package cn.com.infosec.mobile.netcert.framework.utils;

import cn.com.infosec.asn1.ASN1InputStream;
import cn.com.infosec.asn1.ASN1Sequence;
import cn.com.infosec.asn1.DERBitString;
import cn.com.infosec.asn1.DEROutputStream;
import cn.com.infosec.asn1.DERSequence;
import cn.com.infosec.asn1.pkcs.CertificationRequest;
import cn.com.infosec.asn1.pkcs.CertificationRequestInfo;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.x509.AlgorithmIdentifier;
import cn.com.infosec.asn1.x509.SubjectPublicKeyInfo;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.mobile.netcert.framework.crypto.HSM;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import cn.com.infosec.mobile.netcert.framework.crypto.SM2Id;
import cn.com.infosec.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: classes.dex */
public class Pkcs10 {
    private static final String CERTIFICATE_EXT_OID = "1.3.6.1.4.1.311.2.1.14";
    private static final String CERTIFICATE_REQ_BEGIN = "-----BEGIN NEW CERTIFICATE REQUEST-----";
    private static final String CERTIFICATE_REQ_END = "-----END NEW CERTIFICATE REQUEST-----";
    private CertificationRequest csr;
    private PublicKey pk;
    private X509Name subject;

    public static String genCSR(X509Name x509Name, String str, int i, String str2, char[] cArr, IHSM ihsm, String str3) throws Exception {
        String str4;
        int indexOf = str2.toLowerCase().indexOf("rsa");
        String str5 = IHSM.RSA;
        if (indexOf <= -1) {
            str5 = IHSM.SM2;
            str4 = "1.2.156.10197.1.501";
        } else if (str2.equalsIgnoreCase(IHSM.SHA1withRSA)) {
            str4 = PKCSObjectIdentifiers.sha1WithRSAEncryption.getId();
        } else {
            if (!str2.equalsIgnoreCase(IHSM.SHA256withRSA)) {
                throw new Exception(str2 + " NOT support.");
            }
            str4 = PKCSObjectIdentifiers.sha256WithRSAEncryption.getId();
        }
        String str6 = str4;
        CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(x509Name, new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(ihsm.exportPublicKey(str5, IHSM.SIGN, str, i, cArr).getEncoded())).readObject()), null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        dEROutputStream.writeObject(certificationRequestInfo.getDERObject());
        dEROutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        CertificationRequest certificationRequest = new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(str6), new DERBitString(ihsm.sign(str, i, cArr, byteArray, str2, str3)));
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream2 = new DEROutputStream(byteArrayOutputStream2);
        dEROutputStream2.writeObject(certificationRequest.getDERObject());
        dEROutputStream2.close();
        byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
        byteArrayOutputStream2.close();
        String encode = Base64.encode(byteArray2);
        String property = System.getProperty("line.separator");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(CERTIFICATE_REQ_BEGIN);
        stringBuffer.append(property);
        int i2 = 0;
        while (i2 < encode.length()) {
            stringBuffer.append(encode.charAt(i2));
            i2++;
            if (i2 % 64 == 0) {
                stringBuffer.append(property);
            }
        }
        stringBuffer.append(property);
        stringBuffer.append(CERTIFICATE_REQ_END);
        return stringBuffer.toString();
    }

    private static PublicKey genPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws Exception {
        KeyFactory keyFactory;
        String id = subjectPublicKeyInfo.getAlgorithmId().getObjectId().getId();
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
        if (id.equalsIgnoreCase(IHSM.SM2PublickOid)) {
            keyFactory = KeyFactory.getInstance(IHSM.EC, IHSM.INFOSEC);
        } else {
            if (!id.equalsIgnoreCase(PKCSObjectIdentifiers.rsaEncryption.getId())) {
                throw new NoSuchAlgorithmException("Public Key getAlgorithmId not support (" + id + ").");
            }
            keyFactory = KeyFactory.getInstance(IHSM.RSA, IHSM.INFOSEC);
        }
        return keyFactory.generatePublic(x509EncodedKeySpec);
    }

    public static Pkcs10 parseCSR(byte[] bArr) throws Exception {
        return parseCSR(bArr, true);
    }

