package org.springframework.security.saml.util;

import java.io.ByteArrayInputStream;
import java.io.CharArrayReader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Optional;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.springframework.security.saml.SamlKeyException;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-2.0.0.M30.jar:org/springframework/security/saml/util/X509Utilities.class */
public class X509Utilities {
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
    public static final String END_CERT = "-----END CERTIFICATE-----";
    public static final String BEGIN_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
    public static final String END_KEY = "-----END RSA PRIVATE KEY-----";

    public static byte[] getDER(String str, String str2, String str3) {
        return getDER(str.split(str2)[0].split(str3)[0]);
    }

    public static byte[] getDER(String str) {
        return DatatypeConverter.parseBase64Binary(keyCleanup(str));
    }

    public static String keyCleanup(String str) {
        return str.replace(BEGIN_CERT, "").replace(END_CERT, "").replace(BEGIN_KEY, "").replace(END_KEY, "").replace("\n", "").trim();
    }

    public static X509Certificate getCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static RSAPrivateKey getPrivateKey(byte[] bArr, String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PrivateKey readPrivateKey(String str, String str2) {
        KeyPair keyPair;
        try {
            PEMParser pEMParser = new PEMParser(new CharArrayReader(str.toCharArray()));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
            if (readObject == null) {
                throw new SamlKeyException("Unable to decode PEM key:" + str);
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(((String) Optional.ofNullable(str2).orElse("")).toCharArray())));
            } else {
                keyPair = provider.getKeyPair((PEMKeyPair) readObject);
            }
            return keyPair.getPrivate();
        } catch (IOException e) {
            throw new SamlKeyException(e);
        }
    }
}
