package org.xipki.security.pkcs12;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jcajce.interfaces.EdDSAKey;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.SignatureSigner;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/security/pkcs12/P12KeyGenerator.class */
public class P12KeyGenerator {
    private static final long MIN = 60000;
    private static final long DAY = 86400000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/security/pkcs12/P12KeyGenerator$KeyAndCertPair.class */
    public static class KeyAndCertPair {
        private final X509Certificate jceCert;
        private final PrivateKey key;

        KeyAndCertPair(X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) throws CertificateException {
            this.key = privateKey;
            this.jceCert = X509Util.toX509Cert(x509CertificateHolder.toASN1Structure());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/security/pkcs12/P12KeyGenerator$KeyPairWithSubjectPublicKeyInfo.class */
    public static class KeyPairWithSubjectPublicKeyInfo {
        private KeyPair keypair;
        private SubjectPublicKeyInfo subjectPublicKeyInfo;

        KeyPairWithSubjectPublicKeyInfo(KeyPair keyPair, SubjectPublicKeyInfo subjectPublicKeyInfo) throws InvalidKeySpecException {
            this.keypair = keyPair;
            this.subjectPublicKeyInfo = X509Util.toRfc3279Style(subjectPublicKeyInfo);
        }

        public KeyPair getKeypair() {
            return this.keypair;
        }

        public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
            return this.subjectPublicKeyInfo;
        }
    }

    public P12KeyGenerationResult generateRSAKeypair(int i, BigInteger bigInteger, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        return generateIdentity(genRSAKeypair(i, bigInteger, keystoreGenerationParameters.getRandom()), keystoreGenerationParameters, str);
    }

    public P12KeyGenerationResult generateDSAKeypair(int i, int i2, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        return generateIdentity(genDSAKeypair(i, i2, keystoreGenerationParameters.getRandom()), keystoreGenerationParameters, str);
    }

    public P12KeyGenerationResult generateECKeypair(String str, KeystoreGenerationParameters keystoreGenerationParameters, String str2) throws Exception {
        ASN1ObjectIdentifier curveOidForCurveNameOrOid = AlgorithmUtil.getCurveOidForCurveNameOrOid(str);
        if (curveOidForCurveNameOrOid == null) {
            throw new IllegalArgumentException("invalid curveNameOrOid '" + str + "'");
        }
        KeyPair generateECKeypair = KeyUtil.generateECKeypair(curveOidForCurveNameOrOid, keystoreGenerationParameters.getRandom());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, curveOidForCurveNameOrOid);
        ECPublicKey eCPublicKey = (ECPublicKey) generateECKeypair.getPublic();
        return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(generateECKeypair, new SubjectPublicKeyInfo(algorithmIdentifier, KeyUtil.getUncompressedEncodedECPoint(eCPublicKey.getW(), eCPublicKey.getParams().getOrder().bitLength()))), keystoreGenerationParameters, str2);
    }

    public P12KeyGenerationResult generateEdECKeypair(String str, KeystoreGenerationParameters keystoreGenerationParameters, String str2) throws Exception {
        if (!EdECConstants.isEdwardsOrMontgemoryCurve(str)) {
            throw new IllegalArgumentException("invalid curveName " + str);
        }
        KeyPair generateEdECKeypair = KeyUtil.generateEdECKeypair(str, keystoreGenerationParameters.getRandom());
        return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(generateEdECKeypair, KeyUtil.createSubjectPublicKeyInfo(generateEdECKeypair.getPublic())), keystoreGenerationParameters, str2);
    }

    public P12KeyGenerationResult generateSecretKey(String str, int i, KeystoreGenerationParameters keystoreGenerationParameters) throws Exception {
        if (i % 8 != 0) {
            throw new IllegalArgumentException("keyBitLen (" + i + ") must be multiple of 8");
        }
        SecureRandom random = keystoreGenerationParameters.getRandom();
        if (random == null) {
            random = new SecureRandom();
        }
        byte[] bArr = new byte[i / 8];
        random.nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
        KeyStore keyStore = KeyUtil.getKeyStore("JCEKS");
        keyStore.load(null, keystoreGenerationParameters.getPassword());
        keyStore.setKeyEntry("main", secretKeySpec, keystoreGenerationParameters.getPassword(), null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, keystoreGenerationParameters.getPassword());
            byteArrayOutputStream.flush();
            P12KeyGenerationResult p12KeyGenerationResult = new P12KeyGenerationResult(byteArrayOutputStream.toByteArray());
            p12KeyGenerationResult.setKeystoreObject(keyStore);
            return p12KeyGenerationResult;
        } catch (Throwable th) {
            byteArrayOutputStream.flush();
            throw th;
        }
    }

    private KeyPairWithSubjectPublicKeyInfo genRSAKeypair(int i, BigInteger bigInteger, SecureRandom secureRandom) throws Exception {
        KeyPair generateRSAKeypair = KeyUtil.generateRSAKeypair(i, bigInteger, secureRandom);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateRSAKeypair.getPublic();
        return new KeyPairWithSubjectPublicKeyInfo(generateRSAKeypair, new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent())));
    }

    private KeyPairWithSubjectPublicKeyInfo genDSAKeypair(int i, int i2, SecureRandom secureRandom) throws Exception {
        KeyPair generateDSAKeypair = KeyUtil.generateDSAKeypair(i, i2, secureRandom);
        return new KeyPairWithSubjectPublicKeyInfo(generateDSAKeypair, KeyUtil.createSubjectPublicKeyInfo((DSAPublicKey) generateDSAKeypair.getPublic()));
    }

