package net.netca.pki.impl.jce;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.List;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.IntegerType;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.IgnoreExtension;
import net.netca.pki.encoding.asn1.pki.JCEPrivateKeyDecrypter;
import net.netca.pki.encoding.asn1.pki.JCESigner;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.JSONArray;
import net.netca.pki.encoding.json.JSONNumber;
import net.netca.pki.encoding.json.JSONObject;
import net.netca.pki.encoding.json.JSONString;
import net.netca.pki.global.Device;
import net.netca.pki.global.IEnvelopedDataDecrypt;
import net.netca.pki.global.IEnvelopedDataEncrypt;
import net.netca.pki.global.IEnvelopedDataMultiStepDecrypt;
import net.netca.pki.global.IEnvelopedDataMultiStepEncrypt;
import net.netca.pki.global.IGenerateRandom;
import net.netca.pki.global.IGetTimeStamp;
import net.netca.pki.global.IHash;
import net.netca.pki.global.ISignedDataDetachedSign;
import net.netca.pki.global.ISignedDataDetachedVerify;
import net.netca.pki.global.ISignedDataMultiStepSign;
import net.netca.pki.global.ISignedDataMultiStepVerify;
import net.netca.pki.global.ISignedDataSign;
import net.netca.pki.global.ISignedDataVerify;
import net.netca.pki.global.IVerifyTimeStamp;
import net.netca.pki.global.Pki;
import net.netca.pki.global.UnsupportedException;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class JCEPki extends Pki {
    private JSONObject json;
    private KeyStore keystore;
    private JCEX509Certificate signCert = null;
    private JCEX509Certificate encCert = null;

    private JCEX509Certificate getCertFromKeyStore(KeyStore keyStore, String str, String str2) {
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                throw new u("no cert");
            }
            Key key = keyStore.getKey(str, str2.toCharArray());
            if (key == null) {
                throw new u("no key");
            }
            if (!(key instanceof PrivateKey)) {
                throw new u("not private key");
            }
            PrivateKey privateKey = (PrivateKey) key;
            return new JCEX509Certificate(this, new X509CertificateAndPrivateKey(new X509Certificate(certificate.getEncoded()), new JCESigner(privateKey), new JCEPrivateKeyDecrypter(privateKey)), privateKey);
        } catch (KeyStoreException e) {
            throw new u("KeyStoreException:" + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new u("NoSuchAlgorithmException:" + e2.getMessage(), e2);
        } catch (UnrecoverableKeyException e3) {
            throw new u("UnrecoverableKeyException:" + e3.getMessage(), e3);
        } catch (CertificateEncodingException e4) {
            throw new u("CertificateEncodingException:" + e4.getMessage(), e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getCryptoSignatureAlgo(AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        if (oid.equals(AlgorithmIdentifier.SHA1WithRSA_OID)) {
            return 2;
        }
        if (oid.equals(AlgorithmIdentifier.SHA224WithRSA_OID)) {
            return 3;
        }
        if (oid.equals(AlgorithmIdentifier.SHA256WithRSA_OID)) {
            return 4;
        }
        if (oid.equals(AlgorithmIdentifier.SHA384WithRSA_OID)) {
            return 5;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512WithRSA_OID)) {
            return 6;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return 34;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return 35;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID)) {
            return 36;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID)) {
            return 37;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID)) {
            return 38;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID)) {
            return 39;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID)) {
            return 16;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID)) {
            return 17;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID)) {
            return 18;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return 19;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return 20;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID)) {
            return 40;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID)) {
            return 41;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return 42;
        }
        if (oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID)) {
            return 43;
        }
        return oid.equals(AlgorithmIdentifier.SM3WithSM2_OID) ? 25 : -1;
    }

    private String getDefaultPublicKeyEncryptAlgo(int i) {
        if (i == 1) {
            return AlgorithmIdentifier.RSAEncrypt_OID;
        }
        if (i == 2) {
            return AlgorithmIdentifier.SM2ENC_OID;
        }
        return null;
    }

