package be.iminds.ilabt.jfed.util.library;

import be.iminds.ilabt.jfed.util.common.GeniUrn;
import be.iminds.ilabt.jfed.util.common.IOUtils;
import be.iminds.ilabt.jfed.util.common.TextUtil;
import ch.ethz.ssh2.crypto.cipher.AES;
import ch.ethz.ssh2.crypto.cipher.CBCMode;
import ch.ethz.ssh2.crypto.cipher.DES;
import ch.ethz.ssh2.crypto.cipher.DESede;
import ch.ethz.ssh2.crypto.digest.MD5;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Random;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import net.schmizz.sshj.userauth.password.Resource;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jetbrains.annotations.Contract;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/util/library/KeyUtil.class */
public class KeyUtil {
    private static final Logger LOG;
    private static final byte DER_ANS_SEQUENCE = 48;
    private static final byte DER_ANS_INTEGER = 2;
    protected static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----";
    protected static final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";
    protected static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    protected static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    protected static final String BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----";
    protected static final String END_PRIVATE_KEY = "-----END PRIVATE KEY-----";
    protected static final String BEGIN_OPENSSH_PRIVATE_KEY = "-----BEGIN OPENSSH PRIVATE KEY----";
    protected static final String END_OPENSSH_PRIVATE_KEY = "-----END OPENSSH PRIVATE KEY----";
    protected static final String SSH_RSA = "ssh-rsa";
    protected static final String SSH_DSS = "ssh-dss";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* renamed from: be.iminds.ilabt.jfed.util.library.KeyUtil$2, reason: invalid class name */
    /* loaded from: input_file:be/iminds/ilabt/jfed/util/library/KeyUtil$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$be$iminds$ilabt$jfed$util$library$KeyUtil$AltNamesSource = new int[AltNamesSource.values().length];

        static {
            try {
                $SwitchMap$be$iminds$ilabt$jfed$util$library$KeyUtil$AltNamesSource[AltNamesSource.SUBJECT_ALT_NAMES.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$be$iminds$ilabt$jfed$util$library$KeyUtil$AltNamesSource[AltNamesSource.ISSUES_ALT_NAMES.ordinal()] = KeyUtil.DER_ANS_INTEGER;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/util/library/KeyUtil$AltNamesSource.class */
    public enum AltNamesSource {
        SUBJECT_ALT_NAMES,
        ISSUES_ALT_NAMES
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/util/library/KeyUtil$Buffer.class */
    private static class Buffer {
        private final ByteBuffer bb = ByteBuffer.allocate(20480);
        private int size = 0;

        private Buffer() {
        }

        public void put(@Nonnull String str) {
            put(str.getBytes(StandardCharsets.UTF_8));
        }

        public void put(@Nonnull BigInteger bigInteger) {
            put(bigInteger.toByteArray());
        }

        public void put(@Nonnull byte[] bArr) {
            this.bb.putInt(bArr.length);
            this.size += 4;
            this.bb.put(bArr);
            this.size += bArr.length;
        }

        @Nonnull
        public byte[] toByteArray() {
            byte[] bArr = new byte[this.size];
            this.bb.rewind();
            this.bb.get(bArr);
            return bArr;
        }
    }

    /* loaded from: input_file:be/iminds/ilabt/jfed/util/library/KeyUtil$PEMDecodingException.class */
    public static class PEMDecodingException extends Exception {
        public PEMDecodingException() {
        }

        public PEMDecodingException(String str) {
            super(str);
        }

        public PEMDecodingException(String str, Throwable th) {
            super(str, th);
        }

        public PEMDecodingException(Throwable th) {
            super(th);
        }
    }

    private KeyUtil() {
    }

    public static boolean hasUnlimitedStrengthCryptography() {
        try {
            return Cipher.getMaxAllowedKeyLength("RC5") >= 256;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return false;
        }
    }

    @Nonnull
    public static byte[] keyStoreToPKCS12Bytes(@Nonnull KeyStore keyStore, @Nullable String str, @Nullable String str2) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        KeyStore keyStore2 = KeyStore.getInstance("pkcs12");
        char[] charArray = str == null ? null : str.toCharArray();
        char[] charArray2 = str2 == null ? null : str2.toCharArray();
        keyStore2.load(null, charArray);
        Enumeration<String> aliases = keyStore.aliases();
        int i = 0;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            int i2 = i;
            i++;
            System.out.println("Alias " + i2 + ": " + nextElement);
            if (keyStore.isKeyEntry(nextElement)) {
                System.out.println("Adding key for alias " + nextElement);
                keyStore2.setKeyEntry(nextElement, keyStore.getKey(nextElement, charArray), charArray2, keyStore.getCertificateChain(nextElement));
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore2.store(byteArrayOutputStream, charArray2);
        return byteArrayOutputStream.toByteArray();
    }

    @Nonnull
    public static KeyStore pkcs12BytesToKeyStore(@Nonnull byte[] bArr, @Nullable String str, @Nullable String str2) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        KeyStore keyStore2 = KeyStore.getInstance("jks");
        char[] charArray = str2 == null ? null : str2.toCharArray();
        char[] charArray2 = str == null ? null : str.toCharArray();
        keyStore.load(new ByteArrayInputStream(bArr), charArray);
        keyStore2.load(null, charArray2);
        Enumeration<String> aliases = keyStore.aliases();
        int i = 0;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            int i2 = i;
            i++;
            System.out.println("Alias " + i2 + ": " + nextElement);
            if (keyStore.isKeyEntry(nextElement)) {
                System.out.println("Adding key for alias " + nextElement);
                keyStore2.setKeyEntry(nextElement, keyStore.getKey(nextElement, charArray), charArray2, keyStore.getCertificateChain(nextElement));
            }
        }
        return keyStore2;
    }

    @Nullable
    public static X509Certificate pemToX509Certificate(@Nonnull String str) {
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        int indexOf = replaceAll.indexOf(BEGIN_CERTIFICATE);
        if (indexOf != -1) {
            String substring = replaceAll.substring(indexOf + BEGIN_CERTIFICATE.length());
            int indexOf2 = substring.indexOf(END_CERTIFICATE);
            if (indexOf2 < 0) {
                return null;
            }
            replaceAll = substring.substring(0, indexOf2);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(StringUtils.getBytesUtf8(replaceAll)));
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            try {
                byteArrayInputStream.close();
            } catch (IOException e) {
            }
            return x509Certificate;
        } catch (CertificateException e2) {
            LOG.warn("Note: failed to parse certificate: " + e2.getMessage(), e2);
            return null;
        }
    }

    @Nullable
    public static List<X509Certificate> pemToX509CertificateChain(@Nonnull String str) {
        String trim;
        int indexOf;
        String substring;
        int indexOf2;
        String replaceAll = str.replaceAll("\r\n", "\n");
        ArrayList arrayList = new ArrayList();
        while (!replaceAll.isEmpty() && (indexOf = (trim = replaceAll.trim()).indexOf(BEGIN_CERTIFICATE)) != -1 && (indexOf2 = (substring = trim.substring(indexOf + BEGIN_CERTIFICATE.length())).indexOf(END_CERTIFICATE)) >= 0) {
            replaceAll = substring.substring(indexOf2 + END_CERTIFICATE.length());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(StringUtils.getBytesUtf8(substring.substring(0, indexOf2))));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                try {
                    byteArrayInputStream.close();
                } catch (IOException e) {
                }
                arrayList.add(x509Certificate);
            } catch (CertificateException e2) {
                LOG.warn("Note: failed to parse certificate (in cert chain). Will ignore this certificate.", e2);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }

