package jadex.commons.security;

import jadex.commons.SUtil;
import jadex.commons.Tuple2;
import jadex.commons.security.random.SecureThreadedRandom;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X962Parameters;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ContentVerifierProviderBuilder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
import org.bouncycastle.cert.path.CertPath;
import org.bouncycastle.cert.path.CertPathValidation;
import org.bouncycastle.cert.path.validations.BasicConstraintsValidation;
import org.bouncycastle.cert.path.validations.KeyUsageValidation;
import org.bouncycastle.cert.path.validations.ParentCertIssuedValidation;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
import org.bouncycastle.crypto.generators.DSAParametersGenerator;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECNamedDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.prng.EntropySource;
import org.bouncycastle.crypto.prng.EntropySourceProvider;
import org.bouncycastle.crypto.prng.SP800SecureRandomBuilder;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:jadex/commons/security/SSecurity.class */
public class SSecurity {
    protected static final String DEFAULT_SIGNATURE_HASH = "SHA512";
    protected static volatile SecureRandom SECURE_RANDOM;
    protected static volatile IEntropySource ENTROPY_SOURCE;
    protected static final int SCRYPT_N = 131072;
    protected static final int SCRYPT_R = 8;
    protected static final int SCRYPT_P = 4;
    public static boolean PARANOID_PRNG = false;
    protected static boolean ENTROPY_FALLBACK_WARNING_DONE = false;
    protected static boolean TEST_ENTROPY_FALLBACK = false;

    public static final SecureRandom getSecureRandom() {
        if (SECURE_RANDOM == null) {
            synchronized (SSecurity.class) {
                if (SECURE_RANDOM == null) {
                    if (PARANOID_PRNG) {
                        SECURE_RANDOM = generateParanoidSecureRandom();
                    } else {
                        SECURE_RANDOM = generateSecureRandom();
                    }
                }
            }
        }
        return SECURE_RANDOM;
    }

    public static IEntropySource getEntropySource() {
        if (ENTROPY_SOURCE == null) {
            synchronized (SSecurity.class) {
                if (ENTROPY_SOURCE == null) {
                    ENTROPY_SOURCE = new IEntropySource() { // from class: jadex.commons.security.SSecurity.1
                        @Override // jadex.commons.security.IEntropySource
                        public synchronized void getEntropy(byte[] bArr) {
                            byte[] bArr2;
                            byte[] bArr3 = new byte[bArr.length];
                            try {
                                bArr2 = (byte[]) Class.forName("jadex.commons.security.UnixEntropyApi").getMethod("getEntropy", Integer.TYPE).invoke(null, Integer.valueOf(bArr.length));
                            } catch (Throwable th) {
                                bArr2 = null;
                            }
                            if (bArr2 == null || Arrays.equals(bArr2, bArr3)) {
                                bArr2 = getEntropyFromFile("/dev/urandom", bArr.length);
                            }
                            if (bArr2 == null || Arrays.equals(bArr2, bArr3)) {
                                bArr2 = getEntropyFromFile("/dev/random", bArr.length);
                            }
                            if (bArr2 == null || Arrays.equals(bArr2, bArr3)) {
                                try {
                                    bArr2 = (byte[]) Class.forName("jadex.commons.security.WindowsEntropyApi").getMethod("getEntropy", Integer.TYPE).invoke(null, Integer.valueOf(bArr.length));
                                } catch (Throwable th2) {
                                    bArr2 = null;
                                }
                            }
                            if (SSecurity.TEST_ENTROPY_FALLBACK) {
                                bArr2 = null;
                            }
                            while (true) {
                                if (bArr2 != null && !Arrays.equals(bArr2, bArr3)) {
                                    break;
                                }
                                if (!SSecurity.ENTROPY_FALLBACK_WARNING_DONE) {
                                    Logger.getLogger("jadex").warning("Unable to find OS entropy source, using fallback...");
                                    SSecurity.ENTROPY_FALLBACK_WARNING_DONE = true;
                                }
                                bArr2 = SecureRandom.getSeed(bArr.length);
                            }
                            System.arraycopy(bArr2, 0, bArr, 0, bArr.length);
                            if (bArr == null || Arrays.equals(bArr, bArr3)) {
                                throw new SecurityException("Entropy gathering failed.");
                            }
                        }

