package org.springframework.boot.ssl.pem;

import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.function.BiFunction;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jcajce.spec.EdDSAParameterSpec;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-3.1.2.jar:org/springframework/boot/ssl/pem/PemPrivateKeyParser.class */
final class PemPrivateKeyParser {
    private static final String PKCS1_HEADER = "-+BEGIN\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS1_FOOTER = "-+END\\s+RSA\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String PKCS8_HEADER = "-+BEGIN\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS8_FOOTER = "-+END\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String PKCS8_ENCRYPTED_HEADER = "-+BEGIN\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS8_ENCRYPTED_FOOTER = "-+END\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String EC_HEADER = "-+BEGIN\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String EC_FOOTER = "-+END\\s+EC\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final String BASE64_TEXT = "([a-z0-9+/=\\r\\n]+)";
    public static final int BASE64_TEXT_GROUP = 1;
    private static final List<PemParser> PEM_PARSERS;
    private static final int[] RSA_ALGORITHM;
    private static final int[] EC_ALGORITHM;
    private static final int[] EC_PARAMETERS;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.1.2.jar:org/springframework/boot/ssl/pem/PemPrivateKeyParser$DerEncoder.class */
    public static class DerEncoder {
        private final ByteArrayOutputStream stream = new ByteArrayOutputStream();

        DerEncoder() {
        }

        void objectIdentifier(int... iArr) throws IOException {
            codeLengthBytes(iArr != null ? 6 : 5, bytes(iArr));
        }

        void integer(int... iArr) throws IOException {
            codeLengthBytes(2, bytes(iArr));
        }

        void octetString(byte[] bArr) throws IOException {
            codeLengthBytes(4, bArr);
        }

        void sequence(int... iArr) throws IOException {
            sequence(bytes(iArr));
        }

        void sequence(byte[] bArr) throws IOException {
            codeLengthBytes(48, bArr);
        }

        void codeLengthBytes(int i, byte[] bArr) throws IOException {
            this.stream.write(i);
            int length = bArr != null ? bArr.length : 0;
            if (length <= 127) {
                this.stream.write(length & 255);
            } else {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                while (length != 0) {
                    byteArrayOutputStream.write(length & 255);
                    length >>= 8;
                }
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                this.stream.write(128 | byteArray.length);
                for (int length2 = byteArray.length - 1; length2 >= 0; length2--) {
                    this.stream.write(byteArray[length2]);
                }
            }
            if (bArr != null) {
                this.stream.write(bArr);
            }
        }

        private static byte[] bytes(int... iArr) {
            if (iArr == null) {
                return null;
            }
            byte[] bArr = new byte[iArr.length];
            for (int i = 0; i < iArr.length; i++) {
                bArr[i] = (byte) iArr[i];
            }
            return bArr;
        }

        byte[] toSequence() throws IOException {
            DerEncoder derEncoder = new DerEncoder();
            derEncoder.sequence(toByteArray());
            return derEncoder.toByteArray();
        }

        byte[] toByteArray() {
            return this.stream.toByteArray();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.1.2.jar:org/springframework/boot/ssl/pem/PemPrivateKeyParser$PemParser.class */
    public static class PemParser {
        private final Pattern pattern;
        private final BiFunction<byte[], String, PKCS8EncodedKeySpec> keySpecFactory;
        private final String[] algorithms;

        PemParser(String str, String str2, BiFunction<byte[], String, PKCS8EncodedKeySpec> biFunction, String... strArr) {
            this.pattern = Pattern.compile(str + "([a-z0-9+/=\\r\\n]+)" + str2, 2);
            this.keySpecFactory = biFunction;
            this.algorithms = strArr;
        }

        PrivateKey parse(String str, String str2) {
            Matcher matcher = this.pattern.matcher(str);
            if (matcher.find()) {
                return parse(decodeBase64(matcher.group(1)), str2);
            }
            return null;
        }

        private static byte[] decodeBase64(String str) {
            return Base64.getDecoder().decode(str.replaceAll(StringUtils.CR, "").replaceAll("\n", "").getBytes());
        }

        private PrivateKey parse(byte[] bArr, String str) {
            try {
                PKCS8EncodedKeySpec apply = this.keySpecFactory.apply(bArr, str);
                for (String str2 : this.algorithms) {
                    try {
                        return KeyFactory.getInstance(str2).generatePrivate(apply);
                    } catch (InvalidKeySpecException e) {
                    }
                }
                return null;
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException("Unexpected key format", e2);
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.1.2.jar:org/springframework/boot/ssl/pem/PemPrivateKeyParser$Pkcs8PrivateKeyDecryptor.class */
    static class Pkcs8PrivateKeyDecryptor {
        public static final String PBES2_ALGORITHM = "PBES2";

