package cn.topca.api.cert;

import java.io.ByteArrayInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cn/topca/api/cert/CertStore.class */
public class CertStore {
    private static LicenseMgr licMgr = LicenseMgr.getInstance();
    private static KeyStoreMgr keyMgr = KeyStoreMgr.getInstance();
    private String certStoreName;

    private CertStore(String str) {
        this.certStoreName = null;
        this.certStoreName = str;
    }

    public static CertSet listAllCerts() throws CertApiException {
        ArrayList arrayList = new ArrayList();
        for (String str : listStore()) {
            arrayList.addAll(doListCerts(str));
        }
        return new CertSet((Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
    }

    public static String[] listStore() {
        return keyMgr.listStoreNames();
    }

    public static CertStore byName(String str) throws CertApiException {
        for (String str2 : listStore()) {
            if (str2.equalsIgnoreCase(str)) {
                return new CertStore(str);
            }
        }
        throw new CertApiException(TCAErrCode.ERR_NOTFIND_CERTSTORE);
    }

    public static CertStore byCert(Certificate certificate) throws CertApiException {
        String serialNumber = certificate.serialNumber();
        for (String str : listStore()) {
            for (java.security.cert.Certificate certificate2 : keyMgr.listCert(str)) {
                try {
                    if (new Certificate(certificate2.getEncoded()).serialNumber().equalsIgnoreCase(serialNumber)) {
                        return new CertStore(str);
                    }
                } catch (CertificateEncodingException e) {
                    throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e);
                }
            }
        }
        throw new CertApiException(TCAErrCode.ERR_NOTFIND_CERTSTORE);
    }

    public static Certificate installCert(String str) throws CertApiException {
        try {
            if (keyMgr.importCert(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(TCAUtil.decode(str))), true)) {
                return new Certificate(str);
            }
            return null;
        } catch (CertificateException e) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e);
        }
    }

    public static Certificate installCert(String str, String str2, String str3) throws CertApiException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            java.security.cert.Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(TCAUtil.decode(str)));
            String findNameByCert = keyMgr.findNameByCert(generateCertificate);
            PrivateKey decryptEncKey = decryptEncKey(str3, keyMgr.getPriKeyByCert(findNameByCert, generateCertificate));
            java.security.cert.Certificate generateCertificate2 = certificateFactory.generateCertificate(new ByteArrayInputStream(TCAUtil.decode(str2)));
            if (keyMgr.importCertAndKey(findNameByCert, generateCertificate2, new KeyPair(generateCertificate2.getPublicKey(), decryptEncKey))) {
                return new Certificate(generateCertificate2.getEncoded());
            }
            return null;
        } catch (CertificateException e) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e);
        }
    }

    public CertSet listCerts() throws CertApiException {
        List<Certificate> doListCerts = doListCerts(this.certStoreName);
        return new CertSet((Certificate[]) doListCerts.toArray(new Certificate[doListCerts.size()]));
    }

    public Csr genCsr() throws CertApiException {
        return genCsr(TCA.SM2, "CN=topca");
    }

    public Csr genCsr(String str) throws CertApiException {
        return genCsr(str, "CN=topca");
    }

    public Csr genCsr(String str, String str2) throws CertApiException {
        String str3 = TCA.SM3;
        String str4 = TCA.SM2;
        int i = 256;
        if (str.equalsIgnoreCase(TCA.SM2)) {
            str4 = TCA.SM2;
            str3 = TCA.SM3;
            i = 256;
        } else if (str.equalsIgnoreCase(TCA.RSA1024)) {
            str4 = "RSA";
            str3 = TCA.SHA1;
            i = 1024;
        } else if (str.equalsIgnoreCase(TCA.RSA2048)) {
            str4 = "RSA";
            str3 = TCA.SHA1;
            i = 2048;
        }
        return new Csr(keyMgr.genCSR(this.certStoreName, str2, str4, i, str3));
    }

    public Csr genCsr(Certificate certificate) throws CertApiException {
        try {
            return new Csr(keyMgr.genCSR(this.certStoreName, CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(TCAUtil.decode(certificate.toBase64())))));
        } catch (CertificateException e) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e);
        }
    }

    private static PrivateKey decryptEncKey(String str, PrivateKey privateKey) throws CertApiException {
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String str5 = "";
        for (String str6 : str.split("&")) {
            String substring = str6.substring(str6.indexOf("="), str6.length());
            if (str6.indexOf("encPrivateKeyUser=") == 0) {
                str2 = substring;
            } else if (str6.indexOf("userSeal=") == 0) {
                str3 = substring;
            } else if (str6.indexOf("userCipher") == 0) {
                str4 = substring;
            } else if (str6.indexOf("userIV") == 0) {
                str5 = substring;
            }
        }
        try {
            String str7 = privateKey.getAlgorithm().equalsIgnoreCase("RSA") ? "RSA/ECB/PKCS1Padding" : TCA.SM2;
            Cipher cipher = Cipher.getInstance(str7);
            cipher.init(2, privateKey);
            SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(TCAUtil.decode(str3)), str4);
            try {
                String str8 = str4.toUpperCase().equals(TCA.AES) ? str4 + "/CBC/PKCS5Padding" : str4.toUpperCase().equals(TCA.DES) ? str4 + "/CBC/PKCS5Padding" : str4.toUpperCase().equals("DESEDE") ? str4 + "/ECB/PKCS5Padding" : str4;
                Cipher cipher2 = Cipher.getInstance(str8);
                if (str8.toUpperCase().contains("ECB")) {
                    cipher2.init(2, secretKeySpec);
                } else {
                    cipher2.init(2, secretKeySpec, new IvParameterSpec(TCAUtil.decode(str5)));
                }
                return KeyFactory.getInstance(str7).generatePrivate(new PKCS8EncodedKeySpec(cipher2.doFinal(TCAUtil.decode(str2))));
            } catch (InvalidAlgorithmParameterException e) {
                throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET, e);
            } catch (InvalidKeyException e2) {
                throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e3);
            } catch (InvalidKeySpecException e4) {
                throw new CertApiException(TCAErrCode.ERR_INVALID_KEYSPEC, e4);
            } catch (BadPaddingException e5) {
                throw new CertApiException(TCAErrCode.ERR_BAD_PADDING, e5);
            } catch (IllegalBlockSizeException e6) {
                throw new CertApiException(TCAErrCode.ERR_ILLEGAL_BLOCK, e6);
            } catch (NoSuchPaddingException e7) {
                throw new CertApiException(TCAErrCode.ERR_UNKNOWN_PADDING, e7);
            }
        } catch (InvalidKeyException e8) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e8);
        } catch (NoSuchAlgorithmException e9) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e9);
        } catch (BadPaddingException e10) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PADDING, e10);
        } catch (IllegalBlockSizeException e11) {
            throw new CertApiException(TCAErrCode.ERR_ILLEGAL_BLOCK, e11);
        } catch (NoSuchPaddingException e12) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_PADDING, e12);
        }
    }

    private static List<Certificate> doListCerts(String str) throws CertApiException {
        LinkedList linkedList = new LinkedList();
        for (java.security.cert.Certificate certificate : keyMgr.listCert(str)) {
            try {
                if (licMgr.certWithLicense(certificate)) {
                    linkedList.add(new Certificate(certificate.getEncoded()));
                }
            } catch (CertificateEncodingException e) {
                throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e);
            }
        }
        return linkedList;
    }
}
