package net.optionfactory.spring.pem.parsing;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Set;
import javax.crypto.EncryptedPrivateKeyInfo;
import net.optionfactory.spring.pem.Pem;
import net.optionfactory.spring.pem.PemException;
import net.optionfactory.spring.pem.der.DerCursor;

/* loaded from: input_file:net/optionfactory/spring/pem/parsing/PemEntry.class */
public final class PemEntry extends Record {
    private final String label;
    private final List<Metadata> metadata;
    private final String b64;

    /* loaded from: input_file:net/optionfactory/spring/pem/parsing/PemEntry$Metadata.class */
    public static final class Metadata extends Record {
        private final String k;
        private final String v;

        public Metadata(String str, String str2) {
            this.k = str;
            this.v = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Metadata.class), Metadata.class, "k;v", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->k:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->v:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Metadata.class), Metadata.class, "k;v", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->k:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->v:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Metadata.class, Object.class), Metadata.class, "k;v", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->k:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry$Metadata;->v:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String k() {
            return this.k;
        }

        public String v() {
            return this.v;
        }
    }

    public PemEntry(String str, List<Metadata> list, String str2) {
        this.label = str;
        this.metadata = list;
        this.b64 = str2;
    }

    public KeyAndCertificates unmarshal() {
        String str = (String) this.metadata.stream().filter(metadata -> {
            return metadata.k().equals("alias");
        }).map(metadata2 -> {
            return metadata2.v();
        }).findFirst().orElse(Pem.DEFAULT_ALIAS);
        String str2 = this.label;
        boolean z = -1;
        switch (str2.hashCode()) {
            case -2076506627:
                if (str2.equals("X509 CERTIFICATE")) {
                    z = true;
                    break;
                }
                break;
            case -283732602:
                if (str2.equals("ENCRYPTED PRIVATE KEY")) {
                    z = 4;
                    break;
                }
                break;
            case -189606537:
                if (str2.equals("CERTIFICATE")) {
                    z = 2;
                    break;
                }
                break;
            case -170985982:
                if (str2.equals("PRIVATE KEY")) {
                    z = 5;
                    break;
                }
                break;
            case -3172434:
                if (str2.equals("TRUSTED CERTIFICATE")) {
                    z = false;
                    break;
                }
                break;
            case 2121838594:
                if (str2.equals("RSA PRIVATE KEY")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                return new KeyAndCertificates(str, null, new X509Certificate[]{x509Certificate()});
            case true:
                return new KeyAndCertificates(str, new ClearTextPrivateKeyHolder(unmarshalPkcs1PrivateKey()), new X509Certificate[0]);
            case true:
                return new KeyAndCertificates(str, new EncryptedPrivateKeyHolder(unmarshalEncryptedPkcs8PrivateKey()), new X509Certificate[0]);
            case true:
                return new KeyAndCertificates(str, new ClearTextPrivateKeyHolder(unmarshalPkcs8PrivateKey()), new X509Certificate[0]);
            default:
                throw new PemException(String.format("unsupported PEM label: %s", this.label));
        }
    }

    public PrivateKeyHolder unmarshalPrivateKey() {
        String str = this.label;
        boolean z = -1;
        switch (str.hashCode()) {
            case -283732602:
                if (str.equals("ENCRYPTED PRIVATE KEY")) {
                    z = true;
                    break;
                }
                break;
            case -170985982:
                if (str.equals("PRIVATE KEY")) {
                    z = 2;
                    break;
                }
                break;
            case 2121838594:
                if (str.equals("RSA PRIVATE KEY")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new ClearTextPrivateKeyHolder(unmarshalPkcs1PrivateKey());
            case true:
                return new EncryptedPrivateKeyHolder(unmarshalEncryptedPkcs8PrivateKey());
            case true:
                return new ClearTextPrivateKeyHolder(unmarshalPkcs8PrivateKey());
            default:
                throw new PemException(String.format("unsupported PEM label: %s", this.label));
        }
    }

    public X509Certificate unmarshalX509Certificate() {
        PemException.ensure(Set.of("TRUSTED CERTIFICATE", "X509 CERTIFICATE", "CERTIFICATE").contains(this.label), "unsupported PEM label: %s", this.label);
        return x509Certificate();
    }

    private X509Certificate x509Certificate() {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(this.b64));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | CertificateException e) {
            throw new PemException(e);
        }
    }

    public PrivateKey unmarshalPkcs8PrivateKey() {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(this.b64)));
        } catch (GeneralSecurityException e) {
            throw new PemException(e);
        }
    }

    public PrivateKey unmarshalPkcs1PrivateKey() {
        byte[] decode = Base64.getDecoder().decode(this.b64);
        try {
            DerCursor.Flat flat = DerCursor.flat(decode);
            flat.next().ensure((byte) 48);
            flat.next().integer(decode);
            BigInteger integer = flat.next().integer(decode);
            BigInteger integer2 = flat.next().integer(decode);
            BigInteger integer3 = flat.next().integer(decode);
            BigInteger integer4 = flat.next().integer(decode);
            BigInteger integer5 = flat.next().integer(decode);
            BigInteger integer6 = flat.next().integer(decode);
            BigInteger integer7 = flat.next().integer(decode);
            BigInteger integer8 = flat.next().integer(decode);
            flat.eof();
            return KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(integer, integer2, integer3, integer4, integer5, integer6, integer7, integer8));
        } catch (GeneralSecurityException e) {
            throw new PemException(e);
        }
    }

    public EncryptedPrivateKeyInfo unmarshalEncryptedPkcs8PrivateKey() {
        try {
            return new EncryptedPrivateKeyInfo(Base64.getDecoder().decode(this.b64));
        } catch (IOException e) {
            throw new PemException(e);
        }
    }

    @Override // java.lang.Record
    public final String toString() {
        return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, PemEntry.class), PemEntry.class, "label;metadata;b64", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->label:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->metadata:Ljava/util/List;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->b64:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final int hashCode() {
        return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, PemEntry.class), PemEntry.class, "label;metadata;b64", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->label:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->metadata:Ljava/util/List;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->b64:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final boolean equals(Object obj) {
        return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, PemEntry.class, Object.class), PemEntry.class, "label;metadata;b64", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->label:Ljava/lang/String;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->metadata:Ljava/util/List;", "FIELD:Lnet/optionfactory/spring/pem/parsing/PemEntry;->b64:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
    }

    public String label() {
        return this.label;
    }

    public List<Metadata> metadata() {
        return this.metadata;
    }

    public String b64() {
        return this.b64;
    }
}
