package com.hedera.hashgraph.sdk;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.EncryptionScheme;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PBES2Parameters;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public final class Pem {
    private static final String TYPE_ENCRYPTED_PRIVATE_KEY = "ENCRYPTED PRIVATE KEY";
    private static final String TYPE_PRIVATE_KEY = "PRIVATE KEY";

    private Pem() {
    }

    private static PrivateKeyInfo decryptPrivateKey(byte[] bArr, String str) throws IOException {
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(bArr));
        AlgorithmIdentifier encryptionAlgorithm = encryptedPrivateKeyInfo.getEncryptionAlgorithm();
        if (!encryptionAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.id_PBES2)) {
            throw new BadKeyException("unsupported PEM key encryption: " + encryptionAlgorithm);
        }
        PBES2Parameters pBES2Parameters = PBES2Parameters.getInstance(encryptionAlgorithm.getParameters());
        KeyDerivationFunc keyDerivationFunc = pBES2Parameters.getKeyDerivationFunc();
        EncryptionScheme encryptionScheme = pBES2Parameters.getEncryptionScheme();
        if (!keyDerivationFunc.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.id_PBKDF2)) {
            throw new BadKeyException("unsupported KDF: " + keyDerivationFunc.getAlgorithm());
        }
        if (!encryptionScheme.getAlgorithm().equals((ASN1Primitive) NISTObjectIdentifiers.id_aes128_CBC)) {
            throw new BadKeyException("unsupported encryption: " + encryptionScheme.getAlgorithm());
        }
        PBKDF2Params pBKDF2Params = PBKDF2Params.getInstance(keyDerivationFunc.getParameters());
        if (!pBKDF2Params.getPrf().getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.id_hmacWithSHA256)) {
            throw new BadKeyException("unsupported PRF: " + pBKDF2Params.getPrf());
        }
        KeyParameter deriveKeySha256 = Crypto.deriveKeySha256(str, pBKDF2Params.getSalt(), pBKDF2Params.getIterationCount().intValue(), pBKDF2Params.getKeyLength() != null ? pBKDF2Params.getKeyLength().intValue() : 16);
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("AES");
            algorithmParameters.init(encryptionScheme.getParameters().toASN1Primitive().getEncoded());
            return PrivateKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(Crypto.runCipher(Crypto.initAesCbc128Decrypt(deriveKeySha256, algorithmParameters), encryptedPrivateKeyInfo.getEncryptedData()))).readObject());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKeyInfo readPrivateKey(Reader reader, String str) throws IOException {
        PemReader pemReader = new PemReader(reader);
        PemObject pemObject = null;
        while (true) {
            PemObject readPemObject = pemReader.readPemObject();
            if (readPemObject == null) {
                if (pemObject == null || !pemObject.getType().equals(TYPE_ENCRYPTED_PRIVATE_KEY)) {
                    throw new BadKeyException("PEM file did not contain a private key");
                }
                throw new BadKeyException("PEM file contained an encrypted private key but no passphrase was given");
            }
            String type = readPemObject.getType();
            if (str != null && !str.isEmpty() && type.equals(TYPE_ENCRYPTED_PRIVATE_KEY)) {
                return decryptPrivateKey(readPemObject.getContent(), str);
            }
            if (type.equals(TYPE_PRIVATE_KEY)) {
                return PrivateKeyInfo.getInstance(readPemObject.getContent());
            }
            pemObject = readPemObject;
        }
    }

    static void writeEncryptedPrivateKey(PrivateKeyInfo privateKeyInfo, Writer writer, String str) throws IOException {
        byte[] randomBytes = Crypto.randomBytes(32);
        Cipher initAesCbc128Encrypt = Crypto.initAesCbc128Encrypt(Crypto.deriveKeySha256(str, randomBytes, PKIFailureInfo.transactionIdInUse, 16), Crypto.randomBytes(16));
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, new PBES2Parameters(new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(randomBytes, PKIFailureInfo.transactionIdInUse, 16, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA256))), new EncryptionScheme(NISTObjectIdentifiers.id_aes128_CBC, ASN1Primitive.fromByteArray(initAesCbc128Encrypt.getParameters().getEncoded())))), Crypto.runCipher(initAesCbc128Encrypt, privateKeyInfo.getEncoded()));
        PemWriter pemWriter = new PemWriter(writer);
        pemWriter.writeObject(new PemObject(TYPE_ENCRYPTED_PRIVATE_KEY, encryptedPrivateKeyInfo.getEncoded()));
        pemWriter.flush();
    }
}
