package de.mhus.crypt.bc;

import de.mhus.crypt.api.signer.SignerProvider;
import de.mhus.crypt.api.util.CryptUtil;
import de.mhus.lib.core.IProperties;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MLog;
import de.mhus.lib.core.MProperties;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.crypt.Blowfish;
import de.mhus.lib.core.crypt.MBouncy;
import de.mhus.lib.core.crypt.MRandom;
import de.mhus.lib.core.crypt.pem.PemBlock;
import de.mhus.lib.core.crypt.pem.PemBlockModel;
import de.mhus.lib.core.crypt.pem.PemKey;
import de.mhus.lib.core.crypt.pem.PemKeyPair;
import de.mhus.lib.core.crypt.pem.PemPair;
import de.mhus.lib.core.crypt.pem.PemPriv;
import de.mhus.lib.core.crypt.pem.PemPub;
import de.mhus.lib.errors.MException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.UUID;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;

@Component(property = {"signer=ECC-BC-01"})
/* loaded from: input_file:de/mhus/crypt/bc/EccSigner.class */
public class EccSigner extends MLog implements SignerProvider {
    private static String NAME = "ECC-BC-01";
    private static final String PROVIDER = "BC";
    private static final String TRANSFORMATION_ECC = "SHA512WITHECDSA";
    private static final String ALGORITHM_ECC = "ECDSA";

    @Activate
    public void doActivate(ComponentContext componentContext) {
        MBouncy.init();
    }

    public PemBlock sign(PemPriv pemPriv, String str, String str2) throws MException {
        try {
            byte[] bytesBlock = pemPriv.getBytesBlock();
            if (MString.isSet(str2)) {
                bytesBlock = Blowfish.decrypt(bytesBlock, str2);
            }
            PrivateKey generatePrivate = KeyFactory.getInstance(ALGORITHM_ECC, PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bytesBlock));
            Signature signature = Signature.getInstance(TRANSFORMATION_ECC, PROVIDER);
            signature.initSign(generatePrivate);
            byte[] bytes = str.getBytes();
            signature.update(bytes, 0, bytes.length);
            PemBlockModel pemBlockModel = new PemBlockModel("SIGNATURE", signature.sign());
            CryptUtil.prepareSignOut(pemPriv, pemBlockModel, getName());
            return pemBlockModel;
        } catch (Exception e) {
            throw new MException(400, e);
        }
    }

    public boolean validate(PemPub pemPub, String str, PemBlock pemBlock) throws MException {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(ALGORITHM_ECC, PROVIDER).generatePublic(new X509EncodedKeySpec(pemPub.getBytesBlock()));
            Signature signature = Signature.getInstance(TRANSFORMATION_ECC, PROVIDER);
            signature.initVerify(generatePublic);
            byte[] bytes = str.getBytes();
            signature.update(bytes, 0, bytes.length);
            return signature.verify(pemBlock.getBytesBlock());
        } catch (Exception e) {
            throw new MException(400, e);
        }
    }

    public String getName() {
        return NAME;
    }

    public PemPair createKeys(IProperties iProperties) throws MException {
        if (iProperties == null) {
            try {
                iProperties = new MProperties();
            } catch (Throwable th) {
                throw new MException(400, th);
            }
        }
        String string = iProperties.getString("stdName", "prime192v1");
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(string);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_ECC, PROVIDER);
        keyPairGenerator.initialize(eCGenParameterSpec, ((MRandom) M.l(MRandom.class)).getSecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        UUID randomUUID = UUID.randomUUID();
        UUID randomUUID2 = UUID.randomUUID();
        byte[] encoded = privateKey.getEncoded();
        String string2 = iProperties.getString("passphrase", (String) null);
        if (MString.isSet(string2)) {
            encoded = Blowfish.encrypt(encoded, string2);
        }
        PemKey pemKey = new PemKey("PUBLIC KEY", publicKey.getEncoded(), false).set("Method", getName()).set("StdName", string).set("Format", publicKey.getFormat()).set("Ident", randomUUID2).set("PrivateKey", randomUUID);
        PemKey pemKey2 = new PemKey("PRIVATE KEY", encoded, true).set("Method", getName()).set("StdName", string).set("Format", privateKey.getFormat()).set("Ident", randomUUID).set("PublicKey", randomUUID2);
        if (MString.isSet(string2)) {
            pemKey2.set("Encrypted", "blowfish");
        }
        return new PemKeyPair(pemKey2, pemKey);
    }
}
