package cn.com.jit.pnxclient.cert;

import cn.com.jit.android.ida.util.pki.keystore.P10RequestData;
import cn.com.jit.android.ida.util.pki.pkcs.PKCS12;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cert.X509CertGenerator;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.JKeyPair;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.lib.JSoftLib;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.extension.AuthorityKeyIdentifierExt;
import cn.com.jit.ida.util.pki.extension.KeyUsageExt;
import cn.com.jit.ida.util.pki.extension.SubjectKeyIdentifierExt;
import cn.com.jit.ida.util.pki.keystore.KeyEntry;
import cn.com.jit.ida.util.pki.pkcs.P7B;
import cn.com.jit.ida.util.pki.pkcs.PKCS10;
import cn.com.jit.pnxclient.BaseManager;
import cn.com.jit.pnxclient.constant.MessageCode;
import cn.com.jit.pnxclient.constant.PNXConfigConstant;
import cn.com.jit.pnxclient.exception.PNXClientException;
import cn.com.jit.pnxclient.log.Log;
import cn.com.jit.pnxclient.net.ConnectFactory;
import cn.com.jit.pnxclient.net.ConnectParam;
import cn.com.jit.pnxclient.net.GwReponseParse;
import cn.com.jit.pnxclient.net.IConnect;
import cn.com.jit.pnxclient.net.MessageAssembly;
import cn.com.jit.pnxclient.pojo.CertEntry;
import cn.com.jit.pnxclient.pojo.CertResponse;
import cn.com.jit.pnxclient.util.CommonUtil;
import cn.com.jit.pnxclient.util.FileUtil;
import com.ecology.view.jsbridge.BridgeUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.SocketTimeoutException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;

/* loaded from: classes.dex */
public class CertManager extends BaseManager {
    private String createSubject(String str) throws PNXClientException {
        if (CommonUtil.isEmpty(str)) {
            throw new PNXClientException(MessageCode.A00102);
        }
        Log.d("cert Credential", str);
        return CommonUtil.buildString("CN=", str, ",C=CN");
    }

    private boolean deleteSM2Cert(String str) {
        String buildFilePathByChdir = FileUtil.buildFilePathByChdir(str, PNXConfigConstant.P12_POSTFIX);
        if (!FileUtil.isFileExist(buildFilePathByChdir)) {
            return false;
        }
        FileUtil.deleteFile(buildFilePathByChdir);
        FileUtil.deleteFile(FileUtil.buildFilePathByChdir(str, PNXConfigConstant.CER_POSTFIX));
        return true;
    }

    private boolean deleteSM2Cert(String str, String str2) throws PNXClientException {
        String buildFilePathByChdir = FileUtil.buildFilePathByChdir(str, PNXConfigConstant.P12_POSTFIX);
        if (!FileUtil.isFileExist(buildFilePathByChdir)) {
            return false;
        }
        if (loadSM2KeyEntry(str2, buildFilePathByChdir) != null) {
            return deleteSM2Cert(str);
        }
        throw new PNXClientException(MessageCode.A00202);
    }

