package org.opendaylight.aaa.encrypt;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringReader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.apache.sshd.common.cipher.ECCurves;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

/* loaded from: input_file:org/opendaylight/aaa/encrypt/PKIUtil.class */
public class PKIUtil {
    private static final Provider BCPROV;
    private static final String KEY_FACTORY_TYPE_RSA = "RSA";
    private static final String KEY_FACTORY_TYPE_DSA = "DSA";
    private static final String KEY_FACTORY_TYPE_ECDSA = "EC";
    private static final KeyFactorySupplier RSA_KEY_FACTORY_SUPPLIER;
    private static final KeyFactorySupplier DSA_KEY_FACTORY_SUPPLIER;
    private static final KeyFactorySupplier ECDSA_KEY_FACTORY_SUPPLIER;
    private static final Map<String, String> ECDSA_CURVES;
    private static final String ECDSA_SUPPORTED_CURVE_NAME = "nistp256";
    private static final String ECDSA_SUPPORTED_CURVE_NAME_SPEC;
    private static final int ECDSA_THIRD_STR_LEN = 65;
    private static final int ECDSA_TOTAL_STR_LEN = 104;
    private static final String KEY_TYPE_RSA = "ssh-rsa";
    private static final String KEY_TYPE_DSA = "ssh-dss";
    private static final String KEY_TYPE_ECDSA = "ecdsa-sha2-nistp256";
    private byte[] bytes = new byte[0];
    private int pos = 0;

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/opendaylight/aaa/encrypt/PKIUtil$KeyFactorySupplier.class */
    public interface KeyFactorySupplier {
        KeyFactory get() throws NoSuchAlgorithmException;
    }

    private static KeyFactorySupplier resolveKeyFactory(String str) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            return () -> {
                return keyFactory;
            };
        } catch (NoSuchAlgorithmException e) {
            return () -> {
                throw e;
            };
        }
    }

    public PublicKey decodePublicKey(String str) throws GeneralSecurityException {
        this.bytes = Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
        if (this.bytes.length == 0) {
            throw new IllegalArgumentException("No Base64 part to decode in " + str);
        }
        this.pos = 0;
        String decodeType = decodeType();
        if (decodeType.equals("ssh-rsa")) {
            return decodeAsRSA();
        }
        if (decodeType.equals("ssh-dss")) {
            return decodeAsDSA();
        }
        if (decodeType.equals(KEY_TYPE_ECDSA)) {
            return decodeAsECDSA();
        }
        throw new IllegalArgumentException("Unknown decode key type " + decodeType + " in " + str);
    }

    private PublicKey decodeAsECDSA() throws GeneralSecurityException {
        KeyFactory keyFactory = ECDSA_KEY_FACTORY_SUPPLIER.get();
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC);
        ECNamedCurveSpec eCNamedCurveSpec = new ECNamedCurveSpec(ECDSA_SUPPORTED_CURVE_NAME_SPEC, parameterSpec.getCurve(), parameterSpec.getG(), parameterSpec.getN());
        return keyFactory.generatePublic(new ECPublicKeySpec(ECPointUtil.decodePoint(eCNamedCurveSpec.getCurve(), Arrays.copyOfRange(this.bytes, 39, 104)), eCNamedCurveSpec));
    }

    private PublicKey decodeAsDSA() throws GeneralSecurityException {
        return DSA_KEY_FACTORY_SUPPLIER.get().generatePublic(new DSAPublicKeySpec(decodeBigInt(), decodeBigInt(), decodeBigInt(), decodeBigInt()));
    }

    private PublicKey decodeAsRSA() throws GeneralSecurityException {
        return RSA_KEY_FACTORY_SUPPLIER.get().generatePublic(new RSAPublicKeySpec(decodeBigInt(), decodeBigInt()));
    }

    private String decodeType() {
        int decodeInt = decodeInt();
        String str = new String(this.bytes, this.pos, decodeInt, StandardCharsets.UTF_8);
        this.pos += decodeInt;
        return str;
    }

    private int decodeInt() {
        byte[] bArr = this.bytes;
        int i = this.pos;
        this.pos = i + 1;
        int i2 = (bArr[i] & 255) << 24;
        byte[] bArr2 = this.bytes;
        int i3 = this.pos;
        this.pos = i3 + 1;
        int i4 = i2 | ((bArr2[i3] & 255) << 16);
        byte[] bArr3 = this.bytes;
        int i5 = this.pos;
        this.pos = i5 + 1;
        int i6 = i4 | ((bArr3[i5] & 255) << 8);
        byte[] bArr4 = this.bytes;
        int i7 = this.pos;
        this.pos = i7 + 1;
        return i6 | (bArr4[i7] & 255);
    }

