package net.named_data.jndn.security.tpm;

import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.List;
import javax.crypto.Cipher;
import net.named_data.jndn.encoding.OID;
import net.named_data.jndn.encoding.der.DerDecodingException;
import net.named_data.jndn.encoding.der.DerEncodingException;
import net.named_data.jndn.encoding.der.DerNode;
import net.named_data.jndn.encrypt.algo.EncryptAlgorithmType;
import net.named_data.jndn.security.DigestAlgorithm;
import net.named_data.jndn.security.EcKeyParams;
import net.named_data.jndn.security.KeyParams;
import net.named_data.jndn.security.KeyType;
import net.named_data.jndn.security.RsaKeyParams;
import net.named_data.jndn.util.Blob;

/* loaded from: input_file:net/named_data/jndn/security/tpm/TpmPrivateKey.class */
public class TpmPrivateKey {
    private static String RSA_ENCRYPTION_OID = "1.2.840.113549.1.1.1";
    private static String EC_ENCRYPTION_OID = "1.2.840.10045.2.1";
    private KeyType keyType_ = null;
    private PrivateKey privateKey_;

    /* loaded from: input_file:net/named_data/jndn/security/tpm/TpmPrivateKey$Error.class */
    public static class Error extends Exception {
        public Error(String str) {
            super(str);
        }
    }

    public final void loadPkcs1(ByteBuffer byteBuffer, KeyType keyType) throws Error {
        if (keyType == null) {
            try {
                List children = DerNode.parse(byteBuffer).getChildren();
                keyType = (children.size() == 9 && (children.get(0) instanceof DerNode.DerInteger) && ((Integer) ((DerNode.DerInteger) children.get(0)).toVal()).intValue() == 0 && (children.get(1) instanceof DerNode.DerInteger) && (children.get(2) instanceof DerNode.DerInteger) && (children.get(3) instanceof DerNode.DerInteger) && (children.get(4) instanceof DerNode.DerInteger) && (children.get(5) instanceof DerNode.DerInteger) && (children.get(6) instanceof DerNode.DerInteger) && (children.get(7) instanceof DerNode.DerInteger) && (children.get(8) instanceof DerNode.DerInteger)) ? KeyType.RSA : KeyType.EC;
            } catch (DerDecodingException e) {
                keyType = KeyType.EC;
            }
        }
        if (keyType == KeyType.EC) {
            throw new Error("TODO: loadPkcs1 for EC is not implemented");
        }
        if (keyType != KeyType.RSA) {
            throw new Error("loadPkcs1: Unrecognized keyType: " + keyType);
        }
        loadPkcs8(encodePkcs8PrivateKey(byteBuffer, new OID(RSA_ENCRYPTION_OID), new DerNode.DerNull()).buf(), keyType);
    }

    public final void loadPkcs1(ByteBuffer byteBuffer) throws Error {
        loadPkcs1(byteBuffer, null);
    }

    public final void loadPkcs8(ByteBuffer byteBuffer, KeyType keyType) throws Error {
        if (keyType == null) {
            try {
                String str = "" + ((DerNode.DerOid) DerNode.getSequence(DerNode.parse(byteBuffer, 0).getChildren(), 1).getChildren().get(0)).toVal();
                if (str.equals(EC_ENCRYPTION_OID)) {
                    keyType = KeyType.EC;
                } else {
                    if (!str.equals(RSA_ENCRYPTION_OID)) {
                        throw new Error("loadPkcs8: Unrecognized private key OID: " + str);
                    }
                    keyType = KeyType.RSA;
                }
            } catch (DerDecodingException e) {
                throw new Error("Cannot decode the PKCS #8 private key: " + e);
            }
        }
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(new Blob(byteBuffer, false).getImmutableArray());
        if (keyType == KeyType.EC) {
            try {
                this.privateKey_ = KeyFactory.getInstance("EC").generatePrivate(pKCS8EncodedKeySpec);
                this.keyType_ = KeyType.EC;
                return;
            } catch (NoSuchAlgorithmException e2) {
                throw new Error("loadPkcs8: PKCS8EncodedKeySpec is not supported for EC: " + e2);
            } catch (InvalidKeySpecException e3) {
                throw new Error("loadPkcs8: EC is not supported: " + e3);
            }
        }
        if (keyType != KeyType.RSA) {
            throw new Error("loadPkcs8: Unrecognized keyType: " + keyType);
        }
        try {
            this.privateKey_ = KeyFactory.getInstance("RSA").generatePrivate(pKCS8EncodedKeySpec);
            this.keyType_ = KeyType.RSA;
        } catch (NoSuchAlgorithmException e4) {
            throw new Error("loadPkcs8: PKCS8EncodedKeySpec is not supported for RSA: " + e4);
        } catch (InvalidKeySpecException e5) {
            throw new Error("loadPkcs8: RSA is not supported: " + e5);
        }
    }

    public final void loadPkcs8(ByteBuffer byteBuffer) throws Error {
        loadPkcs8(byteBuffer, null);
    }