    @Nonnull
    public static String x509certificateChainToPem(@Nonnull Collection<X509Certificate> collection) {
        String str = "";
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            str = str + x509certificateToPem(it.next());
        }
        return str;
    }

    @Contract("null -> null; !null -> !null")
    @Nullable
    public static String x509certificateToPem(@Nullable X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return "-----BEGIN CERTIFICATE-----\n" + TextUtil.wrap(Base64.encodeBase64String(x509Certificate.getEncoded()) + "\n", 64) + "-----END CERTIFICATE-----\n";
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Contract("null -> null; !null -> !null")
    @Nullable
    public static String x509certificateToCredentialXmlGid(@Nullable X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return TextUtil.wrap(Base64.encodeBase64String(x509Certificate.getEncoded()) + "\n", 64);
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Nonnull
    public static String getCompatibleSigAlgName(@Nonnull String str) {
        if ("DSA".equalsIgnoreCase(str)) {
            return "SHA1WithDSA";
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return "SHA256WithRSA";
        }
        if ("EC".equalsIgnoreCase(str)) {
            return "SHA256withECDSA";
        }
        throw new RuntimeException("Cannot Derive Signature Algorithm");
    }

    public static boolean matchingKeys(@Nonnull PublicKey publicKey, @Nonnull PrivateKey privateKey) {
        try {
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(1, publicKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
            byte[] bArr = {0, 1, DER_ANS_INTEGER, 3, 4, Byte.MAX_VALUE, -126, -100, 100};
            cipherOutputStream.write(bArr);
            cipherOutputStream.close();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArray);
            cipher.init(DER_ANS_INTEGER, privateKey);
            CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
            byte[] bArr2 = new byte[bArr.length];
            int read = cipherInputStream.read(bArr2);
            if (!$assertionsDisabled && read != bArr2.length) {
                throw new AssertionError();
            }
            cipherInputStream.close();
            for (int i = 0; i < bArr.length; i++) {
                if (bArr[i] != bArr2[i]) {
                    String str = "";
                    String str2 = "";
                    for (int i2 = 0; i2 < bArr.length; i2++) {
                        str = str + bArr[i2] + " ";
                        str2 = str2 + bArr2[i2] + " ";
                    }
                    String str3 = "";
                    for (byte b : byteArray) {
                        str3 = str3 + b + " ";
                    }
                    LOG.debug("Difference wile checking if private and public key match: byte " + i + " differs.\norig=" + str + "\nenc=" + str3 + "\ndec=" + str2);
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            LOG.debug("Error checking if private and public key match (probably because keys don't match)", e);
            return false;
        }
    }

    @Nullable
    @Deprecated
    public static X509Certificate makeSelfSigned(@Nonnull KeyPair keyPair, @Nonnull String str, int i) {
        Calendar.getInstance().add(6, i);
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            PublicKey publicKey = keyPair.getPublic();
            if (!$assertionsDisabled && privateKey == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && publicKey == null) {
                throw new AssertionError();
            }
            getCompatibleSigAlgName(privateKey.getAlgorithm());
            X500Name x500Name = new X500Name("CN=" + str);
            return signCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)), x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())), privateKey);
        } catch (OperatorCreationException | CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(privateKey)));
    }

    public static boolean isPemPrivateKeyEncrypted(@Nonnull String str) {
        if (str.contains("Proc-Type") || str.contains("DEK-Info")) {
            return true;
        }
        if (!str.contains("BEGIN OPENSSH PRIVATE KEY")) {
            return false;
        }
        try {
            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(extractPemBlockBytes(str, "OPENSSH PRIVATE KEY"));
            byte[] bytes = "openssh-key-v1��".getBytes();
            byte[] bArr = new byte[bytes.length];
            plainBuffer.readRawBytes(bArr);
            if (ByteArrayUtils.equals(bArr, 0, bytes, 0, bytes.length)) {
                return !"none".equals(plainBuffer.readString());
            }
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        } catch (PEMDecodingException | IOException e) {
            return false;
        }
    }

    @Nullable
    public static PrivateKey pemToPrivateKey(@Nonnull String str, @Nullable char[] cArr) throws PEMDecodingException {
        if (!$assertionsDisabled && isPemPrivateKeyEncrypted(str)) {
            throw new AssertionError("This method does not support encrypted keys");
        }
        if (!$assertionsDisabled && cArr != null && cArr.length != 0) {
            throw new AssertionError("This method does not support encrypted keys, but you supplied a password");
        }
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        int indexOf = replaceAll.indexOf(BEGIN_PRIVATE_KEY);
        if (indexOf == -1) {
            return null;
        }
        String substring = replaceAll.substring(indexOf + BEGIN_PRIVATE_KEY.length());
        int indexOf2 = substring.indexOf(END_PRIVATE_KEY);
        if (indexOf2 < 0) {
            throw new PEMDecodingException("Did not find end: '" + END_PRIVATE_KEY + "' in: " + str);
        }
        String trim = substring.substring(0, indexOf2).trim();
        String str2 = BEGIN_PRIVATE_KEY + "\n" + trim + "\n" + END_PRIVATE_KEY;
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(trim.replaceAll("\n", ""))));
        } catch (Exception e) {
            throw new PEMDecodingException("Error reading PEM private key: " + e.getMessage(), e);
        }
    }

    @Contract("null -> null")
    @Nullable
    public static RSAPublicKey rsaPrivateKeyToRsaPublicKey(@Nullable RSAPrivateKey rSAPrivateKey) {
        if (rSAPrivateKey == null) {
            return null;
        }
        if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
            return rsaPrivateCrtKeyToPublicKey((RSAPrivateCrtKey) rSAPrivateKey);
        }
        if (rSAPrivateKey instanceof org.bouncycastle.asn1.pkcs.RSAPrivateKey) {
            org.bouncycastle.asn1.pkcs.RSAPrivateKey rSAPrivateKey2 = (org.bouncycastle.asn1.pkcs.RSAPrivateKey) rSAPrivateKey;
            try {
                return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateKey2.getModulus(), rSAPrivateKey2.getPublicExponent()));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                LOG.warn("Failed to create public key from bc private key", e);
                return null;
            }
        }
        if (!(rSAPrivateKey instanceof RSAPrivateKey)) {
            LOG.error("Cannot reconstruct public key from private key. privateKey class=" + rSAPrivateKey.getClass().getName());
            return null;
        }
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateKey.getModulus(), BigInteger.valueOf(65537L)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
            LOG.warn("Failed to create public key from rsa private key", e2);
            return null;
        }
    }

    @Nullable
    public static RSAPublicKey rsaPrivateCrtKeyToPublicKey(@Nonnull RSAPrivateCrtKey rSAPrivateCrtKey) {
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.warn("Failed to create public key from rsa private crt key", e);
            return null;
        }
    }

