package com.microsoft.aad.adal4j;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: input_file:WEB-INF/lib/adal4j-1.6.4.jar:com/microsoft/aad/adal4j/AsymmetricKeyCredential.class */
public final class AsymmetricKeyCredential {
    public static final int MIN_KEYSIZE_IN_BITS = 2048;
    private final String clientId;
    private final PrivateKey key;
    private final X509Certificate publicCertificate;

    private AsymmetricKeyCredential(String str, PrivateKey privateKey, X509Certificate x509Certificate) {
        if (StringHelper.isBlank(str)) {
            throw new IllegalArgumentException("clientId is null or empty");
        }
        if (privateKey == null) {
            throw new NullPointerException("PrivateKey is null or empty");
        }
        this.clientId = str;
        this.key = privateKey;
        if (privateKey instanceof RSAPrivateKey) {
            if (((RSAPrivateKey) privateKey).getModulus().bitLength() < 2048) {
                throw new IllegalArgumentException("certificate key size must be at least 2048");
            }
        } else {
            if (!"sun.security.mscapi.RSAPrivateKey".equals(privateKey.getClass().getName())) {
                throw new IllegalArgumentException("certificate key must be an instance of java.security.interfaces.RSAPrivateKey or sun.security.mscapi.RSAPrivateKey");
            }
            try {
                Method method = privateKey.getClass().getMethod("length", new Class[0]);
                method.setAccessible(true);
                if (((Integer) method.invoke(privateKey, new Object[0])).intValue() < 2048) {
                    throw new IllegalArgumentException("certificate key size must be at least 2048");
                }
            } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
                throw new RuntimeException("error accessing sun.security.mscapi.RSAPrivateKey length: " + e.getMessage());
            }
        }
        this.publicCertificate = x509Certificate;
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getPublicCertificateHash() throws CertificateEncodingException, NoSuchAlgorithmException {
        return Base64.encodeBase64String(getHash(this.publicCertificate.getEncoded()));
    }

    public String getPublicCertificate() throws CertificateEncodingException {
        return Base64.encodeBase64String(this.publicCertificate.getEncoded());
    }

    public PrivateKey getKey() {
        return this.key;
    }

    public static AsymmetricKeyCredential create(String str, InputStream inputStream, String str2) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
        keyStore.load(inputStream, str2.toCharArray());
        String nextElement = keyStore.aliases().nextElement();
        return create(str, (PrivateKey) keyStore.getKey(nextElement, str2.toCharArray()), (X509Certificate) keyStore.getCertificate(nextElement));
    }

    public static AsymmetricKeyCredential create(String str, PrivateKey privateKey, X509Certificate x509Certificate) {
        return new AsymmetricKeyCredential(str, privateKey, x509Certificate);
    }

    private static byte[] getHash(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }
}
