package org.apache.camel.component.ssh;

import java.io.Closeable;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.function.Supplier;
import org.apache.camel.CamelContext;
import org.apache.camel.support.ResourceHelper;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import org.apache.sshd.common.util.io.IoUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.class */
public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private CamelContext camelContext;
    private String[] resources;
    private Supplier<char[]> passwordFinder;

    public ResourceHelperKeyPairProvider() {
    }

    public ResourceHelperKeyPairProvider(String[] strArr, CamelContext camelContext) {
        this.camelContext = camelContext;
        this.resources = strArr;
    }

    public ResourceHelperKeyPairProvider(String[] strArr, Supplier<char[]> supplier, CamelContext camelContext) {
        this.camelContext = camelContext;
        this.resources = strArr;
        this.passwordFinder = supplier;
    }

    public CamelContext getCamelContext() {
        return this.camelContext;
    }

    public void setCamelContext(CamelContext camelContext) {
        this.camelContext = camelContext;
    }

    public String[] getResources() {
        return this.resources;
    }

    public void setResources(String[] strArr) {
        this.resources = strArr;
    }

    public Supplier<char[]> getPasswordFinder() {
        return this.passwordFinder;
    }

    public void setPasswordFinder(Supplier<char[]> supplier) {
        this.passwordFinder = supplier;
    }

    public Iterable<KeyPair> loadKeys() {
        PrivateKey privateKey;
        PublicKey convertPrivateToPublicKey;
        if (!SecurityUtils.isBouncyCastleRegistered()) {
            throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
        }
        ArrayList arrayList = new ArrayList(this.resources.length);
        for (String str : this.resources) {
            Closeable closeable = null;
            InputStreamReader inputStreamReader = null;
            InputStream inputStream = null;
            try {
                try {
                    inputStream = ResourceHelper.resolveMandatoryResourceAsInputStream(this.camelContext, str);
                    inputStreamReader = new InputStreamReader(inputStream);
                    closeable = new PEMParser(inputStreamReader);
                    Object readObject = closeable.readObject();
                    JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
                    jcaPEMKeyConverter.setProvider("BC");
                    if (this.passwordFinder != null && (readObject instanceof PEMEncryptedKeyPair)) {
                        readObject = jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(this.passwordFinder.get())));
                    } else if (this.passwordFinder != null && (readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                        JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
                        jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider("BC");
                        readObject = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(this.passwordFinder.get()));
                    }
                    if (readObject instanceof PEMKeyPair) {
                        arrayList.add(jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject));
                    } else if (readObject instanceof KeyPair) {
                        arrayList.add((KeyPair) readObject);
                    } else if ((readObject instanceof PrivateKeyInfo) && (convertPrivateToPublicKey = convertPrivateToPublicKey((privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject)))) != null) {
                        arrayList.add(new KeyPair(convertPrivateToPublicKey, privateKey));
                    }
                    IoUtils.closeQuietly(new Closeable[]{closeable, inputStream, inputStreamReader});
                } catch (Exception e) {
                    this.log.warn("Unable to read key", e);
                    IoUtils.closeQuietly(new Closeable[]{closeable, inputStream, inputStreamReader});
                }
            } catch (Throwable th) {
                IoUtils.closeQuietly(new Closeable[]{closeable, inputStream, inputStreamReader});
                throw th;
            }
        }
        return arrayList;
    }

    private PublicKey convertPrivateToPublicKey(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (privateKey instanceof RSAPrivateCrtKey) {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(((RSAPrivateCrtKey) privateKey).getModulus(), ((RSAPrivateCrtKey) privateKey).getPublicExponent()));
        }
        if (!(privateKey instanceof ECPrivateKey)) {
            this.log.warn("Unable to convert private key to public key. Only RSA + ECDSA supported");
            return null;
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
        ECParameterSpec convertSpec = EC5Util.convertSpec(eCPrivateKey.getParams());
        return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(convertSpec.getG().multiply(eCPrivateKey.getS()), convertSpec));
    }
}
