package com.hebca.crypto.imp.file;

import com.hebca.crypto.AsymCrypter;
import com.hebca.crypto.Cert;
import com.hebca.crypto.Container;
import com.hebca.crypto.Device;
import com.hebca.crypto.Signer;
import com.hebca.crypto.exception.AsymCryptException;
import com.hebca.crypto.exception.ConnectionException;
import com.hebca.crypto.exception.ContainerException;
import com.hebca.crypto.exception.GenKeyPairException;
import com.hebca.crypto.exception.ImportCertException;
import com.hebca.crypto.exception.ImportKeyPairException;
import com.hebca.crypto.exception.LoginException;
import com.hebca.crypto.exception.NoCertExistException;
import com.hebca.crypto.exception.NotFindObjectException;
import com.hebca.crypto.exception.SignException;
import com.hebca.crypto.exception.SymCryptException;
import com.hebca.crypto.imp.CertImp;
import com.hebca.crypto.imp.ContainerBase;
import com.hebca.crypto.util.LogUtil;
import com.hebca.ext.asn1.SMNamedCurves;
import com.hebca.ext.asn1.SMObjectIdentifiers;
import com.hebca.ext.crypto.sm2.SM2KeyPairGenerator;
import com.hebca.ext.crypto.sm4.SM4Engine;
import com.hebca.ext.signature.sm2.SM2DefaultSigner;
import com.hebca.pki.CertParse;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Vector;
import javax.crypto.Cipher;
import org2.bouncycastle.asn1.ASN1Encodable;
import org2.bouncycastle.asn1.ASN1EncodableVector;
import org2.bouncycastle.asn1.DEREncodable;
import org2.bouncycastle.asn1.DERInteger;
import org2.bouncycastle.asn1.DERNull;
import org2.bouncycastle.asn1.DEROctetString;
import org2.bouncycastle.asn1.DERSequence;
import org2.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org2.bouncycastle.asn1.x509.DigestInfo;
import org2.bouncycastle.asn1.x509.GeneralName;
import org2.bouncycastle.asn1.x509.GeneralNames;
import org2.bouncycastle.asn1.x509.KeyPurposeId;
import org2.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org2.bouncycastle.asn1.x9.X9ECParameters;
import org2.bouncycastle.crypto.InvalidCipherTextException;
import org2.bouncycastle.crypto.encodings.PKCS1Encoding;
import org2.bouncycastle.crypto.engines.RSABlindedEngine;
import org2.bouncycastle.crypto.params.ECDomainParameters;
import org2.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org2.bouncycastle.crypto.params.KeyParameter;
import org2.bouncycastle.crypto.params.RSAKeyParameters;
import org2.bouncycastle.jce.X509KeyUsage;
import org2.bouncycastle.jce.X509Principal;
import org2.bouncycastle.jce.provider.BouncyCastleProvider;
import org2.bouncycastle.jce.provider.JCEECPrivateKey;
import org2.bouncycastle.util.encoders.Base64;
import org2.bouncycastle.x509.X509V3CertificateGenerator;
import org3.bouncycastle.crypto.tls.CipherSuite;

/* loaded from: classes.dex */
public class ContainerFile extends ContainerBase {
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
    private String cryptAlias;
    private X509Certificate cryptCert;
    private KeyStore.PrivateKeyEntry cryptEntry;
    private KeyPair cryptKeyPair;
    private X509Certificate rootCert;
    private String signAlias;
    private X509Certificate signCert;
    private KeyStore.PrivateKeyEntry signEntry;
    private KeyPair signKeyPair;
    private String type;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public ContainerFile(Device device) {
        super(device);
        this.type = Container.TYPE_RSA;
    }

    public ContainerFile(Device device, String str) {
        super(device);
        this.type = str;
    }

    private byte[] decryptWappedSymKey(byte[] bArr) throws AsymCryptException {
        try {
            byte[] bArr2 = new byte[64];
            byte[] bArr3 = new byte[64];
            byte[] bArr4 = new byte[32];
            byte[] bArr5 = new byte[16];
            System.arraycopy(bArr, 0, bArr2, 0, 64);
            System.arraycopy(bArr, 64, bArr3, 0, 64);
            System.arraycopy(bArr, 128, bArr4, 0, 32);
            System.arraycopy(bArr, CipherSuite.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, bArr5, 0, 16);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new DERInteger(bArr2));
            aSN1EncodableVector.add(new DERInteger(bArr3));
            aSN1EncodableVector.add(new DEROctetString(bArr4));
            aSN1EncodableVector.add(new DEROctetString(bArr5));
            byte[] dEREncoded = new DERSequence(aSN1EncodableVector).getDEREncoded();
            Cipher cipher = Cipher.getInstance("SM2", "BC2");
            cipher.init(2, this.signKeyPair.getPrivate());
            return new AsymCrypterFile(cipher).crypt(dEREncoded);
        } catch (Exception unused) {
            throw new AsymCryptException();
        }
    }

