package cn.topca.security.rsa;

import cn.topca.security.util.DerInputStream;
import cn.topca.security.util.DerValue;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: input_file:cn/topca/security/rsa/RSAKeyUtil.class */
public class RSAKeyUtil {
    public static final int MIN_MODLEN = 512;
    public static final int MAX_MODLEN = 16384;
    public static final int MAX_MODLEN_RESTRICT_EXP = 3072;
    public static final int MAX_RESTRICTED_EXPLEN = 64;
    private static final boolean restrictExpLen = true;

    public static void checkKeyLengths(int i, BigInteger bigInteger, int i2, int i3) throws InvalidKeyException {
        if (i2 > 0 && i < i2) {
            throw new InvalidKeyException("RSA keys must be at least " + i2 + " bits long");
        }
        int min = Math.min(i3, 16384);
        if (i > min) {
            throw new InvalidKeyException("RSA keys must be no longer than " + min + " bits");
        }
        if (bigInteger != null && i > 3072 && bigInteger.bitLength() > 64) {
            throw new InvalidKeyException("RSA exponents can be no longer than 64 bits  if modulus is greater than 3072 bits");
        }
    }

    public static PrivateKey translatePrivateKey(Key key) {
        try {
            if (key instanceof RSAPrivateKey) {
                return (PrivateKey) key;
            }
            if ("X.509".equals(key.getFormat())) {
                return (PrivateKey) KeyFactory.getInstance("RSA").translateKey(key);
            }
            throw new InvalidKeyException("PublicKey must be instance of RSAPublicKey or have X.509 encoding");
        } catch (Exception e) {
            throw new RuntimeException("can not be happend , translate RSAKey fail!", e);
        }
    }

    public static PublicKey translatePublic(Key key) {
        try {
            if (key instanceof RSAPublicKey) {
                return (PublicKey) key;
            }
            if ("X.509".equals(key.getFormat())) {
                return (PublicKey) KeyFactory.getInstance("RSA").translateKey(key);
            }
            throw new InvalidKeyException("PublicKey must be instance of RSAPublicKey or have X.509 encoding");
        } catch (InvalidKeyException e) {
            throw new RuntimeException("can not be happened, but...", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("can not be happened, but RSA KeyFactory not support.", e2);
        }
    }

    public static PrivateKey generatePrivate(KeySpec keySpec) throws InvalidKeySpecException {
        if (keySpec instanceof PKCS8EncodedKeySpec) {
            try {
                return translatePrivateKey(decodePrivate(((PKCS8EncodedKeySpec) keySpec).getEncoded()));
            } catch (InvalidKeyException e) {
                throw new RuntimeException("decodePrivateKey fail!", e);
            }
        }
        if (!(keySpec instanceof RSAPrivateKeySpec)) {
            throw new InvalidKeySpecException("Only RSAPrivateKeySpec and PKCS8EncodedKeySpec supported for RSA public keys");
        }
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("can not be happened, but RSA KeyFactory not support.", e2);
        }
    }

    public static PrivateKey decodePrivate(InputStream inputStream) throws InvalidKeyException {
        try {
            DerValue derValue = new DerValue(inputStream);
            if (derValue.tag != 48) {
                throw new InvalidKeyException("invalid key format");
            }
            BigInteger bigInteger = derValue.data.getBigInteger();
            if (!bigInteger.equals(BigInteger.ZERO)) {
                throw new IOException("version mismatch: (supported: " + BigInteger.ZERO.toString(16) + ", parsed: " + bigInteger.toString(16));
            }
            derValue.data.getDerValue();
            DerValue derValue2 = new DerInputStream(derValue.data.getOctetString()).getDerValue();
            if (derValue2.tag != 48) {
                throw new IOException("Not a SEQUENCE");
            }
            DerInputStream derInputStream = derValue2.data;
            BigInteger readPositiveBigInteger = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger2 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger3 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger4 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger5 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger6 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger7 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger8 = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger9 = readPositiveBigInteger(derInputStream);
            if (derInputStream.available() != 0) {
                throw new InvalidKeyException("Extra key data");
            }
            return generatePrivateKey(readPositiveBigInteger, readPositiveBigInteger2, readPositiveBigInteger3, readPositiveBigInteger4, readPositiveBigInteger5, readPositiveBigInteger6, readPositiveBigInteger7, readPositiveBigInteger8, readPositiveBigInteger9);
        } catch (IOException e) {
            throw new InvalidKeyException("IOException: " + e.getMessage());
        }
    }