    public static Pkcs10 parseCSR(byte[] bArr, boolean z) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
        byteArrayInputStream.close();
        CertificationRequest certificationRequest = new CertificationRequest((ASN1Sequence) aSN1InputStream.readObject());
        CertificationRequestInfo certificationRequestInfo = certificationRequest.getCertificationRequestInfo();
        PublicKey genPublicKey = genPublicKey(certificationRequestInfo.getSubjectPublicKeyInfo());
        if (!z) {
            Pkcs10 pkcs10 = new Pkcs10();
            pkcs10.csr = certificationRequest;
            pkcs10.pk = genPublicKey;
            pkcs10.subject = certificationRequestInfo.getSubject();
            return pkcs10;
        }
        byte[] bytes = certificationRequest.getSignature().getBytes();
        String id = certificationRequest.getSignatureAlgorithm().getObjectId().getId();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        dEROutputStream.writeObject(certificationRequestInfo.getDERObject());
        dEROutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        if (!HSM.getInst("").verify(byteArray, bytes, genPublicKey, id, SM2Id.getVerifyId("CSR"))) {
            throw new Exception("Invalid CSR: verify signature failed.");
        }
        Pkcs10 pkcs102 = new Pkcs10();
        pkcs102.csr = certificationRequest;
        pkcs102.pk = genPublicKey;
        pkcs102.subject = certificationRequestInfo.getSubject();
        return pkcs102;
    }

