package cn.org.bjca.signet.helper.utils;

import android.content.Context;
import cn.org.bjca.mssp.clientalg.util.CipherUtil;
import cn.org.bjca.mssp.clientalg.util.EncodeUtil;
import cn.org.bjca.mssp.msspjce.asn1.ASN1Sequence;
import cn.org.bjca.mssp.msspjce.asn1.ASN1Set;
import cn.org.bjca.mssp.msspjce.asn1.DERBitString;
import cn.org.bjca.mssp.msspjce.asn1.oiw.OIWObjectIdentifiers;
import cn.org.bjca.mssp.msspjce.asn1.pkcs.CertificationRequest;
import cn.org.bjca.mssp.msspjce.asn1.pkcs.CertificationRequestInfo;
import cn.org.bjca.mssp.msspjce.asn1.x500.X500Name;
import cn.org.bjca.mssp.msspjce.asn1.x509.AlgorithmIdentifier;
import cn.org.bjca.mssp.msspjce.asn1.x509.SubjectPublicKeyInfo;
import cn.org.bjca.mssp.msspjce.asn1.x9.X9ObjectIdentifiers;
import cn.org.bjca.mssp.msspjce.jce.provider.MSSPProvider;
import cn.org.bjca.mssp.msspjce.pqc.jcajce.spec.McElieceCCA2ParameterSpec;
import cn.org.bjca.signet.BJCASignetInfo;
import cn.org.bjca.signet.DeviceStore;
import cn.org.bjca.signet.core.Signet;
import cn.org.bjca.signet.helper.bean.CertPolicy;
import cn.org.bjca.signet.helper.params.CertParamRSA;
import cn.org.bjca.signet.helper.params.CertParamSM2;
import com.alibaba.mobileim.channel.itf.PackData;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class CertUtils {
    private static String decStorePriKey(Context context, String str, String str2) {
        Cipher cipher;
        byte[] bArr;
        byte[] bArr2 = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1};
        byte[] hash = CipherUtil.hash(McElieceCCA2ParameterSpec.DEFAULT_MD, StringUtils.base64Decode(str2));
        byte[] bArr3 = new byte[hash.length / 2];
        System.arraycopy(hash, 0, bArr3, 0, bArr3.length);
        String plainInfo = DeviceStore.getPlainInfo(context, str);
        try {
            try {
                cipher = Cipher.getInstance("SM4/CBC/PKCS5Padding", MSSPProvider.PROVIDER_NAME);
            } catch (Exception e) {
                e.printStackTrace();
                cipher = null;
            }
            cipher.init(2, new SecretKeySpec(bArr3, "SM4/CBC/PKCS5Padding"), new IvParameterSpec(bArr2));
            bArr = cipher.doFinal(StringUtils.base64Decode(plainInfo));
        } catch (Exception e2) {
            bArr = null;
        }
        return StringUtils.base64Encode(bArr);
    }

    private static void encStorePriKey(Context context, String str, String str2, String str3) {
        byte[] bArr;
        byte[] bArr2 = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1};
        byte[] hash = CipherUtil.hash(McElieceCCA2ParameterSpec.DEFAULT_MD, StringUtils.base64Decode(str));
        byte[] bArr3 = new byte[hash.length / 2];
        System.arraycopy(hash, 0, bArr3, 0, bArr3.length);
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance("SM4/CBC/PKCS5Padding", MSSPProvider.PROVIDER_NAME);
        } catch (Exception e) {
            e.printStackTrace();
        }
        try {
            cipher.init(1, new SecretKeySpec(bArr3, "SM4/CBC/PKCS5Padding"), new IvParameterSpec(bArr2));
            bArr = cipher.doFinal(StringUtils.base64Decode(str2));
        } catch (InvalidAlgorithmParameterException e2) {
            e2.printStackTrace();
            bArr = null;
        } catch (InvalidKeyException e3) {
            e3.printStackTrace();
            bArr = null;
        } catch (BadPaddingException e4) {
            e = e4;
            e.printStackTrace();
            bArr = null;
        } catch (IllegalBlockSizeException e5) {
            e = e5;
            e.printStackTrace();
            bArr = null;
        }
        DeviceStore.setPlainInfo(context, str3, StringUtils.base64Encode(bArr));
    }

    public static String genOfflineSign(Context context, String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        String str7 = String.valueOf(str3) + "with" + str2;
        PrivateKey generatePrivate = KeyFactory.getInstance(str2, MSSPProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(StringUtils.base64Decode(decStorePriKey(context, str6, str5))));
        Signature signature = Signature.getInstance(str7, MSSPProvider.PROVIDER_NAME);
        signature.initSign(generatePrivate);
        signature.update(str.getBytes(PackData.ENCODE));
        return StringUtils.base64Encode(signature.sign());
    }

