package org.apache.tomcat.util.net.jsse;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.tomcat.util.buf.Asn1Parser;
import org.apache.tomcat.util.buf.Asn1Writer;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.res.StringManager;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import org.springframework.asm.Opcodes;

/* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.36.jar:org/apache/tomcat/util/net/jsse/PEMFile.class */
public class PEMFile {
    private static final String DEFAULT_PRF = "HmacSHA1";
    private static final Map<String, Algorithm> OID_TO_ALGORITHM;
    private List<X509Certificate> certificates;
    private PrivateKey privateKey;
    private static final StringManager sm = StringManager.getManager((Class<?>) PEMFile.class);
    private static final byte[] OID_EC_PUBLIC_KEY = {6, 7, 42, -122, 72, -50, 61, 2, 1};
    private static final byte[] OID_PBES2 = {42, -122, 72, -122, -9, 13, 1, 5, 13};
    private static final byte[] OID_PBKDF2 = {42, -122, 72, -122, -9, 13, 1, 5, 12};
    private static final Map<String, String> OID_TO_PRF = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.36.jar:org/apache/tomcat/util/net/jsse/PEMFile$Algorithm.class */
    public enum Algorithm {
        AES128_CBC_PAD("AES/CBC/PKCS5PADDING", "AES", 128),
        AES256_CBC_PAD("AES/CBC/PKCS5PADDING", "AES", 256),
        DES_EDE3_CBC("DESede/CBC/PKCS5Padding", "DESede", Opcodes.CHECKCAST);

        private final String transformation;
        private final String secretKeyAlgorithm;
        private final int keyLength;

        Algorithm(String str, String str2, int i) {
            this.transformation = str;
            this.secretKeyAlgorithm = str2;
            this.keyLength = i;
        }

        public String getTransformation() {
            return this.transformation;
        }

        public String getSecretKeyAlgorithm() {
            return this.secretKeyAlgorithm;
        }

        public int getKeyLength() {
            return this.keyLength;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.36.jar:org/apache/tomcat/util/net/jsse/PEMFile$Format.class */
    public enum Format {
        PKCS1,
        PKCS8,
        RFC5915
    }

    /* loaded from: input_file:BOOT-INF/lib/tomcat-embed-core-10.1.36.jar:org/apache/tomcat/util/net/jsse/PEMFile$Part.class */
    private static class Part {
        public static final String BEGIN_BOUNDARY = "-----BEGIN ";
        public static final String END_BOUNDARY = "-----END ";
        public static final String FINISH_BOUNDARY = "-----";
        public static final String PRIVATE_KEY = "PRIVATE KEY";
        public static final String EC_PRIVATE_KEY = "EC PRIVATE KEY";
        public static final String ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY";
        public static final String RSA_PRIVATE_KEY = "RSA PRIVATE KEY";
        public static final String CERTIFICATE = "CERTIFICATE";
        public static final String X509_CERTIFICATE = "X509 CERTIFICATE";
        public String type;
        public String content = "";
        public String algorithm = null;
        public String ivHex = null;

        private Part() {
        }

        private byte[] decode() {
            return Base64.getMimeDecoder().decode(this.content);
        }

        public X509Certificate toCertificate() throws CertificateException {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode()));
        }

        public PrivateKey toPrivateKey(String str, Format format, String str2) throws GeneralSecurityException {
            return toPrivateKey(str, format, str2, decode());
        }