    public static Pkcs10 parseMozillaCSR(byte[] bArr) throws Exception {
        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
        if (aSN1Sequence.size() != 3) {
            throw new IllegalArgumentException("invalid SPKAC (size):" + aSN1Sequence.size());
        }
        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
        if (aSN1Sequence2.size() != 2) {
            throw new IllegalArgumentException("invalid PKAC (len): " + aSN1Sequence2.size());
        }
        PublicKey genPublicKey = genPublicKey(new SubjectPublicKeyInfo((ASN1Sequence) aSN1Sequence2.getObjectAt(0)));
        if (!HSM.getInst("").verify(aSN1Sequence2.getEncoded(), ((DERBitString) aSN1Sequence.getObjectAt(2)).getBytes(), genPublicKey, AlgorithmIdentifier.getInstance((DERSequence) aSN1Sequence.getObjectAt(1)).getObjectId().getId(), null)) {
            throw new Exception("Invalid CSR: verify signature failed.");
        }
        Pkcs10 pkcs10 = new Pkcs10();
        pkcs10.pk = genPublicKey;
        return pkcs10;
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x00ca A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0043 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Hashtable<cn.com.infosec.asn1.DERObjectIdentifier, cn.com.infosec.asn1.x509.X509Extension> getCertificateExtension() throws java.io.IOException {
        /*
            r14 = this;
            java.util.Hashtable r0 = new java.util.Hashtable
            r0.<init>()
            cn.com.infosec.asn1.pkcs.CertificationRequest r1 = r14.csr
            if (r1 != 0) goto La
            return r0
        La:
            cn.com.infosec.asn1.pkcs.CertificationRequestInfo r1 = r1.getCertificationRequestInfo()
            cn.com.infosec.asn1.ASN1Set r1 = r1.getAttributes()
            if (r1 != 0) goto L15
            return r0
        L15:
            int r2 = r1.size()
            r3 = 0
            r4 = 0
        L1b:
            if (r4 >= r2) goto Ldb
            cn.com.infosec.asn1.DEREncodable r5 = r1.getObjectAt(r4)
            cn.com.infosec.asn1.cms.Attribute r5 = cn.com.infosec.asn1.cms.Attribute.getInstance(r5)
            cn.com.infosec.asn1.DERObjectIdentifier r6 = r5.getAttrType()
            java.lang.String r6 = r6.getId()
            java.lang.String r7 = "1.3.6.1.4.1.311.2.1.14"
            boolean r6 = r6.equals(r7)
            if (r6 == 0) goto Ld7
            cn.com.infosec.asn1.ASN1Set r5 = r5.getAttrValues()
            cn.com.infosec.asn1.DEREncodable r5 = r5.getObjectAt(r3)
            cn.com.infosec.asn1.ASN1Sequence r5 = (cn.com.infosec.asn1.ASN1Sequence) r5
            java.util.Enumeration r5 = r5.getObjects()
        L43:
            boolean r6 = r5.hasMoreElements()
            if (r6 == 0) goto Ld7
            java.lang.Object r6 = r5.nextElement()
            boolean r7 = r6 instanceof cn.com.infosec.asn1.ASN1Sequence
            if (r7 == 0) goto L43
            cn.com.infosec.asn1.ASN1Sequence r6 = (cn.com.infosec.asn1.ASN1Sequence) r6
            int r7 = r6.size()
            r8 = 0
            cn.com.infosec.asn1.DEREncodable r9 = r6.getObjectAt(r3)
            boolean r9 = r9 instanceof cn.com.infosec.asn1.DERObjectIdentifier
            if (r9 == 0) goto Lcf
            cn.com.infosec.asn1.DEREncodable r9 = r6.getObjectAt(r3)
            cn.com.infosec.asn1.DERObjectIdentifier r9 = (cn.com.infosec.asn1.DERObjectIdentifier) r9
            r10 = 3
            r11 = 2
            if (r7 == r10) goto L75
            if (r7 != r11) goto L6d
            goto L75
        L6d:
            java.io.IOException r0 = new java.io.IOException
            java.lang.String r1 = "format error, not an Extension"
            r0.<init>(r1)
            throw r0
        L75:
            java.lang.String r12 = "format error, not a DEROctetString"
            r13 = 1
            if (r7 != r11) goto L90
            cn.com.infosec.asn1.DEREncodable r7 = r6.getObjectAt(r13)
            boolean r7 = r7 instanceof cn.com.infosec.asn1.DEROctetString
            if (r7 == 0) goto L8a
            cn.com.infosec.asn1.DEREncodable r6 = r6.getObjectAt(r13)
            r8 = r6
            cn.com.infosec.asn1.DEROctetString r8 = (cn.com.infosec.asn1.DEROctetString) r8
            goto Lc2
        L8a:
            java.io.IOException r0 = new java.io.IOException
            r0.<init>(r12)
            throw r0
        L90:
            if (r7 != r10) goto Lc2
            cn.com.infosec.asn1.DEREncodable r7 = r6.getObjectAt(r13)
            boolean r7 = r7 instanceof cn.com.infosec.asn1.DERBoolean
            if (r7 == 0) goto Lba
            cn.com.infosec.asn1.DEREncodable r7 = r6.getObjectAt(r13)
            cn.com.infosec.asn1.DERBoolean r7 = (cn.com.infosec.asn1.DERBoolean) r7
            boolean r7 = r7.isTrue()
            cn.com.infosec.asn1.DEREncodable r8 = r6.getObjectAt(r11)
            boolean r8 = r8 instanceof cn.com.infosec.asn1.DEROctetString
            if (r8 == 0) goto Lb4
            cn.com.infosec.asn1.DEREncodable r6 = r6.getObjectAt(r11)
            r8 = r6
            cn.com.infosec.asn1.DEROctetString r8 = (cn.com.infosec.asn1.DEROctetString) r8
            goto Lc3
        Lb4:
            java.io.IOException r0 = new java.io.IOException
            r0.<init>(r12)
            throw r0
        Lba:
            java.io.IOException r0 = new java.io.IOException
            java.lang.String r1 = "format error, not a DERBoolean"
            r0.<init>(r1)
            throw r0
        Lc2:
            r7 = 0
        Lc3:
            cn.com.infosec.asn1.x509.X509Extension r6 = new cn.com.infosec.asn1.x509.X509Extension
            r6.<init>(r7, r8)
            if (r9 == 0) goto L43
            r0.put(r9, r6)
            goto L43
        Lcf:
            java.io.IOException r0 = new java.io.IOException
            java.lang.String r1 = "format error, not a oid"
            r0.<init>(r1)
            throw r0
        Ld7:
            int r4 = r4 + 1
            goto L1b
        Ldb:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.com.infosec.mobile.netcert.framework.utils.Pkcs10.getCertificateExtension():java.util.Hashtable");
    }

    public CertificationRequest getCsr() {
        return this.csr;
    }

    public PublicKey getPublicKey() {
        return this.pk;
    }

    public X509Name getSubject() {
        return this.subject;
    }
}
