package org.wso2.carbon.crypto.provider.hsm;

import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.RSAPublicKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.crypto.api.CryptoException;

/* loaded from: input_file:org/wso2/carbon/crypto/provider/hsm/PKCS11JCEObjectMapper.class */
public class PKCS11JCEObjectMapper {
    private static Log log = LogFactory.getLog(PKCS11JCEObjectMapper.class);

    public static PKCS11CertificateData mapCertificateJCEToPKCS11(Certificate certificate) throws CryptoException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CryptoException(String.format("PKCS11 JCE object mapper doesn't support for conversion of %s type certificates from JCE to PKCS #11.", certificate.getType()));
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509PublicKeyCertificate mapX509CertJCEToPKCS11 = mapX509CertJCEToPKCS11(x509Certificate);
        RSAPublicKey mapRSAPublicKeyJCEToPKCS11 = mapRSAPublicKeyJCEToPKCS11(x509Certificate);
        if (log.isDebugEnabled()) {
            log.debug("Successfully mapped PKCS #11 X.509 public certificate to JCE X.509 public certificate.");
        }
        return new PKCS11CertificateData(mapX509CertJCEToPKCS11, mapRSAPublicKeyJCEToPKCS11);
    }

    public static Certificate mapCertificatePKCS11ToJCE(iaik.pkcs.pkcs11.objects.Certificate certificate) throws CryptoException {
        if (!(certificate instanceof X509PublicKeyCertificate)) {
            throw new CryptoException(String.format("PKCS11 JCE object mapper doesn't support for conversion of %s type certificates from PKCS #11 to JCE.", certificate.getClass()));
        }
        if (log.isDebugEnabled()) {
            log.debug("Mapping JCE X.509 public certificate to PKCS #11 X.509 public certificate.");
        }
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((X509PublicKeyCertificate) certificate).getValue().getByteArrayValue()));
            if (log.isDebugEnabled()) {
                log.debug("Successfully mapped JCE X.509 public certificate to PKCS #11 X.509 public certificate.");
            }
            return generateCertificate;
        } catch (CertificateException e) {
            throw new CryptoException(String.format("Error occurred while generating X.509 certificate from the retrieved certificate from the HSM.", new Object[0]), e);
        }
    }

    public static PrivateKey mapPrivateKeyJCEToPKCS11(java.security.PrivateKey privateKey) throws CryptoException {
        if (!(privateKey instanceof RSAPrivateKey)) {
            throw new CryptoException(String.format("PKCS11 JCE object mapper doesn't support for conversion of %s type private keys from JCE to PKCS #11.", privateKey.getClass()));
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
        iaik.pkcs.pkcs11.objects.RSAPrivateKey rSAPrivateKey2 = new iaik.pkcs.pkcs11.objects.RSAPrivateKey();
        rSAPrivateKey2.getModulus().setByteArrayValue(rSAPrivateKey.getModulus().toByteArray());
        rSAPrivateKey2.getPrivateExponent().setByteArrayValue(rSAPrivateKey.getPrivateExponent().toByteArray());
        if (log.isDebugEnabled()) {
            log.debug("Successfully mapped JCE RSA private key to PKCS #11 RSA private key.");
        }
        return rSAPrivateKey2;
    }

    public static java.security.PrivateKey mapPrivateKeyPKCS11ToJCE(PrivateKey privateKey) throws CryptoException {
        if (!(privateKey instanceof iaik.pkcs.pkcs11.objects.RSAPrivateKey)) {
            throw new CryptoException(String.format("PKCS11 JCE object mapper doesn't support for conversion of %s type private keys from PKCS #11 to JCE.", privateKey.getClass()));
        }
        if (log.isDebugEnabled()) {
            log.debug("Mapping PKCS #11 RSA private key to JCE RSA private key.");
        }
        iaik.pkcs.pkcs11.objects.RSAPrivateKey rSAPrivateKey = (iaik.pkcs.pkcs11.objects.RSAPrivateKey) privateKey;
        try {
            java.security.PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(new BigInteger(rSAPrivateKey.getModulus().getByteArrayValue()), new BigInteger(rSAPrivateKey.getPrivateExponent().getByteArrayValue())));
            if (log.isDebugEnabled()) {
                log.debug("Successfully mapped PKCS #11 RSA private key to JCE RSA private key.");
            }
            return generatePrivate;
        } catch (NoSuchAlgorithmException e) {
            throw new CryptoException(String.format("Invalid key generation algorithm '%s'.", "RSA"), e);
        } catch (InvalidKeySpecException e2) {
            throw new CryptoException(String.format("Provided key specification is invalid for key alias '%s'", new String(privateKey.getLabel().getCharArrayValue())), e2);
        }
    }

    protected static RSAPublicKey mapRSAPublicKeyJCEToPKCS11(X509Certificate x509Certificate) throws CryptoException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof java.security.interfaces.RSAPublicKey)) {
            throw new CryptoException(String.format("PKCS11 JCE object mapper doesn't support for conversion of %s type public keys from JCE to PKCS #11.", publicKey.getClass()));
        }
        java.security.interfaces.RSAPublicKey rSAPublicKey = (java.security.interfaces.RSAPublicKey) publicKey;
        RSAPublicKey rSAPublicKey2 = new RSAPublicKey();
        rSAPublicKey2.getSubject().setByteArrayValue(x509Certificate.getSubjectX500Principal().getEncoded());
        rSAPublicKey2.getModulus().setByteArrayValue(rSAPublicKey.getModulus().toByteArray());
        rSAPublicKey2.getPublicExponent().setByteArrayValue(rSAPublicKey.getPublicExponent().toByteArray());
        if (log.isDebugEnabled()) {
            log.debug("Successfully mapped JCE RSA public key to PKCS #11 public key.");
        }
        return rSAPublicKey2;
    }

    protected static X509PublicKeyCertificate mapX509CertJCEToPKCS11(X509Certificate x509Certificate) throws CryptoException {
        X509PublicKeyCertificate x509PublicKeyCertificate = new X509PublicKeyCertificate();
        x509PublicKeyCertificate.getSubject().setByteArrayValue(x509Certificate.getSubjectX500Principal().getEncoded());
        x509PublicKeyCertificate.getIssuer().setByteArrayValue(x509Certificate.getIssuerX500Principal().getEncoded());
        x509PublicKeyCertificate.getSerialNumber().setByteArrayValue(x509Certificate.getSerialNumber().toByteArray());
        try {
            x509PublicKeyCertificate.getValue().setByteArrayValue(x509Certificate.getEncoded());
            if (log.isDebugEnabled()) {
                log.debug("Successfully mapped X509 Java certificate to PKCS #11 certificate.");
            }
            return x509PublicKeyCertificate;
        } catch (CertificateEncodingException e) {
            throw new CryptoException("Error occurred while encoding the certificate.", e);
        }
    }
}
