package com.venafi.vcert.sdk.certificate;

import com.venafi.vcert.sdk.VCertException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/certificate/PEMCollection.class */
public class PEMCollection {
    public static final String BOUNCY_CASTLE_ENCRYPTION_ALGORITHM = "AES-128-CBC";
    public static final String CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    public static final String SECRET_KEY_FACTORY_ALGORITHM = "PBKDF-OpenSSL";
    public static final String SECRET_KEY_ALGORITHM = "AES";
    public static final int SECRET_KEY_LENGTH_BITS = 128;
    private X509Certificate certificate;
    private PrivateKey privateKey;
    private String privateKeyPassword;
    private List<X509Certificate> chain = new ArrayList();
    private DataFormat dataFormat;

    /* loaded from: input_file:WEB-INF/lib/vcert-java-0.9.3.jar:com/venafi/vcert/sdk/certificate/PEMCollection$RawPrivateKey.class */
    public static class RawPrivateKey {
        private byte[] iv;
        private byte[] data;

        public boolean isEncrypted() {
            return this.iv != null;
        }

        @Generated
        public RawPrivateKey() {
        }

        @Generated
        public byte[] iv() {
            return this.iv;
        }

        @Generated
        public byte[] data() {
            return this.data;
        }

        @Generated
        public RawPrivateKey iv(byte[] bArr) {
            this.iv = bArr;
            return this;
        }

        @Generated
        public RawPrivateKey data(byte[] bArr) {
            this.data = bArr;
            return this;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RawPrivateKey)) {
                return false;
            }
            RawPrivateKey rawPrivateKey = (RawPrivateKey) obj;
            return rawPrivateKey.canEqual(this) && Arrays.equals(iv(), rawPrivateKey.iv()) && Arrays.equals(data(), rawPrivateKey.data());
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof RawPrivateKey;
        }

        @Generated
        public int hashCode() {
            return (((1 * 59) + Arrays.hashCode(iv())) * 59) + Arrays.hashCode(data());
        }

        @Generated
        public String toString() {
            return "PEMCollection.RawPrivateKey(iv=" + Arrays.toString(iv()) + ", data=" + Arrays.toString(data()) + ")";
        }
    }

    public static PEMCollection fromResponse(String str, ChainOption chainOption, PrivateKey privateKey, String str2) throws VCertException {
        return fromStringPEMCollection(str, chainOption, privateKey, str2);
    }

    public static PEMCollection fromStringPEMCollection(String str, ChainOption chainOption, PrivateKey privateKey, String str2) throws VCertException {
        return fromStringPEMCollection(str, chainOption, privateKey, str2, DataFormat.PKCS8);
    }

    public static PEMCollection fromStringPEMCollection(String str, ChainOption chainOption, PrivateKey privateKey, String str2, DataFormat dataFormat) throws VCertException {
        PEMCollection pEMCollection;
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        try {
            for (Object readObject = pEMParser.readObject(); readObject != null; readObject = pEMParser.readObject()) {
                if (readObject instanceof X509CertificateHolder) {
                    arrayList.add(jcaX509CertificateConverter.getCertificate((X509CertificateHolder) readObject));
                } else {
                    privateKey = parsePrivateKey(readObject, str2);
                }
            }
            if (arrayList.size() > 0) {
                switch (chainOption) {
                    case ChainOptionRootFirst:
                        pEMCollection = new PEMCollection();
                        pEMCollection.certificate((X509Certificate) arrayList.get(arrayList.size() - 1));
                        if (arrayList.size() > 1 && chainOption != ChainOption.ChainOptionIgnore) {
                            for (int i = 0; i < arrayList.size() - 1; i++) {
                                pEMCollection.chain().add((X509Certificate) arrayList.get(i));
                            }
                            break;
                        }
                        break;
                    default:
                        pEMCollection = new PEMCollection();
                        pEMCollection.certificate((X509Certificate) arrayList.get(0));
                        if (arrayList.size() > 1 && chainOption != ChainOption.ChainOptionIgnore) {
                            for (int i2 = 1; i2 < arrayList.size(); i2++) {
                                pEMCollection.chain().add((X509Certificate) arrayList.get(i2));
                            }
                            break;
                        }
                        break;
                }
            } else {
                pEMCollection = new PEMCollection();
            }
            pEMCollection.privateKey(privateKey);
            pEMCollection.privateKeyPassword(str2);
            pEMCollection.dataFormat(dataFormat);
            return pEMCollection;
        } catch (IOException | CertificateException | OperatorCreationException | PKCSException e) {
            throw new VCertException("Unable to parse certificate from response", e);
        }
    }

    public String pemCertificate() {
        String str = null;
        if (!Objects.isNull(this.certificate)) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
                try {
                    pemWriter.writeObject(new PemObject(PEMParser.TYPE_CERTIFICATE, this.certificate.getEncoded()));
                    pemWriter.close();
                    str = new String(byteArrayOutputStream.toByteArray());
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (CertificateEncodingException e2) {
                throw new RuntimeException(e2);
            }
        }
        return str;
    }