    @Nonnull
    private static BigInteger readDerLength(@Nonnull LinkedList<Byte> linkedList) {
        byte byteValue = linkedList.removeFirst().byteValue();
        boolean z = (byteValue & 128) == 0;
        int i = byteValue & Byte.MAX_VALUE;
        if (z) {
            if (!$assertionsDisabled && i <= 0) {
                throw new AssertionError();
            }
            BigInteger valueOf = BigInteger.valueOf(i);
            if ($assertionsDisabled || valueOf.signum() >= 0) {
                return valueOf;
            }
            throw new AssertionError();
        }
        int i2 = i;
        int i3 = 0;
        if (linkedList.getFirst().byteValue() < 0) {
            i2++;
            i3 = 1;
        }
        byte[] bArr = new byte[i2];
        bArr[0] = 0;
        for (int i4 = i3; i4 < i2; i4++) {
            bArr[i4] = linkedList.removeFirst().byteValue();
        }
        BigInteger bigInteger = new BigInteger(bArr);
        if ($assertionsDisabled || bigInteger.signum() > 0) {
            return bigInteger;
        }
        throw new AssertionError();
    }

    @Nonnull
    private static BigInteger readDerInt(@Nonnull LinkedList<Byte> linkedList) throws PEMDecodingException {
        byte byteValue = linkedList.removeFirst().byteValue();
        if (byteValue != DER_ANS_INTEGER) {
            throw new PEMDecodingException("Expected INTEGER in PEM bytes, but got " + byteValue);
        }
        int intValue = readDerLength(linkedList).intValue();
        if (!$assertionsDisabled && intValue > linkedList.size()) {
            throw new AssertionError();
        }
        byte[] bArr = new byte[intValue];
        for (int i = 0; i < intValue; i++) {
            bArr[i] = linkedList.removeFirst().byteValue();
        }
        return new BigInteger(bArr);
    }

    @Nonnull
    private static List<BigInteger> readDerBigIntSequence(@Nonnull LinkedList<Byte> linkedList) throws PEMDecodingException {
        ArrayList arrayList = new ArrayList();
        byte byteValue = linkedList.removeFirst().byteValue();
        if (byteValue != DER_ANS_SEQUENCE) {
            throw new PEMDecodingException("Expected SEQUENCE in PEM bytes, but got " + byteValue);
        }
        int size = linkedList.size() - readDerLength(linkedList).intValue();
        while (linkedList.size() > size) {
            if (linkedList.getFirst().byteValue() != DER_ANS_INTEGER) {
                return arrayList;
            }
            arrayList.add(readDerInt(linkedList));
        }
        if (linkedList.size() > size) {
            throw new PEMDecodingException("Expected reading to end at targetLen=" + size + " but read more: bytes.size=" + linkedList.size());
        }
        while (linkedList.size() < size) {
            linkedList.removeFirst();
        }
        return arrayList;
    }

    @Contract("null, _ -> null")
    @Nullable
    public static KeyPair openSSHPrivateKeyPemToRsaKeyPair(@Nullable String str, @Nullable final char[] cArr) throws PEMDecodingException {
        String extractFirstPemBlock;
        if (str == null || (extractFirstPemBlock = extractFirstPemBlock(str, "OPENSSH PRIVATE KEY")) == null) {
            return null;
        }
        try {
            PasswordFinder passwordFinder = new PasswordFinder() { // from class: be.iminds.ilabt.jfed.util.library.KeyUtil.1
                public char[] reqPassword(Resource<?> resource) {
                    return cArr;
                }

                public boolean shouldRetry(Resource<?> resource) {
                    return false;
                }
            };
            OpenSSHKeyV1KeyFile openSSHKeyV1KeyFile = new OpenSSHKeyV1KeyFile();
            openSSHKeyV1KeyFile.init(extractFirstPemBlock, (String) null, passwordFinder);
            PrivateKey privateKey = openSSHKeyV1KeyFile.getPrivate();
            PublicKey publicKey = openSSHKeyV1KeyFile.getPublic();
            if (!$assertionsDisabled && !(privateKey instanceof RSAPrivateKey)) {
                throw new AssertionError();
            }
            if ($assertionsDisabled || (publicKey instanceof RSAPublicKey)) {
                return new KeyPair(publicKey, privateKey);
            }
            throw new AssertionError();
        } catch (IOException e) {
            throw new PEMDecodingException("Error decoding PEM", e);
        }
    }

    @Contract("null, _ -> null")
    @Nullable
    public static KeyPair pemToRsaKeyPair(@Nullable String str, @Nullable char[] cArr) throws PEMDecodingException {
        byte[] decodeBase64;
        if (str == null) {
            return null;
        }
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        if (LOG.isDebugEnabled()) {
            try {
                String encodeBase64String = !replaceAll.isEmpty() ? Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(replaceAll.getBytes("UTF-8"))) : "empty";
                String str2 = cArr == null ? "null" : "empty";
                if (cArr != null && cArr.length > 0) {
                    str2 = Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(new String(cArr).getBytes("UTF-8")));
                }
                LOG.debug("pemToRsaKeyPair() MD5's:  pem=" + encodeBase64String + "  pass=" + str2);
            } catch (Exception e) {
                LOG.debug("Error generating debug output", e);
            }
        }
        int indexOf = replaceAll.indexOf(BEGIN_RSA_PRIVATE_KEY);
        if (indexOf == -1) {
            LOG.debug("No -----BEGIN RSA PRIVATE KEY----- found in given pemkey (len=" + replaceAll.length() + ")");
            return null;
        }
        String substring = replaceAll.substring(indexOf + BEGIN_RSA_PRIVATE_KEY.length());
        int indexOf2 = substring.indexOf(END_RSA_PRIVATE_KEY);
        if (indexOf2 < 0) {
            throw new PEMDecodingException("Did not find end: '-----END RSA PRIVATE KEY-----' in: " + str);
        }
        String trim = substring.substring(0, indexOf2).trim();
        String str3 = "";
        String str4 = null;
        if (cArr != null) {
            try {
                str4 = new String(cArr);
            } catch (Exception e2) {
                if (str3.isEmpty()) {
                    LOG.debug("Error reading PEM private key (len=" + trim.length() + ")", e2);
                } else {
                    LOG.debug("Error reading PEM private key (len=" + trim.length() + "). encrypted private key head =\n" + str3 + " same as json=\n" + XmlRpcPrintUtil.xmlRpcObjectToString(str3), e2);
                }
                throw new PEMDecodingException("Error reading PEM private key: " + e2.getMessage(), e2);
            }
        }
        if (trim.trim().startsWith("Proc-Type: 4,ENCRYPTED")) {
            int indexOf3 = trim.indexOf("DEK-Info: ");
            if (indexOf3 < 0) {
                throw new PEMDecodingException("Found Proc-Type: 4,ENCRYPTED in RSA PRIVATE KEY, but no DEK-Info");
            }
            int indexOf4 = trim.indexOf("\n", indexOf3);
            int indexOf5 = trim.indexOf("\n\n");
            LOG.debug("emptyLineIndex=" + indexOf5);
            trim.substring(0, 70);
            if (indexOf5 < 0) {
                throw new PEMDecodingException("Did not find empty line in encoded PEM block");
            }
            str3 = trim.substring(0, indexOf5);
            if (!$assertionsDisabled && indexOf4 == -1) {
                throw new AssertionError();
            }
            String substring2 = trim.substring(indexOf3, indexOf4);
            LOG.debug("pemToRsaKeyPair() read dekInfoLine=\"" + substring2 + "\"");
            if (!$assertionsDisabled && !substring2.startsWith("DEK-Info: ")) {
                throw new AssertionError();
            }
            String substring3 = substring2.substring("DEK-Info: ".length());
            String[] split = substring3.split(",");
            LOG.debug("pemToRsaKeyPair() dekInfoContent=\"" + substring3 + "\" dekInfoContentParts=" + Arrays.toString(split));
            if (split.length != DER_ANS_INTEGER) {
                throw new PEMDecodingException("Did not find 2 parts of info in DEK-Info: \"" + substring3 + "\"");
            }
            String str5 = split[0];
            byte[] hexToByteArray = hexToByteArray(split[1]);
            LOG.debug("pemToRsaKeyPair() read dekInfoLine algo=\"" + str5 + "\" salt=\"" + split[1] + "\"");
            decodeBase64 = Base64.decodeBase64(trim.substring(indexOf5 + 1).replaceAll("\n", ""));
            if (str4 != null) {
                decodeBase64 = decryptPEM(str5, hexToByteArray, decodeBase64, str4.getBytes("US-ASCII"));
            }
        } else {
            decodeBase64 = Base64.decodeBase64(trim.replaceAll("\n", ""));
        }
        if (LOG.isDebugEnabled()) {
            try {
                LOG.debug("pemToRsaKeyPair() MD5's:  decr pem=" + (decodeBase64.length > 0 ? Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(decodeBase64)) : "empty"));
            } catch (Exception e3) {
                LOG.debug("Error generating debug output", e3);
            }
        }
        LinkedList linkedList = new LinkedList();
        for (byte b : decodeBase64) {
            linkedList.add(Byte.valueOf(b));
        }
        List<BigInteger> readDerBigIntSequence = readDerBigIntSequence(linkedList);
        if (readDerBigIntSequence.size() < 9) {
            throw new RuntimeException("Not enough Integers in DER sequence: " + readDerBigIntSequence.size());
        }
        readDerBigIntSequence.get(0);
        BigInteger bigInteger = readDerBigIntSequence.get(1);
        BigInteger bigInteger2 = readDerBigIntSequence.get(DER_ANS_INTEGER);
        RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, readDerBigIntSequence.get(3), readDerBigIntSequence.get(4), readDerBigIntSequence.get(5), readDerBigIntSequence.get(6), readDerBigIntSequence.get(7), readDerBigIntSequence.get(8));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return new KeyPair((RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2)), (RSAPrivateCrtKey) keyFactory.generatePrivate(rSAPrivateCrtKeySpec));
    }

