package com.oracle.graal.python.builtins.objects.ssl;

import com.oracle.graal.python.builtins.objects.common.HashingStorage;
import com.oracle.graal.python.builtins.objects.common.HashingStorageNodes;
import com.oracle.graal.python.builtins.objects.dict.PDict;
import com.oracle.graal.python.builtins.objects.tuple.PTuple;
import com.oracle.graal.python.nodes.ErrorMessages;
import com.oracle.graal.python.nodes.PConstructAndRaiseNode;
import com.oracle.graal.python.runtime.PythonContext;
import com.oracle.graal.python.runtime.object.PythonObjectFactory;
import com.oracle.graal.python.runtime.object.PythonObjectSlowPathFactory;
import com.oracle.graal.python.util.PythonUtils;
import com.oracle.truffle.api.CompilerDirectives;
import com.oracle.truffle.api.TruffleFile;
import com.oracle.truffle.api.strings.TruffleString;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.LinkOption;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.util.encoders.DecoderException;

/* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/CertUtils.class */
public final class CertUtils {
    public static final BouncyCastleProvider BOUNCYCASTLE_PROVIDER = new BouncyCastleProvider();
    private static final TruffleString T_UNSUPPORTED = PythonUtils.tsLiteral("<unsupported>");
    private static final TruffleString T_OTHERNAME = PythonUtils.tsLiteral("othername");
    private static final TruffleString T_EMAIL = PythonUtils.tsLiteral("email");
    private static final TruffleString T_DNS = PythonUtils.tsLiteral("DNS");
    private static final TruffleString T_X_400_NAME = PythonUtils.tsLiteral("X400Name");
    private static final TruffleString T_DIR_NAME = PythonUtils.tsLiteral("DirName");
    private static final TruffleString T_EDI_PARTY_NAME = PythonUtils.tsLiteral("EdiPartyName");
    private static final TruffleString T_URI = PythonUtils.tsLiteral("URI");
    private static final TruffleString T_IP_ADDRESS = PythonUtils.tsLiteral("IP Address");
    private static final TruffleString T_REGISTERED_ID = PythonUtils.tsLiteral("Registered ID");
    private static final ZoneId zoneId;
    private static final DateTimeFormatter DF;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/CertUtils$DerValue.class */
    public static final class DerValue {
        private static final byte OCTET_STRING = 4;
        private static final byte OBJECT_IDENTIFIER = 6;
        private static final byte SEQUENCE = 16;
        private static final String ERROR_MESSAGE = "Invalid DER encoded data";
        final byte[] data;
        final boolean isContextTag;
        final int contentLen;
        final int contentStart;
        int contentTag;
        static final /* synthetic */ boolean $assertionsDisabled;

        /* JADX INFO: Access modifiers changed from: private */
        @FunctionalInterface
        /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/CertUtils$DerValue$DerSequenceConsumer.class */
        public interface DerSequenceConsumer<A, B> {
            void accept(A a, B b) throws CertificateParsingException;
        }

        DerValue(byte[] bArr) throws CertificateParsingException {
            this(bArr, 0, bArr.length);
        }

        DerValue(byte[] bArr, int i, int i2) throws CertificateParsingException {
            if (i == bArr.length) {
                this.data = bArr;
                this.contentTag = 0;
                this.isContextTag = false;
                this.contentStart = i;
                this.contentLen = 0;
                return;
            }
            if (i >= bArr.length) {
                throw new CertificateParsingException(ERROR_MESSAGE);
            }
            this.data = bArr;
            this.contentTag = bArr[i] & 31;
            this.isContextTag = (bArr[i] & 192) == 128;
            int[] readLength = readLength(bArr, i);
            this.contentStart = readLength[0];
            this.contentLen = readLength[1];
            if (!$assertionsDisabled && this.contentTag == 31) {
                throw new AssertionError("extended tag range not supported");
            }
            if (!$assertionsDisabled && this.contentStart + this.contentLen > i2) {
                throw new AssertionError();
            }
        }

        private static int[] readLength(byte[] bArr, int i) throws CertificateParsingException {
            try {
                int i2 = bArr[i + 1] & 255;
                if (i2 < 128) {
                    return new int[]{i + 2, i2};
                }
                int i3 = i2 - 128;
                if (i3 > 4) {
                    throw new IllegalArgumentException("longer than int-range DER values not supported");
                }
                int i4 = 0;
                for (int i5 = 0; i5 < i3; i5++) {
                    i4 = (i4 << 8) | (bArr[i + 2 + i5] & 255);
                }
                return new int[]{i + 2 + i3, i4};
            } catch (ArrayIndexOutOfBoundsException e) {
                throw new CertificateParsingException(ERROR_MESSAGE);
            }
        }

        byte[] getRawData() {
            return Arrays.copyOfRange(this.data, this.contentStart, this.contentStart + this.contentLen);
        }

