package net.netca.pki.impl.netcajni;

import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import net.netca.pki.CertReq;
import net.netca.pki.Certificate;
import net.netca.pki.KeyPair;
import net.netca.pki.d;
import net.netca.pki.encoding.Base64;
import net.netca.pki.encoding.Hex;
import net.netca.pki.global.Device;
import net.netca.pki.global.X509Certificate;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class NetcaDevice extends Device implements Cloneable, d {
    private net.netca.pki.Device device;
    private int pwdType;
    private Map<String, Integer> signAlgoMap;

    public NetcaDevice(net.netca.pki.Device device) {
        try {
            this.device = (net.netca.pki.Device) device.clone();
        } catch (CloneNotSupportedException unused) {
            throw new u("clone device fail");
        }
    }

    NetcaDevice(net.netca.pki.Device device, int i, Map<String, Integer> map) {
        this.device = (net.netca.pki.Device) device.clone();
        this.pwdType = i;
        this.signAlgoMap = map;
    }

    public NetcaDevice(net.netca.pki.Device device, Map<String, Integer> map) {
        try {
            this.device = (net.netca.pki.Device) device.clone();
            this.signAlgoMap = map;
        } catch (CloneNotSupportedException unused) {
            throw new u("clone device fail");
        }
    }

    private void addCert(List<X509Certificate> list, Certificate certificate) {
        if (certificate == null) {
            return;
        }
        list.add(new NetcaX509Certificate(certificate, this.signAlgoMap, this));
    }

    private void addCertInKeyPair(List<X509Certificate> list, KeyPair keyPair) {
        if (keyPair == null) {
            return;
        }
        int certificateCount = keyPair.getCertificateCount();
        for (int i = 0; i < certificateCount; i++) {
            Certificate certificate = keyPair.getCertificate(i);
            try {
                addCert(list, certificate);
            } finally {
                if (certificate != null) {
                    certificate.free();
                }
            }
        }
    }

    private KeyPair createKeyPair(int i, int i2) {
        KeyPair generateECCKeyPair;
        String generateKeyPairLabel = generateKeyPairLabel();
        if (i == 1) {
            generateECCKeyPair = this.device.generateRSAKeyPair(i2, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create rsa keypair fail");
            }
        } else if (i == 2) {
            generateECCKeyPair = this.device.generateECCKeyPair(7, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create sm2 keypair fail");
            }
        } else if (i == 10) {
            generateECCKeyPair = this.device.generateECCKeyPair(2, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create P-224 keypair fail");
            }
        } else if (i == 3) {
            generateECCKeyPair = this.device.generateECCKeyPair(3, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create P-256 keypair fail");
            }
        } else if (i == 4) {
            generateECCKeyPair = this.device.generateECCKeyPair(4, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create P-384 keypair fail");
            }
        } else {
            if (i != 5) {
                throw new u("unsupport create keypair,bad keypair type");
            }
            generateECCKeyPair = this.device.generateECCKeyPair(5, 2, generateKeyPairLabel);
            if (generateECCKeyPair == null) {
                throw new u("create P-521 keypair fail");
            }
        }
        return generateECCKeyPair;
    }

    private boolean deleteCertInKeyPair(KeyPair keyPair, byte[] bArr) {
        if (keyPair == null) {
            return false;
        }
        int certificateCount = keyPair.getCertificateCount();
        for (int i = 0; i < certificateCount; i++) {
            Certificate certificate = keyPair.getCertificate(i);
            if (certificate != null) {
                try {
                    if (Arrays.equals(certificate.derEncode(), bArr)) {
                        if (certificateCount != 1) {
                            throw new u("keypair has too much cert");
                        }
                        if (certificate != null) {
                            certificate.free();
                        }
                        return true;
                    }
                } finally {
                    if (certificate != null) {
                        certificate.free();
                    }
                }
            }
        }
        return false;
    }