    private BigInteger decodeBigInt() {
        int decodeInt = decodeInt();
        byte[] bArr = new byte[decodeInt];
        System.arraycopy(this.bytes, this.pos, bArr, 0, decodeInt);
        this.pos += decodeInt;
        return new BigInteger(bArr);
    }

    public String encodePublicKey(PublicKey publicKey) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if ((publicKey instanceof RSAPublicKey) && publicKey.getAlgorithm().equals("RSA")) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeInt("ssh-rsa".getBytes(StandardCharsets.UTF_8).length);
            dataOutputStream.write("ssh-rsa".getBytes(StandardCharsets.UTF_8));
            dataOutputStream.writeInt(rSAPublicKey.getPublicExponent().toByteArray().length);
            dataOutputStream.write(rSAPublicKey.getPublicExponent().toByteArray());
            dataOutputStream.writeInt(rSAPublicKey.getModulus().toByteArray().length);
            dataOutputStream.write(rSAPublicKey.getModulus().toByteArray());
        } else if ((publicKey instanceof DSAPublicKey) && publicKey.getAlgorithm().equals("DSA")) {
            DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
            DSAParams params = dSAPublicKey.getParams();
            DataOutputStream dataOutputStream2 = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream2.writeInt("ssh-dss".getBytes(StandardCharsets.UTF_8).length);
            dataOutputStream2.write("ssh-dss".getBytes(StandardCharsets.UTF_8));
            dataOutputStream2.writeInt(params.getP().toByteArray().length);
            dataOutputStream2.write(params.getP().toByteArray());
            dataOutputStream2.writeInt(params.getQ().toByteArray().length);
            dataOutputStream2.write(params.getQ().toByteArray());
            dataOutputStream2.writeInt(params.getG().toByteArray().length);
            dataOutputStream2.write(params.getG().toByteArray());
            dataOutputStream2.writeInt(dSAPublicKey.getY().toByteArray().length);
            dataOutputStream2.write(dSAPublicKey.getY().toByteArray());
        } else {
            if (!(publicKey instanceof BCECPublicKey) || !publicKey.getAlgorithm().equals("EC")) {
                throw new IllegalArgumentException("Unknown public key encoding: " + publicKey.getAlgorithm());
            }
            BCECPublicKey bCECPublicKey = (BCECPublicKey) publicKey;
            DataOutputStream dataOutputStream3 = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream3.writeInt(KEY_TYPE_ECDSA.getBytes(StandardCharsets.UTF_8).length);
            dataOutputStream3.write(KEY_TYPE_ECDSA.getBytes(StandardCharsets.UTF_8));
            dataOutputStream3.writeInt("nistp256".getBytes(StandardCharsets.UTF_8).length);
            dataOutputStream3.write("nistp256".getBytes(StandardCharsets.UTF_8));
            byte[] encoded = bCECPublicKey.getQ().getAffineXCoord().getEncoded();
            byte[] encoded2 = bCECPublicKey.getQ().getAffineYCoord().getEncoded();
            dataOutputStream3.writeInt(encoded.length + encoded2.length + 1);
            dataOutputStream3.writeByte(4);
            dataOutputStream3.write(encoded);
            dataOutputStream3.write(encoded2);
        }
        return Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
    }

    public KeyPair decodePrivateKey(StringReader stringReader, String str) throws IOException {
        return doDecodePrivateKey(stringReader, str);
    }

    public KeyPair decodePrivateKey(String str, String str2) throws IOException {
        InputStreamReader inputStreamReader = new InputStreamReader(new FileInputStream(str), StandardCharsets.UTF_8);
        try {
            KeyPair doDecodePrivateKey = doDecodePrivateKey(inputStreamReader, str2);
            inputStreamReader.close();
            return doDecodePrivateKey;
        } catch (Throwable th) {
            try {
                inputStreamReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static KeyPair doDecodePrivateKey(Reader reader, String str) throws IOException {
        PEMParser pEMParser = new PEMParser(reader);
        try {
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().setProvider(BCPROV).build(str.toCharArray());
            Object readObject = pEMParser.readObject();
            KeyPair keyPair = readObject instanceof PEMEncryptedKeyPair ? jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
            pEMParser.close();
            return keyPair;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        Provider provider = Security.getProvider("BC");
        BCPROV = provider != null ? provider : new BouncyCastleProvider();
        RSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory("RSA");
        DSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory("DSA");
        ECDSA_KEY_FACTORY_SUPPLIER = resolveKeyFactory("EC");
        ECDSA_CURVES = new HashMap();
        ECDSA_CURVES.put("nistp256", "secp256r1");
        ECDSA_CURVES.put(ECCurves.Constants.NISTP384, "secp384r1");
        ECDSA_CURVES.put("nistp512", "secp512r1");
        ECDSA_SUPPORTED_CURVE_NAME_SPEC = ECDSA_CURVES.get("nistp256");
    }
}