    private AlgorithmIdentifier getDefaultSignatureAlgo(int i) {
        if (i == 1) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA256WithRSA_OID);
        }
        if (i == 2) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SM3WithSM2_OID);
        }
        if (i == 10) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA224_OID);
        }
        if (i == 3) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA256_OID);
        }
        if (i == 4) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA384_OID);
        }
        if (i == 5) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA512_OID);
        }
        return null;
    }

    private String getPublicKeyEncryptAlgoFromCrypto(int i) {
        if (i == 16) {
            return AlgorithmIdentifier.RSAEncrypt_OID;
        }
        if (i == 64) {
            return AlgorithmIdentifier.SM2ENC_OID;
        }
        return null;
    }

    private AlgorithmIdentifier getSignatureAlgoFromCrypto(int i) {
        if (i == 2) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA1WithRSA_OID);
        }
        if (i == 3) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA224WithRSA_OID);
        }
        if (i == 4) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA256WithRSA_OID);
        }
        if (i == 5) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA384WithRSA_OID);
        }
        if (i == 6) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA512WithRSA_OID);
        }
        if (i == 34) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA512_224WithRSA_OID);
        }
        if (i == 35) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA512_256WithRSA_OID);
        }
        if (i == 36) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA3_224WithRSA_OID);
        }
        if (i == 37) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA3_256WithRSA_OID);
        }
        if (i == 38) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA3_384WithRSA_OID);
        }
        if (i == 39) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SHA3_512WithRSA_OID);
        }
        if (i == 16) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA1_OID);
        }
        if (i == 17) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA224_OID);
        }
        if (i == 18) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA256_OID);
        }
        if (i == 19) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA384_OID);
        }
        if (i == 20) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA512_OID);
        }
        if (i == 40) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA3_224_OID);
        }
        if (i == 41) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA3_256_OID);
        }
        if (i == 42) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA3_384_OID);
        }
        if (i == 43) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.ECDSAWithSHA3_512_OID);
        }
        if (i == 25) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SM3WithSM2_OID);
        }
        return null;
    }

    private ArrayList<TimeStampInfo> getTimstampConfig() {
        if (this.json == null) {
            throw new u("no timestamp config");
        }
        ArrayList<TimeStampInfo> arrayList = new ArrayList<>();
        JSON value = this.json.getValue("timestamp");
        if (value == null) {
            throw new u("no timestamp config");
        }
        if (!(value instanceof JSONObject)) {
            throw new u("timestamp config error,not Object");
        }
        JSON value2 = ((JSONObject) value).getValue("tsa");
        if (!(value2 instanceof JSONArray)) {
            throw new u("timestamp config error,tsa not array");
        }
        JSONArray jSONArray = (JSONArray) value2;
        int size = jSONArray.size();
        if (size == 0) {
            throw new u("timestamp config error,tsa no item");
        }
        for (int i = 0; i < size; i++) {
            JSON json = jSONArray.get(i);
            if (!(json instanceof JSONObject)) {
                throw new u("timestamp config error,tsa item not Object");
            }
            arrayList.add(new TimeStampInfo((JSONObject) json));
        }
        return arrayList;
    }

