package ru.i_novus.common.sign.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Date;
import org.apache.xml.security.encryption.XMLCipher;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.digests.GOST3411Digest;
import org.bouncycastle.crypto.digests.GOST3411_2012_256Digest;
import org.bouncycastle.crypto.digests.GOST3411_2012_512Digest;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.jcajce.provider.asymmetric.ecgost12.BCECGOST3410_2012PrivateKey;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ru.i_novus.common.sign.api.SignAlgorithmType;

/* loaded from: input_file:ru/i_novus/common/sign/util/CryptoUtil.class */
public class CryptoUtil {
    private static final Logger logger = LoggerFactory.getLogger(CryptoUtil.class);
    static final String CRYPTO_PROVIDER_NAME = "BC";
    private static final int BUFFER_SIZE = 1024;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ru.i_novus.common.sign.util.CryptoUtil$1, reason: invalid class name */
    /* loaded from: input_file:ru/i_novus/common/sign/util/CryptoUtil$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType = new int[SignAlgorithmType.values().length];

        static {
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410_2012_256.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410_2012_512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private CryptoUtil() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static KeyPair generateKeyPair(SignAlgorithmType signAlgorithmType, String str) throws NoSuchProviderException, NoSuchAlgorithmException {
        logger.info("Generating keypair, signAlgorithm: {}, parameterSpecName: {}", signAlgorithmType, str);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signAlgorithmType.getBouncyKeyAlgorithmName(), CRYPTO_PROVIDER_NAME);
        String paramSpec = getParamSpec(signAlgorithmType, str);
        logger.info("selected parameter specification name: {}", paramSpec);
        if (paramSpec != null) {
            try {
                keyPairGenerator.initialize((AlgorithmParameterSpec) new ECNamedCurveGenParameterSpec(paramSpec), new SecureRandom());
            } catch (InvalidAlgorithmParameterException e) {
                logger.error("Cannot initialize KeyGen with param '{}'", paramSpec, e);
                throw new IllegalStateException("Cannot initialize KeyGen", e);
            }
        }
        return keyPairGenerator.generateKeyPair();
    }

    private static String getParamSpec(SignAlgorithmType signAlgorithmType, String str) {
        String str2 = null;
        if (str == null) {
            if (!signAlgorithmType.getAvailableParameterSpecificationNames().isEmpty()) {
                str2 = (String) signAlgorithmType.getAvailableParameterSpecificationNames().get(0);
            }
        } else {
            if (!signAlgorithmType.getAvailableParameterSpecificationNames().contains(str)) {
                throw new IllegalArgumentException(MessageFormat.format("Parameter specification name {0} is not supported for algorithm {1}. Supported values: {2}", str, signAlgorithmType.name(), signAlgorithmType.getAvailableParameterSpecificationNames()));
            }
            str2 = str;
        }
        return str2;
    }

    /* JADX WARN: Type inference failed for: r2v19, types: [java.time.ZonedDateTime] */
    public static X509CertificateHolder selfSignedCertificate(String str, KeyPair keyPair, SignAlgorithmType signAlgorithmType, Date date, Date date2) {
        X500Name x500Name = new X500Name(str);
        ECPrivateKeyParameters eCPrivateKeyParameters = null;
        AsymmetricKeyParameter asymmetricKeyParameter = null;
        BigInteger bigInteger = BigInteger.ONE;
        Date date3 = date == null ? new Date() : date;
        Date date4 = date2 == null ? new Date(LocalDateTime.now().plusYears(1L).atZone(ZoneId.systemDefault()).toInstant().toEpochMilli()) : date2;
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = null;
        if (keyPair.getPublic() instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = keyPair.getPublic();
            ECParameterSpec parameters = eCPublicKey.getParameters();
            asymmetricKeyParameter = new ECPublicKeyParameters(eCPublicKey.getQ(), new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN()));
            ECPrivateKey eCPrivateKey = keyPair.getPrivate();
            ECParameterSpec parameters2 = eCPrivateKey.getParameters();
            eCPrivateKeyParameters = new ECPrivateKeyParameters(eCPrivateKey.getD(), new ECDomainParameters(parameters2.getCurve(), parameters2.getG(), parameters2.getN()));
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date3, date4, x500Name, keyPair.getPublic());
        } else if (keyPair.getPublic() instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
            asymmetricKeyParameter = new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
            eCPrivateKeyParameters = new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
            try {
                jcaX509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date3, date4, x500Name, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricKeyParameter));
            } catch (IOException e) {
                throw new UncheckedIOException("Cannot create SubjectPublicKeyInfo", e);
            }
        }
        if (asymmetricKeyParameter == null) {
            return null;
        }
        DefaultSignatureAlgorithmIdentifierFinder defaultSignatureAlgorithmIdentifierFinder = new DefaultSignatureAlgorithmIdentifierFinder();
        DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
        AlgorithmIdentifier find = defaultSignatureAlgorithmIdentifierFinder.find(signAlgorithmType.getSignatureAlgorithmName());
        AlgorithmIdentifier find2 = defaultDigestAlgorithmIdentifierFinder.find(find);
        BcECContentSignerBuilder bcECContentSignerBuilder = keyPair.getPublic() instanceof ECPublicKey ? new BcECContentSignerBuilder(find, find2) : new BcRSAContentSignerBuilder(find, find2);
        addCertificateExtension(jcaX509v3CertificateBuilder, Extension.keyUsage, true, new KeyUsage(2 | 16 | 32768 | 128 | 1 | 8 | 32 | 64));
        addCertificateExtension(jcaX509v3CertificateBuilder, Extension.basicConstraints, true, new BasicConstraints(false));
        addCertificateExtension(jcaX509v3CertificateBuilder, Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
        try {
            return jcaX509v3CertificateBuilder.build(bcECContentSignerBuilder.build(eCPrivateKeyParameters));
        } catch (OperatorCreationException e2) {
            throw new IllegalStateException("Signer could not been created for the key", e2);
        }
    }

