package cn.com.infosec.netsign.frame.util;

import cn.com.infosec.asn1.ASN1Set;
import cn.com.infosec.asn1.DERConstructedSequence;
import cn.com.infosec.asn1.DERInputStream;
import cn.com.infosec.asn1.DERObject;
import cn.com.infosec.asn1.pkcs.ContentInfo;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.pkcs.SignedData;
import cn.com.infosec.asn1.x509.X509CertificateStructure;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.jce.provider.X509CertificateObject;
import cn.com.infosec.netsign.crypto.exception.CryptoException;
import cn.com.infosec.netsign.crypto.util.CryptoUtil;
import cn.com.infosec.netsign.crypto.util.HardCryptoImpl;
import cn.com.infosec.netsign.crypto.util.PKCS10CertificationRequest;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.frame.config.Key;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.netsign.webui.mode.WebUICFG;
import cn.com.infosec.oscca.sm2.SM2PrivateKey;
import cn.com.infosec.oscca.sm2.SM2PublicKey;
import cn.com.infosec.swxa.SWXAUtil;
import cn.com.infosec.util.encoders.Base64;
import cn.com.infosec.x509.X509V1CertificateGenerator;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:cn/com/infosec/netsign/frame/util/PKCS10Utils.class */
public class PKCS10Utils {
    public static String genP10(String str, String str2, int i, JKSFile jKSFile, HardCryptoImpl hardCryptoImpl) {
        if (!ExtendedConfig.getAlgMode().equals(Key.MODE_SOFT)) {
            try {
                return hardCryptoImpl.generatePKCS10CSR(str, i, str2.getBytes());
            } catch (Exception e) {
                ConsoleLogger.logException(e);
                return null;
            }
        }
        try {
            KeyPair generateKeyPair = generateKeyPair(i);
            if (generateKeyPair == null) {
                ConsoleLogger.logStringForce("Generate keypair failed");
                return null;
            }
            jKSFile.prepareP10(generateKeyPair.getPrivate(), str2, new X509Certificate[]{generateCert(str, generateKeyPair.getPublic(), generateKeyPair.getPrivate(), "SHA1withRSA")});
            return CryptoUtil.createbase64csr(new PKCS10CertificationRequest(new X509Name(str), generateKeyPair.getPublic(), (ASN1Set) null, generateKeyPair.getPrivate(), "INFOSEC"));
        } catch (Exception e2) {
            ConsoleLogger.logException(e2);
            return null;
        }
    }

    public static String genP10(String str, String str2, int i, JKSFile jKSFile, HardCryptoImpl hardCryptoImpl, String str3) {
        if ("INFOSEC".equals(str3)) {
            return genP10(str, str2, i, jKSFile, hardCryptoImpl);
        }
        if ("SwxaJCE".equals(str3)) {
            return genP10inHsm(str, str2, jKSFile, str3);
        }
        return null;
    }

    private static String genP10inHsm(String str, String str2, JKSFile jKSFile, String str3) {
        if (!ExtendedConfig.getAlgMode().equals(Key.MODE_SOFT)) {
            return null;
        }
        try {
            KeyPair hsmKeyPair = SWXAUtil.getHsmKeyPair(str2, str3);
            jKSFile.prepareP10(hsmKeyPair.getPrivate(), str2, new X509Certificate[]{generateCert(str, hsmKeyPair.getPublic(), hsmKeyPair.getPrivate(), "SHA1withRSA")});
            return CryptoUtil.createbase64csr(new PKCS10CertificationRequest(new X509Name(str), hsmKeyPair.getPublic(), (ASN1Set) null, hsmKeyPair.getPrivate(), str3));
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return null;
        }
    }

    public static String[] importP10(X509Certificate x509Certificate, String str, JKSFile jKSFile, String str2) {
        if ("INFOSEC".equals(str2)) {
            return importP10(x509Certificate, str, jKSFile);
        }
        if ("SwxaJCE".equals(str2)) {
            return importP10forHsm(x509Certificate, str, str2);
        }
        return null;
    }

    public static String[] importP10(String str, String str2, JKSFile jKSFile, String str3) {
        if ("INFOSEC".equals(str3)) {
            return importP10(str, str2, jKSFile);
        }
        if ("SwxaJCE".equals(str3)) {
            return importP10forHsm(str, str2, str3);
        }
        return null;
    }

    private static String[] importP10forHsm(X509Certificate x509Certificate, String str, String str2) {
        if (isSameModulus(x509Certificate, str, str2)) {
            writeKeyToFile(x509Certificate, new StringBuffer(String.valueOf(WebUICFG.getServerHome())).append("/cert/tokencert/").append(str).append(".cer").toString());
            return new String[]{str};
        }
        ConsoleLogger.logStringForce("Import p10 cert failed public key doesn't match ");
        return null;
    }