                        protected byte[] getEntropyFromFile(String str, int i) {
                            File file = new File(str);
                            if (!file.exists()) {
                                return null;
                            }
                            FileInputStream fileInputStream = null;
                            try {
                                byte[] bArr = new byte[i];
                                fileInputStream = new FileInputStream(file);
                                int i2 = 0;
                                int i3 = 0;
                                while (i2 < bArr.length) {
                                    i2 = fileInputStream.read(bArr, i3, bArr.length - i2);
                                    i3 += i2;
                                }
                                SUtil.close(fileInputStream);
                                return bArr;
                            } catch (Exception e) {
                                SUtil.close(fileInputStream);
                                return null;
                            } catch (Throwable th) {
                                SUtil.close(fileInputStream);
                                throw th;
                            }
                        }
                    };
                }
            }
        }
        return ENTROPY_SOURCE;
    }

    public static final byte[] signWithPEM(byte[] bArr, InputStream inputStream, InputStream inputStream2) {
        byte[] bArr2 = null;
        try {
            try {
                X509CertificateHolder readCertificateFromPEM = readCertificateFromPEM(new String(SUtil.readStream(inputStream), SUtil.UTF8));
                String str = new String(SUtil.readStream(inputStream2), SUtil.UTF8);
                inputStream2.close();
                ContentSigner signer = getSigner("SHA512WITH" + getCertSigAlg(readCertificateFromPEM), readPrivateKeyFromPEM(str));
                signer.getOutputStream().write(bArr);
                signer.getOutputStream().close();
                bArr2 = signer.getSignature();
                SUtil.close(inputStream);
            } catch (Exception e) {
                Logger.getLogger("authentication").info("Signature creation failed: " + e.toString());
                SUtil.close(inputStream);
            }
            return bArr2;
        } catch (Throwable th) {
            SUtil.close(inputStream);
            throw th;
        }
    }

    public static final boolean verifyWithPEM(byte[] bArr, byte[] bArr2, String str, LinkedHashSet<X509CertificateHolder> linkedHashSet) {
        try {
            new Date();
            List<X509CertificateHolder> readCertificateChainFromPEM = readCertificateChainFromPEM(str);
            if (!new CertPath((X509CertificateHolder[]) readCertificateChainFromPEM.toArray(new X509CertificateHolder[readCertificateChainFromPEM.size()])).validate(getChainValidationRules()).isValid()) {
                return false;
            }
            boolean z = false;
            Iterator<X509CertificateHolder> it = readCertificateChainFromPEM.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (linkedHashSet.contains(it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                return false;
            }
            ContentVerifier defaultVerifier = getDefaultVerifier(readCertificateChainFromPEM.get(0));
            defaultVerifier.getOutputStream().write(bArr);
            defaultVerifier.getOutputStream().close();
            return defaultVerifier.verify(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
            Logger.getLogger("authentication").info("Verification failed: " + e.toString());
            return false;
        }
    }

    public static final Tuple2<String, String> createSelfSignedCertificate(String str, String str2, String str3, String str4, int i, int i2) {
        return createCertificateBySpecification(null, null, new X500Name(str), str2, str3, str4, i, i2, new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(false))), new Extension(Extension.keyUsage, true, asn1ToBytes(new KeyUsage(128))));
    }

    public static final Tuple2<String, String> createCertificate(String str, String str2, String str3, String str4, String str5, String str6, int i, int i2) {
        return createCertificateBySpecification(str, str2, new X500Name(str3), str4, str5, str6, i, i2, new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(false))), new Extension(Extension.keyUsage, true, asn1ToBytes(new KeyUsage(128))));
    }

