package cn.topca.core.ext.bc.util;

import cn.tca.TopBasicCrypto.asn1.x500.X500Name;
import cn.tca.TopBasicCrypto.asn1.x509.BasicConstraints;
import cn.tca.TopBasicCrypto.asn1.x509.ExtendedKeyUsage;
import cn.tca.TopBasicCrypto.asn1.x509.KeyPurposeId;
import cn.tca.TopBasicCrypto.asn1.x509.KeyUsage;
import cn.tca.TopBasicCrypto.asn1.x509.SubjectPublicKeyInfo;
import cn.tca.TopBasicCrypto.asn1.x509.X509Extension;
import cn.tca.TopBasicCrypto.cert.X509v3CertificateBuilder;
import cn.tca.TopBasicCrypto.operator.OperatorCreationException;
import cn.topca.core.ext.bc.operator.jcajce.JcaContentSignerBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Vector;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:cn/topca/core/ext/bc/util/KeyStoreUtils.class */
public class KeyStoreUtils {
    private static final long ONE_YEAR = 31536000000L;
    private static final List<String> softKeyStoreAlg = new ArrayList(2);

    public static String getPublicKeyAlias(KeyStore keyStore, PublicKey publicKey) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (publicKey.equals(keyStore.getCertificate(nextElement).getPublicKey())) {
                return nextElement;
            }
        }
        return null;
    }

    public static Certificate buildSelfSignedCert(KeyPair keyPair, String str, String str2) throws CertificateException, IOException {
        Date date = new Date();
        Date date2 = new Date(date.getTime() + 315360000000L);
        try {
            byte[] sha1PublicKey = sha1PublicKey(keyPair.getPublic());
            X500Name x500Name = new X500Name(str != null ? str : "CN=" + Hex.encodeHexString(sha1PublicKey));
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(sha1PublicKey), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
            x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
            x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(246));
            Vector vector = new Vector();
            vector.add(KeyPurposeId.id_kp_serverAuth);
            vector.add(KeyPurposeId.id_kp_clientAuth);
            vector.add(new KeyPurposeId("1.3.6.1.4.1.311.10.3.3"));
            vector.add(new KeyPurposeId("2.16.840.1.113730.4.1"));
            x509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(keyPair.getPrivate().getAlgorithm().equals("SM2") ? "SM3withSM2" : "SHA1with" + keyPair.getPrivate().getAlgorithm());
            if (str2 != null) {
                try {
                    jcaContentSignerBuilder.setProvider(str2);
                } catch (OperatorCreationException e) {
                    throw new Error((Throwable) e);
                }
            }
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate())).getEncoded()));
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException("can not build self signed certificate.");
        }
    }

    public static byte[] sha1PublicKey(PublicKey publicKey) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA1").digest(publicKey.getEncoded());
    }

    public static boolean isSoftKeyStore(KeyStore keyStore) {
        return isSoftKeyStore(keyStore.getType());
    }

    public static boolean isSoftKeyStore(String str) {
        return softKeyStoreAlg.contains(str);
    }

    static {
        softKeyStoreAlg.add("JKS");
        softKeyStoreAlg.add("PKCS12");
    }
}
