package ru.rutoken.openvpnpluginservice.businessrules;

import android.util.Log;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.List;
import ru.rutoken.openvpnpluginservice.businessrules.exception.BusinessRuleException;
import ru.rutoken.openvpnpluginservice.pkcs11.session.SessionWrapper;
import ru.rutoken.pkcs11wrapper.attribute.Pkcs11Attribute;
import ru.rutoken.pkcs11wrapper.constant.standard.Pkcs11AttributeType;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Exception;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Session;
import ru.rutoken.pkcs11wrapper.object.key.Pkcs11RsaPrivateKeyObject;

/* loaded from: classes5.dex */
public final class RsaKeyFinder {
    private RsaKeyFinder() {
    }

    private static List<Pkcs11Attribute> createRsaPrivateKeyTemplate(Pkcs11Session pkcs11Session, byte[] bArr, byte[] bArr2) {
        List<Pkcs11Attribute> makeTemplate = pkcs11Session.getObjectFactory().makeTemplate(Pkcs11RsaPrivateKeyObject.class);
        makeTemplate.add(pkcs11Session.getAttributeFactory().makeAttribute(Pkcs11AttributeType.CKA_MODULUS, bArr));
        makeTemplate.add(pkcs11Session.getAttributeFactory().makeAttribute(Pkcs11AttributeType.CKA_PUBLIC_EXPONENT, bArr2));
        return makeTemplate;
    }

    private static byte[] dropPrecedingZeros(byte[] bArr) {
        if (bArr.length == 0) {
            return bArr;
        }
        int length = bArr.length;
        int i = 0;
        for (int i2 = 0; i2 < length && bArr[i2] == 0; i2++) {
            i++;
        }
        return Arrays.copyOfRange(bArr, i, bArr.length);
    }

    public static Pkcs11RsaPrivateKeyObject getPkcs11RsaPrivateKeyByCertificate(SessionWrapper sessionWrapper, X509Certificate x509Certificate) throws BusinessRuleException {
        List<Pkcs11Attribute> rsaPrivateKeyTemplate = getRsaPrivateKeyTemplate(sessionWrapper.getSession(), x509Certificate);
        try {
            sessionWrapper.login();
            List findObjectsAtOnce = sessionWrapper.getSession().getObjectManager().findObjectsAtOnce(Pkcs11RsaPrivateKeyObject.class, rsaPrivateKeyTemplate);
            if (findObjectsAtOnce.size() == 0) {
                throw new BusinessRuleException("No RSA private keys found");
            }
            if (findObjectsAtOnce.size() != 1) {
                Log.w(Pkcs11RsaPrivateKeyObject.class.getName(), "Multiple private keys found");
            }
            return (Pkcs11RsaPrivateKeyObject) findObjectsAtOnce.get(0);
        } catch (Pkcs11Exception e) {
            throw new BusinessRuleException(e);
        }
    }

    private static List<Pkcs11Attribute> getRsaPrivateKeyTemplate(Pkcs11Session pkcs11Session, X509Certificate x509Certificate) throws BusinessRuleException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new BusinessRuleException("Public key extracted from certificate is not an RSA key");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        BigInteger modulus = rSAPublicKey.getModulus();
        BigInteger publicExponent = rSAPublicKey.getPublicExponent();
        if (modulus.signum() >= 0 || publicExponent.signum() >= 0) {
            return createRsaPrivateKeyTemplate(pkcs11Session, dropPrecedingZeros(modulus.toByteArray()), publicExponent.toByteArray());
        }
        throw new BusinessRuleException("Modulus or public exponent is less than zero");
    }
}