    public static final Tuple2<String, String> createIntermediateCaCertificate(String str, String str2, String str3, int i, String str4, String str5, String str6, int i2, int i3) {
        return createCertificateBySpecification(str, str2, new X500Name(str3), str4, str5, str6, i2, i3, i == -1 ? new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(true))) : new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(i))), new Extension(Extension.keyUsage, true, asn1ToBytes(new KeyUsage(132))));
    }

    public static final Tuple2<String, String> createRootCaCertificate(String str, int i, String str2, String str3, String str4, int i2, int i3) {
        return createCertificateBySpecification(null, null, new X500Name(str), str2, str3, str4, i2, i3, i == -1 ? new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(true))) : new Extension(Extension.basicConstraints, true, asn1ToBytes(new BasicConstraints(i))), new Extension(Extension.keyUsage, true, asn1ToBytes(new KeyUsage(132))));
    }

    public static final PemKeyPair createTestCACert() {
        Tuple2<String, String> createRootCaCertificate = createRootCaCertificate("CN=TESTCA", -1, "ECDSA", "NIST P", "SHA256", 256, 1);
        PemKeyPair pemKeyPair = new PemKeyPair();
        pemKeyPair.setCertificate((String) createRootCaCertificate.getFirstEntity());
        pemKeyPair.setKey((String) createRootCaCertificate.getSecondEntity());
        return pemKeyPair;
    }

    public static final PemKeyPair createTestCert(PemKeyPair pemKeyPair) {
        Tuple2<String, String> createCertificate = createCertificate(pemKeyPair.getCertificate(), pemKeyPair.getKey(), "CN=TEST", "ECDSA", "NIST P", "SHA256", 256, 1);
        PemKeyPair pemKeyPair2 = new PemKeyPair();
        pemKeyPair2.setCertificate((String) createCertificate.getFirstEntity());
        pemKeyPair2.setKey((String) createCertificate.getSecondEntity());
        return pemKeyPair2;
    }

    public static final byte[] xor(byte[] bArr, byte[] bArr2) {
        int min = Math.min(bArr.length, bArr2.length);
        for (int i = 0; i < min; i++) {
            bArr[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr;
    }

    public static final X509CertificateHolder readCertificateFromPEM(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            PemObject readPemObject = pEMParser.readPemObject();
            pEMParser.close();
            return new X509CertificateHolder(readPemObject.getContent());
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    public static final List<X509CertificateHolder> readCertificateChainFromPEM(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            for (PemObject readPemObject = pEMParser.readPemObject(); readPemObject != null; readPemObject = pEMParser.readPemObject()) {
                arrayList.add(new X509CertificateHolder(readPemObject.getContent()));
            }
            pEMParser.close();
            return arrayList;
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    public static String getCommonName(X500Name x500Name) {
        String str = null;
        RDN[] rDNs = x500Name.getRDNs(BCStyle.CN);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.isMultiValued()) {
                AttributeTypeAndValue[] typesAndValues = rdn.getTypesAndValues();
                int length = typesAndValues.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    AttributeTypeAndValue attributeTypeAndValue = typesAndValues[i];
                    if (attributeTypeAndValue.getType().equals(BCStyle.CN)) {
                        str = IETFUtils.valueToString(attributeTypeAndValue.getValue());
                        break;
                    }
                    i++;
                }
            } else {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static final boolean checkEntity(X509CertificateHolder x509CertificateHolder, String str) {
        GeneralName[] names;
        if (x509CertificateHolder == null || str == null) {
            return false;
        }
        if (getCommonName(x509CertificateHolder.getSubject()).equals(str)) {
            return true;
        }
        try {
            GeneralNames fromExtensions = GeneralNames.fromExtensions(x509CertificateHolder.getExtensions(), Extension.subjectAlternativeName);
            if (fromExtensions != null && (names = fromExtensions.getNames()) != null) {
                for (GeneralName generalName : names) {
                    if (str.equals(IETFUtils.valueToString(generalName.getName()))) {
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public static final String writeCertificateAsPEM(X509CertificateHolder x509CertificateHolder) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream));
            jcaPEMWriter.writeObject(x509CertificateHolder);
            jcaPEMWriter.close();
            return new String(byteArrayOutputStream.toByteArray(), SUtil.UTF8);
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:2:0x001a, code lost:
    
