package de.petendi.seccoco.connector;

import de.petendi.commons.crypto.connector.CryptoException;
import de.petendi.commons.crypto.connector.SecurityProviderConnector;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jcajce.provider.digest.SHA3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:lib/seccoco-java-2.0.0.jar:de/petendi/seccoco/connector/BCConnector.class */
public class BCConnector implements SecurityProviderConnector {
    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public X509Certificate createCertificate(String str, String str2, String str3, PublicKey publicKey, PrivateKey privateKey) throws CryptoException {
        Calendar calendar = Calendar.getInstance();
        BigInteger valueOf = BigInteger.valueOf(calendar.getTimeInMillis());
        X500Name x500Name = new X500Name(str);
        X500Name x500Name2 = new X500Name(str2);
        Date time = calendar.getTime();
        calendar.add(1, 20);
        Date time2 = calendar.getTime();
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publicKey.getEncoded()));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, valueOf, time, time2, x500Name, subjectPublicKeyInfo);
        try {
            X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
            x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) x509ExtensionUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo));
            x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) x509ExtensionUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo));
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(16));
            if (str3 != null) {
                x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, (ASN1Encodable) new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(6, str3))), null, null)}));
            }
            return new JcaX509CertificateConverter().setProvider(getProviderName()).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(getSignAlgorithm()).setProvider(getProviderName()).build(privateKey)));
        } catch (Exception e) {
            throw new CryptoException(e);
        }
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public void writeCertificate(Writer writer, X509Certificate x509Certificate) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        jcaPEMWriter.writeObject(x509Certificate);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public byte[] hash(byte[] bArr) {
        SHA3.DigestSHA3 digestSHA3 = new SHA3.DigestSHA3(512);
        digestSHA3.update(bArr);
        return digestSHA3.digest();
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public final PublicKey extractPublicKey(Reader reader) throws CryptoException {
        return extractCertificate(reader).getPublicKey();
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public X509Certificate extractCertificate(Reader reader) throws CryptoException {
        try {
            PEMParser pEMParser = new PEMParser(reader);
            Object readObject = pEMParser.readObject();
            reader.close();
            pEMParser.close();
            if (!(readObject instanceof X509CertificateHolder)) {
                throw new IllegalArgumentException("no certificate found in pem");
            }
            return new JcaX509CertificateConverter().setProvider(getProviderName()).getCertificate((X509CertificateHolder) readObject);
        } catch (IOException e) {
            throw new CryptoException(e);
        } catch (CertificateException e2) {
            throw new CryptoException(e2);
        }
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public String getProviderName() {
        return BouncyCastleProvider.PROVIDER_NAME;
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public String getCryptoAlgorithm() {
        return "RSA/ECB/PKCS1Padding";
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public String getSignAlgorithm() {
        return "SHA1WithRSA";
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public SecretKey generateSecretKey() {
        SecureRandom secureRandom = new SecureRandom();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256, secureRandom);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public byte[] base64Encode(byte[] bArr) {
        return Base64.encode(bArr);
    }

    @Override // de.petendi.commons.crypto.connector.SecurityProviderConnector
    public byte[] base64Decode(byte[] bArr) {
        return Base64.decode(bArr);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
