package cfca.sadk.asn1.pkcs;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.lib.crypto.card.CardLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.pkcs.CertificationRequest;
import cfca.sadk.org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.pkcs.PKCS10CertificationRequest;
import cfca.sadk.org.bouncycastle.util.Strings;
import cfca.sadk.system.CompatibleConfig;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.SM2OutputFormat;
import cfca.sadk.system.global.P10RequestContextConfig;
import cfca.sadk.system.logging.LoggerManager;
import cfca.sadk.util.Base64;
import cfca.sadk.util.KeyUtil;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:cfca/sadk/asn1/pkcs/PKCS10.class */
public class PKCS10 {
    static final int SM2P10_OUTPUT_SIGNFORMAT_ASN1 = 1;
    static final int SM2P10_OUTPUT_SIGNFORMAT_RAW = 2;
    private static final String challengePassword = "111111";
    private int formatSignedBytes;
    private boolean needVerify;
    private boolean p10RequestVerifyState;
    private String defaultSubjectX500Name;
    private final Session session;
    private KeyPair keyPair;
    private KeyPair tempKeyPair;
    private CSRMetadata metadata;

    public PKCS10() {
        this(BCSoftLib.INSTANCE());
    }

    public PKCS10(Session session) {
        this.formatSignedBytes = CompatibleConfig.P10RequestFormatSignedBytes;
        this.needVerify = false;
        this.p10RequestVerifyState = false;
        this.defaultSubjectX500Name = "CN=certRequisition,O=CFCA TEST CA,C=CN";
        this.keyPair = null;
        this.session = session == null ? BCSoftLib.INSTANCE() : session;
        this.needVerify = P10RequestContextConfig.getP10RequestVerifyState();
    }

    public void load(byte[] bArr) throws PKIException {
        load(CSRDecoder.decodedCertificationRequest(bArr).toASN1Structure());
    }

    public void load(CertificationRequest certificationRequest) throws PKIException {
        if (certificationRequest == null) {
            throw new PKIException("load failure when certficationRequest parameter certficationRequest=null ");
        }
        try {
            byte[] encode = Base64.encode(certificationRequest.getEncoded());
            try {
                CSRMetadata cSRMetadata = new CSRMetadata(certificationRequest);
                Mechanism mechanism = cSRMetadata.mechanism;
                PublicKey publicKey = cSRMetadata.publicKey;
                byte[] bArr = cSRMetadata.sourceData;
                byte[] bArr2 = cSRMetadata.signature;
                if (this.needVerify) {
                    try {
                        boolean veirfyP10CertificationRequest = veirfyP10CertificationRequest(mechanism, publicKey, bArr, bArr2, this.session);
                        this.p10RequestVerifyState = veirfyP10CertificationRequest;
                        if (!veirfyP10CertificationRequest) {
                            LoggerManager.exceptionLogger.error("load failure when certficationRequest veirfyP10CertificationRequest False: " + Strings.fromByteArray(encode));
                            throw new PKIException("veirfyP10CertificationRequest verify failed");
                        }
                    } catch (PKIException e) {
                        LoggerManager.exceptionLogger.error("load failure when certficationRequest veirfyP10CertificationRequest failed: " + Strings.fromByteArray(encode), e);
                        throw new PKIException("veirfyP10CertificationRequest verify failed", e);
                    }
                }
                this.metadata = cSRMetadata;
                this.metadata.base64P10Data = Base64.encode(encode);
            } catch (Exception e2) {
                LoggerManager.exceptionLogger.error("load failure when certficationRequest decodedCSRMetadata failed: " + Strings.fromByteArray(encode), e2);
                throw new PKIException("load failure when certficationRequest decodedCSRMetadata failed", e2);
            }
        } catch (IOException e3) {
            throw new PKIException("load failure when certficationRequest invalid certficationRequest: base64P10Data failed", e3);
        }
    }

    public void setNeedVerify(boolean z) {
        this.needVerify = z;
    }

    public void setDefaultSubjectDN(String str) {
        this.defaultSubjectX500Name = str;
    }

    public void setFormatSignedBytes(int i) {
        this.formatSignedBytes = i;
        LoggerManager.systemLogger.info("setFormatSignedBytes>>>>>>: formatSignedBytes=" + i);
    }

    public byte[] generateDoublePKCS10Request(Mechanism mechanism, int i) throws PKIException {
        return generateDoublePKCS10Request(mechanism, i, this.session);
    }

