package jenkins.bouncycastle.api;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.eclipse.jgit.lib.BranchConfig;

/* loaded from: input_file:test-dependencies/bouncycastle-api.hpi:WEB-INF/lib/bouncycastle-api.jar:jenkins/bouncycastle/api/PEMEncodable.class */
public final class PEMEncodable {

    @NonNull
    private final Object object;
    private static final Provider BOUNCY_CASTLE_PROVIDER;
    private static final Logger LOGGER;

    private PEMEncodable(@NonNull Object obj) {
        this.object = obj;
    }

    @NonNull
    public static PEMEncodable create(@NonNull Key key) {
        return new PEMEncodable(key);
    }

    @NonNull
    public static PEMEncodable create(@NonNull KeyPair keyPair) {
        return new PEMEncodable(keyPair);
    }

    @NonNull
    public static PEMEncodable create(@NonNull Certificate certificate) {
        return new PEMEncodable(certificate);
    }

    @NonNull
    public static PEMEncodable decode(@NonNull String str) throws IOException, UnrecoverableKeyException {
        return decode(str, null);
    }

    /* JADX WARN: Failed to calculate best type for var: r8v3 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0227: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:107:0x0227 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x022b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:109:0x022b */
    /* JADX WARN: Type inference failed for: r8v3, types: [org.bouncycastle.openssl.PEMParser] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    @NonNull
    public static PEMEncodable decode(@NonNull String str, @Nullable char[] cArr) throws IOException, UnrecoverableKeyException {
        ?? r8;
        ?? r9;
        try {
            try {
                try {
                    PEMParser pEMParser = new PEMParser(new StringReader(str));
                    Throwable th = null;
                    Object readObject = pEMParser.readObject();
                    if (readObject == null) {
                        throw new IOException("Could not parse PEM, only key pairs, private keys, public keys and certificates are supported");
                    }
                    JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BOUNCY_CASTLE_PROVIDER);
                    if (readObject instanceof PEMEncryptedKeyPair) {
                        if (cArr == null) {
                            throw new UnrecoverableKeyException("Key is passphrase protected, but no passphrase was provided");
                        }
                        PEMEncodable pEMEncodable = new PEMEncodable(provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(cArr))));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return pEMEncodable;
                    }
                    if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        if (cArr == null) {
                            throw new UnrecoverableKeyException("Key is passphrase protected, but no passphrase was provided");
                        }
                        PEMEncodable pEMEncodableKeyPairFromPrivateKey = getPEMEncodableKeyPairFromPrivateKey(provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BOUNCY_CASTLE_PROVIDER).build(cArr))));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return pEMEncodableKeyPairFromPrivateKey;
                    }
                    if (readObject instanceof PEMKeyPair) {
                        PEMEncodable pEMEncodable2 = new PEMEncodable(provider.getKeyPair((PEMKeyPair) readObject));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return pEMEncodable2;
                    }
                    if (readObject instanceof PrivateKeyInfo) {
                        PEMEncodable pEMEncodableKeyPairFromPrivateKey2 = getPEMEncodableKeyPairFromPrivateKey(provider.getPrivateKey((PrivateKeyInfo) readObject));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return pEMEncodableKeyPairFromPrivateKey2;
                    }
                    if (readObject instanceof SubjectPublicKeyInfo) {
                        PEMEncodable pEMEncodable3 = new PEMEncodable(provider.getPublicKey((SubjectPublicKeyInfo) readObject));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th6) {
                                    th.addSuppressed(th6);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return pEMEncodable3;
                    }
                    if (!(readObject instanceof X509CertificateHolder)) {
                        throw new IOException("Could not parse PEM, only key pairs, private keys, public keys and certificates are supported. Received " + readObject.getClass().getName());
                    }
                    PEMEncodable pEMEncodable4 = new PEMEncodable(new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_PROVIDER).getCertificate((X509CertificateHolder) readObject));
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return pEMEncodable4;
                } catch (Throwable th8) {
                    if (r8 != 0) {
                        if (r9 != 0) {
                            try {
                                r8.close();
                            } catch (Throwable th9) {
                                r9.addSuppressed(th9);
                            }
                        } else {
                            r8.close();
                        }
                    }
                    throw th8;
                }
            } catch (InvalidKeySpecException | PKCSException e) {
                LOGGER.log(Level.WARNING, "Could not read PEM encrypted information", e);
                throw new UnrecoverableKeyException();
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError("RSA algorithm support is mandated by Java Language Specification. See https://docs.oracle.com/javase/7/docs/api/java/security/KeyFactory.html");
        } catch (CertificateException e3) {
            throw new IOException("Could not read certificate", e3);
        }
    }

    private static PEMEncodable getPEMEncodableKeyPairFromPrivateKey(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (!(privateKey instanceof RSAPrivateCrtKey)) {
            return new PEMEncodable(privateKey);
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        return new PEMEncodable(new KeyPair(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent())), rSAPrivateCrtKey));
    }

