package ch.admin.bj.swiyu.didtoolbox;

import io.ipfs.multibase.Base58;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.NamedParameterSpec;
import java.util.Arrays;
import java.util.Random;
import java.util.Set;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:ch/admin/bj/swiyu/didtoolbox/Ed25519VerificationMethodKeyProviderImpl.class */
public class Ed25519VerificationMethodKeyProviderImpl implements VerificationMethodKeyProvider {
    private static final String DEFAULT_JCE_PROVIDER_NAME = "BC";
    protected final KeyPair keyPair;
    protected Provider provider;

    public Ed25519VerificationMethodKeyProviderImpl(KeyPair keyPair) {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        this.keyPair = keyPair;
        sanityCheck();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Ed25519VerificationMethodKeyProviderImpl(KeyPair keyPair, Provider provider) {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        this.keyPair = keyPair;
        if (provider != null) {
            this.provider = provider;
        }
        if (this.provider == null) {
            throw new RuntimeException("No default JCE provider installed: BC");
        }
        sanityCheck();
    }

    private Ed25519VerificationMethodKeyProviderImpl(Ed25519VerificationMethodKeyProviderImpl ed25519VerificationMethodKeyProviderImpl) {
        this(ed25519VerificationMethodKeyProviderImpl.keyPair, ed25519VerificationMethodKeyProviderImpl.provider);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Ed25519VerificationMethodKeyProviderImpl() {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("Ed25519");
            keyPairGenerator.initialize(NamedParameterSpec.ED25519);
            this.keyPair = keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public Ed25519VerificationMethodKeyProviderImpl(InputStream inputStream, String str, String str2, String str3) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, UnrecoverableEntryException, KeyException {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        KeyStore keyStore = KeyStore.getInstance("PKCS12", this.provider);
        keyStore.load(inputStream, str.toCharArray());
        Ed25519VerificationMethodKeyProviderImpl createFromKeyStore = createFromKeyStore(keyStore, str2, str3);
        this.keyPair = createFromKeyStore.keyPair;
        this.provider = createFromKeyStore.provider;
    }

    public Ed25519VerificationMethodKeyProviderImpl(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, KeyException {
        this(createFromKeyStore(keyStore, str, str2));
    }

    public Ed25519VerificationMethodKeyProviderImpl(File file, File file2) throws IOException, InvalidKeySpecException {
        this(new FileReader(file), new FileReader(file2));
    }

    public Ed25519VerificationMethodKeyProviderImpl(Reader reader, Reader reader2) throws IOException, InvalidKeySpecException {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        this.keyPair = new KeyPair(PemUtils.getPublicKeyEd25519(PemUtils.readPemObject(reader2)), PemUtils.getPrivateKeyEd25519(PemUtils.readPemObject(reader)));
        sanityCheck();
    }

    public Ed25519VerificationMethodKeyProviderImpl(File file, String str) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        this(new FileReader(file), str);
    }

    public Ed25519VerificationMethodKeyProviderImpl(Reader reader, String str) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
        this.provider = Security.getProvider(DEFAULT_JCE_PROVIDER_NAME);
        PrivateKey privateKeyEd25519 = PemUtils.getPrivateKeyEd25519(PemUtils.readPemObject(reader));
        byte[] decode = Base58.decode(str.substring(1));
        ByteBuffer allocate = ByteBuffer.allocate(32);
        allocate.put(Arrays.copyOfRange(decode, decode.length - 32, decode.length));
        this.keyPair = new KeyPair(Ed25519Utils.toPublicKey(allocate.array()), privateKeyEd25519);
        sanityCheck();
    }

    private static Ed25519VerificationMethodKeyProviderImpl createFromKeyStore(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, KeyException {
        if (!keyStore.isKeyEntry(str)) {
            throw new KeyException("The alias does not exist or does not identify a key-related entry: " + str);
        }
        PrivateKey privateKey = str2 != null ? (PrivateKey) keyStore.getKey(str, str2.toCharArray()) : (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            throw new KeyException("The alias does not exist or does not identify a key-related entry: " + str);
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            throw new KeyException("The alias does not exist or does not contain a certificate: " + str);
        }
        return new Ed25519VerificationMethodKeyProviderImpl(new KeyPair(certificate.getPublicKey(), privateKey), keyStore.getProvider());
    }

