package com.yahoo.security;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.XECPrivateKeySpec;
import java.security.spec.XECPublicKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Optional;
import javax.crypto.KeyAgreement;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.math.ec.rfc7748.X25519;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/yahoo/security/KeyUtils.class */
public class KeyUtils {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.yahoo.security.KeyUtils$1, reason: invalid class name */
    /* loaded from: input_file:com/yahoo/security/KeyUtils$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$yahoo$security$KeyFormat = new int[KeyFormat.values().length];

        static {
            try {
                $SwitchMap$com$yahoo$security$KeyFormat[KeyFormat.PKCS1.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$yahoo$security$KeyFormat[KeyFormat.PKCS8.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    private KeyUtils() {
    }

    public static KeyPair generateKeypair(KeyAlgorithm keyAlgorithm, int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlgorithm.getAlgorithmName(), (Provider) BouncyCastleProviderHolder.getInstance());
            if (i != -1) {
                keyPairGenerator.initialize(i);
            }
            if (keyAlgorithm.getSpec().isPresent()) {
                keyPairGenerator.initialize(keyAlgorithm.getSpec().get());
            }
            return keyPairGenerator.genKeyPair();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeyPair generateKeypair(KeyAlgorithm keyAlgorithm) {
        return generateKeypair(keyAlgorithm, -1);
    }

    public static PublicKey extractPublicKey(PrivateKey privateKey) {
        String algorithm = privateKey.getAlgorithm();
        try {
            if (algorithm.equals(KeyAlgorithm.RSA.getAlgorithmName())) {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
                return createKeyFactory(KeyAlgorithm.RSA).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
            }
            if (!algorithm.equals(KeyAlgorithm.EC.getAlgorithmName())) {
                throw new IllegalArgumentException("Unexpected key algorithm: " + algorithm);
            }
            KeyFactory createKeyFactory = createKeyFactory(KeyAlgorithm.EC);
            BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) privateKey;
            ECParameterSpec parameters = bCECPrivateKey.getParameters();
            return createKeyFactory.generatePublic(new ECPublicKeySpec(new FixedPointCombMultiplier().multiply(parameters.getG(), bCECPrivateKey.getD()), parameters));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeyPair toKeyPair(PrivateKey privateKey) {
        return new KeyPair(extractPublicKey(privateKey), privateKey);
    }

    public static KeyPair keyPairFromPemEncodedPrivateKey(String str) {
        return toKeyPair(fromPemEncodedPrivateKey(str));
    }

    public static PrivateKey fromPemEncodedPrivateKey(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                ArrayList arrayList = new ArrayList();
                while (true) {
                    Object readObject = pEMParser.readObject();
                    if (readObject == null) {
                        throw new IllegalArgumentException("Expected a private key, but found " + arrayList.toString());
                    }
                    if (readObject instanceof PrivateKeyInfo) {
                        PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) readObject;
                        PrivateKey generatePrivate = createKeyFactory(privateKeyInfo.getPrivateKeyAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
                        pEMParser.close();
                        return generatePrivate;
                    }
                    if (readObject instanceof PEMKeyPair) {
                        PrivateKeyInfo privateKeyInfo2 = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                        PrivateKey generatePrivate2 = createKeyFactory(privateKeyInfo2.getPrivateKeyAlgorithm()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo2.getEncoded()));
                        pEMParser.close();
                        return generatePrivate2;
                    }
                    arrayList.add(readObject);
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0053, code lost:
    
        r0 = createKeyFactory(r10.getAlgorithm()).generatePublic(new java.security.spec.X509EncodedKeySpec(r10.getEncoded()));
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x006d, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0072, code lost:
    
