package org.opcfoundation.ua.transport.security;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Scanner;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.opcfoundation.ua.builtintypes.StatusCode;
import org.opcfoundation.ua.utils.BouncyCastleUtils;
import org.opcfoundation.ua.utils.CertificateUtils;
import org.opcfoundation.ua.utils.CryptoUtil;
import org.opcfoundation.ua.utils.FileUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opcfoundation/ua/transport/security/PrivKey.class */
public class PrivKey {
    private static final String END_RSA_PRIVATE_KEY = "\n-----END RSA PRIVATE KEY-----";
    private static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
    private static final String END_PRIVATE_KEY_REGEX = "-----END .*PRIVATE KEY-----";
    private static final String BEGIN_PRIVATE_KEY_REGEX = "-----BEGIN .*PRIVATE KEY-----";
    public final RSAPrivateKey privateKey;
    private static Logger logger = LoggerFactory.getLogger(PrivKey.class);

    public static PrivKey loadFromKeyStore(URL url, String str) throws IOException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        return new PrivKey(CertificateUtils.loadFromKeyStore(url, str));
    }

    public static PrivKey load(File file, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException {
        if (file.length() < 3) {
            throw new IllegalArgumentException("file is not a valid private key (too short file)");
        }
        return load(FileUtil.readFile(file), str);
    }

    public static PrivKey load(InputStream inputStream, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException {
        return load(FileUtil.readStream(inputStream), str);
    }

    public static PrivKey load(byte[] bArr, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException {
        boolean z = false;
        String str2 = "";
        byte[] bArr2 = null;
        if ((bArr[0] == 45 && bArr[1] == 45 && bArr[2] == 45) || (bArr[3] == 45 && bArr[4] == 45 && bArr[5] == 45)) {
            Scanner scanner = new Scanner(new String(bArr));
            try {
                StringBuilder sb = new StringBuilder();
                boolean z2 = false;
                while (scanner.hasNextLine()) {
                    String nextLine = scanner.nextLine();
                    if (nextLine.matches(BEGIN_PRIVATE_KEY_REGEX)) {
                        z2 = true;
                    } else {
                        if (nextLine.matches(END_PRIVATE_KEY_REGEX)) {
                            break;
                        }
                        if (nextLine.startsWith("Proc-Type: 4,ENCRYPTED")) {
                            z = true;
                        } else if (nextLine.startsWith("DEK-Info:")) {
                            String[] split = nextLine.substring(10).split(",");
                            str2 = split[0];
                            bArr2 = CryptoUtil.hexToBytes(split[1]);
                        } else {
                            sb.append(nextLine.trim());
                        }
                    }
                }
                if (z2) {
                    bArr = CryptoUtil.base64Decode(sb.toString());
                }
            } finally {
                scanner.close();
            }
        }
        if (z) {
            if (str == null || str.isEmpty()) {
                throw new SecurityException("Encrypted private key requires a password.");
            }
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            String[] split2 = str2.split("-");
            String str3 = split2[0];
            int parseInt = split2.length > 1 ? Integer.parseInt(split2[1]) : StatusCode.OVERFLOW_BIT;
            byte[] bArr3 = bArr2;
            if (bArr3.length > 8) {
                bArr3 = new byte[8];
                System.arraycopy(bArr2, 0, bArr3, 0, 8);
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateDerivedKey(parseInt / 8, BouncyCastleUtils.PKCS5PasswordToBytes(str.toCharArray()), bArr3), str3);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            bArr = cipher.doFinal(bArr);
        }
        return new PrivKey(bArr);
    }

    private static byte[] generateDerivedKey(int i, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        byte[] bArr3 = new byte[messageDigest.getDigestLength()];
        byte[] bArr4 = new byte[i];
        int i2 = 0;
        while (true) {
            messageDigest.update(bArr, 0, bArr.length);
            messageDigest.update(bArr2, 0, bArr2.length);
            byte[] digest = messageDigest.digest();
            int length = i > digest.length ? digest.length : i;
            System.arraycopy(digest, 0, bArr4, i2, length);
            i2 += length;
            i -= length;
            if (i == 0) {
                return bArr4;
            }
            messageDigest.reset();
            messageDigest.update(digest, 0, digest.length);
        }
    }

    @Deprecated
    public static PrivKey load(File file) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        return new PrivKey(FileUtil.readFile(file));
    }

    public static PrivKey loadFromKeyStore(File file, String str) throws IOException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        return loadFromKeyStore(file.toURI().toURL(), str);
    }

    public void save(File file) throws IOException {
        FileUtil.writeFile(file, getEncodedPrivateKey());
    }

    public void save(File file, String str) throws IOException {
        if (str != null && str.length() != 0) {
            savePemWithBC(file, str);
            return;
        }
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(getPrivateKey().getEncoded());
        FileWriter fileWriter = new FileWriter(file);
        try {
            fileWriter.append((CharSequence) BEGIN_RSA_PRIVATE_KEY);
            fileWriter.append((CharSequence) CryptoUtil.base64Encode(pKCS8EncodedKeySpec.getEncoded()));
            fileWriter.append((CharSequence) END_RSA_PRIVATE_KEY);
            fileWriter.close();
        } catch (Throwable th) {
            fileWriter.close();
            throw th;
        }
    }

    private void savePemWithBC(File file, String str) throws IOException {
        BouncyCastleUtils.writeToPem(getPrivateKey(), file, str, "AES-128-CBC");
    }

    public PrivKey(byte[] bArr) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        if (bArr == null) {
            throw new IllegalArgumentException("null arg");
        }
        this.privateKey = decodeRSAPrivateKey(bArr);
    }

    private RSAPrivateKey decodeRSAPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec);
        } catch (Exception e) {
            try {
                return (RSAPrivateKey) KeyFactory.getInstance("RSA", CryptoUtil.getSecurityProviderName()).generatePrivate(pKCS8EncodedKeySpec);
            } catch (NoSuchProviderException e2) {
                logger.error("Could not read private key with default Provider and Bouncy Castle not available");
                throw new RuntimeException("Could not read private key with default Provider and Bouncy Castle not available", e2);
            }
        }
    }

    public PrivKey(RSAPrivateKey rSAPrivateKey) {
        this.privateKey = rSAPrivateKey;
    }

    public byte[] getEncodedPrivateKey() {
        return this.privateKey.getEncoded();
    }

    public RSAPrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void saveToKeyStore(Cert cert, File file, String str, String str2, String str3) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        CertificateUtils.saveToProtectedStore(getPrivateKey(), cert.getCertificate(), file, "key", str, str2, str3);
    }
}
