package com.cht.kms.cli;

import com.cht.com.beust.jcommander.JCommander;
import com.cht.com.beust.jcommander.Parameter;
import com.cht.com.beust.jcommander.converters.FileConverter;
import com.cht.kms.client.util.CryptoUtil;
import com.cht.org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import com.cht.org.bouncycastle.util.encoders.Hex;
import com.cht.org.jose4j.keys.AesKey;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Scanner;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/cht/kms/cli/GENSECKEY.class */
public class GENSECKEY {

    @Parameter(names = {"-alias"}, description = "save the key under this alias", required = true)
    private String alias;

    @Parameter(names = {"-keystore"}, description = "the input file from which the keystore is loaded", converter = FileConverter.class, required = true)
    private File ksfile;

    @Parameter(names = {"-storepass"}, description = "connection password", password = true, required = true)
    private String storePass;
    private char[] cstorePass;

    @Parameter(names = {"-component1"}, description = "key component 1")
    private String component1;

    @Parameter(names = {"-component2"}, description = "key component 2")
    private String component2;

    @Parameter(names = {"-help"}, help = true)
    private boolean help;
    private KeyStore store;

    public static void main(String[] strArr) throws Exception {
        GENSECKEY genseckey = new GENSECKEY();
        JCommander jCommander = new JCommander(genseckey, strArr);
        jCommander.setProgramName("GENSECKEY");
        if (genseckey.help) {
            jCommander.usage();
        } else {
            genseckey.run();
        }
    }

    public void run() throws Exception {
        this.cstorePass = this.storePass.toCharArray();
        this.storePass = "";
        this.store = CryptoUtil.loadKeyStoreFromFile(this.ksfile, this.cstorePass, "JCEKS");
        doGenSecretKey();
        Scanner scanner = new Scanner(System.in);
        System.out.print("Save (Y/N)?");
        if (!"Y".equalsIgnoreCase(scanner.next())) {
            System.out.print("Canceled Operation");
            return;
        }
        FileOutputStream fileOutputStream = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.store.store(byteArrayOutputStream, this.cstorePass);
            fileOutputStream = new FileOutputStream(this.ksfile.getAbsolutePath());
            fileOutputStream.write(byteArrayOutputStream.toByteArray());
            System.out.print("Key Generated");
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            scanner.close();
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            scanner.close();
            throw th;
        }
    }

    private void doGenSecretKey() throws Exception {
        SecretKey generateKey;
        if (this.store.containsAlias(this.alias)) {
            throw new Exception("Secret Key not generated, alias <" + this.alias + "> already exists");
        }
        if (this.component1 == null || this.component2 == null) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM);
            keyGenerator.init(256);
            generateKey = keyGenerator.generateKey();
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            byte[] xor = ByteUtils.xor(generateKey.getEncoded(), bArr);
            this.component1 = Hex.toHexString(bArr);
            this.component2 = Hex.toHexString(xor);
        } else {
            generateKey = new SecretKeySpec(ByteUtils.xor(Hex.decode(this.component1), Hex.decode(this.component2)), AesKey.ALGORITHM);
        }
        System.out.println("alias = " + this.alias);
        System.out.println("component1 = " + this.component1);
        System.out.println("component2 = " + this.component2);
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(1, generateKey);
        System.out.println("KCV = " + Hex.toHexString(cipher.doFinal(new byte[16])).substring(0, 6));
        this.store.setEntry(this.alias, new KeyStore.SecretKeyEntry(generateKey), new KeyStore.PasswordProtection(this.cstorePass));
    }
}
