package oracle.net.nt;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import oracle.jdbc.diagnostics.CommonDiagnosable;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.net.ns.NetException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/net/nt/PEMKeyStore.class */
public class PEMKeyStore implements Diagnosable {
    private static final String CLASS_NAME = PEMKeyStore.class.getName();
    private static final Pattern CERTIFICATE_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----", 32);
    private static final Pattern PRIVATE_KEY_PATTERN = Pattern.compile("-----BEGIN (?:ENCRYPTED |)PRIVATE KEY-----(.*?)-----END (?:ENCRYPTED |)PRIVATE KEY-----", 32);
    private static final Pattern CLEAR_PRIVATE_KEY_PATTERN = Pattern.compile("-----BEGIN PRIVATE KEY-----(.*?)-----END PRIVATE KEY-----", 32);
    private static final Pattern ENCRYPTED_PRIVATE_KEY_PATTERN = Pattern.compile("-----BEGIN ENCRYPTED PRIVATE KEY-----(.*?)-----END ENCRYPTED PRIVATE KEY-----", 32);
    private static final String PEM_CERTIFICATE_TYPE = "X.509";
    private final SSLConfig config;
    private final KeyStore keyStore;
    private int privateKeyCount;
    private char[] pwd;
    private final List<Certificate> trustCertificates = new LinkedList();
    private final List<Certificate> chainedCertificates = new LinkedList();
    private PrivateKey privateKey;
    private final boolean isTrustStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PEMKeyStore(SSLConfig sSLConfig, KeyStore keyStore, boolean z) throws Exception {
        this.isTrustStore = z;
        this.config = sSLConfig;
        this.keyStore = keyStore;
        loadKeyStore(content(z ? sSLConfig.getTrustStore() : sSLConfig.getKeyStore()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PEMKeyStore(SSLConfig sSLConfig, KeyStore keyStore, String str, boolean z) throws Exception {
        this.isTrustStore = z;
        this.config = sSLConfig;
        this.keyStore = keyStore;
        loadKeyStore(str);
    }

    KeyStore getKeyStore() {
        return this.keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPrivateKeyCount() {
        return this.privateKeyCount;
    }

    private void loadKeyStore(String str) throws NetException {
        this.pwd = this.isTrustStore ? this.config.getTrustStorePassword().getChars() : this.config.getKeyStorePassword().getChars();
        try {
            try {
                ArrayList arrayList = new ArrayList();
                Matcher matcher = CERTIFICATE_PATTERN.matcher(str);
                while (matcher.find()) {
                    arrayList.add(matcher.group(1).replace("\n", "").trim());
                }
                if (arrayList.isEmpty()) {
                    debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "loadKeyStore", "No certificate found in the PEM keystore.", null, null);
                    throw new NetException(NetException.PEM_NO_CERTIFICATE_FOUND);
                }
                debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "loadKeyStore", "{0} certificate(s) found in the PEM keystore.", (String) null, (String) null, Integer.valueOf(arrayList.size()));
                this.privateKey = getPrivateKey(str);
                initCertificates(arrayList);
                debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "loadKeyStore", "Found {0} certificate(s) corresponding to the private key. Found {1} trust certificate(s).", null, null, Integer.valueOf(this.chainedCertificates.size()), Integer.valueOf(this.trustCertificates.size()));
                this.keyStore.load(null, this.pwd);
                if (this.privateKey != null) {
                    this.keyStore.setKeyEntry("key", this.privateKey, this.pwd, (Certificate[]) this.chainedCertificates.toArray(new Certificate[0]));
                }
                for (int i = 0; i < this.trustCertificates.size(); i++) {
                    this.keyStore.setCertificateEntry("oratc" + i, this.trustCertificates.get(i));
                }
            } catch (NetException e) {
                throw e;
            } catch (Exception e2) {
                throw ((NetException) new NetException(NetException.PEM_PARSE_FAILURE).initCause(e2));
            }
        } finally {
            CustomSSLSocketFactory.clearPwd(this.pwd);
        }
    }

