package org.keycloak.adapters.saml.config;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PemException;

/* loaded from: input_file:org/keycloak/adapters/saml/config/PemUtils.class */
public class PemUtils {
    private static final Logger log = Logger.getLogger(PemUtils.class);

    public static X509Certificate decodeCertificate(String str) {
        if (str == null) {
            return null;
        }
        try {
            return decodeCertificate(new ByteArrayInputStream(pemToDer(str)));
        } catch (Exception e) {
            throw new PemException(e);
        }
    }

    public static PublicKey decodePublicKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            return decodePublicKey(pemToDer(str), "RSA");
        } catch (Exception e) {
            throw new PemException(e);
        }
    }

    public static PrivateKey decodePrivateKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            return decodePrivateKey(pemToDer(str));
        } catch (Exception e) {
            throw new PemException(e);
        }
    }

    private static byte[] pemToDer(String str) {
        try {
            return Base64.decode(removeBeginEnd(str));
        } catch (IOException e) {
            throw new PemException(e);
        }
    }

    private static String removeBeginEnd(String str) {
        return str.replaceAll("-----BEGIN (.*)-----", "").replaceAll("-----END (.*)----", "").replaceAll("\r\n", "").replaceAll("\n", "").trim();
    }

    private static PrivateKey decodePrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance("RSA", "BC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static X509Certificate decodeCertificate(InputStream inputStream) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inputStream);
        inputStream.close();
        return x509Certificate;
    }

    private static PublicKey decodePublicKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance("RSA", "BC").generatePublic(new X509EncodedKeySpec(bArr));
    }

    static {
        BouncyCastleProvider provider = Security.getProvider("BC");
        BouncyCastleProvider bouncyCastleProvider = provider == null ? new BouncyCastleProvider() : provider;
        if (provider != null) {
            log.debugv("Security provider {0} already loaded", bouncyCastleProvider.getClass().getName());
        } else {
            Security.addProvider(bouncyCastleProvider);
            log.debugv("Loaded {0} security provider", bouncyCastleProvider.getClass().getName());
        }
    }
}