    private void initCertFromKeyStore(JSONObject jSONObject) {
        String string;
        String str;
        String str2;
        FileInputStream fileInputStream;
        JSON value = jSONObject.getValue("keystoreName");
        if (value == null) {
            return;
        }
        if (!(value instanceof JSONString)) {
            throw new u("bad json param,keystoreName not string");
        }
        String string2 = ((JSONString) value).getString();
        JSON value2 = jSONObject.getValue("keystoreType");
        if (value2 == null) {
            string = KeyStore.getDefaultType();
        } else {
            if (!(value2 instanceof JSONString)) {
                throw new u("bad json param,keystoreType not string");
            }
            string = ((JSONString) value2).getString();
        }
        JSON value3 = jSONObject.getValue("keystorePwd");
        if (value3 == null) {
            throw new u("bad json param,no keystorePwd");
        }
        if (!(value3 instanceof JSONString)) {
            throw new u("bad json param,keystorePwd not string");
        }
        String string3 = ((JSONString) value3).getString();
        JSON value4 = jSONObject.getValue("keystoreEncAlias");
        FileInputStream fileInputStream2 = null;
        if (value4 == null) {
            str = null;
        } else {
            if (!(value4 instanceof JSONString)) {
                throw new u("bad json param,keystoreEncAlias not string");
            }
            str = ((JSONString) value4).getString();
        }
        JSON value5 = jSONObject.getValue("keystoreSignAlias");
        if (value5 == null) {
            str2 = null;
        } else {
            if (!(value5 instanceof JSONString)) {
                throw new u("bad json param,keystoreSignAlias not string");
            }
            str2 = ((JSONString) value5).getString();
        }
        if (str == null && str2 == null) {
            throw new u("bad json param,neither keystoreSignAlias nor keystoreSignAlias");
        }
        try {
            try {
                fileInputStream = new FileInputStream(string2);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        } catch (KeyStoreException e2) {
            e = e2;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
        } catch (CertificateException e4) {
            e = e4;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(string);
            keyStore.load(fileInputStream, string3.toCharArray());
            if (str != null) {
                this.encCert = getCertFromKeyStore(keyStore, str, string3);
            } else {
                this.encCert = null;
            }
            if (str2 != null) {
                this.signCert = getCertFromKeyStore(keyStore, str2, string3);
            } else {
                this.signCert = null;
            }
            this.keystore = keyStore;
            try {
                fileInputStream.close();
            } catch (IOException unused) {
            }
        } catch (IOException e5) {
            e = e5;
            throw new u("IOException:" + e.getMessage());
        } catch (KeyStoreException e6) {
            e = e6;
            throw new u("KeyStoreException:" + e.getMessage());
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            throw new u("NoSuchAlgorithmException:" + e.getMessage());
        } catch (CertificateException e8) {
            e = e8;
            throw new u("CertificateException:" + e.getMessage());
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException unused2) {
                }
            }
            throw th;
        }
    }

    private boolean matchPublicKey(JSON json, int i) {
        if (!(json instanceof JSONObject)) {
            return false;
        }
        JSONObject jSONObject = (JSONObject) json;
        JSON value = jSONObject.getValue("algo");
        if (!(value instanceof JSONNumber)) {
            return false;
        }
        JSONNumber jSONNumber = (JSONNumber) value;
        if (i == 1) {
            return jSONNumber.getNumber().intValue() == 1;
        }
        if (jSONNumber.getNumber().intValue() == 4) {
            JSON value2 = jSONObject.getValue("curve");
            if (!(value2 instanceof JSONNumber)) {
                return false;
            }
            JSONNumber jSONNumber2 = (JSONNumber) value2;
            if (i == 2) {
                return jSONNumber2.getNumber().intValue() == 7;
            }
            if (i == 10) {
                return jSONNumber2.getNumber().intValue() == 2;
            }
            if (i == 3) {
                return jSONNumber2.getNumber().intValue() == 3;
            }
            if (i == 4) {
                return jSONNumber2.getNumber().intValue() == 4;
            }
            if (i == 5 && jSONNumber2.getNumber().intValue() == 5) {
                return true;
            }
        }
        return false;
    }

