package org.opensaml.security.crypto;

import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.collection.LazyMap;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.cryptacular.util.KeyPairUtil;
import org.opensaml.security.SecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-300.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-security-api-3.1.1.jar:org/opensaml/security/crypto/KeySupport.class */
public final class KeySupport {
    private static Map<String, String> keyMatchAlgorithms = new LazyMap();

    private KeySupport() {
    }

    @Nullable
    public static Integer getKeyLength(@Nonnull Key key) {
        Logger logger = getLogger();
        logger.debug("Attempting to determine length of Key with algorithm '{}' and encoding format '{}'", key.getAlgorithm(), key.getFormat());
        if ((key instanceof SecretKey) && JCAConstants.KEY_FORMAT_RAW.equals(key.getFormat())) {
            return Integer.valueOf(key.getEncoded().length * 8);
        }
        if (key instanceof RSAKey) {
            return Integer.valueOf(((RSAKey) key).getModulus().bitLength());
        }
        if (key instanceof DSAKey) {
            return Integer.valueOf(((DSAKey) key).getParams().getP().bitLength());
        }
        if (key instanceof ECKey) {
            return Integer.valueOf(((ECKey) key).getParams().getCurve().getField().getFieldSize());
        }
        logger.debug("Unable to determine length in bits of specified Key instance");
        return null;
    }

    @Nonnull
    public static SecretKey decodeSecretKey(@Nonnull byte[] bArr, @Nonnull String str) throws KeyException {
        Logger logger = getLogger();
        Constraint.isNotNull(bArr, "Secret key bytes can not be null");
        Constraint.isNotNull(str, "Secret key algorithm can not be null");
        Constraint.isGreaterThanOrEqual(1L, bArr.length, "Secret key bytes can not be empty");
        int length = bArr.length * 8;
        boolean z = -1;
        switch (str.hashCode()) {
            case 64687:
                if (str.equals("AES")) {
                    z = false;
                    break;
                }
                break;
            case 67570:
                if (str.equals("DES")) {
                    z = true;
                    break;
                }
                break;
            case 2013078132:
                if (str.equals(JCAConstants.KEY_ALGO_DESEDE)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (length != 128 && length != 192 && length != 256) {
                    throw new KeyException(String.format("Saw invalid key length %d for algorithm %s", Integer.valueOf(length), "AES"));
                }
                break;
            case true:
                if (length != 64) {
                    throw new KeyException(String.format("Saw invalid key length %d for algorithm %s", Integer.valueOf(length), "DES"));
                }
                break;
            case true:
                if (length != 192 && length != 168) {
                    throw new KeyException(String.format("Saw invalid key length %d for algorithm %s", Integer.valueOf(length), JCAConstants.KEY_ALGO_DESEDE));
                }
                break;
            default:
                logger.debug("No length and sanity checking done for key with algorithm: {}", str);
                break;
        }
        return new SecretKeySpec(bArr, str);
    }

    @Nonnull
    public static PublicKey decodePublicKey(@Nonnull byte[] bArr) throws KeyException {
        Constraint.isNotNull(bArr, "Encoded key bytes cannot be null");
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bArr);
        try {
            return buildKey(x509EncodedKeySpec, "RSA");
        } catch (KeyException e) {
            try {
                return buildKey(x509EncodedKeySpec, "DSA");
            } catch (KeyException e2) {
                try {
                    return buildKey(x509EncodedKeySpec, "EC");
                } catch (KeyException e3) {
                    throw new KeyException("Unsupported key type.");
                }
            }
        }
    }

    @Nonnull
    public static PrivateKey decodePrivateKey(@Nonnull File file, @Nullable char[] cArr) throws KeyException {
        Constraint.isNotNull(file, "Key file cannot be null");
        if (!file.exists()) {
            throw new KeyException("Key file " + file.getAbsolutePath() + " does not exist");
        }
        if (!file.canRead()) {
            throw new KeyException("Key file " + file.getAbsolutePath() + " is not readable");
        }
        try {
            return decodePrivateKey(Files.toByteArray(file), cArr);
        } catch (IOException e) {
            throw new KeyException("Error reading Key file " + file.getAbsolutePath(), e);
        }
    }

    @Nonnull
    public static PrivateKey decodePrivateKey(@Nonnull byte[] bArr, @Nullable char[] cArr) throws KeyException {
        Constraint.isNotNull(bArr, "Encoded key bytes cannot be null");
        return (cArr == null || cArr.length <= 0) ? KeyPairUtil.decodePrivateKey(bArr) : KeyPairUtil.decodePrivateKey(bArr, cArr);
    }

    @Nonnull
    public static PublicKey derivePublicKey(@Nonnull PrivateKey privateKey) throws KeyException {
        if (privateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
            DSAParams params = dSAPrivateKey.getParams();
            try {
                return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(params.getG().modPow(dSAPrivateKey.getX(), params.getP()), params.getP(), params.getQ(), params.getG()));
            } catch (GeneralSecurityException e) {
                throw new KeyException("Unable to derive public key from DSA private key", e);
            }
        }
        if (!(privateKey instanceof RSAPrivateCrtKey)) {
            throw new KeyException("Private key was not a DSA or RSA key");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (GeneralSecurityException e2) {
            throw new KeyException("Unable to derive public key from RSA private key", e2);
        }
    }

