package com.koalii.kgsp.core.cert;

import com.koalii.kgsp.bc.asn1.pkcs.PrivateKeyInfo;
import com.koalii.kgsp.bc.asn1.pkcs.RSAPrivateKey;
import com.koalii.kgsp.bc.asn1.pkcs.RSAPublicKey;
import com.koalii.kgsp.bc.cert.X509CertificateHolder;
import com.koalii.kgsp.bc.crypto.params.AsymmetricKeyParameter;
import com.koalii.kgsp.bc.crypto.params.RSAPrivateCrtKeyParameters;
import com.koalii.kgsp.bc.jcajce.provider.asymmetric.rsa.RSAUtil;
import com.koalii.kgsp.bc.openssl.PEMKeyPair;
import com.koalii.kgsp.core.exception.KcErrors;
import com.koalii.kgsp.core.exception.KcException;
import com.koalii.kgsp.core.pkcs.Pkcs8Decryptor;
import com.koalii.kgsp.core.util.PemKeyPairUtil;
import java.security.PrivateKey;

/* loaded from: input_file:com/koalii/kgsp/core/cert/KcRSAKeyStore.class */
public class KcRSAKeyStore extends KcRSACertStore implements KcKeyStore {
    public KcRSAKeyStore() {
    }

    public KcRSAKeyStore(X509CertificateHolder x509CertificateHolder, PrivateKeyInfo privateKeyInfo) throws KcException {
        if (!isKeyMatched(x509CertificateHolder, privateKeyInfo)) {
            throw new KcException(KcErrors.ERROR_CORE_RSA_KEY_UNMATCHED, "rsa cert and private key unmatched");
        }
        this.cert = x509CertificateHolder;
        this.publicKey = KcRSACertStore.parseRsaPublicKey(x509CertificateHolder);
        this.privateKey = parseRsaPrivateKey(privateKeyInfo);
    }

    public KcRSAKeyStore(X509CertificateHolder x509CertificateHolder, AsymmetricKeyParameter asymmetricKeyParameter) throws KcException {
        if (!isKeyMatched(x509CertificateHolder, asymmetricKeyParameter)) {
            throw new KcException(KcErrors.ERROR_CORE_RSA_KEY_UNMATCHED, "rsa cert and private key unmatched");
        }
        this.cert = x509CertificateHolder;
        this.publicKey = KcRSACertStore.parseRsaPublicKey(x509CertificateHolder);
        this.privateKey = asymmetricKeyParameter;
    }

    @Override // com.koalii.kgsp.core.cert.KcKeyStore
    public void setPrivateKey(AsymmetricKeyParameter asymmetricKeyParameter) {
        this.privateKey = asymmetricKeyParameter;
    }

    @Override // com.koalii.kgsp.core.cert.KcKeyStore
    public boolean isKeyMatched() throws KcException {
        return isKeyMatched(this.cert, this.privateKey);
    }

    @Override // com.koalii.kgsp.core.cert.KcKeyStore
    public AsymmetricKeyParameter getPrivateKey() {
        return this.privateKey;
    }

    @Override // com.koalii.kgsp.core.cert.KcKeyStore
    public PrivateKey getJcaPrivateKey() throws KcException {
        return null;
    }

    public static boolean isRsaKey(PrivateKeyInfo privateKeyInfo) {
        return RSAUtil.isRsaOid(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm());
    }

    public static boolean isKeyMatched(RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) throws KcException {
        return rSAPublicKey.getModulus().equals(rSAPrivateKey.getModulus()) && rSAPublicKey.getPublicExponent().equals(rSAPrivateKey.getPublicExponent());
    }

    public static boolean isKeyMatched(X509CertificateHolder x509CertificateHolder, AsymmetricKeyParameter asymmetricKeyParameter) throws KcException {
        if (!KcRSACertStore.isRsaCert(x509CertificateHolder)) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_KEY_ALG, "rsa cert key alg error");
        }
        if (!(asymmetricKeyParameter instanceof RSAPrivateCrtKeyParameters)) {
            throw new KcException(KcErrors.ERROR_CORE_PRIVATE_KEY_ALG, "rsa private key alg error");
        }
        try {
            RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(x509CertificateHolder.getSubjectPublicKeyInfo().parsePublicKey());
            RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = (RSAPrivateCrtKeyParameters) asymmetricKeyParameter;
            return rSAPublicKey.getModulus().equals(rSAPrivateCrtKeyParameters.getModulus()) && rSAPublicKey.getPublicExponent().equals(rSAPrivateCrtKeyParameters.getPublicExponent());
        } catch (Exception e) {
            throw new KcException(KcErrors.ERROR_CORE_PUBLIC_KEY_PARSE, "rsa public key parse failed", e);
        }
    }

    public static boolean isKeyMatched(X509CertificateHolder x509CertificateHolder, PrivateKeyInfo privateKeyInfo) throws KcException {
        if (!KcRSACertStore.isRsaCert(x509CertificateHolder)) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_KEY_ALG, "rsa cert key alg error");
        }
        if (!isRsaKey(privateKeyInfo)) {
            throw new KcException(KcErrors.ERROR_CORE_PRIVATE_KEY_ALG, "rsa private key alg error");
        }
        try {
            try {
                return isKeyMatched(RSAPublicKey.getInstance(x509CertificateHolder.getSubjectPublicKeyInfo().parsePublicKey()), RSAPrivateKey.getInstance(privateKeyInfo.parsePrivateKey()));
            } catch (Exception e) {
                throw new KcException(KcErrors.ERROR_CORE_PUBLIC_KEY_PARSE, "rsa public key parse failed", e);
            }
        } catch (Exception e2) {
            throw new KcException(KcErrors.ERROR_CORE_PUBLIC_KEY_PARSE, "rsa public key parse failed", e2);
        }
    }

    public static RSAPrivateCrtKeyParameters parseRsaPrivateKey(PrivateKeyInfo privateKeyInfo) throws KcException {
        if (!isRsaKey(privateKeyInfo)) {
            throw new KcException(KcErrors.ERROR_CORE_PRIVATE_KEY_ALG, "parse rsa private key failed");
        }
        try {
            RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
            return new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
        } catch (Exception e) {
            throw new KcException(KcErrors.ERROR_CORE_PRIVATE_KEY_PARSE);
        }
    }

    @Override // com.koalii.kgsp.core.cert.KcKeyStore
    public void loadKeyData(byte[] bArr, char[] cArr) throws KcException {
        PEMKeyPair parsePemKeyPair = PemKeyPairUtil.parsePemKeyPair(bArr, cArr);
        this.privateKey = parseRsaPrivateKey(parsePemKeyPair.getPrivateKeyInfo());
        if (null == this.publicKey) {
            this.publicKey = parseRsaPublicKey(parsePemKeyPair.getPublicKeyInfo());
        }
    }

    public void loadPbeKeyData(byte[] bArr, char[] cArr) throws KcException {
        this.privateKey = parseRsaPrivateKey(Pkcs8Decryptor.pbeDecrypt(bArr, cArr));
    }
}