        return r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.PublicKey fromPemEncodedPublicKey(java.lang.String r6) {
        /*
            org.bouncycastle.openssl.PEMParser r0 = new org.bouncycastle.openssl.PEMParser     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1 = r0
            java.io.StringReader r2 = new java.io.StringReader     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r3 = r2
            r4 = r6
            r3.<init>(r4)     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1.<init>(r2)     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r7 = r0
            java.util.ArrayList r0 = new java.util.ArrayList     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1 = r0
            r1.<init>()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r8 = r0
        L18:
            r0 = r7
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1 = r0
            r9 = r1
            if (r0 == 0) goto L73
            r0 = r9
            boolean r0 = r0 instanceof org.bouncycastle.asn1.x509.SubjectPublicKeyInfo     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            if (r0 == 0) goto L31
            r0 = r9
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r0 = (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) r0     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r10 = r0
            goto L53
        L31:
            r0 = r9
            boolean r0 = r0 instanceof org.bouncycastle.openssl.PEMKeyPair     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            if (r0 == 0) goto L48
            r0 = r9
            org.bouncycastle.openssl.PEMKeyPair r0 = (org.bouncycastle.openssl.PEMKeyPair) r0     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r11 = r0
            r0 = r11
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r0 = r0.getPublicKeyInfo()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r10 = r0
            goto L53
        L48:
            r0 = r8
            r1 = r9
            boolean r0 = r0.add(r1)     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            goto L18
        L53:
            r0 = r10
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r0 = r0.getAlgorithm()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            java.security.KeyFactory r0 = createKeyFactory(r0)     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            java.security.spec.X509EncodedKeySpec r1 = new java.security.spec.X509EncodedKeySpec     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r2 = r1
            r3 = r10
            byte[] r3 = r3.getEncoded()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r2.<init>(r3)     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            java.security.PublicKey r0 = r0.generatePublic(r1)     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r11 = r0
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r0 = r11
            return r0
        L73:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1 = r0
            r2 = r8
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            java.lang.String r2 = "Expected a public key, but found " + r2     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            throw r0     // Catch: java.lang.Throwable -> L84 java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
        L84:
            r8 = move-exception
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L8c java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
            goto L92
        L8c:
            r9 = move-exception
            r0 = r8
            r1 = r9
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
        L92:
            r0 = r8
            throw r0     // Catch: java.io.IOException -> L94 java.security.GeneralSecurityException -> L9e
        L94:
            r7 = move-exception
            java.io.UncheckedIOException r0 = new java.io.UncheckedIOException
            r1 = r0
            r2 = r7
            r1.<init>(r2)
            throw r0
        L9e:
            r7 = move-exception
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            r1 = r0
            r2 = r7
            r1.<init>(r2)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yahoo.security.KeyUtils.fromPemEncodedPublicKey(java.lang.String):java.security.PublicKey");
    }

    public static String toPem(PrivateKey privateKey) {
        return toPem(privateKey, KeyFormat.PKCS1);
    }

    public static String toPem(PrivateKey privateKey, KeyFormat keyFormat) {
        switch (AnonymousClass1.$SwitchMap$com$yahoo$security$KeyFormat[keyFormat.ordinal()]) {
            case SealedSharedKey.CURRENT_TOKEN_VERSION /* 1 */:
                return toPkcs1Pem(privateKey);
            case 2:
                return toPkcs8Pem(privateKey);
            default:
                throw new IllegalArgumentException("Unknown format: " + keyFormat);
        }
    }

    public static String toPem(PublicKey publicKey) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(publicKey);
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } catch (Throwable th) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static String toPkcs1Pem(PrivateKey privateKey) {
        String str;
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    String algorithm = privateKey.getAlgorithm();
                    if (algorithm.equals(KeyAlgorithm.RSA.getAlgorithmName())) {
                        str = "RSA PRIVATE KEY";
                    } else {
                        if (!algorithm.equals(KeyAlgorithm.EC.getAlgorithmName())) {
                            throw new IllegalArgumentException("Unexpected key algorithm: " + algorithm);
                        }
                        str = "EC PRIVATE KEY";
                    }
                    jcaPEMWriter.writeObject(new PemObject(str, getPkcs1Bytes(privateKey)));
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } catch (Throwable th) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static String toPkcs8Pem(PrivateKey privateKey) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(new PemObject("PRIVATE KEY", privateKey.getEncoded()));
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } catch (Throwable th) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static byte[] getPkcs1Bytes(PrivateKey privateKey) throws IOException {
        return PrivateKeyInfo.getInstance(privateKey.getEncoded()).parsePrivateKey().toASN1Primitive().getEncoded();
    }

    private static KeyFactory createKeyFactory(AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException {
        if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithmIdentifier.getAlgorithm())) {
            return createKeyFactory(KeyAlgorithm.EC);
        }
        if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithmIdentifier.getAlgorithm())) {
            return createKeyFactory(KeyAlgorithm.RSA);
        }
        throw new IllegalArgumentException("Unknown key algorithm: " + algorithmIdentifier);
    }