    private int maybeSignedData(byte[] bArr, int i, int i2) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr, i, i2);
            ASN1Object.LongOutputParam longOutputParam = new ASN1Object.LongOutputParam();
            ASN1Object.ASN1Tag decodeTag = ASN1Object.decodeTag(byteArrayInputStream, longOutputParam);
            if (decodeTag.tagClass == 0 && decodeTag.isConstructed && decodeTag.tagNumber == 16) {
                long j = longOutputParam.value + 0;
                ASN1Object.decodeLength(byteArrayInputStream, longOutputParam);
                long j2 = j + longOutputParam.value;
                ASN1Object.ASN1Tag decodeTag2 = ASN1Object.decodeTag(byteArrayInputStream, longOutputParam);
                if (decodeTag2.tagClass == 0 && !decodeTag2.isConstructed && decodeTag2.tagNumber == 6) {
                    int i3 = (int) j2;
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr, i + i3, i2 - i3);
                    ASN1Object decode = ASN1Object.decode(byteArrayInputStream2, ObjectIdentifierType.getInstance(), longOutputParam);
                    if (decode == null) {
                        return 0;
                    }
                    long j3 = j2 + longOutputParam.value;
                    String string = ((ObjectIdentifier) decode).getString();
                    if (!string.equals("1.2.840.113549.1.7.2") && !string.equals("1.2.156.10197.6.1.4.2.2")) {
                        return 0;
                    }
                    ASN1Object.ASN1Tag decodeTag3 = ASN1Object.decodeTag(byteArrayInputStream2, longOutputParam);
                    if (decodeTag3.tagClass == 128 && decodeTag3.isConstructed && decodeTag3.tagNumber == 0) {
                        long j4 = j3 + longOutputParam.value;
                        ASN1Object.decodeLength(byteArrayInputStream2, longOutputParam);
                        long j5 = j4 + longOutputParam.value;
                        ASN1Object.ASN1Tag decodeTag4 = ASN1Object.decodeTag(byteArrayInputStream2, longOutputParam);
                        if (decodeTag4.tagClass == 0 && decodeTag4.isConstructed && decodeTag4.tagNumber == 16) {
                            long j6 = j5 + longOutputParam.value;
                            ASN1Object.decodeLength(byteArrayInputStream2, longOutputParam);
                            j2 = j6 + longOutputParam.value;
                        }
                    }
                    return 0;
                }
                int i4 = (int) j2;
                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(bArr, i + i4, i2 - i4);
                if (ASN1Object.decode(byteArrayInputStream3, IntegerType.getInstance(), longOutputParam) == null || ASN1Object.decode(byteArrayInputStream3, ASN1TypeManager.getInstance().get("SignedData.digestAlgorithms"), longOutputParam) == null) {
                    return 0;
                }
                ASN1Object.ASN1Tag decodeTag5 = ASN1Object.decodeTag(byteArrayInputStream3, longOutputParam);
                if (decodeTag5.tagClass == 0 && decodeTag5.isConstructed && decodeTag5.tagNumber == 16) {
                    long decodeLength = ASN1Object.decodeLength(byteArrayInputStream3, longOutputParam);
                    if (ASN1Object.decode(byteArrayInputStream3, ObjectIdentifierType.getInstance(), longOutputParam) == null) {
                        return 0;
                    }
                    return decodeLength == longOutputParam.value ? -1 : 1;
                }
            }
        } catch (Exception unused) {
        }
        return 0;
    }

    @Override // net.netca.pki.global.Pki
    public net.netca.pki.global.X509Certificate decodeCert(String str) {
        return new JCEX509Certificate(this, str);
    }

    @Override // net.netca.pki.global.Pki
    public net.netca.pki.global.X509Certificate decodeCert(byte[] bArr, int i, int i2) {
        return new JCEX509Certificate(this, bArr, i, i2);
    }

    @Override // net.netca.pki.global.Pki
    public List<Device> getAllDevice() {
        throw new UnsupportedException("unsupport getAllDevice");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ArrayList<String> getCACerts() {
        if (this.json == null) {
            return null;
        }
        JSON value = this.json.getValue("caCert");
        if (!(value instanceof JSONArray)) {
            return null;
        }
        ArrayList<String> arrayList = new ArrayList<>();
        JSONArray jSONArray = (JSONArray) value;
        int size = jSONArray.size();
        for (int i = 0; i < size; i++) {
            JSON json = jSONArray.get(i);
            if (json instanceof JSONString) {
                arrayList.add(((JSONString) json).getString());
            }
        }
        return arrayList;
    }