        public PrivateKey toPrivateKey(String str, String str2, Format format, String str3) throws GeneralSecurityException, IOException {
            String str4;
            String str5;
            String str6;
            int i;
            switch (format) {
                case PKCS1:
                    String str7 = this.algorithm;
                    boolean z = -1;
                    switch (str7.hashCode()) {
                        case -2020788375:
                            if (str7.equals("DES-CBC")) {
                                z = false;
                                break;
                            }
                            break;
                        case -1390896596:
                            if (str7.equals("AES-256-CBC")) {
                                z = 2;
                                break;
                            }
                            break;
                        case -165238049:
                            if (str7.equals("DES-EDE3-CBC")) {
                                z = true;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            str5 = "DES";
                            str6 = "DES/CBC/PKCS5Padding";
                            i = 8;
                            break;
                        case true:
                            str5 = "DESede";
                            str6 = "DESede/CBC/PKCS5Padding";
                            i = 24;
                            break;
                        case true:
                            str5 = "AES";
                            str6 = "AES/CBC/PKCS5Padding";
                            i = 32;
                            break;
                        default:
                            str5 = this.algorithm;
                            str6 = this.algorithm;
                            i = 8;
                            break;
                    }
                    byte[] fromHex = fromHex(this.ivHex);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(deriveKeyPBKDF1(i, str, fromHex), str5);
                    Cipher cipher = Cipher.getInstance(str6);
                    cipher.init(2, secretKeySpec, new IvParameterSpec(fromHex));
                    return toPrivateKey(str2, format, str3, cipher.doFinal(decode()));
                case PKCS8:
                    Asn1Parser asn1Parser = new Asn1Parser(decode());
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseFullLength();
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseLength();
                    byte[] parseOIDAsBytes = asn1Parser.parseOIDAsBytes();
                    if (!Arrays.equals(parseOIDAsBytes, PEMFile.OID_PBES2)) {
                        throw new NoSuchAlgorithmException(PEMFile.sm.getString("pemFile.unknownPkcs8Algorithm", toDottedOidString(parseOIDAsBytes)));
                    }
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseLength();
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseLength();
                    byte[] parseOIDAsBytes2 = asn1Parser.parseOIDAsBytes();
                    if (!Arrays.equals(parseOIDAsBytes2, PEMFile.OID_PBKDF2)) {
                        throw new NoSuchAlgorithmException(PEMFile.sm.getString("pemFile.notPbkdf2", toDottedOidString(parseOIDAsBytes2)));
                    }
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseLength();
                    byte[] parseOctetString = asn1Parser.parseOctetString();
                    int intValue = asn1Parser.parseInt().intValue();
                    if (asn1Parser.peekTag() == 2) {
                        asn1Parser.parseInt().intValue();
                    }
                    asn1Parser.parseTagSequence();
                    asn1Parser.parseLength();
                    if (asn1Parser.getNestedSequenceLevel() == 6) {
                        byte[] parseOIDAsBytes3 = asn1Parser.parseOIDAsBytes();
                        str4 = PEMFile.OID_TO_PRF.get(HexUtils.toHexString(parseOIDAsBytes3));
                        if (str4 == null) {
                            throw new NoSuchAlgorithmException(PEMFile.sm.getString("pemFile.unknownPrfAlgorithm", toDottedOidString(parseOIDAsBytes3)));
                        }
                        asn1Parser.parseNull();
                        asn1Parser.parseTagSequence();
                        asn1Parser.parseLength();
                    } else {
                        str4 = PEMFile.DEFAULT_PRF;
                    }
                    byte[] parseOIDAsBytes4 = asn1Parser.parseOIDAsBytes();
                    Algorithm algorithm = PEMFile.OID_TO_ALGORITHM.get(HexUtils.toHexString(parseOIDAsBytes4));
                    if (algorithm == null) {
                        throw new NoSuchAlgorithmException(PEMFile.sm.getString("pemFile.unknownEncryptionAlgorithm", toDottedOidString(parseOIDAsBytes4)));
                    }
                    byte[] parseOctetString2 = asn1Parser.parseOctetString();
                    byte[] parseOctetString3 = asn1Parser.parseOctetString();
                    SecretKeySpec secretKeySpec2 = new SecretKeySpec(deriveKeyPBKDF2("PBKDF2With" + str4, str, parseOctetString, intValue, algorithm.getKeyLength()), algorithm.getSecretKeyAlgorithm());
                    Cipher cipher2 = Cipher.getInstance(algorithm.getTransformation());
                    cipher2.init(2, secretKeySpec2, new IvParameterSpec(parseOctetString2));
                    return toPrivateKey(str2, format, str3, cipher2.doFinal(parseOctetString3));
                default:
                    throw new NoSuchAlgorithmException(PEMFile.sm.getString("pemFile.unknownEncryptedFormat", format));
            }
        }

