package org.wso2.xkms2.util;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:org/wso2/xkms2/util/XKMSKeyUtil.class */
public class XKMSKeyUtil {
    private static byte[] KEY1;
    private static byte[] KEY2;
    private static byte[] KEY3;
    private static byte[] KEY4;

    public static Key getAuthenticationKey(String str) {
        return getAuthenticationKey(str.getBytes());
    }

    public static Key getPrivateKey(String str, String str2) {
        return getPivateKey(str.getBytes(), str2);
    }

    private static Key getPivateKey(byte[] bArr, String str) {
        if ("DESede".equals(str)) {
            return bytesToDESKey(privateKeyTransform(bArr, 24));
        }
        throw new IllegalArgumentException(new StringBuffer().append("Invalid algorithm ").append(str).toString());
    }

    private static Key getAuthenticationKey(byte[] bArr) {
        return bytesToKey(authenticationTransform(bArr));
    }

    private static byte[] authenticationTransform(byte[] bArr) {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(bytesToKey(KEY1));
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e) {
            throw new RuntimeException("Can't generate Authentication Key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Can't generate Authentication Key", e2);
        }
    }

    private static Key bytesToKey(byte[] bArr) {
        return new SecretKeySpec(bArr, "RAW");
    }

    private static Key bytesToDESKey(byte[] bArr) {
        return new SecretKeySpec(bArr, "DESede");
    }

    public static X509Certificate getX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey) {
        return getX509Certificate(str, bigInteger, date, date2, true, true, publicKey, x509Certificate, privateKey);
    }

    public static X509Certificate getX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, boolean z, boolean z2, PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey) {
        try {
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            X500Principal x500Principal = new X500Principal(str);
            x509V3CertificateGenerator.setIssuerDN(new X509Name(PrincipalUtil.getSubjectX509Principal(x509Certificate).getName()));
            x509V3CertificateGenerator.setSerialNumber(bigInteger);
            x509V3CertificateGenerator.setNotBefore(date);
            x509V3CertificateGenerator.setNotAfter(date2);
            x509V3CertificateGenerator.setSubjectDN(new X509Name(x500Principal.getName()));
            x509V3CertificateGenerator.setPublicKey(publicKey);
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
            x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(x509Certificate));
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
            x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, buildKeyUsage(z, z2));
            return x509V3CertificateGenerator.generateX509Certificate(privateKey, "BC");
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static KeyPair generateRSAKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(1024);
            return keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (NoSuchProviderException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static byte[] privateKeyTransform(byte[] bArr, int i) {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(bytesToKey(KEY4));
            mac.update(bArr);
            byte[] doFinal = mac.doFinal();
            byte[] bArr2 = null;
            if (doFinal.length < i) {
                byte[] bArr3 = doFinal;
                bArr2 = (byte[]) doFinal.clone();
                while (bArr2.length < i) {
                    byte[] bArr4 = (byte[]) bArr3.clone();
                    bArr4[0] = (byte) (bArr4[0] & (255 ^ KEY4[0]));
                    mac.init(bytesToKey(bArr4));
                    mac.update(bArr);
                    byte[] doFinal2 = mac.doFinal();
                    byte[] bArr5 = new byte[bArr2.length + doFinal2.length];
                    System.arraycopy(bArr2, 0, bArr5, 0, bArr2.length);
                    System.arraycopy(doFinal2, 0, bArr5, bArr2.length, doFinal2.length);
                    bArr3 = doFinal2;
                    bArr2 = bArr5;
                }
            }
            byte[] bArr6 = new byte[i];
            if (doFinal.length > i) {
                System.arraycopy(doFinal, 0, bArr6, 0, i);
            } else {
                System.arraycopy(bArr2, 0, bArr6, 0, i);
            }
            return bArr6;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static KeyUsage buildKeyUsage(boolean z, boolean z2) {
        int i = 0;
        if (z) {
            i = 128;
        }
        if (z2) {
            i |= 16;
        }
        return new KeyUsage(i);
    }

    public static void listKeyStoreInfo(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                System.out.println(new StringBuffer().append(nextElement).append(keyStore.isKeyEntry(nextElement) ? " ->Key Entry " : " -> Certificate Entry").toString());
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        KEY1 = new byte[]{1};
        KEY2 = new byte[]{2};
        KEY3 = new byte[]{3};
        KEY4 = new byte[]{4};
    }
}
