package de.osci.osci12.encryption;

import de.osci.osci12.common.Constants;
import de.osci.osci12.common.DialogHandler;
import de.osci.osci12.messagetypes.OSCIMessage;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/osci/osci12/encryption/Crypto.class */
public class Crypto {
    private static final Log LOG = LogFactory.getLog(OSCIMessage.class);
    private static String hex = "0123456789abcdef";

    public static boolean isWeak(Date date, X509Certificate x509Certificate) {
        return isWeak(date, x509Certificate.getPublicKey().getAlgorithm(), getKeySize(x509Certificate));
    }

    public static boolean isWeak(Date date, String str, int i) {
        if (date == null) {
            date = Constants.ACTUAL_DATE;
        }
        if (str.equals("EC")) {
            if (i >= 224) {
                return false;
            }
            LOG.info("Signature key (EC) has insufficient key size: " + i);
            return true;
        }
        if (i < 1024) {
            LOG.info("Signature key (RSA) has insufficient key size: " + i);
            return true;
        }
        if (i < 2048 && !date.before(Constants.OUT_DATE_KEYSIZE_1024)) {
            LOG.info("Signature key (RSA) has insufficient key size: " + i);
            return true;
        }
        if (i <= 2048) {
            return false;
        }
        LOG.info("Signature key (RSA) has sufficient key size (no out date defined yet): " + i);
        return false;
    }

    public static SecretKey createSymKey(String str) throws NoSuchAlgorithmException {
        String str2 = Constants.JCA_JCE_MAP.get(str);
        KeyGenerator keyGenerator = DialogHandler.getSecurityProvider() == null ? KeyGenerator.getInstance(str2.substring(0, str2.indexOf(47))) : KeyGenerator.getInstance(str2.substring(0, str2.indexOf(47)), DialogHandler.getSecurityProvider());
        if (str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_AES128)) {
            keyGenerator.init(OSCIMessage.RESPONSE_TO_MEDIATE_DELIVERY);
        } else if (str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_AES192)) {
            keyGenerator.init(192);
        } else if (str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_AES256)) {
            keyGenerator.init(OSCIMessage.SOAP_MESSAGE_ENCRYPTED);
        } else if (str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_AES128_GCM)) {
            keyGenerator.init(OSCIMessage.RESPONSE_TO_MEDIATE_DELIVERY);
        } else if (str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_AES192_GCM)) {
            keyGenerator.init(192);
        } else if (str.equals("http://www.w3.org/2009/xmlenc11#aes256-gcm")) {
            keyGenerator.init(OSCIMessage.SOAP_MESSAGE_ENCRYPTED);
        }
        return keyGenerator.generateKey();
    }

    public static SecretKey createSymKey(byte[] bArr, String str) {
        String str2 = Constants.JCA_JCE_MAP.get(str);
        return new SecretKeySpec(bArr, str2.substring(0, str2.indexOf(47)));
    }

    public static String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hex.charAt((bArr[i] >> 4) & 15));
            stringBuffer.append(hex.charAt(bArr[i] & 15));
        }
        return stringBuffer.toString();
    }

    public static byte[] doRSAEncryption(X509Certificate x509Certificate, Key key) throws OSCICipherException, NoSuchAlgorithmException {
        return doRSAEncryption(x509Certificate, key, "http://www.w3.org/2009/xmlenc11#rsa-oaep");
    }

    public static byte[] doRSAEncryption(X509Certificate x509Certificate, Key key, String str) throws OSCICipherException, NoSuchAlgorithmException {
        try {
            Cipher cipher = DialogHandler.getSecurityProvider() == null ? Cipher.getInstance(Constants.JCA_JCE_MAP.get(str)) : Cipher.getInstance(Constants.JCA_JCE_MAP.get(str), DialogHandler.getSecurityProvider());
            if ("http://www.w3.org/2009/xmlenc11#rsa-oaep".equals(str)) {
                PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
                String str2 = Constants.JCA_JCE_MAP.get(Constants.DIGEST_ALGORITHM_SHA256);
                if (!Constants.DIGEST_ALGORITHM_RIPEMD160.equals(DialogHandler.getDigestAlgorithm()) && !Constants.DIGEST_ALGORITHM_SHA1.equals(DialogHandler.getDigestAlgorithm())) {
                    str2 = Constants.DIGEST_ALGORITHM_SHA3_256.equals(DialogHandler.getDigestAlgorithm()) ? Constants.JCA_JCE_MAP.get(Constants.DIGEST_ALGORITHM_SHA256) : (Constants.DIGEST_ALGORITHM_SHA3_384.equals(DialogHandler.getDigestAlgorithm()) || Constants.DIGEST_ALGORITHM_SHA3_512.equals(DialogHandler.getDigestAlgorithm())) ? Constants.JCA_JCE_MAP.get(Constants.DIGEST_ALGORITHM_SHA512) : Constants.JCA_JCE_MAP.get(DialogHandler.getDigestAlgorithm());
                }
                cipher.init(3, x509Certificate.getPublicKey(), new OAEPParameterSpec(str2, "MGF1", new MGF1ParameterSpec(str2), pSpecified));
            } else {
                cipher.init(3, x509Certificate);
            }
            return cipher.wrap(key);
        } catch (NoSuchAlgorithmException e) {
            throw e;
        } catch (Exception e2) {
            LOG.warn("Error: ", e2);
            throw new OSCICipherException("encryption_error");
        }
    }

