package pt.unl.fct.di.novasys.babel.internal.security;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.X500NameStyle;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import pt.unl.fct.di.novasys.babel.core.BabelSecurity;
import pt.unl.fct.di.novasys.babel.core.security.IdFromCertExtractor;
import pt.unl.fct.di.novasys.babel.core.security.SimpleIdentityGenerator;

/* loaded from: classes5.dex */
public class BabelCredentialHandler implements SimpleIdentityGenerator, IdFromCertExtractor {
    private static final int DEFAULT_VALID_CERT_DAYS = 365;
    public static final X500NameStyle CERT_X500_NAME_STYLE = RFC4519Style.INSTANCE;
    public static final ASN1ObjectIdentifier X500_PEER_ID_OID = BCStyle.UNIQUE_IDENTIFIER;

    private static Date calculateDate(int i) {
        return new Date(((System.currentTimeMillis() / 1000) + (i * 86400)) * 1000);
    }

    private X509Certificate createSelfSignedX509Certificate(KeyPair keyPair, String str, int i) throws NoSuchAlgorithmException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        BabelSecurity babelSecurity = BabelSecurity.getInstance();
        X500Name x500Name = new X500Name(CERT_X500_NAME_STYLE, new X500NameBuilder(BCStyle.INSTANCE).addRDN(X500_PEER_ID_OID, str).build());
        try {
            return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(new JcaX509v1CertificateBuilder(x500Name, new BigInteger(64, babelSecurity.getSecureRandom()), calculateDate(0), calculateDate(i), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder(BabelSecurity.getInstance().getSignatureAlgorithmFor(keyPair.getPublic().getAlgorithm())).setProvider(bouncyCastleProvider).setSecureRandom(babelSecurity.getSecureRandom()).build(keyPair.getPrivate())));
        } catch (CertificateException | OperatorCreationException e) {
            throw new AssertionError(e);
        }
    }

    @Override // pt.unl.fct.di.novasys.babel.core.security.IdFromCertExtractor
    public byte[] extractIdentity(Certificate certificate) throws CertificateException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertificateException("Only knows how to extract id from X509 certificates.");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        String withoutEscapeBackslashes = PeerIdEncoder.withoutEscapeBackslashes(IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(X500_PEER_ID_OID)[0].getFirst().getValue()));
        byte[] fromPublicKey = PeerIdEncoder.fromPublicKey(x509Certificate.getPublicKey());
        String encodeToString = PeerIdEncoder.encodeToString(fromPublicKey);
        if (withoutEscapeBackslashes.equals(encodeToString)) {
            return fromPublicKey;
        }
        throw new CertificateException("Id in certificate didn't match id derived from public key. Expected: %s Got: %s".formatted(encodeToString, withoutEscapeBackslashes));
    }

    @Override // pt.unl.fct.di.novasys.babel.core.security.IdentityGenerator
    public KeyStore.PrivateKeyEntry generateCredentials(KeyPair keyPair) throws NoSuchAlgorithmException {
        return new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{createSelfSignedX509Certificate(keyPair, PeerIdEncoder.stringFromPublicKey(keyPair.getPublic()), DEFAULT_VALID_CERT_DAYS)});
    }
}
