package gov.usgs.util;

import ch.ethz.ssh2.crypto.PEMDecoder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.PSSParameterSpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.LinkedList;
import java.util.List;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:gov/usgs/util/CryptoUtils.class */
public class CryptoUtils {
    public static final String AES_ALGORITHM = "AES";
    public static final int AES_128 = 128;
    public static final int AES_256 = 256;
    public static final String DSA_ALGORITHM = "DSA";
    public static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA";
    public static final int DSA_1024 = 1024;
    public static final String RSA_ALGORITHM = "RSA";
    public static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
    public static final int RSA_2048 = 2048;
    public static final int RSA_4096 = 4096;
    private static final Logger LOGGER = Logger.getLogger(CryptoUtils.class.getName());
    public static final String SIGNATURE_V2_DSA_ALGORITHM = "SHA256withDSA";
    public static final String SIGNATURE_V2_RSA_ALGORITHM = "RSASSA-PSS";

    /* loaded from: input_file:gov/usgs/util/CryptoUtils$Version.class */
    public enum Version {
        SIGNATURE_V1("v1"),
        SIGNATURE_V2("v2");

        private String value;

        Version(String str) {
            this.value = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.value;
        }

        public static Version fromString(String str) {
            if (SIGNATURE_V1.value.equals(str)) {
                CryptoUtils.LOGGER.warning(String.format("Using deprecated signature version %s, consider updating to %s", str, SIGNATURE_V2.value));
                return SIGNATURE_V1;
            }
            if (SIGNATURE_V2.value.equals(str)) {
                return SIGNATURE_V2;
            }
            throw new IllegalArgumentException("Invalid signature version");
        }
    }

    public static void processCipherStream(Cipher cipher, InputStream inputStream, OutputStream outputStream) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
        StreamUtils.transferStream(inputStream, new CipherOutputStream(outputStream, cipher));
    }

    public static Cipher getEncryptCipher(Key key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(key.getAlgorithm());
        cipher.init(1, key);
        return cipher;
    }

    public static Cipher getDecryptCipher(Key key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(key.getAlgorithm());
        cipher.init(2, key);
        return cipher;
    }

    public static Signature getSignature(Key key, Version version) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        if (version == Version.SIGNATURE_V1) {
            if ((key instanceof DSAPrivateKey) || (key instanceof DSAPublicKey)) {
                return Signature.getInstance(DSA_SIGNATURE_ALGORITHM);
            }
            if ((key instanceof RSAPrivateKey) || (key instanceof RSAPublicKey)) {
                return Signature.getInstance("SHA1withRSA");
            }
        } else {
            if (version != Version.SIGNATURE_V2) {
                throw new IllegalArgumentException("Unexpected signature version " + version);
            }
            if ((key instanceof DSAPrivateKey) || (key instanceof DSAPublicKey)) {
                return Signature.getInstance(SIGNATURE_V2_DSA_ALGORITHM);
            }
            if ((key instanceof RSAPrivateKey) || (key instanceof RSAPublicKey)) {
                return Signature.getInstance(SIGNATURE_V2_RSA_ALGORITHM);
            }
        }
        throw new InvalidKeyException("Expected DSA or RSA key");
    }

    public static void configureSignature(Key key, Version version, Signature signature) throws InvalidAlgorithmParameterException {
        if (version == Version.SIGNATURE_V2) {
            if ((key instanceof RSAPrivateKey) || (key instanceof RSAPublicKey)) {
                signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, ((((key instanceof RSAPrivateKey ? ((RSAPrivateKey) key).getModulus().bitLength() : ((RSAPublicKey) key).getModulus().bitLength()) + 6) / 8) - 32) - 2, 1));
            }
        }
    }

    public static String sign(PrivateKey privateKey, byte[] bArr, Version version) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        Signature signature = getSignature(privateKey, version);
        signature.initSign(privateKey);
        configureSignature(privateKey, version, signature);
        signature.update(bArr);
        return Base64.getEncoder().encodeToString(signature.sign());
    }

    public static boolean verify(PublicKey publicKey, byte[] bArr, String str) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        return verify(publicKey, bArr, str, Version.SIGNATURE_V1);
    }

    public static boolean verify(PublicKey publicKey, byte[] bArr, String str, Version version) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        Signature signature = getSignature(publicKey, version);
        signature.initVerify(publicKey);
        configureSignature(publicKey, version, signature);
        signature.update(bArr);
        return signature.verify(Base64.getDecoder().decode(str));
    }

    public static byte[] encrypt(Key key, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalArgumentException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        processCipherStream(getEncryptCipher(key), StreamUtils.getInputStream(bArr), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] decrypt(Key key, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalArgumentException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        processCipherStream(getDecryptCipher(key), StreamUtils.getInputStream(bArr), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public static Key generateAESKey(int i) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_ALGORITHM);
        keyGenerator.init(i);
        return keyGenerator.generateKey();
    }

