package org.springframework.security.converter;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.core.convert.converter.Converter;
import org.springframework.lang.NonNull;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-6.1.2.jar:org/springframework/security/converter/RsaKeyConverters.class */
public final class RsaKeyConverters {
    private static final String DASHES = "-----";
    private static final String PKCS8_PEM_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PKCS8_PEM_FOOTER = "-----END PRIVATE KEY-----";
    private static final String X509_PEM_HEADER = "-----BEGIN PUBLIC KEY-----";
    private static final String X509_PEM_FOOTER = "-----END PUBLIC KEY-----";
    private static final String X509_CERT_HEADER = "-----BEGIN CERTIFICATE-----";
    private static final String X509_CERT_FOOTER = "-----END CERTIFICATE-----";

    /* loaded from: input_file:WEB-INF/lib/spring-security-core-6.1.2.jar:org/springframework/security/converter/RsaKeyConverters$X509CertificateDecoder.class */
    private static class X509CertificateDecoder implements Converter<List<String>, RSAPublicKey> {
        private final CertificateFactory certificateFactory;

        X509CertificateDecoder(CertificateFactory certificateFactory) {
            this.certificateFactory = certificateFactory;
        }

        @Override // org.springframework.core.convert.converter.Converter
        @NonNull
        public RSAPublicKey convert(List<String> list) {
            StringBuilder sb = new StringBuilder();
            for (String str : list) {
                if (isNotX509CertificateWrapper(str)) {
                    sb.append(str);
                }
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(sb.toString()));
                try {
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) ((X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream)).getPublicKey();
                    byteArrayInputStream.close();
                    return rSAPublicKey;
                } catch (Throwable th) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | CertificateException e) {
                throw new IllegalArgumentException(e);
            }
        }

        private boolean isNotX509CertificateWrapper(String str) {
            return (RsaKeyConverters.X509_CERT_HEADER.equals(str) || RsaKeyConverters.X509_CERT_FOOTER.equals(str)) ? false : true;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-security-core-6.1.2.jar:org/springframework/security/converter/RsaKeyConverters$X509PemDecoder.class */
    private static class X509PemDecoder implements Converter<List<String>, RSAPublicKey> {
        private final KeyFactory keyFactory;

        X509PemDecoder(KeyFactory keyFactory) {
            this.keyFactory = keyFactory;
        }

        @Override // org.springframework.core.convert.converter.Converter
        @NonNull
        public RSAPublicKey convert(List<String> list) {
            StringBuilder sb = new StringBuilder();
            for (String str : list) {
                if (isNotX509PemWrapper(str)) {
                    sb.append(str);
                }
            }
            try {
                return (RSAPublicKey) this.keyFactory.generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(sb.toString())));
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        }

        private boolean isNotX509PemWrapper(String str) {
            return (RsaKeyConverters.X509_PEM_HEADER.equals(str) || RsaKeyConverters.X509_PEM_FOOTER.equals(str)) ? false : true;
        }
    }

    private RsaKeyConverters() {
    }

    public static Converter<InputStream, RSAPrivateKey> pkcs8() {
        KeyFactory rsaFactory = rsaFactory();
        return inputStream -> {
            List<String> readAllLines = readAllLines(inputStream);
            Assert.isTrue(!readAllLines.isEmpty() && readAllLines.get(0).startsWith(PKCS8_PEM_HEADER), "Key is not in PEM-encoded PKCS#8 format, please check that the header begins with -----BEGIN PRIVATE KEY-----");
            StringBuilder sb = new StringBuilder();
            for (String str : readAllLines) {
                if (isNotPkcs8Wrapper(str)) {
                    sb.append(str);
                }
            }
            try {
                return (RSAPrivateKey) rsaFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(sb.toString())));
            } catch (Exception e) {
                throw new IllegalArgumentException(e);
            }
        };
    }

    public static Converter<InputStream, RSAPublicKey> x509() {
        X509PemDecoder x509PemDecoder = new X509PemDecoder(rsaFactory());
        X509CertificateDecoder x509CertificateDecoder = new X509CertificateDecoder(x509CertificateFactory());
        return inputStream -> {
            List<String> readAllLines = readAllLines(inputStream);
            Assert.notEmpty(readAllLines, "Input stream is empty");
            String str = readAllLines.get(0);
            X509PemDecoder x509PemDecoder2 = str.startsWith(X509_PEM_HEADER) ? x509PemDecoder : str.startsWith(X509_CERT_HEADER) ? x509CertificateDecoder : null;
            Assert.notNull(x509PemDecoder2, "Key is not in PEM-encoded X.509 format or a valid X.509 certificate, please check that the header begins with -----BEGIN PUBLIC KEY----- or -----BEGIN CERTIFICATE-----");
            return x509PemDecoder2.convert((X509PemDecoder) readAllLines);
        };
    }

    private static CertificateFactory x509CertificateFactory() {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static List<String> readAllLines(InputStream inputStream) {
        return (List) new BufferedReader(new InputStreamReader(inputStream)).lines().collect(Collectors.toList());
    }

    private static KeyFactory rsaFactory() {
        try {
            return KeyFactory.getInstance("RSA");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private static boolean isNotPkcs8Wrapper(String str) {
        return (PKCS8_PEM_HEADER.equals(str) || PKCS8_PEM_FOOTER.equals(str)) ? false : true;
    }
}
