package com.cedarsoft.crypt;

import java.io.DataInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.inject.Inject;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/cedarsoft/crypt/X509Support.class */
public class X509Support {

    @Nonnull
    public static final String RSA = "RSA";

    @Nonnull
    public static final String SHA_256_WITH_RSA = "SHA256withRSA";

    @Nonnull
    public static final String X_509_CERTIFICATE_TYPE = "X.509";

    @Nonnull
    private final X509Certificate certificate;

    @Nullable
    private final RSAPrivateKey privateKey;

    public X509Support(@Nonnull URL url) throws IOException, GeneralSecurityException {
        this(url, (URL) null);
    }

    @Inject
    public X509Support(@Nonnull @CertificateUrl URL url, @PrivateKeyUrl @Nullable URL url2) throws IOException, GeneralSecurityException {
        this(readCertificate(url), readPrivateKey(url2));
    }

    public X509Support(@Nonnull X509Certificate x509Certificate) {
        this(x509Certificate, (RSAPrivateKey) null);
    }

    public X509Support(@Nonnull X509Certificate x509Certificate, @Nullable RSAPrivateKey rSAPrivateKey) {
        this.certificate = x509Certificate;
        this.privateKey = rSAPrivateKey;
    }

    public boolean isPrivateKeyAvailable() {
        return this.privateKey != null;
    }

    @Nonnull
    public byte[] cipher(@Nonnull byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(RSA);
        cipher.init(1, getPrivateKey());
        return cipher.doFinal(bArr);
    }

    @Nonnull
    public byte[] decipher(@Nonnull byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(RSA);
        cipher.init(2, this.certificate);
        return cipher.doFinal(bArr);
    }

    @Nonnull
    public Signature sign(@Nonnull byte[] bArr) throws GeneralSecurityException {
        java.security.Signature signature = java.security.Signature.getInstance(SHA_256_WITH_RSA);
        signature.initSign(getPrivateKey());
        signature.update(bArr);
        return new Signature(signature.sign());
    }

    public boolean verifySignature(@Nonnull byte[] bArr, @Nonnull Signature signature) throws GeneralSecurityException {
        java.security.Signature signature2 = java.security.Signature.getInstance(SHA_256_WITH_RSA);
        signature2.initVerify(this.certificate);
        signature2.update(bArr);
        return signature2.verify(signature.getBytes());
    }

    @Nonnull
    public X509Certificate getCertificate() {
        return this.certificate;
    }

    @Nonnull
    public RSAPrivateKey getPrivateKey() {
        if (this.privateKey == null) {
            throw new IllegalStateException("Private key not avaible");
        }
        return this.privateKey;
    }

    @Nullable
    public static RSAPrivateKey readPrivateKey(@Nullable URL url) throws IOException, GeneralSecurityException {
        if (url == null) {
            return null;
        }
        DataInputStream dataInputStream = new DataInputStream(url.openStream());
        try {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance(RSA).generatePrivate(new PKCS8EncodedKeySpec(IOUtils.toByteArray(dataInputStream)));
            dataInputStream.close();
            return rSAPrivateKey;
        } catch (Throwable th) {
            dataInputStream.close();
            throw th;
        }
    }

    @Nonnull
    public static X509Certificate readCertificate(@Nonnull URL url) throws IOException, GeneralSecurityException {
        DataInputStream dataInputStream = new DataInputStream(url.openStream());
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(X_509_CERTIFICATE_TYPE).generateCertificate(dataInputStream);
            x509Certificate.checkValidity();
            dataInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            dataInputStream.close();
            throw th;
        }
    }
}
