package com.tangosol.internal.net.ssl;

import com.oracle.coherence.common.base.Reads;
import com.tangosol.net.PasswordProvider;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:com/tangosol/internal/net/ssl/PemReader.class */
public class PemReader {
    private static final Pattern CERT_PATTERN = Pattern.compile("-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*CERTIFICATE[^-]*-+", 2);
    private static final Pattern KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+.*PRIVATE\\s+KEY[^-]*-+", 2);
    private static final Pattern PUBLIC_KEY_PATTERN = Pattern.compile("-+BEGIN\\s+.*PUBLIC\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n\\s]+)-+END\\s+.*PUBLIC\\s+KEY[^-]*-+", 2);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/tangosol/internal/net/ssl/PemReader$PrivateKeyInfo.class */
    public static final class PrivateKeyInfo {
        private final String type;
        private final byte[] bytes;

        private PrivateKeyInfo(String str, byte[] bArr) {
            this.type = str;
            this.bytes = bArr;
        }
    }

    private PemReader() {
    }

    public static PrivateKey readPrivateKey(InputStream inputStream, PasswordProvider passwordProvider) throws IOException {
        PrivateKeyInfo readPrivateKeyBytes = readPrivateKeyBytes(Reads.read(inputStream));
        String str = readPrivateKeyBytes.type;
        boolean z = -1;
        switch (str.hashCode()) {
            case 76183021:
                if (str.equals("PKCS8")) {
                    z = 3;
                    break;
                }
                break;
            case 755405099:
                if (str.equals("PKCS1-DSA")) {
                    z = true;
                    break;
                }
                break;
            case 755418553:
                if (str.equals("PKCS1-RSA")) {
                    z = false;
                    break;
                }
                break;
            case 1825483237:
                if (str.equals("PKCS1-EC")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                throw new SecurityException("PKCS#1 RSA private key is not supported");
            case true:
                throw new SecurityException("PKCS#1 DSA private key is not supported");
            case true:
                throw new SecurityException("PKCS#1 EC private key is not supported");
            case true:
            default:
                return pkcs8(generateKeySpec(readPrivateKeyBytes.bytes, passwordProvider));
        }
    }

    public static Certificate[] readCertificates(InputStream inputStream) throws IOException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            Matcher matcher = CERT_PATTERN.matcher(new String(Reads.read(inputStream), StandardCharsets.US_ASCII));
            for (int i = 0; matcher.find(i); i = matcher.end()) {
                try {
                    arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getMimeDecoder().decode(matcher.group(1).getBytes(StandardCharsets.US_ASCII)))));
                } catch (Exception e) {
                    throw new IOException("Failed to read certificate from bytes", e);
                }
            }
            if (arrayList.isEmpty()) {
                throw new SecurityException("Found no certificates in input stream");
            }
            return (Certificate[]) arrayList.toArray(new Certificate[0]);
        } catch (CertificateException e2) {
            throw new SecurityException("Failed to create certificate factory", e2);
        }
    }

    private static PrivateKey pkcs8(KeySpec keySpec) {
        try {
            return rsaPrivateKey(keySpec);
        } catch (Exception e) {
            try {
                return dsaPrivateKey(keySpec);
            } catch (Exception e2) {
                try {
                    return ecPrivateKey(keySpec);
                } catch (Exception e3) {
                    SecurityException securityException = new SecurityException("Failed to get private key. It is not RSA, DSA or EC.");
                    securityException.addSuppressed(e);
                    securityException.addSuppressed(e2);
                    securityException.addSuppressed(e3);
                    throw securityException;
                }
            }
        }
    }

    private static PrivateKey ecPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("EC").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new SecurityException("Failed to get EC private key", e);
        }
    }

    private static PrivateKey dsaPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("DSA").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new SecurityException("Failed to get DSA private key", e);
        }
    }

    private static PrivateKey rsaPrivateKey(KeySpec keySpec) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
        } catch (Exception e) {
            throw new SecurityException("Failed to get RSA private key", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [char[], char[][]] */
    /* JADX WARN: Type inference failed for: r0v30, types: [char[], char[][]] */
    /* JADX WARN: Type inference failed for: r0v5, types: [char[], char[][]] */
    private static KeySpec generateKeySpec(byte[] bArr, PasswordProvider passwordProvider) {
        char[] cArr;
        char[] cArr2 = null;
        if (passwordProvider == null) {
            cArr = null;
        } else {
            try {
                cArr = passwordProvider.get();
            } catch (Throwable th) {
                PasswordProvider.reset(new char[]{cArr2});
                throw th;
            }
        }
        cArr2 = cArr;
        if (cArr2 == null || cArr2.length == 0) {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
            PasswordProvider.reset(new char[]{cArr2});
            return pKCS8EncodedKeySpec;
        }
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr2));
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            PKCS8EncodedKeySpec keySpec = encryptedPrivateKeyInfo.getKeySpec(cipher);
            PasswordProvider.reset(new char[]{cArr2});
            return keySpec;
        } catch (Exception e) {
            throw new SecurityException("Failed to create key spec for key", e);
        }
    }

    private static PrivateKeyInfo readPrivateKeyBytes(byte[] bArr) {
        String str;
        String str2 = new String(bArr, StandardCharsets.US_ASCII);
        Matcher matcher = KEY_PATTERN.matcher(str2);
        if (!matcher.find()) {
            throw new SecurityException("Could not find a PKCS#8 private key in input stream");
        }
        byte[] bytes = matcher.group(1).getBytes(StandardCharsets.US_ASCII);
        if (str2.startsWith("-----BEGIN PRIVATE KEY-----") || str2.startsWith("-----BEGIN ENCRYPTED PRIVATE KEY-----")) {
            str = "PKCS8";
        } else if (str2.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
            str = "PKCS1-RSA";
        } else if (str2.startsWith("-----BEGIN DSA PRIVATE KEY-----")) {
            str = "PKCS1-DSA";
        } else {
            if (!str2.startsWith("-----BEGIN EC PRIVATE KEY-----")) {
                int indexOf = str2.indexOf("\n");
                if (indexOf < 1) {
                    throw new SecurityException("Could not find a PKCS#8 private key in input stream");
                }
                throw new SecurityException("Unsupported key type: " + str2.substring(0, indexOf));
            }
            str = "PKCS1-EC";
        }
        return new PrivateKeyInfo(str, Base64.getMimeDecoder().decode(bytes));
    }
}