    @Contract("null, _ -> null")
    @Nullable
    public static String extractFirstPemBlock(@Nullable String str, @Nonnull String str2) throws PEMDecodingException {
        if (str == null) {
            return null;
        }
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        String str3 = "-----BEGIN " + str2 + "-----";
        String str4 = "-----END " + str2 + "-----";
        int indexOf = replaceAll.indexOf(str3);
        if (indexOf < 0) {
            return null;
        }
        int indexOf2 = replaceAll.indexOf(str4, indexOf);
        if (indexOf2 < 0) {
            throw new PEMDecodingException("Did not find end: '" + str4 + "' in: " + str);
        }
        return str3 + "\n" + replaceAll.substring(indexOf + str3.length(), indexOf2).trim() + "\n" + str4;
    }

    @Contract("null, _ -> null")
    @Nullable
    public static byte[] extractPemBlockBytes(@Nullable String str, @Nonnull String str2) throws PEMDecodingException {
        String replaceAll = str.trim().replaceAll("\r\n", "\n");
        String str3 = "-----BEGIN " + str2 + "-----";
        String str4 = "-----END " + str2 + "-----";
        int indexOf = replaceAll.indexOf(str3);
        int indexOf2 = replaceAll.indexOf(str4, indexOf);
        if (indexOf < 0) {
            throw new PEMDecodingException("Did not find start: '" + str3 + "' in: " + replaceAll);
        }
        if (indexOf2 < 0) {
            throw new PEMDecodingException("Did not find end: '" + str4 + "' in: " + replaceAll);
        }
        return Base64.decodeBase64(replaceAll.substring(indexOf + str3.length(), indexOf2).trim().replaceAll("\n", ""));
    }

    @Contract("null, _ -> null")
    @Nullable
    public static RSAPrivateKey openSSHPrivateKeyPemToRsaPrivateKey(@Nullable String str, @Nullable char[] cArr) throws PEMDecodingException {
        KeyPair openSSHPrivateKeyPemToRsaKeyPair;
        String extractFirstPemBlock = extractFirstPemBlock(str, "OPENSSH PRIVATE KEY");
        if (extractFirstPemBlock == null || (openSSHPrivateKeyPemToRsaKeyPair = openSSHPrivateKeyPemToRsaKeyPair(extractFirstPemBlock, cArr)) == null) {
            return null;
        }
        if ($assertionsDisabled || openSSHPrivateKeyPemToRsaKeyPair.getPrivate() != null) {
            return (RSAPrivateKey) openSSHPrivateKeyPemToRsaKeyPair.getPrivate();
        }
        throw new AssertionError();
    }

    @Contract("null, _ -> null")
    @Nullable
    public static RSAPrivateKey pemToRsaPrivateKey(@Nullable String str, @Nullable char[] cArr) throws PEMDecodingException {
        if (str == null) {
            return null;
        }
        RSAPrivateKey openSSHPrivateKeyPemToRsaPrivateKey = openSSHPrivateKeyPemToRsaPrivateKey(str, cArr);
        if (openSSHPrivateKeyPemToRsaPrivateKey != null) {
            return openSSHPrivateKeyPemToRsaPrivateKey;
        }
        KeyPair pemToRsaKeyPair = pemToRsaKeyPair(str, cArr);
        if (pemToRsaKeyPair == null) {
            return null;
        }
        if ($assertionsDisabled || pemToRsaKeyPair.getPrivate() != null) {
            return (RSAPrivateKey) pemToRsaKeyPair.getPrivate();
        }
        throw new AssertionError();
    }

    @Nullable
    public static PrivateKey pemToAnyPrivateKey(@Nonnull String str, char[] cArr) throws PEMDecodingException {
        RSAPrivateKey openSSHPrivateKeyPemToRsaPrivateKey = openSSHPrivateKeyPemToRsaPrivateKey(str, cArr);
        if (openSSHPrivateKeyPemToRsaPrivateKey != null) {
            return openSSHPrivateKeyPemToRsaPrivateKey;
        }
        RSAPrivateKey pemToRsaPrivateKey = pemToRsaPrivateKey(str, cArr);
        if (pemToRsaPrivateKey != null) {
            return pemToRsaPrivateKey;
        }
        PrivateKey pemToPrivateKey = pemToPrivateKey(str, cArr);
        if (pemToPrivateKey != null) {
            return pemToPrivateKey;
        }
        return null;
    }

    @Nonnull
    public static List<Certificate> parseAllPEMCertificates(@Nonnull String str) {
        int indexOf;
        ArrayList arrayList = new ArrayList();
        int indexOf2 = str.indexOf(BEGIN_CERTIFICATE);
        while (true) {
            int i = indexOf2;
            if (i == -1 || (indexOf = str.indexOf(END_CERTIFICATE, i + 1)) == -1) {
                break;
            }
            X509Certificate pemToX509Certificate = pemToX509Certificate(str.substring(i + BEGIN_CERTIFICATE.length(), indexOf).trim().replaceAll("\r\n", "\n"));
            if (pemToX509Certificate != null) {
                arrayList.add(pemToX509Certificate);
            }
            indexOf2 = str.indexOf(BEGIN_CERTIFICATE, indexOf + END_CERTIFICATE.length());
        }
        return arrayList;
    }

