package org.apache.tsik.xmlsig.tools;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import org.apache.tsik.datatypes.Base64;
import org.apache.tsik.domutil.DOMCursor;
import org.apache.tsik.domutil.DOMWriteCursor;
import org.apache.tsik.resource.ResourceFactory;
import org.apache.tsik.resource.XMLResource;
import org.apache.tsik.util.Namespaces;
import org.apache.tsik.xmlsig.KeyInfo;
import org.apache.tsik.xmlsig.elements.DSAKeyValue;
import org.apache.tsik.xpath.XPath;
import org.apache.tsik.xpath.XPathException;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/tsik/xmlsig/tools/KeyConverter.class */
public class KeyConverter {
    private static final String DIGSIG_PREFIX = "ds";
    private static final String XKMS_PREFIX = "xkms";
    private static boolean DEBUG = false;
    private static final String DIGSIG_NS = Namespaces.XMLSIG.getUri();
    private static final String XKMS_NS = Namespaces.XKMS.getUri();
    private static final XMLResource xmlres = ResourceFactory.getXMLResource();

    private KeyConverter() {
    }

    public static PublicKey keyInfoToPublicKey(Document document, XPath xPath) throws GeneralSecurityException, XPathException {
        DOMCursor dOMCursor = new DOMCursor(document);
        if (dOMCursor.moveToXPath(xPath)) {
            return KeyInfo.fromXML(dOMCursor).getKeyValue();
        }
        throw new XPathException(new StringBuffer().append("'").append(xPath.getXPath()).append("'").append(" evaluates to nothing").toString());
    }

    public static PrivateKey keyInfoToPrivateKey(Document document, XPath xPath) throws GeneralSecurityException, XPathException {
        DOMCursor dOMCursor = new DOMCursor(document);
        if (!dOMCursor.moveToXPath(xPath)) {
            throw new XPathException(new StringBuffer().append("'").append(xPath.getXPath()).append("'").append(" evaluates to nothing").toString());
        }
        if (DSAKeyValue.isAnElementIn(dOMCursor)) {
            return DSAKeyValue.fromXml(dOMCursor).generateDsaPrivateKey();
        }
        PrivateKey newKeyInfoToPrivateKey = newKeyInfoToPrivateKey(dOMCursor);
        if (newKeyInfoToPrivateKey == null) {
            try {
                newKeyInfoToPrivateKey = oldKeyInfoToPrivateKey(dOMCursor);
            } catch (InvalidKeySpecException e) {
                throw new InvalidKeyException(e.toString());
            }
        }
        if (newKeyInfoToPrivateKey == null) {
            throw new XPathException(new StringBuffer().append("No recognized key at: ").append(xPath).toString());
        }
        return newKeyInfoToPrivateKey;
    }

    public static Document publicKeyToKeyInfo(PublicKey publicKey) {
        ResourceFactory.getXMLResource().createDocument();
        DOMWriteCursor dOMWriteCursor = new DOMWriteCursor();
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.setKeyValue(publicKey);
        keyInfo.toXML(dOMWriteCursor, false);
        return dOMWriteCursor.getDocument();
    }

    public static Document privateKeyToKeyInfo(PrivateKey privateKey) {
        Document createDocument = ResourceFactory.getXMLResource().createDocument();
        if (!(privateKey instanceof DSAPrivateKey)) {
            return privateKeyToNewKeyInfo(privateKey);
        }
        new DSAKeyValue((DSAPrivateKey) privateKey).toXml(new DOMWriteCursor(createDocument));
        return createDocument;
    }

    public static X509Certificate keyInfoToCertificate(Document document, XPath xPath) throws GeneralSecurityException, XPathException {
        DOMCursor dOMCursor = new DOMCursor(document);
        if (dOMCursor.moveToXPath(xPath)) {
            return KeyInfo.fromXML(dOMCursor).getCertificate();
        }
        throw new XPathException(new StringBuffer().append("'").append(xPath.getXPath()).append("'").append(" evaluates to nothing").toString());
    }

    public static Document certificateToKeyInfo(X509Certificate x509Certificate) throws GeneralSecurityException, XPathException {
        DOMWriteCursor dOMWriteCursor = new DOMWriteCursor();
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.setCertificate(x509Certificate);
        keyInfo.toXML(dOMWriteCursor, false);
        return dOMWriteCursor.getDocument();
    }

