package com.kobil.AndroidInterface;

import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.util.Date;
import java.util.Hashtable;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.Time;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.DefaultSignedAttributeTableGenerator;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: classes.dex */
public class StrongBoxHelper {
    private static final String CN_PATTERN = "C=DE, UID=%s, O=KOBIL GmbH, CN=%s";
    private static final String PROVIDER = "AndroidKeyStoreBCWorkaround";
    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";

    public static String generatePKCS10(KeyPair keyPair, String str) {
        Log.i("StrongBoxHandler", "Trying to generate pkcs10 using keypair");
        return generatePKCS10(keyPair.getPublic(), keyPair.getPrivate(), str);
    }

    public static String generatePKCS10(KeyStore.Entry entry, String str) {
        Log.i("StrongBoxHandler", "Trying to generate pkcs10 using keystore entry");
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            return generatePKCS10(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey(), str);
        }
        Log.e("StrongBoxHandler", "Could not generate pkcs10, entry is not a private key entry");
        return null;
    }

    private static String generatePKCS10(PublicKey publicKey, PrivateKey privateKey, String str) {
        String format = String.format(CN_PATTERN, str, str);
        try {
            ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(format), publicKey);
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            return Base64.encodeToString(jcaPKCS10CertificationRequestBuilder.build(build).getEncoded(), 2);
        } catch (OperatorCreationException | IOException e10) {
            Log.e("StrongBoxHandler", "generatePKCS10 " + e10.getMessage());
            return null;
        }
    }

    public static byte[] signPkcs7(KeyStore.Entry entry, String str, String str2, String str3, long j3, byte[] bArr, byte[] bArr2) {
        String str4;
        Log.i("StrongBoxHandler", "Trying to generate CMS using keystore entry");
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
                ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKeyEntry.getPrivateKey());
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                Hashtable hashtable = new Hashtable();
                ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier("1.3.6.1.4.1.14481.109.3.1");
                hashtable.put(aSN1ObjectIdentifier, new Attribute(aSN1ObjectIdentifier, new DERSet(new DERIA5String(str2, true))));
                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier("1.3.6.1.4.1.14481.109.3.2");
                hashtable.put(aSN1ObjectIdentifier2, new Attribute(aSN1ObjectIdentifier2, new DERSet(new DERIA5String(str, true))));
                ASN1ObjectIdentifier aSN1ObjectIdentifier3 = new ASN1ObjectIdentifier("1.3.6.1.4.1.14481.109.3.3");
                hashtable.put(aSN1ObjectIdentifier3, new Attribute(aSN1ObjectIdentifier3, new DERSet(new DERIA5String(str3, true))));
                Attribute attribute = new Attribute(CMSAttributes.signingTime, new DERSet(new Time(new Date(new Timestamp(1000 * j3).getTime()))));
                hashtable.put(attribute.getAttrType(), attribute);
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(hashtable))).build(build, x509Certificate));
                cMSSignedDataGenerator.addCertificate(new X509CertificateHolder(bArr));
                return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr2), true).getEncoded();
            } catch (OperatorCreationException | IOException | CertificateException | CMSException e10) {
                str4 = "signPkcs7 " + e10.getMessage();
            }
        } else {
            str4 = "Could not sign Pkcs7, entry is not a private key entry";
        }
        Log.e("StrongBoxHandler", str4);
        return null;
    }
}
