package de.gematik.pki.gemlibpki.utils;

import de.gematik.pki.gemlibpki.exception.GemPkiRuntimeException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Base64;
import lombok.Generated;
import lombok.NonNull;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/gematik/pki/gemlibpki/utils/GemLibPkiUtils.class */
public final class GemLibPkiUtils {
    public static PrivateKey convertPrivateKey(@NonNull String str) {
        String str2;
        if (str == null) {
            throw new NullPointerException("privateKeyEncodedStr is marked non-null but is null");
        }
        byte[] decodeFromMimeBase64 = decodeFromMimeBase64(str);
        ASN1ObjectIdentifier algorithm = PrivateKeyInfo.getInstance(decodeFromMimeBase64).getPrivateKeyAlgorithm().getAlgorithm();
        if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
            str2 = "EC";
        } else {
            if (!PKCSObjectIdentifiers.rsaEncryption.equals(algorithm) && !PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algorithm)) {
                throw new GemPkiRuntimeException("Cannot create private key: unsupported algorithm - " + algorithm.getId());
            }
            str2 = "RSA";
        }
        try {
            return KeyFactory.getInstance(str2).generatePrivate(new PKCS8EncodedKeySpec(decodeFromMimeBase64));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new GemPkiRuntimeException(e);
        }
    }

    public static byte[] readContent(Path path) {
        try {
            return Files.readAllBytes(path);
        } catch (IOException e) {
            throw new GemPkiRuntimeException("Cannot read path: " + path, e);
        }
    }

    public static byte[] certToBytes(@NonNull X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("certificate is marked non-null but is null");
        }
        try {
            return x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new GemPkiRuntimeException("Cannot convert certificate to bytes.", e);
        }
    }

    public static byte[] calculateSha256(byte[] bArr) {
        return calculateSha(bArr, new SHA256Digest().getAlgorithmName());
    }

    public static byte[] calculateSha1(byte[] bArr) {
        return calculateSha(bArr, new SHA1Digest().getAlgorithmName());
    }

    public static byte[] calculateSha(byte[] bArr, String str) {
        try {
            return MessageDigest.getInstance(str).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new GemPkiRuntimeException(str + " - signaturalgorithmus nicht unterstützt.", e);
        }
    }

    public static void setBouncyCastleProvider() {
        Security.removeProvider("BC");
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    public static ZonedDateTime now() {
        return ZonedDateTime.now(ZoneOffset.UTC);
    }

    public static String toMimeBase64NoLineBreaks(X509Certificate x509Certificate) {
        return toMimeBase64NoLineBreaks(certToBytes(x509Certificate));
    }

    public static String toMimeBase64NoLineBreaks(byte[] bArr) {
        return Base64.getMimeEncoder(-1, new byte[0]).encodeToString(bArr);
    }

    public static byte[] decodeFromMimeBase64(String str) {
        return Base64.getMimeDecoder().decode(str);
    }

    public static void changeLast4Bytes(byte[] bArr) {
        change4Bytes(bArr, bArr.length);
    }

    public static void change4Bytes(byte[] bArr, int i) {
        for (int i2 = 1; i2 <= 4; i2++) {
            int i3 = i - i2;
            bArr[i3] = (byte) (bArr[i3] ^ 1);
        }
    }

    @Generated
    private GemLibPkiUtils() {
    }
}
