package io.jans.as.model.crypto.signature;

import io.jans.as.model.crypto.Certificate;
import io.jans.as.model.crypto.KeyFactory;
import io.jans.util.security.SecurityProviderUtility;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Date;
import java.util.GregorianCalendar;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:io/jans/as/model/crypto/signature/ECDSAKeyFactory.class */
public class ECDSAKeyFactory extends KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> {
    private final SignatureAlgorithm signatureAlgorithm;
    private final KeyPair keyPair;
    private final ECDSAPrivateKey ecdsaPrivateKey;
    private final ECDSAPublicKey ecdsaPublicKey;
    private Certificate certificate;

    public ECDSAKeyFactory(SignatureAlgorithm signatureAlgorithm, String str) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidAlgorithmParameterException, OperatorCreationException, CertificateException, CertIOException {
        if (signatureAlgorithm == null) {
            throw new InvalidParameterException("The signature algorithm cannot be null");
        }
        this.signatureAlgorithm = signatureAlgorithm;
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC", SecurityProviderUtility.getBCProvider());
        algorithmParameters.init(new ECGenParameterSpec(signatureAlgorithm.getCurve().getName()));
        ECParameterSpec eCParameterSpec = (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", SecurityProviderUtility.getBCProvider());
        keyPairGenerator.initialize(eCParameterSpec, new SecureRandom());
        this.keyPair = keyPairGenerator.generateKeyPair();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) this.keyPair.getPrivate();
        ECPublicKey eCPublicKey = (ECPublicKey) this.keyPair.getPublic();
        BigInteger affineX = eCPublicKey.getW().getAffineX();
        BigInteger affineY = eCPublicKey.getW().getAffineY();
        this.ecdsaPrivateKey = new ECDSAPrivateKey(signatureAlgorithm, eCPrivateKey.getS());
        this.ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, affineX, affineY);
        if (StringUtils.isNotBlank(str)) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 1);
            this.certificate = generateV3Certificate(gregorianCalendar.getTime(), gregorianCalendar2.getTime(), str);
        }
    }

    @Override // io.jans.as.model.crypto.KeyFactory
    public Certificate generateV3Certificate(Date date, Date date2, String str) throws OperatorCreationException, CertificateException, CertIOException {
        BigInteger bigInteger = new BigInteger(1024, new SecureRandom());
        X500Name x500Name = new X500Name(str);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, this.keyPair.getPublic());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.37").intern(), false, new DERSequence(aSN1EncodableVector));
        return new Certificate(this.signatureAlgorithm, new JcaX509CertificateConverter().setProvider(SecurityProviderUtility.getBCProviderName()).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.signatureAlgorithm.getAlgorithm()).setProvider(SecurityProviderUtility.getBCProviderName()).build(this.keyPair.getPrivate()))));
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.jans.as.model.crypto.KeyFactory
    public ECDSAPrivateKey getPrivateKey() {
        return this.ecdsaPrivateKey;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // io.jans.as.model.crypto.KeyFactory
    public ECDSAPublicKey getPublicKey() {
        return this.ecdsaPublicKey;
    }

    @Override // io.jans.as.model.crypto.KeyFactory
    public Certificate getCertificate() {
        return this.certificate;
    }
}