    public String pemPrivateKey() {
        if (Objects.isNull(this.privateKey)) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
            try {
                pemWriter.writeObject(getPemObjectGenerator(this.privateKey, this.privateKeyPassword));
                pemWriter.close();
                return new String(byteArrayOutputStream.toByteArray());
            } finally {
            }
        } catch (IOException | OperatorCreationException e) {
            throw new RuntimeException(e);
        }
    }

    private PemObjectGenerator getPemObjectGenerator(PrivateKey privateKey, String str) throws OperatorCreationException, IOException {
        boolean z = this.privateKeyPassword != null && this.privateKeyPassword.length() > 0;
        if (this.dataFormat == DataFormat.PKCS8) {
            OutputEncryptor outputEncryptor = null;
            if (z) {
                outputEncryptor = new JceOpenSSLPKCS8EncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME).setRandom(new SecureRandom()).setPassword(this.privateKeyPassword.toCharArray()).build();
            }
            return new JcaPKCS8Generator(privateKey, outputEncryptor);
        }
        PEMEncryptor pEMEncryptor = null;
        if (z) {
            pEMEncryptor = new JcePEMEncryptorBuilder(BOUNCY_CASTLE_ENCRYPTION_ALGORITHM).build(this.privateKeyPassword.toCharArray());
        }
        return new JcaMiscPEMGenerator(this.privateKey, pEMEncryptor);
    }

    public String pemCertificateChain() {
        StringBuilder sb = new StringBuilder();
        if (!Objects.isNull(this.chain)) {
            for (X509Certificate x509Certificate : this.chain) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
                    try {
                        pemWriter.writeObject(new PemObject(PEMParser.TYPE_CERTIFICATE, x509Certificate.getEncoded()));
                        pemWriter.close();
                        sb.append(new String(byteArrayOutputStream.toByteArray()));
                    } finally {
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                } catch (CertificateEncodingException e2) {
                    throw new RuntimeException(e2);
                }
            }
        }
        return sb.toString();
    }

    public byte[] derCertificate() {
        if (Objects.isNull(this.certificate)) {
            return null;
        }
        try {
            return this.certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public RawPrivateKey derPrivateKey() {
        if (Objects.isNull(this.privateKey)) {
            return null;
        }
        try {
            RawPrivateKey rawPrivateKey = new RawPrivateKey();
            if (KeyType.from(this.privateKey.getAlgorithm()) == KeyType.RSA) {
                rawPrivateKey.data = PrivateKeyInfo.getInstance(this.privateKey.getEncoded()).parsePrivateKey().toASN1Primitive().getEncoded();
            } else {
                rawPrivateKey.data = this.privateKey.getEncoded();
            }
            if (this.privateKeyPassword == null) {
                return rawPrivateKey;
            }
            rawPrivateKey.iv = new byte[16];
            new SecureRandom().nextBytes(rawPrivateKey.iv);
            SecretKeySpec passwordToCipherSecretKey = passwordToCipherSecretKey(this.privateKeyPassword.toCharArray(), rawPrivateKey.iv);
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(1, passwordToCipherSecretKey, new IvParameterSpec(rawPrivateKey.iv));
            rawPrivateKey.data = cipher.doFinal(rawPrivateKey.data);
            return rawPrivateKey;
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public List<byte[]> derCertificateChain() {
        if (Objects.isNull(this.chain)) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.ensureCapacity(this.chain.size());
        Iterator<X509Certificate> it = this.chain.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(it.next().getEncoded());
            } catch (CertificateEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return arrayList;
    }

    public byte[] toPkcs12(String str) throws PKCSException {
        try {
            SubjectKeyIdentifier createSubjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(this.certificate.getPublicKey());
            OutputEncryptor build = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes128_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(str.toCharArray());
            ArrayList arrayList = new ArrayList();
            arrayList.ensureCapacity(this.chain.size() + 2);
            arrayList.add(new JcaPKCS12SafeBagBuilder(this.certificate).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier).build());
            Iterator<X509Certificate> it = this.chain.iterator();
            while (it.hasNext()) {
                arrayList.add(new JcaPKCS12SafeBagBuilder(it.next()).build());
            }
            arrayList.add(new JcaPKCS12SafeBagBuilder(this.privateKey, build).addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier).build());
            PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
            pKCS12PfxPduBuilder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(str.toCharArray()), (PKCS12SafeBag[]) arrayList.toArray(new PKCS12SafeBag[0]));
            PKCS12PfxPdu build2 = pKCS12PfxPduBuilder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), str.toCharArray());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(build2.getEncoded(ASN1Encoding.DL));
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | NoSuchAlgorithmException | OperatorCreationException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] toJks(String str) throws KeyStoreException, CertificateException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, str.toCharArray());
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.certificate);
            arrayList.addAll(this.chain);
            keyStore.setKeyEntry("private-key", this.privateKey, str.toCharArray(), (Certificate[]) arrayList.toArray(new X509Certificate[0]));
            try {
                keyStore.store(byteArrayOutputStream, str.toCharArray());
                return byteArrayOutputStream.toByteArray();
            } catch (IOException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static SecretKeySpec passwordToCipherSecretKey(char[] cArr, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, 1, 128)).getEncoded(), SECRET_KEY_ALGORITHM);
    }

