package com.microsoft.msr.RiotEmulator;

import com.microsoft.msr.DiceEmulator.DICE;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:com/microsoft/msr/RiotEmulator/RIoT.class */
public class RIoT {
    private static String rDRBG = "SHA1PRNG";
    private static String rEcCurve = "P-256";
    private static String rSignAlg = "ECDSA";
    private static String rSigSch = "SHA256withECDSA";
    private static ASN1ObjectIdentifier rSignatureOID = X9ObjectIdentifiers.ecdsa_with_SHA256;
    private static byte[] rDigest = hstoba("b5859493661e2eae9677c55d590b9294e094abafd740787e050dfe6d859053a0");
    private static byte[] rR00t = hstoba("e3e7c713573fd9c8b8e1eaf453f1561502f071c05349c8dae626a90b1788e570");
    private static byte[] rDevCertSerial = hstoba("0e0d0c0b0a");
    private static byte[] rAlisCertSerial = hstoba("0a0b0c0d0e");
    private static String rRootCertIssuerName = "RIoT R00t";
    private static String rRootCertIssuerOrg = "MSR_TEST";
    private static String rRootCertIssuerCountry = "US";
    private static String rRootCertSubjectName = rRootCertIssuerName;
    private static String rRootCertSubjectOrg = rRootCertIssuerOrg;
    private static String rRootCertSubjectCountry = rRootCertIssuerCountry;
    private static String rDeviceCertIssuerName = rRootCertSubjectName;
    private static String rDeviceCertIssuerOrg = rRootCertSubjectOrg;
    private static String rDeviceCertIssuerCountry = rRootCertSubjectCountry;
    private static String rDeviceCertSubjectName = "RIoT Core";
    private static String rDeviceCertSubjectOrg = "MSR_TEST";
    private static String rDeviceCertSubjectCountry = "US";
    private static String rAliasCertIssuerName = rDeviceCertSubjectName;
    private static String rAliasCertIssuerOrg = rDeviceCertSubjectOrg;
    private static String rAliasCertIssuerCountry = rDeviceCertSubjectCountry;
    private static String rAliasCertSubjectName = "RIoT Device";
    private static String rAliasCertSubjectOrg = "MSR_TEST";
    private static String rAliasCertSubjectCountry = "US";
    private static String rExtensionOID = "2.23.133.5.4.1";
    private static int rPathLenConstraint = 1;
    private static String rValidityStart = "20170101000000 GMT";
    private static String rValidityEnd = "37011231235959 GMT";

    /* loaded from: input_file:com/microsoft/msr/RiotEmulator/RIoT$DeviceAuthBundle.class */
    public static class DeviceAuthBundle {
        public PublicKey RootPublicKey;
        public String RootPublicKeyPem;
        public PrivateKey RootPrivateKey;
        public String RootPrivateKeyPem;
        public X509Certificate RootCert;
        public String RootCertPem;
        public PublicKey DeviceIDPublic;
        public String DeviceIDPublicPem;
        public X509Certificate DeviceIDCert;
        public String DeviceIDCertPem;
        public String DeviceIDCSR;
        public PublicKey AliasPublicKey;
        public String AliasPublicKeyPem;
        public PrivateKey AliasPrivateKey;
        public String AliasPrivateKeyPem;
        public X509Certificate AliasCert;
        public String AliasCertPem;
        public X509Certificate LeafCert;
        public String LeafCertPem;
    }

    public static void CreateLeafCert(DeviceAuthBundle deviceAuthBundle, String str) {
        try {
            deviceAuthBundle.LeafCert = makeDeviceCert(deviceAuthBundle, str);
            deviceAuthBundle.LeafCertPem = dertopem("CERTIFICATE", deviceAuthBundle.LeafCert.getEncoded());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static DeviceAuthBundle CreateDeviceAuthBundle(byte[] bArr, byte[] bArr2, boolean z, String str, String str2, String str3) {
        rDeviceCertIssuerName = str;
        rRootCertIssuerName = str;
        rRootCertSubjectName = str;
        rAliasCertIssuerName = str2;
        rDeviceCertSubjectName = str2;
        rAliasCertSubjectName = str3;
        return CreateDeviceAuthBundle(bArr, bArr2, z);
    }