        Pkcs8PrivateKeyDecryptor() {
        }

        static PKCS8EncodedKeySpec decrypt(byte[] bArr, String str) {
            Assert.notNull(str, "Password is required for an encrypted private key");
            try {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
                String encryptionAlgorithm = getEncryptionAlgorithm(algParameters, encryptedPrivateKeyInfo.getAlgName());
                SecretKey generateSecret = SecretKeyFactory.getInstance(encryptionAlgorithm).generateSecret(new PBEKeySpec(str.toCharArray()));
                Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
                cipher.init(2, generateSecret, algParameters);
                return encryptedPrivateKeyInfo.getKeySpec(cipher);
            } catch (IOException | GeneralSecurityException e) {
                throw new IllegalArgumentException("Error decrypting private key", e);
            }
        }

        private static String getEncryptionAlgorithm(AlgorithmParameters algorithmParameters, String str) {
            return (algorithmParameters == null || !PBES2_ALGORITHM.equals(str)) ? str : algorithmParameters.toString();
        }
    }

    private PemPrivateKeyParser() {
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs1(byte[] bArr, String str) {
        return createKeySpecForAlgorithm(bArr, RSA_ALGORITHM, null);
    }

    private static PKCS8EncodedKeySpec createKeySpecForEc(byte[] bArr, String str) {
        return createKeySpecForAlgorithm(bArr, EC_ALGORITHM, EC_PARAMETERS);
    }

    private static PKCS8EncodedKeySpec createKeySpecForAlgorithm(byte[] bArr, int[] iArr, int[] iArr2) {
        try {
            DerEncoder derEncoder = new DerEncoder();
            derEncoder.integer(0);
            DerEncoder derEncoder2 = new DerEncoder();
            derEncoder2.objectIdentifier(iArr);
            derEncoder2.objectIdentifier(iArr2);
            derEncoder.sequence(derEncoder2.toByteArray());
            derEncoder.octetString(bArr);
            return new PKCS8EncodedKeySpec(derEncoder.toSequence());
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs8(byte[] bArr, String str) {
        return new PKCS8EncodedKeySpec(bArr);
    }

    private static PKCS8EncodedKeySpec createKeySpecForPkcs8Encrypted(byte[] bArr, String str) {
        return Pkcs8PrivateKeyDecryptor.decrypt(bArr, str);
    }

    static PrivateKey parse(String str) {
        return parse(str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey parse(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            Iterator<PemParser> it = PEM_PARSERS.iterator();
            while (it.hasNext()) {
                PrivateKey parse = it.next().parse(str, str2);
                if (parse != null) {
                    return parse;
                }
            }
            throw new IllegalStateException("Unrecognized private key format");
        } catch (Exception e) {
            throw new IllegalStateException("Error loading private key file: " + e.getMessage(), e);
        }
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PemParser(PKCS1_HEADER, PKCS1_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs1, SecurityConstants.RSA));
        arrayList.add(new PemParser(EC_HEADER, EC_FOOTER, PemPrivateKeyParser::createKeySpecForEc, "EC"));
        arrayList.add(new PemParser(PKCS8_HEADER, PKCS8_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8, SecurityConstants.RSA, "EC", SecurityConstants.DSA, EdDSAParameterSpec.Ed25519));
        arrayList.add(new PemParser(PKCS8_ENCRYPTED_HEADER, PKCS8_ENCRYPTED_FOOTER, PemPrivateKeyParser::createKeySpecForPkcs8Encrypted, SecurityConstants.RSA, "EC", SecurityConstants.DSA, EdDSAParameterSpec.Ed25519));
        PEM_PARSERS = Collections.unmodifiableList(arrayList);
        RSA_ALGORITHM = new int[]{42, 134, 72, 134, 247, 13, 1, 1, 1};
        EC_ALGORITHM = new int[]{42, 134, 72, 206, 61, 2, 1};
        EC_PARAMETERS = new int[]{43, 129, 4, 0, 34};
    }
}
