package de.rub.nds.tlsattacker.core.util;

import de.rub.nds.tlsattacker.core.constants.GOSTCurve;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDHPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDSAPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDhPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDsaPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomECPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomEcPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomRSAPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomRsaPublicKey;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jcajce.provider.asymmetric.ecgost.BCECGOST3410PublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.ecgost12.BCECGOST3410_2012PublicKey;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/util/CertificateUtils.class */
public class CertificateUtils {
    private static final Logger LOGGER = LogManager.getLogger();

    public static CustomPrivateKey parseCustomPrivateKey(PrivateKey privateKey) {
        if (privateKey instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
            return new CustomRSAPrivateKey(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
        }
        if (privateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
            return new CustomDSAPrivateKey(dSAPrivateKey.getX(), dSAPrivateKey.getParams().getP(), dSAPrivateKey.getParams().getQ(), dSAPrivateKey.getParams().getG());
        }
        if (privateKey instanceof DHPrivateKey) {
            DHPrivateKey dHPrivateKey = (DHPrivateKey) privateKey;
            return new CustomDHPrivateKey(dHPrivateKey.getX(), dHPrivateKey.getParams().getP(), dHPrivateKey.getParams().getG());
        }
        if (!(privateKey instanceof ECPrivateKey)) {
            throw new UnsupportedOperationException("This private key is not supporter:" + privateKey.toString());
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
        return new CustomECPrivateKey(eCPrivateKey.getS(), NamedGroup.getNamedGroup(eCPrivateKey));
    }

    public static CustomPublicKey parseCustomPublicKey(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            LOGGER.trace("Found an RSA PublicKey");
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            return new CustomRsaPublicKey(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus());
        }
        if (publicKey instanceof DSAPublicKey) {
            LOGGER.trace("Found a DSA PublicKey");
            DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
            return new CustomDsaPublicKey(dSAPublicKey.getParams().getP(), dSAPublicKey.getParams().getQ(), dSAPublicKey.getParams().getG(), dSAPublicKey.getY());
        }
        if (publicKey instanceof DHPublicKey) {
            LOGGER.trace("Found a DH PublicKey");
            DHPublicKey dHPublicKey = (DHPublicKey) publicKey;
            return new CustomDhPublicKey(dHPublicKey.getParams().getP(), dHPublicKey.getParams().getG(), dHPublicKey.getY());
        }
        if (!(publicKey instanceof ECPublicKey)) {
            throw new UnsupportedOperationException("This public key is not supported:" + publicKey);
        }
        LOGGER.trace("Found an EC PublicKey");
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        NamedGroup namedGroup = NamedGroup.getNamedGroup(eCPublicKey);
        return namedGroup == null ? new CustomEcPublicKey(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY(), GOSTCurve.fromNamedSpec(eCPublicKey.getParams())) : new CustomEcPublicKey(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY(), namedGroup);
    }

    public static PublicKey parsePublicKey(Certificate certificate) {
        try {
            X509Certificate x509Certificate = X509Certificate.getInstance(certificate.getCertificateAt(0).getEncoded());
            PublicKey publicKey = x509Certificate.getPublicKey();
            if ((publicKey instanceof RSAPublicKey) || (publicKey instanceof ECPublicKey) || (publicKey instanceof DSAPublicKey)) {
                return publicKey;
            }
            DLSequence objectAt = new ASN1InputStream(certificate.getCertificateAt(0).getSubjectPublicKeyInfo().toASN1Primitive().getEncoded()).readObject().getObjectAt(0).toASN1Primitive().getObjectAt(1);
            ASN1Integer objectAt2 = objectAt.getObjectAt(0);
            ASN1Integer objectAt3 = objectAt.getObjectAt(1);
            return new CustomDhPublicKey(objectAt2.getPositiveValue(), objectAt3.getPositiveValue(), new BigInteger(1, x509Certificate.getPublicKey().getEncoded()));
        } catch (IOException | ClassCastException | IllegalArgumentException | CertificateException e) {
            LOGGER.warn("Could not extract public key from Certificate!");
            LOGGER.debug(e);
            return null;
        }
    }

    public static ECPrivateKey ecPrivateKeyFromPrivateKey(PrivateKey privateKey) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            return (ECPrivateKey) keyFactory.generatePrivate((ECPrivateKeySpec) keyFactory.getKeySpec(privateKey, ECPrivateKeySpec.class));
        } catch (ClassCastException | IllegalArgumentException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.warn("Could not convert key to EC private key!");
            LOGGER.debug(e);
            return null;
        }
    }

    public static RSAPrivateKey rsaPrivateKeyFromPrivateKey(PrivateKey privateKey) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            return (RSAPrivateKey) keyFactory.generatePrivate((RSAPrivateKeySpec) keyFactory.getKeySpec(privateKey, RSAPrivateKeySpec.class));
        } catch (ClassCastException | IllegalArgumentException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.warn("Could not convert key to EC private key!");
            LOGGER.debug(e);
            return null;
        }
    }

