package com.hebca.crypto.imp.file;

import com.hebca.crypto.AsymCrypter;
import com.hebca.crypto.Cert;
import com.hebca.crypto.Container;
import com.hebca.crypto.DN;
import com.hebca.crypto.Device;
import com.hebca.crypto.SKey;
import com.hebca.crypto.Signer;
import com.hebca.crypto.exception.AsymCryptException;
import com.hebca.crypto.exception.ConnectionException;
import com.hebca.crypto.exception.ContainerException;
import com.hebca.crypto.exception.DeviceException;
import com.hebca.crypto.exception.GenKeyPairException;
import com.hebca.crypto.exception.ImportCertException;
import com.hebca.crypto.exception.ImportKeyPairException;
import com.hebca.crypto.exception.KeyException;
import com.hebca.crypto.exception.LoginException;
import com.hebca.crypto.exception.NoCertExistException;
import com.hebca.crypto.exception.NotFindObjectException;
import com.hebca.crypto.exception.SignException;
import com.hebca.crypto.exception.SymCryptException;
import com.hebca.crypto.imp.CertImp;
import com.hebca.crypto.imp.ContainerBase;
import com.hebca.crypto.util.LogUtil;
import com.hebca.ext.crypto.sm2.SM2KeyPairGenerator;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Vector;
import javax.crypto.Cipher;
import org2.bouncycastle.asn1.DEREncodable;
import org2.bouncycastle.asn1.DERSequence;
import org2.bouncycastle.asn1.x509.GeneralName;
import org2.bouncycastle.asn1.x509.GeneralNames;
import org2.bouncycastle.asn1.x509.KeyPurposeId;
import org2.bouncycastle.jce.X509KeyUsage;
import org2.bouncycastle.jce.X509Principal;
import org2.bouncycastle.jce.provider.BouncyCastleProvider;
import org2.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes.dex */
public class ContainerFile extends ContainerBase {
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
    private String cryptAlias;
    private X509Certificate cryptCert;
    private KeyStore.PrivateKeyEntry cryptEntry;
    private KeyPair cryptKeyPair;
    private X509Certificate rootCert;
    private String signAlias;
    private X509Certificate signCert;
    private KeyStore.PrivateKeyEntry signEntry;
    private KeyPair signKeyPair;
    private String type;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public ContainerFile(Device device) {
        super(device);
        this.type = Container.TYPE_RSA;
    }

    public ContainerFile(Device device, String str) {
        super(device);
        this.type = str;
    }

    private byte[] decryptWappedSymKey(byte[] bArr) throws AsymCryptException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", BC);
            cipher.init(1, this.signKeyPair.getPrivate());
            return new AsymCrypterFile(cipher).crypt(bArr);
        } catch (Exception e) {
            throw new AsymCryptException();
        }
    }

