package com.ca.mas.core.security;

import com.ca.mas.core.cert.CertUtils;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public class AndroidJellyBeanKeyRepository extends KeyStoreRepository {
    private static final String PUTBLIC_KEY = "_public_key";
    private KeyStore keyStore = KeyStoreAdapter.getKeyStore();

    private PrivateKey decodeRsaPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private PublicKey decodeRsaPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    private static byte[] encodeRsaPrivateKey(PrivateKey privateKey) {
        if (!"RSA".equals(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("Private key is not an RSA private key: " + privateKey.getAlgorithm());
        }
        if (!"PKCS#8".equals(privateKey.getFormat())) {
            throw new IllegalArgumentException("Private key encoding format is not PKCS#8: " + privateKey.getFormat());
        }
        byte[] encoded = privateKey.getEncoded();
        if (encoded == null || encoded.length < 1) {
            throw new IllegalArgumentException("Private key encoded form is null or empty");
        }
        return encoded;
    }

    private byte[] encodeRsaPublicKey(PublicKey publicKey) {
        if (!"RSA".equals(publicKey.getAlgorithm())) {
            throw new IllegalArgumentException("Public key is not an RSA private key: " + publicKey.getAlgorithm());
        }
        String format = publicKey.getFormat();
        if (!"X.509".equals(format) && !"X509".equals(format)) {
            throw new IllegalArgumentException("Public key encoding format is not X.509: " + format);
        }
        byte[] encoded = publicKey.getEncoded();
        if (encoded == null || encoded.length < 1) {
            throw new IllegalArgumentException("Public key encoded form is null or empty");
        }
        return encoded;
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public KeyPair createPrivateKey(String str, GenerateKeyAttribute generateKeyAttribute) throws KeyStoreException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", (Provider) new BouncyCastleProvider());
            keyPairGenerator.initialize(generateKeyAttribute.getKeySize());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            byte[] encodeRsaPrivateKey = encodeRsaPrivateKey(generateKeyPair.getPrivate());
            byte[] encodeRsaPublicKey = encodeRsaPublicKey(generateKeyPair.getPublic());
            this.keyStore.put(str, encodeRsaPrivateKey);
            this.keyStore.put(str + PUTBLIC_KEY, encodeRsaPublicKey);
            return generateKeyPair;
        } catch (NoSuchAlgorithmException e10) {
            throw new KeyStoreException(e10);
        }
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public void deleteCertificateChain(String str) {
        this.keyStore.delete(str);
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public void deleteKey(String str) {
        this.keyStore.delete(str);
        this.keyStore.delete(str + PUTBLIC_KEY);
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public byte[] generateCertificateSigningRequest(String str, String str2, String str3, String str4, PrivateKey privateKey, PublicKey publicKey) throws CertificateException {
        try {
            String replace = str.replace("\"", "\\\"");
            String replace2 = str2.replace("\"", "\\\"");
            String replace3 = str3.replace("\"", "\\\"");
            String replace4 = str4.replace("\"", "\\\"");
            String replaceAll = replace3.replaceAll("[^a-zA-Z0-9]", "");
            if (replaceAll.isEmpty()) {
                replaceAll = "Undefined";
            }
            return new PKCS10CertificationRequest("SHA1withRSA", new X500Principal("cn=\"" + replace + "\", ou=\"" + replace2 + "\", dc=\"" + replaceAll + "\", o=\"" + replace4 + "\""), publicKey, new DERSet(new ASN1EncodableVector()), privateKey, (String) null).getEncoded();
        } catch (Exception e10) {
            throw new CertificateException("Unable to generate certificate signing request: " + e10.getMessage(), e10);
        }
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public X509Certificate[] getCertificateChain(String str) throws KeyStoreException {
        return CertUtils.decodeCertificateChain(this.keyStore.get(str));
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public Key getPrivateKey(String str) throws KeyStoreException {
        byte[] bArr = this.keyStore.get(str);
        if (bArr != null) {
            try {
                return decodeRsaPrivateKey(bArr);
            } catch (Exception unused) {
            }
        }
        return null;
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public Key getPublicKey(String str) throws KeyStoreException {
        byte[] bArr = this.keyStore.get(str + PUTBLIC_KEY);
        if (bArr != null) {
            try {
                return decodeRsaPublicKey(bArr);
            } catch (Exception unused) {
            }
        }
        return null;
    }

    @Override // com.ca.mas.core.security.KeyStoreRepository
    public void saveCertificateChain(String str, X509Certificate[] x509CertificateArr) {
        this.keyStore.put(str, CertUtils.encodeCertificateChain(x509CertificateArr));
    }
}