        if (r6.contains("-----BEGIN EC PRIVATE KEY-----") != false) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x001d, code lost:
    
        r9 = r8.readPemObject();
        r0 = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(((org.bouncycastle.util.io.pem.PemObject) r9).getContent());
        r7 = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo(new org.bouncycastle.asn1.x509.AlgorithmIdentifier(org.bouncycastle.asn1.x9.X9ObjectIdentifiers.id_ecPublicKey, r0.getParameters()), r0);
        r8.close();
        r8 = null;
     */
    /* JADX WARN: Removed duplicated region for block: B:10:0x0085  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x009a  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00a6  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00c1  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final org.bouncycastle.asn1.pkcs.PrivateKeyInfo readPrivateKeyFromPEM(java.lang.String r6) {
        /*
            r0 = 0
            r7 = r0
            org.bouncycastle.util.io.pem.PemReader r0 = new org.bouncycastle.util.io.pem.PemReader
            r1 = r0
            java.io.StringReader r2 = new java.io.StringReader
            r3 = r2
            r4 = r6
            r3.<init>(r4)
            r1.<init>(r2)
            r8 = r0
            r0 = 0
            r9 = r0
            r0 = r6
            java.lang.String r1 = "-----BEGIN EC PRIVATE KEY-----"
            boolean r0 = r0.contains(r1)
            if (r0 == 0) goto L5e
        L1d:
            r0 = r8
            org.bouncycastle.util.io.pem.PemObject r0 = r0.readPemObject()     // Catch: java.lang.Exception -> L54
            r9 = r0
            r0 = r9
            org.bouncycastle.util.io.pem.PemObject r0 = (org.bouncycastle.util.io.pem.PemObject) r0     // Catch: java.lang.Exception -> L54
            byte[] r0 = r0.getContent()     // Catch: java.lang.Exception -> L54
            org.bouncycastle.asn1.sec.ECPrivateKey r0 = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(r0)     // Catch: java.lang.Exception -> L54
            r10 = r0
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r0 = new org.bouncycastle.asn1.x509.AlgorithmIdentifier     // Catch: java.lang.Exception -> L54
            r1 = r0
            org.bouncycastle.asn1.ASN1ObjectIdentifier r2 = org.bouncycastle.asn1.x9.X9ObjectIdentifiers.id_ecPublicKey     // Catch: java.lang.Exception -> L54
            r3 = r10
            org.bouncycastle.asn1.ASN1Primitive r3 = r3.getParameters()     // Catch: java.lang.Exception -> L54
            r1.<init>(r2, r3)     // Catch: java.lang.Exception -> L54
            r11 = r0
            org.bouncycastle.asn1.pkcs.PrivateKeyInfo r0 = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo     // Catch: java.lang.Exception -> L54
            r1 = r0
            r2 = r11
            r3 = r10
            r1.<init>(r2, r3)     // Catch: java.lang.Exception -> L54
            r7 = r0
            r0 = r8
            r0.close()     // Catch: java.lang.Exception -> L54
            r0 = 0
            r8 = r0
            goto L56
        L54:
            r10 = move-exception
        L56:
            r0 = r7
            if (r0 != 0) goto L5e
            r0 = r9
            if (r0 != 0) goto L1d
        L5e:
            r0 = r7
            if (r0 != 0) goto La2
            org.bouncycastle.openssl.PEMParser r0 = new org.bouncycastle.openssl.PEMParser
            r1 = r0
            java.io.StringReader r2 = new java.io.StringReader
            r3 = r2
            r4 = r6
            r3.<init>(r4)
            r1.<init>(r2)
            r10 = r0
        L73:
            r0 = r10
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Exception -> L7c
            r9 = r0
            goto L7e
        L7c:
            r11 = move-exception
        L7e:
            r0 = r9
            boolean r0 = r0 instanceof org.bouncycastle.openssl.PEMKeyPair
            if (r0 != 0) goto L89
            r0 = r9
            if (r0 != 0) goto L73
        L89:
            r0 = r10
            r0.close()     // Catch: java.lang.Exception -> L91
            goto L93
        L91:
            r11 = move-exception
        L93:
            r0 = r9
            boolean r0 = r0 instanceof org.bouncycastle.openssl.PEMKeyPair
            if (r0 == 0) goto La2
            r0 = r9
            org.bouncycastle.openssl.PEMKeyPair r0 = (org.bouncycastle.openssl.PEMKeyPair) r0
            org.bouncycastle.asn1.pkcs.PrivateKeyInfo r0 = r0.getPrivateKeyInfo()
            r7 = r0
        La2:
            r0 = r7
            if (r0 != 0) goto Lc1
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Could not read private key: "
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r6
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        Lc1:
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: jadex.commons.security.SSecurity.readPrivateKeyFromPEM(java.lang.String):org.bouncycastle.asn1.pkcs.PrivateKeyInfo");
    }

