package org.kontalk.crypto;

import android.os.Parcel;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import org.kontalk.provider.MyMessages;
import org.spongycastle.asn1.misc.MiscObjectIdentifiers;
import org.spongycastle.asn1.misc.NetscapeCertType;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.spongycastle.crypto.util.PrivateKeyFactory;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPPrivateKey;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyRing;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.operator.KeyFingerPrintCalculator;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.bc.BcContentSignerBuilder;
import org.spongycastle.operator.bc.BcDSAContentSignerBuilder;
import org.spongycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: classes.dex */
public class X509Bridge {
    private static final String DN_COMMON_PART_O = "OpenPGP to X.509 Bridge";
    public static final String PEM_TYPE_CERTIFICATE = "CERTIFICATE";
    public static final String PEM_TYPE_PRIVATE_KEY = "RSA PRIVATE KEY";
    private static final KeyFingerPrintCalculator sFingerprintCalculator = PGP.sFingerprintCalculator;

    private X509Bridge() {
    }

    private static X509Certificate createCertificate(PublicKey publicKey, PrivateKey privateKey, X500Name x500Name, Date date, Date date2, List<String> list, byte[] bArr) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, IOException, OperatorCreationException {
        BcContentSignerBuilder bcRSAContentSignerBuilder;
        String algorithm = publicKey.getAlgorithm();
        if (algorithm.equals("DSA")) {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithDSA");
            bcRSAContentSignerBuilder = new BcDSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find));
        } else {
            if (!algorithm.equals("RSA")) {
                throw new RuntimeException("Algorithm not recognised: " + algorithm);
            }
            AlgorithmIdentifier find2 = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
            bcRSAContentSignerBuilder = new BcRSAContentSignerBuilder(find2, new DefaultDigestAlgorithmIdentifierFinder().find(find2));
        }
        ContentSigner build = bcRSAContentSignerBuilder.build(PrivateKeyFactory.createKey(privateKey.getEncoded()));
        Date date3 = date == null ? new Date(System.currentTimeMillis()) : date;
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, date3, date2 == null ? date3 : date2, Locale.US, x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(236));
        x509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(MyMessages.Groups.GROUP_SUBJECT_MAX_LENGTH));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey));
        if (list != null && list.size() > 0) {
            GeneralName[] generalNameArr = new GeneralName[list.size()];
            for (int i = 0; i < generalNameArr.length; i++) {
                generalNameArr[i] = new GeneralName(0, new XmppAddrIdentifier(list.get(i)));
            }
            x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
        }
        x509v3CertificateBuilder.addExtension(SubjectPGPPublicKeyInfo.OID, false, new SubjectPGPPublicKeyInfo(bArr));
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(build));
        certificate.verify(publicKey);
        return certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate createCertificate(PGPPublicKeyRing pGPPublicKeyRing, PGPPrivateKey pGPPrivateKey) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, PGPException, IOException, OperatorCreationException {
        PGPPublicKey pGPPublicKey;
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        x500NameBuilder.addRDN(BCStyle.O, DN_COMMON_PART_O);
        Iterator<PGPPublicKey> publicKeys = pGPPublicKeyRing.getPublicKeys();
        while (true) {
            if (!publicKeys.hasNext()) {
                pGPPublicKey = null;
                break;
            }
            pGPPublicKey = publicKeys.next();
            if (pGPPublicKey.isMasterKey()) {
                break;
            }
        }
        if (pGPPublicKey == null) {
            throw new IllegalArgumentException("no master key found");
        }
        LinkedList linkedList = new LinkedList();
        Iterator<String> userIDs = pGPPublicKey.getUserIDs();
        while (userIDs.hasNext()) {
            String next = userIDs.next();
            x500NameBuilder.addRDN(BCStyle.CN, next);
            PGPUserID parse = PGPUserID.parse(next);
            if (parse != null && parse.getEmail() != null) {
                linkedList.add(parse.getEmail());
            }
        }
        X500Name build = x500NameBuilder.build();
        Date creationTime = pGPPublicKey.getCreationTime();
        return createCertificate(PGP.convertPublicKey(pGPPublicKey), PGP.convertPrivateKey(pGPPrivateKey), build, creationTime, pGPPublicKey.getValidSeconds() > 0 ? new Date(creationTime.getTime() + (1000 * pGPPublicKey.getValidSeconds())) : null, linkedList, pGPPublicKeyRing.getEncoded());
    }

    public static X509Certificate createCertificate(PGPPublicKeyRing pGPPublicKeyRing, PGPSecretKey pGPSecretKey, String str) throws PGPException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, IOException, OperatorCreationException {
        return createCertificate(pGPPublicKeyRing, pGPSecretKey.extractPrivateKey(new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().build()).setProvider(PGP.PROVIDER).build(str.toCharArray())));
    }

    public static X509Certificate createCertificate(byte[] bArr, PGPPrivateKey pGPPrivateKey) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, PGPException, IOException, OperatorCreationException {
        return createCertificate(new PGPPublicKeyRing(bArr, sFingerprintCalculator), pGPPrivateKey);
    }

    public static X509Certificate createCertificate(byte[] bArr, PGPSecretKey pGPSecretKey, String str) throws PGPException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, IOException, OperatorCreationException {
        return createCertificate(new PGPPublicKeyRing(bArr, sFingerprintCalculator), pGPSecretKey, str);
    }

    public static X509Certificate createCertificate(byte[] bArr, byte[] bArr2, String str) throws PGPException, IOException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, OperatorCreationException {
        PGPSecretKeyRing pGPSecretKeyRing = new PGPSecretKeyRing(bArr, sFingerprintCalculator);
        return createCertificate(new PGPPublicKeyRing(bArr2, sFingerprintCalculator), pGPSecretKeyRing.getSecretKey().extractPrivateKey(new JcePBESecretKeyDecryptorBuilder(new JcaPGPDigestCalculatorProviderBuilder().build()).setProvider(PGP.PROVIDER).build(str.toCharArray())));
    }

    public static KeyStore exportCertificate(X509Certificate x509Certificate, PrivateKey privateKey) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", PGP.PROVIDER);
        keyStore.load(null, null);
        keyStore.setKeyEntry("Kontalk Personal Key", privateKey, null, new Certificate[]{x509Certificate});
        return keyStore;
    }

    public static X509Certificate fromParcel(Parcel parcel) throws PGPException {
        return null;
    }

    public static X509Certificate load(InputStream inputStream) throws CertificateException, NoSuchProviderException {
        return (X509Certificate) CertificateFactory.getInstance("X.509", PGP.PROVIDER).generateCertificate(inputStream);
    }

    public static X509Certificate load(byte[] bArr) throws CertificateException, NoSuchProviderException {
        return load(new ByteArrayInputStream(bArr));
    }
}
