package com.sxca.wg.certutil;

import android.app.Activity;
import android.os.Build;
import android.util.Log;
import cn.com.jit.android.ida.util.pki.keystore.P10RequestData;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.keystore.KeyEntry;
import cn.com.jit.ida.util.pki.pkcs.P7B;
import cn.com.jit.ida.util.pki.pkcs.PKCS10;
import cn.com.jit.pnxclient.BaseManager;
import cn.com.jit.pnxclient.exception.PNXClientException;
import cn.com.jit.pnxclient.handler.SoftKeyStoreHandler;
import cn.com.jit.pnxclient.pojo.CertEntry;
import cn.com.jit.pnxclient.util.CommonUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.http.HttpException;

/* loaded from: classes.dex */
public class PNXCertUtil extends BaseManager {
    private String checkPath;
    private String downPath;
    private String tag = "PNXReqCertUtil";
    private String updatePath;

    public PNXCertUtil(String str) {
        this.downPath = "/mobilecert/mobileCertDown";
        this.updatePath = "/mobilecert/mobileUpdateApply";
        this.checkPath = "/mobilecert/searchCertStatus";
        this.downPath = String.valueOf(str) + this.downPath;
        this.updatePath = String.valueOf(str) + this.updatePath;
        this.checkPath = String.valueOf(str) + this.checkPath;
        try {
            initKeyStore();
        } catch (PNXClientException e) {
            e.printStackTrace();
        }
    }

    private String createSubject(String str) {
        return CommonUtil.buildString("CN=", str, ",C=CN");
    }

    private P10RequestData genRSAP10(String str, int i, String str2) throws PNXClientException {
        String createSubject = createSubject(str);
        try {
            this.keyStoreHandler.setPrivateKeyPassWord(str2);
            return this.keyStoreHandler.genP10Request(createSubject, "RSA", i);
        } catch (Exception e) {
            Log.e(this.tag, "P10请求数据生成失败");
            throw new PNXClientException("CA10001", "P10请求数据生成失败", e);
        }
    }

    private String getAlias(JKey jKey) throws PNXClientException {
        try {
            return new String(Base64.encode(this.keyStoreHandler.getSession().digest(new Mechanism("SHA1"), jKey.getKey())));
        } catch (PKIException e) {
            Log.e(this.tag, "证书别名Alias提取失败");
            throw new PNXClientException(e.getErrCode(), e.getErrDesc(), e);
        }
    }

    private X509Cert[] getCerts(String str) throws PNXClientException {
        try {
            return new P7B().parseP7b(str.getBytes());
        } catch (PKIException e) {
            Log.e(this.tag, "P7B数据转换失败");
            throw new PNXClientException(e.getErrCode(), e.getErrDesc(), e);
        }
    }

    private String getP10Alias(String str) throws PNXClientException {
        if (CommonUtil.isEmpty(str)) {
            return null;
        }
        try {
            Session session = this.keyStoreHandler.getSession();
            PKCS10 pkcs10 = new PKCS10(session);
            pkcs10.load(str.getBytes());
            return new String(Base64.encode(session.digest(new Mechanism("SHA1"), pkcs10.getPubKey().getKey())));
        } catch (PKIException e) {
            Log.e(this.tag, "P10证书别名Alias提取失败");
            throw new PNXClientException(e.getErrCode(), e.getErrDesc(), e);
        }
    }

    private String getRSAP10_str(P10RequestData p10RequestData) {
        if (p10RequestData != null) {
            return p10RequestData.getP10Request();
        }
        Log.e(this.tag, "P10请求数据生成失败");
        return null;
    }

    private void initKeyStore() throws PNXClientException {
        try {
            setKeyStoreHandler(new SoftKeyStoreHandler());
            this.keyStoreHandler.initialize();
        } catch (Exception e) {
            Log.e(this.tag, "证书容器初始化失败");
            throw new PNXClientException("CA10000", "证书容器初始化失败", e);
        }
    }

    private void setCertEntry(CertEntry certEntry, X509Cert x509Cert) {
        certEntry.setIssuer(x509Cert.getIssuer());
        certEntry.setNotAfter(x509Cert.getNotAfter());
        certEntry.setNotBefore(x509Cert.getNotBefore());
        certEntry.setSerialNumber(x509Cert.getSerialNumber());
        certEntry.setSubject(x509Cert.getSubject());
        certEntry.setVersion(x509Cert.getVersion());
        certEntry.setSignalGid(x509Cert.getSignatureAlgName());
        certEntry.setStringSerialNumber(x509Cert.getStringSerialNumber());
    }

    private CertEntry tranceKeyEntry(KeyEntry keyEntry) {
        CertEntry certEntry = new CertEntry();
        certEntry.setAilas(keyEntry.getAilas());
        setCertEntry(certEntry, keyEntry.getCert());
        certEntry.setKeyType("RSA");
        return certEntry;
    }

    public boolean changePwd(String str, String str2, String str3) throws PNXClientException {
        reset();
        try {
            return this.keyStoreHandler.changePassword(str, str2, str3);
        } catch (Exception e) {
            throw new PNXClientException("CA10008", "修改密码失败", e);
        }
    }

    public boolean deleteCert(String str) throws PNXClientException {
        reset();
        try {
            return this.keyStoreHandler.delKeyEntry(str);
        } catch (Exception e) {
            Log.e(this.tag, "删除证书失败");
            throw new PNXClientException("CA10002", "删除证书失败", e);
        }
    }