    @Nonnull
    public static List<Byte> derLength(int i) {
        if (!$assertionsDisabled && i < 0) {
            throw new AssertionError();
        }
        ArrayList arrayList = new ArrayList();
        if (i >= 0 && i <= 127) {
            arrayList.add(Byte.valueOf((byte) i));
            return arrayList;
        }
        BigInteger valueOf = BigInteger.valueOf(i);
        byte[] byteArray = valueOf.toByteArray();
        if (!$assertionsDisabled && valueOf.toByteArray()[0] < 0) {
            throw new AssertionError();
        }
        int length = byteArray.length;
        boolean z = byteArray[0] == 0;
        if (z) {
            length--;
        }
        if (!$assertionsDisabled && (length >= 128 || length < 0)) {
            throw new AssertionError();
        }
        arrayList.add(Byte.valueOf((byte) (128 | length)));
        for (byte b : byteArray) {
            if (z) {
                z = false;
            } else {
                arrayList.add(Byte.valueOf(b));
            }
        }
        return arrayList;
    }

    @Nonnull
    private static List<Byte> derBigInt(BigInteger bigInteger) {
        ArrayList arrayList = new ArrayList();
        if (bigInteger.signum() == 0) {
            arrayList.add((byte) 0);
            return arrayList;
        }
        byte[] byteArray = bigInteger.toByteArray();
        if (!$assertionsDisabled && byteArray.length <= 0) {
            throw new AssertionError();
        }
        boolean z = true;
        for (byte b : byteArray) {
            if (b != 0 && z && b < 0 && bigInteger.signum() > 0) {
                arrayList.add((byte) 0);
            }
            if (b != 0 || !z) {
                z = false;
                arrayList.add(Byte.valueOf(b));
            }
        }
        return arrayList;
    }

    @Nonnull
    public static List<Byte> derSequenceBigInt(@Nonnull List<BigInteger> list) {
        ArrayList arrayList = new ArrayList();
        for (BigInteger bigInteger : list) {
            arrayList.add((byte) 2);
            List<Byte> derBigInt = derBigInt(bigInteger);
            arrayList.addAll(derLength(derBigInt.size()));
            arrayList.addAll(derBigInt);
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add((byte) 48);
        arrayList2.addAll(derLength(arrayList.size()));
        arrayList2.addAll(arrayList);
        return arrayList2;
    }

    @Nonnull
    public static byte[] getPrivateKeyPKCS1(@Nonnull RSAPrivateCrtKey rSAPrivateCrtKey) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(BigInteger.valueOf(0L));
        arrayList.add(rSAPrivateCrtKey.getModulus());
        arrayList.add(rSAPrivateCrtKey.getPublicExponent());
        arrayList.add(rSAPrivateCrtKey.getPrivateExponent());
        arrayList.add(rSAPrivateCrtKey.getPrimeP());
        arrayList.add(rSAPrivateCrtKey.getPrimeQ());
        arrayList.add(rSAPrivateCrtKey.getPrimeExponentP());
        arrayList.add(rSAPrivateCrtKey.getPrimeExponentQ());
        arrayList.add(rSAPrivateCrtKey.getCrtCoefficient());
        List<Byte> derSequenceBigInt = derSequenceBigInt(arrayList);
        byte[] bArr = new byte[derSequenceBigInt.size()];
        int i = 0;
        Iterator<Byte> it = derSequenceBigInt.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            bArr[i2] = it.next().byteValue();
        }
        return bArr;
    }

    @Nonnull
    public static byte[] getPublicKeyPKCS1(@Nonnull RSAPublicKey rSAPublicKey) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(rSAPublicKey.getModulus());
        arrayList.add(rSAPublicKey.getPublicExponent());
        List<Byte> derSequenceBigInt = derSequenceBigInt(arrayList);
        byte[] bArr = new byte[derSequenceBigInt.size()];
        int i = 0;
        Iterator<Byte> it = derSequenceBigInt.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            bArr[i2] = it.next().byteValue();
        }
        return bArr;
    }

    @Nonnull
    public static char[] getPrivateKeyCharsPKCS1Base64(@Nonnull RSAPrivateCrtKey rSAPrivateCrtKey) {
        return getPrivateKeyCharsPKCS1Base64(rSAPrivateCrtKey, null);
    }

    @Nonnull
    public static char[] getPrivateKeyCharsPKCS1Base64(@Nonnull RSAPrivateCrtKey rSAPrivateCrtKey, @Nullable char[] cArr) {
        String encryptPEM;
        byte[] privateKeyPKCS1 = getPrivateKeyPKCS1(rSAPrivateCrtKey);
        if (cArr == null) {
            encryptPEM = Base64.encodeBase64String(privateKeyPKCS1);
        } else {
            try {
                encryptPEM = encryptPEM(privateKeyPKCS1, new String(cArr).getBytes("UTF-8"));
            } catch (PEMDecodingException | UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return encryptPEM.toCharArray();
    }

    @Nonnull
    public static char[] getPublicKeyCharsPKCS1Base64(@Nonnull RSAPublicKey rSAPublicKey) {
        return Base64.encodeBase64String(getPublicKeyPKCS1(rSAPublicKey)).toCharArray();
    }

    @Nonnull
    public static byte[] getPrivateKeyCharsPKCS8(@Nonnull PrivateKey privateKey) {
        if (!Objects.equals(privateKey.getFormat(), "PKCS#8")) {
            throw new RuntimeException(privateKey.getClass().getName() + " does not support PKCS#8");
        }
        if ($assertionsDisabled || Objects.equals(privateKey.getFormat(), "PKCS#8")) {
            return privateKey.getEncoded();
        }
        throw new AssertionError();
    }

    @Nonnull
    public static char[] getPrivateKeyCharsPKCS8Base64(@Nonnull PrivateKey privateKey) {
        return getPrivateKeyCharsPKCS8Base64(privateKey, null);
    }

    @Nonnull
    public static char[] getPrivateKeyCharsPKCS8Base64(@Nonnull PrivateKey privateKey, @Nullable char[] cArr) {
        String encryptPEM;
        byte[] privateKeyCharsPKCS8 = getPrivateKeyCharsPKCS8(privateKey);
        if (cArr == null) {
            encryptPEM = Base64.encodeBase64String(privateKeyCharsPKCS8);
        } else {
            try {
                encryptPEM = encryptPEM(privateKeyCharsPKCS8, new String(cArr).getBytes("UTF-8"));
            } catch (PEMDecodingException | UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return encryptPEM.toCharArray();
    }

    @Nonnull
    public static char[] privateKeyToPem(@Nonnull PrivateKey privateKey) {
        return privateKeyToPem(privateKey, null);
    }

    @Nonnull
    public static char[] privateKeyToPem(@Nonnull PrivateKey privateKey, @Nullable char[] cArr) {
        return ("-----BEGIN PRIVATE KEY-----\n" + TextUtil.wrap(new String(getPrivateKeyCharsPKCS8Base64(privateKey, cArr)), 64) + "\n-----END PRIVATE KEY-----\n").toCharArray();
    }

    @Nonnull
    public static char[] privateKeyToAnyPem(@Nonnull PrivateKey privateKey) {
        return privateKeyToAnyPem(privateKey, null);
    }

    @Nonnull
    public static char[] privateKeyToAnyPem(@Nonnull PrivateKey privateKey, @Nullable char[] cArr) {
        return privateKey instanceof RSAPrivateCrtKey ? rsaPrivateKeyToPem((RSAPrivateCrtKey) privateKey, cArr) : privateKeyToPem(privateKey, cArr);
    }

