package org.xipki.security.pkcs12;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jcajce.interfaces.EdDSAKey;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.bouncycastle.operator.ContentSigner;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.SignAlgo;
import org.xipki.security.SignatureSigner;
import org.xipki.security.X509Cert;
import org.xipki.security.util.GMUtil;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.RandomUtil;

/* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/pkcs12/P12KeyGenerator.class */
public class P12KeyGenerator {
    private static final long MIN = 60000;
    private static final long DAY = 86400000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/pkcs12/P12KeyGenerator$KeyAndCertPair.class */
    public static class KeyAndCertPair {
        private final X509Cert cert;
        private final PrivateKey key;

        KeyAndCertPair(X509Cert x509Cert, PrivateKey privateKey) {
            this.key = privateKey;
            this.cert = x509Cert;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/pkcs12/P12KeyGenerator$KeyPairWithSubjectPublicKeyInfo.class */
    public static class KeyPairWithSubjectPublicKeyInfo {
        private final KeyPair keypair;
        private final SubjectPublicKeyInfo subjectPublicKeyInfo;

        public KeyPairWithSubjectPublicKeyInfo(KeyPair keyPair, SubjectPublicKeyInfo subjectPublicKeyInfo) throws InvalidKeySpecException {
            this.keypair = keyPair;
            this.subjectPublicKeyInfo = X509Util.toRfc3279Style(subjectPublicKeyInfo);
        }

        public KeyPair getKeypair() {
            return this.keypair;
        }

        public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
            return this.subjectPublicKeyInfo;
        }
    }

    public KeyStoreWrapper generateRSAKeypair(int i, BigInteger bigInteger, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        return generateIdentity(genRSAKeypair(i, bigInteger, keystoreGenerationParameters.getRandom()), keystoreGenerationParameters, str);
    }

    public KeyStoreWrapper generateDSAKeypair(int i, int i2, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        return generateIdentity(genDSAKeypair(i, i2, keystoreGenerationParameters.getRandom()), keystoreGenerationParameters, str);
    }

    public KeyStoreWrapper generateECKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        KeyPair generateECKeypair = KeyUtil.generateECKeypair(aSN1ObjectIdentifier, keystoreGenerationParameters.getRandom());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, aSN1ObjectIdentifier);
        ECPublicKey eCPublicKey = (ECPublicKey) generateECKeypair.getPublic();
        return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(generateECKeypair, new SubjectPublicKeyInfo(algorithmIdentifier, KeyUtil.getUncompressedEncodedECPoint(eCPublicKey.getW(), eCPublicKey.getParams().getOrder().bitLength()))), keystoreGenerationParameters, str);
    }

    public KeyStoreWrapper generateEdECKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        if (!EdECConstants.isEdwardsOrMontgomeryCurve(aSN1ObjectIdentifier)) {
            throw new IllegalArgumentException("invalid EdDSA curve  " + aSN1ObjectIdentifier.getId());
        }
        KeyPair generateEdECKeypair = KeyUtil.generateEdECKeypair(aSN1ObjectIdentifier, keystoreGenerationParameters.getRandom());
        return generateIdentity(new KeyPairWithSubjectPublicKeyInfo(generateEdECKeypair, KeyUtil.createSubjectPublicKeyInfo(generateEdECKeypair.getPublic())), keystoreGenerationParameters, str);
    }

    public KeyStoreWrapper generateSecretKey(String str, int i, KeystoreGenerationParameters keystoreGenerationParameters) throws Exception {
        byte[] bArr;
        if (i % 8 != 0) {
            throw new IllegalArgumentException("keyBitLen (" + i + ") must be multiple of 8");
        }
        SecureRandom random = keystoreGenerationParameters.getRandom();
        if (random == null) {
            bArr = RandomUtil.nextBytes(i / 8);
        } else {
            bArr = new byte[i / 8];
            random.nextBytes(bArr);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
        KeyStore outKeyStore = KeyUtil.getOutKeyStore("JCEKS");
        outKeyStore.load(null, keystoreGenerationParameters.getPassword());
        outKeyStore.setKeyEntry("main", secretKeySpec, keystoreGenerationParameters.getPassword(), null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            outKeyStore.store(byteArrayOutputStream, keystoreGenerationParameters.getPassword());
            byteArrayOutputStream.flush();
            KeyStoreWrapper keyStoreWrapper = new KeyStoreWrapper(byteArrayOutputStream.toByteArray());
            keyStoreWrapper.setKeystoreObject(outKeyStore);
            return keyStoreWrapper;
        } catch (Throwable th) {
            byteArrayOutputStream.flush();
            throw th;
        }
    }

    private KeyPairWithSubjectPublicKeyInfo genRSAKeypair(int i, BigInteger bigInteger, SecureRandom secureRandom) throws Exception {
        KeyPair generateRSAKeypair = KeyUtil.generateRSAKeypair(i, bigInteger, secureRandom);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateRSAKeypair.getPublic();
        return new KeyPairWithSubjectPublicKeyInfo(generateRSAKeypair, new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent())));
    }

