package cn.topca.api.cert;

import cn.tca.TopBasicCrypto.asn1.ASN1ObjectIdentifier;
import cn.tca.TopBasicCrypto.asn1.DERInteger;
import cn.tca.TopBasicCrypto.asn1.x500.X500Name;
import cn.tca.TopBasicCrypto.asn1.x509.SubjectPublicKeyInfo;
import cn.tca.TopBasicCrypto.cert.X509v3CertificateBuilder;
import cn.tca.TopBasicCrypto.operator.OperatorCreationException;
import cn.topca.core.ext.bc.pkcs.PKCS10OperatorUtils;
import cn.topca.core.ext.bc.util.KeyStoreUtils;
import cn.topca.security.bc.operator.JcaContentSignerBuilder;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.DSAKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.interfaces.DHKey;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:cn/topca/api/cert/KeyStoreProvider.class */
class KeyStoreProvider implements IKeyStoreProvider {
    private KeyStore keyStore;
    private KeyStoreConfig config;
    private static String stubOID = "1.2.3.4.5.6";

    public KeyStoreProvider(KeyStoreConfig keyStoreConfig) throws CertApiException {
        this.config = keyStoreConfig;
        config(keyStoreConfig);
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public String getName() {
        return this.config.getName();
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public java.security.cert.Certificate[] listCerts() throws CertApiException {
        return doListCerts(false);
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public String genCSR(String str, String str2, int i, String str3) throws CertApiException {
        KeyPair genKey = genKey(str2, i);
        importCertAndKey(genStubCert(genKey), genKey);
        String genCSR = genCSR(str, genKey, str3);
        saveStore();
        return genCSR;
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public String genCSR(java.security.cert.Certificate certificate) throws CertApiException {
        try {
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(this.keyStore.getCertificateAlias(certificate), this.config.getPwd());
            PublicKey publicKey = certificate.getPublicKey();
            KeyPair keyPair = new KeyPair(publicKey, privateKey);
            String principal = TCAUtil.convBin2Cert(certificate.getEncoded()).getSubjectDN().toString();
            publicKey.getAlgorithm();
            int i = 256;
            if (publicKey instanceof RSAKey) {
                i = ((RSAKey) publicKey).getModulus().bitLength();
            } else if (publicKey instanceof DSAKey) {
                i = ((DSAKey) publicKey).getParams().getP().bitLength();
            } else if (publicKey instanceof DHKey) {
                i = ((DHKey) publicKey).getParams().getP().bitLength();
            } else if (TCA.SM2.equals(publicKey.getAlgorithm())) {
                i = 256;
            }
            return genCSR(principal, keyPair, i == 256 ? TCA.SM3 : TCA.SHA1);
        } catch (KeyStoreException e) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e2);
        } catch (UnrecoverableKeyException e3) {
            throw new CertApiException(TCAErrCode.ERR_BAD_RECOVERABLEKEY, e3);
        } catch (CertificateEncodingException e4) {
            throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e4);
        }
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public boolean importCert(java.security.cert.Certificate certificate, boolean z) throws CertApiException {
        for (java.security.cert.Certificate certificate2 : doListCerts(true)) {
            if (certificate.getPublicKey().equals(certificate2.getPublicKey())) {
                try {
                    String certificateAlias = this.keyStore.getCertificateAlias(certificate2);
                    PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(certificateAlias, this.config.getPwd());
                    this.keyStore.deleteEntry(certificateAlias);
                    this.keyStore.setKeyEntry(certificateAlias, privateKey, this.config.getPwd(), new java.security.cert.Certificate[]{certificate});
                    saveStore();
                    return true;
                } catch (KeyStoreException e) {
                    throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e2);
                } catch (UnrecoverableKeyException e3) {
                    throw new CertApiException(TCAErrCode.ERR_BAD_RECOVERABLEKEY, e3);
                }
            }
        }
        if (!z) {
            return false;
        }
        try {
            this.keyStore.setCertificateEntry(TCAUtil.genPubKeyHash(certificate.getPublicKey()), certificate);
            return true;
        } catch (KeyStoreException e4) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e4);
        }
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public boolean importCertAndKey(java.security.cert.Certificate certificate, KeyPair keyPair) throws CertApiException {
        try {
            this.keyStore.setKeyEntry(TCAUtil.genPubKeyHash(keyPair.getPublic()), keyPair.getPrivate(), this.config.getPwd(), new java.security.cert.Certificate[]{certificate});
            saveStore();
            return true;
        } catch (KeyStoreException e) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e);
        }
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public PrivateKey getPriKeyByCert(java.security.cert.Certificate certificate) throws CertApiException {
        try {
            return (PrivateKey) this.keyStore.getKey(this.keyStore.getCertificateAlias(certificate), this.config.getPwd());
        } catch (KeyStoreException e) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e2);
        } catch (UnrecoverableKeyException e3) {
            throw new CertApiException(TCAErrCode.ERR_BAD_RECOVERABLEKEY, e3);
        }
    }

