package org.apache.karaf.shell.ssh.keygenerator;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/karaf/shell/ssh/keygenerator/KeyPairLoader.class */
public final class KeyPairLoader {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyPairLoader.class);

    private KeyPairLoader() {
    }

    public static KeyPair getKeyPair(InputStream inputStream) throws GeneralSecurityException, IOException {
        return getKeyPair(inputStream, null);
    }

    public static KeyPair getKeyPair(InputStream inputStream, String str) throws GeneralSecurityException, IOException {
        PrivateKey privateKey;
        PublicKey convertPrivateToPublicKey;
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            if (readObject instanceof PEMEncryptedKeyPair) {
                if (str == null) {
                    throw new GeneralSecurityException("A password must be supplied to read an encrypted key pair");
                }
                readObject = jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())));
            } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                if (str == null) {
                    throw new GeneralSecurityException("A password must be supplied to read an encrypted key pair");
                }
                try {
                    readObject = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray()));
                } catch (OperatorCreationException | PKCSException e) {
                    LOGGER.debug("Error decrypting key pair", e);
                    throw new GeneralSecurityException("Error decrypting key pair", e);
                }
            }
            if (readObject instanceof PEMKeyPair) {
                KeyPair keyPair = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return keyPair;
            }
            if (readObject instanceof KeyPair) {
                KeyPair keyPair2 = (KeyPair) readObject;
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return keyPair2;
            }
            if (!(readObject instanceof PrivateKeyInfo) || (convertPrivateToPublicKey = convertPrivateToPublicKey((privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject)))) == null) {
                throw new GeneralSecurityException("Failed to parse input stream");
            }
            KeyPair keyPair3 = new KeyPair(convertPrivateToPublicKey, privateKey);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return keyPair3;
        } finally {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    pEMParser.close();
                }
            }
        }
    }

    private static PublicKey convertPrivateToPublicKey(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (privateKey instanceof RSAPrivateCrtKey) {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(((RSAPrivateCrtKey) privateKey).getModulus(), ((RSAPrivateCrtKey) privateKey).getPublicExponent()));
        }
        if (privateKey instanceof ECPrivateKey) {
            ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
            ECParameterSpec convertSpec = EC5Util.convertSpec(eCPrivateKey.getParams(), false);
            return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(convertSpec.getG().multiply(eCPrivateKey.getS()), convertSpec));
        }
        if (!(privateKey instanceof DSAPrivateKey)) {
            LOGGER.warn("Unable to convert private key to public key. Only RSA, DSA + ECDSA supported");
            return null;
        }
        DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
        BigInteger q = dSAPrivateKey.getParams().getQ();
        BigInteger p = dSAPrivateKey.getParams().getP();
        return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(q.modPow(dSAPrivateKey.getX(), p), p, q, dSAPrivateKey.getParams().getG()));
    }
}
