package edu.vt.middleware.crypt.io;

import edu.vt.middleware.crypt.CryptException;
import edu.vt.middleware.crypt.CryptProvider;
import edu.vt.middleware.crypt.pbe.AbstractEncryptionScheme;
import edu.vt.middleware.crypt.pbe.OpenSSLEncryptionScheme;
import edu.vt.middleware.crypt.pbe.PBES1EncryptionScheme;
import edu.vt.middleware.crypt.pbe.PBES2EncryptionScheme;
import edu.vt.middleware.crypt.pkcs.PBEParameter;
import edu.vt.middleware.crypt.pkcs.PBES1Algorithm;
import edu.vt.middleware.crypt.pkcs.PBES2CipherGenerator;
import edu.vt.middleware.crypt.pkcs.PBKDF2Parameters;
import edu.vt.middleware.crypt.util.Convert;
import edu.vt.middleware.crypt.util.PemHelper;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: input_file:WEB-INF/lib/vt-crypt-2.1.4.jar:edu/vt/middleware/crypt/io/PrivateKeyCredentialReader.class */
public class PrivateKeyCredentialReader extends AbstractEncodedCredentialReader<PrivateKey> {
    public PrivateKey read(File file, char[] cArr) throws IOException, CryptException {
        return decode(decryptKey(IOHelper.read(new FileInputStream(file).getChannel()), cArr));
    }

    public PrivateKey read(InputStream inputStream, char[] cArr) throws CryptException, IOException {
        return decode(decryptKey(IOHelper.read(inputStream), cArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.vt.middleware.crypt.io.AbstractEncodedCredentialReader
    public PrivateKey decode(byte[] bArr) throws CryptException {
        PrivateKeyInfo privateKeyInfo;
        String str;
        KeySpec dSAPrivateKeySpec;
        try {
            ASN1Object fromByteArray = ASN1Object.fromByteArray(bArr);
            try {
                privateKeyInfo = PrivateKeyInfo.getInstance(fromByteArray);
            } catch (Exception e) {
                privateKeyInfo = null;
            }
            if (privateKeyInfo != null) {
                String id = privateKeyInfo.getAlgorithmId().getObjectId().getId();
                if (RSA_ID.equals(privateKeyInfo.getAlgorithmId().getObjectId())) {
                    str = "RSA";
                } else {
                    if (!DSA_ID.equals(privateKeyInfo.getAlgorithmId().getObjectId())) {
                        throw new CryptException("Unsupported PKCS#8 algorithm ID " + id);
                    }
                    str = "DSA";
                }
                try {
                    dSAPrivateKeySpec = new PKCS8EncodedKeySpec(bArr);
                } catch (Exception e2) {
                    throw new CryptException("Invalid PKCS#8 private key format.", e2);
                }
            } else {
                DERSequence dERSequence = (DERSequence) fromByteArray;
                if (dERSequence.size() == 9) {
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Reading OpenSSL format RSA private key.");
                    }
                    str = "RSA";
                    try {
                        dSAPrivateKeySpec = new RSAPrivateCrtKeySpec(DERInteger.getInstance((Object) dERSequence.getObjectAt(1)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(2)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(3)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(4)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(5)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(6)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(7)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(8)).getValue());
                    } catch (Exception e3) {
                        throw new CryptException("Invalid RSA key.", e3);
                    }
                } else {
                    if (dERSequence.size() != 6) {
                        throw new CryptException("Invalid OpenSSL traditional private key format.");
                    }
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Reading OpenSSL format DSA private key.");
                    }
                    str = "DSA";
                    try {
                        dSAPrivateKeySpec = new DSAPrivateKeySpec(DERInteger.getInstance((Object) dERSequence.getObjectAt(5)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(1)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(2)).getValue(), DERInteger.getInstance((Object) dERSequence.getObjectAt(3)).getValue());
                    } catch (Exception e4) {
                        throw new CryptException("Invalid DSA key.", e4);
                    }
                }
            }
            try {
                return CryptProvider.getKeyFactory(str).generatePrivate(dSAPrivateKeySpec);
            } catch (InvalidKeySpecException e5) {
                throw new CryptException("Invalid key specification", e5);
            }
        } catch (Exception e6) {
            throw new CryptException("Key is not ASN.1 encoded data.");
        }
    }

    private byte[] decryptKey(byte[] bArr, char[] cArr) throws IOException, CryptException {
        byte[] decryptPKCS8Key;
        if (cArr == null || cArr.length == 0) {
            throw new IllegalArgumentException("Password is required for decrypting an encrypted private key.");
        }
        if (PemHelper.isPem(bArr)) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Reading PEM encoded private key.");
            }
            String str = new String(bArr, "ASCII");
            decryptPKCS8Key = str.contains(PemHelper.PROC_TYPE) ? decryptOpenSSLKey(str, cArr) : decryptPKCS8Key(PemHelper.decode(bArr), cArr);
        } else {
            decryptPKCS8Key = decryptPKCS8Key(bArr, cArr);
        }
        return decryptPKCS8Key;
    }

    private byte[] decryptOpenSSLKey(String str, char[] cArr) throws CryptException {
        try {
            int indexOf = str.indexOf(PemHelper.DEK_INFO);
            String[] split = str.substring(indexOf + 10, str.indexOf(10, indexOf)).split(",");
            String str2 = split[0];
            byte[] fromHex = Convert.fromHex(split[1]);
            return new OpenSSLEncryptionScheme(str2, fromHex).decrypt(cArr, PemHelper.decode(str));
        } catch (Exception e) {
            throw new CryptException("Failed decrypting OpenSSL key.", e);
        }
    }

    private byte[] decryptPKCS8Key(byte[] bArr, char[] cArr) throws CryptException {
        AbstractEncryptionScheme pBES1EncryptionScheme;
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(ASN1Object.fromByteArray(bArr));
            AlgorithmIdentifier encryptionAlgorithm = encryptedPrivateKeyInfo.getEncryptionAlgorithm();
            if (PKCSObjectIdentifiers.id_PBES2.equals(encryptionAlgorithm.getObjectId())) {
                DERSequence parameters = encryptionAlgorithm.getParameters();
                PBKDF2Parameters decode = PBKDF2Parameters.decode(parameters.getObjectAt(0));
                PBES2CipherGenerator pBES2CipherGenerator = new PBES2CipherGenerator(parameters.getObjectAt(1));
                if (decode.getLength() == 0) {
                    decode.setLength(pBES2CipherGenerator.getKeySize() / 8);
                }
                pBES1EncryptionScheme = new PBES2EncryptionScheme(pBES2CipherGenerator.generate(), decode);
            } else {
                pBES1EncryptionScheme = new PBES1EncryptionScheme(PBES1Algorithm.fromOid(encryptionAlgorithm.getObjectId().getId()), PBEParameter.decode(encryptionAlgorithm.getParameters()));
            }
            return pBES1EncryptionScheme.decrypt(cArr, encryptedPrivateKeyInfo.getEncryptedData());
        } catch (Exception e) {
            throw new CryptException("Failed decrypting PKCS#8 private key", e);
        }
    }
}