    public static PrivateKey decodePrivate(byte[] bArr) throws InvalidKeyException {
        return decodePrivate(new ByteArrayInputStream(bArr));
    }

    public static PrivateKey generatePrivateKey(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, BigInteger bigInteger4, BigInteger bigInteger5, BigInteger bigInteger6, BigInteger bigInteger7, BigInteger bigInteger8, BigInteger bigInteger9) throws InvalidKeyException {
        try {
            return generatePrivate(new RSAPrivateKeySpec(bigInteger2, bigInteger4));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e.getMessage(), e);
        }
    }

    public static PrivateKey generatePrivateKey(BigInteger bigInteger, BigInteger bigInteger2) throws InvalidKeyException {
        return generatePrivateKey(null, bigInteger, null, bigInteger2, null, null, null, null, null);
    }

    public static PublicKey generatePublic(KeySpec keySpec) throws InvalidKeySpecException {
        if (keySpec instanceof X509EncodedKeySpec) {
            try {
                return translatePublic(decodePublic(((X509EncodedKeySpec) keySpec).getEncoded()));
            } catch (InvalidKeyException e) {
                throw new InvalidKeySpecException("Could not create RSA public key", e);
            }
        }
        if (!(keySpec instanceof RSAPublicKeySpec)) {
            throw new InvalidKeySpecException("Only RSAPublicKeySpec and X509EncodedKeySpec supported for RSA public keys");
        }
        try {
            return KeyFactory.getInstance("RSA").generatePublic(keySpec);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("can not be happened, but RSA KeyFactory not support.", e2);
        }
    }

    public static PublicKey generatePublic(BigInteger bigInteger, BigInteger bigInteger2) throws InvalidKeyException {
        try {
            return generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e.getMessage(), e);
        }
    }

    public static PublicKey decodePublic(InputStream inputStream) throws InvalidKeyException {
        try {
            DerValue derValue = new DerValue(inputStream);
            if (derValue.tag != 48) {
                throw new InvalidKeyException("invalid key format");
            }
            derValue.data.getDerValue();
            DerValue derValue2 = new DerInputStream(derValue.data.getUnalignedBitString().toByteArray()).getDerValue();
            if (derValue2.tag != 48) {
                throw new IOException("Not a SEQUENCE");
            }
            DerInputStream derInputStream = derValue2.data;
            BigInteger readPositiveBigInteger = readPositiveBigInteger(derInputStream);
            BigInteger readPositiveBigInteger2 = readPositiveBigInteger(derInputStream);
            if (derValue.data.available() != 0) {
                throw new InvalidKeyException("Extra key data");
            }
            return generatePublic(readPositiveBigInteger, readPositiveBigInteger2);
        } catch (IOException e) {
            throw new InvalidKeyException("IOException: " + e.getMessage());
        }
    }

    public static PublicKey decodePublic(byte[] bArr) throws InvalidKeyException {
        return decodePublic(new ByteArrayInputStream(bArr));
    }

    private static BigInteger readPositiveBigInteger(DerInputStream derInputStream) throws IOException {
        BigInteger bigInteger = derInputStream.getBigInteger();
        return bigInteger.signum() < 0 ? new BigInteger(1, bigInteger.toByteArray()) : bigInteger;
    }
}
