package com.cht.kms.client.pkcs;

import com.cht.org.bouncycastle.asn1.DERBMPString;
import com.cht.org.bouncycastle.asn1.DERNull;
import com.cht.org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.x500.X500NameBuilder;
import com.cht.org.bouncycastle.asn1.x500.style.BCStyle;
import com.cht.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.cht.org.bouncycastle.asn1.x9.X9ECParameters;
import com.cht.org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import com.cht.org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import com.cht.org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
import com.cht.org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import com.cht.org.bouncycastle.crypto.ec.CustomNamedCurves;
import com.cht.org.bouncycastle.crypto.engines.DESedeEngine;
import com.cht.org.bouncycastle.crypto.engines.RC2Engine;
import com.cht.org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import com.cht.org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import com.cht.org.bouncycastle.crypto.modes.CBCBlockCipher;
import com.cht.org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import com.cht.org.bouncycastle.crypto.params.ECNamedDomainParameters;
import com.cht.org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import com.cht.org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import com.cht.org.bouncycastle.operator.ContentSigner;
import com.cht.org.bouncycastle.operator.OperatorCreationException;
import com.cht.org.bouncycastle.operator.bc.BcECContentSignerBuilder;
import com.cht.org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import com.cht.org.bouncycastle.pkcs.PKCS12PfxPdu;
import com.cht.org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import com.cht.org.bouncycastle.pkcs.PKCS12SafeBag;
import com.cht.org.bouncycastle.pkcs.PKCS12SafeBagBuilder;
import com.cht.org.bouncycastle.pkcs.PKCSException;
import com.cht.org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import com.cht.org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import com.cht.org.jose4j.jwx.KeyValidationSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Calendar;
import java.util.Date;

/* loaded from: input_file:com/cht/kms/client/pkcs/PFXBuilder.class */
public class PFXBuilder {
    static final BigInteger defaultPublicExponent = BigInteger.valueOf(65537);
    static final int defaultTests = 112;
    private final AsymmetricCipherKeyPair kp;
    private final ContentSigner signer;
    private BigInteger serial;

    /* loaded from: input_file:com/cht/kms/client/pkcs/PFXBuilder$CKM_EC_KEY_PAIR_GEN.class */
    public static final class CKM_EC_KEY_PAIR_GEN extends ECOidImpl {
        public CKM_EC_KEY_PAIR_GEN() throws OperatorCreationException {
            super("secp256r1", new SecureRandom());
        }

        public CKM_EC_KEY_PAIR_GEN(String str, SecureRandom secureRandom) throws OperatorCreationException {
            super(str, secureRandom);
        }
    }

    /* loaded from: input_file:com/cht/kms/client/pkcs/PFXBuilder$CKM_RSA_PKCS_KEY_PAIR_GEN.class */
    public static final class CKM_RSA_PKCS_KEY_PAIR_GEN extends RSAOidImpl {
        public CKM_RSA_PKCS_KEY_PAIR_GEN() throws OperatorCreationException {
            super(KeyValidationSupport.MIN_RSA_KEY_LENGTH, new SecureRandom());
        }

        public CKM_RSA_PKCS_KEY_PAIR_GEN(int i, SecureRandom secureRandom) throws OperatorCreationException {
            super(i, secureRandom);
        }
    }

    /* loaded from: input_file:com/cht/kms/client/pkcs/PFXBuilder$ECOidImpl.class */
    static abstract class ECOidImpl extends PFXBuilder {
        protected ECOidImpl(String str, SecureRandom secureRandom) throws OperatorCreationException {
            super(str, secureRandom);
        }
    }

    /* loaded from: input_file:com/cht/kms/client/pkcs/PFXBuilder$RSAOidImpl.class */
    static abstract class RSAOidImpl extends PFXBuilder {
        protected RSAOidImpl(int i, SecureRandom secureRandom) throws OperatorCreationException {
            super(i, secureRandom);
        }
    }

    protected PFXBuilder(int i, SecureRandom secureRandom) throws OperatorCreationException {
        RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
        rSAKeyPairGenerator.init(new RSAKeyGenerationParameters(defaultPublicExponent, secureRandom, i, defaultTests));
        this.kp = rSAKeyPairGenerator.generateKeyPair();
        this.signer = new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE)).build(this.kp.getPrivate());
    }

    protected PFXBuilder(String str, SecureRandom secureRandom) throws OperatorCreationException {
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        X9ECParameters byName = CustomNamedCurves.getByName(str);
        eCKeyPairGenerator.init(new ECKeyGenerationParameters(new ECNamedDomainParameters(CustomNamedCurves.getOID(str), byName.getCurve(), byName.getG(), byName.getN()), secureRandom));
        this.kp = eCKeyPairGenerator.generateKeyPair();
        this.signer = new BcECContentSignerBuilder(new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256, DERNull.INSTANCE), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(this.kp.getPrivate());
    }

    public PFXBuilder setSerialNumber(BigInteger bigInteger) {
        this.serial = bigInteger;
        return this;
    }

    public PFXKeyStore generate(String str, char[] cArr, String str2) throws NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, OperatorCreationException, PKCSException, UnrecoverableKeyException {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str2);
        if (this.serial == null) {
            this.serial = new BigInteger(32, new SecureRandom());
        }
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        PKCS12SafeBagBuilder pKCS12SafeBagBuilder = new PKCS12SafeBagBuilder(new BcX509v3CertificateBuilder(x500NameBuilder.build(), this.serial, date, calendar.getTime(), x500NameBuilder.build(), this.kp.getPublic()).build(this.signer));
        BcX509ExtensionUtils bcX509ExtensionUtils = new BcX509ExtensionUtils();
        pKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str2));
        pKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, bcX509ExtensionUtils.createSubjectKeyIdentifier(this.kp.getPublic()));
        PKCS12SafeBagBuilder pKCS12SafeBagBuilder2 = new PKCS12SafeBagBuilder(PrivateKeyInfoFactory.createPrivateKeyInfo(this.kp.getPrivate()), new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(cArr));
        pKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str2));
        pKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, bcX509ExtensionUtils.createSubjectKeyIdentifier(this.kp.getPublic()));
        PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
        pKCS12PfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(cArr), new PKCS12SafeBag[]{pKCS12SafeBagBuilder.build()});
        pKCS12PfxPduBuilder.addData(pKCS12SafeBagBuilder2.build());
        PKCS12PfxPdu build = pKCS12PfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), cArr);
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new ByteArrayInputStream(build.toASN1Structure().getEncoded()), cArr);
        PFXKeyStore.store(keyStore, str, cArr);
        return new PFXKeyStore(str, keyStore, str2);
    }
}
