package dorkbox.util.crypto;

import dorkbox.os.OS;
import dorkbox.util.crypto.signers.BcECDSAContentSignerBuilder;
import dorkbox.util.crypto.signers.BcECDSAContentVerifierProviderBuilder;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERSet;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.DSAParameter;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jcajce.provider.config.ProviderConfiguration;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dorkbox/util/crypto/CryptoX509.class */
public class CryptoX509 {
    private static final Logger logger = LoggerFactory.getLogger(CryptoX509.class);

    /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$DSA.class */
    public static class DSA {
        public static X509CertificateHolder createCertHolder(Date date, Date date2, X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, DSAPrivateKeyParameters dSAPrivateKeyParameters, DSAPublicKeyParameters dSAPublicKeyParameters) {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withDSA");
            AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
            DSAParameters parameters = dSAPublicKeyParameters.getParameters();
            try {
                try {
                    return new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(parameters.getP(), parameters.getQ(), parameters.getG())), new ASN1Integer(dSAPublicKeyParameters.getY())).getEncoded("DER")))).build(new BcDSAContentSignerBuilder(find, find2).build(dSAPrivateKeyParameters));
                } catch (OperatorCreationException e) {
                    CryptoX509.logger.error("Error creating certificate.", e);
                    return null;
                }
            } catch (IOException e2) {
                CryptoX509.logger.error("Error during DSA.", e2);
                return null;
            }
        }

        public static boolean validate(X509CertificateHolder x509CertificateHolder) {
            Certificate engineGenerateCertificate;
            try {
                if (!x509CertificateHolder.isSignatureValid(new BcDSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(x509CertificateHolder)) || (engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()))) == null || engineGenerateCertificate.getPublicKey() == null) {
                    return false;
                }
                ((X509Certificate) engineGenerateCertificate).checkValidity(new Date());
                return true;
            } catch (Throwable th) {
                throw new RuntimeException(th);
            }
        }

        public static boolean verifySignature(byte[] bArr, DSAPublicKeyParameters dSAPublicKeyParameters) {
            ASN1InputStream aSN1InputStream = null;
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                Object nextElement = SignedData.getInstance(ASN1Sequence.getInstance(aSN1InputStream.readObject()).getObjectAt(1).getObject()).getCertificates().getObjects().nextElement();
                if (nextElement instanceof DERSequence) {
                    Certificate engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(((DERSequence) nextElement).getEncoded()));
                    BCDSAPublicKey publicKey = engineGenerateCertificate.getPublicKey();
                    if (dSAPublicKeyParameters != null) {
                        DSAParams params = publicKey.getParams();
                        DSAParameters parameters = dSAPublicKeyParameters.getParameters();
                        if (!publicKey.getY().equals(dSAPublicKeyParameters.getY()) || !params.getP().equals(parameters.getP()) || !params.getQ().equals(parameters.getQ()) || !params.getG().equals(parameters.getG())) {
                            if (aSN1InputStream != null) {
                                try {
                                    aSN1InputStream.close();
                                } catch (IOException e) {
                                    CryptoX509.logger.error("Error closing stream during DSA.", e);
                                }
                            }
                            return false;
                        }
                    }
                    engineGenerateCertificate.verify(publicKey);
                }
                if (aSN1InputStream == null) {
                    return true;
                }
                try {
                    aSN1InputStream.close();
                    return true;
                } catch (IOException e2) {
                    CryptoX509.logger.error("Error closing stream during DSA.", e2);
                    return true;
                }
            } catch (Throwable th) {
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (IOException e3) {
                        CryptoX509.logger.error("Error closing stream during DSA.", e3);
                    }
                }
                return false;
            }
        }

        static {
            CryptoX509.addProvider();
        }
    }

    /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$ECDSA.class */
    public static class ECDSA {
        public static X509CertificateHolder createCertHolder(String str, Date date, Date date2, X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, ECPrivateKeyParameters eCPrivateKeyParameters, ECPublicKeyParameters eCPublicKeyParameters) {
            JCEECPublicKey jCEECPublicKey = new JCEECPublicKey("EC", eCPublicKeyParameters, (ECParameterSpec) null);
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(str + "withECDSA");
            try {
                try {
                    return new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(jCEECPublicKey.getEncoded()))).build(new BcECDSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(eCPrivateKeyParameters));
                } catch (OperatorCreationException e) {
                    CryptoX509.logger.error("Error creating certificate.", e);
                    return null;
                }
            } catch (IOException e2) {
                CryptoX509.logger.error("Unable to perform DSA.", e2);
                return null;
            }
        }

