package jp.ad.sinet.stream.crypto;

import java.io.ByteArrayInputStream;
import java.io.Console;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.file.Path;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import jp.ad.sinet.stream.api.InvalidMessageException;
import lombok.Generated;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:jp/ad/sinet/stream/crypto/SecretDecoder.class */
public class SecretDecoder {

    @Generated
    private static final Logger log = Logger.getLogger(SecretDecoder.class.getName());
    private final Path privKeyFile;
    private RSAKeyPair rsaKeyPair;
    public static String SINETSTREAM_PRIVATE_KEY_PASSPHRASE;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jp/ad/sinet/stream/crypto/SecretDecoder$RSAKeyPair.class */
    public class RSAKeyPair {
        public RSAPrivateKey priv;
        public RSAPublicKey pub;

        RSAKeyPair(RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey) {
            this.priv = rSAPrivateKey;
            this.pub = rSAPublicKey;
        }
    }

    public SecretDecoder(Path path) {
        this.privKeyFile = path;
    }

    public byte[] decode(byte[] bArr, String str) throws Exception {
        setupPrivKey();
        return parseSecret(this.rsaKeyPair.priv, bArr);
    }

    public void setupPrivKey() throws Exception {
        if (this.rsaKeyPair == null) {
            this.rsaKeyPair = getPrivateKey(this.privKeyFile);
        }
    }

    private RSAKeyPair getPrivateKey(Path path) throws Exception {
        RSAKeyPair readPrivateKey = readPrivateKey(path.toFile());
        log.fine("privkey=" + readPrivateKey.priv);
        log.fine("privkey.bitLength=" + readPrivateKey.priv.getPrivateExponent().bitLength());
        return readPrivateKey;
    }

    private String getPass(String str) {
        if (SINETSTREAM_PRIVATE_KEY_PASSPHRASE != null) {
            return SINETSTREAM_PRIVATE_KEY_PASSPHRASE;
        }
        String str2 = System.getenv("SINETSTREAM_PRIVATE_KEY_PASSPHRASE");
        if (str2 != null) {
            return str2;
        }
        Console console = System.console();
        return console == null ? "" : new String(console.readPassword("Enter pass phrase for %s: ", str));
    }

    private RSAKeyPair readPrivateKey(File file) throws Exception {
        KeyPair keyPair;
        Object readObject = new PEMParser(new FileReader(file)).readObject();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
        if (readObject instanceof PEMEncryptedKeyPair) {
            keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(getPass(file.getAbsolutePath()).toCharArray())));
        } else {
            keyPair = provider.getKeyPair((PEMKeyPair) readObject);
        }
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return new RSAKeyPair((RSAPrivateKey) keyFactory.generatePrivate((RSAPrivateCrtKeySpec) keyFactory.getKeySpec(keyPair.getPrivate(), RSAPrivateCrtKeySpec.class)), (RSAPublicKey) keyFactory.generatePublic((RSAPublicKeySpec) keyFactory.getKeySpec(keyPair.getPublic(), RSAPublicKeySpec.class)));
    }

    private byte[] decryptKey(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/None/OAEPWithSHA-256AndMGF1Padding", "BC");
        cipher.init(2, rSAPrivateKey, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
        return cipher.doFinal(bArr);
    }

    private byte[] parseSecret(RSAPrivateKey rSAPrivateKey, byte[] bArr) throws Exception {
        try {
            int bitLength = (rSAPrivateKey.getPrivateExponent().bitLength() + 7) / 8;
            log.fine("XXX:keySize=" + bitLength);
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            if (dataInputStream.readShort() != 1) {
                throw new InvalidMessageException("Unsupported version");
            }
            byte readByte = dataInputStream.readByte();
            if (readByte != 1) {
                throw new InvalidMessageException("public key type in the encrypted data must be 1, but " + readByte);
            }
            byte readByte2 = dataInputStream.readByte();
            if (readByte2 != 1) {
                throw new InvalidMessageException("common key type in the encrypted data must be 1, but " + readByte2);
            }
            byte[] bArr2 = new byte[bitLength];
            dataInputStream.read(bArr2);
            byte[] bArr3 = new byte[12];
            dataInputStream.read(bArr3);
            byte[] bArr4 = new byte[dataInputStream.available()];
            dataInputStream.read(bArr4);
            log.fine("parse:encryptedKey=" + DatatypeConverter.printHexBinary(bArr2));
            log.fine("parse:iv=" + DatatypeConverter.printHexBinary(bArr3));
            log.fine("parse:datawithtag=" + DatatypeConverter.printHexBinary(bArr4));
            byte[] decryptKey = decryptKey(bArr2, rSAPrivateKey);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, new SecretKeySpec(decryptKey, "AES"), new GCMParameterSpec(16 * 8, bArr3));
            int i = 4 + bitLength + 12;
            byte[] bArr5 = new byte[i];
            System.arraycopy(bArr, 0, bArr5, 0, i);
            cipher.updateAAD(bArr5);
            byte[] doFinal = cipher.doFinal(bArr4);
            log.fine("XXX:decryptedText=" + DatatypeConverter.printHexBinary(doFinal));
            return doFinal;
        } catch (IOException e) {
            throw new InvalidMessageException("malformed secret message", e);
        }
    }

    public String getFingerprint() {
        byte[] bytes = "ssh-rsa".getBytes();
        byte[] byteArray = this.rsaKeyPair.pub.getPublicExponent().toByteArray();
        byte[] byteArray2 = this.rsaKeyPair.pub.getModulus().toByteArray();
        byte[] array = ByteBuffer.allocate(4 + bytes.length + 4 + byteArray.length + 4 + byteArray2.length).putInt(bytes.length).put(bytes).putInt(byteArray.length).put(byteArray).putInt(byteArray2.length).put(byteArray2).array();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(array);
            return Base64.getEncoder().encodeToString(messageDigest.digest()).replaceAll("=", "");
        } catch (Exception e) {
            throw new RuntimeException("Cannot calculate fingerprint", e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