    @Override // net.netca.pki.global.Pki
    public Device getDevice(String str, String str2) {
        throw new UnsupportedException("unsupport getDevice");
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataDecrypt getEnvelopedDataDecryptObject() {
        return getEnvelopedDataDecryptObject(this.encCert);
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataDecrypt getEnvelopedDataDecryptObject(net.netca.pki.global.X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof JCEX509Certificate)) {
            throw new u("unknown cert class");
        }
        JCEX509Certificate jCEX509Certificate = (JCEX509Certificate) x509Certificate;
        if ((jCEX509Certificate.getKeyUsage() & 4) == 0) {
            throw new u("not enc cert");
        }
        X509CertificateAndPrivateKey certAndPrivateKey = jCEX509Certificate.getCertAndPrivateKey();
        if (certAndPrivateKey == null) {
            throw new u("no private key");
        }
        EnvelopedDataDecryptInfo envelopedDataDecryptInfo = new EnvelopedDataDecryptInfo(this.json);
        return new JCEEnvelopedDataDecrypt(this, certAndPrivateKey, envelopedDataDecryptInfo.isContentInfo, envelopedDataDecryptInfo.acceptableAlgos);
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataEncrypt getEnvelopedDataEncryptObject() {
        EnvelopedDataEncryptInfo envelopedDataEncryptInfo = new EnvelopedDataEncryptInfo(this.json);
        return new JCEEnvelopedDataEncrypt(envelopedDataEncryptInfo.isContentInfo, envelopedDataEncryptInfo.certIdType, envelopedDataEncryptInfo.encAlgo, envelopedDataEncryptInfo.isQ7);
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepDecrypt getEnvelopedDataMultiStepDecryptObject() {
        throw new UnsupportedException("unsupport getEnvelopedDataMultiStepDecryptObject");
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepDecrypt getEnvelopedDataMultiStepDecryptObject(net.netca.pki.global.X509Certificate x509Certificate) {
        throw new UnsupportedException("unsupport getEnvelopedDataMultiStepDecryptObject");
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepEncrypt getEnvelopedDataMultiStepEncryptObject() {
        throw new UnsupportedException("unsupport getEnvelopedDataMultiStepEncryptObject");
    }

    @Override // net.netca.pki.global.Pki
    public IGenerateRandom getGenerateRandomObject() {
        return new JCEGenerateRandom();
    }

    @Override // net.netca.pki.global.Pki
    public IGetTimeStamp getGetTimeStampObject() {
        return new JCEGetTimeStamp(this, getTimstampConfig());
    }

