package cn.com.jit.ida.util.pki.pkcs;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.ASN1Set;
import cn.com.jit.ida.util.pki.asn1.DERBitString;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DERPrintableString;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.DERUTF8String;
import cn.com.jit.ida.util.pki.asn1.cfca.CFCACertificationRequestInfo;
import cn.com.jit.ida.util.pki.asn1.cfca.util.CFCAUtil;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs10.CertificationRequest;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs10.CertificationRequestInfo;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.SubjectPublicKeyInfo;
import cn.com.jit.ida.util.pki.asn1.x509.X509Extensions;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.encoders.Base64;
import java.util.Enumeration;
import java.util.HashMap;

/* loaded from: classes.dex */
public class PKCS10 {
    public static final String ED25519 = "ED25519";
    public static final String ED448 = "ED448";
    public static boolean LoadedConfigFile = false;
    public static final String MD2_RSA = "MD2withRSAEncryption";
    public static final String MD5_RSA = "MD5withRSAEncryption";
    public static final String SHA1_DSA = "SHA1withDSA";
    public static final String SHA1_EC_DSA = "SHA1withECDSA";
    public static final String SHA1_RSA = "SHA1withRSAEncryption";
    public static final String SHA224_EC_DSA = "SHA224withECDSA";
    public static final String SHA256_EC_DSA = "SHA256withECDSA";
    public static final String SHA256_RSA = "SHA256withRSAEncryption";
    public static final String SHA384_RSA = "SHA384withRSAEncryption";
    public static final String SHA512_RSA = "SHA512withRSAEncryption";
    private Session session;
    private String subject = null;
    private X509Name x509Name = null;
    private JKey pubKey = null;
    private ASN1Set attributes = null;
    private boolean needVerify = false;
    private X509Name xSub = null;

    public PKCS10(Session session) {
        this.session = null;
        if (session != null) {
            this.session = session;
        } else {
            try {
                this.session = JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB);
            } catch (Exception unused) {
            }
        }
    }

    public boolean checkSubRules() throws Exception {
        Enumeration objects = ((ASN1Sequence) this.xSub.getDERObject()).getObjects();
        while (objects.hasMoreElements()) {
            ASN1Set aSN1Set = (ASN1Set) objects.nextElement();
            for (int i = 0; i < aSN1Set.size(); i++) {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Set.getObjectAt(i);
                if (X509Name.C.equals(aSN1Sequence.getObjectAt(0))) {
                    if (!(aSN1Sequence.getObjectAt(1) instanceof DERPrintableString)) {
                        return false;
                    }
                } else if (!(aSN1Sequence.getObjectAt(1) instanceof DERUTF8String)) {
                    return false;
                }
            }
        }
        return true;
    }

    public CertificationRequest generateCFCACertificationRequest(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        Mechanism mechanism = new Mechanism(str);
        if (!mechanism.isSignabled()) {
            throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm: " + str);
        }
        this.subject = str2;
        this.pubKey = jKey;
        this.attributes = aSN1Set;
        X509Name x509Name = new X509Name(str2);
        AlgorithmIdentifier signAlgorithmIdentifier = PKIConstant.getSignAlgorithmIdentifier(str);
        if (signAlgorithmIdentifier == null) {
            throw new PKIException("8173", "Failed to generate P10 application Unsupported signature algorithm " + str);
        }
        if (str2 == null) {
            throw new PKIException("8173", "Failed to generate P10 application Subject information must not be empty");
        }
        if (jKey == null) {
            throw new PKIException("8173", "Failed to generate P10 application Public key must not be empty");
        }
        if (jKey2 == null) {
            throw new PKIException("8173", "Failed to generate P10 application The signature private key must not be empty");
        }
        SubjectPublicKeyInfo key2SPKI = Parser.key2SPKI(jKey);
        CFCACertificationRequestInfo cFCACertificationRequestInfo = new CFCACertificationRequestInfo(x509Name, key2SPKI, "111111", CFCAUtil.paserSubjectPublicKeyInfo2CFCATempPublicKeyInfo(key2SPKI), aSN1Set);
        return new CertificationRequest(cFCACertificationRequestInfo, signAlgorithmIdentifier, new DERBitString(this.session.sign(mechanism, jKey2, Parser.writeDERObj2Bytes(cFCACertificationRequestInfo.getDERObject()))));
    }

    public byte[] generateCFCACertificationRequestData_B64(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        return Base64.encode(Parser.writeDERObj2Bytes(generateCFCACertificationRequest(str, str2, jKey, aSN1Set, jKey2).getDERObject()));
    }

    public byte[] generateCFCACertificationRequestData_DER(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        return Parser.writeDERObj2Bytes(generateCFCACertificationRequest(str, str2, jKey, aSN1Set, jKey2).getDERObject());
    }