    protected void sanityCheck() {
        String sb = ((StringBuilder) new Random().ints(48, 123).filter(i -> {
            return (i <= 57 || i >= 65) && (i <= 90 || i >= 97);
        }).limit(1024L).collect(StringBuilder::new, (v0, v1) -> {
            v0.appendCodePoint(v1);
        }, (v0, v1) -> {
            v0.append(v1);
        })).toString();
        if (!verify(sb.getBytes(StandardCharsets.UTF_8), generateSignature(sb.getBytes(StandardCharsets.UTF_8)))) {
            throw new IllegalArgumentException("supplied keys do not match");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writePrivateKeyAsPem(File file) throws IOException {
        if (this.keyPair == null) {
            throw new RuntimeException("This instance features no self-generated key pair.");
        }
        byte[] encoded = this.keyPair.getPrivate().getEncoded();
        if (encoded == null) {
            throw new RuntimeException("The key pair features a private key that does not support encoding");
        }
        PemWriter pemWriter = new PemWriter(new FileWriter(file));
        try {
            pemWriter.writeObject(new PemObject("PRIVATE KEY", encoded));
            pemWriter.close();
            PosixFileAttributeView posixFileAttributeView = (PosixFileAttributeView) Files.getFileAttributeView(file.toPath(), PosixFileAttributeView.class, new LinkOption[0]);
            if (!System.getProperty("os.name").toLowerCase().contains("win") && posixFileAttributeView != null) {
                Files.setPosixFilePermissions(file.toPath(), PosixFilePermissions.fromString("rw-------"));
            } else {
                file.setReadable(true, true);
                file.setWritable(true, true);
            }
        } catch (Throwable th) {
            pemWriter.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writePublicKeyAsPem(File file) throws IOException {
        if (this.keyPair == null) {
            throw new RuntimeException("This instance features no self-generated key pair.");
        }
        byte[] encoded = this.keyPair.getPublic().getEncoded();
        if (encoded == null) {
            throw new RuntimeException("The key pair features a public key that does not support encoding");
        }
        PemWriter pemWriter = new PemWriter(new FileWriter(file));
        try {
            pemWriter.writeObject(new PemObject("PUBLIC KEY", encoded));
            pemWriter.close();
        } catch (Throwable th) {
            pemWriter.close();
            throw th;
        }
    }

    @Override // ch.admin.bj.swiyu.didtoolbox.VerificationMethodKeyProvider
    public String getVerificationKeyMultibase() {
        if (this.keyPair == null) {
            throw new RuntimeException("This instance features no self-generated key pair.");
        }
        byte[] encoded = this.keyPair.getPublic().getEncoded();
        if (encoded != null) {
            return Ed25519Utils.encodeMultibase(encoded);
        }
        throw new RuntimeException("The public key does not support encoding");
    }

    @Override // ch.admin.bj.swiyu.didtoolbox.VerificationMethodKeyProvider
    public byte[] generateSignature(byte[] bArr) {
        if (this.provider == null) {
            throw new RuntimeException("The JCE provider must be already set for an instance of class: " + getClass().getName());
        }
        if (this.keyPair == null) {
            throw new RuntimeException("This instance features no self-generated key pair.");
        }
        try {
            Signature signature = Signature.getInstance("EdDSA", this.provider);
            signature.initSign(this.keyPair.getPrivate());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // ch.admin.bj.swiyu.didtoolbox.VerificationMethodKeyProvider
    public boolean isKeyMultibaseInSet(Set<String> set) {
        return set.contains(getVerificationKeyMultibase());
    }

    boolean verify(byte[] bArr, byte[] bArr2) {
        if (this.provider == null) {
            throw new RuntimeException("The JCE provider must be already set for an instance of class: " + getClass().getName());
        }
        if (this.keyPair == null) {
            throw new RuntimeException("This instance features no self-generated key pair.");
        }
        try {
            Signature signature = Signature.getInstance("EdDSA", this.provider);
            signature.initVerify(this.keyPair.getPublic());
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
