package net.named_data.jndn.security;

import java.nio.ByteBuffer;
import net.named_data.jndn.ContentType;
import net.named_data.jndn.Data;
import net.named_data.jndn.KeyLocator;
import net.named_data.jndn.KeyLocatorType;
import net.named_data.jndn.Name;
import net.named_data.jndn.Sha256WithEcdsaSignature;
import net.named_data.jndn.Sha256WithRsaSignature;
import net.named_data.jndn.Signature;
import net.named_data.jndn.encoding.EncodingException;
import net.named_data.jndn.encoding.TlvWireFormat;
import net.named_data.jndn.encoding.WireFormat;
import net.named_data.jndn.encoding.tlv.TlvDecoder;
import net.named_data.jndn.encoding.tlv.TlvEncoder;
import net.named_data.jndn.security.certificate.PublicKey;
import net.named_data.jndn.security.pib.Pib;
import net.named_data.jndn.security.tpm.Tpm;
import net.named_data.jndn.security.tpm.TpmBackEnd;
import net.named_data.jndn.security.tpm.TpmBackEndMemory;
import net.named_data.jndn.security.v2.CertificateV2;
import net.named_data.jndn.security.v2.ValidationError;
import net.named_data.jndn.util.Blob;
import net.named_data.jndn.util.Common;

/* loaded from: input_file:net/named_data/jndn/security/SafeBag.class */
public class SafeBag {
    private Data certificate_;
    private Blob privateKeyBag_;

    public SafeBag(Data data, Blob blob) {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        this.certificate_ = new Data(data);
        this.privateKeyBag_ = blob;
    }

    public SafeBag(Name name, Blob blob, Blob blob2, ByteBuffer byteBuffer, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) throws TpmBackEnd.Error, Pib.Error {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        this.certificate_ = makeSelfSignedCertificate(name, blob, blob2, byteBuffer, digestAlgorithm, wireFormat);
        this.privateKeyBag_ = blob;
    }

    public SafeBag(Name name, Blob blob, Blob blob2, ByteBuffer byteBuffer, DigestAlgorithm digestAlgorithm) throws TpmBackEnd.Error, Pib.Error {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        this.certificate_ = makeSelfSignedCertificate(name, blob, blob2, byteBuffer, digestAlgorithm, WireFormat.getDefaultWireFormat());
        this.privateKeyBag_ = blob;
    }

    public SafeBag(Name name, Blob blob, Blob blob2, ByteBuffer byteBuffer) throws TpmBackEnd.Error, Pib.Error {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        this.certificate_ = makeSelfSignedCertificate(name, blob, blob2, byteBuffer, DigestAlgorithm.SHA256, WireFormat.getDefaultWireFormat());
        this.privateKeyBag_ = blob;
    }

    public SafeBag(Name name, Blob blob, Blob blob2) throws TpmBackEnd.Error, Pib.Error {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        this.certificate_ = makeSelfSignedCertificate(name, blob, blob2, null, DigestAlgorithm.SHA256, WireFormat.getDefaultWireFormat());
        this.privateKeyBag_ = blob;
    }

    public SafeBag(ByteBuffer byteBuffer) throws EncodingException {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        wireDecode(byteBuffer);
    }

    public SafeBag(Blob blob) throws EncodingException {
        this.certificate_ = null;
        this.privateKeyBag_ = new Blob();
        wireDecode(blob);
    }

    public final Data getCertificate() {
        return this.certificate_;
    }

    public final Blob getPrivateKeyBag() {
        return this.privateKeyBag_;
    }

    public final void wireDecode(ByteBuffer byteBuffer) throws EncodingException {
        TlvDecoder tlvDecoder = new TlvDecoder(byteBuffer);
        int readNestedTlvsStart = tlvDecoder.readNestedTlvsStart(128);
        int offset = tlvDecoder.getOffset();
        int readNestedTlvsStart2 = tlvDecoder.readNestedTlvsStart(6);
        tlvDecoder.seek(readNestedTlvsStart2);
        this.certificate_ = new Data();
        this.certificate_.wireDecode(tlvDecoder.getSlice(offset, readNestedTlvsStart2), TlvWireFormat.get());
        this.privateKeyBag_ = new Blob(tlvDecoder.readBlobTlv(129), true);
        tlvDecoder.finishNestedTlvs(readNestedTlvsStart);
    }

    public final void wireDecode(Blob blob) throws EncodingException {
        wireDecode(blob.buf());
    }

    public final Blob wireEncode() {
        TlvEncoder tlvEncoder = new TlvEncoder(ValidationError.USER_MIN);
        int length = tlvEncoder.getLength();
        tlvEncoder.writeBlobTlv(129, this.privateKeyBag_.buf());
        tlvEncoder.writeBuffer(this.certificate_.wireEncode(TlvWireFormat.get()).buf());
        tlvEncoder.writeTypeAndLength(128, tlvEncoder.getLength() - length);
        return new Blob(tlvEncoder.getOutput(), false);
    }

    private static CertificateV2 makeSelfSignedCertificate(Name name, Blob blob, Blob blob2, ByteBuffer byteBuffer, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) throws TpmBackEnd.Error, Pib.Error {
        CertificateV2 certificateV2 = new CertificateV2();
        double nowMilliseconds = Common.getNowMilliseconds();
        Name name2 = new Name(name);
        name2.append("self").appendVersion((long) nowMilliseconds);
        certificateV2.setName(name2);
        certificateV2.getMetaInfo().setType(ContentType.KEY);
        certificateV2.getMetaInfo().setFreshnessPeriod(3600000.0d);
        try {
            PublicKey publicKey = new PublicKey(blob2);
            certificateV2.setContent(publicKey.getKeyDer());
            Tpm tpm = new Tpm("", "", new TpmBackEndMemory());
            tpm.importPrivateKey_(name, blob.buf(), byteBuffer);
            if (publicKey.getKeyType() == KeyType.RSA) {
                certificateV2.setSignature(new Sha256WithRsaSignature());
            } else {
                if (publicKey.getKeyType() != KeyType.EC) {
                    throw new AssertionError("Unsupported key type");
                }
                certificateV2.setSignature(new Sha256WithEcdsaSignature());
            }
            Signature signature = certificateV2.getSignature();
            KeyLocator.getFromSignature(signature).setType(KeyLocatorType.KEYNAME);
            KeyLocator.getFromSignature(signature).setKeyName(name);
            ValidityPeriod.getFromSignature(signature).setPeriod(nowMilliseconds, nowMilliseconds + 6.3072E11d);
            signature.setSignature(tpm.sign(certificateV2.wireEncode(wireFormat).signedBuf(), name, digestAlgorithm));
            certificateV2.wireEncode(wireFormat);
            return certificateV2;
        } catch (UnrecognizedKeyFormatException e) {
            throw new Pib.Error("Error decoding public key " + e);
        }
    }
}
