdentifier(String str, String str2) {
                this.encoded = str;
                this.algorithm = str2;
            }
        }

        PrivateKeyAlgorithmReader() {
        }

        private String getAlgorithm(ByteBuffer byteBuffer) throws UnrecoverableKeyException {
            String readObjectIdentifierEncoded = readObjectIdentifierEncoded(byteBuffer);
            String str = null;
            ObjectIdentifier[] values = ObjectIdentifier.values();
            int length = values.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                ObjectIdentifier objectIdentifier = values[i];
                if (objectIdentifier.encoded.contentEquals(readObjectIdentifierEncoded)) {
                    str = objectIdentifier.algorithm;
                    break;
                }
                i++;
            }
            if (str == null) {
                throw new UnrecoverableKeyException("PKCS8 Algorithm Identifier not supported [%s]".formatted(readObjectIdentifierEncoded));
            }
            return str;
        }

        private String readObjectIdentifierEncoded(ByteBuffer byteBuffer) throws UnrecoverableKeyException {
            if (SEQUENCE_DER_TAG_TYPE != (byteBuffer.get() & DER_TAG_MASK)) {
                throw new UnrecoverableKeyException("PKCS8 DER Sequence Tag not found");
            }
            if (readDerLength(byteBuffer) != byteBuffer.remaining()) {
                throw new UnrecoverableKeyException("PKCS8 DER Sequence Length not valid");
            }
            if (INTEGER_DER_TAG_TYPE != byteBuffer.get()) {
                throw new UnrecoverableKeyException("PKCS8 DER Version Tag not found");
            }
            byteBuffer.get();
            byteBuffer.get();
            byteBuffer.get();
            byteBuffer.get();
            byteBuffer.get();
            byte[] bArr = new byte[readDerLength(byteBuffer)];
            byteBuffer.get(bArr);
            return HexFormat.of().formatHex(bArr);
        }

        private int readDerLength(ByteBuffer byteBuffer) {
            int i;
            byte b = byteBuffer.get();
            if ((b & DER_INDEFINITE_LENGTH) == 0) {
                i = b & DER_RESERVED_LENGTH_MASK;
            } else {
                int i2 = b & DER_RESERVED_LENGTH_MASK;
                int i3 = 0;
                for (int i4 = 0; i4 < i2; i4++) {
                    i3 = (i3 << DER_LENGTH_BITS) | (byteBuffer.get() & DER_LENGTH_MASK);
                }
                i = i3;
            }
            return i;
        }
    }

    @Override // org.apache.nifi.security.ssl.PemPrivateKeyReader
    public PrivateKey readPrivateKey(InputStream inputStream) {
        PrivateKey readPkcs1PrivateKey;
        Objects.requireNonNull(inputStream, "Input Stream required");
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, KEY_CHARACTER_SET));
            try {
                String readLine = bufferedReader.readLine();
                if (PRIVATE_KEY_HEADER.contentEquals(readLine)) {
                    readPkcs1PrivateKey = readPkcs8PrivateKey(readPrivateKeyPayload(bufferedReader, PRIVATE_KEY_FOOTER));
                } else {
                    if (!RSA_PRIVATE_KEY_HEADER.contentEquals(readLine)) {
                        throw new ReadEntityException("Supported Private Key header not found");
                    }
                    readPkcs1PrivateKey = readPkcs1PrivateKey(readPrivateKeyPayload(bufferedReader, RSA_PRIVATE_KEY_FOOTER));
                }
                PrivateKey privateKey = readPkcs1PrivateKey;
                bufferedReader.close();
                return privateKey;
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new ReadEntityException("Read Private Key failed", e);
        } catch (GeneralSecurityException e2) {
            throw new ReadEntityException("Parsing Private Key failed", e2);
        }
    }

    private PrivateKey readPkcs1PrivateKey(String str) throws GeneralSecurityException {
        PKCS1EncodedPrivateKey pKCS1EncodedPrivateKey = new PKCS1EncodedPrivateKey(decoder.decode(str));
        return (PrivateKey) KeyFactory.getInstance(pKCS1EncodedPrivateKey.getAlgorithm()).translateKey(pKCS1EncodedPrivateKey);
    }

    private PrivateKey readPkcs8PrivateKey(String str) throws GeneralSecurityException {
        byte[] decode = decoder.decode(str);
        return KeyFactory.getInstance(privateKeyAlgorithmReader.getAlgorithm(ByteBuffer.wrap(decode))).generatePrivate(new PKCS8EncodedKeySpec(decode));
    }

    private String readPrivateKeyPayload(BufferedReader bufferedReader, String str) throws IOException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (true) {
            String str2 = readLine;
            if (str2 == null || str.contentEquals(str2)) {
                break;
            }
            sb.append(str2);
            readLine = bufferedReader.readLine();
        }
        return sb.toString();
    }
}
