package com.identityx.clientSDK.base;

import com.daon.identityx.rest.model.pojo.Token;
import com.identityx.auth.impl.keys.SharedSecretApiKey;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:com/identityx/clientSDK/base/KeyHelper.class */
public class KeyHelper {
    private KeyPair keyPair;

    public KeyHelper() throws NoSuchAlgorithmException {
        GenerateKeyPair();
    }

    public String getPublicKeyForTokenRequest(String str) throws IOException {
        return Base64.encodeBase64String(generateCertificate(str).getEncoded());
    }

    public SharedSecretApiKey createFromToken(Token token) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(2, this.keyPair.getPrivate());
        byte[] doFinal = cipher.doFinal(Base64.decodeBase64(token.getEncryptedSharedKey()));
        SharedSecretApiKey sharedSecretApiKey = new SharedSecretApiKey();
        sharedSecretApiKey.setId(token.getId());
        sharedSecretApiKey.setSecret(Base64.encodeBase64String(doFinal));
        return sharedSecretApiKey;
    }

    protected KeyPair GenerateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        this.keyPair = keyPairGenerator.generateKeyPair();
        return this.keyPair;
    }

    protected Certificate generateCertificate(String str) {
        try {
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=" + str), BigInteger.valueOf(new SecureRandom().nextLong()), new Date(System.currentTimeMillis() - 10000), new Date(System.currentTimeMillis() + 86400000), new X500Name("CN=" + str), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(this.keyPair.getPublic().getEncoded())));
            x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
            x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(16));
            x509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
            return x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(this.keyPair.getPrivate().getEncoded()))).toASN1Structure();
        } catch (Exception e) {
            throw new RuntimeException("Cannot generate X509 certificate", e);
        }
    }
}