    public boolean deleteCert(String str, String str2) throws PNXClientException {
        reset();
        try {
            return this.keyStoreHandler.delKeyEntry(str, str2);
        } catch (Exception e) {
            throw new PNXClientException("CA10002", "删除证书失败", e);
        }
    }

    public CertEntry downCert(Activity activity, String str, String str2) throws PNXClientException {
        boolean z = false;
        try {
            try {
                try {
                    P10RequestData genRSAP10 = genRSAP10(str, 1024, str2);
                    String rSAP10_str = getRSAP10_str(genRSAP10);
                    String p10Alias = getP10Alias(rSAP10_str);
                    HashMap hashMap = new HashMap();
                    hashMap.put("p10", rSAP10_str);
                    hashMap.put("authcode", str);
                    hashMap.put("equcode", getDeviceID(activity));
                    hashMap.put("equtype", getPhoneInfo());
                    ResultValue resultValue = new ResultValue(new HttpUtil().post(this.downPath, hashMap));
                    if (resultValue.getFlag().equals("0") || CommonUtil.isEmpty(resultValue.getP7b())) {
                        throw new PNXClientException("CA10007", CommonUtil.isEmpty(resultValue.getErrorMsg()) ? "证书下载失败" : resultValue.getErrorMsg());
                    }
                    X509Cert[] certs = getCerts(resultValue.getP7b());
                    for (int i = 0; i < certs.length; i++) {
                        if (getAlias(certs[i].getPublicKey()).equals(p10Alias)) {
                            this.keyStoreHandler.saveCert(genRSAP10.getCKID(), certs[i]);
                            z = true;
                        }
                    }
                    CertEntry tranceKeyEntry = tranceKeyEntry(this.keyStoreHandler.getKeyEntry(p10Alias, str2));
                    refreshCert();
                    if (!z && !CommonUtil.isEmpty(p10Alias)) {
                        deleteCert(p10Alias);
                    }
                    return tranceKeyEntry;
                } catch (Exception e) {
                    throw new PNXClientException("CA10004", "证书下载失败", e);
                }
            } catch (PKIException e2) {
                throw new PNXClientException("CA10003", "P7B文件公钥获取失败", e2);
            } catch (PNXClientException e3) {
                throw e3;
            }
        } catch (Throwable th) {
            if (0 == 0 && !CommonUtil.isEmpty((String) null)) {
                deleteCert(null);
            }
            throw th;
        }
    }

    public List<CertEntry> getCertList() throws PNXClientException {
        reset();
        try {
            List<KeyEntry> keyEntryList = this.keyStoreHandler.getKeyEntryList();
            if (keyEntryList == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            try {
                Iterator<KeyEntry> it = keyEntryList.iterator();
                while (it.hasNext()) {
                    arrayList.add(tranceKeyEntry(it.next()));
                }
                return arrayList;
            } catch (PNXClientException e) {
                throw e;
            } catch (Exception e2) {
                e = e2;
                throw new PNXClientException("CA10005", "证书列表获取失败", e);
            }
        } catch (PNXClientException e3) {
            throw e3;
        } catch (Exception e4) {
            e = e4;
        }
    }

    public String getDeviceID(Activity activity) {
        return CommonUtil.getLocalMacAddress(activity);
    }

    public String getPhoneInfo() {
        return String.valueOf(Build.MANUFACTURER) + " " + Build.MODEL;
    }

    public void refreshCert() throws PNXClientException {
        try {
            List<CertEntry> certList = getCertList();
            for (int i = 0; i < certList.size(); i++) {
                CertEntry certEntry = certList.get(i);
                if (certEntry.getNotAfter().getTime() < new Date().getTime()) {
                    deleteCert(certEntry.getAilas());
                } else {
                    HashMap hashMap = new HashMap();
                    hashMap.put("certSubject", "");
                    hashMap.put("userId", "");
                    hashMap.put("certsn", Long.toHexString(Long.parseLong(certEntry.getSerialNumber().toString())).toUpperCase());
                    hashMap.put("usbKeyCertsn", "");
                    String post = new HttpUtil().post(this.checkPath, hashMap);
                    if (!CommonUtil.isEmpty(post)) {
                        ResultValue resultValue = new ResultValue(post);
                        if (!CommonUtil.isEmpty(resultValue.getCertStatus()) && resultValue.getCertStatus().equals("Revoke")) {
                            deleteCert(certEntry.getAilas());
                        }
                    }
                }
            }
        } catch (PNXClientException e) {
            throw new PNXClientException("CA10005", "证书列表获取失败", e);
        } catch (IOException e2) {
            throw new PNXClientException("CA10006", "网络连接失败", e2);
        } catch (HttpException e3) {
            throw new PNXClientException("CA10006", "网络连接失败", e3);
        }
    }

    public ResultValue updateCert(Activity activity, CertEntry certEntry, String str) throws PNXClientException {
        try {
            if (!changePwd(certEntry.getAilas(), str, str)) {
                throw new PNXClientException("CA10009", "密码验证失败");
            }
            HashMap hashMap = new HashMap();
            hashMap.put("certsn", Long.toHexString(Long.parseLong(certEntry.getSerialNumber().toString())).toUpperCase());
            return new ResultValue(new HttpUtil().post(this.updatePath, hashMap));
        } catch (PNXClientException e) {
            throw new PNXClientException("CA10009", "密码验证失败", e);
        } catch (Exception e2) {
            throw new PNXClientException("CA10006", "网络连接失败", e2);
        }
    }
}