        DerValue getObjectIdentifier() throws CertificateParsingException {
            if (this.contentTag != 6) {
                return null;
            }
            return new DerValue(this.data, this.contentStart, this.contentStart + this.contentLen);
        }

        DerValue getContextTag(int i) throws CertificateParsingException {
            if (this.contentTag == i && this.isContextTag) {
                return new DerValue(this.data, this.contentStart, this.contentStart + this.contentLen);
            }
            return null;
        }

        DerValue getOctetString() throws CertificateParsingException {
            if (this.contentTag != 4) {
                return null;
            }
            return new DerValue(this.data, this.contentStart, this.contentStart + this.contentLen);
        }

        DerValue getSequence() throws CertificateParsingException {
            if (this.contentTag != 16) {
                return null;
            }
            return new DerValue(this.data, this.contentStart, this.contentStart + this.contentLen);
        }

        String getGeneralNameURI() {
            if (this.contentTag == 6) {
                return new String(getRawData());
            }
            return null;
        }

        List<DerValue> getSequenceElements() throws CertificateParsingException {
            ArrayList arrayList = new ArrayList();
            iterateSequence((derValue, list) -> {
                arrayList.add(derValue);
            }, arrayList);
            return arrayList;
        }

        <T> void iterateSequence(DerSequenceConsumer<DerValue, T> derSequenceConsumer, T t) throws CertificateParsingException {
            int i = this.contentStart;
            int i2 = this.contentStart + this.contentLen;
            if (getSequence() == null) {
                return;
            }
            int i3 = i;
            while (i3 < i2) {
                DerValue derValue = new DerValue(this.data, i3, i2);
                i3 = derValue.contentStart + derValue.contentLen;
                derSequenceConsumer.accept(derValue, t);
            }
        }

        static {
            $assertionsDisabled = !CertUtils.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/CertUtils$NeedsPasswordException.class */
    public static class NeedsPasswordException extends Exception {
        private static final long serialVersionUID = -5153912585672596522L;

        public NeedsPasswordException() {
            super("Needs password to decrypt private key");
        }
    }

    /* loaded from: input_file:com/oracle/graal/python/builtins/objects/ssl/CertUtils$NoCertificateFoundException.class */
    public static class NoCertificateFoundException extends Exception {
        private static final long serialVersionUID = 5489472143646552420L;

        public NoCertificateFoundException() {
            super("No certificate found");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static boolean isCA(X509Certificate x509Certificate, boolean[] zArr) {
        return (zArr != null && zArr.length > 5 && zArr[5]) || x509Certificate.getBasicConstraints() != -1 || (x509Certificate.getVersion() == 1 && isSelfSigned(x509Certificate));
    }

    @CompilerDirectives.TruffleBoundary
    public static boolean[] getKeyUsage(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage();
    }

    @CompilerDirectives.TruffleBoundary
    public static byte[] getEncoded(X509Certificate x509Certificate) throws CertificateEncodingException {
        return x509Certificate.getEncoded();
    }

    @CompilerDirectives.TruffleBoundary
    static boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static boolean isCrl(boolean[] zArr) {
        return zArr != null && zArr.length > 6 && zArr[6];
    }

    @CompilerDirectives.TruffleBoundary
    public static PDict decodeCertificate(PythonObjectSlowPathFactory pythonObjectSlowPathFactory, X509Certificate x509Certificate) throws CertificateParsingException {
        PDict createDict = pythonObjectSlowPathFactory.createDict();
        try {
            createDict.setDictStorage(setItem(setItem(setItem(setItem(setItem(setItem(setItem(setItem(setItem(setItem(createDict.getDictStorage(), ASN1Helper.T_JAVA_X509_OCSP, parseOCSP(x509Certificate, pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_CA_ISSUERS, parseCAIssuers(x509Certificate, pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_ISSUER, createTupleForX509Name(x509Certificate.getIssuerX500Principal().getName("RFC1779"), pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_NOT_AFTER, getNotAfter(x509Certificate)), ASN1Helper.T_JAVA_X509_NOT_BEFORE, getNotBefore(x509Certificate)), ASN1Helper.T_JAVA_X509_SERIAL_NUMBER, getSerialNumber(x509Certificate)), ASN1Helper.T_JAVA_X509_CRL_DISTRIBUTION_POINTS, parseCRLPoints(x509Certificate, pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_SUBJECT, createTupleForX509Name(x509Certificate.getSubjectX500Principal().getName("RFC1779"), pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_SUBJECT_ALT_NAME, parseSubjectAltName(x509Certificate, pythonObjectSlowPathFactory)), ASN1Helper.T_JAVA_X509_VERSION, Integer.valueOf(getVersion(x509Certificate))));
            return createDict;
        } catch (RuntimeException e) {
            throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL, e);
        }
    }