    private X509Certificate makeCert(KeyPair keyPair) throws Exception {
        try {
            Vector vector = new Vector();
            Vector vector2 = new Vector();
            vector.addElement(X509Principal.CN);
            vector.addElement(X509Principal.C);
            vector.addElement(X509Principal.O);
            vector.addElement(X509Principal.L);
            vector.addElement(X509Principal.ST);
            vector2.addElement("root");
            vector2.addElement("CN");
            vector2.addElement("hebca");
            vector2.addElement("shijiazhuang");
            vector2.addElement("hebei");
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
            x509V3CertificateGenerator.setIssuerDN(new X509Principal(vector, vector2));
            x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 50000));
            x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 50000));
            x509V3CertificateGenerator.setSubjectDN(new X509Principal(vector, vector2));
            x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm(this.type.equals(Container.TYPE_RSA) ? "SHA1WithRSAEncryption" : "SM3WithSM2");
            x509V3CertificateGenerator.addExtension(CertParse.OID_KEYUSAGE, true, (DEREncodable) new X509KeyUsage(198));
            x509V3CertificateGenerator.addExtension("2.5.29.37", true, (DEREncodable) new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
            x509V3CertificateGenerator.addExtension(CertParse.OID_SUBJECTALTERNATIVENAME, true, (DEREncodable) new GeneralNames(new GeneralName(1, "root@test.test")));
            this.rootCert = x509V3CertificateGenerator.generate(keyPair.getPrivate());
            this.rootCert.checkValidity(new Date());
            this.rootCert.verify(keyPair.getPublic());
            return this.rootCert;
        } catch (Exception e) {
            LogUtil.error("RSACertSigner", "Generate CA cert failed:" + e.getMessage());
            throw e;
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public AsymCrypter createAsymCrypter(boolean z) throws AsymCryptException, LoginException, ConnectionException {
        if (!z) {
            login();
        }
        try {
            Cipher cipher = this.type.equals(Container.TYPE_RSA) ? Cipher.getInstance("RSA/ECB/PKCS1PADDING") : Cipher.getInstance("SM2", "BC2");
            if (z) {
                cipher.init(1, this.cryptCert.getPublicKey());
            } else {
                cipher.init(2, getCryptEntry().getPrivateKey());
            }
            return new AsymCrypterFile(cipher);
        } catch (Exception e) {
            throw new AsymCryptException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Signer createSigner(String str) throws SignException, LoginException, ConnectionException {
        login();
        KeyStore.PrivateKeyEntry signEntry = getSignEntry();
        if (signEntry == null) {
            throw new SignException(new NotFindObjectException("签名密钥"));
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(signEntry.getPrivateKey());
            return new SignerFile(signature);
        } catch (InvalidKeyException e) {
            throw new SignException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignException(e2);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void generateKeyPair(int i) throws GenKeyPairException, LoginException {
        try {
            if (!getDevice().isLogined()) {
                login();
            }
            DeviceFile deviceFile = (DeviceFile) getDevice();
            if (!this.type.equalsIgnoreCase(Container.TYPE_RSA)) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BC);
                keyPairGenerator.initialize(SM2KeyPairGenerator.GetParameterSpec());
                this.signKeyPair = keyPairGenerator.generateKeyPair();
                return;
            }
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(Container.TYPE_RSA, BC);
            keyPairGenerator2.initialize(i);
            this.signKeyPair = keyPairGenerator2.generateKeyPair();
            this.rootCert = makeCert(this.signKeyPair);
            deviceFile.getKeyStore().setKeyEntry("signPriKey", this.signKeyPair.getPrivate(), "123456".toCharArray(), new X509Certificate[]{this.rootCert});
            deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
            this.signAlias = "signPriKey";
        } catch (LoginException e) {
            e.printStackTrace();
            throw new LoginException(e);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new GenKeyPairException(e2);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Cert getCert(boolean z) throws NoCertExistException {
        if (z) {
            if (this.signCert != null) {
                return new CertImp(this, this.signCert);
            }
            throw new NoCertExistException();
        }
        if (this.cryptCert != null) {
            return new CertImp(this, this.cryptCert);
        }
        throw new NoCertExistException();
    }

