package com.ibm.ws.security.common.jwk.impl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/PemKeyUtil.class */
public class PemKeyUtil {
    private static final TraceComponent tc = Tr.register(PemKeyUtil.class, (String) null, (String) null);
    protected static final String BEGIN_PUBLIC = "-----BEGIN PUBLIC KEY-----";
    protected static final String END_PUBLIC = "-----END PUBLIC KEY-----";
    protected static final String BEGIN_PRIVATE = "-----BEGIN PRIVATE KEY-----";
    protected static final String END_PRIVATE = "-----END PRIVATE KEY-----";
    protected static final String BEGIN_RSA_PUBLIC = "-----BEGIN RSA PUBLIC KEY-----";
    protected static final String END_RSA_PUBLIC = "-----END RSA PUBLIC KEY-----";
    protected static final String BEGIN_EC_PUBLIC = "-----BEGIN ECDSA PUBLIC KEY-----";
    protected static final String END_EC_PUBLIC = "-----END ECDSA PUBLIC KEY-----";
    protected static final String LINE_SEPARATOR_UNIX = "\n";
    protected static final String LINE_SEPARATOR_MAC = "\r";
    protected static final String LINE_SEPARATOR_WINDOW = "\r\n";
    protected static final String RSA_KEY = "RSA";
    protected static final String EC_KEY = "EC";
    static final long serialVersionUID = 2431442417089561538L;

    /* loaded from: input_file:com/ibm/ws/security/common/jwk/impl/PemKeyUtil$KeyType.class */
    public enum KeyType {
        RSA_PUBLIC,
        EC_PUBLIC,
        PUBLIC,
        PRIVATE,
        UNKNOWN
    }

    public static PublicKey getPublicKey(String str) throws Exception {
        return generatePublicKey(Base64.decodeBase64(removeDelimiter(str)), getKeyType(str));
    }

    @Sensitive
    public static PrivateKey getPrivateKey(@Sensitive String str) throws Exception {
        return generatePrivateKey(Base64.decodeBase64(removeDelimiter(str)), getKeyType(str));
    }

    public static KeyType getKeyType(@Sensitive String str) {
        return str == null ? KeyType.UNKNOWN : str.contains(BEGIN_RSA_PUBLIC) ? KeyType.RSA_PUBLIC : str.contains(BEGIN_EC_PUBLIC) ? KeyType.EC_PUBLIC : str.contains(BEGIN_PUBLIC) ? KeyType.PUBLIC : str.contains(BEGIN_PRIVATE) ? KeyType.PRIVATE : KeyType.UNKNOWN;
    }

    private static String removeDelimiter(@Sensitive String str) {
        return str.replaceAll(BEGIN_PUBLIC, "").replaceAll(END_PUBLIC, "").replaceAll(BEGIN_PRIVATE, "").replaceAll(END_PRIVATE, "").replaceAll(BEGIN_RSA_PUBLIC, "").replaceAll(END_RSA_PUBLIC, "").replaceAll(BEGIN_EC_PUBLIC, "").replaceAll(END_EC_PUBLIC, "").replaceAll(LINE_SEPARATOR_UNIX, "").replaceAll(LINE_SEPARATOR_MAC, "").replaceAll(LINE_SEPARATOR_WINDOW, "").trim();
    }

    private static PublicKey generatePublicKey(byte[] bArr, KeyType keyType) throws Exception {
        if (keyType == KeyType.RSA_PUBLIC) {
            return generateRsaPublicKey(bArr);
        }
        if (keyType == KeyType.EC_PUBLIC) {
            return generateEcPublicKey(bArr);
        }
        if (keyType == KeyType.PUBLIC) {
            return generateUnspecifiedPublicKey(bArr);
        }
        return null;
    }

    @Sensitive
    private static PrivateKey generatePrivateKey(@Sensitive byte[] bArr, KeyType keyType) throws Exception {
        return generateUnspecifiedPrivateKey(bArr);
    }

    private static PublicKey generateRsaPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    @Sensitive
    private static PrivateKey generateRsaPrivateKey(@Sensitive byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static PublicKey generateEcPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(bArr));
    }

    @Sensitive
    private static PrivateKey generateEcPrivateKey(@Sensitive byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    @FFDCIgnore({Exception.class})
    private static PublicKey generateUnspecifiedPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        try {
            return generateRsaPublicKey(bArr);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to generate RSA public key. Will try to generate EC key instead. Exception was: " + e, new Object[0]);
            }
            return generateEcPublicKey(bArr);
        }
    }

    @FFDCIgnore({Exception.class})
    @Sensitive
    private static PrivateKey generateUnspecifiedPrivateKey(@Sensitive byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        try {
            return generateRsaPrivateKey(bArr);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to generate RSA private key. Will try to generate EC key instead. Exception was: " + e, new Object[0]);
            }
            return generateEcPrivateKey(bArr);
        }
    }
}