    public static final boolean isCaCertificate(String str) {
        return BasicConstraints.fromExtensions(readCertificateFromPEM(str).getExtensions()).isCA();
    }

    public static final String getCertSigAlg(String str) {
        return getCertSigAlg(readCertificateFromPEM(str));
    }

    public static final String getCertSigAlg(X509CertificateHolder x509CertificateHolder) {
        return getSigAlg(x509CertificateHolder.getSubjectPublicKeyInfo());
    }

    public static final String getSigAlg(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        String id = subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId();
        if (X9ObjectIdentifiers.id_ecPublicKey.getId().equals(id)) {
            id = "ECDSA";
        } else if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(id)) {
            id = "RSA";
        } else if (X9ObjectIdentifiers.id_dsa.getId().equals(id)) {
            id = "DSA";
        }
        return id;
    }

    protected static final CertPathValidation[] getChainValidationRules() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicConstraintsValidation(true));
        arrayList.add(new ParentCertIssuedValidation(new X509ContentVerifierProviderBuilder() { // from class: jadex.commons.security.SSecurity.2
            public ContentVerifierProvider build(SubjectPublicKeyInfo subjectPublicKeyInfo) throws OperatorCreationException {
                return SSecurity.getVerifierProvider(subjectPublicKeyInfo);
            }

            public ContentVerifierProvider build(X509CertificateHolder x509CertificateHolder) throws OperatorCreationException {
                return SSecurity.getVerifierProvider(x509CertificateHolder);
            }
        }));
        arrayList.add(new KeyUsageValidation(true));
        return (CertPathValidation[]) arrayList.toArray(new CertPathValidation[arrayList.size()]);
    }

    protected static final SecureRandom generateSecureRandom() {
        return new SecureThreadedRandom();
    }

    protected static final SecureRandom generateParanoidSecureRandom() {
        EntropySourceProvider entropySourceProvider = new EntropySourceProvider() { // from class: jadex.commons.security.SSecurity.3
            public EntropySource get(int i) {
                final byte[] bArr = new byte[(int) Math.ceil(i / 8.0d)];
                SSecurity.getEntropySource().getEntropy(bArr);
                return new EntropySource() { // from class: jadex.commons.security.SSecurity.3.1
                    public boolean isPredictionResistant() {
                        return true;
                    }

