package org.xipki.ca.gateway.cmp;

import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.IESEngine;
import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.jcajce.provider.asymmetric.ec.IESCipher;
import org.bouncycastle.jce.spec.IESParameterSpec;
import org.bouncycastle.operator.OperatorException;
import org.xipki.security.HashAlgo;
import org.xipki.security.ObjectIdentifiers;

/* loaded from: input_file:WEB-INF/classes/org/xipki/ca/gateway/cmp/CrmfKeyWrapper.class */
abstract class CrmfKeyWrapper {

    /* loaded from: input_file:WEB-INF/classes/org/xipki/ca/gateway/cmp/CrmfKeyWrapper$ECIESAsymmetricKeyWrapper.class */
    static class ECIESAsymmetricKeyWrapper extends CrmfKeyWrapper {
        private final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(ObjectIdentifiers.Secg.id_ecies_specifiedParameters, buildECIESParameters());
        private static final int ephemeralPublicKeyLen = 65;
        private static final int macLen = 20;
        private static final int aesKeySize = 128;
        private final PublicKey publicKey;

        public ECIESAsymmetricKeyWrapper(PublicKey publicKey) {
            this.publicKey = publicKey;
        }

        @Override // org.xipki.ca.gateway.cmp.CrmfKeyWrapper
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return this.algorithmIdentifier;
        }

        @Override // org.xipki.ca.gateway.cmp.CrmfKeyWrapper
        public byte[] generateWrappedKey(byte[] bArr) throws OperatorException {
            try {
                IESCipher iESCipher = new IESCipher(new IESEngine(new ECDHBasicAgreement(), new KDF2BytesGenerator(new SHA1Digest()), new HMac(new SHA1Digest()), new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()))), 16);
                iESCipher.engineInit(1, this.publicKey, new IESParameterSpec((byte[]) null, (byte[]) null, 128, 128, new byte[16]), new SecureRandom());
                byte[] engineDoFinal = iESCipher.engineDoFinal(bArr, 0, bArr.length);
                byte[] bArr2 = new byte[ephemeralPublicKeyLen];
                System.arraycopy(engineDoFinal, 0, bArr2, 0, ephemeralPublicKeyLen);
                int length = (engineDoFinal.length - ephemeralPublicKeyLen) - 20;
                byte[] bArr3 = new byte[length];
                System.arraycopy(engineDoFinal, ephemeralPublicKeyLen, bArr3, 0, length);
                byte[] bArr4 = new byte[20];
                System.arraycopy(engineDoFinal, ephemeralPublicKeyLen + length, bArr4, 0, 20);
                return new DERSequence(new ASN1Encodable[]{new DEROctetString(bArr2), new DEROctetString(bArr3), new DEROctetString(bArr4)}).getEncoded();
            } catch (Exception e) {
                throw new OperatorException("error while generateWrappedKey", e);
            }
        }

        private ASN1Sequence buildECIESParameters() {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERTaggedObject(true, 0, new AlgorithmIdentifier(ObjectIdentifiers.Misc.id_iso18033_kdf2, new AlgorithmIdentifier(HashAlgo.SHA1.getOid()))));
            aSN1EncodableVector.add(new DERTaggedObject(true, 1, new AlgorithmIdentifier(ObjectIdentifiers.Secg.id_aes128_cbc_in_ecies)));
            aSN1EncodableVector.add(new DERTaggedObject(true, 2, new AlgorithmIdentifier(ObjectIdentifiers.Secg.id_hmac_full_ecies, new AlgorithmIdentifier(HashAlgo.SHA1.getOid()))));
            return new DERSequence(aSN1EncodableVector);
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/xipki/ca/gateway/cmp/CrmfKeyWrapper$RSAOAEPAsymmetricKeyWrapper.class */
    static class RSAOAEPAsymmetricKeyWrapper extends CrmfKeyWrapper {
        private static final AlgorithmIdentifier OAEP_DFLT = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, new RSAESOAEPparams());
        private final PublicKey publicKey;

        public RSAOAEPAsymmetricKeyWrapper(PublicKey publicKey) {
            this.publicKey = publicKey;
        }

        @Override // org.xipki.ca.gateway.cmp.CrmfKeyWrapper
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return OAEP_DFLT;
        }

        @Override // org.xipki.ca.gateway.cmp.CrmfKeyWrapper
        public byte[] generateWrappedKey(byte[] bArr) throws OperatorException {
            try {
                Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPADDING", "BC");
                cipher.init(1, this.publicKey);
                return cipher.doFinal(bArr);
            } catch (Exception e) {
                throw new OperatorException("error in generateWrappedKey", e);
            }
        }
    }

    CrmfKeyWrapper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract AlgorithmIdentifier getAlgorithmIdentifier();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract byte[] generateWrappedKey(byte[] bArr) throws OperatorException;
}