    @NonNull
    public String encode() throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                jcaPEMWriter.writeObject(this.object);
                if (jcaPEMWriter != null) {
                    if (0 != 0) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (jcaPEMWriter != null) {
                if (th != null) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jcaPEMWriter.close();
                }
            }
            throw th3;
        }
    }

    @NonNull
    public static PEMEncodable read(@NonNull File file) throws IOException, UnrecoverableKeyException {
        return read(file, null);
    }

    @NonNull
    public static PEMEncodable read(@NonNull File file, @Nullable char[] cArr) throws IOException, UnrecoverableKeyException {
        return decode(FileUtils.readFileToString(file, StandardCharsets.UTF_8), cArr);
    }

    public void write(@NonNull File file) throws IOException {
        FileUtils.writeStringToFile(file, encode(), StandardCharsets.UTF_8);
    }

    @CheckForNull
    public KeyPair toKeyPair() {
        if (this.object instanceof KeyPair) {
            return (KeyPair) this.object;
        }
        return null;
    }

    @CheckForNull
    public PublicKey toPublicKey() {
        if (this.object instanceof PublicKey) {
            return (PublicKey) this.object;
        }
        if (this.object instanceof KeyPair) {
            return ((KeyPair) this.object).getPublic();
        }
        if (this.object instanceof Certificate) {
            return ((Certificate) this.object).getPublicKey();
        }
        return null;
    }

    @CheckForNull
    public Certificate toCertificate() {
        if (this.object instanceof Certificate) {
            return (Certificate) this.object;
        }
        return null;
    }

    @CheckForNull
    public PrivateKey toPrivateKey() {
        if (this.object instanceof PrivateKey) {
            return (PrivateKey) this.object;
        }
        if (this.object instanceof KeyPair) {
            return ((KeyPair) this.object).getPrivate();
        }
        return null;
    }

    @CheckForNull
    public Object getRawObject() {
        return this.object;
    }

    @CheckForNull
    public String getPrivateKeyFingerprint() {
        PrivateKey privateKey = toPrivateKey();
        if (privateKey == null) {
            return null;
        }
        return hexEncode(getKeyDigestSHA1(privateKey));
    }

    @CheckForNull
    public String getPublicKeyFingerprint() {
        PublicKey publicKey = toPublicKey();
        if (publicKey == null) {
            return null;
        }
        return hexEncode(getKeyDigestMD5(publicKey));
    }

    @NonNull
    public static byte[] getKeyDigestSHA1(@NonNull Key key) {
        try {
            return getKeyDigest(key, "SHA1");
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError("SHA1 algorithm support is mandated by Java Language Specification. See https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html");
        }
    }

    @NonNull
    public static byte[] getKeyDigestMD5(@NonNull Key key) {
        try {
            return getKeyDigest(key, "MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError("MD5 algorithm support is mandated by Java Language Specification. See https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html");
        }
    }

    @NonNull
    public static byte[] getKeyDigest(@NonNull Key key, @NonNull String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(key.getEncoded());
        return messageDigest.digest();
    }

    @NonNull
    private static String hexEncode(@NonNull byte[] bArr) {
        char[] encodeHex = Hex.encodeHex(bArr);
        StringBuilder sb = new StringBuilder(encodeHex.length + Math.max(0, (encodeHex.length / 2) - 1));
        for (int i = 0; i < encodeHex.length; i += 2) {
            if (i > 0) {
                sb.append(':');
            }
            sb.append(encodeHex, i, 2);
        }
        return sb.toString();
    }

    static {
        Provider provider = Security.getProvider("BCFIPS");
        if (provider == null) {
            provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        if (provider == null) {
            throw new IllegalStateException((String) Arrays.asList(Security.getProviders()).stream().map(provider2 -> {
                return provider2.getName();
            }).collect(Collectors.joining(",", "Couldn't locate either of bouncy castle FIPS or non fips provider, available providers are", BranchConfig.LOCAL_REPOSITORY)));
        }
        BOUNCY_CASTLE_PROVIDER = provider;
        LOGGER = Logger.getLogger(PEMEncodable.class.getName());
    }
}