    @Override // cn.topca.api.cert.IKeyStoreProvider
    public PrivateKey getPriKeyByPubKey(PublicKey publicKey) throws CertApiException {
        for (java.security.cert.Certificate certificate : doListCerts(true)) {
            if (certificate.getPublicKey().equals(publicKey)) {
                return getPriKeyByCert(certificate);
            }
        }
        return null;
    }

    private void config(KeyStoreConfig keyStoreConfig) throws CertApiException {
        try {
            this.keyStore = KeyStore.getInstance(keyStoreConfig.getType(), TCAUtil.getSm2Provider());
            File file = new File(keyStoreConfig.getUri());
            if (!file.exists()) {
                throw new CertApiException(TCAErrCode.ERR_NOFOUND_KEYSTORE);
            }
            this.keyStore.load(new FileInputStream(file), keyStoreConfig.getPwd());
        } catch (IOException e) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e);
        } catch (KeyStoreException e2) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e3);
        } catch (CertificateException e4) {
            throw new CertApiException(TCAErrCode.ERR_LOAD_KEYSTORE, e4);
        }
    }

    private KeyPair genKey(String str, int i) throws CertApiException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e);
        }
    }

    private java.security.cert.Certificate genStubCert(KeyPair keyPair) throws CertApiException {
        Date date = new Date();
        Date date2 = new Date(date.getTime() + 31536000000L + 10);
        try {
            byte[] sha1PublicKey = KeyStoreUtils.sha1PublicKey(keyPair.getPublic());
            X500Name x500Name = new X500Name("CN=" + Hex.encodeHexString(sha1PublicKey));
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(sha1PublicKey), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
            x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier(stubOID), false, new DERInteger(sha1PublicKey));
            try {
                return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(keyPair.getPrivate().getAlgorithm().equals(TCA.SM2) ? "SM3withSM2" : "SHA1with" + keyPair.getPrivate().getAlgorithm()).build(keyPair.getPrivate())).getEncoded()));
            } catch (IOException e) {
                throw new CertApiException(TCAErrCode.ERR_STREAM, e);
            } catch (CertificateException e2) {
                throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e2);
            } catch (OperatorCreationException e3) {
                throw new CertApiException(TCAErrCode.ERR_OPERATORCREATION, e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e4);
        }
    }

    private String genCSR(String str, KeyPair keyPair, String str2) throws CertApiException {
        try {
            String provider = this.config.getProvider();
            if (provider.isEmpty()) {
                provider = keyPair.getPublic() instanceof ECKey ? "TopSM" : "BC";
            }
            return PKCS10OperatorUtils.genCSR(str, str2, keyPair, provider);
        } catch (IOException e) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e);
        } catch (InvalidKeyException e2) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e3);
        } catch (NoSuchProviderException e4) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PROVIDER, e4);
        } catch (OperatorCreationException e5) {
            throw new CertApiException(TCAErrCode.ERR_OPERATORCREATION, e5);
        } catch (SignatureException e6) {
            throw new CertApiException(TCAErrCode.ERR_CERT_SIGNATRUE, e6);
        }
    }

    private void saveStore() throws CertApiException {
        try {
            this.keyStore.store(new FileOutputStream(this.config.getUri()), this.config.getPwd());
        } catch (IOException e) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e);
        } catch (KeyStoreException e2) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e3);
        } catch (CertificateException e4) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e4);
        }
    }

    private java.security.cert.Certificate[] doListCerts(boolean z) throws CertApiException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                java.security.cert.Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if (TCAUtil.convBin2Cert(certificate.getEncoded()).getExtensionValue(stubOID) == null || z) {
                    arrayList.add(certificate);
                }
            }
            return (java.security.cert.Certificate[]) arrayList.toArray(new java.security.cert.Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            throw new CertApiException(TCAErrCode.ERR_CERT_BYKEYSTORE, e);
        } catch (CertificateEncodingException e2) {
            throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e2);
        }
    }
}