    private static Document privateKeyToNewKeyInfo(PrivateKey privateKey) {
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        DOMWriteCursor addUnder = new DOMWriteCursor().addUnder(DIGSIG_NS, DIGSIG_PREFIX, org.apache.tsik.xmlsig.elements.KeyInfo.name).addUnder(DIGSIG_NS, DIGSIG_PREFIX, "KeyValue").addUnder(XKMS_NS, XKMS_PREFIX, "RSAKeyPair");
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "Modulus"), rSAPrivateCrtKey.getModulus());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "PublicExponent"), rSAPrivateCrtKey.getPublicExponent());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "PrivateExponent"), rSAPrivateCrtKey.getPrivateExponent());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "P"), rSAPrivateCrtKey.getPrimeP());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "Q"), rSAPrivateCrtKey.getPrimeQ());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "DP"), rSAPrivateCrtKey.getPrimeExponentP());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "DQ"), rSAPrivateCrtKey.getPrimeExponentQ());
        setBigInt(addUnder.addUnder(XKMS_NS, XKMS_PREFIX, "QINV"), rSAPrivateCrtKey.getCrtCoefficient());
        return addUnder.getDocument();
    }

    private static PrivateKey newKeyInfoToPrivateKey(DOMCursor dOMCursor) throws GeneralSecurityException {
        if (!dOMCursor.moveToXPath(new XPath("ds:KeyValue/xkms:RSAKeyPair", new String[]{DIGSIG_PREFIX, DIGSIG_NS, XKMS_PREFIX, XKMS_NS}))) {
            return null;
        }
        BigInteger bigInteger = null;
        BigInteger bigInteger2 = null;
        BigInteger bigInteger3 = null;
        BigInteger bigInteger4 = null;
        BigInteger bigInteger5 = null;
        BigInteger bigInteger6 = null;
        BigInteger bigInteger7 = null;
        BigInteger bigInteger8 = null;
        boolean moveToChild = dOMCursor.moveToChild(1);
        while (moveToChild) {
            if (dOMCursor.atElement(XKMS_NS, "Modulus")) {
                bigInteger = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "PublicExponent")) {
                bigInteger2 = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "PrivateExponent")) {
                bigInteger3 = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "P")) {
                bigInteger4 = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "Q")) {
                bigInteger5 = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "DP")) {
                bigInteger6 = getBigInt(dOMCursor);
            } else if (dOMCursor.atElement(XKMS_NS, "DQ")) {
                bigInteger7 = getBigInt(dOMCursor);
            } else {
                if (!dOMCursor.atElement(XKMS_NS, "QINV")) {
                    throw new InvalidKeyException(new StringBuffer().append("Unknown element at ").append(dOMCursor).toString());
                }
                bigInteger8 = getBigInt(dOMCursor);
            }
            moveToChild = dOMCursor.moveToSibling(1);
        }
        if (bigInteger == null || bigInteger2 == null || bigInteger3 == null || bigInteger4 == null || bigInteger5 == null || bigInteger6 == null || bigInteger7 == null || bigInteger8 == null) {
            throw new InvalidKeyException("Require all private key elements: Modulus, PublicExponent, PrivateExponent, P, Q, DP, DQ, QINV");
        }
        return KeyFactory.getInstance("rsa").generatePrivate(new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, bigInteger3, bigInteger4, bigInteger5, bigInteger6, bigInteger7, bigInteger8));
    }

    private static Document privateKeyToOldKeyInfo(PrivateKey privateKey) {
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        DOMWriteCursor addUnder = new DOMWriteCursor().addUnder(DIGSIG_NS, DIGSIG_PREFIX, org.apache.tsik.xmlsig.elements.KeyInfo.name).addUnder(DIGSIG_NS, DIGSIG_PREFIX, "KeyValue").addUnder(DIGSIG_NS, DIGSIG_PREFIX, "RSAKeyValue");
        setBigInt(addUnder.addUnder(DIGSIG_NS, DIGSIG_PREFIX, "Modulus"), rSAPrivateCrtKey.getModulus());
        setBigInt(addUnder.addUnder(DIGSIG_NS, DIGSIG_PREFIX, "Exponent"), rSAPrivateCrtKey.getPrivateExponent());
        return addUnder.getDocument();
    }