    @Nonnull
    public static char[] rsaPrivateKeyToPem(@Nonnull RSAPrivateKey rSAPrivateKey) {
        return rsaPrivateKeyToPem(rSAPrivateKey, null);
    }

    @Nonnull
    public static char[] rsaPrivateKeyToPem(@Nonnull RSAPrivateKey rSAPrivateKey, @Nullable char[] cArr) {
        if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
            return ("-----BEGIN RSA PRIVATE KEY-----\n" + TextUtil.wrap(new String(getPrivateKeyCharsPKCS1Base64((RSAPrivateCrtKey) rSAPrivateKey, cArr)), 64) + "\n-----END RSA PRIVATE KEY-----\n").toCharArray();
        }
        throw new RuntimeException("rsaPrivateKey is not of class RSAPrivateCrtKey but of class=" + rSAPrivateKey.getClass().getName() + " -> does not contain enough data to transform it to the PKCS1 format needed for PEM \"RSA PRIVATE KEY\"");
    }

    public static boolean hasAnyPrivateKey(@Nonnull String str) {
        return hasPrivateKey(str) || hasRsaPrivateKey(str) || hasOpenSshPrivateKey(str);
    }

    public static boolean hasPrivateKey(@Nonnull String str) {
        return str.contains(BEGIN_PRIVATE_KEY);
    }

    public static boolean hasRsaPrivateKey(@Nonnull String str) {
        return str.contains(BEGIN_RSA_PRIVATE_KEY);
    }

    public static boolean hasOpenSshPrivateKey(@Nonnull String str) {
        return str.contains(BEGIN_OPENSSH_PRIVATE_KEY);
    }

    public static boolean hasX509Certificate(@Nonnull String str) {
        return str.contains(BEGIN_CERTIFICATE);
    }

    public static boolean isOpenSshRsaKey(@Nonnull File file) throws IOException {
        return isOpenSshRsaKey(IOUtils.fileToString(file));
    }

    public static boolean isOpenSshRsaKey(@Nullable String str) {
        return str != null && str.startsWith("ssh-rsa ");
    }

    public static boolean hasEncryptedRsaPrivateKey(@Nonnull String str) {
        return str.contains(BEGIN_RSA_PRIVATE_KEY) && (str.contains("Proc-Type:") || str.contains("DEK-Info: ") || str.contains("ENCRYPTED"));
    }

    @Contract("null -> null; !null -> !null")
    @Nullable
    public static String publicKeyToOpenSshAuthorizedKeysFormat(@Nullable PublicKey publicKey) {
        if (publicKey == null) {
            return null;
        }
        if (publicKey instanceof RSAPublicKey) {
            return rsaPublicKeyToOpenSshAuthorizedKeysFormat((RSAPublicKey) publicKey);
        }
        throw new UnsupportedOperationException("Cannot convert non RSAPublicKey to OpenSshAuthorizedKeysFormat: " + publicKey.getClass().getName());
    }

    @Nonnull
    public static String rsaPublicKeyToOpenSshAuthorizedKeysFormatData(@Nonnull RSAPublicKey rSAPublicKey) {
        byte[] bytesUtf8 = StringUtils.getBytesUtf8(SSH_RSA);
        byte[] byteArray = rSAPublicKey.getPublicExponent().toByteArray();
        if (!$assertionsDisabled && !Objects.equals(new BigInteger(byteArray), rSAPublicKey.getPublicExponent())) {
            throw new AssertionError();
        }
        byte[] byteArray2 = rSAPublicKey.getModulus().toByteArray();
        return Base64.encodeBase64String(ByteBuffer.allocate(byteArray.length + byteArray2.length + bytesUtf8.length + 12).order(ByteOrder.BIG_ENDIAN).putInt(bytesUtf8.length).put(bytesUtf8).putInt(byteArray.length).put(byteArray).putInt(byteArray2.length).put(byteArray2).array());
    }

    @Nonnull
    public static String rsaPublicKeyToOpenSshAuthorizedKeysFormat(@Nonnull RSAPublicKey rSAPublicKey) {
        String str = "ssh-rsa " + rsaPublicKeyToOpenSshAuthorizedKeysFormatData(rSAPublicKey);
        if (!$assertionsDisabled && !Objects.equals(openSshAuthorizedKeysFormatRsaPublicKey(str).getModulus(), rSAPublicKey.getModulus())) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || Objects.equals(openSshAuthorizedKeysFormatRsaPublicKey(str).getPublicExponent(), rSAPublicKey.getPublicExponent())) {
            return str;
        }
        throw new AssertionError();
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x0060, code lost:
    
        if (r7 != null) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0070, code lost:
    
        throw new java.lang.RuntimeException("No key found in OpenSSH authorized_keys format. format syntax: <options> <keytype> <base64-encoded key> <comment>. input=\"" + r5 + "\"");
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0071, code lost:
    
        r0 = java.nio.ByteBuffer.wrap(org.apache.commons.codec.binary.Base64.decodeBase64(r7)).order(java.nio.ByteOrder.BIG_ENDIAN);
        r0 = new byte[r0.getInt()];
        r0.get(r0);
        r0 = org.apache.commons.codec.binary.StringUtils.newStringUtf8(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x00a1, code lost:
    
        if (be.iminds.ilabt.jfed.util.library.KeyUtil.$assertionsDisabled != false) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x00ac, code lost:
    
        if (java.util.Objects.equals(r0, be.iminds.ilabt.jfed.util.library.KeyUtil.SSH_RSA) != false) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x00b6, code lost:
    
        throw new java.lang.AssertionError();
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x00b7, code lost:
    
        r0 = new byte[r0.getInt()];
        r0.get(r0);
        r0 = new byte[r0.getInt()];
        r0.get(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0137, code lost:
    
        return (java.security.interfaces.RSAPublicKey) java.security.KeyFactory.getInstance("RSA").generatePublic(new java.security.spec.RSAPublicKeySpec(new java.math.BigInteger(r0), new java.math.BigInteger(r0)));
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x011f, code lost:
    
        r21 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0134, code lost:
    
        throw new java.lang.RuntimeException("Error creating RSAPublicKey: " + r21.getMessage(), r21);
     */
    @javax.annotation.Nonnull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.interfaces.RSAPublicKey openSshAuthorizedKeysFormatRsaPublicKey(@javax.annotation.Nonnull java.lang.String r5) {
        /*
            Method dump skipped, instructions count: 312
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: be.iminds.ilabt.jfed.util.library.KeyUtil.openSshAuthorizedKeysFormatRsaPublicKey(java.lang.String):java.security.interfaces.RSAPublicKey");
    }

    @Nonnull
    private static byte[] generateKeyFromPasswordSaltWithMD5(@Nonnull byte[] bArr, @Nonnull byte[] bArr2, int i) throws PEMDecodingException {
        if (bArr2.length < 8) {
            throw new PEMDecodingException("Salt needs to be at least 8 bytes for key generation. It is only " + bArr2.length + " bytes");
        }
        MD5 md5 = new MD5();
        byte[] bArr3 = new byte[i];
        byte[] bArr4 = new byte[md5.getDigestLength()];
        while (true) {
            md5.update(bArr, 0, bArr.length);
            md5.update(bArr2, 0, 8);
            int length = i < bArr4.length ? i : bArr4.length;
            md5.digest(bArr4, 0);
            System.arraycopy(bArr4, 0, bArr3, bArr3.length - i, length);
            i -= length;
            if (i == 0) {
                return bArr3;
            }
            md5.update(bArr4, 0, bArr4.length);
        }
    }