    public byte[] generateDoublePKCS10Request(Mechanism mechanism, int i, Session session) throws PKIException {
        return generateDoublePKCS10Request(mechanism, i, new X500Name(this.defaultSubjectX500Name), challengePassword, session);
    }

    public byte[] generateDoublePKCS10Request(Mechanism mechanism, int i, Session session, boolean z) throws PKIException {
        return generateDoublePKCS10Request(mechanism, i, new X500Name(this.defaultSubjectX500Name), challengePassword, session, z);
    }

    public byte[] generateDoublePKCS10Request(Mechanism mechanism, int i, X500Name x500Name, String str, Session session) throws PKIException {
        return generateDoublePKCS10Request(mechanism, i, x500Name, str, session, true);
    }

    public byte[] generateDoublePKCS10Request(Mechanism mechanism, int i, X500Name x500Name, String str, Session session, boolean z) throws PKIException {
        KeyPair generateKeyPair;
        PublicKey publicKey;
        if (session == null) {
            throw new PKIException("generateDoublePKCS10Request Failure: session=null!");
        }
        String keyType = Mechanisms.getKeyType(mechanism);
        KeyPair generateCSRKeyPair = generateCSRKeyPair(mechanism, i, session);
        if (isC200CardAndSM2Key(session, keyType)) {
            generateKeyPair = null;
            publicKey = getC200InternalEncPublicKey(session);
        } else {
            generateKeyPair = KeyUtil.generateKeyPair(new Mechanism(keyType), i, BCSoftLib.INSTANCE());
            publicKey = generateKeyPair.getPublic();
        }
        this.metadata = generateCertificateSigningRequest(mechanism, x500Name, generateCSRKeyPair, keyType, publicKey, str, session);
        this.keyPair = generateCSRKeyPair;
        this.tempKeyPair = generateKeyPair;
        return this.metadata.base64P10Data;
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, int i) throws PKIException {
        return generatePKCS10Request(mechanism, i, this.session);
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, int i, Session session) throws PKIException {
        KeyPair generateCSRKeyPair = generateCSRKeyPair(mechanism, i, session);
        return generatePKCS10Request(mechanism, new X500Name(this.defaultSubjectX500Name), null, generateCSRKeyPair.getPublic(), generateCSRKeyPair.getPrivate(), session);
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, X500Name x500Name, ASN1Set aSN1Set, PublicKey publicKey, PrivateKey privateKey) throws PKIException {
        return generatePKCS10Request(mechanism, x500Name, aSN1Set, publicKey, privateKey, this.session);
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, X500Name x500Name, ASN1Set aSN1Set, PublicKey publicKey, PrivateKey privateKey, Session session) throws PKIException {
        if (session == null) {
            throw new PKIException("generatePKCS10Request Failure: session=null!");
        }
        String keyType = Mechanisms.getKeyType(mechanism);
        KeyPair keyPair = new KeyPair(publicKey, privateKey);
        this.metadata = generateCertificateSigningRequest(mechanism, x500Name, keyPair, keyType, aSN1Set, session);
        this.keyPair = keyPair;
        this.tempKeyPair = null;
        return this.metadata.base64P10Data;
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, X500Name x500Name, ASN1Set aSN1Set, PublicKey publicKey, byte[] bArr) throws PKIException {
        try {
            return generatePKCS10Request(mechanism, CSREncoder.buildCertificationRequestInfo(x500Name, aSN1Set, publicKey), bArr);
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("generatePKCS10Request failure when buildCertificationRequestInfo", e);
            throw new PKIException("generatePKCS10Request failure when buildCertificationRequestInfo", e);
        }
    }

    public byte[] generatePKCS10Request(Mechanism mechanism, CertificationRequestInfo certificationRequestInfo, byte[] bArr) throws PKIException {
        try {
            CertificationRequest buildCertificationRequest = CSREncoder.buildCertificationRequest(mechanism, certificationRequestInfo, bArr);
            this.metadata = new CSRMetadata(buildCertificationRequest);
            return CSREncoder.buildCertificationRequestData(buildCertificationRequest);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("generatePKCS10Request failure", e);
            throw new PKIException("generatePKCS10Request failure", e);
        }
    }