                    public byte[] getEntropy() {
                        return bArr;
                    }

                    public int entropySize() {
                        return bArr.length * SSecurity.SCRYPT_R;
                    }
                };
            }
        };
        ArrayList arrayList = new ArrayList();
        SP800SecureRandomBuilder sP800SecureRandomBuilder = new SP800SecureRandomBuilder(entropySourceProvider);
        arrayList.add(sP800SecureRandomBuilder.buildCTR(new AESEngine(), 256, entropySourceProvider.get(256).getEntropy(), false));
        arrayList.add(sP800SecureRandomBuilder.buildHMAC(new HMac(new SHA512Digest()), entropySourceProvider.get(512).getEntropy(), false));
        arrayList.add(generateSecureRandom());
        arrayList.add(new SecureRandom());
        final SecureRandom[] secureRandomArr = (SecureRandom[]) arrayList.toArray(new SecureRandom[arrayList.size()]);
        return new SecureRandom() { // from class: jadex.commons.security.SSecurity.4
            private static final long serialVersionUID = -3198322750446562871L;

            @Override // java.security.SecureRandom, java.util.Random
            public synchronized void nextBytes(byte[] bArr) {
                secureRandomArr[0].nextBytes(bArr);
                if (secureRandomArr.length > 1) {
                    byte[] bArr2 = new byte[bArr.length];
                    for (int i = 1; i < secureRandomArr.length; i++) {
                        secureRandomArr[i].nextBytes(bArr2);
                        SSecurity.xor(bArr, bArr2);
                    }
                }
            }
        };
    }