    private static HashingStorage setItem(HashingStorage hashingStorage, TruffleString truffleString, Object obj) {
        return obj != null ? HashingStorageNodes.HashingStorageSetItem.executeUncached(hashingStorage, truffleString, obj) : hashingStorage;
    }

    @CompilerDirectives.TruffleBoundary
    private static TruffleString getSerialNumber(X509Certificate x509Certificate) {
        String upperCase = x509Certificate.getSerialNumber().toString(16).toUpperCase();
        return PythonUtils.toTruffleStringUncached(upperCase.length() % 2 == 0 ? upperCase : "0" + upperCase);
    }

    @CompilerDirectives.TruffleBoundary
    private static int getVersion(X509Certificate x509Certificate) {
        return x509Certificate.getVersion();
    }

    @CompilerDirectives.TruffleBoundary
    private static TruffleString getNotAfter(X509Certificate x509Certificate) {
        return formatDate(x509Certificate.getNotAfter());
    }

    @CompilerDirectives.TruffleBoundary
    private static TruffleString getNotBefore(X509Certificate x509Certificate) {
        return formatDate(x509Certificate.getNotBefore());
    }

    @CompilerDirectives.TruffleBoundary
    private static TruffleString formatDate(Date date) {
        return PythonUtils.toTruffleStringUncached(ZonedDateTime.ofInstant(date.toInstant(), zoneId).format(DF));
    }

    @CompilerDirectives.TruffleBoundary
    private static PTuple createTupleForX509Name(String str, PythonObjectFactory pythonObjectFactory) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            String[] split = str2.split("=");
            if (split.length == 2) {
                arrayList.add(pythonObjectFactory.createTuple(new Object[]{pythonObjectFactory.createTuple(new Object[]{ASN1Helper.translateKeyToPython(split[0].trim()), PythonUtils.toTruffleStringUncached(split[1].trim())})}));
            }
        }
        Collections.reverse(arrayList);
        return pythonObjectFactory.createTuple(arrayList.toArray(new Object[0]));
    }

    @CompilerDirectives.TruffleBoundary
    private static PTuple parseSubjectAltName(X509Certificate x509Certificate, PythonObjectFactory pythonObjectFactory) throws CertificateParsingException {
        ArrayList arrayList = new ArrayList(16);
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return null;
        }
        for (List<?> list : subjectAlternativeNames) {
            if (list.size() == 2 && (list.get(0) instanceof Integer)) {
                int intValue = ((Integer) list.get(0)).intValue();
                Object obj = list.get(1);
                TruffleString truffleStringUncached = obj instanceof String ? PythonUtils.toTruffleStringUncached((String) obj) : T_UNSUPPORTED;
                switch (intValue) {
                    case 0:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_OTHERNAME, truffleStringUncached}));
                        break;
                    case 1:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_EMAIL, truffleStringUncached}));
                        break;
                    case 2:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_DNS, truffleStringUncached}));
                        break;
                    case 3:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_X_400_NAME, truffleStringUncached}));
                        break;
                    case 4:
                        Object[] objArr = new Object[2];
                        objArr[0] = T_DIR_NAME;
                        objArr[1] = obj instanceof String ? createTupleForX509Name((String) obj, pythonObjectFactory) : pythonObjectFactory.createEmptyTuple();
                        arrayList.add(pythonObjectFactory.createTuple(objArr));
                        break;
                    case 5:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_EDI_PARTY_NAME, truffleStringUncached}));
                        break;
                    case 6:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_URI, truffleStringUncached}));
                        break;
                    case 7:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_IP_ADDRESS, truffleStringUncached}));
                        break;
                    case 8:
                        arrayList.add(pythonObjectFactory.createTuple(new Object[]{T_REGISTERED_ID, truffleStringUncached}));
                        break;
                }
            }
        }
        return pythonObjectFactory.createTuple(arrayList.toArray(new Object[arrayList.size()]));
    }