    private static P12KeyGenerationResult generateIdentity(KeyPairWithSubjectPublicKeyInfo keyPairWithSubjectPublicKeyInfo, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        Date date = new Date(new Date().getTime() - 600000);
        Date date2 = new Date(date.getTime() + 315360000000L);
        X500Name x500Name = new X500Name(str == null ? "CN=DUMMY" : str);
        KeyAndCertPair keyAndCertPair = new KeyAndCertPair(new X509v3CertificateBuilder(x500Name, BigInteger.ONE, date, date2, x500Name, keyPairWithSubjectPublicKeyInfo.getSubjectPublicKeyInfo()).build(getContentSigner(keyPairWithSubjectPublicKeyInfo.getKeypair().getPrivate())), keyPairWithSubjectPublicKeyInfo.getKeypair().getPrivate());
        KeyStore keyStore = KeyUtil.getKeyStore("PKCS12");
        keyStore.load(null, keystoreGenerationParameters.getPassword());
        keyStore.setKeyEntry("main", keyAndCertPair.key, keystoreGenerationParameters.getPassword(), new Certificate[]{keyAndCertPair.jceCert});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, keystoreGenerationParameters.getPassword());
            byteArrayOutputStream.flush();
            P12KeyGenerationResult p12KeyGenerationResult = new P12KeyGenerationResult(byteArrayOutputStream.toByteArray());
            p12KeyGenerationResult.setKeystoreObject(keyStore);
            return p12KeyGenerationResult;
        } catch (Throwable th) {
            byteArrayOutputStream.flush();
            throw th;
        }
    }

    private static ContentSigner getContentSigner(PrivateKey privateKey) throws Exception {
        HashAlgo hashAlgo;
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        BcRSAContentSignerBuilder bcECContentSignerBuilder;
        if (privateKey instanceof RSAPrivateKey) {
            bcECContentSignerBuilder = new BcRSAContentSignerBuilder(buildAlgId(PKCSObjectIdentifiers.sha1WithRSAEncryption), buildAlgId(X509ObjectIdentifiers.id_SHA1));
        } else if (privateKey instanceof DSAPrivateKey) {
            bcECContentSignerBuilder = new BcDSAContentSignerBuilder(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa_with_sha1), buildAlgId(X509ObjectIdentifiers.id_SHA1));
        } else {
            if (!(privateKey instanceof ECPrivateKey)) {
                if (privateKey instanceof EdDSAKey) {
                    String algorithm = privateKey.getAlgorithm();
                    ASN1ObjectIdentifier keyAlgIdForKeyAlgName = EdECConstants.getKeyAlgIdForKeyAlgName(algorithm);
                    if (keyAlgIdForKeyAlgName == null) {
                        throw new InvalidKeyException("unknown EdDSA key algorithm " + algorithm);
                    }
                    return new SignatureSigner(new AlgorithmIdentifier(keyAlgIdForKeyAlgName), Signature.getInstance("EdDSA", "BC"), privateKey);
                }
                if (!(privateKey instanceof XDHKey)) {
                    throw new IllegalArgumentException("unknown type of key " + privateKey.getClass().getName());
                }
                String algorithm2 = privateKey.getAlgorithm();
                ASN1ObjectIdentifier keyAlgIdForKeyAlgName2 = EdECConstants.getKeyAlgIdForKeyAlgName(algorithm2);
                if (keyAlgIdForKeyAlgName2 == null) {
                    throw new InvalidKeyException("unknown EdDSA key algorithm " + algorithm2);
                }
                return new SignatureSigner(new AlgorithmIdentifier(keyAlgIdForKeyAlgName2), Signature.getInstance("EdDSA", "BC"), KeyUtil.convertXDHToDummyEdDSAPrivateKey(privateKey));
            }
            int bitLength = ((ECPrivateKey) privateKey).getParams().getOrder().bitLength();
            if (bitLength > 384) {
                hashAlgo = HashAlgo.SHA512;
                aSN1ObjectIdentifier = X9ObjectIdentifiers.ecdsa_with_SHA512;
            } else if (bitLength > 256) {
                hashAlgo = HashAlgo.SHA384;
                aSN1ObjectIdentifier = X9ObjectIdentifiers.ecdsa_with_SHA384;
            } else if (bitLength > 224) {
                hashAlgo = HashAlgo.SHA224;
                aSN1ObjectIdentifier = X9ObjectIdentifiers.ecdsa_with_SHA224;
            } else if (bitLength > 160) {
                hashAlgo = HashAlgo.SHA256;
                aSN1ObjectIdentifier = X9ObjectIdentifiers.ecdsa_with_SHA256;
            } else {
                hashAlgo = HashAlgo.SHA1;
                aSN1ObjectIdentifier = X9ObjectIdentifiers.ecdsa_with_SHA1;
            }
            bcECContentSignerBuilder = new BcECContentSignerBuilder(new AlgorithmIdentifier(aSN1ObjectIdentifier), buildAlgId(hashAlgo.getOid()));
        }
        return bcECContentSignerBuilder.build(KeyUtil.generatePrivateKeyParameter(privateKey));
    }

    private static AlgorithmIdentifier buildAlgId(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return new AlgorithmIdentifier(aSN1ObjectIdentifier, DERNull.INSTANCE);
    }
}
