package com.emc.vipr.transform.encryption;

import com.emc.vipr.transform.TransformConstants;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.protocol.HTTP;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/emc/vipr/transform/encryption/KeyUtils.class */
public class KeyUtils {
    private static final Logger logger = LoggerFactory.getLogger(KeyUtils.class);

    public static String getRsaPublicKeyFingerprint(RSAPublicKey rSAPublicKey, Provider provider) throws NoSuchAlgorithmException {
        return toHexPadded((provider != null ? MessageDigest.getInstance("sha1", provider) : MessageDigest.getInstance("sha1")).digest(derEncodeRSAPublicKey(rSAPublicKey)));
    }

    public static String toHexPadded(byte[] bArr) {
        String bigInteger = new BigInteger(1, bArr).toString(16);
        while (true) {
            String str = bigInteger;
            if (str.length() >= bArr.length * 2) {
                return str;
            }
            bigInteger = "0" + str;
        }
    }

    public static byte[] derEncodeBigInteger(BigInteger bigInteger) {
        return derEncodeValue((byte) 2, bigInteger.toByteArray());
    }

    public static byte[] derEncodeValue(byte b, byte[] bArr) {
        if (bArr.length < 128) {
            byte[] bArr2 = new byte[bArr.length + 2];
            bArr2[0] = b;
            bArr2[1] = (byte) bArr.length;
            System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
            return bArr2;
        }
        byte[] byteArray = BigInteger.valueOf(bArr.length).toByteArray();
        byte[] bArr3 = new byte[bArr.length + byteArray.length + 2];
        bArr3[0] = b;
        bArr3[1] = (byte) (byteArray.length | 128);
        System.arraycopy(byteArray, 0, bArr3, 2, byteArray.length);
        System.arraycopy(bArr, 0, bArr3, 2 + byteArray.length, bArr.length);
        return bArr3;
    }

    public static byte[] derEncodeRSAPublicKey(RSAPublicKey rSAPublicKey) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(derEncodeBigInteger(rSAPublicKey.getModulus()));
        arrayList.add(derEncodeBigInteger(rSAPublicKey.getPublicExponent()));
        return derEncodeSequence(arrayList);
    }

    public static byte[] derEncodeSequence(List<byte[]> list) {
        int i = 0;
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            i += it.next().length;
        }
        byte[] bArr = new byte[i];
        int i2 = 0;
        for (byte[] bArr2 : list) {
            System.arraycopy(bArr2, 0, bArr, i2, bArr2.length);
            i2 += bArr2.length;
        }
        return derEncodeValue((byte) 48, bArr);
    }

    public static KeyPair rsaKeyPairFromBase64(String str, String str2) throws GeneralSecurityException {
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str.getBytes("US-ASCII"));
            byte[] decodeBase642 = Base64.decodeBase64(str2.getBytes("US-ASCII"));
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(decodeBase64);
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decodeBase642);
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            return new KeyPair(keyFactory.generatePublic(x509EncodedKeySpec), keyFactory.generatePrivate(pKCS8EncodedKeySpec));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Could not load key pair: " + e, e);
        }
    }

    public static SecretKey decryptKey(String str, String str2, Provider provider, PrivateKey privateKey) {
        try {
            Cipher cipher = provider != null ? Cipher.getInstance(TransformConstants.KEY_ENCRYPTION_TRANSFORM, provider) : Cipher.getInstance(TransformConstants.KEY_ENCRYPTION_TRANSFORM);
            cipher.init(2, privateKey);
            return new SecretKeySpec(cipher.doFinal(urlSafeDecodeBase64(str)), str2);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Error decrypting object key: " + e, e);
        }
    }

    public static String encryptKey(SecretKey secretKey, Provider provider, PublicKey publicKey) throws GeneralSecurityException {
        Cipher cipher = provider != null ? Cipher.getInstance(TransformConstants.KEY_ENCRYPTION_TRANSFORM, provider) : Cipher.getInstance(TransformConstants.KEY_ENCRYPTION_TRANSFORM);
        cipher.init(1, publicKey);
        return urlSafeEncodeBase64(cipher.doFinal(secretKey.getEncoded()));
    }

    public static String urlSafeEncodeBase64(byte[] bArr) {
        try {
            return new String(Base64.encodeBase64(bArr), "US-ASCII").replace('+', '-').replace('/', '_');
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("US-ASCII encoding not supported", e);
        }
    }

    public static byte[] urlSafeDecodeBase64(String str) {
        try {
            return Base64.decodeBase64(str.replace('-', '+').replace('_', '/').getBytes("US-ASCII"));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("US-ASCII encoding not supported", e);
        }
    }

    public static String signMetadata(Map<String, String> map, RSAPrivateKey rSAPrivateKey, Provider provider) {
        ArrayList<String> arrayList = new ArrayList();
        for (String str : map.keySet()) {
            if (str.startsWith(TransformConstants.METADATA_PREFIX)) {
                arrayList.add(str);
            }
        }
        Collections.sort(arrayList, new Comparator<String>() { // from class: com.emc.vipr.transform.encryption.KeyUtils.1
            @Override // java.util.Comparator
            public int compare(String str2, String str3) {
                if (str2 == null && str3 == null) {
                    return 0;
                }
                return str2 == null ? -str3.toLowerCase().compareTo(str2) : str2.toLowerCase().compareTo(str3.toLowerCase());
            }
        });
        StringBuffer stringBuffer = new StringBuffer();
        for (String str2 : arrayList) {
            stringBuffer.append(str2.toLowerCase() + ":" + map.get(str2) + "\n");
        }
        logger.debug("Canonical string: '%s'", stringBuffer);
        try {
            byte[] bytes = stringBuffer.toString().getBytes(HTTP.UTF_8);
            try {
                Signature signature = provider != null ? Signature.getInstance(TransformConstants.METADATA_SIGNATURE_ALGORITHM, provider) : Signature.getInstance(TransformConstants.METADATA_SIGNATURE_ALGORITHM);
                signature.initSign(rSAPrivateKey);
                try {
                    signature.update(bytes);
                    return urlSafeEncodeBase64(signature.sign());
                } catch (SignatureException e) {
                    throw new RuntimeException("Could not compute metadata signature: " + e);
                }
            } catch (InvalidKeyException e2) {
                throw new RuntimeException("Could not initialize signature algorithm: " + e2, e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new RuntimeException("Could not initialize signature algorithm: " + e3, e3);
            }
        } catch (UnsupportedEncodingException e4) {
            throw new RuntimeException("Could not render string to bytes");
        }
    }

    public static byte[] extractSubjectKeyIdentifier(byte[] bArr) {
        byte[] bArr2 = new byte[20];
        if (bArr.length != 24) {
            throw new RuntimeException("DER-encoded SKI should be 24 bytes");
        }
        System.arraycopy(bArr, 4, bArr2, 0, 20);
        return bArr2;
    }
}