    public static void genParamsWithPolicy(Context context, String str, String str2, String str3, Map<String, String> map, CertPolicy certPolicy) {
        Signet signet = new Signet(context);
        String property = signet.getProperty(BJCASignetInfo.ParamConst.TEMP_KEY_LOGIN_RANDOM + str3);
        if (StringUtils.isEmpty(property)) {
            property = signet.generateRandom(Integer.parseInt("16"));
            signet.setProperty(BJCASignetInfo.ParamConst.TEMP_KEY_LOGIN_RANDOM + str3, property);
        }
        if (certPolicy.getAlgoPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_ALGO_RSA)) {
            if (certPolicy.getSignType().equalsIgnoreCase("AUTH")) {
                if (!certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_USE_PIN)) {
                    str2 = certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_NO_PIN) ? property : "";
                }
                String generateClientKey = signet.generateClientKey(BJCASignetInfo.ParamConst.TEMP_KEY_LOGIN_RSA + str3, str, str2, "rsa");
                CertParamRSA certParamRSA = new CertParamRSA();
                certParamRSA.setEncPin(generateClientKey);
                map.put(certPolicy.getId(), StringUtils.base64Encode(JSONUtils.Object2JSON(certParamRSA).getBytes()));
                return;
            }
            if (certPolicy.getSignType().equalsIgnoreCase("SIGN")) {
                if (!certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_USE_PIN)) {
                    str2 = certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_NO_PIN) ? property : "";
                }
                String generateClientKey2 = signet.generateClientKey(BJCASignetInfo.ParamConst.TEMP_KEY_SIGN_RSA + str3, str, str2, "rsa");
                CertParamRSA certParamRSA2 = new CertParamRSA();
                certParamRSA2.setEncPin(generateClientKey2);
                map.put(certPolicy.getId(), StringUtils.base64Encode(JSONUtils.Object2JSON(certParamRSA2).getBytes()));
                return;
            }
            return;
        }
        if (certPolicy.getAlgoPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_ALGO_SM2)) {
            if (certPolicy.getSignType().equalsIgnoreCase("AUTH")) {
                CertParamSM2 certParamSM2 = new CertParamSM2();
                certParamSM2.setSm2Parame(signet.calculateG(signet.generateRandom(32)));
                if (!certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_USE_PIN)) {
                    str2 = certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_NO_PIN) ? property : "";
                }
                certParamSM2.setSm2PubKey(signet.generateClientKey(BJCASignetInfo.ParamConst.TEMP_KEY_LOGIN_SM2 + str3, str, str2, "sm2"));
                map.put(certPolicy.getId(), StringUtils.base64Encode(JSONUtils.Object2JSON(certParamSM2).getBytes()));
                return;
            }
            if (certPolicy.getSignType().equalsIgnoreCase("SIGN")) {
                CertParamSM2 certParamSM22 = new CertParamSM2();
                certParamSM22.setSm2Parame(signet.calculateG(signet.generateRandom(32)));
                if (!certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_USE_PIN)) {
                    str2 = certPolicy.getUsePINPolicy().equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_NO_PIN) ? property : "";
                }
                certParamSM22.setSm2PubKey(signet.generateClientKey(BJCASignetInfo.ParamConst.TEMP_KEY_SIGN_SM2 + str3, str, str2, "sm2"));
                map.put(certPolicy.getId(), StringUtils.base64Encode(JSONUtils.Object2JSON(certParamSM22).getBytes()));
            }
        }
    }

    public static String genRSAP10(Context context, String str, int i, String str2, String str3) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(BJCASignetInfo.CertPolicyConst.CP_ALGO_RSA);
        keyPairGenerator.initialize(i);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PublicKey publicKey = genKeyPair.getPublic();
        PrivateKey privateKey = genKeyPair.getPrivate();
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publicKey.getEncoded()));
        encStorePriKey(context, str3, StringUtils.base64Encode(privateKey.getEncoded()), str2);
        CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Name(str), subjectPublicKeyInfo, (ASN1Set) null);
        byte[] encoded = certificationRequestInfo.getEncoded();
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(privateKey);
        signature.update(encoded);
        return EncodeUtil.base64Encode(new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(OIWObjectIdentifiers.sha1WithRSA), new DERBitString(signature.sign())).getEncoded());
    }

    public static String genSM2P10(Context context, String str, int i, String str2, String str3) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(BJCASignetInfo.CertPolicyConst.CP_ALGO_SM2, MSSPProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(i);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PublicKey publicKey = genKeyPair.getPublic();
        PrivateKey privateKey = genKeyPair.getPrivate();
        encStorePriKey(context, str3, StringUtils.base64Encode(privateKey.getEncoded()), str2);
        CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Name(str), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publicKey.getEncoded())), (ASN1Set) null);
        byte[] encoded = certificationRequestInfo.getEncoded();
        Signature signature = Signature.getInstance(BJCASignetInfo.CertPolicyConst.CP_ALGO_SM2);
        signature.initSign(privateKey);
        signature.update(encoded);
        return EncodeUtil.base64Encode(new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(X9ObjectIdentifiers.sm2_with_SM3), new DERBitString(signature.sign())).getEncoded());
    }

    public boolean hasOfflineCert(Context context, String str, String str2, String str3) {
        if (str2.equalsIgnoreCase(BJCASignetInfo.CertPolicyConst.CP_ALGO_RSA)) {
            if (str3.equalsIgnoreCase("AUTH")) {
                if (!StringUtils.isEmpty(DeviceStore.getPlainInfo(context, BJCASignetInfo.CertPolicyConst.CERT_OFFLINE_RSA_LOGIN + str))) {
                    return true;
                }
            } else if (!StringUtils.isEmpty(DeviceStore.getPlainInfo(context, BJCASignetInfo.CertPolicyConst.CERT_OFFLINE_RSA_SIGN + str))) {
                return true;
            }
        } else if (str3.equalsIgnoreCase("AUTH")) {
            if (!StringUtils.isEmpty(DeviceStore.getPlainInfo(context, BJCASignetInfo.CertPolicyConst.CERT_OFFLINE_SM2_LOGIN + str))) {
                return true;
            }
        } else if (!StringUtils.isEmpty(DeviceStore.getPlainInfo(context, BJCASignetInfo.CertPolicyConst.CERT_OFFLINE_SM2_SIGN + str))) {
            return true;
        }
        return false;
    }
}