    public CertificationRequestInfo generateCertificationRequestInfo(X500Name x500Name, ASN1Set aSN1Set, PublicKey publicKey) {
        try {
            return CSREncoder.buildCertificationRequestInfo(x500Name, aSN1Set, publicKey);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("generateCertificationRequestInfo failure", e);
            throw new SecurityException("generateCertificationRequestInfo failure", e);
        }
    }

    public String generateCertificationRequest(Mechanism mechanism, X500Name x500Name, ASN1Set aSN1Set, PublicKey publicKey, PrivateKey privateKey) throws PKIException {
        try {
            return Strings.fromByteArray(generatePKCS10Request(mechanism, x500Name, aSN1Set, publicKey, privateKey));
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("generateCertificationRequest base64P10Data to base64String failure", e);
            throw new PKIException("generateCertificationRequest failure", e);
        }
    }

    public byte[] parseCertificationRequestInfoToBytes(CertificationRequestInfo certificationRequestInfo) throws PKIException {
        try {
            return CSREncoder.buildCertificationRequestInfoData(certificationRequestInfo);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("parseCertificationRequestInfoToBytes failure", e);
            throw new PKIException("parseCertificationRequestInfoToBytes failure", e);
        }
    }

    public byte[] getTemporaryPublicKeyDataFromAttributes(ASN1Set aSN1Set) throws PKIException {
        byte[] bArr = null;
        byte[] buildTemporaryPublicKeyDataFromP10 = CSRPublicKeyHelper.buildTemporaryPublicKeyDataFromP10(aSN1Set);
        if (buildTemporaryPublicKeyDataFromP10 != null) {
            LoggerManager.exceptionLogger.error("getTemporaryPublicKeyDataFromAttributes warining: temporaryPublicKeyData=null");
            bArr = Base64.encode(buildTemporaryPublicKeyDataFromP10);
        }
        return bArr;
    }

    public String getTemporaryPublicKeyFromAttributes(ASN1Set aSN1Set) throws PKIException {
        String str = null;
        byte[] temporaryPublicKeyDataFromAttributes = getTemporaryPublicKeyDataFromAttributes(aSN1Set);
        if (temporaryPublicKeyDataFromAttributes != null) {
            try {
                str = Strings.fromByteArray(temporaryPublicKeyDataFromAttributes);
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("getTemporaryPublicKeyDataFromAttributes warining: temporaryPublicKeyData=null");
                throw new PKIException("getTemporaryPublicKeyDataFromAttributes warining: temporaryPublicKeyData base64 failed", e);
            }
        }
        return str;
    }

    private PublicKey getC200InternalEncPublicKey(Session session) throws PKIException {
        PublicKey publicKey = null;
        if ((session instanceof CardLib) && ((CardLib) session).isC200Card()) {
            try {
                publicKey = session.exportEncPublicKey();
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("getC200InternalEncPublicKey failure", e);
                throw new PKIException("getC200InternalEncPublicKey failure", e);
            }
        }
        return publicKey;
    }

    public int getKeySize() {
        if (this.metadata == null || this.metadata.publicKey == null) {
            throw new IllegalArgumentException("PKCS#10 publicKey is null");
        }
        try {
            return CSRPublicKeyHelper.buildP10PublicKeySize(this.metadata.publicKey);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("PKCS#10 publicKey invalid keyType: " + this.metadata.publicKey.getClass(), e);
            throw new IllegalArgumentException("PKCS#10 publicKey invalid keyType: " + this.metadata.publicKey.getClass());
        }
    }

    public ASN1Set getAttributes() {
        if (this.metadata == null) {
            return null;
        }
        return this.metadata.attributes;
    }

    public PublicKey getPublicKey() {
        if (this.metadata == null) {
            return null;
        }
        return this.metadata.publicKey;
    }

    public PublicKey getTemporaryPublicKey() {
        if (this.metadata == null) {
            return null;
        }
        return this.metadata.tempPublicKey;
    }

    public String getSubject() {
        if (this.metadata == null) {
            return null;
        }
        return this.metadata.subject.toString();
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    public KeyPair getTemporaryKeyPair() {
        return this.tempKeyPair;
    }

    public PrivateKey getTemporaryPrivateKey() {
        if (this.tempKeyPair == null) {
            return null;
        }
        return this.tempKeyPair.getPrivate();
    }

    public PrivateKey getPrivateKey() {
        if (this.keyPair == null) {
            return null;
        }
        return this.keyPair.getPrivate();
    }