    protected static final Tuple2<String, String> createCertificateBySpecification(String str, String str2, X500Name x500Name, String str3, String str4, String str5, int i, int i2, Extension... extensionArr) {
        X500Name subject;
        String str6;
        X509CertificateHolder x509CertificateHolder = null;
        try {
            if (str == null) {
                subject = x500Name;
                str6 = str5 + "WITH" + str3;
            } else {
                x509CertificateHolder = readCertificateFromPEM(str);
                subject = x509CertificateHolder.getSubject();
                str6 = str5 + "WITH" + getCertSigAlg(x509CertificateHolder);
            }
            byte[] bArr = new byte[20];
            getSecureRandom().nextBytes(bArr);
            BigInteger bigInteger = new BigInteger(1, bArr);
            AsymmetricCipherKeyPair createKeyPair = createKeyPair(str3, str4, i);
            Date date = new Date(System.currentTimeMillis() + (i2 * 24 * 3600 * 1000));
            SubjectPublicKeyInfo createSubjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(createKeyPair.getPublic());
            X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new DefaultDigestAlgorithmIdentifierFinder().find(str5)));
            SubjectKeyIdentifier createSubjectKeyIdentifier = x509ExtensionUtils.createSubjectKeyIdentifier(createSubjectPublicKeyInfo);
            AuthorityKeyIdentifier createAuthorityKeyIdentifier = x509ExtensionUtils.createAuthorityKeyIdentifier(x509CertificateHolder != null ? x509CertificateHolder.getSubjectPublicKeyInfo() : createSubjectPublicKeyInfo);
            PrivateKeyInfo createPrivateKeyInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(createKeyPair.getPrivate());
            ContentSigner signer = getSigner(str6, str2 != null ? readPrivateKeyFromPEM(str2) : createPrivateKeyInfo);
            BcX509v3CertificateBuilder bcX509v3CertificateBuilder = new BcX509v3CertificateBuilder(subject, bigInteger, new Date(), date, x500Name, createKeyPair.getPublic());
            if (extensionArr != null) {
                for (Extension extension : extensionArr) {
                    bcX509v3CertificateBuilder.addExtension(extension);
                }
            }
            bcX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier);
            bcX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier);
            X509CertificateHolder build = bcX509v3CertificateBuilder.build(signer);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream));
            jcaPEMWriter.writeObject(build);
            jcaPEMWriter.flush();
            if (str != null) {
                byteArrayOutputStream.write(str.getBytes(SUtil.UTF8));
            }
            jcaPEMWriter.close();
            JcaPEMWriter jcaPEMWriter2 = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream2));
            jcaPEMWriter2.writeObject(createPrivateKeyInfo);
            jcaPEMWriter2.close();
            return new Tuple2<>(new String(byteArrayOutputStream.toByteArray(), SUtil.UTF8), new String(byteArrayOutputStream2.toByteArray(), SUtil.UTF8));
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    protected static final AsymmetricCipherKeyPair createKeyPair(String str, String str2, int i) {
        AsymmetricCipherKeyPair asymmetricCipherKeyPair = null;
        if ("RSA".equals(str) || "RSAANDMGF1".equals(str)) {
            RSAKeyGenerationParameters rSAKeyGenerationParameters = new RSAKeyGenerationParameters(new BigInteger("65537"), getSecureRandom(), 4096, 100);
            RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
            rSAKeyPairGenerator.init(rSAKeyGenerationParameters);
            asymmetricCipherKeyPair = rSAKeyPairGenerator.generateKeyPair();
        } else if ("DSA".equals(str)) {
            DSAParametersGenerator dSAParametersGenerator = new DSAParametersGenerator();
            dSAParametersGenerator.init(i, 20, getSecureRandom());
            DSAKeyGenerationParameters dSAKeyGenerationParameters = new DSAKeyGenerationParameters(getSecureRandom(), dSAParametersGenerator.generateParameters());
            DSAKeyPairGenerator dSAKeyPairGenerator = new DSAKeyPairGenerator();
            dSAKeyPairGenerator.init(dSAKeyGenerationParameters);
            asymmetricCipherKeyPair = dSAKeyPairGenerator.generateKeyPair();
        } else if ("ECDSA".equals(str)) {
            String str3 = (str2 == null || "BRAINPOOL".equals(str2.toUpperCase())) ? i > 384 ? "brainpoolp512r1" : i > 256 ? "brainpoolp384r1" : "brainpoolp256r1" : "NIST K".equals(str2.toUpperCase()) ? i > 384 ? "K-571" : i > 256 ? "K-409" : "K-283" : i > 384 ? "P-521" : i > 256 ? "P-384" : "P-256";
            X9ECParameters byName = CustomNamedCurves.getByName(str3);
            if (byName == null) {
                byName = ECNamedCurveTable.getByName(str3);
            }
            ECKeyGenerationParameters eCKeyGenerationParameters = new ECKeyGenerationParameters(new ECNamedDomainParameters(ECNamedCurveTable.getOID(str3), byName.getCurve(), byName.getG(), byName.getN(), byName.getH(), byName.getSeed()), getSecureRandom());
            ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
            eCKeyPairGenerator.init(eCKeyGenerationParameters);
            asymmetricCipherKeyPair = eCKeyPairGenerator.generateKeyPair();
        }
        if (asymmetricCipherKeyPair == null) {
            throw new IllegalArgumentException("Could not generate key pair: Signature scheme " + str + " not found.");
        }
        return asymmetricCipherKeyPair;
    }