    @CompilerDirectives.TruffleBoundary
    private static PTuple parseCRLPoints(X509Certificate x509Certificate, PythonObjectFactory pythonObjectFactory) throws CertificateParsingException {
        DerValue octetString;
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null || (octetString = new DerValue(extensionValue).getOctetString()) == null) {
            return null;
        }
        octetString.iterateSequence((derValue, list) -> {
            DerValue contextTag;
            DerValue sequence = derValue.getSequence();
            if (sequence == null || sequence.getContextTag(0) == null || (contextTag = sequence.getContextTag(0)) == null) {
                return;
            }
            contextTag.contentTag = 16;
            contextTag.iterateSequence((derValue, list) -> {
                String generalNameURI = derValue.getGeneralNameURI();
                if (generalNameURI != null) {
                    list.add(PythonUtils.toTruffleStringUncached(generalNameURI));
                }
            }, list);
        }, arrayList);
        if (arrayList.size() > 0) {
            return pythonObjectFactory.createTuple(arrayList.toArray(new Object[arrayList.size()]));
        }
        return null;
    }

    @CompilerDirectives.TruffleBoundary
    private static PTuple parseCAIssuers(X509Certificate x509Certificate, PythonObjectFactory pythonObjectFactory) throws CertificateParsingException {
        DerValue octetString;
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.1");
        if (extensionValue == null || (octetString = new DerValue(extensionValue).getOctetString()) == null) {
            return null;
        }
        octetString.iterateSequence((derValue, list) -> {
            DerValue objectIdentifier;
            String generalNameURI;
            List<DerValue> sequenceElements = derValue.getSequenceElements();
            if (sequenceElements.size() != 2 || (objectIdentifier = sequenceElements.get(0).getObjectIdentifier()) == null || !Arrays.equals(objectIdentifier.getRawData(), ASN1Helper.OID_CA_ISSUERS) || (generalNameURI = sequenceElements.get(1).getGeneralNameURI()) == null) {
                return;
            }
            list.add(PythonUtils.toTruffleStringUncached(generalNameURI));
        }, arrayList);
        if (arrayList.size() > 0) {
            return pythonObjectFactory.createTuple(arrayList.toArray(new Object[arrayList.size()]));
        }
        return null;
    }

    @CompilerDirectives.TruffleBoundary
    private static PTuple parseOCSP(X509Certificate x509Certificate, PythonObjectFactory pythonObjectFactory) throws CertificateParsingException {
        DerValue octetString;
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.1");
        if (extensionValue == null || (octetString = new DerValue(extensionValue).getOctetString()) == null) {
            return null;
        }
        octetString.iterateSequence((derValue, list) -> {
            DerValue objectIdentifier;
            String generalNameURI;
            List<DerValue> sequenceElements = derValue.getSequenceElements();
            if (sequenceElements.size() != 2 || (objectIdentifier = sequenceElements.get(0).getObjectIdentifier()) == null || !Arrays.equals(objectIdentifier.getRawData(), ASN1Helper.OID_OCSP) || (generalNameURI = sequenceElements.get(1).getGeneralNameURI()) == null) {
                return;
            }
            list.add(PythonUtils.toTruffleStringUncached(generalNameURI));
        }, arrayList);
        if (arrayList.size() > 0) {
            return pythonObjectFactory.createTuple(arrayList.toArray(new Object[arrayList.size()]));
        }
        return null;
    }

    @CompilerDirectives.TruffleBoundary
    public static List<Object> loadVerifyLocations(TruffleFile truffleFile, TruffleFile truffleFile2) throws IOException, CertificateException, CRLException, NoCertificateFoundException {
        ArrayList arrayList = new ArrayList();
        if (truffleFile != null) {
            arrayList.add(truffleFile);
        }
        if (truffleFile2 != null && truffleFile2.isDirectory(new LinkOption[0])) {
            arrayList.addAll(truffleFile2.list());
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            BufferedReader newBufferedReader = ((TruffleFile) it.next()).newBufferedReader();
            try {
                List<Object> certificates = getCertificates(newBufferedReader);
                if (certificates.isEmpty()) {
                    throw new NoCertificateFoundException();
                }
                arrayList2.addAll(certificates);
                if (newBufferedReader != null) {
                    newBufferedReader.close();
                }
            } catch (Throwable th) {
                if (newBufferedReader != null) {
                    try {
                        newBufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return arrayList2;
    }

