package com.archos.athome.lib.connect.pki;

import com.archos.athome.lib.connect.ArchosProgrammingException;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.UUID;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509AttributeIdentifiers;
import org.spongycastle.asn1.x509.sigi.NameOrPseudonym;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.util.PrivateKeyFactory;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.bc.BcRSAContentSignerBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequestBuilder;

/* loaded from: classes.dex */
public final class PkiUtils {
    private static final int KEY_STRENGTH = 2048;
    private static final String TAG = "PKIUTILS";
    private static final long initTime = Pki.installProvider();

    private PkiUtils() {
    }

    public static byte[] createEncodedClientCsr(KeyPair keyPair, UUID uuid) throws ArchosProgrammingException {
        ArchosProgrammingException.assertNotNull(keyPair, "keyPair");
        ArchosProgrammingException.assertNotNull(uuid, "uuid");
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.DC, "com");
        x500NameBuilder.addRDN(BCStyle.DC, "archos");
        x500NameBuilder.addRDN(BCStyle.OU, "ArchosAtHome");
        x500NameBuilder.addRDN(X509AttributeIdentifiers.id_at_role, Pki.CLIENT_ALIAS);
        x500NameBuilder.addRDN(BCStyle.UNIQUE_IDENTIFIER, uuid.toString());
        try {
            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
            PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(x500NameBuilder.build(), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
            BcRSAContentSignerBuilder bcRSAContentSignerBuilder = new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find));
            pKCS10CertificationRequestBuilder.addAttribute(BCStyle.UNIQUE_IDENTIFIER, new NameOrPseudonym(uuid.toString()));
            try {
                return pKCS10CertificationRequestBuilder.build(bcRSAContentSignerBuilder.build(createKey)).getEncoded();
            } catch (IOException e) {
                throw new ArchosProgrammingException("Failed to encode PKCS10CertificationRequest", e);
            } catch (OperatorCreationException e2) {
                throw new ArchosProgrammingException("SHA1withRSA digest unavailable", e2);
            }
        } catch (IOException e3) {
            throw new ArchosProgrammingException("Error decoding the private key", e3);
        }
    }

    public static KeyPair createKeyPair() throws ArchosProgrammingException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "SC");
            keyPairGenerator.initialize(2048, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new ArchosProgrammingException("No RSA algorithm in SpongyCastle", e);
        } catch (NoSuchProviderException e2) {
            throw new ArchosProgrammingException("No SpongyCastle", e2);
        }
    }

    public static X509Certificate crtToCertificate(byte[] bArr) throws CertificateException, IOException, ArchosProgrammingException {
        ArchosProgrammingException.assertNotNull(bArr, "encodedCrt");
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(new X509CertificateHolder(bArr));
    }
}