    public static PrivateKey decryptPKCS8PrivateKey(PEMParser pEMParser, String str) throws IOException, OperatorCreationException, PKCSException {
        return decryptPKCS8PrivateKey((PKCS8EncryptedPrivateKeyInfo) pEMParser.readObject(), str);
    }

    public static PrivateKey decryptPKCS8PrivateKey(PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo, String str) throws PEMException, OperatorCreationException, PKCSException {
        return new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
    }

    private static PrivateKey parsePrivateKey(Object obj, String str) throws IOException, OperatorCreationException, PKCSException {
        PrivateKey privateKey = null;
        if (obj instanceof PEMKeyPair) {
            privateKey = getPrivateKey((PEMKeyPair) obj);
        } else if (obj instanceof PEMEncryptedKeyPair) {
            privateKey = getPrivateKey(((PEMEncryptedKeyPair) obj).decryptKeyPair(new BcPEMDecryptorProvider(str.toCharArray())));
        } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
            privateKey = decryptPKCS8PrivateKey((PKCS8EncryptedPrivateKeyInfo) obj, str);
        }
        return privateKey;
    }

    private static PrivateKey getPrivateKey(PEMKeyPair pEMKeyPair) throws PEMException {
        return new JcaPEMKeyConverter().getPrivateKey(pEMKeyPair.getPrivateKeyInfo());
    }

    @Generated
    public PEMCollection() {
    }

    @Generated
    public X509Certificate certificate() {
        return this.certificate;
    }

    @Generated
    public PrivateKey privateKey() {
        return this.privateKey;
    }

    @Generated
    public String privateKeyPassword() {
        return this.privateKeyPassword;
    }

    @Generated
    public List<X509Certificate> chain() {
        return this.chain;
    }

    @Generated
    public DataFormat dataFormat() {
        return this.dataFormat;
    }

    @Generated
    public PEMCollection certificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
        return this;
    }

    @Generated
    public PEMCollection privateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
        return this;
    }

    @Generated
    public PEMCollection privateKeyPassword(String str) {
        this.privateKeyPassword = str;
        return this;
    }

    @Generated
    public PEMCollection chain(List<X509Certificate> list) {
        this.chain = list;
        return this;
    }

    @Generated
    public PEMCollection dataFormat(DataFormat dataFormat) {
        this.dataFormat = dataFormat;
        return this;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof PEMCollection)) {
            return false;
        }
        PEMCollection pEMCollection = (PEMCollection) obj;
        if (!pEMCollection.canEqual(this)) {
            return false;
        }
        X509Certificate certificate = certificate();
        X509Certificate certificate2 = pEMCollection.certificate();
        if (certificate == null) {
            if (certificate2 != null) {
                return false;
            }
        } else if (!certificate.equals(certificate2)) {
            return false;
        }
        PrivateKey privateKey = privateKey();
        PrivateKey privateKey2 = pEMCollection.privateKey();
        if (privateKey == null) {
            if (privateKey2 != null) {
                return false;
            }
        } else if (!privateKey.equals(privateKey2)) {
            return false;
        }
        String privateKeyPassword = privateKeyPassword();
        String privateKeyPassword2 = pEMCollection.privateKeyPassword();
        if (privateKeyPassword == null) {
            if (privateKeyPassword2 != null) {
                return false;
            }
        } else if (!privateKeyPassword.equals(privateKeyPassword2)) {
            return false;
        }
        List<X509Certificate> chain = chain();
        List<X509Certificate> chain2 = pEMCollection.chain();
        if (chain == null) {
            if (chain2 != null) {
                return false;
            }
        } else if (!chain.equals(chain2)) {
            return false;
        }
        DataFormat dataFormat = dataFormat();
        DataFormat dataFormat2 = pEMCollection.dataFormat();
        return dataFormat == null ? dataFormat2 == null : dataFormat.equals(dataFormat2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof PEMCollection;
    }

    @Generated
    public int hashCode() {
        X509Certificate certificate = certificate();
        int hashCode = (1 * 59) + (certificate == null ? 43 : certificate.hashCode());
        PrivateKey privateKey = privateKey();
        int hashCode2 = (hashCode * 59) + (privateKey == null ? 43 : privateKey.hashCode());
        String privateKeyPassword = privateKeyPassword();
        int hashCode3 = (hashCode2 * 59) + (privateKeyPassword == null ? 43 : privateKeyPassword.hashCode());
        List<X509Certificate> chain = chain();
        int hashCode4 = (hashCode3 * 59) + (chain == null ? 43 : chain.hashCode());
        DataFormat dataFormat = dataFormat();
        return (hashCode4 * 59) + (dataFormat == null ? 43 : dataFormat.hashCode());
    }

    @Generated
    public String toString() {
        return "PEMCollection(certificate=" + certificate() + ", privateKey=" + privateKey() + ", privateKeyPassword=" + privateKeyPassword() + ", chain=" + chain() + ", dataFormat=" + dataFormat() + ")";
    }
}