        public static boolean validate(X509CertificateHolder x509CertificateHolder) {
            Certificate engineGenerateCertificate;
            try {
                if (!x509CertificateHolder.isSignatureValid(new BcECDSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(x509CertificateHolder)) || (engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()))) == null || engineGenerateCertificate.getPublicKey() == null) {
                    return false;
                }
                ((X509Certificate) engineGenerateCertificate).checkValidity(new Date());
                return true;
            } catch (Throwable th) {
                CryptoX509.logger.error("Error validating certificate.", th);
                return false;
            }
        }

        public static boolean verifySignature(byte[] bArr, ECPublicKeyParameters eCPublicKeyParameters) {
            ASN1InputStream aSN1InputStream = null;
            try {
                try {
                    aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                    Object nextElement = SignedData.getInstance(ASN1Sequence.getInstance(aSN1InputStream.readObject()).getObjectAt(1).getObject()).getCertificates().getObjects().nextElement();
                    if (nextElement instanceof DERSequence) {
                        Certificate engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(((DERSequence) nextElement).getEncoded()));
                        BCECPublicKey publicKey = engineGenerateCertificate.getPublicKey();
                        if (eCPublicKeyParameters != null) {
                            ECDomainParameters parameters = eCPublicKeyParameters.getParameters();
                            BCECPublicKey bCECPublicKey = new BCECPublicKey("EC", eCPublicKeyParameters, new ECParameterSpec(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()), (ProviderConfiguration) null);
                            if (!bCECPublicKey.equals(publicKey)) {
                                if (aSN1InputStream != null) {
                                    try {
                                        aSN1InputStream.close();
                                    } catch (IOException e) {
                                        CryptoX509.logger.error("Error during ECDSA.", e);
                                    }
                                }
                                return false;
                            }
                            publicKey = bCECPublicKey;
                        }
                        engineGenerateCertificate.verify(publicKey);
                    }
                    if (aSN1InputStream == null) {
                        return true;
                    }
                    try {
                        aSN1InputStream.close();
                        return true;
                    } catch (IOException e2) {
                        CryptoX509.logger.error("Error during ECDSA.", e2);
                        return true;
                    }
                } catch (Throwable th) {
                    CryptoX509.logger.error("Error validating certificate.", th);
                    if (aSN1InputStream != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (IOException e3) {
                            CryptoX509.logger.error("Error during ECDSA.", e3);
                        }
                    }
                    return false;
                }
            } catch (Throwable th2) {
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (IOException e4) {
                        CryptoX509.logger.error("Error during ECDSA.", e4);
                    }
                }
                throw th2;
            }
        }

        static {
            if (Security.getProvider("BC") == null) {
                Security.addProvider(new BouncyCastleProvider());
            }
        }
    }

    /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$RSA.class */
    public static class RSA {

        /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$RSA$CertificateAuthrority.class */
        public static class CertificateAuthrority {
            public static X509Certificate generateCert(KeyFactory keyFactory, Date date, Date date2, String str, String str2, RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) {
                AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
                AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
                try {
                    PublicKey convertToJCE = RSA.convertToJCE(keyFactory, rSAKeyParameters);
                    SubjectPublicKeyInfo createSubjectPublicKey = RSA.createSubjectPublicKey(convertToJCE);
                    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), date, date2, new X500Name(str), createSubjectPublicKey);
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(createSubjectPublicKey));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(1));
                    PKCS12BagAttributeCarrier engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, find2).build(rSAPrivateCrtKeyParameters)).getEncoded()));
                    if (!(engineGenerateCertificate instanceof X509Certificate)) {
                        CryptoX509.logger.error("Error generating certificate, it's the wrong type.");
                        return null;
                    }
                    engineGenerateCertificate.verify(convertToJCE);
                    if (engineGenerateCertificate instanceof PKCS12BagAttributeCarrier) {
                        engineGenerateCertificate.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str2));
                    }
                    return (X509Certificate) engineGenerateCertificate;
                } catch (Exception e) {
                    CryptoX509.logger.error("Error generating certificate.", e);
                    return null;
                }
            }
        }

