package net.sourceforge.jcetaglib.tools;

import java.io.ByteArrayInputStream;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import net.sourceforge.jcetaglib.lib.CertTools;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;

/* loaded from: input_file:net/sourceforge/jcetaglib/tools/KeyTools.class */
public class KeyTools {
    private static byte[] salt = {35, -56, -103, -116, -60, -1, -18, 125};
    private static int count = 100;
    private static String alg = "1.2.840.113549.1.12.1.3";

    private KeyTools() {
    }

    public static KeyStore createP12(String str, PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        return createP12(str, privateKey, x509Certificate, x509Certificate2 == null ? null : new Certificate[]{x509Certificate2});
    }

    public static KeyStore createP12(String str, PrivateKey privateKey, X509Certificate x509Certificate, Certificate[] certificateArr) throws Exception {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Parameter cert cannot be null.");
        }
        PKCS12BagAttributeCarrier[] pKCS12BagAttributeCarrierArr = new Certificate[certificateArr != null ? 1 + certificateArr.length : 1];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        pKCS12BagAttributeCarrierArr[0] = certificateFactory.generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        if (certificateArr != null) {
            for (int i = 0; i < certificateArr.length; i++) {
                pKCS12BagAttributeCarrierArr[i + 1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
            }
        }
        if (pKCS12BagAttributeCarrierArr.length > 1) {
            for (int i2 = 1; i2 < pKCS12BagAttributeCarrierArr.length; i2++) {
                pKCS12BagAttributeCarrierArr[i2].setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(CertTools.getPartFromDN(((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(pKCS12BagAttributeCarrierArr[i2].getEncoded()))).getSubjectDN().toString(), "CN")));
            }
        }
        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = pKCS12BagAttributeCarrierArr[0];
        pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
        pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, CertTools.createSubjectKeyId(pKCS12BagAttributeCarrierArr[0].getPublicKey()));
        Key generatePrivate = KeyFactory.getInstance(privateKey.getAlgorithm(), "BC").generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded()));
        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = (PKCS12BagAttributeCarrier) generatePrivate;
        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, CertTools.createSubjectKeyId(pKCS12BagAttributeCarrierArr[0].getPublicKey()));
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, generatePrivate, null, pKCS12BagAttributeCarrierArr);
        return keyStore;
    }

    public static Certificate[] getCertChain(KeyStore keyStore, String str) throws KeyStoreException {
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain.length < 1) {
            System.out.println(new StringBuffer().append("Cannot load certificate chain with alias '").append(str).append("' from keystore.").toString());
            return certificateChain;
        }
        if (certificateChain.length > 0 && CertTools.isSelfSigned((X509Certificate) certificateChain[certificateChain.length - 1])) {
            return certificateChain;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateChain) {
            arrayList.add(certificate);
        }
        boolean z = false;
        while (!z) {
            Certificate[] certificateChain2 = keyStore.getCertificateChain(CertTools.getPartFromDN(((X509Certificate) arrayList.get(arrayList.size() - 1)).getIssuerDN().toString(), "CN"));
            if (certificateChain2 == null) {
                z = true;
            } else {
                if (certificateChain2.length == 0) {
                    System.out.println("No RootCA certificate found!");
                    z = true;
                }
                for (int i = 0; i < certificateChain2.length; i++) {
                    arrayList.add(certificateChain2[i]);
                    if (CertTools.isSelfSigned((X509Certificate) certificateChain2[i])) {
                        z = true;
                    }
                }
            }
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            certificateArr[i2] = (X509Certificate) arrayList.get(i2);
        }
        return certificateArr;
    }

    public static PrivateKey decryptPrivateKey(byte[] bArr, String str) throws Exception {
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(salt, count);
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(alg, "BC");
        algorithmParameters.init(pBEParameterSpec);
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(algorithmParameters, bArr);
        PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray());
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(alg, "BC");
        Cipher cipher = Cipher.getInstance(alg, "BC");
        cipher.init(2, secretKeyFactory.generateSecret(pBEKeySpec), encryptedPrivateKeyInfo.getAlgParameters());
        return KeyFactory.getInstance("RSA").generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher));
    }
}
