package wd;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.signers.AOSignConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.security.auth.x500.X500Principal;
import okhttp3.HttpUrl;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;

/* loaded from: classes.dex */
public final class f {

    /* renamed from: a, reason: collision with root package name */
    public static final Logger f25034a = Logger.getLogger(f.class.getName());

    /* renamed from: b, reason: collision with root package name */
    public static final CertificateFactory f25035b;

    /* renamed from: c, reason: collision with root package name */
    public static final HashMap f25036c;

    static {
        try {
            f25035b = CertificateFactory.getInstance("X.509");
            HashMap hashMap = new HashMap(6);
            f25036c = hashMap;
            hashMap.put(AOSignConstants.SIGN_ALGORITHM_SHA256WITHECDSA, "1.2.840.10045.4.3.2");
            hashMap.put("RSASSA-PSS", "1.2.840.113549.1.1.10");
            hashMap.put("SHA256withRSA/PSS", "1.2.840.113549.1.1.10");
            hashMap.put("SHA256WITHRSA/PSS", "1.2.840.113549.1.1.10");
            hashMap.put("SHA256withRSASSA-PSS", "1.2.840.113549.1.1.10");
            hashMap.put(AOSignConstants.SIGN_ALGORITHM_SHA256WITHRSA, "1.2.840.113549.1.1.11");
        } catch (CertificateException e10) {
            throw new IllegalStateException("Error obteniendo la factoria de certificados", e10);
        }
    }

    public static boolean a(PrivateKey privateKey, PublicKey publicKey) {
        if (publicKey == null || privateKey == null || !(publicKey instanceof RSAPublicKey) || !(privateKey instanceof RSAPrivateKey)) {
            return false;
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
        if (!rSAPublicKey.getModulus().equals(rSAPrivateKey.getModulus())) {
            return false;
        }
        BigInteger valueOf = BigInteger.valueOf(2L);
        BigInteger multiply = rSAPublicKey.getPublicExponent().multiply(rSAPrivateKey.getPrivateExponent());
        BigInteger bigInteger = BigInteger.ONE;
        return valueOf.modPow(multiply.subtract(bigInteger), rSAPublicKey.getModulus()).equals(bigInteger);
    }

    public static PrivateKey b(byte[] bArr, char[] cArr, String str) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) {
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        Security.addProvider(new BouncyCastleProvider());
        if (str == null) {
            str = "PBEWithSHA1AndDESede";
        }
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new EncryptedPrivateKeyInfo(bArr).getKeySpec(SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr))));
        } catch (NoSuchAlgorithmException e10) {
            if (str.equals("PBEWithSHA1AndDESede")) {
                return b(bArr, cArr, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
            }
            throw e10;
        }
    }

    public static X509Certificate[] c(byte[] bArr) throws CertificateException {
        try {
            return g(bArr);
        } catch (IOException e10) {
            f25034a.warning(androidx.activity.f.d("No se ha recibido un SignedData de PKCS#7, se intentara directamente con un X.509: ", e10));
            return new X509Certificate[]{(X509Certificate) f25035b.generateCertificate(new ByteArrayInputStream(bArr))};
        }
    }

    public static byte[] d(KeyPair keyPair) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException {
        String str;
        PublicKey publicKey = keyPair.getPublic();
        boolean z10 = publicKey instanceof RSAPublicKey;
        Logger logger = f25034a;
        if (z10) {
            logger.warning("Puede ser necesario indicar un proveedor para una seleccion mas precisa de algoritmo de firma");
            ((RSAPublicKey) publicKey).getModulus().bitLength();
            logger.info("Se va a crear un firmador con el algoritmo SHA256withRSA" + HttpUrl.FRAGMENT_ENCODE_SET);
            str = AOSignConstants.SIGN_ALGORITHM_SHA256WITHRSA;
        } else {
            if (!(publicKey instanceof ECPublicKey)) {
                throw new IllegalArgumentException("Algoritmo de clave no soportado: " + publicKey.getAlgorithm());
            }
            logger.info("Se va a crear un firmador con el algoritmo SHA256withECDSA" + HttpUrl.FRAGMENT_ENCODE_SET);
            str = AOSignConstants.SIGN_ALGORITHM_SHA256WITHECDSA;
        }
        return new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=foo.bar.com"), keyPair.getPublic()).build(new e(Signature.getInstance(str), keyPair)).getEncoded();
    }