    public static byte[] doRSADecryption(Key key, byte[] bArr) throws OSCICipherException, NoSuchAlgorithmException {
        return doRSADecryption(key, bArr, Constants.ASYMMETRIC_CIPHER_ALGORITHM_RSA_1_5, null, null, null);
    }

    public static byte[] doRSADecryption(Key key, byte[] bArr, String str, String str2, String str3, byte[] bArr2) throws OSCICipherException, NoSuchAlgorithmException {
        MGF1ParameterSpec mGF1ParameterSpec;
        try {
            Cipher cipher = DialogHandler.getSecurityProvider() == null ? Cipher.getInstance(Constants.JCA_JCE_MAP.get(str)) : Cipher.getInstance(Constants.JCA_JCE_MAP.get(str), DialogHandler.getSecurityProvider());
            if (str.equals("http://www.w3.org/2009/xmlenc11#rsa-oaep")) {
                PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
                if (bArr2 != null) {
                    pSpecified = new PSource.PSpecified(bArr2);
                }
                if (str2.equals(Constants.MASK_GENERATION_FUNCTION_1_SHA256)) {
                    mGF1ParameterSpec = new MGF1ParameterSpec("SHA-256");
                } else if (str2.equals(Constants.MASK_GENERATION_FUNCTION_1_SHA384)) {
                    mGF1ParameterSpec = new MGF1ParameterSpec("SHA-384");
                } else {
                    if (!str2.equals(Constants.MASK_GENERATION_FUNCTION_1_SHA512)) {
                        throw new IllegalArgumentException("Unsupported mask generation function " + str2);
                    }
                    mGF1ParameterSpec = new MGF1ParameterSpec("SHA-512");
                }
                cipher.init(2, key, new OAEPParameterSpec(Constants.JCA_JCE_MAP.get(str3), "MGF1", mGF1ParameterSpec, pSpecified));
            } else {
                cipher.init(2, key);
            }
            return cipher.doFinal(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw e;
        } catch (Exception e2) {
            LOG.warn("Error: ", e2);
            throw new OSCICipherException("decryption_error");
        }
    }

    @Deprecated
    public static String getCipherAlgoID(SecretKey secretKey) {
        String str = null;
        if (secretKey.getAlgorithm().equals("DESede")) {
            str = Constants.SYMMETRIC_CIPHER_ALGORITHM_TDES_CBC;
        } else if (secretKey.getAlgorithm().equals("AES")) {
            if (secretKey.getEncoded().length * 8 == 128) {
                str = Constants.SYMMETRIC_CIPHER_ALGORITHM_AES128_GCM;
            } else if (secretKey.getEncoded().length * 8 == 192) {
                str = Constants.SYMMETRIC_CIPHER_ALGORITHM_AES192_GCM;
            } else if (secretKey.getEncoded().length * 8 == 256) {
                str = "http://www.w3.org/2009/xmlenc11#aes256-gcm";
            }
        }
        return str;
    }

    public static long calcSymEncLength(long j, String str) {
        return calcSymEncLength(j, str, 12);
    }

    public static long calcSymEncLength(long j, String str, int i) {
        return str.equals(Constants.SYMMETRIC_CIPHER_ALGORITHM_TDES_CBC) ? 16 + ((j / 8) * 8) : str.endsWith("cbc") ? 32 + ((j / 16) * 16) : (str.endsWith("-gcm") && i == 12) ? 28 + j : 32 + j;
    }

    public static int getKeySize(X509Certificate x509Certificate) {
        return x509Certificate.getPublicKey().getAlgorithm().equals("EC") ? ((ECPublicKey) x509Certificate.getPublicKey()).getParams().getOrder().bitLength() : ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength();
    }

    public static String getDigestMethodForOAEP(X509Certificate x509Certificate, String str) {
        int i = 24;
        if (str.contains("aes")) {
            i = Integer.parseInt(str.substring(str.indexOf("#aes") + 4, str.indexOf("-cbc")));
        }
        int bitLength = ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength();
        String digestAlgorithm = DialogHandler.getDigestAlgorithm();
        if (bitLength < i + 2 + (2 * Integer.parseInt(digestAlgorithm.substring(digestAlgorithm.indexOf("#sha") + 4)))) {
            digestAlgorithm = Constants.DIGEST_ALGORITHM_SHA256;
        }
        return digestAlgorithm;
    }
}
