package io.apigee.trireme.crypto;

import io.apigee.trireme.crypto.algorithms.KeyPairProvider;
import io.apigee.trireme.kernel.crypto.CryptoException;
import io.apigee.trireme.kernel.crypto.CryptoService;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.ServiceLoader;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/apigee/trireme/crypto/CryptoServiceImpl.class */
public class CryptoServiceImpl implements CryptoService {
    public static final String RSA = "RSA";
    public static final String DSA = "DSA";
    private static final Logger log = LoggerFactory.getLogger(CryptoServiceImpl.class);
    private static final Charset ASCII = Charset.forName("ascii");

    public Provider getProvider() {
        return new BouncyCastleProvider();
    }

    public KeyPair readKeyPair(String str, InputStream inputStream, char[] cArr) throws IOException, CryptoException {
        return doReadKeyPair(str, new InputStreamReader(inputStream, ASCII), cArr);
    }

    public KeyPair readKeyPair(String str, String str2, char[] cArr) throws IOException, CryptoException {
        return doReadKeyPair(str, new StringReader(str2), cArr);
    }

    private KeyPair doReadKeyPair(String str, Reader reader, char[] cArr) throws IOException, CryptoException {
        Iterator it = ServiceLoader.load(KeyPairProvider.class).iterator();
        while (it.hasNext()) {
            KeyPairProvider keyPairProvider = (KeyPairProvider) it.next();
            if (keyPairProvider.isSupported(str)) {
                return keyPairProvider.readKeyPair(str, reader, cArr);
            }
        }
        throw new CryptoException("Unsupported key pair algorithm " + str);
    }

    public PublicKey readPublicKey(String str, InputStream inputStream) throws IOException, CryptoException {
        return doReadPublicKey(str, new InputStreamReader(inputStream, ASCII));
    }

    public PublicKey readPublicKey(String str, String str2) throws IOException, CryptoException {
        return doReadPublicKey(str, new StringReader(str2));
    }

    private PublicKey doReadPublicKey(String str, Reader reader) throws IOException, CryptoException {
        Iterator it = ServiceLoader.load(KeyPairProvider.class).iterator();
        while (it.hasNext()) {
            KeyPairProvider keyPairProvider = (KeyPairProvider) it.next();
            if (keyPairProvider.isSupported(str)) {
                return keyPairProvider.readPublicKey(str, reader);
            }
        }
        throw new CryptoException("Unsupported key pair algorithm " + str);
    }

    public X509Certificate readCertificate(InputStream inputStream) throws IOException, CryptoException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (GeneralSecurityException e) {
            throw new CryptoException(e);
        }
    }

    public KeyStore createPemKeyStore() {
        ProviderLoader.get().ensureLoaded();
        try {
            return KeyStore.getInstance(TriremeProvider.ALGORITHM, TriremeProvider.NAME);
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        } catch (NoSuchProviderException e2) {
            throw new AssertionError(e2);
        }
    }

    public byte[] generatePBKDF2(byte[] bArr, byte[] bArr2, int i, int i2) {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA1Digest());
        pKCS5S2ParametersGenerator.init(bArr, bArr2, i);
        return pKCS5S2ParametersGenerator.generateDerivedParameters(i2 * 8).getKey();
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