    @Nonnull
    public static DSAPublicKey buildJavaDSAPublicKey(@Nonnull String str) throws KeyException {
        return (DSAPublicKey) buildKey(new X509EncodedKeySpec(Base64Support.decode(str)), "DSA");
    }

    @Nonnull
    public static RSAPublicKey buildJavaRSAPublicKey(@Nonnull String str) throws KeyException {
        return (RSAPublicKey) buildKey(new X509EncodedKeySpec(Base64Support.decode(str)), "RSA");
    }

    @Nonnull
    public static ECPublicKey buildJavaECPublicKey(@Nonnull String str) throws KeyException {
        return (ECPublicKey) buildKey(new X509EncodedKeySpec(Base64Support.decode(str)), "EC");
    }

    @Nonnull
    public static RSAPrivateKey buildJavaRSAPrivateKey(@Nonnull String str) throws KeyException {
        PrivateKey buildJavaPrivateKey = buildJavaPrivateKey(str);
        if (buildJavaPrivateKey instanceof RSAPrivateKey) {
            return (RSAPrivateKey) buildJavaPrivateKey;
        }
        throw new KeyException("Generated key was not an RSAPrivateKey instance");
    }

    @Nonnull
    public static DSAPrivateKey buildJavaDSAPrivateKey(@Nonnull String str) throws KeyException {
        PrivateKey buildJavaPrivateKey = buildJavaPrivateKey(str);
        if (buildJavaPrivateKey instanceof DSAPrivateKey) {
            return (DSAPrivateKey) buildJavaPrivateKey;
        }
        throw new KeyException("Generated key was not a DSAPrivateKey instance");
    }

    public static ECPrivateKey buildJavaECPrivateKey(String str) throws KeyException {
        PrivateKey buildJavaPrivateKey = buildJavaPrivateKey(str);
        if (buildJavaPrivateKey instanceof ECPrivateKey) {
            return (ECPrivateKey) buildJavaPrivateKey;
        }
        throw new KeyException("Generated key was not an ECPrivateKey instance");
    }

    @Nonnull
    public static PrivateKey buildJavaPrivateKey(@Nonnull String str) throws KeyException {
        return decodePrivateKey(Base64Support.decode(str), (char[]) null);
    }

    @Nonnull
    public static PublicKey buildKey(@Nullable KeySpec keySpec, @Nonnull String str) throws KeyException {
        Constraint.isNotNull(str, "Key algorithm cannot be null");
        try {
            return KeyFactory.getInstance(str).generatePublic(keySpec);
        } catch (NoSuchAlgorithmException e) {
            throw new KeyException(str + "algorithm is not supported by the JCA", e);
        } catch (InvalidKeySpecException e2) {
            throw new KeyException("Invalid key information", e2);
        }
    }

    @Nonnull
    public static SecretKey generateKey(@Nonnull String str, int i, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        Constraint.isNotNull(str, "Key algorithm cannot be null");
        KeyGenerator keyGenerator = str2 != null ? KeyGenerator.getInstance(str, str2) : KeyGenerator.getInstance(str);
        keyGenerator.init(i);
        return keyGenerator.generateKey();
    }

    @Nonnull
    public static KeyPair generateKeyPair(@Nonnull String str, int i, @Nullable String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
        Constraint.isNotNull(str, "Key algorithm cannot be null");
        KeyPairGenerator keyPairGenerator = str2 != null ? KeyPairGenerator.getInstance(str, str2) : KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static boolean matchKeyPair(@Nonnull PublicKey publicKey, @Nonnull PrivateKey privateKey) throws SecurityException {
        if (publicKey == null || privateKey == null) {
            throw new SecurityException("Either public or private key was null");
        }
        String str = keyMatchAlgorithms.get(privateKey.getAlgorithm());
        if (str == null) {
            throw new SecurityException("Can't determine JCA algorithm ID for key matching from key algorithm: " + privateKey.getAlgorithm());
        }
        Logger logger = getLogger();
        if (logger.isDebugEnabled()) {
            logger.debug("Attempting to match key pair containing key algorithms public '{}' private '{}', using JCA signature algorithm '{}'", new Object[]{publicKey.getAlgorithm(), privateKey.getAlgorithm(), str});
        }
        byte[] bytes = "This is the data to sign".getBytes();
        return SigningUtil.verify(publicKey, str, SigningUtil.sign(privateKey, str, bytes), bytes);
    }

    @Nonnull
    private static Logger getLogger() {
        return LoggerFactory.getLogger(KeySupport.class);
    }

    static {
        keyMatchAlgorithms.put("RSA", JCAConstants.SIGNATURE_RSA_SHA1);
        keyMatchAlgorithms.put("DSA", JCAConstants.SIGNATURE_DSA_SHA1);
        keyMatchAlgorithms.put("EC", JCAConstants.SIGNATURE_ECDSA_SHA1);
    }
}
