package nl.aeteurope.mpki.secureelement;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import nl.aeteurope.mpki.AlgorithmType;
import nl.aeteurope.mpki.Constants;
import nl.aeteurope.mpki.identity.CertificateWithPrivateKeyReference;
import nl.aeteurope.mpki.workflow.MissingIdentityException;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.encodings.PKCS1Encoding;
import org.spongycastle.crypto.engines.RSABlindedEngine;
import org.spongycastle.crypto.params.RSAKeyParameters;

/* loaded from: classes.dex */
public abstract class BaseSecureElement implements SecureElement {
    @Override // nl.aeteurope.mpki.secureelement.SecureElement
    public KeyStore getSSLKeyStore(CertificateWithPrivateKeyReference certificateWithPrivateKeyReference, char[] cArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, MissingIdentityException, IncorrectPasswordException {
        X509Certificate certificate = certificateWithPrivateKeyReference.getCertificate();
        KeyStore keyStore = KeyStore.getInstance(Constants.PRIVATE_KEYSTORE_TYPE);
        keyStore.load(null, null);
        keyStore.setKeyEntry("alias", getPrivateKey(certificate, cArr), null, new X509Certificate[]{certificate});
        return keyStore;
    }

    @Override // nl.aeteurope.mpki.secureelement.SecureElement
    public byte[] signHash(byte[] bArr, CertificateWithPrivateKeyReference certificateWithPrivateKeyReference, char[] cArr) throws GeneralSecurityException, MissingIdentityException, IncorrectPasswordException {
        Signature signature = Signature.getInstance(AlgorithmType.NONE.getText(), getProvider().getName());
        signature.initSign(getPrivateKey(certificateWithPrivateKeyReference.getCertificate(), cArr));
        signature.update(bArr);
        return signature.sign();
    }

    @Override // nl.aeteurope.mpki.secureelement.SecureElement
    public byte[] signPKCS1(byte[] bArr, CertificateWithPrivateKeyReference certificateWithPrivateKeyReference, AlgorithmType algorithmType, char[] cArr, boolean z) throws GeneralSecurityException, MissingIdentityException, IncorrectPasswordException {
        if (z) {
            Signature signature = Signature.getInstance(algorithmType.getText(), getProvider().getName());
            signature.initSign(getPrivateKey(certificateWithPrivateKeyReference.getCertificate(), cArr));
            signature.update(bArr);
            return signature.sign();
        }
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
        try {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) getPrivateKey(certificateWithPrivateKeyReference.getCertificate(), cArr);
            pKCS1Encoding.init(true, new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
            byte[] encoded = new DigestInfo(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), bArr).getEncoded(ASN1Encoding.DER);
            return pKCS1Encoding.processBlock(encoded, 0, encoded.length);
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        } catch (InvalidCipherTextException e2) {
            e2.printStackTrace();
            return null;
        }
    }
}