    public String getSignatureAlgorithm() {
        if (this.metadata == null) {
            return null;
        }
        return this.metadata.mechanism.getMechanismType();
    }

    public byte[] getSignature() {
        return getSignature(2);
    }

    public byte[] getSignature(int i) {
        byte[] bArr;
        if (this.metadata == null) {
            bArr = null;
        } else if (this.metadata.signature == null) {
            bArr = null;
        } else if (this.metadata.isSM2SignType()) {
            switch (i) {
                case 1:
                case 2:
                    bArr = formatOutputSM2SignValue(this.metadata.signature, i);
                    break;
                default:
                    bArr = this.metadata.signature;
                    break;
            }
        } else {
            bArr = this.metadata.signature;
        }
        return bArr;
    }

    public boolean getP10RequestVerifyState() {
        return this.p10RequestVerifyState;
    }

    public int getCertReqType() {
        if (this.metadata == null) {
            return 0;
        }
        return this.metadata.certReqType;
    }

    public PublicKey getPubKeyFromSubPubKeyInfo(SubjectPublicKeyInfo subjectPublicKeyInfo) throws PKIException {
        return CSRPublicKeyHelper.buildPublicKeyFrom(subjectPublicKeyInfo);
    }

    public static boolean isP10RequestSignatureValid(byte[] bArr) throws PKIException {
        try {
            return CSRDecoder.isP10RequestSignatureValid(bArr);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("isP10RequestSignatureValid<<<<<<Failure: " + SADKDebugger.dump(bArr), e);
            throw new PKIException("isP10RequestSignatureValid failure", e);
        }
    }

    public static PKCS10CertificationRequest decodedP10(byte[] bArr) throws PKIException {
        try {
            return CSRDecoder.decodedCertificationRequest(bArr);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("decodedP10<<<<<<Failure: " + SADKDebugger.dump(bArr), e);
            throw new PKIException("decodedP10 failure", e);
        }
    }

    public static String getSubjectFromP10Request(byte[] bArr) throws PKIException {
        try {
            return CSRDecoder.getSubjectFromP10Request(bArr);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("getSubjectFromP10Request<<<<<<Failure: " + SADKDebugger.dump(bArr), e);
            throw new PKIException("getSubjectFromP10Request failure", e);
        }
    }

    public static String getSignatureAlgorithmFromP10Request(byte[] bArr) throws PKIException {
        try {
            return CSRDecoder.getSignatureAlgorithmFromP10Request(bArr);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("getSignatureAlgorithmFromP10Request<<<<<<Failure: " + SADKDebugger.dump(bArr), e);
            throw new PKIException("getSignatureAlgorithmFromP10Request failure", e);
        }
    }

    public static byte[] getSignatureFromP10Request(byte[] bArr) throws PKIException {
        try {
            return CSRDecoder.getSignatureFromP10Request(bArr);
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("getSignatureFromP10Request<<<<<<Failure: " + SADKDebugger.dump(bArr), e);
            throw new PKIException("getSignatureFromP10Request failure", e);
        }
    }

    private CSRMetadata generateCertificateSigningRequest(Mechanism mechanism, X500Name x500Name, KeyPair keyPair, String str, PublicKey publicKey, String str2, Session session) throws PKIException {
        DERSet dERSet = null;
        if (publicKey != null) {
            dERSet = CSRPublicKeyHelper.buildTemporaryPublicKeyP10Attributes(publicKey, str2, str);
        }
        return generateCertificateSigningRequest(mechanism, x500Name, keyPair, str, dERSet, session);
    }