        private PrivateKey toPrivateKey(String str, Format format, String str2, byte[] bArr) throws GeneralSecurityException {
            KeySpec keySpec = null;
            switch (format) {
                case PKCS1:
                    keySpec = parsePKCS1(bArr);
                    break;
                case PKCS8:
                    keySpec = new PKCS8EncodedKeySpec(bArr);
                    break;
                case RFC5915:
                    keySpec = new PKCS8EncodedKeySpec(rfc5915ToPkcs8(bArr));
                    break;
            }
            InvalidKeyException invalidKeyException = new InvalidKeyException(PEMFile.sm.getString("pemFile.parseError", str2));
            if (str == null) {
                for (String str3 : new String[]{"RSA", "DSA", "EC"}) {
                    try {
                        return KeyFactory.getInstance(str3).generatePrivate(keySpec);
                    } catch (InvalidKeySpecException e) {
                        invalidKeyException.addSuppressed(e);
                    }
                }
            } else {
                try {
                    return KeyFactory.getInstance(str).generatePrivate(keySpec);
                } catch (InvalidKeySpecException e2) {
                    invalidKeyException.addSuppressed(e2);
                }
            }
            throw invalidKeyException;
        }

        private byte[] deriveKeyPBKDF1(int i, String str, byte[] bArr) throws NoSuchAlgorithmException {
            if (str == null) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.noPassword"));
            }
            byte[] bArr2 = new byte[i];
            int i2 = 0;
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            while (i2 < i) {
                messageDigest.update(bytes);
                messageDigest.update(bArr, 0, 8);
                byte[] digest = messageDigest.digest();
                messageDigest.update(digest);
                System.arraycopy(digest, 0, bArr2, i2, Math.min(i - i2, digest.length));
                i2 += digest.length;
            }
            return bArr2;
        }

        private byte[] deriveKeyPBKDF2(String str, String str2, byte[] bArr, int i, int i2) throws GeneralSecurityException {
            if (str2 == null) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.noPassword"));
            }
            return SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(str2.toCharArray(), bArr, i, i2)).getEncoded();
        }

        /* JADX WARN: Type inference failed for: r0v30, types: [byte[], byte[][]] */
        /* JADX WARN: Type inference failed for: r3v3, types: [byte[], byte[][]] */
        /* JADX WARN: Type inference failed for: r3v6, types: [byte[], byte[][]] */
        private byte[] rfc5915ToPkcs8(byte[] bArr) {
            Asn1Parser asn1Parser = new Asn1Parser(bArr);
            asn1Parser.parseTag(48);
            asn1Parser.parseFullLength();
            if (asn1Parser.parseInt().intValue() != 1) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.notValidRFC5915"));
            }
            asn1Parser.parseTag(4);
            byte[] bArr2 = new byte[asn1Parser.parseLength()];
            asn1Parser.parseBytes(bArr2);
            asn1Parser.parseTag(160);
            byte[] bArr3 = new byte[asn1Parser.parseLength()];
            asn1Parser.parseBytes(bArr3);
            if (bArr3[0] != 6) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.notValidRFC5915"));
            }
            asn1Parser.parseTag(Opcodes.IF_ICMPLT);
            byte[] bArr4 = new byte[asn1Parser.parseLength()];
            asn1Parser.parseBytes(bArr4);
            if (bArr4[0] != 3) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.notValidRFC5915"));
            }
            return Asn1Writer.writeSequence(new byte[]{Asn1Writer.writeInteger(0), Asn1Writer.writeSequence(new byte[]{PEMFile.OID_EC_PUBLIC_KEY, bArr3}), Asn1Writer.writeOctetString(Asn1Writer.writeSequence(new byte[]{Asn1Writer.writeInteger(1), Asn1Writer.writeOctetString(bArr2), Asn1Writer.writeTag((byte) -95, bArr4)}))});
        }