    protected static final ContentSigner getSigner(String str, PrivateKeyInfo privateKeyInfo) {
        ECPrivateKeyParameters createKey;
        try {
            String[] split = str.split("WITH");
            String str2 = split[1];
            String str3 = split[0];
            if ("ECDSA".equals(str2)) {
                X9ECParameters parameters = privateKeyInfo.getPrivateKeyAlgorithm().getParameters();
                ASN1ObjectIdentifier parameters2 = (parameters instanceof X962Parameters ? (X962Parameters) parameters : parameters instanceof X9ECParameters ? new X962Parameters(parameters) : new X962Parameters((ASN1ObjectIdentifier) parameters)).getParameters();
                X9ECParameters byOID = CustomNamedCurves.getByOID(parameters2);
                if (byOID == null) {
                    byOID = ECNamedCurveTable.getByOID(parameters2);
                }
                createKey = new ECPrivateKeyParameters(ECPrivateKey.getInstance(privateKeyInfo.parsePrivateKey()).getKey(), new ECNamedDomainParameters(parameters2, byOID.getCurve(), byOID.getG(), byOID.getN(), byOID.getH(), byOID.getSeed()));
            } else {
                createKey = PrivateKeyFactory.createKey(privateKeyInfo);
            }
            DefaultSignatureAlgorithmIdentifierFinder defaultSignatureAlgorithmIdentifierFinder = new DefaultSignatureAlgorithmIdentifierFinder();
            DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
            BcECContentSignerBuilder bcECContentSignerBuilder = null;
            if ("ECDSA".equals(str2)) {
                bcECContentSignerBuilder = new BcECContentSignerBuilder(defaultSignatureAlgorithmIdentifierFinder.find(str), defaultDigestAlgorithmIdentifierFinder.find(str3));
            } else if ("RSA".equals(str2)) {
                bcECContentSignerBuilder = new BcRSAContentSignerBuilder(defaultSignatureAlgorithmIdentifierFinder.find(str), defaultDigestAlgorithmIdentifierFinder.find(str3));
            } else if ("DSA".equals(str2)) {
                bcECContentSignerBuilder = new BcDSAContentSignerBuilder(defaultSignatureAlgorithmIdentifierFinder.find(str), defaultDigestAlgorithmIdentifierFinder.find(str3));
            }
            return bcECContentSignerBuilder.build(createKey);
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    protected static final ContentVerifier getDefaultVerifier(X509CertificateHolder x509CertificateHolder) {
        try {
            return getVerifierProvider(x509CertificateHolder).get(new DefaultSignatureAlgorithmIdentifierFinder().find("SHA512WITH" + getCertSigAlg(x509CertificateHolder)));
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    protected static final ContentVerifierProvider getVerifierProvider(Object obj) {
        String certSigAlg = obj instanceof X509CertificateHolder ? getCertSigAlg((X509CertificateHolder) obj) : getSigAlg((SubjectPublicKeyInfo) obj);
        DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
        BcECContentVerifierProviderBuilder bcECContentVerifierProviderBuilder = null;
        if ("ECDSA".equals(certSigAlg)) {
            bcECContentVerifierProviderBuilder = new BcECContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        } else if ("RSA".equals(certSigAlg)) {
            bcECContentVerifierProviderBuilder = new BcRSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        } else if ("DSA".equals(certSigAlg)) {
            bcECContentVerifierProviderBuilder = new BcDSAContentVerifierProviderBuilder(defaultDigestAlgorithmIdentifierFinder);
        }
        try {
            return obj instanceof X509CertificateHolder ? bcECContentVerifierProviderBuilder.build((X509CertificateHolder) obj) : bcECContentVerifierProviderBuilder.build(PublicKeyFactory.createKey((SubjectPublicKeyInfo) obj));
        } catch (Exception e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    protected static final byte[] asn1ToBytes(ASN1Object aSN1Object) {
        try {
            return aSN1Object.toASN1Primitive().getEncoded("DER");
        } catch (IOException e) {
            throw SUtil.throwUnchecked(e);
        }
    }

    public static byte[] deriveKeyFromPassword(String str, byte[] bArr) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        if (bArr == null) {
            bArr = str.getBytes(SUtil.UTF8);
        }
        return SCryptParallel.generate(str.getBytes(SUtil.UTF8), bArr, SCRYPT_N, SCRYPT_R, SCRYPT_P, 32);
    }

    static {
        SUtil.ensureNonblockingSecureRandom();
        getSecureRandom();
    }
}