    public final Blob derivePublicKey() throws Error {
        if (this.keyType_ == KeyType.EC) {
            throw new Error("TODO: derivePublicKey for EC is not implemented");
        }
        if (this.keyType_ != KeyType.RSA) {
            throw new Error("derivePublicKey: The private key is not loaded");
        }
        try {
            List children = DerNode.parse(toPkcs1().buf(), 0).getChildren();
            try {
                return new Blob(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(((DerNode) children.get(1)).getPayload().getImmutableArray()), new BigInteger(((DerNode) children.get(2)).getPayload().getImmutableArray()))).getEncoded(), false);
            } catch (Exception e) {
                throw new Error("Error making RSA public key: " + e);
            }
        } catch (DerDecodingException e2) {
            throw new Error("Error parsing RSA PKCS #1 key: " + e2);
        }
    }

    public final Blob decrypt(ByteBuffer byteBuffer, EncryptAlgorithmType encryptAlgorithmType) throws Error {
        String str;
        if (this.keyType_ == null) {
            throw new Error("decrypt: The private key is not loaded");
        }
        if (encryptAlgorithmType == EncryptAlgorithmType.RsaPkcs) {
            str = "RSA/ECB/PKCS1Padding";
        } else {
            if (encryptAlgorithmType != EncryptAlgorithmType.RsaOaep) {
                throw new Error("unsupported padding scheme");
            }
            str = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
        }
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(2, this.privateKey_);
            return new Blob(cipher.doFinal(new Blob(byteBuffer, false).getImmutableArray()), false);
        } catch (Exception e) {
            throw new Error("Error decrypting with private key: " + e.getMessage());
        }
    }

    public final Blob decrypt(ByteBuffer byteBuffer) throws Error {
        return decrypt(byteBuffer, EncryptAlgorithmType.RsaOaep);
    }

    public final Blob sign(ByteBuffer byteBuffer, DigestAlgorithm digestAlgorithm) throws Error {
        Signature signature;
        if (digestAlgorithm != DigestAlgorithm.SHA256) {
            throw new Error("TpmPrivateKey.sign: Unsupported digest algorithm");
        }
        if (this.keyType_ == KeyType.EC) {
            try {
                signature = Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException e) {
                throw new Error("SHA256withECDSA algorithm is not supported");
            }
        } else {
            if (this.keyType_ != KeyType.RSA) {
                return new Blob();
            }
            try {
                signature = Signature.getInstance("SHA256withRSA");
            } catch (NoSuchAlgorithmException e2) {
                throw new Error("SHA256withRSA algorithm is not supported");
            }
        }
        try {
            signature.initSign(this.privateKey_);
            try {
                signature.update(byteBuffer);
                return new Blob(signature.sign(), false);
            } catch (SignatureException e3) {
                throw new Error("SignatureException: " + e3.getMessage());
            }
        } catch (InvalidKeyException e4) {
            throw new Error("InvalidKeyException: " + e4.getMessage());
        }
    }

    public final Blob toPkcs1() throws Error {
        if (this.keyType_ == null) {
            throw new Error("toPkcs1: The private key is not loaded");
        }
        try {
            return ((DerNode) DerNode.parse(toPkcs8().buf(), 0).getChildren().get(2)).getPayload();
        } catch (DerDecodingException e) {
            throw new Error("Error decoding PKCS #8 private key: " + e);
        }
    }

    public final Blob toPkcs8() throws Error {
        if (this.keyType_ == null) {
            throw new Error("toPkcs8: The private key is not loaded");
        }
        return new Blob(this.privateKey_.getEncoded());
    }

    public static TpmPrivateKey generatePrivateKey(KeyParams keyParams) throws IllegalArgumentException, Error {
        String str;
        int keySize;
        if (keyParams.getKeyType() == KeyType.RSA) {
            str = "RSA";
            keySize = ((RsaKeyParams) keyParams).getKeySize();
        } else {
            if (keyParams.getKeyType() != KeyType.EC) {
                throw new IllegalArgumentException("Cannot generate a key pair of type " + keyParams.getKeyType());
            }
            str = "EC";
            keySize = ((EcKeyParams) keyParams).getKeySize();
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(keySize);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            TpmPrivateKey tpmPrivateKey = new TpmPrivateKey();
            tpmPrivateKey.keyType_ = keyParams.getKeyType();
            tpmPrivateKey.privateKey_ = generateKeyPair.getPrivate();
            return tpmPrivateKey;
        } catch (NoSuchAlgorithmException e) {
            throw new Error("TpmPrivateKey: Could not create the key generator: " + e.getMessage());
        }
    }

    private static Blob encodePkcs8PrivateKey(ByteBuffer byteBuffer, OID oid, DerNode derNode) throws Error {
        try {
            DerNode.DerSequence derSequence = new DerNode.DerSequence();
            derSequence.addChild(new DerNode.DerOid(oid));
            derSequence.addChild(derNode);
            DerNode.DerSequence derSequence2 = new DerNode.DerSequence();
            derSequence2.addChild(new DerNode.DerInteger(0));
            derSequence2.addChild(derSequence);
            derSequence2.addChild(new DerNode.DerOctetString(byteBuffer));
            return derSequence2.encode();
        } catch (DerEncodingException e) {
            throw new Error("Error encoding PKCS #8 private key: " + e);
        }
    }
}