    @Override // net.netca.pki.global.Pki
    public IHash getHashObject(String str) {
        if (str == null) {
            return null;
        }
        try {
            return new JCEHash(str);
        } catch (NoSuchAlgorithmException e) {
            if (net.netca.pki.encoding.json.jose.IHash.SM3.equalsIgnoreCase(str) || AlgorithmIdentifier.SM3_OID.equals(str)) {
                return new SM3();
            }
            throw new UnsupportedException("unsupported hash algo " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IgnoreExtension getIgnoreExtension() {
        JSON value;
        IgnoreExtension ignoreExtension = new IgnoreExtension();
        if (this.json == null || (value = this.json.getValue("ignoreCertExtension")) == null || !(value instanceof JSONArray)) {
            return ignoreExtension;
        }
        JSONArray jSONArray = (JSONArray) value;
        int size = jSONArray.size();
        for (int i = 0; i < size; i++) {
            JSON json = jSONArray.get(i);
            if (json instanceof JSONString) {
                ignoreExtension.add(((JSONString) json).getString());
            }
        }
        return ignoreExtension;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getPrivateKey(byte[] bArr, String str) {
        if (this.keystore == null) {
            throw new u("no keystore");
        }
        try {
            String certificateAlias = this.keystore.getCertificateAlias(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)));
            if (certificateAlias == null) {
                throw new u("cert not in keystore");
            }
            Key key = this.keystore.getKey(certificateAlias, str.toCharArray());
            if (key == null) {
                throw new u("no key");
            }
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new u("not private key");
        } catch (KeyStoreException e) {
            throw new u("KeyStoreException:" + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new u("NoSuchAlgorithmException:" + e2.getMessage(), e2);
        } catch (UnrecoverableKeyException e3) {
            throw new u("UnrecoverableKeyException:" + e3.getMessage(), e3);
        } catch (CertificateException e4) {
            throw new u("CertificateException:" + e4.getMessage(), e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPublicKeyEncryptAlgo(int i) {
        JSON value;
        String publicKeyEncryptAlgoFromCrypto;
        if (this.json != null && (value = this.json.getValue("publicKeyEncryptAlgo")) != null && (value instanceof JSONArray)) {
            JSONArray jSONArray = (JSONArray) value;
            int size = jSONArray.size();
            for (int i2 = 0; i2 < size; i2++) {
                JSON json = jSONArray.get(i2);
                if (json instanceof JSONArray) {
                    JSONArray jSONArray2 = (JSONArray) json;
                    if (jSONArray2.size() == 2 && matchPublicKey(jSONArray2.get(0), i)) {
                        JSON json2 = jSONArray2.get(1);
                        if (json2 instanceof JSONArray) {
                            JSONArray jSONArray3 = (JSONArray) json2;
                            if (jSONArray3.size() == 0) {
                                continue;
                            } else {
                                JSON json3 = jSONArray3.get(0);
                                if ((json3 instanceof JSONNumber) && (publicKeyEncryptAlgoFromCrypto = getPublicKeyEncryptAlgoFromCrypto(((JSONNumber) json3).getNumber().intValue())) != null) {
                                    return publicKeyEncryptAlgoFromCrypto;
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return getDefaultPublicKeyEncryptAlgo(i);
        }
        return getDefaultPublicKeyEncryptAlgo(i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ArrayList<String> getRootCerts() {
        if (this.json == null) {
            return null;
        }
        JSON value = this.json.getValue("rootCert");
        if (!(value instanceof JSONArray)) {
            return null;
        }
        ArrayList<String> arrayList = new ArrayList<>();
        JSONArray jSONArray = (JSONArray) value;
        int size = jSONArray.size();
        for (int i = 0; i < size; i++) {
            JSON json = jSONArray.get(i);
            if (json instanceof JSONString) {
                arrayList.add(((JSONString) json).getString());
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AlgorithmIdentifier getSignatureAlgo(int i) {
        JSON value;
        AlgorithmIdentifier signatureAlgoFromCrypto;
        if (this.json != null && (value = this.json.getValue("signAlgo")) != null && (value instanceof JSONArray)) {
            JSONArray jSONArray = (JSONArray) value;
            int size = jSONArray.size();
            for (int i2 = 0; i2 < size; i2++) {
                JSON json = jSONArray.get(i2);
                if (json instanceof JSONArray) {
                    JSONArray jSONArray2 = (JSONArray) json;
                    if (jSONArray2.size() == 2 && matchPublicKey(jSONArray2.get(0), i)) {
                        JSON json2 = jSONArray2.get(1);
                        if (json2 instanceof JSONArray) {
                            JSONArray jSONArray3 = (JSONArray) json2;
                            if (jSONArray3.size() == 0) {
                                continue;
                            } else {
                                JSON json3 = jSONArray3.get(0);
                                if ((json3 instanceof JSONNumber) && (signatureAlgoFromCrypto = getSignatureAlgoFromCrypto(((JSONNumber) json3).getNumber().intValue())) != null) {
                                    return signatureAlgoFromCrypto;
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return getDefaultSignatureAlgo(i);
        }
        return getDefaultSignatureAlgo(i);
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataDetachedSign getSignedDataDetachedSignObject(net.netca.pki.global.X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof JCEX509Certificate)) {
            throw new u("unknown cert class");
        }
        JCEX509Certificate jCEX509Certificate = (JCEX509Certificate) x509Certificate;
        if ((jCEX509Certificate.getKeyUsage() & 3) == 0) {
            throw new u("not sign cert");
        }
        if (!jCEX509Certificate.isInValidity()) {
            throw new u("not in validity");
        }
        int publicKeyType = x509Certificate.getPublicKeyType();
        AlgorithmIdentifier signatureAlgo = getSignatureAlgo(publicKeyType);
        if (signatureAlgo == null) {
            throw new u("getSignatureAlgo fail");
        }
        return new JCESignedDataDetachedSign(this, jCEX509Certificate, signatureAlgo, new SignedDataSignInfo(this.json, getCryptoSignatureAlgo(signatureAlgo), publicKeyType));
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataDetachedVerify getSignedDataDetachedVerifyObject() {
        return new JCESignedDataDetachedVerify(this, new SignedDataVerifyInfo(this.json));
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataMultiStepSign getSignedDataMultiStepSignObject(net.netca.pki.global.X509Certificate x509Certificate) {
        throw new UnsupportedException("unsupport getSignedDataMultiStepSignObject");
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataMultiStepVerify getSignedDataMultiStepVerifyObject() {
        throw new UnsupportedException("unsupport getSignedDataMultiStepVerifyObject");
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataSign getSignedDataSignObject(net.netca.pki.global.X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof JCEX509Certificate)) {
            throw new u("unknown cert class");
        }
        JCEX509Certificate jCEX509Certificate = (JCEX509Certificate) x509Certificate;
        if ((jCEX509Certificate.getKeyUsage() & 3) == 0) {
            throw new u("not sign cert");
        }
        if (!jCEX509Certificate.isInValidity()) {
            throw new u("not in validity");
        }
        X509CertificateAndPrivateKey certAndPrivateKey = jCEX509Certificate.getCertAndPrivateKey();
        if (certAndPrivateKey == null) {
            throw new u("no private key");
        }
        int publicKeyType = x509Certificate.getPublicKeyType();
        AlgorithmIdentifier signatureAlgo = getSignatureAlgo(publicKeyType);
        if (signatureAlgo == null) {
            throw new u("getSignatureAlgo fail");
        }
        return new JCESignedDataSign(this, certAndPrivateKey, signatureAlgo, new SignedDataSignInfo(this.json, getCryptoSignatureAlgo(signatureAlgo), publicKeyType));
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataVerify getSignedDataVerifyObject() {
        return new JCESignedDataVerify(this, new SignedDataVerifyInfo(this.json));
    }

