package net.netca.pki.impl.netcajni;

import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.netca.pki.Configure;
import net.netca.pki.DeviceSet;
import net.netca.pki.KeyPair;
import net.netca.pki.SignedData;
import net.netca.pki.Util;
import net.netca.pki.d;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.JSONArray;
import net.netca.pki.encoding.json.JSONNumber;
import net.netca.pki.encoding.json.JSONObject;
import net.netca.pki.encoding.json.JSONString;
import net.netca.pki.global.Device;
import net.netca.pki.global.IEnvelopedDataDecrypt;
import net.netca.pki.global.IEnvelopedDataEncrypt;
import net.netca.pki.global.IEnvelopedDataMultiStepDecrypt;
import net.netca.pki.global.IEnvelopedDataMultiStepEncrypt;
import net.netca.pki.global.IGenerateRandom;
import net.netca.pki.global.IGetTimeStamp;
import net.netca.pki.global.IHash;
import net.netca.pki.global.ISignedDataDetachedSign;
import net.netca.pki.global.ISignedDataDetachedVerify;
import net.netca.pki.global.ISignedDataMultiStepSign;
import net.netca.pki.global.ISignedDataMultiStepVerify;
import net.netca.pki.global.ISignedDataSign;
import net.netca.pki.global.ISignedDataVerify;
import net.netca.pki.global.IVerifyTimeStamp;
import net.netca.pki.global.Pki;
import net.netca.pki.global.X509Certificate;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class NetcaPki extends Pki implements d {
    private NetcaX509Certificate encCert;
    private int includeCertOption;
    private Map<String, Integer> signAlgoMap;
    private NetcaX509Certificate signCert;

    public NetcaPki() {
        this.includeCertOption = -1;
        this.signAlgoMap = new HashMap();
        this.signCert = null;
        this.encCert = null;
        Configure.reset();
    }

    public NetcaPki(NetcaX509Certificate netcaX509Certificate, NetcaX509Certificate netcaX509Certificate2) {
        this.includeCertOption = -1;
        this.signAlgoMap = new HashMap();
        this.signCert = netcaX509Certificate;
        this.encCert = netcaX509Certificate2;
        Configure.reset();
    }

    private void addDevice(ArrayList<Device> arrayList, DeviceSet deviceSet) {
        int count = deviceSet.count();
        for (int i = 0; i < count; i++) {
            net.netca.pki.Device device = deviceSet.get(i);
            if (device != null) {
                try {
                    arrayList.add(new NetcaDevice(device, this.signAlgoMap));
                } finally {
                    device.free();
                }
            }
        }
    }

    private void addSignAlgoMap(Map<String, Integer> map, JSONArray jSONArray) {
        String publicType;
        if (jSONArray.size() != 2) {
            return;
        }
        JSON json = jSONArray.get(0);
        if ((json instanceof JSONObject) && (publicType = getPublicType((JSONObject) json)) != null) {
            JSON json2 = jSONArray.get(1);
            if (json2 instanceof JSONArray) {
                JSONArray jSONArray2 = (JSONArray) json2;
                if (jSONArray2.size() == 0) {
                    return;
                }
                JSON json3 = jSONArray2.get(0);
                if (json3 instanceof JSONNumber) {
                    map.put(publicType, new Integer(((JSONNumber) json3).getNumber().intValue()));
                }
            }
        }
    }

