package io.smallrye.certs.pem.parsers;

import io.vertx.core.buffer.Buffer;
import io.vertx.ext.auth.impl.jose.JWS;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:io/smallrye/certs/pem/parsers/EncryptedPKCS8Parser.class */
public class EncryptedPKCS8Parser implements PKPemParser {
    private static final String PKCS8_ENCRYPTED_START = "-+BEGIN\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+";
    private static final String PKCS8_ENCRYPTED_END = "-+END\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+";
    private static final Pattern PATTERN = Pattern.compile("-+BEGIN\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+(?:\\s|\\r|\\n)+([a-z0-9+/=\\r\\n]+)-+END\\s+ENCRYPTED\\s+PRIVATE\\s+KEY[^-]*-+", 2);
    private static final List<String> ALGORITHMS = List.of("RSA", "RSASSA-PSS", "EC", "DSA", JWS.EdDSA, "XDH");
    public static final String PBES2_ALGORITHM = "PBES2";

    @Override // io.smallrye.certs.pem.parsers.PKPemParser
    public PrivateKey getKey(String str, String str2) {
        try {
            Matcher matcher = PATTERN.matcher(str);
            if (matcher.find()) {
                return extract(decodeBase64(matcher.group(1)), str2);
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private PrivateKey extract(byte[] bArr, String str) {
        PKCS8EncodedKeySpec decrypt = decrypt(bArr, str);
        Iterator<String> it = ALGORITHMS.iterator();
        while (it.hasNext()) {
            try {
                return KeyFactory.getInstance(it.next()).generatePrivate(decrypt);
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            }
        }
        return null;
    }

    static PKCS8EncodedKeySpec decrypt(byte[] bArr, String str) {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
            String encryptionAlgorithm = getEncryptionAlgorithm(algParameters, encryptedPrivateKeyInfo.getAlgName());
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptionAlgorithm).generateSecret(new PBEKeySpec(str.toCharArray()));
            Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
            cipher.init(2, generateSecret, algParameters);
            return encryptedPrivateKeyInfo.getKeySpec(cipher);
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalArgumentException("Error decrypting private key", e);
        }
    }

    private static String getEncryptionAlgorithm(AlgorithmParameters algorithmParameters, String str) {
        return (algorithmParameters == null || !PBES2_ALGORITHM.equals(str)) ? str : algorithmParameters.toString();
    }

    public Buffer decryptKey(String str, String str2) {
        PrivateKey key = getKey(str, str2);
        if (key == null) {
            return null;
        }
        Buffer buffer = Buffer.buffer();
        buffer.appendString("-----BEGIN PRIVATE KEY-----\n");
        buffer.appendString(Base64.getEncoder().encodeToString(key.getEncoded()));
        buffer.appendString("\n-----END PRIVATE KEY-----\n\n");
        return buffer;
    }
}