    public static byte[] e(KeyStore.PrivateKeyEntry privateKeyEntry, char[] cArr) throws IOException, NoSuchAlgorithmException {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) {
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        Security.addProvider(new BouncyCastleProvider());
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        if (certificateChain.length < 1) {
            throw new IllegalArgumentException("La cadena de certificados debe tener al menos un elemento");
        }
        PKCS12SafeBag[] pKCS12SafeBagArr = new PKCS12SafeBag[certificateChain.length];
        SubjectKeyIdentifier createSubjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(privateKeyEntry.getCertificate().getPublicKey());
        String str = i((X509Certificate) privateKeyEntry.getCertificate()) + "_SDC_" + "1.2.18".replace(".", "_") + "_A";
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate) privateKeyEntry.getCertificate());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCS12SafeBag.friendlyNameAttribute;
        jcaPKCS12SafeBagBuilder.addBagAttribute(aSN1ObjectIdentifier, new DERBMPString(str));
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = PKCS12SafeBag.localKeyIdAttribute;
        jcaPKCS12SafeBagBuilder.addBagAttribute(aSN1ObjectIdentifier2, createSubjectKeyIdentifier);
        pKCS12SafeBagArr[0] = jcaPKCS12SafeBagBuilder.build();
        try {
            JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder2 = new JcaPKCS12SafeBagBuilder(privateKeyEntry.getPrivateKey(), new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, CBCBlockCipher.newInstance(new DESedeEngine())).build(cArr));
            jcaPKCS12SafeBagBuilder2.addBagAttribute(aSN1ObjectIdentifier, new DERBMPString(str));
            jcaPKCS12SafeBagBuilder2.addBagAttribute(aSN1ObjectIdentifier2, createSubjectKeyIdentifier);
            try {
                OutputEncryptor build = new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, CBCBlockCipher.newInstance(new RC2Engine())).build(cArr);
                if (certificateChain.length > 1) {
                    for (int length = certificateChain.length - 1; length > 0; length--) {
                        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder3 = new JcaPKCS12SafeBagBuilder((X509Certificate) certificateChain[length]);
                        jcaPKCS12SafeBagBuilder3.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(i((X509Certificate) certificateChain[length])));
                        pKCS12SafeBagArr[length] = jcaPKCS12SafeBagBuilder3.build();
                    }
                }
                PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
                pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder2.build());
                pKCS12PfxPduBuilder.addEncryptedData(build, pKCS12SafeBagArr);
                try {
                    return pKCS12PfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), cArr).getEncoded(ASN1Encoding.DL);
                } catch (PKCSException e10) {
                    throw new IOException(e10);
                }
            } catch (Exception e11) {
                throw new IOException(e11);
            }
        } catch (Exception e12) {
            throw new IOException(e12);
        }
    }