    @CompilerDirectives.TruffleBoundary
    public static List<Object> getCertificates(BufferedReader bufferedReader) throws IOException, CertificateException, CRLException {
        return getCertificates(bufferedReader, false);
    }

    @CompilerDirectives.TruffleBoundary
    public static List<Object> getCertificates(BufferedReader bufferedReader, boolean z) throws IOException, CertificateException, CRLException {
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(bufferedReader);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        while (true) {
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                return arrayList;
            }
            if (readObject instanceof X509CertificateHolder) {
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) readObject).getEncoded())));
            }
            if (!z && (readObject instanceof X509CRLHolder)) {
                arrayList.add(certificateFactory.generateCRL(new ByteArrayInputStream(((X509CRLHolder) readObject).getEncoded())));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static PrivateKey getPrivateKey(PythonContext pythonContext, BufferedReader bufferedReader, char[] cArr, X509Certificate x509Certificate) throws NeedsPasswordException {
        PrivateKeyInfo privateKeyInfo;
        PEMParser pEMParser = new PEMParser(bufferedReader);
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        jcaPEMKeyConverter.setProvider(BOUNCYCASTLE_PROVIDER);
        PrivateKey privateKey = null;
        while (true) {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    break;
                }
                if (readObject instanceof PEMKeyPair) {
                    privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                    break;
                }
                if (readObject instanceof PEMEncryptedKeyPair) {
                    if (cArr == null) {
                        throw new NeedsPasswordException();
                    }
                    JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder();
                    jcePEMDecryptorProviderBuilder.setProvider(BOUNCYCASTLE_PROVIDER);
                    privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(jcePEMDecryptorProviderBuilder.build(cArr)).getPrivateKeyInfo();
                } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                    if (cArr == null) {
                        throw new NeedsPasswordException();
                    }
                    JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
                    jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider(BOUNCYCASTLE_PROVIDER);
                    privateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(cArr));
                } else if (readObject instanceof PrivateKeyInfo) {
                    privateKeyInfo = (PrivateKeyInfo) readObject;
                    break;
                }
            } catch (IOException | DecoderException | OperatorCreationException | PKCSException e) {
                throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.SSL_PEM_LIB, new Object[0]);
            }
        }
        privateKey = jcaPEMKeyConverter.getPrivateKey(privateKeyInfo);
        if (privateKey == null) {
            throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL_PEM_LIB, ErrorMessages.SSL_PEM_LIB, new Object[0]);
        }
        checkPrivateKey(pythonContext, privateKey, x509Certificate.getPublicKey());
        return privateKey;
    }

    private static void checkPrivateKey(PythonContext pythonContext, PrivateKey privateKey, PublicKey publicKey) {
        Signature signature;
        try {
            try {
                signature = Signature.getInstance(String.format("SHA256with%s", privateKey.getAlgorithm()));
            } catch (NoSuchAlgorithmException e) {
                signature = Signature.getInstance(String.format("SHA1with%s", privateKey.getAlgorithm()));
            }
            signature.initSign(privateKey);
            byte[] bArr = new byte[128];
            pythonContext.getSecureRandom().nextBytes(bArr);
            signature.update(bArr);
            byte[] sign = signature.sign();
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (signature.verify(sign)) {
                return;
            }
        } catch (InvalidKeyException | SignatureException e2) {
        } catch (NoSuchAlgorithmException e3) {
            throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_SSL, e3);
        }
        throw PConstructAndRaiseNode.raiseUncachedSSLError(SSLErrorCode.ERROR_KEY_VALUES_MISMATCH, ErrorMessages.KEY_VALUES_MISMATCH, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static Collection<?> generateCertificates(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static String getAlias(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        return md5(x509Certificate.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CompilerDirectives.TruffleBoundary
    public static String getAlias(PrivateKey privateKey) throws NoSuchAlgorithmException {
        return md5(privateKey.getEncoded());
    }

    @CompilerDirectives.TruffleBoundary
    private static String md5(byte[] bArr) throws NoSuchAlgorithmException {
        return new BigInteger(1, MessageDigest.getInstance("md5").digest(bArr)).toString(16);
    }

    static {
        Security.addProvider(BOUNCYCASTLE_PROVIDER);
        zoneId = ZoneId.of("GMT");
        DF = DateTimeFormatter.ofPattern("MMM ppd HH:mm:ss yyyy z");
    }
}