    private X509Cert genCert(String str, JKey jKey) throws Exception {
        X509CertGenerator x509CertGenerator = new X509CertGenerator();
        x509CertGenerator.setIssuer("CN=idaCert,C=CN");
        x509CertGenerator.setIssuerUniqueID("1111111".getBytes());
        x509CertGenerator.setNotAfter(new Date(System.currentTimeMillis() + 86400000));
        x509CertGenerator.setNotBefore(new Date());
        x509CertGenerator.setPublicKey(jKey);
        BigInteger bigInteger = new BigInteger("1234567812345678", 16);
        x509CertGenerator.setSerialNumber(bigInteger);
        x509CertGenerator.setSignatureAlg("SHA1withRSAEncryption");
        x509CertGenerator.setSubject(str);
        x509CertGenerator.setSubjectUniqueID("2222222".getBytes());
        KeyUsageExt keyUsageExt = new KeyUsageExt();
        keyUsageExt.setCritical(false);
        keyUsageExt.addKeyUsage(KeyUsageExt.CRL_SIGN);
        keyUsageExt.addKeyUsage(KeyUsageExt.DATA_ENCIPHERMENT);
        keyUsageExt.addKeyUsage(KeyUsageExt.DECIPHER_ONLY);
        keyUsageExt.addKeyUsage(KeyUsageExt.DIGITAL_SIGNATURE);
        keyUsageExt.addKeyUsage(KeyUsageExt.ENCIPHER_ONLY);
        keyUsageExt.addKeyUsage(KeyUsageExt.KEY_AGREEMENT);
        keyUsageExt.addKeyUsage(KeyUsageExt.KEY_CERT_SIGN);
        keyUsageExt.addKeyUsage(KeyUsageExt.KEY_ENCIPHERMENT);
        keyUsageExt.addKeyUsage(KeyUsageExt.NON_REPUDIATION);
        Vector vector = new Vector();
        vector.add(keyUsageExt);
        SubjectKeyIdentifierExt subjectKeyIdentifierExt = new SubjectKeyIdentifierExt(jKey);
        subjectKeyIdentifierExt.setCritical(false);
        vector.add(subjectKeyIdentifierExt);
        AuthorityKeyIdentifierExt authorityKeyIdentifierExt = new AuthorityKeyIdentifierExt(jKey);
        authorityKeyIdentifierExt.setCritical(false);
        authorityKeyIdentifierExt.setAuthorityCertIssuer("CN=zhaozhiwei,O=jit,C=cn");
        authorityKeyIdentifierExt.setAuthorityCertSerialNumber(bigInteger);
        vector.add(authorityKeyIdentifierExt);
        x509CertGenerator.setExtensiond(vector);
        JCrypto jCrypto = JCrypto.getInstance();
        jCrypto.initialize(JCrypto.JSOFT_LIB, null);
        Session openSession = jCrypto.openSession(JCrypto.JSOFT_LIB);
        return new X509Cert(x509CertGenerator.generateX509Cert(openSession.generateKeyPair(new Mechanism("RSA"), 1024).getPrivateKey(), new JSoftLib()));
    }

    private String genP10Alias(String str) throws PNXClientException {
        try {
            Session openSession = JCrypto.getInstance().openSession(JCrypto.JSOFT_LIB, null);
            PKCS10 pkcs10 = new PKCS10(openSession);
            pkcs10.load(str.getBytes());
            return new String(Base64.encode(openSession.digest(new Mechanism("SHA1"), pkcs10.getPubKey().getKey())));
        } catch (PKIException e) {
            Log.e("PKIException", "generate P10 pubkey digest error", e);
            throw new PNXClientException(MessageCode.A00109, e);
        }
    }

    private P10RequestData genRSAP10(String str, int i) throws PNXClientException {
        try {
            return this.keyStoreHandler.genP10Request(createSubject(str), "RSA", i);
        } catch (PNXClientException e) {
            throw e;
        } catch (Exception e2) {
            Log.e("Exception", "generate RSA P10 requestData error", e2);
            throw new PNXClientException(MessageCode.A00108, e2);
        }
    }

    private String genSM2P10(String str, Session session, JKeyPair jKeyPair) throws PNXClientException {
        try {
            return new String(new PKCS10(session).generateCertificationRequestData_B64("SM3withSM2Encryption", createSubject(str), jKeyPair.getPublicKey(), null, jKeyPair.getPrivateKey()));
        } catch (PKIException e) {
            Log.e("PKIException", "generate SM2 P10 requestData error", e);
            throw new PNXClientException(MessageCode.A00107, e);
        }
    }

    private void generateCertFile(String str, byte[] bArr) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(bArr);
        fileOutputStream.close();
    }