    private PrivateKey getPrivateKey(String str) throws Exception {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec;
        int pemPrivateKeyIndex = this.config.getPemPrivateKeyIndex();
        Matcher matcher = PRIVATE_KEY_PATTERN.matcher(str);
        String str2 = null;
        this.privateKeyCount = 0;
        while (matcher.find()) {
            this.privateKeyCount++;
            if (this.privateKeyCount == pemPrivateKeyIndex) {
                str2 = matcher.group().trim();
            }
        }
        debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "getPrivateKey", "Found {0} private keys from the PEM KeyStore. Index to be selected is {1}", null, null, Integer.valueOf(this.privateKeyCount), Integer.valueOf(pemPrivateKeyIndex));
        if (this.privateKeyCount == 0) {
            return null;
        }
        if (str2 == null) {
            throw new NetException(NetException.INVALID_PEM_PRIVATE_KEY_INDEX);
        }
        Matcher matcher2 = ENCRYPTED_PRIVATE_KEY_PATTERN.matcher(str2);
        if (matcher2.find()) {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(decode(matcher2.group(1).replace("\n", "").trim()));
            pKCS8EncodedKeySpec = encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(this.pwd)));
        } else {
            Matcher matcher3 = CLEAR_PRIVATE_KEY_PATTERN.matcher(str2);
            if (!matcher3.find()) {
                return null;
            }
            pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode(matcher3.group(1).replace("\n", "").trim()));
        }
        return KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec);
    }

    private void initCertificates(List<String> list) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (this.privateKey == null) {
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initCertificates", "No private key found. Might have only trust certificates.", null, null);
            for (int i = 0; i < list.size(); i++) {
                this.trustCertificates.add(certificateFactory.generateCertificate(new ByteArrayInputStream(decode(list.get(i)))));
            }
            return;
        }
        int i2 = 0;
        Certificate certificate = null;
        BigInteger modulus = ((RSAPrivateKey) this.privateKey).getModulus();
        while (true) {
            if (i2 >= list.size()) {
                break;
            }
            int i3 = i2;
            i2++;
            Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(decode(list.get(i3))));
            BigInteger modulus2 = ((RSAPublicKey) generateCertificate.getPublicKey()).getModulus();
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initCertificates", "Found Certificate {0}", (String) null, (String) null, generateCertificate);
            if (modulus2.equals(modulus)) {
                certificate = generateCertificate;
                this.chainedCertificates.add(generateCertificate);
                break;
            }
            this.trustCertificates.add(generateCertificate);
        }
        while (i2 < list.size()) {
            int i4 = i2;
            i2++;
            Certificate generateCertificate2 = certificateFactory.generateCertificate(new ByteArrayInputStream(decode(list.get(i4))));
            debug(Level.FINE, SecurityLabel.UNKNOWN, CLASS_NAME, "initCertificates", "Found Certificate {0}", (String) null, (String) null, generateCertificate2);
            if (!isCertificateInChain(certificate, generateCertificate2) || isSelfSigned(generateCertificate2)) {
                this.trustCertificates.add(generateCertificate2);
            } else {
                certificate = generateCertificate2;
                this.chainedCertificates.add(generateCertificate2);
            }
        }
    }

    private boolean isCertificateInChain(Certificate certificate, Certificate certificate2) {
        try {
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean isSelfSigned(Certificate certificate) {
        try {
            certificate.verify(certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private String content(String str) throws NetException {
        try {
            return new String(Files.readAllBytes(Paths.get(str, new String[0])), StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw ((NetException) new NetException(NetException.UNABLE_TO_PARSE_WALLET_LOCATION).initCause(e));
        }
    }

    private byte[] decode(String str) {
        return Base64.getDecoder().decode(str);
    }

    @Override // oracle.jdbc.diagnostics.Diagnosable
    public Diagnosable getDiagnosable() {
        return this.config.diagnosable == null ? CommonDiagnosable.getInstance() : this.config.diagnosable;
    }
}
