package de.governikus.autent.eudiwallet.ecdh;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/eudi-wallet-key-utils-0.2.0.jar:de/governikus/autent/eudiwallet/ecdh/KeyService.class */
public final class KeyService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyService.class);

    public static KeyPairGenerator setupECKeyPairGenerator(String str) {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
            return keyPairGenerator;
        } catch (InvalidAlgorithmParameterException e) {
            log.warn("invalid curve name: {}", e.getMessage());
            log.debug(e.getMessage(), (Throwable) e);
            throw new KeyException("EC key generator setup failed", e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            log.error("error in security setup: {}", e2.getMessage());
            log.debug(e2.getMessage(), (Throwable) e2);
            throw new KeyException("EC key generator setup failed", e2);
        }
    }

    public static byte[] deriveKeyFrom(PrivateKey privateKey, PublicKey publicKey) {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement.generateSecret();
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) {
            log.error("Secret key generation failed: {}", e.getMessage());
            log.warn(e.getMessage(), (Throwable) e);
            throw new KeyException("secret key generation failed", e);
        }
    }

    public static KeyPair createDerivedEcKey(SecretKey secretKey, String str, String str2) {
        byte[] addAll = ArrayUtils.addAll(encryptWithEcb(secretKey, str), str.getBytes(StandardCharsets.UTF_8));
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(str2);
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(addAll);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(eCGenParameterSpec, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    private static byte[] encryptWithEcb(SecretKey secretKey, String str) {
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(1, secretKey);
        return cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
    }

    public static SecretKey generateAesKey() {
        return generateAesKey(256);
    }

    public static SecretKey generateAesKey(int i) {
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    public static X509Certificate readX509Certificate(String str) {
        return readX509Certificate(Base64.getDecoder().decode(str));
    }

    public static X509Certificate readX509Certificate(byte[] bArr) {
        return readX509Certificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate readX509Certificate(InputStream inputStream) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(inputStream);
            log.trace("X509 certificate was successfully read.");
            if (inputStream != null) {
                inputStream.close();
            }
            return x509Certificate;
        } finally {
        }
    }
}