    private static PrivateKey oldKeyInfoToPrivateKey(DOMCursor dOMCursor) throws InvalidKeySpecException, GeneralSecurityException {
        if (!dOMCursor.moveToXPath(new XPath("ds:KeyValue/ds:RSAKeyValue", new String[]{DIGSIG_PREFIX, DIGSIG_NS}))) {
            return null;
        }
        BigInteger bigInteger = null;
        BigInteger bigInteger2 = null;
        boolean moveToChild = dOMCursor.moveToChild(1);
        while (moveToChild) {
            if (dOMCursor.atElement(DIGSIG_NS, "Modulus")) {
                bigInteger = getBigInt(dOMCursor);
            } else {
                if (!dOMCursor.atElement(DIGSIG_NS, "Exponent")) {
                    throw new InvalidKeyException(new StringBuffer().append("Unknown element at ").append(dOMCursor).toString());
                }
                bigInteger2 = getBigInt(dOMCursor);
            }
            moveToChild = dOMCursor.moveToSibling(1);
        }
        if (bigInteger == null || bigInteger2 == null) {
            throw new InvalidKeyException("Require all private key elements: Modulus, Exponent");
        }
        return KeyFactory.getInstance("rsa").generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger2));
    }

    private static BigInteger getBigInt(DOMCursor dOMCursor) throws InvalidKeyException {
        String text = dOMCursor.getText();
        if (text.length() == 0) {
            throw new InvalidKeyException(new StringBuffer().append("Empty value at ").append(dOMCursor).toString());
        }
        return new BigInteger(1, Base64.decode(text));
    }

    private static void setBigInt(DOMWriteCursor dOMWriteCursor, BigInteger bigInteger) {
        dOMWriteCursor.setText(Base64.encode(bigInteger.toByteArray()));
    }

    private static void usage() {
        System.err.println("usage: java org.apache.tsik.xmlsig.tools.KeyConverter\n   pr2k Pkcs8Private    > KeyInfo\n | pu2k X509Public      > KeyInfo\n | c2k  X509Cert        > KeyInfo\n | k2pr KeyInfo [XPath] > Pkcs8Private\n | k2pu KeyInfo [XPath] > X509Public\n | k2c  KeyInfo [XPath] > X509Cert");
        System.exit(2);
    }

    public static void main(String[] strArr) {
        PrivateKey generatePrivate;
        if (strArr.length < 2) {
            usage();
        }
        try {
            String str = strArr[0];
            FileInputStream fileInputStream = new FileInputStream(strArr[1]);
            XPath xPath = new XPath(strArr.length > 2 ? strArr[2] : "/*");
            PrintStream printStream = System.out;
            if (str.equals("pr2k")) {
                byte[] bArr = new byte[fileInputStream.available()];
                fileInputStream.read(bArr);
                PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
                try {
                    generatePrivate = KeyFactory.getInstance("rsa").generatePrivate(pKCS8EncodedKeySpec);
                } catch (InvalidKeySpecException e) {
                    generatePrivate = KeyFactory.getInstance("dsa").generatePrivate(pKCS8EncodedKeySpec);
                }
                fileInputStream.close();
                xmlres.publish(privateKeyToKeyInfo(generatePrivate), (OutputStream) printStream);
            }
            if (str.equals("pr2ok")) {
                byte[] bArr2 = new byte[fileInputStream.available()];
                fileInputStream.read(bArr2);
                PrivateKey generatePrivate2 = KeyFactory.getInstance("rsa").generatePrivate(new PKCS8EncodedKeySpec(bArr2));
                fileInputStream.close();
                xmlres.publish(privateKeyToOldKeyInfo(generatePrivate2), (OutputStream) printStream);
            } else if (str.equals("pu2k")) {
                PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream)).getPublicKey();
                fileInputStream.close();
                xmlres.publish(publicKeyToKeyInfo(publicKey), (OutputStream) printStream);
            } else if (str.equals("k2pu")) {
                printStream.write(keyInfoToPublicKey(xmlres.parseXML((InputStream) fileInputStream, false), xPath).getEncoded());
            } else if (str.equals("k2pr")) {
                try {
                    byte[] encoded = keyInfoToPrivateKey(xmlres.parseXML((InputStream) fileInputStream, false), xPath).getEncoded();
                    if (encoded != null) {
                        printStream.write(encoded);
                    } else {
                        System.err.println("Can't get encoded private key");
                    }
                } catch (Exception e2) {
                    System.err.println(new StringBuffer().append("Can't get encoded private key: ").append(e2).toString());
                }
            } else if (str.equals("c2k")) {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                fileInputStream.close();
                xmlres.publish(certificateToKeyInfo(x509Certificate), (OutputStream) printStream);
            } else if (str.equals("k2c")) {
                printStream.write(keyInfoToCertificate(xmlres.parseXML((InputStream) fileInputStream, false), xPath).getEncoded());
            } else {
                System.err.println(new StringBuffer().append("Don't know what to do with ").append(str).toString());
                usage();
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            usage();
        }
    }
}
