package org.lightningj.paywall.keymgmt;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
import java.util.Optional;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.lightningj.paywall.InternalErrorException;
import org.lightningj.paywall.util.DigestUtils;
import org.lightningj.paywall.util.HexUtils;

/* loaded from: input_file:org/lightningj/paywall/keymgmt/KeySerializationHelper.class */
public class KeySerializationHelper {
    private static final String ID_TAG = "Id :";
    private static final String GENERATED_TAG = "Generated :";
    private static final String HOSTNAME_TAG = "Hostname :";
    private static final String DATA_TAG = "Data :";
    private static final String BEGIN_PUBLIC_KEY_TAG = "-----BEGIN PUBLIC KEY-----";
    private static final String END_PUBLIC_KEY_TAG = "-----END PUBLIC KEY-----";
    private static SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
    private static Base64.Encoder base64Encoder = Base64.getMimeEncoder(64, "\n".getBytes());
    private static SecureRandom secureRandom = new SecureRandom();
    private static final int GCM_AUTHENTICATION_TAG_SIZE = 128;
    private static final int GCM_IV_NONCE_BYTES = 12;
    private static final int PBKDF2_ITERATIONS = 65536;
    private static final int PBKDF2_SALT_BYTES = 32;
    private static final int AES_KEY_LENGTH_BITS = 256;
    private static final String ENC_CIPHER = "AES";
    private static final String WRAP_CIPHERSCHEME = "AES/GCM/NoPadding";
    private static final String PBKDF2_SCHEME = "PBKDF2WithHmacSHA256";

    public static byte[] serializeSecretKey(Key key, char[] cArr) throws InternalErrorException {
        try {
            return (getHeader(key.getEncoded()) + DATA_TAG + HexUtils.encodeHexString(encryptSymmetricKey(key, cArr)) + "\n").getBytes("UTF-8");
        } catch (Exception e) {
            throw new InternalErrorException("Internal error encoding secret key data: " + e.getMessage(), e);
        }
    }

    public static Key deserializeSecretKey(byte[] bArr, char[] cArr) throws InternalErrorException {
        try {
            Optional findFirst = new BufferedReader(new StringReader(new String(bArr, "UTF-8"))).lines().map((v0) -> {
                return v0.trim();
            }).filter(str -> {
                return str.startsWith(DATA_TAG);
            }).findFirst();
            if (findFirst.isPresent()) {
                return decryptSymmetricKey(HexUtils.decodeHexString(((String) findFirst.get()).substring(DATA_TAG.length())), cArr);
            }
            throw new InternalErrorException("Internal error decoding secret key data: no Data: tag found in secret key file");
        } catch (Exception e) {
            throw new InternalErrorException("Internal error decoding secret key data: " + e.getMessage(), e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v38, types: [byte[], byte[][]] */
    public static byte[][] serializeAsymKeyPair(KeyPair keyPair, char[] cArr) throws InternalErrorException {
        if (cArr != null) {
            try {
                if (cArr.length != 0) {
                    String header = getHeader(keyPair.getPublic().getEncoded());
                    String str = ((header + "-----BEGIN PUBLIC KEY-----\n") + base64Encoder.encodeToString(new PKCS8EncodedKeySpec(keyPair.getPublic().getEncoded()).getEncoded()) + "\n") + "-----END PUBLIC KEY-----\n";
                    StringWriter stringWriter = new StringWriter();
                    PEMEncryptor build = new JcePEMEncryptorBuilder("AES-256-CBC").build(cArr);
                    JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                    jcaPEMWriter.writeObject(keyPair.getPrivate(), build);
                    jcaPEMWriter.close();
                    return new byte[]{str.getBytes("UTF-8"), (header + stringWriter.toString()).getBytes("UTF-8")};
                }
            } catch (Exception e) {
                if (e instanceof InternalErrorException) {
                    throw ((InternalErrorException) e);
                }
                throw new InternalErrorException("Internal error encoding asymmetric key data: " + e.getMessage(), e);
            }
        }
        throw new InternalErrorException("Error encrypting asymmetric key, no protect pass phrase defined.");
    }