        private RSAPrivateCrtKeySpec parsePKCS1(byte[] bArr) {
            Asn1Parser asn1Parser = new Asn1Parser(bArr);
            asn1Parser.parseTag(48);
            asn1Parser.parseFullLength();
            if (asn1Parser.parseInt().intValue() == 1) {
                throw new IllegalArgumentException(PEMFile.sm.getString("pemFile.noMultiPrimes"));
            }
            return new RSAPrivateCrtKeySpec(asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt(), asn1Parser.parseInt());
        }

        private byte[] fromHex(String str) {
            byte[] bArr = new byte[str.length() / 2];
            for (int i = 0; i < str.length(); i += 2) {
                bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
            }
            return bArr;
        }

        private String toDottedOidString(byte[] bArr) {
            try {
                return new Oid(bArr).toString();
            } catch (GSSException e) {
                return HexUtils.toHexString(bArr);
            }
        }
    }

    public static String toPEM(X509Certificate x509Certificate) throws CertificateEncodingException {
        return "-----BEGIN CERTIFICATE-----" + System.lineSeparator() + Base64.getMimeEncoder().encodeToString(x509Certificate.getEncoded()) + "-----END CERTIFICATE-----";
    }

    public List<X509Certificate> getCertificates() {
        return this.certificates;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PEMFile(String str) throws IOException, GeneralSecurityException {
        this(str, null);
    }

    public PEMFile(String str, String str2) throws IOException, GeneralSecurityException {
        this(str, str2, null);
    }

    public PEMFile(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        this(str, ConfigFileLoader.getSource().getResource(str).getInputStream(), str2, str3);
    }

    public PEMFile(String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        this(str, ConfigFileLoader.getSource().getResource(str).getInputStream(), str2, str3, str3 != null ? ConfigFileLoader.getSource().getResource(str3).getInputStream() : null, str4);
    }

    public PEMFile(String str, InputStream inputStream, String str2, String str3) throws IOException, GeneralSecurityException {
        this(str, inputStream, str2, null, null, str3);
    }

    /* JADX WARN: Removed duplicated region for block: B:105:0x02be A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:108:0x0175 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:86:0x0258 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:90:0x026a A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:93:0x027c A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:96:0x0290 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public PEMFile(java.lang.String r8, java.io.InputStream r9, java.lang.String r10, java.lang.String r11, java.io.InputStream r12, java.lang.String r13) throws java.io.IOException, java.security.GeneralSecurityException {
        /*
            Method dump skipped, instructions count: 721
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.tomcat.util.net.jsse.PEMFile.<init>(java.lang.String, java.io.InputStream, java.lang.String, java.lang.String, java.io.InputStream, java.lang.String):void");
    }

    static {
        OID_TO_PRF.put("2a864886f70d0207", DEFAULT_PRF);
        OID_TO_PRF.put("2a864886f70d0208", "HmacSHA224");
        OID_TO_PRF.put("2a864886f70d0209", "HmacSHA256");
        OID_TO_PRF.put("2a864886f70d020a", "HmacSHA384");
        OID_TO_PRF.put("2a864886f70d020b", "HmacSHA512");
        OID_TO_PRF.put("2a864886f70d020c", "HmacSHA512/224");
        OID_TO_PRF.put("2a864886f70d020d", "HmacSHA512/256");
        OID_TO_ALGORITHM = new HashMap();
        OID_TO_ALGORITHM.put("2a864886f70d0307", Algorithm.DES_EDE3_CBC);
        OID_TO_ALGORITHM.put("608648016503040102", Algorithm.AES128_CBC_PAD);
        OID_TO_ALGORITHM.put("60864801650304012a", Algorithm.AES256_CBC_PAD);
    }
}