    private void generatePfxFile(JKey jKey, X509Cert x509Cert, char[] cArr, String str) throws PKIException {
        new PKCS12().generatePfxFile(jKey, x509Cert, cArr, str);
    }

    private String getAlias(JKey jKey) throws Exception {
        return new String(Base64.encode(this.keyStoreHandler.getSession().digest(new Mechanism("SHA1"), jKey.getKey())));
    }

    private String getCertFilePath(X509Cert x509Cert, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(CommonUtil.extractCN(x509Cert.getSubject()));
        stringBuffer.append(BridgeUtil.UNDERLINE_STR);
        stringBuffer.append(x509Cert.getStringSerialNumber());
        return FileUtil.buildFilePathByChdir(stringBuffer.toString(), str);
    }

    private List<KeyEntry> getKeyEntryList() throws PNXClientException {
        reset();
        try {
            List<KeyEntry> keyEntryList = this.keyStoreHandler.getKeyEntryList();
            Log.d("KeyEntryList OUTPARAM", keyEntryList + " ");
            return keyEntryList;
        } catch (IOException e) {
            setErrorCode(MessageCode.A00001);
            throw new PNXClientException(MessageCode.A00001, e);
        } catch (Exception e2) {
            setErrorCode(MessageCode.A00002);
            throw new PNXClientException(MessageCode.A00002, e2);
        }
    }

    private String getPfxCertFilePath(X509Cert x509Cert) {
        return getCertFilePath(x509Cert, PNXConfigConstant.PFX_POSTFIX);
    }

    private List<CertEntry> loadSM2Certs() throws PNXClientException {
        ArrayList arrayList = new ArrayList();
        try {
            for (File file : FileUtil.loadFilesByEXT(PNXConfigConstant.CACHEDIR, PNXConfigConstant.CER_POSTFIX)) {
                X509Cert x509Cert = new X509Cert(new FileInputStream(file));
                if (CommonUtil.isSM2Cert(x509Cert)) {
                    CertEntry certEntry = new CertEntry();
                    certEntry.setAilas(FileUtil.convertBase64Biagonal(getAlias(x509Cert.getPublicKey())));
                    setCertEntry(certEntry, x509Cert);
                    certEntry.setKeyType("SM2");
                    arrayList.add(certEntry);
                }
            }
            Log.d("SM2 Certs num", String.valueOf(arrayList.size()) + " ");
            return arrayList;
        } catch (Exception e) {
            setErrorCode(MessageCode.A00001);
            throw new PNXClientException(MessageCode.A00001, e);
        }
    }

    private KeyEntry loadSM2KeyEntry(String str, String str2) throws PNXClientException {
        try {
            return FileUtil.loadP12File(new FileInputStream(str2), str.toCharArray());
        } catch (PNXClientException e) {
            throw e;
        } catch (FileNotFoundException e2) {
            throw new PNXClientException(MessageCode.A00002, e2);
        }
    }

    private X509Cert[] requestCertsFromCA(String str, String str2, String str3, int i) throws Exception {
        String stringBuffer = MessageAssembly.appendCABodyRequest(str, str2, null).toString();
        HashMap hashMap = new HashMap();
        hashMap.put("Service-Type", PNXConfigConstant.CA_SERVICE_TYPE);
        ConnectParam connectParam = new ConnectParam(str3, i, PNXConfigConstant.CA_SERVICE_TYPE, 1);
        connectParam.setHeaderParams(hashMap);
        connectParam.setBodyParams(stringBuffer);
        byte[] connServer = ConnectFactory.getConnect(IConnect.HTTPCLIENT).connServer(connectParam);
        if (CommonUtil.isEmpty(connServer)) {
            setErrorCode(MessageCode.A00103);
            return null;
        }
        Log.d("RequestCertsFromCA OUTPARAM:", new String(connServer, "UTF-8"));
        CertResponse parserCertResponse = GwReponseParse.parserCertResponse(connServer);
        if (!parserCertResponse.getErrorcode().equals("0")) {
            throw new PNXClientException(MessageCode.A00103, CommonUtil.buildString(parserCertResponse.getErrorcode(), "[", parserCertResponse.getErrormsg(), "]"));
        }
        String p7b = parserCertResponse.getP7b();
        if (CommonUtil.isEmpty(p7b)) {
            setErrorCode(MessageCode.A00105);
            return null;
        }
        X509Cert[] parseP7b = new P7B().parseP7b(p7b.getBytes());
        if (parseP7b != null && parseP7b.length < 2) {
            Log.w("RequestCertsFromCA", "RA Server did not return the root certificate ");
        }
        return parseP7b;
    }

