package io.jans.as.model.crypto.signature;

import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.KeyFactory;
import io.jans.util.security.SecurityProviderUtility;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Date;
import java.util.GregorianCalendar;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey;
import org.bouncycastle.jcajce.spec.EdDSAParameterSpec;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:io/jans/as/model/crypto/signature/EDDSAKeyFactory.class */
public class EDDSAKeyFactory extends KeyFactory<EDDSAPrivateKey, EDDSAPublicKey> {
    protected static final byte[] Ed448Prefix = Hex.decode("3043300506032b6571033a00");
    protected static final byte[] Ed25519Prefix = Hex.decode("302a300506032b6570032100");
    private final SignatureAlgorithm signatureAlgorithm;
    private final KeyPair keyPair;
    private final EDDSAPrivateKey eddsaPrivateKey;
    private final EDDSAPublicKey eddsaPublicKey;
    private Certificate certificate;

    public EDDSAKeyFactory(SignatureAlgorithm signatureAlgorithm, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, OperatorCreationException, CertificateException {
        if (signatureAlgorithm == null) {
            throw new InvalidParameterException("The signature algorithm cannot be null");
        }
        if (!AlgorithmFamily.ED.equals(signatureAlgorithm.getFamily())) {
            throw new InvalidParameterException("Wrong value of the family of the SignatureAlgorithm");
        }
        if (!SecurityProviderUtility.isBcProvMode()) {
            throw new InvalidParameterException("Wrong CryptoProvider Mode. EdDSA can be used, when BCPROV mode is initialized");
        }
        this.signatureAlgorithm = signatureAlgorithm;
        AlgorithmParameterSpec edDSAParameterSpec = new EdDSAParameterSpec(signatureAlgorithm.getCurve().getName());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signatureAlgorithm.getName(), SecurityProviderUtility.getBCProvider());
        keyPairGenerator.initialize(edDSAParameterSpec, new SecureRandom());
        this.keyPair = keyPairGenerator.generateKeyPair();
        BCEdDSAPrivateKey bCEdDSAPrivateKey = this.keyPair.getPrivate();
        BCEdDSAPublicKey bCEdDSAPublicKey = this.keyPair.getPublic();
        byte[] encoded = bCEdDSAPrivateKey.getEncoded();
        byte[] encoded2 = bCEdDSAPublicKey.getEncoded();
        this.eddsaPrivateKey = new EDDSAPrivateKey(signatureAlgorithm, encoded, encoded2);
        this.eddsaPublicKey = new EDDSAPublicKey(signatureAlgorithm, encoded2);
        if (StringUtils.isNotBlank(str)) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 1);
            BigInteger bigInteger = new BigInteger(1024, new SecureRandom());
            X500Name x500Name = new X500Name(str);
            this.certificate = new Certificate(signatureAlgorithm, new JcaX509CertificateConverter().setProvider(SecurityProviderUtility.getBCProvider()).getCertificate(new JcaX509v1CertificateBuilder(x500Name, bigInteger, gregorianCalendar.getTime(), gregorianCalendar2.getTime(), x500Name, bCEdDSAPublicKey).build(new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithm()).setProvider(SecurityProviderUtility.getBCProvider()).build(this.keyPair.getPrivate()))));
        }
    }

    @Override // io.jans.as.model.crypto.KeyFactory
    public Certificate generateV3Certificate(Date date, Date date2, String str) throws SignatureException {
        if (!SecurityProviderUtility.isBcProvMode()) {
            throw new InvalidParameterException("Wrong CryptoProvider Mode. EdDSA can be used, when BCPROV mode is initialized");
        }
        try {
            BCEdDSAPublicKey bCEdDSAPublicKey = this.keyPair.getPublic();
            BigInteger bigInteger = new BigInteger(1024, new SecureRandom());
            X500Name x500Name = new X500Name(str);
            return new Certificate(this.signatureAlgorithm, new JcaX509CertificateConverter().setProvider(SecurityProviderUtility.getBCProvider()).getCertificate(new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, bCEdDSAPublicKey).build(new JcaContentSignerBuilder(this.signatureAlgorithm.getAlgorithm()).setProvider(SecurityProviderUtility.getBCProvider()).build(this.keyPair.getPrivate()))));
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.jans.as.model.crypto.KeyFactory
    public EDDSAPrivateKey getPrivateKey() {
        return this.eddsaPrivateKey;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.jans.as.model.crypto.KeyFactory
    public EDDSAPublicKey getPublicKey() {
        return this.eddsaPublicKey;
    }

    @Override // io.jans.as.model.crypto.KeyFactory
    public Certificate getCertificate() {
        return this.certificate;
    }

    public static EDDSAPublicKey createEDDSAPublicKeyFromDecodedKey(SignatureAlgorithm signatureAlgorithm, byte[] bArr) throws SignatureException {
        if (SecurityProviderUtility.isBcProvMode()) {
            return new EDDSAPublicKey(signatureAlgorithm, getEncodedPubKey(signatureAlgorithm, bArr));
        }
        throw new InvalidParameterException("Wrong CryptoProvider Mode. EdDSA can be used, when BCPROV mode is initialized");
    }

    public static EDDSAPrivateKey createEDDSAPrivateKeyFromDecodedKey(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) throws SignatureException, IOException {
        if (!SecurityProviderUtility.isBcProvMode()) {
            throw new InvalidParameterException("Wrong CryptoProvider Mode. EdDSA can be used, when BCPROV mode is initialized");
        }
        return new EDDSAPrivateKey(signatureAlgorithm, PrivateKeyInfoFactory.createPrivateKeyInfo(new Ed25519PrivateKeyParameters(bArr), (ASN1Set) null).getEncoded(), getEncodedPubKey(signatureAlgorithm, bArr2));
    }

    private static byte[] getEncodedPubKey(SignatureAlgorithm signatureAlgorithm, byte[] bArr) throws SignatureException {
        if (!SecurityProviderUtility.isBcProvMode()) {
            throw new InvalidParameterException("Wrong CryptoProvider Mode. EdDSA can be used, when BCPROV mode is initialized");
        }
        if (signatureAlgorithm != SignatureAlgorithm.EDDSA) {
            throw new SignatureException(String.format("Wrong type of the signature algorithm (SignatureAlgorithm): %s", signatureAlgorithm.toString()));
        }
        byte[] bArr2 = new byte[Ed25519Prefix.length + 32];
        System.arraycopy(Ed25519Prefix, 0, bArr2, 0, Ed25519Prefix.length);
        System.arraycopy(bArr, 0, bArr2, Ed25519Prefix.length, bArr.length);
        return bArr2;
    }
}