    private static String[] importP10forHsm(String str, String str2, String str3) {
        Certificate[] certificateArr = (Certificate[]) null;
        try {
            certificateArr = getCertChain(Base64.decode(str));
        } catch (CryptoException e) {
            e.printStackTrace();
        } catch (CertificateParsingException e2) {
            e2.printStackTrace();
        }
        if (certificateArr == null) {
            System.out.println("certs is null.");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) SWXAUtil.getHsmKeyPair(str2, str3).getPublic();
        X509Certificate x509Certificate = null;
        int i = 0;
        while (true) {
            if (i >= certificateArr.length) {
                break;
            }
            if (rSAPublicKey.getModulus().equals(((RSAPublicKey) certificateArr[i].getPublicKey()).getModulus())) {
                writeKeyToFile(certificateArr[i], new StringBuffer(String.valueOf(WebUICFG.getServerHome())).append("/cert/tokencert/").append(str2).append(".cer").toString());
                x509Certificate = (X509Certificate) certificateArr[i];
                break;
            }
            i++;
        }
        if (x509Certificate != null) {
            return new String[]{genAlias(x509Certificate.getSubjectDN().getName(), x509Certificate.getPublicKey()), "Cert"};
        }
        ConsoleLogger.logStringForce("Import p10 p7b failed public key doesn't match ");
        return null;
    }

    private static void writeKeyToFile(Certificate certificate, String str) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(certificate.getEncoded());
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static boolean isSameModulus(X509Certificate x509Certificate, String str, String str2) {
        return ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().equals(((RSAPublicKey) SWXAUtil.getHsmKeyPair(str, str2).getPublic()).getModulus());
    }

    public static String genP10(String str, SM2PublicKey sM2PublicKey, SM2PrivateKey sM2PrivateKey) {
        try {
            return CryptoUtil.createbase64csr(new PKCS10CertificationRequest(ExtendedConfig.getDefaultSM2P10Alg(), new X509Name(str), sM2PublicKey, sM2PrivateKey, ExtendedConfig.getSm3P10Puid()));
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return null;
        }
    }

    private static X509Certificate generateCert(String str, PublicKey publicKey, PrivateKey privateKey, String str2) throws Exception {
        X509Name x509Name = new X509Name(str);
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        x509V1CertificateGenerator.setIssuerDN(x509Name);
        x509V1CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V1CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + (365 * 24 * 60 * 60 * 1000)));
        x509V1CertificateGenerator.setSubjectDN(x509Name);
        x509V1CertificateGenerator.setPublicKey(publicKey);
        x509V1CertificateGenerator.setSignatureAlgorithm(str2.toString());
        x509V1CertificateGenerator.setSerialNumber(BigInteger.ONE);
        return x509V1CertificateGenerator.generateX509Certificate(privateKey);
    }

    private static KeyPair generateKeyPair(int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "INFOSEC");
            keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return null;
        }
    }

    public static String[] importP10(X509Certificate x509Certificate, String str, JKSFile jKSFile) {
        String[] importP10;
        try {
            String[] strArr = new String[2];
            if (ExtendedConfig.getAlgMode().equals("hard")) {
                importP10 = jKSFile.importCert(x509Certificate);
                if (importP10[0] == null) {
                    ConsoleLogger.logStringForce("Import p10 cert failed");
                }
            } else {
                importP10 = jKSFile.importP10(str, new X509Certificate[]{x509Certificate});
                if (importP10 == null) {
                    ConsoleLogger.logStringForce("Import p10 cert failed");
                }
            }
            return importP10;
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return null;
        }
    }

    public static String[] importP10(String str, String str2, JKSFile jKSFile) {
        String[] importP10;
        try {
            Certificate[] certChain = getCertChain(Base64.decode(str));
            if (certChain == null) {
                System.out.println("certs is null.");
            }
            String[] strArr = new String[2];
            if (ExtendedConfig.getAlgMode().equals("hard")) {
                importP10 = jKSFile.importCert(certChain);
                if (importP10[0] == null) {
                    ConsoleLogger.logStringForce("Import p10 cert failed");
                }
            } else {
                importP10 = jKSFile.importP10(str2, certChain);
                if (importP10 == null) {
                    ConsoleLogger.logStringForce("Import p10 cert failed");
                }
            }
            return importP10;
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return null;
        }
    }

    public static Certificate[] getCertChain(byte[] bArr) throws CryptoException, CertificateParsingException {
        try {
            DERObject readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            if (!(readObject instanceof DERConstructedSequence)) {
                throw new CryptoException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
                throw new CryptoException(new StringBuffer("Not a valid PKCS#7 signed-data object - wrong header ").append(contentInfo.getContentType().getId()).toString());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            ArrayList arrayList = new ArrayList();
            if (signedData.getCertificates() != null) {
                Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
                while (objects.hasMoreElements()) {
                    arrayList.add(new X509CertificateObject(X509CertificateStructure.getInstance(objects.nextElement())));
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (IOException e) {
            throw new CryptoException("can't decode PKCS7SignedData object");
        }
    }

    public static Certificate getCertificateByPubk(Certificate[] certificateArr, PublicKey publicKey) throws CertificateEncodingException {
        byte[] encoded = publicKey.getEncoded();
        int length = certificateArr.length;
        for (int i = 0; i < length; i++) {
            if (Arrays.equals(encoded, CertificateUtil.getPublicKey(certificateArr[i].getEncoded()))) {
                return certificateArr[i];
            }
        }
        return null;
    }

    public static String genAlias(String str, PublicKey publicKey) {
        try {
            return new StringBuffer(String.valueOf(str.replaceAll("<", "&lt;").replaceAll(">", "&gt;"))).append(":").append(CertificateUtil.getSubjectKid(publicKey)).toString();
        } catch (Exception e) {
            return null;
        }
    }
}