        /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$RSA$SelfSigned.class */
        public static class SelfSigned {
            public static X509Certificate generateCert(KeyFactory keyFactory, Date date, Date date2, String str, String str2, RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) {
                AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
                AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
                try {
                    PublicKey convertToJCE = RSA.convertToJCE(keyFactory, rSAKeyParameters);
                    SubjectPublicKeyInfo createSubjectPublicKey = RSA.createSubjectPublicKey(convertToJCE);
                    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), date, date2, new X500Name(str), createSubjectPublicKey);
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(createSubjectPublicKey));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
                    PKCS12BagAttributeCarrier engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, find2).build(rSAPrivateCrtKeyParameters)).getEncoded()));
                    if (!(engineGenerateCertificate instanceof X509Certificate)) {
                        CryptoX509.logger.error("Error generating certificate, it's the wrong type.");
                        return null;
                    }
                    engineGenerateCertificate.verify(convertToJCE);
                    if (engineGenerateCertificate instanceof PKCS12BagAttributeCarrier) {
                        engineGenerateCertificate.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str2));
                    }
                    return (X509Certificate) engineGenerateCertificate;
                } catch (Exception e) {
                    CryptoX509.logger.error("Error generating certificate.", e);
                    return null;
                }
            }
        }

        public static X509Certificate generateCert(KeyFactory keyFactory, Date date, Date date2, X509Certificate x509Certificate, String str, String str2, RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
            return generateCert(keyFactory, date, date2, X500Name.getInstance(PrincipalUtil.getSubjectX509Principal(x509Certificate)), new X500Name(str), str2, rSAKeyParameters, x509Certificate, rSAPrivateCrtKeyParameters);
        }

        public static X509Certificate generateCert(KeyFactory keyFactory, Date date, Date date2, String str, String str2, RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) throws InvalidKeySpecException, InvalidKeyException, IOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
            return generateCert(keyFactory, date, date2, new X500Name(str), new X500Name(str), str2, rSAKeyParameters, null, rSAPrivateCrtKeyParameters);
        }

        private static X509Certificate generateCert(KeyFactory keyFactory, Date date, Date date2, X500Name x500Name, X500Name x500Name2, String str, RSAKeyParameters rSAKeyParameters, X509Certificate x509Certificate, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) throws InvalidKeySpecException, IOException, InvalidKeyException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
            AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
            PublicKey convertToJCE = convertToJCE(keyFactory, rSAKeyParameters);
            SubjectPublicKeyInfo createSubjectPublicKey = createSubjectPublicKey(convertToJCE);
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500Name2, createSubjectPublicKey);
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(createSubjectPublicKey));
            if (x509Certificate != null) {
                x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate.getPublicKey()));
            }
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
            PKCS12BagAttributeCarrier engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, find2).build(rSAPrivateCrtKeyParameters)).getEncoded()));
            if (!(engineGenerateCertificate instanceof X509Certificate)) {
                CryptoX509.logger.error("Error generating certificate, it's the wrong type.");
                return null;
            }
            if (x509Certificate != null) {
                engineGenerateCertificate.verify(x509Certificate.getPublicKey());
            } else {
                engineGenerateCertificate.verify(convertToJCE);
            }
            if (engineGenerateCertificate instanceof PKCS12BagAttributeCarrier) {
                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = engineGenerateCertificate;
                pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
                if (x509Certificate != null) {
                    pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, createSubjectPublicKey);
                }
            }
            return (X509Certificate) engineGenerateCertificate;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static SubjectPublicKeyInfo createSubjectPublicKey(PublicKey publicKey) throws IOException {
            ASN1InputStream aSN1InputStream = null;
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded()));
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aSN1InputStream.readObject());
                if (aSN1InputStream != null) {
                    aSN1InputStream.close();
                }
                return subjectPublicKeyInfo;
            } catch (Throwable th) {
                if (aSN1InputStream != null) {
                    aSN1InputStream.close();
                }
                throw th;
            }
        }