    public String getContainerSubjectName() {
        return this.signCert != null ? this.signCert.getSubjectDN().toString() : this.cryptCert != null ? this.cryptCert.getSubjectDN().toString() : "";
    }

    public String getCryptAlias() {
        return this.cryptAlias;
    }

    public X509Certificate getCryptCert() {
        return this.cryptCert;
    }

    public KeyStore.PrivateKeyEntry getCryptEntry() {
        if (this.cryptEntry == null && this.cryptAlias != null) {
            DeviceFile deviceFile = (DeviceFile) getDevice();
            try {
                this.cryptEntry = (KeyStore.PrivateKeyEntry) deviceFile.getKeyStore().getEntry(this.cryptAlias, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            } catch (Exception unused) {
            }
        }
        return this.cryptEntry;
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public byte[] getPubKey(boolean z) throws ContainerException {
        if (z) {
            if (this.signKeyPair != null) {
                return this.signKeyPair.getPublic().getEncoded();
            }
            ContainerException containerException = new ContainerException();
            containerException.setDetailMessage("公钥不存在");
            throw containerException;
        }
        if (this.cryptKeyPair != null) {
            return this.cryptKeyPair.getPublic().getEncoded();
        }
        ContainerException containerException2 = new ContainerException();
        containerException2.setDetailMessage("公钥不存在");
        throw containerException2;
    }

    public String getSignAlias() {
        return this.signAlias;
    }

    public X509Certificate getSignCert() {
        return this.signCert;
    }

    public KeyStore.PrivateKeyEntry getSignEntry() {
        if (this.signEntry == null && this.signAlias != null) {
            DeviceFile deviceFile = (DeviceFile) getDevice();
            try {
                this.signEntry = (KeyStore.PrivateKeyEntry) deviceFile.getKeyStore().getEntry(this.signAlias, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            } catch (Exception unused) {
            }
        }
        return this.signEntry;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String getType() {
        return this.type;
    }

    public boolean hasCert(boolean z) {
        return z ? this.signCert != null : this.cryptCert != null;
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public void importKeyPair(byte[] bArr, byte[] bArr2) throws ImportKeyPairException, LoginException {
        String type = getType();
        DeviceFile deviceFile = (DeviceFile) getDevice();
        try {
            if (type.equals(Container.TYPE_RSA)) {
                KeyFactory keyFactory = KeyFactory.getInstance(Container.TYPE_RSA, BC);
                PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
                this.cryptKeyPair = new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr2)), generatePrivate);
                this.rootCert = makeCert(this.cryptKeyPair);
                deviceFile.getKeyStore().setKeyEntry("cryptPriKey", generatePrivate, "123456".toCharArray(), new X509Certificate[]{this.rootCert});
                deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
                this.cryptAlias = "cryptPriKey";
                return;
            }
            SM2KeyPairGenerator.GetParameterSpec();
            byte[] bArr3 = new byte[64];
            byte[] bArr4 = new byte[64];
            System.arraycopy(bArr2, 4, bArr3, 0, 64);
            System.arraycopy(bArr2, 68, bArr4, 0, 64);
            byte[] bArr5 = new byte[64];
            System.arraycopy(bArr, 4, bArr5, 0, 64);
            KeyFactory keyFactory2 = KeyFactory.getInstance("EC", BC);
            this.cryptKeyPair = new KeyPair(keyFactory2.generatePublic(SM2KeyPairGenerator.CreatePublicKeySpec(new BigInteger(bArr3), new BigInteger(bArr4))), keyFactory2.generatePrivate(SM2KeyPairGenerator.CreatePrivateKeySpec(new BigInteger(bArr5))));
        } catch (Exception unused) {
            throw new ImportKeyPairException();
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public void importWappedKeyPair(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws ImportKeyPairException, AsymCryptException, SymCryptException, LoginException, ConnectionException {
        if (!getDevice().isLogined()) {
            login();
        }
        byte[] decryptWappedSymKey = decryptWappedSymKey(bArr);
        try {
            byte[] bArr4 = new byte[68];
            bArr4[0] = 0;
            bArr4[1] = 1;
            bArr4[2] = 0;
            bArr4[3] = 0;
            SM4Engine sM4Engine = new SM4Engine();
            sM4Engine.init(false, new KeyParameter(decryptWappedSymKey));
            sM4Engine.processBlock(bArr2, 32, bArr4, 36);
            sM4Engine.processBlock(bArr2, 48, bArr4, 52);
            new String(Base64.encode(decryptWappedSymKey));
            importKeyPair(bArr4, bArr3);
        } catch (Exception e) {
            e.printStackTrace();
            throw new ImportKeyPairException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void setCert(boolean z, Cert cert) throws ImportCertException, LoginException {
        try {
            if (!getDevice().isLogined()) {
                login();
            }
            DeviceFile deviceFile = (DeviceFile) getDevice();
            X509Certificate[] x509CertificateArr = {cert.getX509Certificate()};
            if (z) {
                if (deviceFile.getKeyStore().containsAlias("signPriKey")) {
                    deviceFile.getKeyStore().deleteEntry("signPriKey");
                    this.signEntry = new KeyStore.PrivateKeyEntry(this.signKeyPair.getPrivate(), x509CertificateArr);
                    deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.signEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
                } else {
                    this.signEntry = new KeyStore.PrivateKeyEntry(this.signKeyPair != null ? this.signKeyPair.getPrivate() : getSignEntry().getPrivateKey(), x509CertificateArr);
                    deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.signEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
                }
            } else if (deviceFile.getKeyStore().containsAlias("cryptPriKey")) {
                deviceFile.getKeyStore().deleteEntry("cryptPriKey");
                this.cryptEntry = new KeyStore.PrivateKeyEntry(this.cryptKeyPair.getPrivate(), x509CertificateArr);
                deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.cryptEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            } else {
                this.cryptEntry = new KeyStore.PrivateKeyEntry(this.cryptKeyPair != null ? this.cryptKeyPair.getPrivate() : getCryptEntry().getPrivateKey(), x509CertificateArr);
                deviceFile.getKeyStore().setEntry(cert.getSerialNumber().toString(), this.cryptEntry, new KeyStore.PasswordProtection(deviceFile.getPassword().toCharArray()));
            }
            deviceFile.getKeyStore().store(new FileOutputStream(new File(deviceFile.getPath())), "123456".toCharArray());
            deviceFile.writeSoConfig(deviceFile.readSoConfig().getString("soPassword"), deviceFile.getPassword(), true, 6);
        } catch (LoginException e) {
            e.printStackTrace();
            throw new LoginException(e);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new ImportCertException(e2);
        }
    }