    private KeyPairWithSubjectPublicKeyInfo genDSAKeypair(int i, int i2, SecureRandom secureRandom) throws Exception {
        KeyPair generateDSAKeypair = KeyUtil.generateDSAKeypair(i, i2, secureRandom);
        return new KeyPairWithSubjectPublicKeyInfo(generateDSAKeypair, KeyUtil.createSubjectPublicKeyInfo(generateDSAKeypair.getPublic()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v9, types: [byte[], byte[][]] */
    public static KeyStoreWrapper generateIdentity(KeyPairWithSubjectPublicKeyInfo keyPairWithSubjectPublicKeyInfo, KeystoreGenerationParameters keystoreGenerationParameters, String str) throws Exception {
        Date date = new Date(new Date().getTime() - 600000);
        Date date2 = new Date(date.getTime() + 315360000000L);
        X500Name x500Name = new X500Name(str == null ? "CN=DUMMY" : str);
        SubjectPublicKeyInfo subjectPublicKeyInfo = keyPairWithSubjectPublicKeyInfo.getSubjectPublicKeyInfo();
        ContentSigner contentSigner = getContentSigner(keyPairWithSubjectPublicKeyInfo.getKeypair().getPrivate(), keyPairWithSubjectPublicKeyInfo.getKeypair().getPublic());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, date, date2, x500Name, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(HashAlgo.SHA1.hash(new byte[]{keyPairWithSubjectPublicKeyInfo.getSubjectPublicKeyInfo().getPublicKeyData().getBytes()})));
        KeyAndCertPair keyAndCertPair = new KeyAndCertPair(new X509Cert(x509v3CertificateBuilder.build(contentSigner)), keyPairWithSubjectPublicKeyInfo.getKeypair().getPrivate());
        KeyStore outKeyStore = KeyUtil.getOutKeyStore("PKCS12");
        outKeyStore.load(null, keystoreGenerationParameters.getPassword());
        outKeyStore.setKeyEntry("main", keyAndCertPair.key, keystoreGenerationParameters.getPassword(), new Certificate[]{keyAndCertPair.cert.toJceCert()});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            outKeyStore.store(byteArrayOutputStream, keystoreGenerationParameters.getPassword());
            byteArrayOutputStream.flush();
            KeyStoreWrapper keyStoreWrapper = new KeyStoreWrapper(byteArrayOutputStream.toByteArray());
            keyStoreWrapper.setKeystoreObject(outKeyStore);
            return keyStoreWrapper;
        } catch (Throwable th) {
            byteArrayOutputStream.flush();
            throw th;
        }
    }

    private static ContentSigner getContentSigner(PrivateKey privateKey, PublicKey publicKey) throws Exception {
        SignAlgo signAlgo;
        if (privateKey instanceof XDHKey) {
            String algorithm = privateKey.getAlgorithm();
            ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(algorithm);
            if (curveOid == null || !EdECConstants.isMontgomeryCurve(curveOid)) {
                throw new InvalidKeyException("unknown XDH key algorithm " + algorithm);
            }
            return new SignatureSigner(new AlgorithmIdentifier(curveOid), Signature.getInstance("EdDSA", "BC"), KeyUtil.convertXDHToDummyEdDSAPrivateKey(privateKey));
        }
        P12ContentSignerBuilder p12ContentSignerBuilder = new P12ContentSignerBuilder(privateKey, publicKey);
        if (privateKey instanceof RSAPrivateKey) {
            signAlgo = SignAlgo.RSA_SHA256;
        } else if (privateKey instanceof DSAPrivateKey) {
            signAlgo = SignAlgo.DSA_SHA256;
        } else if (privateKey instanceof ECPrivateKey) {
            if (GMUtil.isSm2primev2Curve(((ECPublicKey) publicKey).getParams().getCurve())) {
                signAlgo = SignAlgo.SM2_SM3;
            } else {
                int bitLength = ((ECPrivateKey) privateKey).getParams().getOrder().bitLength();
                signAlgo = bitLength > 384 ? SignAlgo.ECDSA_SHA512 : bitLength > 256 ? SignAlgo.ECDSA_SHA384 : bitLength > 160 ? SignAlgo.ECDSA_SHA256 : SignAlgo.ECDSA_SHA1;
            }
        } else {
            if (!(privateKey instanceof EdDSAKey)) {
                throw new IllegalArgumentException("unknown type of key " + privateKey.getClass().getName());
            }
            String algorithm2 = privateKey.getAlgorithm();
            ASN1ObjectIdentifier curveOid2 = EdECConstants.getCurveOid(algorithm2);
            if (EdECConstants.id_ED25519.equals(curveOid2)) {
                signAlgo = SignAlgo.ED25519;
            } else {
                if (!EdECConstants.id_ED448.equals(curveOid2)) {
                    throw new IllegalArgumentException("unknown EdDSA key algorithm " + algorithm2);
                }
                signAlgo = SignAlgo.ED448;
            }
        }
        return p12ContentSignerBuilder.createSigner(signAlgo, 1, null).borrowSigner().value();
    }
}
