package be.fedict.eid.applet.service.impl;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:be/fedict/eid/applet/service/impl/UserIdentifierUtil.class */
public class UserIdentifierUtil {
    private static final Log LOG = LogFactory.getLog(UserIdentifierUtil.class);
    public static final String HMAC_ALGO = "HmacSHA1";

    private UserIdentifierUtil() {
    }

    public static String getUserId(X509Certificate x509Certificate) {
        String x500Principal = x509Certificate.getSubjectX500Principal().toString();
        int indexOf = x500Principal.indexOf("SERIALNUMBER=");
        if (-1 == indexOf) {
            throw new SecurityException("SERIALNUMBER not found in X509 CN");
        }
        int length = indexOf + "SERIALNUMBER=".length();
        int indexOf2 = x500Principal.indexOf(",", length);
        if (-1 == indexOf2) {
            indexOf2 = x500Principal.length();
        }
        return x500Principal.substring(length, indexOf2);
    }

    public static String getNonReversibleCitizenIdentifier(String str, String str2, String str3, String str4) {
        if (null == str4) {
            throw new IllegalArgumentException("secret key is null");
        }
        String trim = str4.trim();
        if (null != str2) {
            str2 = str2.trim();
        } else {
            LOG.warn("it is advised to use an orgId");
        }
        if (null != str3) {
            str3 = str3.trim();
        } else {
            LOG.warn("it is advised to use an appId");
        }
        try {
            byte[] decodeHex = Hex.decodeHex(trim.toCharArray());
            if (16 > decodeHex.length) {
                LOG.warn("secret key is too short");
                throw new IllegalArgumentException("secret key is too short");
            }
            String str5 = str;
            if (null != str3) {
                str5 = str5 + str3;
            }
            if (null != str2) {
                str5 = str5 + str2;
            }
            byte[] bytes = str5.getBytes();
            SecretKeySpec secretKeySpec = new SecretKeySpec(decodeHex, HMAC_ALGO);
            try {
                Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
                try {
                    mac.init(secretKeySpec);
                    mac.update(bytes);
                    return new String(Hex.encodeHex(mac.doFinal())).toUpperCase();
                } catch (InvalidKeyException e) {
                    LOG.error("invalid secret key: " + e.getMessage(), e);
                    throw new RuntimeException("invalid secret");
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("HMAC algo not available: " + e2.getMessage());
            }
        } catch (DecoderException e3) {
            LOG.error("secret is not hexadecimal encoded: " + e3.getMessage());
            throw new IllegalArgumentException("secret is not hexadecimal encoded");
        }
    }
}
