package org.jruby.ext.openssl;

import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.jruby.Ruby;
import org.jruby.RubyBoolean;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.impl.CipherSpec;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/PKey.class */
public abstract class PKey extends RubyObject {
    private static final long serialVersionUID = 6114668087816965720L;

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/PKey$PKeyModule.class */
    public static class PKeyModule {
        @JRubyMethod(name = {"read"}, meta = true, required = 1, optional = 1)
        public static IRubyObject read(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject[] iRubyObjectArr) {
            IRubyObject iRubyObject2;
            char[] charArray;
            Ruby ruby = threadContext.runtime;
            switch (iRubyObjectArr.length) {
                case 1:
                    iRubyObject2 = iRubyObjectArr[0];
                    charArray = null;
                    break;
                default:
                    iRubyObject2 = iRubyObjectArr[0];
                    charArray = iRubyObjectArr[1].isNil() ? null : iRubyObjectArr[1].toString().toCharArray();
                    break;
            }
            RubyString readInitArg = PKey.readInitArg(threadContext, iRubyObject2);
            Object obj = null;
            try {
                obj = PKey.readPrivateKey(readInitArg, charArray);
            } catch (IOException e) {
            }
            if (obj != null) {
                KeyPair keyPair = (KeyPair) obj;
                String algorithm = getAlgorithm(keyPair);
                if ("RSA".equals(algorithm)) {
                    return new PKeyRSA(ruby, PKey._PKey(ruby).getClass("RSA"), (RSAPrivateCrtKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
                }
                if (ASN1Registry.SN_dsa.equals(algorithm)) {
                    return new PKeyDSA(ruby, PKey._PKey(ruby).getClass(ASN1Registry.SN_dsa), (DSAPrivateKey) keyPair.getPrivate(), (DSAPublicKey) keyPair.getPublic());
                }
                if ("ECDSA".equals(algorithm)) {
                    return new PKeyEC(ruby, PKey._PKey(ruby).getClass("EC"), keyPair.getPrivate(), keyPair.getPublic());
                }
            }
            PublicKey publicKey = null;
            try {
                publicKey = PEMInputOutput.readRSAPublicKey(new StringReader(readInitArg.toString()), (char[]) null);
                return new PKeyRSA(ruby, (RSAPublicKey) publicKey);
            } catch (IOException e2) {
                try {
                    publicKey = PEMInputOutput.readDSAPublicKey(new StringReader(readInitArg.toString()), (char[]) null);
                    return new PKeyDSA(ruby, (DSAPublicKey) publicKey);
                } catch (IOException e3) {
                    try {
                        publicKey = org.jruby.ext.openssl.impl.PKey.readPublicKey(StringHelper.readX509PEM(threadContext, readInitArg));
                    } catch (IOException | GeneralSecurityException e4) {
                    }
                    if (publicKey == null) {
                        try {
                            publicKey = PEMInputOutput.readPubKey(new StringReader(readInitArg.toString()));
                        } catch (IOException e5) {
                        }
                    }
                    if (publicKey != null) {
                        if ("RSA".equals(publicKey.getAlgorithm())) {
                            return new PKeyRSA(ruby, (RSAPublicKey) publicKey);
                        }
                        if (ASN1Registry.SN_dsa.equals(publicKey.getAlgorithm())) {
                            return new PKeyDSA(ruby, (DSAPublicKey) publicKey);
                        }
                        if ("ECDSA".equals(publicKey.getAlgorithm())) {
                            return new PKeyEC(ruby, publicKey);
                        }
                    }
                    throw ruby.newArgumentError("Could not parse PKey");
                }
            }
        }

        private static String getAlgorithm(KeyPair keyPair) {
            if (keyPair.getPrivate() != null) {
                return keyPair.getPrivate().getAlgorithm();
            }
            if (keyPair.getPublic() != null) {
                return keyPair.getPublic().getAlgorithm();
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void createPKey(Ruby ruby, RubyModule rubyModule, RubyClass rubyClass) {
        RubyModule defineModuleUnder = rubyModule.defineModuleUnder("PKey");
        defineModuleUnder.defineAnnotatedMethods(PKeyModule.class);
        RubyClass defineClassUnder = defineModuleUnder.defineClassUnder("PKey", ruby.getObject(), ObjectAllocator.NOT_ALLOCATABLE_ALLOCATOR);
        RubyClass defineClassUnder2 = defineModuleUnder.defineClassUnder("PKeyError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(PKey.class);
        PKeyRSA.createPKeyRSA(ruby, defineModuleUnder, defineClassUnder, defineClassUnder2);
        PKeyDSA.createPKeyDSA(ruby, defineModuleUnder, defineClassUnder, defineClassUnder2);
        PKeyDH.createPKeyDH(ruby, defineModuleUnder, defineClassUnder, defineClassUnder2);
        PKeyEC.createPKeyEC(ruby, defineModuleUnder, defineClassUnder, rubyClass);
    }

