package org.apache.brooklyn.util.core.crypto;

import com.google.common.base.Objects;
import com.google.common.base.Throwables;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.Security;
import org.apache.brooklyn.core.internal.BrooklynInitialization;
import org.apache.brooklyn.util.crypto.AuthorizedKeysParser;
import org.apache.brooklyn.util.crypto.SecureKeysWithoutBouncyCastle;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.stream.Streams;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/util/core/crypto/SecureKeys.class */
public class SecureKeys extends SecureKeysWithoutBouncyCastle {
    private static final Logger log = LoggerFactory.getLogger(SecureKeys.class);

    /* loaded from: input_file:org/apache/brooklyn/util/core/crypto/SecureKeys$PassphraseProblem.class */
    public static class PassphraseProblem extends IllegalStateException {
        private static final long serialVersionUID = -3382824813899223447L;

        public PassphraseProblem(String str) {
            super("Passphrase problem with this key: " + str);
        }

        public PassphraseProblem(String str, Exception exc) {
            super("Passphrase problem with this key: " + str, exc);
        }
    }

    public static void initBouncyCastleProvider() {
        Security.addProvider(new BouncyCastleProvider());
    }

    private SecureKeys() {
    }

    public static X509Principal getX509PrincipalWithCommonName(String str) {
        return new X509Principal("C=None,L=None,O=None,OU=None,CN=" + str);
    }

    @Deprecated
    public static KeyPair readPem(InputStream inputStream, String str) {
        return readPem(Streams.readFully(inputStream), str);
    }

    public static KeyPair readPem(byte[] bArr, String str) {
        KeyPair keyPair;
        try {
            PEMParser pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr)));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            if (Security.getProvider("BC") == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            if (readObject == null) {
                throw new IllegalStateException("PEM parsing failed: missing or invalid data");
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                if (str == null) {
                    throw new PassphraseProblem("passphrase required");
                }
                try {
                    keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())));
                } catch (Exception e) {
                    Exceptions.propagateIfFatal(e);
                    throw new PassphraseProblem("wrong passphrase", e);
                }
            } else if (readObject instanceof PEMKeyPair) {
                keyPair = provider.getKeyPair((PEMKeyPair) readObject);
            } else {
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new IllegalStateException("PEM parser support missing for: " + readObject);
                }
                keyPair = new KeyPair(null, provider.getPrivateKey((PrivateKeyInfo) readObject));
            }
            return keyPair;
        } catch (IOException e2) {
            throw new RuntimeException("Invalid key", e2);
        }
    }

    public static boolean equal(KeyPair keyPair, KeyPair keyPair2) {
        return Objects.equal(keyPair2.getPrivate(), keyPair.getPrivate()) && Objects.equal(keyPair2.getPublic(), keyPair.getPublic());
    }

    public static String toPem(KeyPair keyPair) {
        try {
            StringWriter stringWriter = new StringWriter();
            PEMWriter pEMWriter = new PEMWriter(stringWriter);
            pEMWriter.writeObject(keyPair);
            pEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    public static String toPub(KeyPair keyPair) {
        return AuthorizedKeysParser.encodePublicKey(keyPair.getPublic());
    }

    public static PublicKey fromPub(String str) {
        return AuthorizedKeysParser.decodePublicKey(str);
    }

    static {
        BrooklynInitialization.initSecureKeysBouncyCastleProvider();
    }
}