    public static KeyPair generateRSAKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateDSAKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static Certificate readCertificate(byte[] bArr) throws CertificateException, IOException {
        byte[] bArr2 = bArr;
        if (((char) bArr2[0]) == '-') {
            bArr2 = convertPEMToDER(new String(bArr2));
        }
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr2));
    }

    public static PublicKey readPublicKey(byte[] bArr) throws IOException, NoSuchAlgorithmException {
        byte[] bArr2 = bArr;
        if (((char) bArr2[0]) == '-') {
            bArr2 = convertPEMToDER(new String(bArr2));
        }
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr2);
        try {
            return KeyFactory.getInstance("DSA").generatePublic(x509EncodedKeySpec);
        } catch (InvalidKeySpecException e) {
            try {
                return KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec);
            } catch (InvalidKeySpecException e2) {
                return null;
            }
        }
    }

    public static PrivateKey readPrivateKey(byte[] bArr) throws IOException, NoSuchAlgorithmException {
        byte[] bArr2 = bArr;
        if (((char) bArr2[0]) == '-') {
            bArr2 = convertPEMToDER(new String(bArr2));
        }
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr2);
        try {
            return KeyFactory.getInstance("DSA").generatePrivate(pKCS8EncodedKeySpec);
        } catch (InvalidKeySpecException e) {
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec);
            } catch (InvalidKeySpecException e2) {
                return null;
            }
        }
    }

    public static PrivateKey readOpenSSHPrivateKey(byte[] bArr, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        PrivateKey privateKey = null;
        Object decode = PEMDecoder.decode(new String(bArr).toCharArray(), str);
        if (decode instanceof ch.ethz.ssh2.signature.DSAPrivateKey) {
            ch.ethz.ssh2.signature.DSAPrivateKey dSAPrivateKey = (ch.ethz.ssh2.signature.DSAPrivateKey) decode;
            privateKey = (DSAPrivateKey) KeyFactory.getInstance("DSA").generatePrivate(new DSAPrivateKeySpec(dSAPrivateKey.getX(), dSAPrivateKey.getP(), dSAPrivateKey.getQ(), dSAPrivateKey.getG()));
        } else if (decode instanceof ch.ethz.ssh2.signature.RSAPrivateKey) {
            ch.ethz.ssh2.signature.RSAPrivateKey rSAPrivateKey = (ch.ethz.ssh2.signature.RSAPrivateKey) decode;
            privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(rSAPrivateKey.getN(), rSAPrivateKey.getD()));
        }
        return privateKey;
    }

    public static PublicKey readOpenSSHPublicKey(byte[] bArr) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        String[] split = new String(bArr).trim().split(" ", 3);
        String str = split[0];
        ByteBuffer wrap = ByteBuffer.wrap(Base64.getDecoder().decode(split[1]));
        String str2 = new String(readDERString(wrap));
        if (!str2.equals(str)) {
            throw new IllegalArgumentException("expected " + str + ", got " + str2);
        }
        if (str.equals("ssh-dss")) {
            BigInteger bigInteger = new BigInteger(readDERString(wrap));
            BigInteger bigInteger2 = new BigInteger(readDERString(wrap));
            BigInteger bigInteger3 = new BigInteger(readDERString(wrap));
            return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(new BigInteger(readDERString(wrap)), bigInteger, bigInteger2, bigInteger3));
        }
        if (!str.equals("ssh-rsa")) {
            throw new InvalidKeySpecException("Unknown key type '" + str + "'");
        }
        BigInteger bigInteger4 = new BigInteger(readDERString(wrap));
        return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(readDERString(wrap)), bigInteger4));
    }

    public static byte[] readDERString(ByteBuffer byteBuffer) {
        int i = byteBuffer.getInt();
        if (i > 8192) {
            throw new IllegalArgumentException("DER String Length " + i + " > 8192");
        }
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        return bArr;
    }

    public static byte[] convertPEMToDER(String str) throws IOException {
        List<String> split = StringUtils.split(str, "\n");
        String remove = split.remove(0);
        String remove2 = split.remove(split.size() - 1);
        if (!remove.startsWith("-----BEGIN ") || !remove.endsWith("-----")) {
            throw new IllegalArgumentException("Unexpected PEM header '" + remove + "'");
        }
        String replace = remove.replace("-----BEGIN ", "").replace("-----", "");
        if (replace.contains("ENCRYPTED")) {
            throw new IllegalArgumentException("Encrypted keys are not supported.");
        }
        if (remove2.equals("-----END " + replace + "-----")) {
            return Base64.getMimeDecoder().decode(StringUtils.join(new LinkedList(split), "\n"));
        }
        throw new IllegalArgumentException("Unexpected PEM footer '" + remove2 + "'");
    }
}
