package org.xwiki.crypto.x509.internal;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import org.xwiki.crypto.internal.Convert;
import org.xwiki.crypto.internal.SerializationUtils;
import org.xwiki.crypto.passwd.PasswordCiphertext;
import org.xwiki.crypto.passwd.PasswordCryptoService;
import org.xwiki.crypto.x509.XWikiX509Certificate;
import org.xwiki.crypto.x509.XWikiX509KeyPair;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-crypto-5.0.3.jar:org/xwiki/crypto/x509/internal/DefaultXWikiX509KeyPair.class */
public class DefaultXWikiX509KeyPair implements XWikiX509KeyPair {
    private static final long serialVersionUID = 1;
    private final String privateKeyAlgorithm;
    private final byte[] passwordEncryptedPrivateKey;
    private final byte[] encodedCertificate;
    private transient XWikiX509Certificate certificate;

    public DefaultXWikiX509KeyPair(X509Certificate x509Certificate, PrivateKey privateKey, String str, PasswordCryptoService passwordCryptoService) throws GeneralSecurityException {
        this.privateKeyAlgorithm = privateKey.getAlgorithm();
        this.certificate = new XWikiX509Certificate(x509Certificate);
        this.encodedCertificate = x509Certificate.getEncoded();
        try {
            this.passwordEncryptedPrivateKey = passwordCryptoService.encryptBytes(((PKCS8EncodedKeySpec) KeyFactory.getInstance(this.privateKeyAlgorithm).getKeySpec(privateKey, PKCS8EncodedKeySpec.class)).getEncoded(), str);
        } catch (InvalidKeySpecException e) {
            throw new GeneralSecurityException("Failed to encode private key", e);
        }
    }

    public static XWikiX509KeyPair fromBase64String(String str) throws IOException, ClassNotFoundException, CertificateException {
        return fromBase64String(Convert.fromBase64String(str, XWikiX509KeyPair.BASE64_HEADER, XWikiX509KeyPair.BASE64_FOOTER));
    }

    public static XWikiX509KeyPair fromBase64String(byte[] bArr) throws IOException, ClassNotFoundException, CertificateException {
        XWikiX509KeyPair xWikiX509KeyPair = (XWikiX509KeyPair) SerializationUtils.deserialize(bArr);
        try {
            xWikiX509KeyPair.getCertificate();
            return xWikiX509KeyPair;
        } catch (RuntimeException e) {
            throw ((CertificateException) e.getCause());
        }
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public String serializeAsBase64() throws IOException {
        return XWikiX509KeyPair.BASE64_HEADER + Convert.toChunkedBase64String(serialize()) + XWikiX509KeyPair.BASE64_FOOTER;
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public byte[] serialize() throws IOException {
        return SerializationUtils.serialize(this);
    }

    public int hashCode() {
        return this.encodedCertificate.hashCode();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof DefaultXWikiX509KeyPair)) {
            return false;
        }
        DefaultXWikiX509KeyPair defaultXWikiX509KeyPair = (DefaultXWikiX509KeyPair) obj;
        return Arrays.equals(this.passwordEncryptedPrivateKey, defaultXWikiX509KeyPair.passwordEncryptedPrivateKey) && this.privateKeyAlgorithm.equals(defaultXWikiX509KeyPair.privateKeyAlgorithm) && Arrays.equals(this.encodedCertificate, defaultXWikiX509KeyPair.encodedCertificate);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("XWikiPrivateCredential\n");
        sb.append("------------\n");
        try {
            sb.append(getCertificate().toString());
        } catch (RuntimeException e) {
            sb.append("ERROR: Failed to load certificate: " + e.getCause().getMessage());
        }
        sb.append("Private key cannot be shown without a password.");
        return sb.toString();
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public XWikiX509Certificate getCertificate() {
        if (this.certificate == null) {
            try {
                this.certificate = new XWikiX509Certificate((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(this.encodedCertificate)));
            } catch (CertificateException e) {
                throw new RuntimeException(e);
            }
        }
        return this.certificate;
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public PublicKey getPublicKey() {
        return getCertificate().getPublicKey();
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public PrivateKey getPrivateKey(String str) throws GeneralSecurityException {
        try {
            byte[] decrypt = ((PasswordCiphertext) SerializationUtils.deserialize(this.passwordEncryptedPrivateKey)).decrypt(str);
            if (decrypt == null) {
                throw new GeneralSecurityException("Could not decrypt private key, wrong password or corrupted file.");
            }
            return KeyFactory.getInstance(this.privateKeyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(decrypt));
        } catch (Exception e) {
            throw new GeneralSecurityException("Could not deserialize private key ", e);
        }
    }

    @Override // org.xwiki.crypto.x509.XWikiX509KeyPair
    public String getFingerprint() {
        return getCertificate().getFingerprint();
    }
}
