package io.github.intoto.legacy.keys;

import io.github.intoto.legacy.lib.JSONEncoder;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.io.Writer;
import java.util.HashMap;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:io/github/intoto/legacy/keys/RSAKey.class */
public class RSAKey extends Key implements JSONEncoder {
    PEMKeyPair kpr;
    private final String scheme = "rsassa-pss-sha256";
    private final String[] keyid_hash_algorithms = {"sha256", "sha512"};
    private final String keytype = "rsa";
    private HashMap<String, String> keyval = new HashMap<>();

    public RSAKey(PEMKeyPair pEMKeyPair) {
        this.kpr = pEMKeyPair;
        this.keyval.put("private", getKeyval(true));
        this.keyval.put("public", getKeyval(false));
    }

    public static RSAKey read(String str) {
        return readPem(str);
    }

    private static RSAKey readPem(String str) {
        try {
            return readPemBuffer(new FileReader(str));
        } catch (IOException e) {
            throw new RuntimeException("Couldn't read key");
        }
    }

    public static RSAKey readPemBuffer(Reader reader) {
        PEMKeyPair pEMKeyPair = null;
        try {
            Object readObject = new PEMParser(reader).readObject();
            if (readObject instanceof PEMKeyPair) {
                pEMKeyPair = (PEMKeyPair) readObject;
            } else {
                if (!(readObject instanceof SubjectPublicKeyInfo)) {
                    throw new RuntimeException("Couldn't parse PEM object: " + readObject.toString());
                }
                pEMKeyPair = new PEMKeyPair((SubjectPublicKeyInfo) readObject, (PrivateKeyInfo) null);
            }
        } catch (IOException e) {
        }
        return new RSAKey(pEMKeyPair);
    }

    @Override // io.github.intoto.legacy.keys.Key
    public AsymmetricKeyParameter getPrivate() throws IOException {
        if (this.kpr == null || this.kpr.getPrivateKeyInfo() == null) {
            return null;
        }
        return PrivateKeyFactory.createKey(this.kpr.getPrivateKeyInfo());
    }

    @Override // io.github.intoto.legacy.keys.Key
    public AsymmetricKeyParameter getPublic() throws IOException {
        if (this.kpr == null) {
            return null;
        }
        return PublicKeyFactory.createKey(this.kpr.getPublicKeyInfo());
    }

    @Override // io.github.intoto.legacy.keys.Key
    public void write(String str) {
        try {
            encodePem(new FileWriter(str), false);
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }

    @Override // io.github.intoto.legacy.keys.Key
    public String computeKeyId() {
        if (this.kpr == null) {
            return null;
        }
        byte[] jSONEncodeableFields = getJSONEncodeableFields();
        SHA256Digest sHA256Digest = new SHA256Digest();
        byte[] bArr = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.update(jSONEncodeableFields, 0, jSONEncodeableFields.length);
        sHA256Digest.doFinal(bArr, 0);
        return Hex.toHexString(bArr);
    }

    private byte[] getJSONEncodeableFields() {
        String str = null;
        if (this.keyval.containsKey("private")) {
            str = this.keyval.get("private");
            this.keyval.remove("private");
        }
        PEMKeyPair pEMKeyPair = null;
        if (this.kpr != null) {
            pEMKeyPair = this.kpr;
            this.kpr = null;
        }
        byte[] bytes = JSONEncodeCanonical(false).getBytes();
        if (str != null) {
            this.keyval.put("private", str);
        }
        if (pEMKeyPair != null) {
            this.kpr = pEMKeyPair;
        }
        return bytes;
    }

    private void encodePem(Writer writer, boolean z) {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        if (z) {
            try {
                if (getPrivate() != null) {
                    jcaPEMWriter.writeObject(new MiscPEMGenerator(this.kpr.getPrivateKeyInfo()));
                    jcaPEMWriter.flush();
                }
            } catch (IOException e) {
                throw new RuntimeException(e.toString());
            }
        }
        jcaPEMWriter.writeObject(new MiscPEMGenerator(this.kpr.getPublicKeyInfo()));
        jcaPEMWriter.flush();
    }

    private String getKeyval(boolean z) {
        StringWriter stringWriter = new StringWriter();
        encodePem(stringWriter, z);
        String stringWriter2 = stringWriter.toString();
        if (stringWriter2.charAt(stringWriter2.length() - 1) == '\n') {
            stringWriter2 = stringWriter2.substring(0, stringWriter2.length() - 1);
        }
        return stringWriter2;
    }

    @Override // io.github.intoto.legacy.keys.Key
    public Signer getSigner() {
        RSAEngine rSAEngine = new RSAEngine();
        try {
            rSAEngine.init(false, getPrivate());
            SHA256Digest sHA256Digest = new SHA256Digest();
            return new PSSSigner(rSAEngine, sHA256Digest, sHA256Digest.getDigestSize());
        } catch (IOException e) {
            throw new RuntimeException(e.toString());
        }
    }
}