    public CertificationRequest generateCertificationRequest(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        Mechanism mechanism = new Mechanism(str);
        if (!mechanism.isSignabled()) {
            throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm: " + str);
        }
        this.subject = str2;
        this.pubKey = jKey;
        this.attributes = aSN1Set;
        X509Name x509Name = new X509Name(str2);
        AlgorithmIdentifier signAlgorithmIdentifier = PKIConstant.getSignAlgorithmIdentifier(str);
        if (signAlgorithmIdentifier == null) {
            throw new PKIException("8173", "Failed to generate P10 application Unsupported signature algorithm " + str);
        }
        if (str2 == null) {
            throw new PKIException("8173", "Failed to generate P10 application Subject information must not be empty");
        }
        if (jKey == null) {
            throw new PKIException("8173", "Failed to generate P10 application Public key must not be empty");
        }
        if (jKey2 == null) {
            throw new PKIException("8173", "Failed to generate P10 application The signature private key must not be empty");
        }
        CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(x509Name, Parser.key2SPKI(jKey), aSN1Set);
        return new CertificationRequest(certificationRequestInfo, signAlgorithmIdentifier, new DERBitString(this.session.sign(mechanism, jKey2, Parser.writeDERObj2Bytes(certificationRequestInfo.getDERObject()))));
    }

    public byte[] generateCertificationRequestData_B64(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        return Base64.encode(Parser.writeDERObj2Bytes(generateCertificationRequest(str, str2, jKey, aSN1Set, jKey2).getDERObject()));
    }

    public byte[] generateCertificationRequestData_DER(String str, String str2, JKey jKey, ASN1Set aSN1Set, JKey jKey2) throws PKIException {
        return Parser.writeDERObj2Bytes(generateCertificationRequest(str, str2, jKey, aSN1Set, jKey2).getDERObject());
    }

    public ASN1Set getAttributes() {
        return this.attributes;
    }

    public JKey getPubKey() {
        return this.pubKey;
    }

    public String getSubject() {
        return this.subject;
    }

    public X509Extensions getX509Extensions() {
        ASN1Set aSN1Set = this.attributes;
        if (aSN1Set == null) {
            return null;
        }
        Enumeration objects = aSN1Set.getObjects();
        while (objects.hasMoreElements()) {
            Object nextElement = objects.nextElement();
            if (nextElement instanceof DERSequence) {
                DERSequence dERSequence = (DERSequence) nextElement;
                if (dERSequence.size() >= 2) {
                    if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals((DERObjectIdentifier) dERSequence.getObjectAt(0))) {
                        return X509Extensions.getInstance(((DERSet) dERSequence.getObjectAt(1)).getObjects().nextElement());
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    public X509Name getX509NameSubject() {
        X509Name x509Name = this.x509Name;
        return x509Name == null ? new X509Name(this.subject) : x509Name;
    }

    public void load(CertificationRequest certificationRequest) throws PKIException {
        load(certificationRequest, "auto");
    }

    public void load(CertificationRequest certificationRequest, String str) throws PKIException {
        AlgorithmIdentifier signatureAlgorithm = certificationRequest.getSignatureAlgorithm();
        Mechanism mechanismByDERObjectIdentifier = PKIConstant.getMechanismByDERObjectIdentifier(signatureAlgorithm);
        if (mechanismByDERObjectIdentifier == null) {
            throw new PKIException("8173", "Failed to generate P10 application Unsupported signature algorithm " + signatureAlgorithm.getObjectId().toString());
        }
        byte[] bytes = certificationRequest.getSignature().getBytes();
        CertificationRequestInfo certificationRequestInfo = certificationRequest.getCertificationRequestInfo();
        byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(certificationRequestInfo.getVerifyDERObject());
        this.pubKey = Parser.SPKI2Key(certificationRequestInfo.getSubjectPublicKeyInfo());
        if ("false".equalsIgnoreCase(str)) {
            this.needVerify = false;
        } else if ("true".equalsIgnoreCase(str)) {
            this.needVerify = true;
        } else if (this.session.getCfgTag() != null) {
            this.needVerify = this.session.getCfgTag().isVerifyP10Signature();
        } else {
            this.needVerify = false;
        }
        if (this.needVerify && !this.session.verifySign(mechanismByDERObjectIdentifier, this.pubKey, writeDERObj2Bytes, bytes)) {
            throw new PKIException("8174", "parsing P10 application failed signature verification failed");
        }
        this.xSub = certificationRequestInfo.getSubject();
        X509Name subject = certificationRequestInfo.getSubject();
        this.x509Name = subject;
        subject.setRules(new HashMap());
        this.subject = certificationRequestInfo.getSubject().toString();
        this.attributes = certificationRequestInfo.getAttributes();
    }

    public void load(byte[] bArr) throws PKIException {
        load(bArr, "auto");
    }

    public void load(byte[] bArr, String str) throws PKIException {
        byte[] decodePem = Parser.decodePem(bArr);
        if (Parser.isBase64Encode(decodePem)) {
            decodePem = Base64.decode(decodePem);
        }
        try {
            if (decodePem[0] != 48) {
                throw new Exception();
            }
            load(new CertificationRequest((ASN1Sequence) Parser.writeBytes2DERObj(decodePem)), str);
        } catch (Exception unused) {
            throw new PKIException("8174", PKIException.PARSE_P10_ERR_DES, new Exception("The PKCS10 CertificationRequest content error."));
        }
    }
}