    private CSRMetadata generateCertificateSigningRequest(Mechanism mechanism, X500Name x500Name, KeyPair keyPair, String str, ASN1Set aSN1Set, Session session) throws PKIException {
        if (keyPair == null) {
            throw new PKIException("generateCertificateSigningRequest parameter invalid: keypair=null");
        }
        if (str == null) {
            throw new PKIException("generateCertificateSigningRequest parameter invalid: keyType=null");
        }
        if (x500Name == null) {
            throw new PKIException("generateCertificateSigningRequest parameter invalid: subject=null");
        }
        if (mechanism == null) {
            throw new PKIException("generateCertificateSigningRequest parameter invalid: mechanism=null");
        }
        if (session == null) {
            throw new PKIException("generateCertificateSigningRequest parameter invalid: session=null");
        }
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        CertificationRequestInfo buildCertificationRequestInfo = CSREncoder.buildCertificationRequestInfo(x500Name, aSN1Set, publicKey);
        byte[] buildCertificationRequestInfoData = CSREncoder.buildCertificationRequestInfoData(buildCertificationRequestInfo);
        byte[] signP10CertificationRequest = signP10CertificationRequest(mechanism, privateKey, buildCertificationRequestInfoData, str, session);
        byte[] buildCertificationRequestData = CSREncoder.buildCertificationRequestData(mechanism, buildCertificationRequestInfo, signP10CertificationRequest);
        CSRMetadata cSRMetadata = new CSRMetadata(mechanism, x500Name, publicKey, aSN1Set, buildCertificationRequestInfoData, signP10CertificationRequest);
        cSRMetadata.base64P10Data = buildCertificationRequestData;
        return cSRMetadata;
    }

    private KeyPair generateCSRKeyPair(Mechanism mechanism, int i, Session session) throws PKIException {
        Mechanism mechanism2;
        if (mechanism == null) {
            throw new PKIException("generateCSRKeyPair parameter invalid: mechanism=null");
        }
        if (session == null) {
            throw new PKIException("generateCSRKeyPair parameter invalid: session=null");
        }
        String keyType = Mechanisms.getKeyType(mechanism);
        if (keyType == null) {
            throw new PKIException("generateCSRKeyPair Failure: unsupported algorithm: " + mechanism.getMechanismType());
        }
        if (MechanismKit.ECC.equals(keyType)) {
            mechanism2 = new Mechanism(keyType, mechanism.getParam(), CSRPublicKeyHelper.buildCurveNameFrom(mechanism));
        } else {
            mechanism2 = new Mechanism(keyType, mechanism.getParam());
        }
        return KeyUtil.generateKeyPair(mechanism2, i, session);
    }

    private boolean isC200CardAndSM2Key(Session session, String str) {
        boolean z = false;
        if (session instanceof CardLib) {
            z = ((CardLib) session).isC200Card() && MechanismKit.SM2.equals(str);
        }
        return z;
    }

    private byte[] signP10CertificationRequest(Mechanism mechanism, PrivateKey privateKey, byte[] bArr, String str, Session session) throws PKIException {
        try {
            byte[] sign = session.sign(mechanism, privateKey, bArr);
            if (MechanismKit.SM2.equals(str)) {
                try {
                    sign = formatOutputSM2SignValue(sign, this.formatSignedBytes);
                } catch (Exception e) {
                    throw new PKIException("signP10CertificationRequest call failure: format signValue failed->" + SADKDebugger.dump(sign), e);
                }
            } else if (MechanismKit.ECC.equals(str)) {
                sign = sign.length != 64 ? sign : SM2OutputFormat.sm2FormatSignedASN1Bytes(sign);
            }
            return sign;
        } catch (Exception e2) {
            throw new PKIException("signP10CertificationRequest call failure: signing failed", e2);
        }
    }

    private boolean veirfyP10CertificationRequest(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        byte[] sm2FormatSigned64Bytes;
        if (Mechanisms.isSM2Type(mechanism)) {
            try {
                sm2FormatSigned64Bytes = SM2OutputFormat.sm2FormatSigned64Bytes(bArr2);
            } catch (Exception e) {
                throw new PKIException("veirfyP10CertificationRequest Failure: Build FormatSigned64Bytes Failure", e);
            }
        } else {
            sm2FormatSigned64Bytes = bArr2;
        }
        return session.verify(mechanism, publicKey, bArr, sm2FormatSigned64Bytes);
    }

    private byte[] formatOutputSM2SignValue(byte[] bArr, int i) {
        byte[] sm2FormatSignedASN1Bytes;
        LoggerManager.systemLogger.info("signP10CertificationRequest(#0x01=ASN1(R+S): DEFAULT; #0x02=RAW(R+S)): formatSignedBytes=" + i);
        if (i == 2) {
            sm2FormatSignedASN1Bytes = bArr.length == 64 ? bArr : SM2OutputFormat.sm2FormatSigned64Bytes(bArr);
        } else {
            sm2FormatSignedASN1Bytes = bArr.length != 64 ? bArr : SM2OutputFormat.sm2FormatSignedASN1Bytes(bArr);
        }
        return sm2FormatSignedASN1Bytes;
    }
}