    private void addSignAlgoMap(Map<String, Integer> map, JSONObject jSONObject) {
        int signatureAlgorithm;
        JSON value = jSONObject.getValue("type");
        if (!(value instanceof JSONString)) {
            throw new u("bad json param,bad signAlgo item");
        }
        String string = ((JSONString) value).getString();
        JSON value2 = jSONObject.getValue("value");
        if (value2 instanceof JSONNumber) {
            signatureAlgorithm = ((JSONNumber) value2).getNumber().intValue();
        } else {
            if (!(value2 instanceof JSONString)) {
                throw new u("bad json param,bad signAlgo item");
            }
            signatureAlgorithm = getSignatureAlgorithm(((JSONString) value2).getString());
        }
        if (signatureAlgorithm == -1) {
            throw new u("bad json param,bad signAlgo item");
        }
        map.put(string, new Integer(signatureAlgorithm));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r5v1 */
    /* JADX WARN: Type inference failed for: r5v11, types: [net.netca.pki.Certificate] */
    /* JADX WARN: Type inference failed for: r5v4, types: [net.netca.pki.Certificate] */
    /* JADX WARN: Type inference failed for: r5v5 */
    /* JADX WARN: Type inference failed for: r5v8 */
    private NetcaX509Certificate getCertFromKeyStore(KeyStore keyStore, String str, String str2) {
        KeyPair keyPair = null;
        try {
            try {
                KeyPair a2 = Util.a(keyStore, (String) str, str2);
                try {
                    if (a2 == null) {
                        throw new u("get keypair fail");
                    }
                    Certificate certificate = keyStore.getCertificate(str);
                    if (certificate == null) {
                        throw new u("no cert");
                    }
                    str = new net.netca.pki.Certificate(certificate.getEncoded());
                    try {
                        str.setKeyPair(a2);
                        NetcaX509Certificate netcaX509Certificate = new NetcaX509Certificate((net.netca.pki.Certificate) str, this.signAlgoMap, (NetcaDevice) null);
                        if (a2 != null) {
                            a2.free();
                        }
                        str.free();
                        return netcaX509Certificate;
                    } catch (KeyStoreException e) {
                        e = e;
                        throw new u("KeyStoreException:" + e.getMessage());
                    } catch (CertificateEncodingException e2) {
                        e = e2;
                        throw new u("CertificateEncodingException:" + e.getMessage());
                    } catch (Throwable th) {
                        th = th;
                        keyPair = a2;
                        if (keyPair != null) {
                            keyPair.free();
                        }
                        if (str != 0) {
                            str.free();
                        }
                        throw th;
                    }
                } catch (KeyStoreException e3) {
                    e = e3;
                } catch (CertificateEncodingException e4) {
                    e = e4;
                } catch (Throwable th2) {
                    th = th2;
                    str = 0;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (KeyStoreException e5) {
            e = e5;
        } catch (CertificateEncodingException e6) {
            e = e6;
        } catch (Throwable th4) {
            th = th4;
            str = 0;
        }
    }

    private String getPublicType(JSONObject jSONObject) {
        JSON value = jSONObject.getValue("algo");
        if (!(value instanceof JSONNumber)) {
            return null;
        }
        int intValue = ((JSONNumber) value).getNumber().intValue();
        if (intValue == 1) {
            return KeyPropertiesCompact.KEY_ALGORITHM_RSA;
        }
        if (intValue == 2) {
            return "DSA";
        }
        if (intValue == 3) {
            return "DH";
        }
        if (intValue == 4) {
            JSON value2 = jSONObject.getValue("curve");
            if (!(value2 instanceof JSONNumber)) {
                return null;
            }
            int intValue2 = ((JSONNumber) value2).getNumber().intValue();
            if (intValue2 == 7) {
                return "SM2";
            }
            if (intValue2 == 1) {
                return "P-192";
            }
            if (intValue2 == 2) {
                return "P-224";
            }
            if (intValue2 == 3) {
                return "P-256";
            }
            if (intValue2 == 4) {
                return "P-384";
            }
            if (intValue2 == 5) {
                return "P-521";
            }
            if (intValue2 == 6) {
                return "WAPI";
            }
        }
        return null;
    }

    private Map<String, Integer> getSignAlgoMap(JSONObject jSONObject) {
        JSON value = jSONObject.getValue("signAlgo");
        if (value == null) {
            return new HashMap();
        }
        if (!(value instanceof JSONArray)) {
            throw new u("bad json param,signAlgo not array");
        }
        JSONArray jSONArray = (JSONArray) value;
        int size = jSONArray.size();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < size; i++) {
            JSON json = jSONArray.get(i);
            if (json instanceof JSONObject) {
                addSignAlgoMap(hashMap, (JSONObject) json);
            } else {
                if (!(json instanceof JSONArray)) {
                    throw new u("bad json param,signAlgo item not object or array");
                }
                addSignAlgoMap(hashMap, (JSONArray) json);
            }
        }
        return hashMap;
    }