    private X509Certificate makeCert(KeyPair keyPair) throws Exception {
        try {
            Vector vector = new Vector();
            Vector vector2 = new Vector();
            vector.addElement(X509Principal.CN);
            vector.addElement(X509Principal.C);
            vector.addElement(X509Principal.O);
            vector.addElement(X509Principal.L);
            vector.addElement(X509Principal.ST);
            vector2.addElement("root");
            vector2.addElement(DN.COMMON_NAME);
            vector2.addElement("hebca");
            vector2.addElement("shijiazhuang");
            vector2.addElement("hebei");
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
            x509V3CertificateGenerator.setIssuerDN(new X509Principal(vector, vector2));
            x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 50000));
            x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 50000));
            x509V3CertificateGenerator.setSubjectDN(new X509Principal(vector, vector2));
            x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm(this.type.equals(Container.TYPE_RSA) ? "SHA1WithRSAEncryption" : "SM3WithSM2");
            x509V3CertificateGenerator.addExtension("2.5.29.15", true, (DEREncodable) new X509KeyUsage(198));
            x509V3CertificateGenerator.addExtension("2.5.29.37", true, (DEREncodable) new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
            x509V3CertificateGenerator.addExtension("2.5.29.17", true, (DEREncodable) new GeneralNames(new GeneralName(1, "root@test.test")));
            this.rootCert = x509V3CertificateGenerator.generate(keyPair.getPrivate());
            this.rootCert.checkValidity(new Date());
            this.rootCert.verify(keyPair.getPublic());
            return this.rootCert;
        } catch (Exception e) {
            LogUtil.error("RSACertSigner", "Generate CA cert failed:" + e.getMessage());
            throw e;
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public AsymCrypter createAsymCrypter(boolean z) throws AsymCryptException, LoginException, ConnectionException {
        if (!z) {
            login();
        }
        try {
            Cipher cipher = this.type.equals(Container.TYPE_RSA) ? Cipher.getInstance("RSA/ECB/PKCS1PADDING") : Cipher.getInstance("SM2", "BC2");
            if (z) {
                cipher.init(1, this.cryptCert.getPublicKey());
            } else {
                cipher.init(2, getCryptEntry().getPrivateKey());
            }
            return new AsymCrypterFile(cipher);
        } catch (Exception e) {
            throw new AsymCryptException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Signer createSigner(String str) throws SignException, LoginException, ConnectionException {
        login();
        KeyStore.PrivateKeyEntry signEntry = getSignEntry();
        if (signEntry == null) {
            throw new SignException(new NotFindObjectException("签名密钥"));
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(signEntry.getPrivateKey());
            return new SignerFile(signature);
        } catch (InvalidKeyException e) {
            throw new SignException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignException(e2);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void generateKeyPair(int i) throws GenKeyPairException, LoginException {
        try {
            if (!getDevice().isLogined()) {
                login();
            }
            DeviceFile deviceFile = (DeviceFile) getDevice();
            if (!this.type.equalsIgnoreCase(Container.TYPE_RSA)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BC);
                keyPairGenerator.initialize(SM2KeyPairGenerator.GetParameterSpec());
                this.signKeyPair = keyPairGenerator.generateKeyPair();
                return;
            }
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(Container.TYPE_RSA, BC);
            keyPairGenerator2.initialize(i);
            this.signKeyPair = keyPairGenerator2.generateKeyPair();
            this.rootCert = makeCert(this.signKeyPair);
            deviceFile.getKeyStore().setKeyEntry("signPriKey", this.signKeyPair.getPrivate(), "123456".toCharArray(), new X509Certificate[]{this.rootCert});
            deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
            this.signAlias = "signPriKey";
        } catch (LoginException e) {
            e.printStackTrace();
            throw new LoginException(e);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new GenKeyPairException(e2);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Cert getCert(boolean z) throws NoCertExistException {
        if (z) {
            if (this.signCert == null) {
                throw new NoCertExistException();
            }
            return new CertImp(this, this.signCert);
        }
        if (this.cryptCert == null) {
            throw new NoCertExistException();
        }
        return new CertImp(this, this.cryptCert);
    }

    public String getContainerSubjectName() {
        return this.signCert != null ? this.signCert.getSubjectDN().toString() : this.cryptCert != null ? this.cryptCert.getSubjectDN().toString() : "";
    }

    public String getCryptAlias() {
        return this.cryptAlias;
    }

    public X509Certificate getCryptCert() {
        return this.cryptCert;
    }

    public KeyStore.PrivateKeyEntry getCryptEntry() {
        if (this.cryptEntry == null && this.cryptAlias != null) {
            DeviceFile deviceFile = (DeviceFile) getDevice();
            try {
                this.cryptEntry = (KeyStore.PrivateKeyEntry) deviceFile.getKeyStore().getEntry(this.cryptAlias, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            } catch (Exception e) {
            }
        }
        return this.cryptEntry;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public byte[] getPubKey(boolean z) throws ContainerException {
        if (z) {
            if (this.signKeyPair != null) {
                return this.signKeyPair.getPublic().getEncoded();
            }
            ContainerException containerException = new ContainerException();
            containerException.setDetailMessage("公钥不存在");
            throw containerException;
        }
        if (this.cryptKeyPair != null) {
            return this.cryptKeyPair.getPublic().getEncoded();
        }
        ContainerException containerException2 = new ContainerException();
        containerException2.setDetailMessage("公钥不存在");
        throw containerException2;
    }

