package org.opensaml.lite.security;

import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.commons.ssl.PKCS8Key;
import org.apache.log4j.Logger;
import org.apache.xml.security.algorithms.JCEMapper;
import org.opensaml.lite.xml.signature.SignatureConstants;
import org.opensaml.lite.xml.util.DatatypeHelper;
import pl.edu.icm.yadda.aas.utils.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-0.4.4.jar:org/opensaml/lite/security/SecurityHelper.class */
public class SecurityHelper {
    private static Set<String> rsaAlgorithmURIs;
    private static Set<String> ecdsaAlgorithmURIs;
    private static Logger log = Logger.getLogger(SecurityHelper.class);
    private static Set<String> dsaAlgorithmURIs = new HashSet();

    private SecurityHelper() {
    }

    @Deprecated
    public static String getKeyAlgorithmFromURI(String str) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(JCEMapper.getJCEKeyAlgorithmFromURI(str));
        if (safeTrimOrNullString != null) {
            return safeTrimOrNullString;
        }
        if (isHMAC(str)) {
            return null;
        }
        if (rsaAlgorithmURIs.contains(str)) {
            return SecurityUtils.DEFAULT_ASYM_ALGORITHM;
        }
        if (dsaAlgorithmURIs.contains(str)) {
            return "DSA";
        }
        if (ecdsaAlgorithmURIs.contains(str)) {
            return "ECDSA";
        }
        return null;
    }

    public static boolean isHMAC(String str) {
        return ApacheXMLSecurityConstants.ALGO_CLASS_MAC.equals(DatatypeHelper.safeTrimOrNullString(JCEMapper.getAlgorithmClassFromURI(str)));
    }

    public static PrivateKey decodePrivateKey(byte[] bArr, char[] cArr) throws KeyException {
        try {
            return new PKCS8Key(bArr, cArr).getPrivateKey();
        } catch (GeneralSecurityException e) {
            throw new KeyException("Unable to decode private key", e);
        }
    }

    public static PublicKey derivePublicKey(PrivateKey privateKey) throws KeyException {
        if (privateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
            DSAParams params = dSAPrivateKey.getParams();
            try {
                return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(params.getQ().modPow(dSAPrivateKey.getX(), params.getP()), params.getP(), params.getQ(), params.getG()));
            } catch (GeneralSecurityException e) {
                throw new KeyException("Unable to derive public key from DSA private key", e);
            }
        }
        if (!(privateKey instanceof RSAPrivateCrtKey)) {
            throw new KeyException("Private key was not a DSA or RSA key");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        try {
            return KeyFactory.getInstance(SecurityUtils.DEFAULT_ASYM_ALGORITHM).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (GeneralSecurityException e2) {
            throw new KeyException("Unable to derive public key from RSA private key", e2);
        }
    }

    public static Integer getKeyLength(Key key) {
        if ((key instanceof SecretKey) && "RAW".equals(key.getFormat())) {
            return Integer.valueOf(key.getEncoded().length * 8);
        }
        log.debug("Unable to determine length in bits of specified Key instance");
        return null;
    }

    static {
        dsaAlgorithmURIs.add("http://www.w3.org/2000/09/xmldsig#dsa-sha1");
        ecdsaAlgorithmURIs = new HashSet();
        ecdsaAlgorithmURIs.add(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
        rsaAlgorithmURIs = new HashSet();
        rsaAlgorithmURIs.add("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160");
        rsaAlgorithmURIs.add("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
    }
}