    public static byte[] f(PrivateKey privateKey, char[] cArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidParameterSpecException, IOException, NoSuchProviderException {
        Cipher cipher;
        SecretKeyFactory secretKeyFactory;
        Logger logger = f25034a;
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) {
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        }
        Security.addProvider(new BouncyCastleProvider());
        if (str == null) {
            str = "PBEWithSHA1AndDESede";
        }
        try {
            byte[] bArr = new byte[8];
            new SecureRandom().nextBytes(bArr);
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 20);
            try {
                cipher = Cipher.getInstance(str);
                logger.info("Proveedor usado para el cifrado pkcs8: " + cipher.getProvider().getName());
            } catch (Exception e10) {
                e10.printStackTrace();
                logger.info("No se soporta el algoritmo de cifrado 'PBEWithSHA1AndDESede', se prueba con el nombre alternativo de 'PBEWITHSHAAND3-KEYTRIPLEDES-CBC': " + e10);
                cipher = Cipher.getInstance("PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                logger.info("Proveedor usado para el cifrado pkcs8: " + cipher.getProvider().getName());
            }
            try {
                secretKeyFactory = SecretKeyFactory.getInstance("PBEWithSHA1AndDESede", BouncyCastleProvider.PROVIDER_NAME);
                logger.info("Proveedor usado para la factoria de claves pkcs8: " + secretKeyFactory.getProvider().getName());
            } catch (Exception e11) {
                e11.printStackTrace();
                logger.info("No se soporta el algoritmo de factoria de claves 'PBEWithSHA1AndDESede', se prueba con el nombre alternativo de 'PBEWITHSHAAND3-KEYTRIPLEDES-CBC': " + e11);
                secretKeyFactory = SecretKeyFactory.getInstance("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", BouncyCastleProvider.PROVIDER_NAME);
                logger.info("Proveedor usado para la factoria de claves pkcs8: " + secretKeyFactory.getProvider().getName());
            }
            cipher.init(1, secretKeyFactory.generateSecret(new PBEKeySpec(cArr)), pBEParameterSpec);
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str);
            algorithmParameters.init(pBEParameterSpec);
            return new EncryptedPrivateKeyInfo(algorithmParameters, cipher.doFinal(privateKey.getEncoded())).getEncoded();
        } catch (Exception e12) {
            if (str.equals("PBEWithSHA1AndDESede")) {
                logger.info("No ha funcionado el algoritmo PBEWithSHA1AndDESede Intentamos con PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                return f(privateKey, cArr, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
            }
            logger.info("No ha funcionado el algoritmo PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
            throw e12;
        }
    }

    public static X509Certificate[] g(byte[] bArr) throws IOException, CertificateException {
        try {
            ArrayList arrayList = new ArrayList(new CMSSignedData(bArr).getCertificates().getMatches(null));
            ArrayList arrayList2 = new ArrayList(arrayList.size());
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                arrayList2.add(new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) it.next()));
            }
            return (X509Certificate[]) arrayList2.toArray(new X509Certificate[arrayList2.size()]);
        } catch (CMSException e10) {
            throw new IOException("La estructura proporcionada no es un SignedData de CMS", e10);
        }
    }

    public static X509Certificate h(InputStream inputStream) throws CertificateException {
        return (X509Certificate) f25035b.generateCertificate(inputStream);
    }

    public static String i(X509Certificate x509Certificate) {
        String cn = AOUtil.getCN(x509Certificate.getSubjectX500Principal().toString());
        return cn != null ? cn.replace(" ", "_").replace("-", "_").replace("(", "_").replace(")", "_").replace(",", "_").replace("á", "a").replace("é", "e").replace("í", "i").replace("ó", "o").replace("ú", "u").replace("Á", "A").replace("É", "E").replace("Í", "I").replace("Ó", "O").replace("Ú", "U").replace("ç", "c").replace("Ç", "C").replace("ñ", "n").replace("Ñ", "N").replace("û", "u").replace("Û", "U").replace("à", "a").replace("è", "e").replace("ì", "i").replace("ò", "o").replace("ù", "u").replace("À", "A").replace("È", "E").replace("Ì", "I").replace("Ò", "O").replace("Ù", "U").replace("ä", "a").replace("ë", "e").replace("ï", "i").replace("ö", "o").replace("ü", "u").replace("Ä", "A").replace("Ë", "E").replace("Ï", "I").replace("Ö", "O").replace("Ü", "U") : UUID.randomUUID().toString();
    }
}
