package com.unboundid.util.ssl.cert;

import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1Null;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotNull;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-6.0.10.jar:com/unboundid/util/ssl/cert/PKCS8EncryptionHandler.class */
public final class PKCS8EncryptionHandler {
    private PKCS8EncryptionHandler() {
    }

    @NotNull
    public static byte[] encryptPrivateKey(@NotNull PKCS8PrivateKey pKCS8PrivateKey, @NotNull char[] cArr, @NotNull PKCS8EncryptionProperties pKCS8EncryptionProperties) throws CertException {
        return encryptPrivateKey(pKCS8PrivateKey.getPKCS8PrivateKeyBytes(), cArr, pKCS8EncryptionProperties);
    }

    @NotNull
    public static byte[] encryptPrivateKey(@NotNull byte[] bArr, @NotNull char[] cArr, @NotNull PKCS8EncryptionProperties pKCS8EncryptionProperties) throws CertException {
        PKCS5AlgorithmIdentifier keyFactoryPRFAlgorithm = pKCS8EncryptionProperties.getKeyFactoryPRFAlgorithm();
        int keyFactoryIterationCount = pKCS8EncryptionProperties.getKeyFactoryIterationCount();
        int keyFactorySaltLengthBytes = pKCS8EncryptionProperties.getKeyFactorySaltLengthBytes();
        PKCS5AlgorithmIdentifier cipherTransformationAlgorithm = pKCS8EncryptionProperties.getCipherTransformationAlgorithm();
        String pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction = PKCS5AlgorithmIdentifier.getPBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction(keyFactoryPRFAlgorithm);
        String cipherAlgorithmName = PKCS5AlgorithmIdentifier.getCipherAlgorithmName(cipherTransformationAlgorithm);
        String cipherTransformationName = PKCS5AlgorithmIdentifier.getCipherTransformationName(cipherTransformationAlgorithm);
        int intValue = PKCS5AlgorithmIdentifier.getCipherKeySizeBits(cipherTransformationAlgorithm).intValue();
        byte[] randomBytes = StaticUtils.randomBytes(keyFactorySaltLengthBytes, true);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(CryptoHelper.getSecretKeyFactory(pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction).generateSecret(new PBEKeySpec(cArr, randomBytes, keyFactoryIterationCount, intValue)).getEncoded(), cipherAlgorithmName);
            try {
                Cipher cipher = CryptoHelper.getCipher(cipherTransformationName);
                cipher.init(1, secretKeySpec);
                try {
                    try {
                        return new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(PKCS5AlgorithmIdentifier.PBES2.getOID()), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(PKCS5AlgorithmIdentifier.PBKDF2.getOID()), new ASN1Sequence(new ASN1OctetString(randomBytes), new ASN1Integer(keyFactoryIterationCount), new ASN1Sequence(new ASN1ObjectIdentifier(keyFactoryPRFAlgorithm.getOID()), new ASN1Null()))), new ASN1Sequence(new ASN1ObjectIdentifier(cipherTransformationAlgorithm.getOID()), new ASN1OctetString(cipher.getIV())))), new ASN1OctetString(cipher.doFinal(bArr))).encode();
                    } catch (Exception e) {
                        Debug.debugException(e);
                        throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_ENCODE_ENC_PRIVATE_KEY.get(StaticUtils.getExceptionMessage(e)), e);
                    }
                } catch (Exception e2) {
                    Debug.debugException(e2);
                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_ENCRYPT_PRIVATE_KEY.get(cipherTransformationName, StaticUtils.getExceptionMessage(e2)), e2);
                }
            } catch (Exception e3) {
                Debug.debugException(e3);
                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_ENC_CIPHER.get(cipherTransformationName, StaticUtils.getExceptionMessage(e3)), e3);
            }
        } catch (Exception e4) {
            Debug.debugException(e4);
            throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_ENC_SECRET_KEY.get(pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction, StaticUtils.getExceptionMessage(e4)), e4);
        }
    }