    private static int getSignatureAlgorithm(String str) {
        if (str.equalsIgnoreCase("SHA1WithRSA") || str.equalsIgnoreCase("SHA-1WithRSA")) {
            return 2;
        }
        if (str.equalsIgnoreCase("SHA224WithRSA")) {
            return 3;
        }
        if (str.equalsIgnoreCase("SHA256WithRSA")) {
            return 4;
        }
        if (str.equalsIgnoreCase("SHA384WithRSA")) {
            return 5;
        }
        if (str.equalsIgnoreCase("SHA512WithRSA")) {
            return 6;
        }
        if (str.equalsIgnoreCase("SHA512/224WithRSA") || str.equalsIgnoreCase("SHA512_224WithRSA")) {
            return 34;
        }
        if (str.equalsIgnoreCase("SHA512/256WithRSA") || str.equalsIgnoreCase("SHA512_256WithRSA")) {
            return 35;
        }
        if (str.equalsIgnoreCase("SHA3_224WithRSA")) {
            return 36;
        }
        if (str.equalsIgnoreCase("SHA3_256WithRSA")) {
            return 37;
        }
        if (str.equalsIgnoreCase("SHA3_384WithRSA")) {
            return 38;
        }
        if (str.equalsIgnoreCase("SHA3_512WithRSA")) {
            return 39;
        }
        if (str.equalsIgnoreCase("DSAWithSHA1")) {
            return 13;
        }
        if (str.equalsIgnoreCase("DSAWithSHA224")) {
            return 14;
        }
        if (str.equalsIgnoreCase("DSAWithSHA256")) {
            return 15;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA1")) {
            return 16;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA224")) {
            return 17;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA256")) {
            return 18;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA384")) {
            return 19;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA512")) {
            return 20;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA3_224")) {
            return 40;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA3_256")) {
            return 41;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA3_384")) {
            return 42;
        }
        if (str.equalsIgnoreCase("ECDSAWithSHA3_512")) {
            return 43;
        }
        return str.equalsIgnoreCase("SM3WithSM2") ? 25 : -1;
    }

    private void initCertFromKeyStore(JSONObject jSONObject) {
        String string;
        String str;
        String str2;
        FileInputStream fileInputStream;
        JSON value = jSONObject.getValue("keystoreName");
        if (value == null) {
            return;
        }
        if (!(value instanceof JSONString)) {
            throw new u("bad json param,keystoreName not string");
        }
        String string2 = ((JSONString) value).getString();
        JSON value2 = jSONObject.getValue("keystoreType");
        if (value2 == null) {
            string = KeyStore.getDefaultType();
        } else {
            if (!(value2 instanceof JSONString)) {
                throw new u("bad json param,keystoreType not string");
            }
            string = ((JSONString) value2).getString();
        }
        JSON value3 = jSONObject.getValue("keystorePwd");
        if (value3 == null) {
            throw new u("bad json param,no keystorePwd");
        }
        if (!(value3 instanceof JSONString)) {
            throw new u("bad json param,keystorePwd not string");
        }
        String string3 = ((JSONString) value3).getString();
        JSON value4 = jSONObject.getValue("keystoreEncAlias");
        FileInputStream fileInputStream2 = null;
        if (value4 == null) {
            str = null;
        } else {
            if (!(value4 instanceof JSONString)) {
                throw new u("bad json param,keystoreEncAlias not string");
            }
            str = ((JSONString) value4).getString();
        }
        JSON value5 = jSONObject.getValue("keystoreSignAlias");
        if (value5 == null) {
            str2 = null;
        } else {
            if (!(value5 instanceof JSONString)) {
                throw new u("bad json param,keystoreSignAlias not string");
            }
            str2 = ((JSONString) value5).getString();
        }
        if (str == null && str2 == null) {
            throw new u("bad json param,neither keystoreSignAlias nor keystoreSignAlias");
        }
        try {
            try {
                fileInputStream = new FileInputStream(string2);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        } catch (KeyStoreException e2) {
            e = e2;
        } catch (NoSuchAlgorithmException e3) {
            e = e3;
        } catch (CertificateException e4) {
            e = e4;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(string);
            keyStore.load(fileInputStream, string3.toCharArray());
            NetcaX509Certificate certFromKeyStore = str != null ? getCertFromKeyStore(keyStore, str, string3) : null;
            if (this.encCert != null) {
                this.encCert.free();
            }
            this.encCert = certFromKeyStore;
            NetcaX509Certificate certFromKeyStore2 = str2 != null ? getCertFromKeyStore(keyStore, str2, string3) : null;
            if (this.signCert != null) {
                this.signCert.free();
            }
            this.signCert = certFromKeyStore2;
            try {
                fileInputStream.close();
            } catch (IOException unused) {
            }
        } catch (IOException e5) {
            e = e5;
            throw new u("IOException:" + e.getMessage());
        } catch (KeyStoreException e6) {
            e = e6;
            throw new u("KeyStoreException:" + e.getMessage());
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            throw new u("NoSuchAlgorithmException:" + e.getMessage());
        } catch (CertificateException e8) {
            e = e8;
            throw new u("CertificateException:" + e.getMessage());
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException unused2) {
                }
            }
            throw th;
        }
    }

