package com.android.verity;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/android/verity/Utils.class */
public class Utils {
    private static final Map<String, String> ID_TO_ALG = new HashMap();
    private static final Map<String, String> ALG_TO_ID = new HashMap();

    private static void loadProviderIfNecessary(String str) {
        if (str == null) {
            return;
        }
        try {
            ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader();
            Constructor<?> constructor = null;
            Constructor<?>[] constructors = (systemClassLoader != null ? systemClassLoader.loadClass(str) : Class.forName(str)).getConstructors();
            int length = constructors.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Constructor<?> constructor2 = constructors[i];
                if (constructor2.getParameterTypes().length == 0) {
                    constructor = constructor2;
                    break;
                }
                i++;
            }
            if (constructor == null) {
                System.err.println("No zero-arg constructor found for " + str);
                System.exit(1);
                return;
            }
            try {
                Object newInstance = constructor.newInstance(new Object[0]);
                if (!(newInstance instanceof Provider)) {
                    System.err.println("Not a Provider class: " + str);
                    System.exit(1);
                }
                Security.insertProviderAt((Provider) newInstance, 1);
            } catch (Exception e) {
                e.printStackTrace();
                System.exit(1);
            }
        } catch (ClassNotFoundException e2) {
            e2.printStackTrace();
            System.exit(1);
        }
    }

    static byte[] pemToDer(String str) throws Exception {
        return Base64.decode(str.replaceAll("^-.*", "").replaceAll("-.*$", ""));
    }

    private static PKCS8EncodedKeySpec decryptPrivateKey(byte[] bArr) throws GeneralSecurityException {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            char[] readPassword = System.console().readPassword("Password for the private key file: ", new Object[0]);
            SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(readPassword));
            Arrays.fill(readPassword, (char) 0);
            Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
            cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
            try {
                return encryptedPrivateKeyInfo.getKeySpec(cipher);
            } catch (InvalidKeySpecException e) {
                System.err.println("Password may be bad.");
                throw e;
            }
        } catch (IOException e2) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey loadDERPrivateKey(byte[] bArr) throws Exception {
        PKCS8EncodedKeySpec decryptPrivateKey = decryptPrivateKey(bArr);
        if (decryptPrivateKey == null) {
            decryptPrivateKey = new PKCS8EncodedKeySpec(bArr);
        }
        return KeyFactory.getInstance(PrivateKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(decryptPrivateKey.getEncoded())).readObject()).getPrivateKeyAlgorithm().getAlgorithm().getId()).generatePrivate(decryptPrivateKey);
    }

    static PrivateKey loadPEMPrivateKey(byte[] bArr) throws Exception {
        return loadDERPrivateKey(pemToDer(new String(bArr)));
    }

    static PrivateKey loadPEMPrivateKeyFromFile(String str) throws Exception {
        return loadPEMPrivateKey(read(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey loadDERPrivateKeyFromFile(String str) throws Exception {
        return loadDERPrivateKey(read(str));
    }

    static PublicKey loadDERPublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    static PublicKey loadPEMPublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(pemToDer(new String(bArr))));
    }

    static PublicKey loadPEMPublicKeyFromFile(String str) throws Exception {
        return loadPEMPublicKey(read(str));
    }

    static PublicKey loadDERPublicKeyFromFile(String str) throws Exception {
        return loadDERPublicKey(read(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate loadPEMCertificate(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static String getSignatureAlgorithm(Key key) throws Exception {
        int fieldSize;
        if (!"EC".equals(key.getAlgorithm())) {
            if ("RSA".equals(key.getAlgorithm())) {
                return "SHA256withRSA";
            }
            throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm());
        }
        KeyFactory keyFactory = KeyFactory.getInstance("EC");
        if (key instanceof PublicKey) {
            fieldSize = ((ECPublicKeySpec) keyFactory.getKeySpec(key, ECPublicKeySpec.class)).getParams().getCurve().getField().getFieldSize();
        } else {
            if (!(key instanceof PrivateKey)) {
                throw new InvalidKeySpecException();
            }
            fieldSize = ((ECPrivateKeySpec) keyFactory.getKeySpec(key, ECPrivateKeySpec.class)).getParams().getCurve().getField().getFieldSize();
        }
        return fieldSize <= 256 ? "SHA256withECDSA" : fieldSize <= 384 ? "SHA384withECDSA" : "SHA512withECDSA";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception {
        String str = ALG_TO_ID.get(getSignatureAlgorithm(key));
        if (str == null) {
            throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm());
        }
        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean verify(PublicKey publicKey, byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier) throws Exception {
        String str = ID_TO_ALG.get(algorithmIdentifier.getAlgorithm().getId());
        if (str == null) {
            throw new IllegalArgumentException("Unsupported algorithm " + algorithmIdentifier.getAlgorithm());
        }
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] sign(PrivateKey privateKey, byte[] bArr) throws Exception {
        Signature signature = Signature.getInstance(getSignatureAlgorithm(privateKey));
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] read(String str) throws Exception {
        File file = new File(str);
        long length = file.length();
        byte[] bArr = new byte[(int) length];
        FileInputStream fileInputStream = new FileInputStream(file);
        for (long j = 0; j < length; j += fileInputStream.read(bArr, (int) j, (int) (length - j))) {
        }
        fileInputStream.close();
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void write(byte[] bArr, String str) throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(bArr);
        fileOutputStream.close();
    }

    static {
        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA");
        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA");
        ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA");
        ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA");
        ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA");
        ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA");
        ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId());
        ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId());
        ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId());
        ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId());
        ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
        ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId());
    }
}