    public static DeviceAuthBundle CreateDeviceAuthBundle(byte[] bArr, byte[] bArr2, boolean z) {
        if (bArr.length != 32 || bArr2.length != 32) {
            throw new IllegalArgumentException("UDS and FWID must be 32-bytes in length");
        }
        try {
            DeviceAuthBundle deviceAuthBundle = new DeviceAuthBundle();
            byte[] Hash = Hash(DICE.DiceSHA256(DICE.DiceSHA256(bArr), rDigest));
            KeyPair DeriveEccKey = DeriveEccKey(rR00t);
            KeyPair DeriveEccKey2 = DeriveEccKey(Hash);
            KeyPair DeriveEccKey3 = DeriveEccKey(Hash(Hash, bArr2));
            deviceAuthBundle.RootPublicKey = DeriveEccKey.getPublic();
            deviceAuthBundle.RootPublicKeyPem = dertopem("PUBLIC KEY", DeriveEccKey.getPublic().getEncoded());
            deviceAuthBundle.RootPrivateKey = DeriveEccKey.getPrivate();
            deviceAuthBundle.RootPrivateKeyPem = dertopem("PRIVATE KEY", DeriveEccKey.getPrivate().getEncoded());
            deviceAuthBundle.DeviceIDPublic = DeriveEccKey2.getPublic();
            deviceAuthBundle.DeviceIDPublicPem = dertopem("PUBLIC KEY", DeriveEccKey2.getPublic().getEncoded());
            deviceAuthBundle.AliasPublicKey = DeriveEccKey3.getPublic();
            deviceAuthBundle.AliasPublicKeyPem = dertopem("PUBLIC KEY", DeriveEccKey3.getPublic().getEncoded());
            deviceAuthBundle.AliasPrivateKey = DeriveEccKey3.getPrivate();
            deviceAuthBundle.AliasPrivateKeyPem = dertopem("PRIVATE KEY", DeriveEccKey3.getPrivate().getEncoded());
            X509Certificate makeRootCert = makeRootCert(DeriveEccKey);
            X509Certificate makeDeviceCert = makeDeviceCert(DeriveEccKey, DeriveEccKey2);
            X509Certificate makeAliasCert = makeAliasCert(DeriveEccKey2, DeriveEccKey3, bArr2);
            deviceAuthBundle.RootCert = makeRootCert;
            deviceAuthBundle.RootCertPem = dertopem("CERTIFICATE", makeRootCert.getEncoded());
            deviceAuthBundle.DeviceIDCert = makeDeviceCert;
            deviceAuthBundle.DeviceIDCertPem = dertopem("CERTIFICATE", makeDeviceCert.getEncoded());
            deviceAuthBundle.AliasCert = makeAliasCert;
            deviceAuthBundle.AliasCertPem = dertopem("CERTIFICATE", makeAliasCert.getEncoded());
            return deviceAuthBundle;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static X509Certificate makeRootCert(KeyPair keyPair) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException, ParseException, SignatureException, CertificateException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, rRootCertIssuerName);
        x500NameBuilder.addRDN(BCStyle.O, rRootCertIssuerOrg);
        x500NameBuilder.addRDN(BCStyle.C, rRootCertIssuerCountry);
        X500Name build = x500NameBuilder.build();
        X500NameBuilder x500NameBuilder2 = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder2.addRDN(BCStyle.CN, rRootCertSubjectName);
        x500NameBuilder2.addRDN(BCStyle.O, rRootCertSubjectOrg);
        x500NameBuilder2.addRDN(BCStyle.C, rRootCertSubjectCountry);
        X500Name build2 = x500NameBuilder2.build();
        Signature signature = Signature.getInstance(rSigSch, "BC");
        SecureRandom secureRandom = SecureRandom.getInstance(rDRBG);
        secureRandom.setSeed(Hash(rR00t));
        signature.initSign(keyPair.getPrivate(), secureRandom);
        Time time = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityStart));
        Time time2 = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityEnd));
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(hstoba("5A4B3C2D1E")));
        v3TBSCertificateGenerator.setIssuer(build);
        v3TBSCertificateGenerator.setSubject(build2);
        v3TBSCertificateGenerator.setStartDate(time);
        v3TBSCertificateGenerator.setEndDate(time2);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        v3TBSCertificateGenerator.setSignature(new AlgorithmIdentifier(rSignatureOID));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.keyUsage, false, new KeyUsage(4));
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(rPathLenConstraint + 1));
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        signature.update(generateTBSCertificate.getEncoded("DER"));
        byte[] sign = signature.sign();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(new AlgorithmIdentifier(rSignatureOID));
        aSN1EncodableVector.add(new DERBitString(sign));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    private static X509Certificate makeDeviceCert(DeviceAuthBundle deviceAuthBundle, String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException, ParseException, SignatureException, CertificateException {
        return makeDeviceCert(new KeyPair(deviceAuthBundle.RootPublicKey, deviceAuthBundle.RootPrivateKey), new KeyPair(deviceAuthBundle.DeviceIDPublic, null), str);
    }

    private static X509Certificate makeDeviceCert(KeyPair keyPair, KeyPair keyPair2) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException, ParseException, SignatureException, CertificateException {
        return makeDeviceCert(keyPair, keyPair2, rDeviceCertSubjectName);
    }

