package pl.assecods.tools.pfx.validator;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.assecods.tools.helper.PrivateKeyHelper;
import pl.assecods.tools.utils.PemUtils;

/* loaded from: input_file:BOOT-INF/classes/pl/assecods/tools/pfx/validator/CertificateAndPrivateKeyComplianceValidator.class */
public final class CertificateAndPrivateKeyComplianceValidator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateAndPrivateKeyComplianceValidator.class);

    private CertificateAndPrivateKeyComplianceValidator() {
    }

    public static boolean checkCompliance(String str, String str2) {
        try {
            boolean checkComplianceWithPrivateKey = checkComplianceWithPrivateKey(new PrivateKeyHelper(str2).getPrivateKey(), PemUtils.parseCertificate(str));
            if (!checkComplianceWithPrivateKey) {
                LOG.warn("Private key does not comply with public key from Certificate");
            }
            return checkComplianceWithPrivateKey;
        } catch (CertificateException e) {
            LOG.debug("Error checking compliance", (Throwable) e);
            return false;
        }
    }

    private static boolean checkComplianceWithPrivateKey(PrivateKey privateKey, Certificate certificate) {
        if (privateKey instanceof RSAPrivateKey) {
            return checkComplianceWithPrivateKey((RSAPrivateKey) privateKey, certificate);
        }
        if (privateKey instanceof ECPrivateKey) {
            return checkComplianceWithPrivateKey((ECPrivateKey) privateKey, certificate);
        }
        return false;
    }

    private static boolean checkComplianceWithPrivateKey(RSAPrivateKey rSAPrivateKey, Certificate certificate) {
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(certificate.getSubjectPublicKeyInfo().getEncoded());
            if (createKey instanceof RSAKeyParameters) {
                return rSAPrivateKey.getModulus().equals(((RSAKeyParameters) createKey).getModulus());
            }
            return false;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean checkComplianceWithPrivateKey(ECPrivateKey eCPrivateKey, Certificate certificate) {
        try {
            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(eCPrivateKey.getEncoded());
            AsymmetricKeyParameter createKey2 = PublicKeyFactory.createKey(certificate.getSubjectPublicKeyInfo().getEncoded());
            if (!(createKey2 instanceof ECKeyParameters) || !(createKey instanceof ECKeyParameters)) {
                LOG.warn("Certificate and Private key algorithms mismatch");
                return false;
            }
            ECDomainParameters parameters = ((ECKeyParameters) createKey).getParameters();
            ECDomainParameters parameters2 = ((ECKeyParameters) createKey2).getParameters();
            return parameters.getCurve().equals(parameters2.getCurve()) && parameters.getG().equals(parameters2.getG());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