    /* JADX WARN: Type inference failed for: r0v30, types: [byte[], byte[][]] */
    public static byte[][] serializeBTCPayServerKeyPair(KeyPair keyPair, char[] cArr) throws InternalErrorException {
        if (cArr != null) {
            try {
                if (cArr.length != 0) {
                    String header = getHeader(keyPair.getPublic().getEncoded());
                    String encodeHexString = HexUtils.encodeHexString(keyPair.getPublic().getQ().getEncoded(true));
                    StringWriter stringWriter = new StringWriter();
                    PEMEncryptor build = new JcePEMEncryptorBuilder("AES-256-CBC").build(cArr);
                    JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                    jcaPEMWriter.writeObject(keyPair.getPrivate(), build);
                    jcaPEMWriter.close();
                    return new byte[]{encodeHexString.getBytes("UTF-8"), (header + stringWriter.toString()).getBytes("UTF-8")};
                }
            } catch (Exception e) {
                if (e instanceof InternalErrorException) {
                    throw ((InternalErrorException) e);
                }
                throw new InternalErrorException("Internal error encoding asymmetric key data: " + e.getMessage(), e);
            }
        }
        throw new InternalErrorException("Error encrypting BTC Pay Server Token Access key, no protect pass phrase defined.");
    }

    public static KeyPair deserializeAsymKeyPair(byte[] bArr, byte[] bArr2, char[] cArr, KeyFactory keyFactory) throws InternalErrorException {
        try {
            PublicKey deserializePublicKey = deserializePublicKey(bArr, keyFactory);
            BcPEMDecryptorProvider bcPEMDecryptorProvider = new BcPEMDecryptorProvider(cArr);
            Object readObject = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr2))).readObject();
            if (!(readObject instanceof PEMEncryptedKeyPair)) {
                throw new InternalErrorException("Error parsing encrypted asymmetric key. Stored private key isn't an Encrypted Key");
            }
            return new KeyPair(deserializePublicKey, new JcaPEMKeyConverter().getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(bcPEMDecryptorProvider).getPrivateKeyInfo()));
        } catch (Exception e) {
            if (e instanceof InternalErrorException) {
                throw ((InternalErrorException) e);
            }
            throw new InternalErrorException("Internal error decoding asymmetric key data (Check protect passphrase): " + e.getMessage(), e);
        }
    }

    public static KeyPair deserializeBTCPayServerKeyPair(byte[] bArr, char[] cArr, KeyFactory keyFactory, String str) throws InternalErrorException {
        try {
            BcPEMDecryptorProvider bcPEMDecryptorProvider = new BcPEMDecryptorProvider(cArr);
            Object readObject = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr))).readObject();
            if (!(readObject instanceof PEMEncryptedKeyPair)) {
                throw new InternalErrorException("Error parsing encrypted btc pay server token access key. Stored private key isn't an Encrypted Key");
            }
            ECPrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey(((PEMEncryptedKeyPair) readObject).decryptKeyPair(bcPEMDecryptorProvider).getPrivateKeyInfo());
            if (!(privateKey instanceof java.security.interfaces.ECPrivateKey)) {
                throw new InternalErrorException("Invalid key type when parsing encrypted btc pay server token access key. Stored private key isn't an EC key.");
            }
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
            return new KeyPair(keyFactory.generatePublic(new ECPublicKeySpec(parameterSpec.getG().multiply(privateKey.getD()), parameterSpec)), privateKey);
        } catch (Exception e) {
            if (e instanceof InternalErrorException) {
                throw ((InternalErrorException) e);
            }
            throw new InternalErrorException("Internal error decoding btc pay server token access key data (Check protect passphrase): " + e.getMessage(), e);
        }
    }

