package org.xipki.security.pkcs11.emulator;

import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
import org.xipki.security.EdECConstants;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-extra-5.3.9.jar:org/xipki/security/pkcs11/emulator/PrivateKeyCryptor.class */
class PrivateKeyCryptor {
    private static final ASN1ObjectIdentifier ALGO = PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC;
    private static final int ITERATION_COUNT = 2048;
    private OutputEncryptor encryptor;
    private InputDecryptorProvider decryptorProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKeyCryptor(char[] cArr) throws P11TokenException {
        Args.notNull(cArr, "password");
        JcePKCSPBEOutputEncryptorBuilder jcePKCSPBEOutputEncryptorBuilder = new JcePKCSPBEOutputEncryptorBuilder(ALGO);
        jcePKCSPBEOutputEncryptorBuilder.setProvider("BC");
        jcePKCSPBEOutputEncryptorBuilder.setIterationCount(ITERATION_COUNT);
        try {
            this.encryptor = jcePKCSPBEOutputEncryptorBuilder.build(cArr);
            this.decryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder().build(cArr);
        } catch (OperatorCreationException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey decrypt(PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo) throws P11TokenException {
        PrivateKeyInfo decryptPrivateKeyInfo;
        Args.notNull(pKCS8EncryptedPrivateKeyInfo, "encryptedPrivateKeyInfo");
        synchronized (this.decryptorProvider) {
            try {
                decryptPrivateKeyInfo = pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(this.decryptorProvider);
            } catch (PKCSException e) {
                throw new P11TokenException(e.getMessage(), e);
            }
        }
        AlgorithmIdentifier privateKeyAlgorithm = decryptPrivateKeyInfo.getPrivateKeyAlgorithm();
        ASN1ObjectIdentifier algorithm = privateKeyAlgorithm.getAlgorithm();
        String name = PKCSObjectIdentifiers.rsaEncryption.equals(algorithm) ? "RSA" : X9ObjectIdentifiers.id_dsa.equals(algorithm) ? "DSA" : X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm) ? "EC" : EdECConstants.getName(privateKeyAlgorithm.getAlgorithm());
        if (name == null) {
            throw new P11TokenException("unknown private key algorithm " + algorithm.getId());
        }
        try {
            return KeyFactory.getInstance(name, "BC").generatePrivate(new PKCS8EncodedKeySpec(decryptPrivateKeyInfo.getEncoded()));
        } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e2) {
            throw new P11TokenException(e2.getClass().getName() + ": " + e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS8EncryptedPrivateKeyInfo encrypt(PrivateKey privateKey) {
        PKCS8EncryptedPrivateKeyInfo build;
        Args.notNull(privateKey, "privateKey");
        PKCS8EncryptedPrivateKeyInfoBuilder pKCS8EncryptedPrivateKeyInfoBuilder = new PKCS8EncryptedPrivateKeyInfoBuilder(PrivateKeyInfo.getInstance(privateKey.getEncoded()));
        synchronized (this.encryptor) {
            build = pKCS8EncryptedPrivateKeyInfoBuilder.build(this.encryptor);
        }
        return build;
    }
}