    public static RaiseException newPKeyError(Ruby ruby, String str) {
        return Utils.newError(ruby, _PKey(ruby).getConstantAt("PKeyError"), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyModule _PKey(Ruby ruby) {
        return ruby.getModule("OpenSSL").getConstantAt("PKey");
    }

    public PKey(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
    }

    @JRubyMethod(visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext) {
        return this;
    }

    public abstract PublicKey getPublicKey();

    public abstract PrivateKey getPrivateKey();

    public String getAlgorithm() {
        return "NONE";
    }

    public boolean isPrivateKey() {
        return getPrivateKey() != null;
    }

    public abstract RubyString to_der();

    public abstract RubyString to_pem(ThreadContext threadContext, IRubyObject[] iRubyObjectArr);

    @Deprecated
    public RubyString to_pem(IRubyObject[] iRubyObjectArr) {
        return to_pem(getRuntime().getCurrentContext(), iRubyObjectArr);
    }

    @Deprecated
    public RubyString export(IRubyObject[] iRubyObjectArr) {
        return to_pem(getRuntime().getCurrentContext(), iRubyObjectArr);
    }

    @JRubyMethod(name = {"sign"})
    public IRubyObject sign(IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        Ruby runtime = getRuntime();
        if (!isPrivateKey()) {
            throw runtime.newArgumentError("Private key is needed.");
        }
        try {
            return RubyString.newString(runtime, sign((iRubyObject instanceof Digest ? ((Digest) iRubyObject).getShortAlgorithm() : iRubyObject.asJavaString()) + "WITH" + getAlgorithm(), getPrivateKey(), iRubyObject2.convertToString().getByteList()));
        } catch (GeneralSecurityException e) {
            throw newPKeyError(runtime, e.getMessage());
        }
    }

    public ASN1Primitive toASN1PublicInfo() throws IOException {
        ASN1Primitive readObject = new ASN1InputStream(to_der().getBytes()).readObject();
        return readObject instanceof ASN1Sequence ? ((ASN1Sequence) readObject).getObjectAt(1).toASN1Primitive() : readObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ByteList sign(String str, PrivateKey privateKey, ByteList byteList) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = SecurityHelper.getSignature(str);
        signature.initSign(privateKey);
        signature.update(byteList.getUnsafeBytes(), byteList.getBegin(), byteList.getRealSize());
        return new ByteList(signature.sign(), false);
    }

    @JRubyMethod(name = {"verify"})
    public IRubyObject verify(IRubyObject iRubyObject, IRubyObject iRubyObject2, IRubyObject iRubyObject3) {
        Ruby runtime = getRuntime();
        ByteList byteList = convertToString(runtime, iRubyObject2, "OpenSSL::PKey::PKeyError", "invalid signature").getByteList();
        ByteList byteList2 = convertToString(runtime, iRubyObject3, "OpenSSL::PKey::PKeyError", "invalid data").getByteList();
        String str = (iRubyObject instanceof Digest ? ((Digest) iRubyObject).getShortAlgorithm() : iRubyObject.asJavaString()) + "WITH" + getAlgorithm();
        try {
            return runtime.newBoolean(verify(str, getPublicKey(), byteList2, byteList));
        } catch (InvalidKeyException e) {
            throw newPKeyError(runtime, "invalid key");
        } catch (NoSuchAlgorithmException e2) {
            throw newPKeyError(runtime, "unsupported algorithm: " + str);
        } catch (SignatureException e3) {
            throw newPKeyError(runtime, "invalid signature");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyString convertToString(Ruby ruby, IRubyObject iRubyObject, String str, CharSequence charSequence) {
        try {
            return iRubyObject.convertToString();
        } catch (RaiseException e) {
            throw Utils.newError(ruby, ruby.getClassFromPath(str), charSequence == null ? null : charSequence.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean verify(String str, PublicKey publicKey, ByteList byteList, ByteList byteList2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = SecurityHelper.getSignature(str);
        signature.initVerify(publicKey);
        signature.update(byteList.getUnsafeBytes(), byteList.getBegin(), byteList.getRealSize());
        return signature.verify(byteList2.getUnsafeBytes(), byteList2.getBegin(), byteList2.getRealSize());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecureRandom getSecureRandom(Ruby ruby) {
        return OpenSSL.getSecureRandom(ruby);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKey tryPKCS8EncodedKey(Ruby ruby, KeyFactory keyFactory, byte[] bArr) {
        try {
            return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (RuntimeException e) {
            if (!isKeyGenerationFailure(e)) {
                OpenSSL.debugStackTrace(ruby, e);
                return null;
            }
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (PKCS8) private key", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (PKCS8) private key", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isKeyGenerationFailure(RuntimeException runtimeException) {
        String message;
        return (runtimeException instanceof ClassCastException) && (message = runtimeException.getMessage()) != null && message.contains("DLSequence cannot be cast to");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PublicKey tryX509EncodedKey(Ruby ruby, KeyFactory keyFactory, byte[] bArr) {
        try {
            return keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
        } catch (RuntimeException e) {
            if (!isKeyGenerationFailure(e)) {
                OpenSSL.debugStackTrace(ruby, e);
                return null;
            }
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (X509) public key", e);
            return null;
        } catch (InvalidKeySpecException e2) {
            if (!OpenSSL.isDebug(ruby)) {
                return null;
            }
            OpenSSL.debug(ruby, getClass().getSimpleName() + " could not generate (X509) public key", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void addSplittedAndFormatted(StringBuilder sb, BigInteger bigInteger) {
        String bigInteger2 = bigInteger.toString(16);
        if (bigInteger2.length() % 2 != 0) {
            bigInteger2 = "0" + bigInteger2;
        }
        String str = "";
        for (int i = 0; i < bigInteger2.length(); i += 2) {
            sb.append(str);
            if (i % 30 == 0) {
                sb.append("\n    ");
            }
            sb.append(bigInteger2.substring(i, i + 2));
            str = ":";
        }
        sb.append("\n");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CipherSpec cipherSpec(IRubyObject iRubyObject) {
        if (iRubyObject == null || iRubyObject.isNil()) {
            return null;
        }
        Cipher cipher = (Cipher) iRubyObject;
        return new CipherSpec(cipher.getCipherInstance(), cipher.getName(), cipher.getKeyLength() * 8);
    }