    public String getSignAlias() {
        return this.signAlias;
    }

    public X509Certificate getSignCert() {
        return this.signCert;
    }

    public KeyStore.PrivateKeyEntry getSignEntry() {
        if (this.signEntry == null && this.signAlias != null) {
            DeviceFile deviceFile = (DeviceFile) getDevice();
            try {
                this.signEntry = (KeyStore.PrivateKeyEntry) deviceFile.getKeyStore().getEntry(this.signAlias, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            } catch (Exception e) {
            }
        }
        return this.signEntry;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String getType() {
        return this.type;
    }

    public boolean hasCert(boolean z) {
        return z ? this.signCert != null : this.cryptCert != null;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void importKeyPair(byte[] bArr, byte[] bArr2) throws ImportKeyPairException, LoginException {
        String type = getType();
        DeviceFile deviceFile = (DeviceFile) getDevice();
        try {
            if (!type.equals(Container.TYPE_RSA)) {
                this.cryptKeyPair = new KeyPair(null, null);
                return;
            }
            KeyFactory keyFactory = KeyFactory.getInstance(Container.TYPE_RSA, BC);
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
            this.cryptKeyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr2)), generatePrivate);
            this.rootCert = makeCert(this.cryptKeyPair);
            deviceFile.getKeyStore().setKeyEntry("cryptPriKey", generatePrivate, "123456".toCharArray(), new X509Certificate[]{this.rootCert});
            deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
            this.cryptAlias = "cryptPriKey";
        } catch (Exception e) {
            throw new ImportKeyPairException();
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void importWappedKeyPair(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws ImportKeyPairException, AsymCryptException, SymCryptException, LoginException, ConnectionException {
        if (!getDevice().isLogined()) {
            login();
        }
        Device device = getDevice();
        SKey sKey = null;
        try {
            try {
                sKey = device.importKey("_tmp_importCert", str, decryptWappedSymKey(bArr));
                importKeyPair(device.createSymCrypter(str, false, sKey).symCrypt(bArr2), bArr3);
                if (sKey != null) {
                    try {
                        device.deleteKey(sKey);
                    } catch (Exception e) {
                    }
                }
            } catch (DeviceException e2) {
                e2.printStackTrace();
                throw new ImportKeyPairException(e2);
            } catch (KeyException e3) {
                e3.printStackTrace();
                throw new ImportKeyPairException(e3);
            }
        } catch (Throwable th) {
            if (sKey != null) {
                try {
                    device.deleteKey(sKey);
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void setCert(boolean z, Cert cert) throws ImportCertException, LoginException {
        try {
            if (!getDevice().isLogined()) {
                login();
            }
            DeviceFile deviceFile = (DeviceFile) getDevice();
            X509Certificate[] x509CertificateArr = {cert.getX509Certificate()};
            if (z) {
                if (deviceFile.getKeyStore().containsAlias("signPriKey")) {
                    deviceFile.getKeyStore().deleteEntry("signPriKey");
                    this.signEntry = new KeyStore.PrivateKeyEntry(this.signKeyPair.getPrivate(), x509CertificateArr);
                    deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.signEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
                } else {
                    this.signEntry = new KeyStore.PrivateKeyEntry(this.signKeyPair != null ? this.signKeyPair.getPrivate() : getSignEntry().getPrivateKey(), x509CertificateArr);
                    deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.signEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
                }
                deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
                deviceFile.writeSoConfig(deviceFile.readSoConfig().getString("soPassword"), deviceFile.getPassword(), true, 6);
            }
        } catch (LoginException e) {
            e.printStackTrace();
            throw new LoginException(e);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new ImportCertException(e2);
        }
    }

    public void setCryptAlias(String str) {
        this.cryptAlias = str;
    }

    public void setCryptCert(X509Certificate x509Certificate) {
        this.cryptCert = x509Certificate;
    }

    public void setSignAlias(String str) {
        this.signAlias = str;
    }

    public void setSignCert(X509Certificate x509Certificate) {
        this.signCert = x509Certificate;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String[] supportSignAlgs() {
        return this.type.equals(Container.TYPE_RSA) ? new String[]{"SHA1WithRSA"} : new String[]{"SM3WithSM2"};
    }
}