    private void savePfxCert(JKey jKey, String str, X509Cert x509Cert, String str2) throws PKIException, IOException {
        String convertBase64Biagonal = FileUtil.convertBase64Biagonal(str2);
        generatePfxFile(jKey, x509Cert, str.toCharArray(), FileUtil.buildFilePathByChdir(convertBase64Biagonal, PNXConfigConstant.P12_POSTFIX));
        generateCertFile(FileUtil.buildFilePathByChdir(convertBase64Biagonal, PNXConfigConstant.CER_POSTFIX), x509Cert.getEncoded());
    }

    private void saveRSACert(X509Cert[] x509CertArr, String str, String str2) throws PKIException, Exception {
        if (x509CertArr.length > 0) {
            this.keyStoreHandler.saveCert(str2, x509CertArr[1]);
        }
    }

    private void saveSM2Cert(X509Cert[] x509CertArr, String str, JKey jKey, String str2) throws Exception {
        for (X509Cert x509Cert : x509CertArr) {
            String alias = getAlias(x509Cert.getPublicKey());
            if (str.equals(alias)) {
                savePfxCert(jKey, str2, x509Cert, alias);
                return;
            }
        }
    }

    private void setCertEntry(CertEntry certEntry, X509Cert x509Cert) {
        certEntry.setIssuer(x509Cert.getIssuer());
        certEntry.setNotAfter(x509Cert.getNotAfter());
        certEntry.setNotBefore(x509Cert.getNotBefore());
        certEntry.setSerialNumber(x509Cert.getSerialNumber());
        certEntry.setSubject(x509Cert.getSubject());
        certEntry.setVersion(x509Cert.getVersion());
        certEntry.setSignalGid(x509Cert.getSignatureAlgName());
        certEntry.setStringSerialNumber(x509Cert.getStringSerialNumber());
    }

    private CertEntry tranceKeyEntry(KeyEntry keyEntry) {
        CertEntry certEntry = new CertEntry();
        certEntry.setAilas(keyEntry.getAilas());
        setCertEntry(certEntry, keyEntry.getCert());
        certEntry.setKeyType("RSA");
        return certEntry;
    }