    public static PublicKey deserializePublicKey(byte[] bArr, KeyFactory keyFactory) throws InternalErrorException {
        try {
            return keyFactory.generatePublic(new X509EncodedKeySpec(parsePEMData(bArr, BEGIN_PUBLIC_KEY_TAG, END_PUBLIC_KEY_TAG)));
        } catch (Exception e) {
            throw new InternalErrorException("Error parsing public key: " + e.getMessage(), e);
        }
    }

    public static String genKeyId(byte[] bArr) throws InternalErrorException {
        return HexUtils.encodeHexString(DigestUtils.sha256(bArr)).substring(0, 16);
    }

    private static String getHeader(byte[] bArr) throws InternalErrorException {
        try {
            return ((ID_TAG + genKeyId(bArr) + "\n") + GENERATED_TAG + dateFormat.format(new Date()) + "\n") + HOSTNAME_TAG + InetAddress.getLocalHost().getHostName() + "\n";
        } catch (UnknownHostException e) {
            throw new InternalErrorException("Problem finding local hostname when serializing key: " + e.getMessage(), e);
        }
    }

    private static byte[] parsePEMData(byte[] bArr, String str, String str2) throws UnsupportedEncodingException {
        boolean z = false;
        String str3 = "";
        for (String str4 : new String(bArr, "UTF-8").split("\n")) {
            if (str4.startsWith(str)) {
                z = true;
            } else {
                if (str4.startsWith(str2)) {
                    break;
                }
                if (z) {
                    str3 = str3 + str4;
                }
            }
        }
        return Base64.getDecoder().decode(str3);
    }

    private static byte[] encryptSymmetricKey(Key key, char[] cArr) throws InternalErrorException {
        if (cArr == null || cArr.length == 0) {
            throw new InternalErrorException("Error encrypting symmetric key, no protect pass phrase defined.");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            byte[] generateSeed = secureRandom.generateSeed(32);
            byte[] generateSeed2 = secureRandom.generateSeed(GCM_IV_NONCE_BYTES);
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(PBKDF2_SCHEME).generateSecret(new PBEKeySpec(cArr, generateSeed, PBKDF2_ITERATIONS, AES_KEY_LENGTH_BITS)).getEncoded(), ENC_CIPHER);
            Cipher cipher = Cipher.getInstance(WRAP_CIPHERSCHEME);
            cipher.init(3, secretKeySpec, new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE, generateSeed2));
            dataOutputStream.write(generateSeed);
            dataOutputStream.write(generateSeed2);
            byte[] wrap = cipher.wrap(key);
            dataOutputStream.writeInt(wrap.length);
            dataOutputStream.write(wrap);
            dataOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new InternalErrorException("Internal error encrypting secret key: " + e.getMessage(), e);
        }
    }

    private static Key decryptSymmetricKey(byte[] bArr, char[] cArr) throws InternalErrorException {
        try {
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            byte[] bArr2 = new byte[32];
            dataInputStream.read(bArr2);
            byte[] bArr3 = new byte[GCM_IV_NONCE_BYTES];
            dataInputStream.read(bArr3);
            byte[] bArr4 = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr4);
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(PBKDF2_SCHEME).generateSecret(new PBEKeySpec(cArr, bArr2, PBKDF2_ITERATIONS, AES_KEY_LENGTH_BITS)).getEncoded(), ENC_CIPHER);
            Cipher cipher = Cipher.getInstance(WRAP_CIPHERSCHEME);
            cipher.init(4, secretKeySpec, new GCMParameterSpec(GCM_AUTHENTICATION_TAG_SIZE, bArr3));
            return cipher.unwrap(bArr4, ENC_CIPHER, 3);
        } catch (Exception e) {
            throw new InternalErrorException("Internal error encrypting secret key, (check passphrase) : " + e.getMessage(), e);
        }
    }
}