    public static boolean hasDHParameters(Certificate certificate) {
        if (certificate.isEmpty()) {
            return false;
        }
        return certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.dhpublicnumber);
    }

    public static boolean hasECParameters(Certificate certificate) {
        SubjectPublicKeyInfo subjectPublicKeyInfo;
        if (certificate.isEmpty() || (subjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo()) == null) {
            return false;
        }
        return subjectPublicKeyInfo.getAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey);
    }

    public static boolean hasRSAParameters(Certificate certificate) {
        PublicKey parsePublicKey;
        return (certificate.isEmpty() || (parsePublicKey = parsePublicKey(certificate)) == null || !(parsePublicKey instanceof RSAPublicKey)) ? false : true;
    }

    public static boolean hasDsaParameters(Certificate certificate) {
        PublicKey parsePublicKey;
        return (certificate.isEmpty() || (parsePublicKey = parsePublicKey(certificate)) == null || !(parsePublicKey instanceof DSAPublicKey)) ? false : true;
    }

    public static BigInteger extractDsaPublicKey(Certificate certificate) {
        if (hasDsaParameters(certificate)) {
            return ((DSAPublicKey) parsePublicKey(certificate)).getY();
        }
        return null;
    }

    public static BigInteger extractDsaGenerator(Certificate certificate) {
        if (hasDsaParameters(certificate)) {
            return ((DSAPublicKey) parsePublicKey(certificate)).getParams().getG();
        }
        return null;
    }

    public static BigInteger extractDsaPrimeQ(Certificate certificate) {
        if (hasDsaParameters(certificate)) {
            return ((DSAPublicKey) parsePublicKey(certificate)).getParams().getQ();
        }
        return null;
    }

    public static BigInteger extractDsaPrimeP(Certificate certificate) {
        if (hasDsaParameters(certificate)) {
            return ((DSAPublicKey) parsePublicKey(certificate)).getParams().getP();
        }
        return null;
    }

    public static DHPublicKeyParameters extractDHPublicKeyParameters(Certificate certificate) throws IOException {
        if (!hasDHParameters(certificate) || certificate.isEmpty()) {
            return null;
        }
        return PublicKeyFactory.createKey(certificate.getCertificateAt(0).getSubjectPublicKeyInfo());
    }

    public static ECPublicKeyParameters extractECPublicKeyParameters(Certificate certificate) throws IOException {
        SubjectPublicKeyInfo subjectPublicKeyInfo;
        if (!hasECParameters(certificate) || certificate.isEmpty() || (subjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo()) == null) {
            return null;
        }
        return PublicKeyFactory.createKey(subjectPublicKeyInfo);
    }

    public static BigInteger extractRSAModulus(Certificate certificate) throws IOException {
        if (!hasRSAParameters(certificate) || certificate.isEmpty()) {
            return null;
        }
        return ((RSAPublicKey) parsePublicKey(certificate)).getModulus();
    }

    public static BigInteger extractRSAModulus(PrivateKey privateKey) throws IOException {
        if (privateKey instanceof RSAPrivateKey) {
            return ((RSAKey) privateKey).getModulus();
        }
        return null;
    }

    public static BigInteger extractRSAPrivateExponent(PrivateKey privateKey) throws IOException {
        if (privateKey instanceof RSAPrivateKey) {
            return ((RSAPrivateKey) privateKey).getPrivateExponent();
        }
        return null;
    }

    public static BigInteger extractRSAPublicKey(Certificate certificate) throws IOException {
        if (hasRSAParameters(certificate)) {
            return ((RSAPublicKey) parsePublicKey(certificate)).getPublicExponent();
        }
        return null;
    }

    public static BCECGOST3410PublicKey extract01PublicKey(Certificate certificate) throws IOException {
        return new JcaPEMKeyConverter().getPublicKey(certificate.getCertificateAt(0).getSubjectPublicKeyInfo());
    }

    public static BCECGOST3410_2012PublicKey extract12PublicKey(Certificate certificate) throws IOException {
        return new JcaPEMKeyConverter().getPublicKey(certificate.getCertificateAt(0).getSubjectPublicKeyInfo());
    }

    public static boolean hasGOSTParameters(Certificate certificate) {
        if (certificate.isEmpty()) {
            return false;
        }
        return certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_94);
    }

    public static boolean hasGost01EcParameters(Certificate certificate) {
        if (certificate.isEmpty()) {
            return false;
        }
        return certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001);
    }

    public static boolean hasGost12EcParameters(Certificate certificate) {
        if (certificate.isEmpty()) {
            return false;
        }
        ASN1ObjectIdentifier algorithm = certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm();
        return algorithm.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_256) || algorithm.equals(RosstandartObjectIdentifiers.id_tc26_gost_3410_12_512);
    }

    private CertificateUtils() {
    }
}