    @Nonnull
    private static String encryptPEM(@Nonnull byte[] bArr, @Nonnull byte[] bArr2) throws PEMDecodingException {
        byte[] bArr3 = new byte[8];
        new Random().nextBytes(bArr3);
        String str = "";
        for (byte b : bArr3) {
            str = str + String.format("%02X", Byte.valueOf(b));
        }
        return "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC," + str + "\n\n" + Base64.encodeBase64String(encryptPEMhelper(bArr, bArr3, bArr2));
    }

    @Nonnull
    private static byte[] encryptPEMhelper(@Nonnull byte[] bArr, @Nonnull byte[] bArr2, @Nonnull byte[] bArr3) throws PEMDecodingException {
        DESede dESede = new DESede();
        dESede.init(true, generateKeyFromPasswordSaltWithMD5(bArr3, bArr2, 24));
        CBCMode cBCMode = new CBCMode(dESede, bArr2, true);
        byte[] addPadding = addPadding(bArr, cBCMode.getBlockSize());
        byte[] bArr4 = new byte[addPadding.length];
        for (int i = 0; i < addPadding.length / cBCMode.getBlockSize(); i++) {
            cBCMode.transformBlock(addPadding, i * cBCMode.getBlockSize(), bArr4, i * cBCMode.getBlockSize());
        }
        return bArr4;
    }

    @Nonnull
    private static byte[] decryptPEM(@Nonnull String str, @Nonnull byte[] bArr, @Nonnull byte[] bArr2, @Nonnull byte[] bArr3) throws PEMDecodingException {
        CBCMode cBCMode;
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && bArr3 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && bArr2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && bArr == null) {
            throw new AssertionError();
        }
        if (LOG.isDebugEnabled()) {
            try {
                LOG.debug("decryptPEM() algo=" + str + " salt=" + Base64.encodeBase64String(bArr) + " dataMd5=" + (bArr2.length > 0 ? Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(bArr2)) : "empty") + " pwMd5=" + (bArr3.length > 0 ? Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(bArr3)) : "empty"));
            } catch (NoSuchAlgorithmException e) {
                LOG.debug("decryptPEM() Error creating debug message", e);
            }
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -2020788375:
                if (str.equals("DES-CBC")) {
                    z = true;
                    break;
                }
                break;
            case -1390896596:
                if (str.equals("AES-256-CBC")) {
                    z = 4;
                    break;
                }
                break;
            case -165238049:
                if (str.equals("DES-EDE3-CBC")) {
                    z = false;
                    break;
                }
                break;
            case 1932526608:
                if (str.equals("AES-128-CBC")) {
                    z = DER_ANS_INTEGER;
                    break;
                }
                break;
            case 2127389539:
                if (str.equals("AES-192-CBC")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                DESede dESede = new DESede();
                dESede.init(false, generateKeyFromPasswordSaltWithMD5(bArr3, bArr, 24));
                cBCMode = new CBCMode(dESede, bArr, false);
                break;
            case true:
                DES des = new DES();
                des.init(false, generateKeyFromPasswordSaltWithMD5(bArr3, bArr, 8));
                cBCMode = new CBCMode(des, bArr, false);
                break;
            case DER_ANS_INTEGER /* 2 */:
                AES aes = new AES();
                aes.init(false, generateKeyFromPasswordSaltWithMD5(bArr3, bArr, 16));
                cBCMode = new CBCMode(aes, bArr, false);
                break;
            case true:
                AES aes2 = new AES();
                aes2.init(false, generateKeyFromPasswordSaltWithMD5(bArr3, bArr, 24));
                cBCMode = new CBCMode(aes2, bArr, false);
                break;
            case true:
                AES aes3 = new AES();
                aes3.init(false, generateKeyFromPasswordSaltWithMD5(bArr3, bArr, 32));
                cBCMode = new CBCMode(aes3, bArr, false);
                break;
            default:
                LOG.error("decryptPEM() Cannot decrypt PEM structure, unknown cipher " + str);
                throw new PEMDecodingException("Cannot decrypt PEM structure, unknown cipher " + str);
        }
        if (bArr2.length % cBCMode.getBlockSize() != 0) {
            LOG.error("Invalid PEM structure, size of encrypted block is not a multiple of " + cBCMode.getBlockSize());
            throw new PEMDecodingException("Invalid PEM structure, size of encrypted block is not a multiple of " + cBCMode.getBlockSize());
        }
        byte[] bArr4 = new byte[bArr2.length];
        for (int i = 0; i < bArr2.length / cBCMode.getBlockSize(); i++) {
            cBCMode.transformBlock(bArr2, i * cBCMode.getBlockSize(), bArr4, i * cBCMode.getBlockSize());
        }
        return removePadding(bArr4, cBCMode.getBlockSize());
    }

    @Nonnull
    private static byte[] addPadding(@Nonnull byte[] bArr, int i) {
        if (!$assertionsDisabled && i != 8) {
            throw new AssertionError();
        }
        int length = bArr.length;
        int length2 = 8 - (bArr.length % i);
        int i2 = length + length2;
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        for (int i3 = length; i3 < i2; i3++) {
            bArr2[i3] = (byte) length2;
        }
        return bArr2;
    }

    @Nonnull
    private static byte[] removePadding(@Nonnull byte[] bArr, int i) throws PEMDecodingException {
        int i2 = bArr[bArr.length - 1] & 255;
        if (i2 < 1 || i2 > i) {
            throw new PEMDecodingException("Decrypted PEM has wrong padding, did you specify the correct password?");
        }
        for (int i3 = DER_ANS_INTEGER; i3 <= i2; i3++) {
            if (bArr[bArr.length - i3] != i2) {
                throw new PEMDecodingException("Decrypted PEM has wrong padding, did you specify the correct password?");
            }
        }
        byte[] bArr2 = new byte[bArr.length - i2];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length - i2);
        return bArr2;
    }

    public static int hexToInt(char c) {
        if (c >= 'a' && c <= 'f') {
            return (c - 'a') + 10;
        }
        if (c >= 'A' && c <= 'F') {
            return (c - 'A') + 10;
        }
        if (c < DER_ANS_SEQUENCE || c > '9') {
            throw new IllegalArgumentException("Need hex char");
        }
        return c - DER_ANS_SEQUENCE;
    }

    @Nonnull
    public static byte[] hexToByteArray(@Nonnull String str) {
        if (str.length() % DER_ANS_INTEGER != 0) {
            throw new IllegalArgumentException("Uneven string length in hex encoding \"" + str + "\" len=" + str.length());
        }
        byte[] bArr = new byte[str.length() / DER_ANS_INTEGER];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) ((hexToInt(str.charAt(i * DER_ANS_INTEGER)) * 16) + hexToInt(str.charAt((i * DER_ANS_INTEGER) + 1)));
        }
        return bArr;
    }

