package at.atrust.mobsig.library.util;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.pkcs.Attribute;
import org.spongycastle.asn1.pkcs.CertificationRequestInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: classes.dex */
public class CsrUtil {
    private static final String KEY_ALGO_EC = "EC";
    private static final String KEY_ALGO_RSA = "RSA";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CsrUtil.class);
    private static final String SIGNATURE_ALGORITHM_SHA256_WITH_ECDSA = "SHA256withECDSA";
    private static final String SIGNATURE_ALGORITHM_SHA256_WITH_RSA = "SHA256withRSA";
    private static final String SUBJECT_PATTERN = "CN=%s, O=Aralink, OU=OrgUnit";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class JCESigner implements ContentSigner {
        private static Map<String, AlgorithmIdentifier> ALGOS = new HashMap();
        private String mAlgo;
        private ByteArrayOutputStream outputStream;
        private Signature signature;

        static {
            ALGOS.put(CsrUtil.SIGNATURE_ALGORITHM_SHA256_WITH_RSA.toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11")));
            ALGOS.put(CsrUtil.SIGNATURE_ALGORITHM_SHA256_WITH_ECDSA.toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.10045.4.3.2")));
        }

        JCESigner(PrivateKey privateKey, String str) {
            this.mAlgo = str.toLowerCase();
            try {
                this.outputStream = new ByteArrayOutputStream();
                this.signature = Signature.getInstance(str);
                this.signature.initSign(privateKey);
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        }

        @Override // org.spongycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            AlgorithmIdentifier algorithmIdentifier = ALGOS.get(this.mAlgo);
            if (algorithmIdentifier != null) {
                return algorithmIdentifier;
            }
            throw new IllegalArgumentException("Does not support algo: " + this.mAlgo);
        }

        @Override // org.spongycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.outputStream;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                this.signature.update(this.outputStream.toByteArray());
                return this.signature.sign();
            } catch (GeneralSecurityException e) {
                CsrUtil.LOGGER.error(e.getMessage(), (Throwable) e);
                return null;
            }
        }
    }

    public static PKCS10CertificationRequest generateCSR(PrivateKey privateKey, PublicKey publicKey, String str) {
        try {
            String format = String.format(SUBJECT_PATTERN, str);
            String algorithm = privateKey.getAlgorithm();
            JCESigner jCESigner = algorithm.equals("RSA") ? new JCESigner(privateKey, SIGNATURE_ALGORITHM_SHA256_WITH_RSA) : algorithm.equals("EC") ? new JCESigner(privateKey, SIGNATURE_ALGORITHM_SHA256_WITH_ECDSA) : null;
            if (jCESigner != null) {
                JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(format), publicKey);
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
                return jcaPKCS10CertificationRequestBuilder.build(jCESigner);
            }
            LOGGER.error("Can't generate signer for algorithm " + algorithm);
            return null;
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public static byte[] getDataToSign(PublicKey publicKey, String str) {
        try {
            X500Name x500Name = new X500Name(String.format(SUBJECT_PATTERN, str));
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensionsGenerator.generate())));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(Attribute.getInstance(it.next()));
            }
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(x500Name, subjectPublicKeyInfo, new DERSet(aSN1EncodableVector));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(certificationRequestInfo.getEncoded("DER"));
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException unused) {
            throw new IllegalStateException("cannot produce certification request signature");
        }
    }

    public static CertificationRequestInfo getRequestInfo(PublicKey publicKey, String str) {
        try {
            X500Name x500Name = new X500Name(String.format(SUBJECT_PATTERN, str));
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensionsGenerator.generate())));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(Attribute.getInstance(it.next()));
            }
            return new CertificationRequestInfo(x500Name, subjectPublicKeyInfo, new DERSet(aSN1EncodableVector));
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public static Signature prepareSignature(PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException {
        String algorithm = privateKey.getAlgorithm();
        if (algorithm.equals("RSA")) {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM_SHA256_WITH_RSA);
            signature.initSign(privateKey);
            return signature;
        }
        if (!algorithm.equals("EC")) {
            return null;
        }
        Signature signature2 = Signature.getInstance(SIGNATURE_ALGORITHM_SHA256_WITH_ECDSA);
        signature2.initSign(privateKey);
        return signature2;
    }
}
