package com.antfinancial.antchain.baas.crypto;

import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/com/antfinancial/antchain/baas/crypto/GenerateKeyService.class */
public class GenerateKeyService {
    public void writePkcs5(PrivateKey privateKey, String str, OutputStream outputStream) throws Exception {
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStream));
        pemWriter.writeObject(new JcaMiscPEMGenerator(privateKey, new JcePEMEncryptorBuilder("AES-256-CBC").build(str.toCharArray())).generate());
        pemWriter.close();
    }

    public void writePkcs8(PrivateKey privateKey, String str, OutputStream outputStream) throws Exception {
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(outputStream));
        JceOpenSSLPKCS8EncryptorBuilder jceOpenSSLPKCS8EncryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
        jceOpenSSLPKCS8EncryptorBuilder.setRandom(new SecureRandom());
        jceOpenSSLPKCS8EncryptorBuilder.setPasssword(str.toCharArray());
        pemWriter.writeObject(new JcaPKCS8Generator(privateKey, jceOpenSSLPKCS8EncryptorBuilder.build()).generate());
        pemWriter.close();
    }

    public KeyPair generateEncryptedSmPrivateKey(String str, Boolean bool, OutputStream outputStream) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("sm2p256v1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        if (bool.booleanValue()) {
            writePkcs8(generateKeyPair.getPrivate(), str, outputStream);
        } else {
            writePkcs5(generateKeyPair.getPrivate(), str, outputStream);
        }
        return generateKeyPair;
    }

    public KeyPair generateEncryptedEcPrivateKey(String str, Boolean bool, OutputStream outputStream) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("secp256k1");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(parameterSpec, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        if (bool.booleanValue()) {
            writePkcs8(generateKeyPair.getPrivate(), str, outputStream);
        } else {
            writePkcs5(generateKeyPair.getPrivate(), str, outputStream);
        }
        return generateKeyPair;
    }

    public KeyPair generateEncryptedRsaPrivateKey(String str, Boolean bool, OutputStream outputStream) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        if (bool.booleanValue()) {
            writePkcs8(generateKeyPair.getPrivate(), str, outputStream);
        } else {
            writePkcs5(generateKeyPair.getPrivate(), str, outputStream);
        }
        return generateKeyPair;
    }

    public byte[] generateCSR(String str, KeyPair keyPair) throws Exception {
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=client"), keyPair.getPublic()).build(new JcaContentSignerBuilder(str).build(keyPair.getPrivate()));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
        pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", build.getEncoded()));
        pemWriter.close();
        return byteArrayOutputStream.toByteArray();
    }

    public String getPublicKeyString(KeyPair keyPair) throws Exception {
        byte[] bytes = ECPrivateKey.getInstance(PrivateKeyInfo.getInstance(keyPair.getPrivate().getEncoded()).parsePrivateKey()).getPublicKey().getBytes();
        byte[] bArr = new byte[bytes.length - 1];
        System.arraycopy(bytes, 1, bArr, 0, bArr.length);
        return Hex.toHexString(bArr);
    }
}