    private static void addCertificateExtension(X509v3CertificateBuilder x509v3CertificateBuilder, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z, ASN1Encodable aSN1Encodable) {
        try {
            x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier, z, aSN1Encodable);
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public static String getBase64Digest(String str, SignAlgorithmType signAlgorithmType) {
        return Base64Util.getBase64EncodedString(getDigest(str.getBytes(), signAlgorithmType));
    }

    public static byte[] getDigest(byte[] bArr, SignAlgorithmType signAlgorithmType) {
        ExtendedDigest fillDigest = fillDigest(signAlgorithmType);
        fillDigest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[fillDigest.getDigestSize()];
        fillDigest.doFinal(bArr2, 0);
        return bArr2;
    }

    public static byte[] getFileDigest(byte[] bArr, SignAlgorithmType signAlgorithmType) {
        String algorithmName = fillDigest(signAlgorithmType).getAlgorithmName();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(algorithmName);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Cryptoprovider does not support algorithm '" + algorithmName + "'", e);
        }
    }

    public static byte[] getDigest(InputStream inputStream, SignAlgorithmType signAlgorithmType) throws IOException {
        ExtendedDigest fillDigest = fillDigest(signAlgorithmType);
        try {
            byte[] bArr = new byte[BUFFER_SIZE];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    byte[] bArr2 = new byte[fillDigest.getDigestSize()];
                    fillDigest.doFinal(bArr2, 0);
                    inputStream.close();
                    return bArr2;
                }
                fillDigest.update(bArr, 0, read);
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public static byte[] getCMSSignature(byte[] bArr, PrivateKey privateKey, X509Certificate x509Certificate) throws GeneralSecurityException, IOException, CMSException, OperatorCreationException {
        ArrayList arrayList = new ArrayList();
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        arrayList.add(x509Certificate);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(CRYPTO_PROVIDER_NAME).build()).build(new JcaContentSignerBuilder(getSignatureAlgorithmName(x509Certificate, privateKey)).setProvider(CRYPTO_PROVIDER_NAME).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return cMSSignedDataGenerator.generate(cMSProcessableByteArray, false).getEncoded();
    }

    private static String getSignatureAlgorithmName(X509Certificate x509Certificate, PrivateKey privateKey) {
        return ((privateKey instanceof BCECGOST3410_2012PrivateKey) && ((BCECGOST3410_2012PrivateKey) privateKey).getParams().getOrder().bitLength() == 512) ? SignAlgorithmType.ECGOST3410_2012_512.getSignatureAlgorithmName() : x509Certificate.getSigAlgName();
    }

    public static byte[] getSignature(byte[] bArr, PrivateKey privateKey, SignAlgorithmType signAlgorithmType) throws GeneralSecurityException {
        Signature signatureInstance = getSignatureInstance(signAlgorithmType);
        signatureInstance.initSign(privateKey);
        signatureInstance.update(bArr);
        return signatureInstance.sign();
    }

    public static String getBase64Signature(String str, String str2, SignAlgorithmType signAlgorithmType) throws GeneralSecurityException {
        return Base64Util.getBase64EncodedString(getSignature(str.getBytes(), CryptoFormatConverter.getInstance().getPKFromPEMEncoded(signAlgorithmType, str2), signAlgorithmType));
    }

    public static String getThumbPrint(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(x509Certificate.getEncoded());
        return hexify(messageDigest.digest());
    }

    private static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    private static ExtendedDigest fillDigest(SignAlgorithmType signAlgorithmType) {
        switch (AnonymousClass1.$SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[signAlgorithmType.ordinal()]) {
            case 1:
                return new GOST3411Digest();
            case 2:
                return new GOST3411_2012_256Digest();
            case XMLCipher.WRAP_MODE /* 3 */:
                return new GOST3411_2012_512Digest();
            default:
                throw new IllegalArgumentException("Unsupported Digest Algorithm: " + signAlgorithmType);
        }
    }

    public static Signature getSignatureInstance(SignAlgorithmType signAlgorithmType) throws GeneralSecurityException {
        return Signature.getInstance(signAlgorithmType.getSignatureAlgorithmName(), CRYPTO_PROVIDER_NAME);
    }
}