        public static PublicKey convertToJCE(RSAKeyParameters rSAKeyParameters) throws NoSuchAlgorithmException, InvalidKeySpecException {
            return convertToJCE(KeyFactory.getInstance("RSA"), rSAKeyParameters);
        }

        public static PublicKey convertToJCE(KeyFactory keyFactory, RSAKeyParameters rSAKeyParameters) throws InvalidKeySpecException {
            return keyFactory.generatePublic(new RSAPublicKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent()));
        }

        public static RSAKeyParameters convertToBC(PublicKey publicKey) {
            RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(publicKey);
            return new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
        }

        public static PrivateKey convertToJCE(RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) throws InvalidKeySpecException, NoSuchAlgorithmException {
            return convertToJCE(KeyFactory.getInstance("RSA"), rSAKeyParameters, rSAPrivateCrtKeyParameters);
        }

        public static PrivateKey convertToJCE(KeyFactory keyFactory, RSAKeyParameters rSAKeyParameters, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters) throws InvalidKeySpecException {
            return keyFactory.generatePrivate(new RSAPrivateCrtKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent(), rSAPrivateCrtKeyParameters.getExponent(), rSAPrivateCrtKeyParameters.getP(), rSAPrivateCrtKeyParameters.getQ(), rSAPrivateCrtKeyParameters.getDP(), rSAPrivateCrtKeyParameters.getDQ(), rSAPrivateCrtKeyParameters.getQInv()));
        }

        public static X509CertificateHolder createCertHolder(Date date, Date date2, X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters, RSAKeyParameters rSAKeyParameters) {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
            AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
            try {
                SubjectPublicKeyInfo createSubjectPublicKey = createSubjectPublicKey(convertToJCE(rSAKeyParameters));
                try {
                    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, createSubjectPublicKey);
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(createSubjectPublicKey));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
                    return x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, find2).build(rSAPrivateCrtKeyParameters));
                } catch (Exception e) {
                    CryptoX509.logger.error("Error generating certificate.", e);
                    return null;
                }
            } catch (Exception e2) {
                CryptoX509.logger.error("Unable to create RSA keyA.", e2);
                return null;
            }
        }

        public static boolean validate(X509CertificateHolder x509CertificateHolder) {
            Certificate engineGenerateCertificate;
            try {
                if (!x509CertificateHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(x509CertificateHolder)) || (engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()))) == null || engineGenerateCertificate.getPublicKey() == null || !(engineGenerateCertificate instanceof X509Certificate)) {
                    return false;
                }
                ((X509Certificate) engineGenerateCertificate).checkValidity(new Date());
                return true;
            } catch (Throwable th) {
                CryptoX509.logger.error("Error validating certificate.", th);
                return false;
            }
        }

        public static boolean verifySignature(byte[] bArr, RSAKeyParameters rSAKeyParameters) {
            ASN1InputStream aSN1InputStream = null;
            try {
                try {
                    aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                    Object nextElement = SignedData.getInstance(ASN1Sequence.getInstance(aSN1InputStream.readObject()).getObjectAt(1).getObject()).getCertificates().getObjects().nextElement();
                    if (nextElement instanceof DERSequence) {
                        Certificate engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(((DERSequence) nextElement).getEncoded()));
                        BCRSAPublicKey publicKey = engineGenerateCertificate.getPublicKey();
                        if (rSAKeyParameters != null && (!rSAKeyParameters.getModulus().equals(publicKey.getModulus()) || !rSAKeyParameters.getExponent().equals(publicKey.getPublicExponent()))) {
                            if (aSN1InputStream != null) {
                                try {
                                    aSN1InputStream.close();
                                } catch (IOException e) {
                                    CryptoX509.logger.error("Error closing stream during RSA.", e);
                                }
                            }
                            return false;
                        }
                        engineGenerateCertificate.verify(publicKey);
                    }
                    if (aSN1InputStream != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (IOException e2) {
                            CryptoX509.logger.error("Error closing stream during RSA.", e2);
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (aSN1InputStream != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (IOException e3) {
                            CryptoX509.logger.error("Error closing stream during RSA.", e3);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                CryptoX509.logger.error("Error validating certificate.", th2);
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (IOException e4) {
                        CryptoX509.logger.error("Error closing stream during RSA.", e4);
                    }
                }
                return false;
            }
        }