    public void setCryptAlias(String str) {
        this.cryptAlias = str;
    }

    public void setCryptCert(X509Certificate x509Certificate) {
        this.cryptCert = x509Certificate;
    }

    public void setSignAlias(String str) {
        this.signAlias = str;
    }

    public void setSignCert(X509Certificate x509Certificate) {
        this.signCert = x509Certificate;
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public byte[] signHash(byte[] bArr) throws SignException, ConnectionException, LoginException {
        try {
            if (this.type == Container.TYPE_RSA) {
                login();
                KeyStore.PrivateKeyEntry signEntry = getSignEntry();
                if (signEntry != null) {
                    PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
                    RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) signEntry.getPrivateKey();
                    pKCS1Encoding.init(true, new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
                    byte[] dEREncoded = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, DERNull.INSTANCE), bArr).getDEREncoded();
                    return pKCS1Encoding.processBlock(dEREncoded, 0, dEREncoded.length);
                }
            } else {
                login();
                KeyStore.PrivateKeyEntry signEntry2 = getSignEntry();
                if (signEntry2 != null) {
                    SM2DefaultSigner sM2DefaultSigner = new SM2DefaultSigner();
                    JCEECPrivateKey jCEECPrivateKey = (JCEECPrivateKey) signEntry2.getPrivateKey();
                    X9ECParameters GetByOid = SMNamedCurves.GetByOid(SMObjectIdentifiers.SM2);
                    sM2DefaultSigner.init(true, new ECPrivateKeyParameters(jCEECPrivateKey.getD(), new ECDomainParameters(GetByOid.getCurve(), GetByOid.getG(), GetByOid.getN())));
                    BigInteger[] generateSignature = sM2DefaultSigner.generateSignature(bArr);
                    return new DERSequence(new ASN1Encodable[]{new DERInteger(generateSignature[0]), new DERInteger(generateSignature[1])}).getDEREncoded();
                }
            }
            throw new SignException();
        } catch (InvalidCipherTextException e) {
            throw new SignException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String[] supportSignAlgs() {
        return this.type.equals(Container.TYPE_RSA) ? new String[]{"SHA1WithRSA"} : new String[]{"SM3WithSM2"};
    }
}
