package cn.topca.security.util;

import cn.topca.security.ec.ECParameters;
import cn.topca.security.ec.NamedCurve;
import cn.topca.security.pkix.PKIFailureInfo;
import cn.topca.security.sm.SM2PublicKey;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/topca/security/util/KeyUtil.class */
public class KeyUtil {
    private static final Logger log = LoggerFactory.getLogger("KeyUtil");

    /* loaded from: input_file:cn/topca/security/util/KeyUtil$KeyType.class */
    public enum KeyType {
        PRIVATE,
        PUBLIC
    }

    public static Key convertKey(KeyType keyType, String str, byte[] bArr) throws KeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        PrivateKey generatePublic;
        KeyFactory keyFactory = KeyFactory.getInstance(str);
        if (KeyType.PRIVATE == keyType) {
            generatePublic = keyFactory.generatePrivate(new X509EncodedKeySpec(bArr));
        } else {
            if (KeyType.PUBLIC != keyType) {
                throw new KeyException("Key type is not supported.");
            }
            generatePublic = keyFactory.generatePublic(new PKCS8EncodedKeySpec(bArr));
        }
        return generatePublic;
    }

    public static PublicKey convertRSAPublicKey(BigInteger bigInteger, BigInteger bigInteger2) throws KeyException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        } catch (NoSuchAlgorithmException e) {
            throw new KeyException("Invalid RSAPublicKey modulus.");
        } catch (InvalidKeySpecException e2) {
            throw new KeyException("Invalid RSAPublicKey modulus or exponent.");
        }
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws KeyException {
        ECParameterSpec eCParameterSpec;
        ECParameterSpec eCParameterSpec2 = NamedCurve.getECParameterSpec("SM2");
        try {
            eCParameterSpec = ECParameters.decodeParameters(bArr);
        } catch (Exception e) {
            log.debug(e.getLocalizedMessage() + "\n Can not decode Parameters: " + Hex.encodeHexString(bArr) + "\n use SM2Parameters");
            eCParameterSpec = eCParameterSpec2;
        }
        try {
            try {
                return new SM2PublicKey(ECParameters.decodePoint(bArr2, eCParameterSpec.getCurve()), eCParameterSpec);
            } catch (InvalidKeyException e2) {
                throw new KeyException(e2);
            } catch (InvalidParameterSpecException e3) {
                throw new KeyException(e3);
            }
        } catch (Exception e4) {
            throw new RuntimeException("Could not parse key values", e4);
        }
    }

    public static SecretKey genSecretKey(String str, String str2, int i, Provider provider) throws Exception {
        KeyGenerator keyGenerator = provider != null ? KeyGenerator.getInstance(str2, provider) : KeyGenerator.getInstance(str2);
        if (i != -1) {
            keyGenerator.init(i);
        } else if ("DES".equalsIgnoreCase(str2)) {
            keyGenerator.init(56);
        } else {
            if (!"DESede".equalsIgnoreCase(str2)) {
                throw new Exception("Please provide keysize for secret key generation");
            }
            keyGenerator.init(168);
        }
        return keyGenerator.generateKey();
    }

    public static KeyPair genKeyPair(String str, int i, Provider provider) throws NoSuchAlgorithmException {
        if (i == -1) {
            i = "EC".equalsIgnoreCase(str) ? 256 : 1024;
        }
        KeyPairGenerator keyPairGenerator = provider != null ? KeyPairGenerator.getInstance(str, provider) : KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static void checkKeySize(String str, int i, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (str.equals("EC")) {
            if (i < 112) {
                throw new InvalidAlgorithmParameterException("Key size must be at least 112 bit");
            }
            if (i > 2048) {
                throw new InvalidAlgorithmParameterException("Key size must be at most 2048 bit");
            }
            return;
        }
        if (!str.equals("RSA")) {
            if (i < 512) {
                throw new InvalidAlgorithmParameterException("Key size must be at least 512 bit");
            }
            if (str.equals("DH") && algorithmParameterSpec != null) {
                if (i > 65536) {
                    throw new InvalidAlgorithmParameterException("Key size must be at most 65536 bit");
                }
                return;
            } else {
                if (i > 1024 || (i & 63) != 0) {
                    throw new InvalidAlgorithmParameterException("Key size must be a multiple of 64 and at most 1024 bit");
                }
                return;
            }
        }
        BigInteger bigInteger = RSAKeyGenParameterSpec.F4;
        if (algorithmParameterSpec != null) {
            bigInteger = ((RSAKeyGenParameterSpec) algorithmParameterSpec).getPublicExponent();
        }
        try {
            if (512 > 0 && i < 512) {
                throw new InvalidKeyException(new StringBuffer().append("RSA keys must be at least ").append(512).append(" bits long").toString());
            }
            int min = Math.min(PKIFailureInfo.notAuthorized, 16384);
            if (i > min) {
                throw new InvalidKeyException(new StringBuffer().append("RSA keys must be no longer than ").append(min).append(" bits").toString());
            }
            if (bigInteger != null && i > 3072 && bigInteger.bitLength() > 64) {
                throw new InvalidKeyException("RSA exponents can be no longer than 64 bits  if modulus is greater than 3072 bits");
            }
        } catch (InvalidKeyException e) {
            throw new InvalidAlgorithmParameterException(e.getMessage());
        }
    }
}
