package cn.com.infosec.netsign.base.util;

import cn.com.infosec.asn1.ASN1InputStream;
import cn.com.infosec.asn1.DERInteger;
import cn.com.infosec.asn1.DERObject;
import cn.com.infosec.asn1.pkcs.IssuerAndSerialNumber;
import cn.com.infosec.netsign.base.TransUtil;
import cn.com.infosec.netsign.base.channels.ChannelException;
import cn.com.infosec.netsign.crypto.util.Base64;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.frame.config.Key;
import cn.com.infosec.netsign.frame.config.PrivateKeyUtil;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.netsign.manager.JKSManager;
import cn.com.infosec.oscca.sm2.SM2Certificate;
import cn.com.infosec.oscca.sm2.SM2PrivateKey;
import cn.com.infosec.swxa.SWXAUtil;
import com.sansec.jce.provider.SwxaProvider;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Hashtable;

/* loaded from: input_file:cn/com/infosec/netsign/base/util/ServerKeyStore.class */
public class ServerKeyStore implements Serializable {
    private static final long serialVersionUID = 5448645554507725029L;
    private String mode;
    private String type;
    private String certDN;
    private String X500CertDN;
    private String issuerDN;
    private String serialNumber;
    private String notBefore;
    private String notAfter;
    private X509Certificate[] certChain;
    private X509Certificate cert;
    private DERObject[] certChainEncoded;
    private Hashtable isAndsns = new Hashtable();
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private byte[] label;
    private static SimpleDateFormat dformat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

    public ServerKeyStore(Key key, String str) throws ChannelException {
        this.type = key.getKeytype();
        this.mode = key.getMode();
        if (this.mode.equals(TransUtil.SOFT)) {
            initRSAKey(key, str);
        } else if (this.mode.equals("hard.sm2")) {
            initSM2Key(key);
        }
    }

    private void initSM2Key(Key key) throws ChannelException {
        try {
            this.cert = new SM2Certificate(new ByteArrayInputStream(Base64.decode(key.getCert())));
            this.certDN = this.cert.getSubjectDN().getName();
            this.X500CertDN = this.cert.getSubjectX500Principal().getName();
            this.issuerDN = this.cert.getIssuerDN().getName();
            this.serialNumber = this.cert.getSerialNumber().toString(16).toUpperCase();
            this.notBefore = dformat.format(this.cert.getNotBefore());
            this.notAfter = dformat.format(this.cert.getNotAfter());
            this.certChain = new X509Certificate[]{this.cert};
            this.certChainEncoded = new DERObject[]{new ASN1InputStream(new ByteArrayInputStream(this.certChain[0].getEncoded())).readObject()};
            this.isAndsns.put(new StringBuffer(String.valueOf(this.certChain[0].getIssuerDN().getName())).append(this.certChain[0].getSerialNumber().toString(10)).toString(), new IssuerAndSerialNumber(this.cert.getIssuerDN(), new DERInteger(this.cert.getSerialNumber())));
            if (key.getPrikey() != null) {
                this.privateKey = new SM2PrivateKey(PrivateKeyUtil.decryptPrivateKey(key.getPrikey(), key.getAlias()));
            }
            this.publicKey = this.cert.getPublicKey();
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            throw new ChannelException(e);
        }
    }

    private void initRSAKey(Key key, String str) throws ChannelException {
        boolean z = NetSignImpl.PROVIDER_SWXA_ALG.equals(ExtendedConfig.getPrivateKeyAlg()) && ExtendedConfig.isUsehardkeystore();
        boolean z2 = key.getPrivateKeyAlg() != null;
        try {
            if (z2) {
                this.cert = SWXAUtil.getCertificate(key.getKeylable());
            } else {
                this.cert = JKSManager.getCertificate(key.getAlias());
            }
            if (this.cert == null) {
                throw new ChannelException(new StringBuffer("No Certificate found: ").append(key.getAlias()).toString());
            }
            this.certDN = this.cert.getSubjectDN().getName();
            this.X500CertDN = this.cert.getSubjectX500Principal().getName();
            this.issuerDN = this.cert.getIssuerDN().getName();
            this.serialNumber = this.cert.getSerialNumber().toString(16).toUpperCase();
            this.notBefore = dformat.format(this.cert.getNotBefore());
            this.notAfter = dformat.format(this.cert.getNotAfter());
            if (ExtendedConfig.isWithCertChain() && !ExtendedConfig.isUsehardkeystore()) {
                this.certChain = JKSManager.getCertChain(key.getAlias());
            } else if (ExtendedConfig.isUsehardkeystore()) {
                this.certChain = new X509Certificate[]{this.cert};
            } else if (z2) {
                this.certChain = new X509Certificate[]{this.cert};
            } else {
                this.certChain = new X509Certificate[]{JKSManager.getCertificate(key.getAlias())};
            }
            this.certChainEncoded = new DERObject[this.certChain.length];
            int length = this.certChain.length;
            for (int i = 0; i < length; i++) {
                this.certChainEncoded[i] = new ASN1InputStream(new ByteArrayInputStream(this.certChain[i].getEncoded())).readObject();
                this.isAndsns.put(new StringBuffer(String.valueOf(this.certChain[i].getIssuerDN().getName())).append(this.certChain[i].getSerialNumber().toString(10)).toString(), new IssuerAndSerialNumber(this.cert.getIssuerDN(), new DERInteger(this.cert.getSerialNumber())));
            }
            if (z2) {
                if (z) {
                    Security.addProvider(new SwxaProvider());
                    this.privateKey = SWXAUtil.getHsmKeyPair(key.getKeylable(), NetSignImpl.PROVIDER_SWXA).getPrivate();
                    this.publicKey = this.cert.getPublicKey();
                    return;
                }
                return;
            }
            if (str.equals(NetSignImpl.PROVIDER_DATECH)) {
                KeyPair generateDatechKeyPair = NetSignImpl.generateDatechKeyPair(key.getKeylable());
                this.privateKey = generateDatechKeyPair.getPrivate();
                this.publicKey = generateDatechKeyPair.getPublic();
            } else {
                if (key.getMode().equals(TransUtil.SOFT)) {
                    this.privateKey = JKSManager.getPriKey(key.getAlias());
                }
                this.publicKey = this.cert.getPublicKey();
            }
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            throw new ChannelException(e);
        }
    }

    public String getX500CertDN() {
        return this.X500CertDN;
    }

    public X509Certificate getCert() {
        return this.cert;
    }

    public String getType() {
        return this.type;
    }

    public String getCertDN() {
        return this.certDN;
    }

    public X509Certificate[] getCertChain() {
        return this.certChain;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public byte[] getLabel() {
        return this.label;
    }

    public Hashtable getIsAndsns() {
        return this.isAndsns;
    }

    public DERObject[] getCertChainEncoded() {
        return this.certChainEncoded;
    }

    public String getIssuerDN() {
        return this.issuerDN;
    }

    public void setIssuerDN(String str) {
        this.issuerDN = str;
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public void setSerialNumber(String str) {
        this.serialNumber = str;
    }

    public String getNotBefore() {
        return this.notBefore;
    }

    public void setNotBefore(String str) {
        this.notBefore = str;
    }

    public String getNotAfter() {
        return this.notAfter;
    }

    public void setNotAfter(String str) {
        this.notAfter = str;
    }
}