    @Nonnull
    public static List<GeniUrn> findUrnsInCertAltNames(@Nonnull X509Certificate x509Certificate, @Nonnull AltNamesSource altNamesSource, boolean z) {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> collection = null;
        try {
            switch (AnonymousClass2.$SwitchMap$be$iminds$ilabt$jfed$util$library$KeyUtil$AltNamesSource[altNamesSource.ordinal()]) {
                case 1:
                    collection = x509Certificate.getSubjectAlternativeNames();
                    break;
                case DER_ANS_INTEGER /* 2 */:
                    collection = x509Certificate.getIssuerAlternativeNames();
                    break;
                default:
                    throw new RuntimeException("Unsupported AltNamesSource: " + altNamesSource);
            }
        } catch (CertificateParsingException e) {
            LOG.error("Error processing certificate alternate names: " + e.getMessage());
        }
        LOG.trace("certificate has alt names: " + (collection != null && collection.isEmpty()) + "\n");
        if (collection != null) {
            String str = "";
            boolean z2 = false;
            for (List<?> list : collection) {
                Integer num = (Integer) list.get(0);
                LOG.trace("certificate has altname of type " + num + "\n");
                if (num.intValue() == 6) {
                    String str2 = (String) list.get(1);
                    GeniUrn parse = GeniUrn.parse(str2);
                    if (parse == null) {
                        str = str + "Warning: certificate alternative name URI is not a valid urn: \"" + str2 + "\"  (will be ignored)";
                    } else if (!z || Objects.equals(parse.getEncodedResourceType(), "user")) {
                        z2 = true;
                        arrayList.add(parse);
                        LOG.trace("processed altName of URN type. userUrn=" + parse + "\n");
                    } else {
                        str = str + "Warning: certificate alternative name URI is not a user urn: \"" + str2 + "\"  (will be ignored)";
                    }
                }
            }
            if (!z2 && !str.isEmpty()) {
                LOG.warn(str);
            }
        }
        return arrayList;
    }

    @Nonnull
    public static List<String> findDnsInCertAltSubjectNames(@Nonnull X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            LOG.error("Error processing certificate alternate names: " + e.getMessage());
        }
        LOG.trace("certificate has subject alt names: " + (collection != null && collection.isEmpty()) + "\n");
        if (collection != null) {
            for (List<?> list : collection) {
                Integer num = (Integer) list.get(0);
                LOG.trace("certificate has altname of type " + num + "\n");
                if (num.intValue() == DER_ANS_INTEGER) {
                    String str = (String) list.get(1);
                    if (str == null) {
                        LOG.warn("Warning: certificate dnsName is null (will be ignored)");
                    } else {
                        arrayList.add(str);
                        LOG.trace("processed altName of URN type. dnsName=" + str + "\n");
                    }
                }
            }
        }
        return arrayList;
    }

    @Nonnull
    public static byte[] keyToSshAgent(@Nonnull RSAPrivateCrtKey rSAPrivateCrtKey, @Nonnull String str) {
        Buffer buffer = new Buffer();
        buffer.put(SSH_RSA);
        buffer.put(rSAPrivateCrtKey.getModulus());
        buffer.put(rSAPrivateCrtKey.getPublicExponent());
        buffer.put(rSAPrivateCrtKey.getPrivateExponent());
        buffer.put(rSAPrivateCrtKey.getCrtCoefficient());
        buffer.put(rSAPrivateCrtKey.getPrimeP());
        buffer.put(rSAPrivateCrtKey.getPrimeQ());
        buffer.put(str);
        return buffer.toByteArray();
    }

    @Nonnull
    public static byte[] keyToSshAgent(@Nonnull DSAPrivateKey dSAPrivateKey, @Nonnull DSAPublicKey dSAPublicKey, @Nonnull String str) {
        if (!$assertionsDisabled && !Objects.equals(dSAPrivateKey.getParams().getP(), dSAPublicKey.getParams().getP())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !Objects.equals(dSAPrivateKey.getParams().getQ(), dSAPublicKey.getParams().getQ())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !Objects.equals(dSAPrivateKey.getParams().getG(), dSAPublicKey.getParams().getG())) {
            throw new AssertionError();
        }
        Buffer buffer = new Buffer();
        buffer.put(SSH_DSS);
        buffer.put(dSAPrivateKey.getParams().getP());
        buffer.put(dSAPrivateKey.getParams().getQ());
        buffer.put(dSAPrivateKey.getParams().getG());
        buffer.put(dSAPublicKey.getY());
        buffer.put(dSAPrivateKey.getX());
        buffer.put(str);
        return buffer.toByteArray();
    }

    @Nullable
    public static PublicKey blobToPublicKey(byte[] bArr) {
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN);
        byte[] bArr2 = new byte[order.getInt()];
        order.get(bArr2);
        String newStringUtf8 = StringUtils.newStringUtf8(bArr2);
        boolean z = -1;
        switch (newStringUtf8.hashCode()) {
            case -1921420161:
                if (newStringUtf8.equals(SSH_DSS)) {
                    z = true;
                    break;
                }
                break;
            case -1921406725:
                if (newStringUtf8.equals(SSH_RSA)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                byte[] bArr3 = new byte[order.getInt()];
                order.get(bArr3);
                byte[] bArr4 = new byte[order.getInt()];
                order.get(bArr4);
                try {
                    return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(bArr4), new BigInteger(bArr3)));
                } catch (NoSuchAlgorithmException e) {
                    LOG.warn("Could not load RSA Algorithm", e);
                    return null;
                } catch (InvalidKeySpecException e2) {
                    LOG.warn("Failed to create RSA public key from SSH Agent info", e2);
                    return null;
                }
            case true:
                byte[] bArr5 = new byte[order.getInt()];
                order.get(bArr5);
                byte[] bArr6 = new byte[order.getInt()];
                order.get(bArr6);
                byte[] bArr7 = new byte[order.getInt()];
                order.get(bArr7);
                byte[] bArr8 = new byte[order.getInt()];
                order.get(bArr8);
                try {
                    return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(new BigInteger(bArr8), new BigInteger(bArr5), new BigInteger(bArr6), new BigInteger(bArr7)));
                } catch (NoSuchAlgorithmException e3) {
                    LOG.warn("Failed to load DSA Algorithm", e3);
                    return null;
                } catch (InvalidKeySpecException e4) {
                    LOG.warn("Failed to create DSA public key from SSH Agent Info", e4);
                    return null;
                }
            default:
                LOG.warn("Unknown key type: {}", newStringUtf8);
                return null;
        }
    }

    @Nonnull
    public static String keyStoreToString(@Nonnull KeyStore keyStore) {
        try {
            StringBuilder sb = new StringBuilder();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null && keyStore.getCertificate(nextElement) != null) {
                    certificateChain = new Certificate[]{keyStore.getCertificate(nextElement)};
                }
                sb.append("").append(nextElement).append(":");
                if (certificateChain != null) {
                    for (Certificate certificate : certificateChain) {
                        if (certificate instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            sb.append("\n   ").append(x509Certificate.getSubjectDN()).append("  NotAfter=").append(x509Certificate.getNotAfter());
                        } else {
                            sb.append("\n   [non-x509cert]");
                        }
                    }
                } else {
                    sb.append("\n   [certs=null]");
                }
                sb.append("\n");
            }
            return sb.toString();
        } catch (KeyStoreException e) {
            return "KeyStoreException while iterating keystore: " + e.getMessage();
        }
    }

    static {
        $assertionsDisabled = !KeyUtil.class.desiredAssertionStatus();
        Security.setProperty("crypto.policy", "unlimited");
        Security.addProvider(new BouncyCastleProvider());
        LOG = LoggerFactory.getLogger(KeyUtil.class);
    }
}