        static {
            CryptoX509.addProvider();
        }
    }

    /* loaded from: input_file:dorkbox/util/crypto/CryptoX509$Util.class */
    public static class Util {
        public static boolean convertToPemFile(X509Certificate x509Certificate, String str) {
            boolean z = false;
            BufferedWriter bufferedWriter = null;
            try {
                try {
                    byte[] encode = Base64.getMimeEncoder().encode(x509Certificate.getEncoded());
                    char[] cArr = new char[encode.length];
                    for (int i = 0; i < encode.length; i++) {
                        cArr[i] = (char) encode[i];
                    }
                    int length = cArr.length / 64;
                    int length2 = cArr.length;
                    bufferedWriter = new BufferedWriter(new FileWriter(str, false), "-----BEGIN CERTIFICATE-----".length() + "-----END CERTIFICATE-----".length() + length2 + length + 3);
                    bufferedWriter.write("-----BEGIN CERTIFICATE-----");
                    bufferedWriter.write(OS.LINE_SEPARATOR_WINDOWS);
                    int i2 = 64;
                    for (int i3 = 0; i3 < length2; i3 += 64) {
                        if (i3 + 64 > length2) {
                            i2 = length2 - i3;
                        }
                        bufferedWriter.write(cArr, i3, i2);
                        bufferedWriter.write(OS.LINE_SEPARATOR_WINDOWS);
                    }
                    bufferedWriter.write("-----END CERTIFICATE-----");
                    bufferedWriter.write(OS.LINE_SEPARATOR_WINDOWS);
                    if (bufferedWriter != null) {
                        try {
                            bufferedWriter.close();
                        } catch (IOException e) {
                            CryptoX509.logger.error("Error closing resource.", e);
                        }
                    }
                } catch (Throwable th) {
                    if (bufferedWriter != null) {
                        try {
                            bufferedWriter.close();
                        } catch (IOException e2) {
                            CryptoX509.logger.error("Error closing resource.", e2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                CryptoX509.logger.error("Error during conversion.", e3);
                z = true;
                if (bufferedWriter != null) {
                    try {
                        bufferedWriter.close();
                    } catch (IOException e4) {
                        CryptoX509.logger.error("Error closing resource.", e4);
                    }
                }
            }
            return !z;
        }

        public static String convertToPem(X509Certificate x509Certificate) throws CertificateEncodingException {
            byte[] encode = Base64.getMimeEncoder().encode(x509Certificate.getEncoded());
            char[] cArr = new char[encode.length];
            for (int i = 0; i < encode.length; i++) {
                cArr[i] = (char) encode[i];
            }
            int length = cArr.length / 64;
            int length2 = cArr.length;
            int i2 = 0;
            StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----".length() + "-----END CERTIFICATE-----".length() + length2 + length + 2);
            sb.append("-----BEGIN CERTIFICATE-----");
            sb.append(OS.LINE_SEPARATOR_WINDOWS);
            for (int i3 = 64; i3 < length2; i3 += 64) {
                sb.append(cArr, i2, i3);
                sb.append(OS.LINE_SEPARATOR_WINDOWS);
                i2 = i3;
            }
            sb.append("-----END CERTIFICATE-----");
            return sb.toString();
        }

        public static String getDigestNameFromCert(X509CertificateHolder x509CertificateHolder) {
            return getDigestNameFromSigAlgId(x509CertificateHolder.getSignatureAlgorithm().getAlgorithm());
        }

