package pro.javacard;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

/* loaded from: input_file:pro/javacard/CAPFileSigner.class */
public class CAPFileSigner {
    static final ECParameterSpec secp256r1;

    public static void addSignature(CAPFile cAPFile, PrivateKey privateKey) throws GeneralSecurityException {
        if (privateKey instanceof RSAPrivateKey) {
            if ((((RSAPrivateKey) privateKey).getModulus().bitLength() + 7) / 8 == 128) {
                Signature signature = Signature.getInstance("SHA1withRSA");
                signature.initSign(privateKey);
                signature.update(cAPFile.getLoadFileDataHash("SHA1"));
                cAPFile.entries.put("META-INF/dap.rsa.sha1", signature.sign());
                signature.initSign(privateKey);
                signature.update(cAPFile.getLoadFileDataHash("SHA-256"));
                cAPFile.entries.put("META-INF/dap.rsa.sha256", signature.sign());
                return;
            }
        } else if ((privateKey instanceof ECPrivateKey) && ((ECPrivateKey) privateKey).getParams().equals(secp256r1)) {
            Signature signature2 = Signature.getInstance("SHA256withECDSA");
            signature2.initSign(privateKey);
            signature2.update(cAPFile.getLoadFileDataHash("SHA-1"));
            cAPFile.entries.put("META-INF/dap.p256.sha1", signature2.sign());
            signature2.initSign(privateKey);
            signature2.update(cAPFile.getLoadFileDataHash("SHA-256"));
            cAPFile.entries.put("META-INF/dap.p256.sha256", signature2.sign());
            return;
        }
        throw new IllegalArgumentException("Only 1024 bit RSA and P256 EC keys are supported!");
    }

    public static PrivateKey pem2privatekey(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            PEMParser pEMParser = new PEMParser(new InputStreamReader(fileInputStream, "UTF-8"));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PEMKeyPair) {
                    PrivateKey privateKey = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) readObject).getPrivate();
                    pEMParser.close();
                    fileInputStream.close();
                    return privateKey;
                }
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new IllegalArgumentException("Can not read PEM");
                }
                PrivateKey privateKey2 = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) readObject);
                pEMParser.close();
                fileInputStream.close();
                return privateKey2;
            } finally {
            }
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
            secp256r1 = ((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams();
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Can not generate key for parameter extraction!");
        }
    }
}