    private static X509Certificate makeDeviceCert(KeyPair keyPair, KeyPair keyPair2, String str) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException, ParseException, SignatureException, CertificateException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair2.getPublic().getEncoded());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, rDeviceCertIssuerName);
        x500NameBuilder.addRDN(BCStyle.O, rDeviceCertIssuerOrg);
        x500NameBuilder.addRDN(BCStyle.C, rDeviceCertIssuerCountry);
        X500Name build = x500NameBuilder.build();
        X500NameBuilder x500NameBuilder2 = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder2.addRDN(BCStyle.CN, str);
        x500NameBuilder2.addRDN(BCStyle.O, rDeviceCertSubjectOrg);
        x500NameBuilder2.addRDN(BCStyle.C, rDeviceCertSubjectCountry);
        X500Name build2 = x500NameBuilder2.build();
        Signature signature = Signature.getInstance(rSigSch, "BC");
        SecureRandom secureRandom = SecureRandom.getInstance(rDRBG);
        secureRandom.setSeed(Hash(rDeviceCertSubjectName.getBytes()));
        signature.initSign(keyPair.getPrivate(), secureRandom);
        Time time = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityStart));
        Time time2 = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityEnd));
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(hstoba("0E0D0C0B0A")));
        v3TBSCertificateGenerator.setIssuer(build);
        v3TBSCertificateGenerator.setSubject(build2);
        v3TBSCertificateGenerator.setStartDate(time);
        v3TBSCertificateGenerator.setEndDate(time2);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        v3TBSCertificateGenerator.setSignature(new AlgorithmIdentifier(rSignatureOID));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.keyUsage, false, new KeyUsage(4));
        extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(rPathLenConstraint));
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        signature.update(generateTBSCertificate.getEncoded("DER"));
        byte[] sign = signature.sign();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(new AlgorithmIdentifier(rSignatureOID));
        aSN1EncodableVector.add(new DERBitString(sign));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    private static X509Certificate makeAliasCert(KeyPair keyPair, KeyPair keyPair2, byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, ParseException, CertificateException {
        SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair2.getPublic().getEncoded());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, rAliasCertIssuerName);
        x500NameBuilder.addRDN(BCStyle.O, rAliasCertIssuerOrg);
        x500NameBuilder.addRDN(BCStyle.C, rAliasCertIssuerCountry);
        X500Name build = x500NameBuilder.build();
        X500NameBuilder x500NameBuilder2 = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder2.addRDN(BCStyle.CN, rAliasCertSubjectName);
        x500NameBuilder2.addRDN(BCStyle.O, rAliasCertSubjectOrg);
        x500NameBuilder2.addRDN(BCStyle.C, rAliasCertSubjectCountry);
        X500Name build2 = x500NameBuilder2.build();
        Signature signature = Signature.getInstance(rSigSch, "BC");
        SecureRandom secureRandom = SecureRandom.getInstance(rDRBG);
        secureRandom.setSeed(Hash(bArr));
        signature.initSign(keyPair.getPrivate(), secureRandom);
        Time time = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityStart));
        Time time2 = new Time(new SimpleDateFormat("yyyymmddhhmmss Z").parse(rValidityEnd));
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(rAlisCertSerial));
        v3TBSCertificateGenerator.setIssuer(build);
        v3TBSCertificateGenerator.setSubject(build2);
        v3TBSCertificateGenerator.setStartDate(time);
        v3TBSCertificateGenerator.setEndDate(time2);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        v3TBSCertificateGenerator.setSignature(new AlgorithmIdentifier(rSignatureOID));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
        extensionsGenerator.addExtension(new ASN1ObjectIdentifier(rExtensionOID), false, getRiotExtension(bArr, keyPair));
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        signature.update(generateTBSCertificate.getEncoded("DER"));
        byte[] sign = signature.sign();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(new AlgorithmIdentifier(rSignatureOID));
        aSN1EncodableVector.add(new DERBitString(sign));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    public static KeyPair DeriveEccKey(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(rEcCurve);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(rSignAlg, "BC");
        SecureRandom secureRandom = SecureRandom.getInstance(rDRBG);
        secureRandom.setSeed(bArr);
        keyPairGenerator.initialize(eCGenParameterSpec, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static byte[] Hash(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public static byte[] Hash(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        messageDigest.update(bArr2);
        return messageDigest.digest();
    }

    private static DERSequence getRiotExtension(byte[] bArr, KeyPair keyPair) {
        return new DERSequence(new ASN1Encodable[]{new ASN1Integer(1L), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()), new DERSequence(new ASN1Encodable[]{NISTObjectIdentifiers.id_sha256, new DEROctetString(bArr)})});
    }

    private static String dertopem(String str, byte[] bArr) throws IOException {
        PemObject pemObject = new PemObject(str, bArr);
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
        return stringWriter.toString();
    }

    private static byte[] hstoba(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
