package com.nitrodesk.crypto.ew.impl;

import com.echoworx.edt.common.ErrorCodes;
import com.echoworx.edt.common.pki.EDTCertificate;
import com.echoworx.edt.common.pki.EDTKeyPair;
import com.echoworx.edt.common.pki.EDTPKIException;
import com.echoworx.edt.common.pki.EDTPrivateKey;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.pki.PKCS12Container;
import com.echoworx.edt.common.pki.PKCS7Container;
import com.echoworx.edt.common.registry.CryptographyFacade;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.common.registry.PKIFacade;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.internal.common.ValidationUtils;
import com.nitrodesk.crypto.ew.impl.bouncycastle.BouncyCastleX509Certificate;
import com.nitrodesk.crypto.ew.impl.jca.JCAKey;
import com.nitrodesk.crypto.ew.impl.jca.JCAPKCS12Container;
import com.nitrodesk.crypto.ew.impl.jca.JCAPKCS7Container;
import com.nitrodesk.crypto.ew.util.TypeHelper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.ndbouncycastle.asn1.ASN1Set;
import org.ndbouncycastle.asn1.DEREncodable;
import org.ndbouncycastle.asn1.x509.KeyUsage;
import org.ndbouncycastle.asn1.x509.X509Extensions;
import org.ndbouncycastle.cms.CMSEnvelopedData;
import org.ndbouncycastle.cms.CMSEnvelopedDataGenerator;
import org.ndbouncycastle.cms.CMSProcessable;
import org.ndbouncycastle.cms.CMSProcessableByteArray;
import org.ndbouncycastle.cms.CMSSignedDataGenerator;
import org.ndbouncycastle.jce.PKCS10CertificationRequest;
import org.ndbouncycastle.jce.X509Principal;
import org.ndbouncycastle.jce.provider.BouncyCastleProvider;
import org.ndbouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes.dex */
public class BouncyCastlePKIFacade implements PKIFacade {
    public static final String ALGORITHM_RSA = "RSA";
    public static final String SIGNATURE_SHA1_WITH_RSA = "SHA1WithRSAEncryption";
    protected static LoggingFacade logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(BouncyCastleCryptographyFacade.class);
    protected CryptographyFacade encryption_helper;

    public BouncyCastlePKIFacade() {
        new BouncyCastleCryptographyFacade();
        this.encryption_helper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
        HandlerRegistry.setHandler(this);
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public byte[] encryptPKCS7(byte[] bArr, EDTCertificate[] eDTCertificateArr) throws EDTPKIException {
        if (bArr == null || bArr.length == 0) {
            return new byte[0];
        }
        if (eDTCertificateArr == null || eDTCertificateArr.length == 0) {
            throw new EDTPKIException(ErrorCodes.INVALID_CERTIFICATE);
        }
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        byte[] bArr2 = (byte[]) null;
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        for (EDTCertificate eDTCertificate : eDTCertificateArr) {
            cMSEnvelopedDataGenerator.addKeyTransRecipient(TypeHelper.castCertificateObject(eDTCertificate));
        }
        try {
            CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, CMSEnvelopedDataGenerator.DES_EDE3_CBC, BouncyCastleProvider.PROVIDER_NAME);
            if (generate == null) {
                return bArr2;
            }
            try {
                return generate.getEncoded();
            } catch (IOException e) {
                throw new EDTPKIException(ErrorCodes.INVALID_BYTE_REPRESENTATION, e);
            }
        } catch (Exception e2) {
            throw new EDTPKIException(ErrorCodes.CANNOT_CREATE_PKCS7, e2);
        }
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public EDTKeyPair generateRSAKeyPair(int i) throws EDTPKIException {
        if (i != 1024 && i != 2048) {
            EDTPKIException eDTPKIException = new EDTPKIException(ErrorCodes.getErrorString(ErrorCodes.INVALID_KEY_SIZE, new StringBuilder().append(i).toString()));
            eDTPKIException.setErrorCode(ErrorCodes.INVALID_KEY_SIZE);
            throw eDTPKIException;
        }
        logger.debug("Generating Key Pair for RSA " + i);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA);
            keyPairGenerator.initialize(i, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return new EDTKeyPair(generateKeyPair.getPublic().getEncoded(), generateKeyPair.getPrivate().getEncoded());
        } catch (NoSuchAlgorithmException e) {
            throw new EDTPKIException(ErrorCodes.MISSING_RSA_ALGORITHM, e);
        }
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public EDTX509Certificate generateSHA1SignedCertificate(String str, String str2, EDTKeyPair eDTKeyPair, EDTPrivateKey eDTPrivateKey) {
        if (ValidationUtils.isEmptyString(str)) {
            throw new EDTPKIException(ErrorCodes.INVALID_COMMON_NAME);
        }
        if (ValidationUtils.isEmptyString(str2)) {
            throw new EDTPKIException(ErrorCodes.INVALID_ISSUER);
        }
        if (eDTKeyPair == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_KEY);
        }
        if (eDTKeyPair.getPublicKey() == null || eDTKeyPair.getPublicKey().length == 0) {
            throw new EDTPKIException(ErrorCodes.INVALID_PUBLIC_KEY);
        }
        if (eDTPrivateKey == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_PRIVATE_KEY);
        }
        if (!(eDTPrivateKey instanceof JCAKey)) {
            throw new EDTPKIException("Signing key is not of valid type (JCAKey).");
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal(str2));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 259200000));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 25920000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal(str));
        x509V3CertificateGenerator.setPublicKey((PublicKey) JCAKey.loadFromPKCS8(eDTKeyPair.getPublicKey(), 1).getKey());
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, (DEREncodable) new KeyUsage(20));
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGNATURE_SHA1_WITH_RSA);
        try {
            X509Certificate generate = x509V3CertificateGenerator.generate((PrivateKey) ((JCAKey) eDTPrivateKey).getKey(), BouncyCastleProvider.PROVIDER_NAME);
            generate.checkValidity(new Date());
            return new BouncyCastleX509Certificate(generate);
        } catch (Exception e) {
            throw new EDTPKIException(ErrorCodes.CERTIFICATE_GENERATION_FAIL, e);
        }
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public byte[] generateSHA1SignedCertificateRequest(String str, EDTKeyPair eDTKeyPair) {
        if (ValidationUtils.isEmptyString(str)) {
            throw new EDTPKIException(ErrorCodes.INVALID_COMMON_NAME);
        }
        if (eDTKeyPair == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_KEY);
        }
        if (eDTKeyPair.getPublicKey() == null || eDTKeyPair.getPublicKey().length == 0) {
            throw new EDTPKIException(ErrorCodes.INVALID_PUBLIC_KEY);
        }
        if (eDTKeyPair.getPrivateKey() == null || eDTKeyPair.getPrivateKey().length == 0) {
            throw new EDTPKIException(ErrorCodes.INVALID_PRIVATE_KEY);
        }
        try {
            return new PKCS10CertificationRequest(SIGNATURE_SHA1_WITH_RSA, new X500Principal(str), (PublicKey) JCAKey.loadFromPKCS8(eDTKeyPair.getPublicKey(), 1).getKey(), (ASN1Set) null, (PrivateKey) JCAKey.loadFromPKCS8(eDTKeyPair.getPrivateKey(), 0).getKey()).getDEREncoded();
        } catch (Exception e) {
            throw new EDTPKIException(ErrorCodes.CSR_FAIL, e);
        }
    }