        public static String getDigestNameFromSigAlgId(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
            try {
                DefaultCMSSignatureAlgorithmNameGenerator defaultCMSSignatureAlgorithmNameGenerator = new DefaultCMSSignatureAlgorithmNameGenerator();
                Method declaredMethod = DefaultCMSSignatureAlgorithmNameGenerator.class.getDeclaredMethod("getDigestAlgName", ASN1ObjectIdentifier.class);
                declaredMethod.setAccessible(true);
                String str = (String) declaredMethod.invoke(defaultCMSSignatureAlgorithmNameGenerator, aSN1ObjectIdentifier);
                if (aSN1ObjectIdentifier.getId().equals(str)) {
                    throw new RuntimeException("Unable to get digest name from algorithm ID: " + aSN1ObjectIdentifier.getId());
                }
                return str;
            } catch (Throwable th) {
                throw new RuntimeException("Weird error using reflection to get the digest name: " + aSN1ObjectIdentifier.getId() + th.getMessage());
            }
        }

        public static boolean isTrusted(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
            for (int i = 0; i < x509CertificateArr.length; i++) {
                if (x509Certificate.getSubjectDN().equals(x509CertificateArr[i].getSubjectDN()) && x509Certificate.equals(x509CertificateArr[i])) {
                    return true;
                }
            }
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                if (x509Certificate.getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                    try {
                        x509Certificate.verify(x509CertificateArr[i2].getPublicKey());
                        return true;
                    } catch (Exception e) {
                    }
                }
            }
            return false;
        }
    }

    public static void addProvider() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static byte[] createSignature(byte[] bArr, X509CertificateHolder x509CertificateHolder, AsymmetricKeyParameter asymmetricKeyParameter) {
        BcECDSAContentSignerBuilder bcRSAContentSignerBuilder;
        AlgorithmIdentifier algorithmIdentifier;
        try {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(cMSProcessableByteArray.getContentType().getId());
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            AlgorithmIdentifier signatureAlgorithm = x509CertificateHolder.getSignatureAlgorithm();
            AlgorithmIdentifier find = new DefaultDigestAlgorithmIdentifierFinder().find(signatureAlgorithm);
            if (asymmetricKeyParameter instanceof ECPrivateKeyParameters) {
                bcRSAContentSignerBuilder = new BcECDSAContentSignerBuilder(signatureAlgorithm, find);
                algorithmIdentifier = new AlgorithmIdentifier(DSAUtil.dsaOids[0], (ASN1Encodable) null);
            } else if (asymmetricKeyParameter instanceof DSAPrivateKeyParameters) {
                bcRSAContentSignerBuilder = new BcDSAContentSignerBuilder(signatureAlgorithm, find);
                algorithmIdentifier = new AlgorithmIdentifier(DSAUtil.dsaOids[0], (ASN1Encodable) null);
            } else {
                if (!(asymmetricKeyParameter instanceof RSAPrivateCrtKeyParameters)) {
                    throw new RuntimeException("Invalid signature type. Only ECDSA, DSA, RSA supported.");
                }
                bcRSAContentSignerBuilder = new BcRSAContentSignerBuilder(signatureAlgorithm, find);
                algorithmIdentifier = new AlgorithmIdentifier(RSAUtil.rsaOids[0], (ASN1Encodable) null);
            }
            ContentSigner build = bcRSAContentSignerBuilder.build(asymmetricKeyParameter);
            OutputStream outputStream = build.getOutputStream();
            outputStream.write(bArr, 0, bArr.length);
            outputStream.flush();
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(x509CertificateHolder.toASN1Structure())), find, (ASN1Set) null, algorithmIdentifier, new DEROctetString(build.getSignature()), (ASN1Set) null);
            aSN1EncodableVector.add(signerInfo.getDigestAlgorithm());
            aSN1EncodableVector2.add(signerInfo);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(x509CertificateHolder.toASN1Structure());
            return new CMSSignedData(cMSProcessableByteArray, new ContentInfo(CMSObjectIdentifiers.signedData, new SignedData(new DERSet(aSN1EncodableVector), new ContentInfo(aSN1ObjectIdentifier, (ASN1Encodable) null), new BERSet(aSN1EncodableVector3), (ASN1Set) null, new DERSet(aSN1EncodableVector2)))).getEncoded();
        } catch (Throwable th) {
            logger.error("Error signing data.", th);
            throw new RuntimeException("Error trying to sign data. " + th.getMessage());
        }
    }

    public static void loadKeystore(String str, String str2, char[] cArr, char[] cArr2) {
    }
}