    private void initSign() {
        if (this.includeCertOption != -1) {
            try {
                Configure.setSignedDataIncludeCertOption(this.includeCertOption);
            } catch (u unused) {
            }
        }
        initSign(this.signAlgoMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initSign(Map<String, Integer> map) {
        if (map == null) {
            return;
        }
        for (String str : map.keySet()) {
            Integer num = map.get(str);
            if (num != null) {
                Configure.a(str, num.intValue());
            }
        }
    }

    @Override // net.netca.pki.global.Pki
    public X509Certificate decodeCert(String str) {
        NetcaX509Certificate netcaX509Certificate = new NetcaX509Certificate(str);
        netcaX509Certificate.setSignAlgoMap(this.signAlgoMap);
        return netcaX509Certificate;
    }

    @Override // net.netca.pki.global.Pki
    public X509Certificate decodeCert(byte[] bArr, int i, int i2) {
        NetcaX509Certificate netcaX509Certificate = new NetcaX509Certificate(bArr, i, i2);
        netcaX509Certificate.setSignAlgoMap(this.signAlgoMap);
        return netcaX509Certificate;
    }

    @Override // net.netca.pki.d
    public void free() {
        if (this.signCert != null) {
            this.signCert.free();
        }
        if (this.encCert != null) {
            this.encCert.free();
        }
    }

    @Override // net.netca.pki.global.Pki
    public List<Device> getAllDevice() {
        ArrayList<Device> arrayList = new ArrayList<>();
        DeviceSet deviceSet = null;
        try {
            DeviceSet deviceSet2 = new DeviceSet(-1, 0);
            try {
                addDevice(arrayList, deviceSet2);
                deviceSet2.free();
                return arrayList;
            } catch (Throwable th) {
                th = th;
                deviceSet = deviceSet2;
                if (deviceSet != null) {
                    deviceSet.free();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // net.netca.pki.global.Pki
    public Device getDevice(String str, String str2) {
        int indexOf = str.indexOf(35);
        if (indexOf == -1) {
            throw new u("bad deviceId,no #");
        }
        if (indexOf == 0) {
            throw new u("bad deviceId");
        }
        if (indexOf == str.length() - 1) {
            throw new u("bad deviceId");
        }
        String substring = str.substring(0, indexOf);
        try {
            net.netca.pki.Device findDevice = net.netca.pki.Device.findDevice(Integer.parseInt(substring, 10), str.substring(indexOf + 1), 0);
            if (findDevice == null) {
                return null;
            }
            if (str2 != null) {
                try {
                    if (!findDevice.verifyPwd(1, str2)) {
                        throw new u("verify pwd fail");
                    }
                } catch (Throwable th) {
                    findDevice.free();
                    throw th;
                }
            }
            NetcaDevice netcaDevice = new NetcaDevice(findDevice, this.signAlgoMap);
            findDevice.free();
            return netcaDevice;
        } catch (NumberFormatException unused) {
            throw new u("bad deviceId");
        }
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataDecrypt getEnvelopedDataDecryptObject() {
        return new NetcaEnvelopedDataDecrypt();
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataDecrypt getEnvelopedDataDecryptObject(X509Certificate x509Certificate) {
        if (x509Certificate instanceof NetcaX509Certificate) {
            return new NetcaEnvelopedDataDecrypt((NetcaX509Certificate) x509Certificate);
        }
        throw new u("unknown cert class");
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataEncrypt getEnvelopedDataEncryptObject() {
        return new NetcaEnvelopedDataEncrypt();
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepDecrypt getEnvelopedDataMultiStepDecryptObject() {
        return new NetcaEnvelopedDataDecrypt();
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepDecrypt getEnvelopedDataMultiStepDecryptObject(X509Certificate x509Certificate) {
        if (x509Certificate instanceof NetcaX509Certificate) {
            return new NetcaEnvelopedDataDecrypt((NetcaX509Certificate) x509Certificate);
        }
        throw new u("unknown cert class");
    }