    @NotNull
    public static PKCS8PrivateKey decryptPrivateKey(@NotNull byte[] bArr, @NotNull char[] cArr) throws CertException {
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(bArr).elements();
            if (elements.length != 2) {
                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_SEQUENCE_UNEXPECTED_ENC_KEY_ELEMENT_COUNT.get(Integer.valueOf(elements.length)));
            }
            try {
                ASN1Element[] elements2 = elements[0].decodeAsSequence().elements();
                if (elements2.length != 2) {
                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_SEQUENCE_UNEXPECTED_KEY_SCHEME_ELEMENT_COUNT.get(Integer.valueOf(elements2.length)));
                }
                try {
                    ASN1ObjectIdentifier decodeAsObjectIdentifier = elements2[0].decodeAsObjectIdentifier();
                    if (!decodeAsObjectIdentifier.getOID().equals(PKCS5AlgorithmIdentifier.PBES2.getOID())) {
                        throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_ENC_SCHEME_NOT_PBES2.get(decodeAsObjectIdentifier.getOID().toString()));
                    }
                    try {
                        ASN1Element[] elements3 = elements2[1].decodeAsSequence().elements();
                        if (elements3.length != 2) {
                            throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_PBES2_UNEXPECTED_PARAMS_SEQUENCE_ELEMENT_COUNT.get(Integer.valueOf(elements3.length)));
                        }
                        Integer num = null;
                        try {
                            ASN1Element[] elements4 = elements3[0].decodeAsSequence().elements();
                            ASN1ObjectIdentifier decodeAsObjectIdentifier2 = elements4[0].decodeAsObjectIdentifier();
                            if (!decodeAsObjectIdentifier2.getOID().equals(PKCS5AlgorithmIdentifier.PBKDF2.getOID())) {
                                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_KDF.get(decodeAsObjectIdentifier2.getOID().toString()));
                            }
                            ASN1Element[] elements5 = elements4[1].decodeAsSequence().elements();
                            byte[] value = elements5[0].decodeAsOctetString().getValue();
                            int intValue = elements5[1].decodeAsInteger().intValue();
                            PKCS5AlgorithmIdentifier pKCS5AlgorithmIdentifier = PKCS5AlgorithmIdentifier.HMAC_SHA_1;
                            for (int i = 2; i < elements5.length; i++) {
                                if (elements5[i].getType() == 2) {
                                    num = Integer.valueOf(elements5[i].decodeAsInteger().intValue());
                                } else if (elements5[i].getType() == 48) {
                                    ASN1ObjectIdentifier decodeAsObjectIdentifier3 = elements5[i].decodeAsSequence().elements()[0].decodeAsObjectIdentifier();
                                    pKCS5AlgorithmIdentifier = PKCS5AlgorithmIdentifier.forOID(decodeAsObjectIdentifier3.getOID());
                                    if (pKCS5AlgorithmIdentifier == null) {
                                        throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_PBKDF2_PRF.get(decodeAsObjectIdentifier3.getOID().toString()));
                                    }
                                } else {
                                    continue;
                                }
                            }
                            String pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction = PKCS5AlgorithmIdentifier.getPBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction(pKCS5AlgorithmIdentifier);
                            if (pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction == null) {
                                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_PBKDF2_PRF.get(pKCS5AlgorithmIdentifier.getOID().toString()));
                            }
                            try {
                                ASN1Element[] elements6 = elements3[1].decodeAsSequence().elements();
                                ASN1ObjectIdentifier decodeAsObjectIdentifier4 = elements6[0].decodeAsObjectIdentifier();
                                PKCS5AlgorithmIdentifier forOID = PKCS5AlgorithmIdentifier.forOID(decodeAsObjectIdentifier4.getOID());
                                if (forOID == null) {
                                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_CIPHER.get(decodeAsObjectIdentifier4.getOID().toString()));
                                }
                                String cipherAlgorithmName = PKCS5AlgorithmIdentifier.getCipherAlgorithmName(forOID);
                                String cipherTransformationName = PKCS5AlgorithmIdentifier.getCipherTransformationName(forOID);
                                if (num == null) {
                                    num = PKCS5AlgorithmIdentifier.getCipherKeySizeBits(forOID);
                                }
                                if (cipherAlgorithmName == null || cipherTransformationName == null || num == null) {
                                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_CIPHER.get(decodeAsObjectIdentifier4.getOID().toString()));
                                }
                                byte[] value2 = elements6[1].decodeAsOctetString().getValue();
                                try {
                                    SecretKeySpec secretKeySpec = new SecretKeySpec(CryptoHelper.getSecretKeyFactory(pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction).generateSecret(new PBEKeySpec(cArr, value, intValue, num.intValue())).getEncoded(), cipherAlgorithmName);
                                    try {
                                        Cipher cipher = CryptoHelper.getCipher(cipherTransformationName);
                                        cipher.init(2, secretKeySpec, new IvParameterSpec(value2));
                                        try {
                                            try {
                                                return new PKCS8PrivateKey(cipher.doFinal(elements[1].decodeAsOctetString().getValue()));
                                            } catch (Exception e) {
                                                Debug.debugException(e);
                                                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_DECRYPTED_KEY.get(cipherTransformationName, StaticUtils.getExceptionMessage(e)), e);
                                            }
                                        } catch (Exception e2) {
                                            Debug.debugException(e2);
                                            throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_DECRYPT_KEY.get(cipherTransformationName, StaticUtils.getExceptionMessage(e2)), e2);
                                        }
                                    } catch (Exception e3) {
                                        Debug.debugException(e3);
                                        throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_DEC_CIPHER.get(cipherTransformationName, StaticUtils.getExceptionMessage(e3)), e3);
                                    }
                                } catch (Exception e4) {
                                    Debug.debugException(e4);
                                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_DEC_SECRET_KEY.get(pBKDF2SecretKeyFactoryAlgorithmForPseudorandomFunction, StaticUtils.getExceptionMessage(e4)), e4);
                                }
                            } catch (CertException e5) {
                                Debug.debugException(e5);
                                throw e5;
                            } catch (Exception e6) {
                                Debug.debugException(e6);
                                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_DECODE_CIPHER_SETTINGS.get(StaticUtils.getExceptionMessage(e6)), e6);
                            }
                        } catch (CertException e7) {
                            Debug.debugException(e7);
                            throw e7;
                        } catch (Exception e8) {
                            Debug.debugException(e8);
                            throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_DECODE_KDF_SETTINGS.get(StaticUtils.getExceptionMessage(e8)), e8);
                        }
                    } catch (Exception e9) {
                        Debug.debugException(e9);
                        throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_PBES2_PARAMS_NOT_SEQUENCE.get(), e9);
                    }
                } catch (Exception e10) {
                    throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_KEY_SCHEME_OID.get(), e10);
                }
            } catch (Exception e11) {
                Debug.debugException(e11);
                throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_KEY_SCHEME_ELEMENT_NOT_SEQUENCE.get(), e11);
            }
        } catch (Exception e12) {
            Debug.debugException(e12);
            throw new CertException(CertMessages.ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_AS_ENC_KEY_SEQUENCE.get(), e12);
        }
    }
}
