package dk.itst.oiosaml.security;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Date;
import org.apache.xml.security.algorithms.JCEMapper;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.util.Base64;

/* loaded from: input_file:dk/itst/oiosaml/security/SecurityHelper.class */
public class SecurityHelper {
    public static final String VERSION = "$Id: SecurityHelper.java 2836 2008-05-14 06:22:24Z jre $";

    private SecurityHelper() {
    }

    public static X509Certificate buildJavaX509Cert(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
    }

    public static X509CRL buildJavaX509CRL(String str) throws CertificateException, CRLException {
        return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(new ByteArrayInputStream(Base64.decode(str)));
    }

    public static PublicKey buildKey(KeySpec keySpec, String str) throws KeyException {
        try {
            return KeyFactory.getInstance(str).generatePublic(keySpec);
        } catch (NoSuchAlgorithmException e) {
            throw new KeyException(str + "algorithm is not supported by the JCE:" + e.getMessage());
        } catch (InvalidKeySpecException e2) {
            throw new KeyException("Invalid key information:" + e2.getMessage());
        }
    }

    public static KeyPair generateKeyPairFromURI(String str, int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        return generateKeyPair(JCEMapper.getJCEKeyAlgorithmFromURI(str), i, null);
    }

    public static KeyPair generateKeyPair(String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = str2 != null ? KeyPairGenerator.getInstance(str, str2) : KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate generateCertificate(Credential credential, String str) throws Exception {
        X500Name x500Name = new X500Name("o=keymanager, ou=oiosaml-sp");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Date date = new Date();
        Date date2 = new Date(System.currentTimeMillis() + 315360000000L);
        X500Name x500Name2 = new X500Name("cn=" + str + ", ou=oiosaml-sp");
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(credential.getPublicKey().getEncoded()));
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(aSN1InputStream.readObject());
        aSN1InputStream.close();
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, valueOf, date, date2, x500Name2, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(credential.getPublicKey()));
        x509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(credential.getPublicKey()));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(credential.getPrivateKey())));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