    @Override // com.echoworx.edt.common.registry.Handler
    public HandlerType getType() {
        return TYPE;
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public EDTX509Certificate loadASN1EncodedCertificate(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            return new BouncyCastleX509Certificate((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)));
        } catch (CertificateException e) {
            throw new EDTPKIException(ErrorCodes.CANNOT_LOAD_CERTIFICATE);
        }
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public PKCS7Container loadASN1EncodedPKCS7(byte[] bArr) {
        return JCAPKCS7Container.load(bArr);
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public PKCS12Container loadPKCS12Container(byte[] bArr, Password password) {
        return JCAPKCS12Container.load(bArr, password);
    }

    @Override // com.echoworx.edt.common.registry.Handler
    public void notifyHandlersChanged() {
        this.encryption_helper = (CryptographyFacade) HandlerRegistry.getHandler(HandlerType.CRYPTOGRAPHY_FACADE);
        logger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(BouncyCastleCryptographyFacade.class);
    }

    @Override // com.echoworx.edt.common.registry.PKIFacade
    public byte[] signPKCS7(byte[] bArr, EDTPrivateKey eDTPrivateKey, EDTCertificate eDTCertificate, EDTX509Certificate[] eDTX509CertificateArr) {
        if (bArr == null || bArr.length == 0) {
            return new byte[0];
        }
        if (eDTCertificate == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_CERTIFICATE);
        }
        ArrayList arrayList = new ArrayList();
        if (eDTX509CertificateArr != null) {
            for (EDTX509Certificate eDTX509Certificate : eDTX509CertificateArr) {
                arrayList.add(((BouncyCastleX509Certificate) eDTX509Certificate).getCertificate());
            }
        }
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        if (eDTPrivateKey == null) {
            throw new EDTPKIException(ErrorCodes.INVALID_PRIVATE_KEY);
        }
        if (!(eDTPrivateKey instanceof JCAKey)) {
            throw new EDTPKIException("Key is not of valid type (JCAKey).");
        }
        cMSSignedDataGenerator.addSigner((PrivateKey) ((JCAKey) eDTPrivateKey).getKey(), TypeHelper.castCertificateObject(eDTCertificate), CMSSignedDataGenerator.DIGEST_SHA1);
        try {
            cMSSignedDataGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), BouncyCastleProvider.PROVIDER_NAME));
            try {
                try {
                    return cMSSignedDataGenerator.generate((CMSProcessable) cMSProcessableByteArray, true, BouncyCastleProvider.PROVIDER_NAME).getEncoded();
                } catch (IOException e) {
                    throw new EDTPKIException(ErrorCodes.INVALID_BYTE_REPRESENTATION, e);
                }
            } catch (Exception e2) {
                throw new EDTPKIException(ErrorCodes.SIGN_FAIL, e2);
            }
        } catch (Exception e3) {
            throw new EDTPKIException(ErrorCodes.SIGN_FAIL, e3);
        }
    }
}
