package com.centrify.directcontrol;

import com.centrify.android.AppConfig;
import com.dd.plist.NSDictionary;
import com.dd.plist.PListUtils;
import com.sec.enterprise.knox.certenroll.CEPConstants;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.DERBMPString;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.DefaultSignedAttributeTableGenerator;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.util.Store;
import org.spongycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes.dex */
public final class Crypto {
    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private Crypto() {
    }

    public static X509Certificate certificateFromPkcs12(KeyStore keyStore) throws KeyStoreException {
        X509Certificate x509Certificate = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements() && (x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement())) == null) {
        }
        return x509Certificate;
    }

    public static String extractFirstAlias(KeyStore keyStore) throws KeyStoreException {
        return keyStore.aliases().nextElement();
    }

    public static KeyStore generateNewSelfSignedCertificate(String str, int i) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, KeyStoreException, CertificateException, IOException, OperatorCreationException, NoSuchProviderException {
        Date date = new Date(System.currentTimeMillis() - 172800000);
        Date date2 = new Date(System.currentTimeMillis() + 630720000000L);
        BigInteger bigInteger = new BigInteger("1");
        KeyPair makeKeyPair = makeKeyPair(i);
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X509Name x509Name = new X509Name("cn=" + str);
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setIssuerDN(x509Name);
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSubjectDN(x509Name);
        x509V3CertificateGenerator.setPublicKey(makeKeyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        return makePkcs12(makeKeyPair.getPrivate(), x509V3CertificateGenerator.generate(makeKeyPair.getPrivate()), str);
    }

    public static byte[] getSignedData(byte[] bArr) throws CMSException {
        CMSTypedData signedContent = new CMSSignedData(bArr).getSignedContent();
        if (signedContent != null) {
            return (byte[]) signedContent.getContent();
        }
        return null;
    }

    public static KeyPair makeKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CEPConstants.CEP_KEYALGO_TYPE_RSA);
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyStore makePkcs12(Key key, X509Certificate x509Certificate, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException {
        ((PKCS12BagAttributeCarrier) x509Certificate).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
        Certificate[] certificateArr = {x509Certificate};
        if (key == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12", AppConfig.SECURITY_PROVIDER);
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, key, null, certificateArr);
        return keyStore;
    }

    public static Key privateKeyFromPkcs12(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Key key = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements() && (key = keyStore.getKey(aliases.nextElement(), null)) == null) {
        }
        return key;
    }

    public static byte[] signWithCert(NSDictionary nSDictionary, KeyStore keyStore) throws IOException, CertificateEncodingException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, OperatorCreationException, CMSException {
        return signWithCert(PListUtils.toJSONPropertyList(nSDictionary).getBytes("UTF-8"), keyStore);
    }

    public static byte[] signWithCert(byte[] bArr, KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateEncodingException, OperatorCreationException, CMSException, IOException {
        return signWithCert(bArr, certificateFromPkcs12(keyStore), (PrivateKey) privateKeyFromPkcs12(keyStore));
    }

    public static byte[] signWithCert(byte[] bArr, KeyStore keyStore, ASN1EncodableVector aSN1EncodableVector) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateEncodingException, OperatorCreationException, CMSException, IOException {
        return signWithCert(bArr, certificateFromPkcs12(keyStore), (PrivateKey) privateKeyFromPkcs12(keyStore), aSN1EncodableVector);
    }

    public static byte[] signWithCert(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) throws OperatorCreationException, CertificateEncodingException, CMSException, IOException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(AppConfig.SECURITY_PROVIDER).build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(AppConfig.SECURITY_PROVIDER).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(x509StoreWithCertificate(x509Certificate));
        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
    }

    public static byte[] signWithCert(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey, ASN1EncodableVector aSN1EncodableVector) throws OperatorCreationException, CertificateEncodingException, CMSException, IOException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector));
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(AppConfig.SECURITY_PROVIDER).build()).setSignedAttributeGenerator(defaultSignedAttributeTableGenerator).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(AppConfig.SECURITY_PROVIDER).build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(x509StoreWithCertificate(x509Certificate));
        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
    }

    public static Store x509StoreWithCertificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return new JcaCertStore(arrayList);
    }
}