    private boolean updatePfxPwd(KeyEntry keyEntry, String str, String str2) throws PKIException {
        generatePfxFile(keyEntry.getKey(), keyEntry.getCert(), str2.toCharArray(), str);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean changeCertPwd(String str, String str2, String str3) throws PNXClientException {
        reset();
        try {
            String buildFilePathByChdir = FileUtil.buildFilePathByChdir(str, PNXConfigConstant.P12_POSTFIX);
            return FileUtil.isFileExist(buildFilePathByChdir) ? updatePfxPwd(loadSM2KeyEntry(str2, buildFilePathByChdir), buildFilePathByChdir, str3) : this.keyStoreHandler.changePassword(str, str2, str3);
        } catch (PKIException e) {
            setErrorCode(MessageCode.A00401);
            Log.e(CommonUtil.buildString("changeCertPwd exception[", MessageCode.A00401, "]"), e.toString(), e);
            throw new PNXClientException(MessageCode.A00401, e);
        } catch (PNXClientException e2) {
            setErrorCode(e2.getErrorCode());
            throw e2;
        } catch (Exception e3) {
            setErrorCode(MessageCode.A00402);
            Log.e(CommonUtil.buildString("changeCertPwd exception[", MessageCode.A00402, "]"), e3.toString(), e3);
            throw new PNXClientException(MessageCode.A00402, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean deleteCert(String str) throws PNXClientException {
        reset();
        try {
            if (deleteSM2Cert(str)) {
                return true;
            }
            return this.keyStoreHandler.delKeyEntry(str);
        } catch (PNXClientException e) {
            Log.e("deleteCert exception", e.toString(), e);
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (Exception e2) {
            Log.e("deleteCert exception", e2.toString(), e2);
            setErrorCode(MessageCode.A00301);
            throw new PNXClientException(MessageCode.A00301, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean deleteCert(String str, String str2) throws PNXClientException {
        reset();
        try {
            if (deleteSM2Cert(str, str2)) {
                return true;
            }
            return this.keyStoreHandler.delKeyEntry(str, str2);
        } catch (PNXClientException e) {
            Log.e("deleteCert exception", e.toString(), e);
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (Exception e2) {
            Log.e("deleteCert exception", e2.toString(), e2);
            setErrorCode(MessageCode.A00301);
            throw new PNXClientException(MessageCode.A00301, e2);
        }
    }

    protected boolean exportP12File(String str, String str2, String str3) throws PNXClientException {
        reset();
        try {
            KeyEntry queryKeyEntry = queryKeyEntry(str, str3);
            generatePfxFile(queryKeyEntry.getKey(), queryKeyEntry.getCert(), str3.toCharArray(), str2);
            return true;
        } catch (PNXClientException e) {
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (Exception e2) {
            setErrorCode(MessageCode.A00106);
            Log.e(CommonUtil.buildString("create pfx cert file exception[", MessageCode.A00106, "]"), e2.toString(), e2);
            throw new PNXClientException(MessageCode.A00106, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean genRSACert(String str, String str2, String str3, int i) throws PNXClientException {
        P10RequestData genRSAP10;
        String p10Request;
        String genP10Alias;
        reset();
        String str4 = null;
        try {
            try {
                this.keyStoreHandler.setPrivateKeyPassWord(str2);
                genRSAP10 = genRSAP10(str, 1024);
                p10Request = genRSAP10.getP10Request();
                genP10Alias = genP10Alias(p10Request);
            } catch (Throwable th) {
                th = th;
            }
        } catch (PNXClientException e) {
            e = e;
        } catch (SocketTimeoutException e2) {
            e = e2;
        } catch (Exception e3) {
            e = e3;
        }
        try {
            X509Cert[] requestCertsFromCA = requestCertsFromCA(str, p10Request, str3, i);
            if (!CommonUtil.isEmpty(requestCertsFromCA)) {
                saveRSACert(requestCertsFromCA, genP10Alias, genRSAP10.getCKID());
                return true;
            }
            if (genP10Alias == null) {
                return false;
            }
            deleteCert(genP10Alias);
            return false;
        } catch (PNXClientException e4) {
            e = e4;
            Log.e("PNXClientException", "request RSA cert error", e);
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (SocketTimeoutException e5) {
            e = e5;
            Log.e("SocketTimeoutException", "connect server timeout", e);
            setErrorCode(MessageCode.A00112);
            throw new PNXClientException(MessageCode.A00112, e);
        } catch (Exception e6) {
            e = e6;
            Log.e("Exception", "request RSA cert error", e);
            setErrorCode(MessageCode.A00103);
            throw new PNXClientException(MessageCode.A00103, e);
        } catch (Throwable th2) {
            th = th2;
            str4 = genP10Alias;
            if (str4 != null) {
                deleteCert(str4);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean genSM2Cert(String str, String str2, String str3, int i) throws PNXClientException {
        reset();
        try {
            Session session = this.keyStoreHandler.getSession();
            JKeyPair generateKeyPair = session.generateKeyPair(new Mechanism("SM2"), 1024);
            String genSM2P10 = genSM2P10(str, session, generateKeyPair);
            String genP10Alias = genP10Alias(genSM2P10);
            Log.d("p10alias", genP10Alias);
            X509Cert[] requestCertsFromCA = requestCertsFromCA(str, genSM2P10, str3, i);
            if (CommonUtil.isEmpty(requestCertsFromCA)) {
                return false;
            }
            saveSM2Cert(requestCertsFromCA, genP10Alias, generateKeyPair.getPrivateKey(), str2);
            return true;
        } catch (PNXClientException e) {
            Log.e("PNXClientException", "request SM2 cert error", e);
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (SocketTimeoutException e2) {
            Log.e("SocketTimeoutException", "connect server timeout", e2);
            setErrorCode(MessageCode.A00112);
            throw new PNXClientException(MessageCode.A00112, e2);
        } catch (Exception e3) {
            Log.e("Exception", "request SM2 cert error", e3);
            setErrorCode(MessageCode.A00103);
            throw new PNXClientException(MessageCode.A00103, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<CertEntry> getCertList() throws PNXClientException {
        List<KeyEntry> keyEntryList = getKeyEntryList();
        if (keyEntryList == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<KeyEntry> it = keyEntryList.iterator();
        while (it.hasNext()) {
            arrayList.add(tranceKeyEntry(it.next()));
        }
        arrayList.addAll(loadSM2Certs());
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCertPfxFilePath(String str, String str2) throws PNXClientException {
        reset();
        try {
            KeyEntry keyEntry = this.keyStoreHandler.getKeyEntry(str, str2);
            X509Cert cert = keyEntry.getCert();
            String pfxCertFilePath = getPfxCertFilePath(cert);
            if (!FileUtil.isFileExist(pfxCertFilePath)) {
                generatePfxFile(keyEntry.getKey(), cert, str2.toCharArray(), pfxCertFilePath);
            }
            return pfxCertFilePath;
        } catch (PNXClientException e) {
            Log.e("Read keyStorage fail", "May be a wrong password");
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (Exception e2) {
            setErrorCode(MessageCode.A00106);
            Log.e(CommonUtil.buildString("create pfx cert file exception[", MessageCode.A00106, "]"), e2.toString(), e2);
            throw new PNXClientException(MessageCode.A00106, e2);
        }
    }