    private static KeyFactory createKeyFactory(KeyAlgorithm keyAlgorithm) throws NoSuchAlgorithmException {
        return KeyFactory.getInstance(keyAlgorithm.getAlgorithmName(), (Provider) BouncyCastleProviderHolder.getInstance());
    }

    public static XECPublicKey fromRawX25519PublicKey(byte[] bArr) {
        try {
            NamedParameterSpec namedParameterSpec = new NamedParameterSpec("X25519");
            KeyFactory keyFactory = KeyFactory.getInstance("XDH");
            byte[] reverse = Arrays.reverse(bArr);
            reverse[0] = (byte) (reverse[0] & Byte.MAX_VALUE);
            return (XECPublicKey) keyFactory.generatePublic(new XECPublicKeySpec(namedParameterSpec, new BigInteger(reverse)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] toRawX25519PublicKeyBytes(XECPublicKey xECPublicKey) {
        return Arrays.reverse(xECPublicKey.getU().toByteArray());
    }

    public static XECPublicKey fromBase64EncodedX25519PublicKey(String str) {
        return fromRawX25519PublicKey(Base64.getUrlDecoder().decode(str));
    }

    public static String toBase64EncodedX25519PublicKey(XECPublicKey xECPublicKey) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PublicKeyBytes(xECPublicKey));
    }

    private static void verifyB58InputSmallEnoughToBeX25519Key(String str) {
        if (str.length() > 64) {
            throw new IllegalArgumentException("Input Base58 is too large to represent an X25519 key");
        }
    }

    public static XECPublicKey fromBase58EncodedX25519PublicKey(String str) {
        verifyB58InputSmallEnoughToBeX25519Key(str);
        return fromRawX25519PublicKey(Base58.codec().decode(str));
    }

    public static String toBase58EncodedX25519PublicKey(XECPublicKey xECPublicKey) {
        return Base58.codec().encode(toRawX25519PublicKeyBytes(xECPublicKey));
    }

    public static XECPrivateKey fromRawX25519PrivateKey(byte[] bArr) {
        try {
            return (XECPrivateKey) KeyFactory.getInstance("XDH").generatePrivate(new XECPrivateKeySpec(new NamedParameterSpec("X25519"), bArr));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] toRawX25519PrivateKeyBytes(XECPrivateKey xECPrivateKey) {
        Optional<byte[]> scalar = xECPrivateKey.getScalar();
        if (scalar.isPresent()) {
            return scalar.get();
        }
        throw new IllegalArgumentException("Could not extract scalar representation of X25519 private key. It might be a hardware-protected private key.");
    }

    public static XECPrivateKey fromBase64EncodedX25519PrivateKey(String str) {
        return fromRawX25519PrivateKey(Base64.getUrlDecoder().decode(str));
    }

    public static String toBase64EncodedX25519PrivateKey(XECPrivateKey xECPrivateKey) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(toRawX25519PrivateKeyBytes(xECPrivateKey));
    }

    public static XECPrivateKey fromBase58EncodedX25519PrivateKey(String str) {
        verifyB58InputSmallEnoughToBeX25519Key(str);
        return fromRawX25519PrivateKey(Base58.codec().decode(str));
    }

    public static String toBase58EncodedX25519PrivateKey(XECPrivateKey xECPrivateKey) {
        return Base58.codec().encode(toRawX25519PrivateKeyBytes(xECPrivateKey));
    }

    public static KeyPair generateX25519KeyPair() {
        try {
            return KeyPairGenerator.getInstance("X25519").generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static XECPublicKey extractX25519PublicKey(XECPrivateKey xECPrivateKey) {
        byte[] bArr = new byte[32];
        X25519.generatePublicKey(toRawX25519PrivateKeyBytes(xECPrivateKey), 0, bArr, 0);
        return fromRawX25519PublicKey(bArr);
    }

    public static byte[] ecdh(XECPrivateKey xECPrivateKey, XECPublicKey xECPublicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("XDH");
            keyAgreement.init(xECPrivateKey);
            keyAgreement.doPhase(xECPublicKey, true);
            byte[] generateSecret = keyAgreement.generateSecret();
            if (SideChannelSafe.allZeros(generateSecret)) {
                throw new IllegalArgumentException("Computed shared secret is all zeroes");
            }
            return generateSecret;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