    @Override // net.netca.pki.global.Pki
    public net.netca.pki.global.X509Certificate getUserCert(int i, String str, String str2) {
        if (i == 1 && str == null && this.encCert != null) {
            return this.encCert;
        }
        if (i == 2 && str == null && this.signCert != null) {
            return this.signCert;
        }
        return null;
    }

    @Override // net.netca.pki.global.Pki
    public IVerifyTimeStamp getVerifyTimeStampObject() {
        return new JCEVerifyTimeStamp(this);
    }

    @Override // net.netca.pki.global.Pki
    public void init(String str) {
        JSON decode = JSON.decode(str);
        if (!(decode instanceof JSONObject)) {
            throw new u("bad param,not json object");
        }
        JSONObject jSONObject = (JSONObject) decode;
        this.json = jSONObject;
        initCertFromKeyStore(jSONObject);
    }

    @Override // net.netca.pki.global.Pki
    public boolean isDetachedSignedData(byte[] bArr, int i, int i2) {
        return maybeSignedData(bArr, i, i2) == -1;
    }

    @Override // net.netca.pki.global.Pki
    public boolean isKeyInserted() {
        return false;
    }

    @Override // net.netca.pki.global.Pki
    public boolean isSignedData(byte[] bArr, int i, int i2) {
        return maybeSignedData(bArr, i, i2) != 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isVerifyValidity() {
        JSON value;
        return this.json == null || (value = this.json.getValue("verifySignatureOption")) == null || !(value instanceof JSONNumber) || ((JSONNumber) value).getNumber().intValue() != 0;
    }
}