    @Deprecated
    protected static char[] password(IRubyObject iRubyObject) {
        if (iRubyObject == null || iRubyObject.isNil()) {
            return null;
        }
        return iRubyObject.toString().toCharArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static char[] password(ThreadContext threadContext, IRubyObject iRubyObject, Block block) {
        if (iRubyObject != null && !iRubyObject.isNil()) {
            return iRubyObject.toString().toCharArray();
        }
        if (block == null || !block.isGiven()) {
            return null;
        }
        return password(threadContext, block.call(threadContext), null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static char[] passwordPrompt(ThreadContext threadContext) {
        return passwordPrompt(threadContext, "Enter PEM pass phrase:");
    }

    protected static char[] passwordPrompt(ThreadContext threadContext, String str) {
        RubyModule kernel = threadContext.runtime.getKernel();
        kernel.callMethod("print", new IRubyObject[]{threadContext.runtime.newString(str)});
        RubyString convertToString = kernel.callMethod(threadContext, "gets").convertToString();
        convertToString.chomp_bang(threadContext);
        return convertToString.decodeString().toCharArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean ttySTDIN(ThreadContext threadContext) {
        IRubyObject iRubyObject = threadContext.runtime.getGlobalVariables().get("$stdin");
        if (iRubyObject == null || iRubyObject.isNil()) {
            return false;
        }
        try {
            RubyBoolean callMethod = iRubyObject.callMethod(threadContext, "tty?");
            if (!callMethod.isNil()) {
                if (callMethod != threadContext.runtime.getFalse()) {
                    return true;
                }
            }
            return false;
        } catch (RaiseException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Object readPrivateKey(String str, char[] cArr) throws PEMInputOutput.PasswordRequiredException, IOException {
        return PEMInputOutput.readPrivateKey(new StringReader(str), cArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Object readPrivateKey(RubyString rubyString, char[] cArr) throws PEMInputOutput.PasswordRequiredException, IOException {
        return readPrivateKey(rubyString.toString(), cArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RubyString readInitArg(ThreadContext threadContext, IRubyObject iRubyObject) {
        return StringHelper.readPossibleDERInput(threadContext, iRubyObject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void supportedSignatureAlgorithm(Ruby ruby, RubyClass rubyClass, PKey pKey, Digest digest) {
        String algorithm = pKey.getAlgorithm();
        String shortAlgorithm = digest.getShortAlgorithm();
        if ((ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(shortAlgorithm)) || ("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(digest.name().toString()))) {
            throw Utils.newError(ruby, rubyClass, "unsupported key / digest algorithm ( " + algorithm + " / " + shortAlgorithm + " )");
        }
    }

    static void supportedSignatureAlgorithm(Ruby ruby, PKey pKey, Digest digest) {
        supportedSignatureAlgorithm(ruby, OpenSSL._OpenSSLError(ruby), pKey, digest);
    }
}