    protected void importP12(InputStream inputStream, String str, String str2) throws PNXClientException {
        try {
            KeyEntry loadP12File = FileUtil.loadP12File(inputStream, str.toCharArray());
            X509Cert cert = loadP12File.getCert();
            if (CommonUtil.isSM2Cert(cert)) {
                savePfxCert(loadP12File.getKey(), str2, cert, getAlias(cert.getPublicKey()));
            } else {
                this.keyStoreHandler.setPrivateKeyPassWord(str2);
                this.keyStoreHandler.saveKeyCert(loadP12File);
            }
        } catch (PNXClientException e) {
            setErrorCode(e.getErrorCode());
            throw e;
        } catch (Exception e2) {
            setErrorCode(MessageCode.A00111);
            Log.e(CommonUtil.buildString("import P12 exception[", MessageCode.A00111, "]"), e2.toString(), e2);
            throw new PNXClientException(MessageCode.A00111, e2);
        }
    }

    protected void importP12(String str, String str2, String str3) throws PNXClientException {
        try {
            importP12(new FileInputStream(str), str2, str3);
        } catch (FileNotFoundException e) {
            setErrorCode(MessageCode.A00111);
            Log.e(CommonUtil.buildString("import P12 exception[", MessageCode.A00111, "]"), e.toString(), e);
            throw new PNXClientException(MessageCode.A00111, e);
        }
    }
}