    @Override // net.netca.pki.global.Pki
    public IEnvelopedDataMultiStepEncrypt getEnvelopedDataMultiStepEncryptObject() {
        return new NetcaEnvelopedDataEncrypt();
    }

    @Override // net.netca.pki.global.Pki
    public IGenerateRandom getGenerateRandomObject() {
        return new NetcaGenerateRandom();
    }

    @Override // net.netca.pki.global.Pki
    public IGetTimeStamp getGetTimeStampObject() {
        return new NetcaGetTimeStamp();
    }

    @Override // net.netca.pki.global.Pki
    public IHash getHashObject(String str) {
        return new NetcaHash(str);
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataDetachedSign getSignedDataDetachedSignObject(X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof NetcaX509Certificate)) {
            throw new u("unknown cert class");
        }
        initSign();
        return new NetcaSignedDataDetachedSign((NetcaX509Certificate) x509Certificate);
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataDetachedVerify getSignedDataDetachedVerifyObject() {
        return new NetcaSignedDataDetachedVerify();
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataMultiStepSign getSignedDataMultiStepSignObject(X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof NetcaX509Certificate)) {
            throw new u("unknown cert class");
        }
        initSign();
        return new NetcaSignedDataSign((NetcaX509Certificate) x509Certificate);
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataMultiStepVerify getSignedDataMultiStepVerifyObject() {
        return new NetcaSignedDataVerify();
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataSign getSignedDataSignObject(X509Certificate x509Certificate) {
        if (!(x509Certificate instanceof NetcaX509Certificate)) {
            throw new u("unknown cert class");
        }
        initSign();
        return new NetcaSignedDataSign((NetcaX509Certificate) x509Certificate);
    }

    @Override // net.netca.pki.global.Pki
    public ISignedDataVerify getSignedDataVerifyObject() {
        return new NetcaSignedDataVerify();
    }

    @Override // net.netca.pki.global.Pki
    public X509Certificate getUserCert(int i, String str, String str2) {
        if (i == 1 && str == null && this.encCert != null) {
            return new NetcaX509Certificate(this.encCert.getCertificateObject(), this.signAlgoMap, (NetcaDevice) null);
        }
        if (i == 2 && str == null && this.signCert != null) {
            return new NetcaX509Certificate(this.signCert.getCertificateObject(), this.signAlgoMap, (NetcaDevice) null);
        }
        NetcaX509Certificate userCert = NetcaX509Certificate.getUserCert(i, str);
        if (str2 != null) {
            try {
                userCert.getPrivateKey(str2);
            } catch (u e) {
                userCert.free();
                throw e;
            }
        }
        userCert.setSignAlgoMap(this.signAlgoMap);
        return userCert;
    }

    @Override // net.netca.pki.global.Pki
    public IVerifyTimeStamp getVerifyTimeStampObject() {
        return new NetcaVerifyTimeStamp();
    }

    @Override // net.netca.pki.global.Pki
    public void init(String str) {
        JSON decode = JSON.decode(str);
        if (!(decode instanceof JSONObject)) {
            throw new u("bad param,not json object");
        }
        JSONObject jSONObject = (JSONObject) decode;
        JSON value = jSONObject.getValue("includeCertOption");
        if (value != null) {
            if (!(value instanceof JSONNumber)) {
                throw new u("bad json param,includeCertOption not number");
            }
            this.includeCertOption = ((JSONNumber) value).getNumber().intValue();
        }
        this.signAlgoMap = getSignAlgoMap(jSONObject);
        initCertFromKeyStore(jSONObject);
    }

    @Override // net.netca.pki.global.Pki
    public boolean isDetachedSignedData(byte[] bArr, int i, int i2) {
        return SignedData.isDetachedSign(bArr, i, i2);
    }

    @Override // net.netca.pki.global.Pki
    public boolean isKeyInserted() {
        return net.netca.pki.Device.isKeyInserted();
    }

    @Override // net.netca.pki.global.Pki
    public boolean isSignedData(byte[] bArr, int i, int i2) {
        return SignedData.isSign(bArr, i, i2);
    }
}