    private String generateKeyPairLabel() {
        char[] charArray = Hex.encode(true, this.device.generateRandom(16)).toCharArray();
        return new String(new char[]{charArray[0], charArray[1], charArray[2], charArray[3], charArray[4], charArray[5], charArray[6], charArray[7], '-', charArray[8], charArray[9], charArray[10], charArray[11], '-', charArray[12], charArray[13], charArray[14], charArray[15], '-', charArray[16], charArray[17], charArray[18], charArray[19], '-', charArray[20], charArray[21], charArray[22], charArray[23], charArray[24], charArray[25], charArray[26], charArray[27], charArray[28], charArray[29], charArray[30], charArray[31]});
    }

    private int getEncKeypairType(String str) {
        if (str.equals("3")) {
            return 1;
        }
        if (str.equals("06")) {
            return 2;
        }
        if (str.equalsIgnoreCase("puhua")) {
            return 3;
        }
        if (str.equalsIgnoreCase("gdkm")) {
            return 4;
        }
        return str.equalsIgnoreCase("none") ? 0 : -1;
    }

    private String getKeypairTypeName(int i) {
        if (i == 1) {
            return KeyPropertiesCompact.KEY_ALGORITHM_RSA;
        }
        if (i == 2) {
            return "SM2";
        }
        if (i == 10) {
            return "ECC_P224";
        }
        if (i == 3) {
            return "ECC_P256";
        }
        if (i == 4) {
            return "ECC_P384";
        }
        if (i == 5) {
            return "ECC_P521";
        }
        if (i == 9) {
            return "DSA";
        }
        return null;
    }

    private int getSignatureAlgorithm(int i) {
        int signatureAlgorithm = getSignatureAlgorithm(this.signAlgoMap, i);
        if (signatureAlgorithm != -1) {
            return signatureAlgorithm;
        }
        if (i == 1) {
            return 4;
        }
        if (i == 2) {
            return 25;
        }
        if (i == 10 || i == 3 || i == 4 || i == 5) {
            return 18;
        }
        return i == 9 ? 13 : -1;
    }

    private int getSignatureAlgorithm(Map<String, Integer> map, int i) {
        String keypairTypeName;
        Integer num;
        if (map == null || (keypairTypeName = getKeypairTypeName(i)) == null) {
            return -1;
        }
        for (String str : map.keySet()) {
            if (keypairTypeName.equalsIgnoreCase(str) && (num = map.get(str)) != null) {
                return num.intValue();
            }
        }
        return -1;
    }

    @Override // net.netca.pki.global.Device
    public boolean changePwd(String str, String str2) {
        if (this.device.changePwd(1, str, str2)) {
            return true;
        }
        this.pwdType = 1;
        return false;
    }

    public NetcaDevice clone() {
        return new NetcaDevice(this.device, this.pwdType, this.signAlgoMap);
    }

    @Override // net.netca.pki.global.Device
    public String createCertificationRequest(int i, int i2, String str) {
        CertReq certReq;
        int signatureAlgorithm = getSignatureAlgorithm(i);
        if (signatureAlgorithm == -1) {
            throw new u("bad keypairType:" + i);
        }
        KeyPair createKeyPair = createKeyPair(i, i2);
        CertReq certReq2 = null;
        try {
            certReq = new CertReq();
        } catch (u e) {
            e = e;
        }
        try {
            certReq.setSubject(true, str);
            byte[] sign = certReq.sign(createKeyPair, signatureAlgorithm);
            certReq.free();
            createKeyPair.free();
            return Base64.pemEncode("NEW CERTIFICATE REQUEST", sign);
        } catch (u e2) {
            e = e2;
            certReq2 = certReq;
            if (createKeyPair != null) {
                createKeyPair.delete();
                createKeyPair.free();
            }
            if (certReq2 != null) {
                certReq2.free();
            }
            throw e;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0024, code lost:
    
        r2.delete();
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x0027, code lost:
    
        if (r2 == null) goto L6;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0029, code lost:
    
        r2.free();
     */
    @Override // net.netca.pki.global.Device
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void deleteCert(net.netca.pki.global.X509Certificate r5) {
        /*
            r4 = this;
            byte[] r5 = r5.derEncode()
            net.netca.pki.Device r0 = r4.device
            r0.lock()
            net.netca.pki.Device r0 = r4.device     // Catch: java.lang.Throwable -> L3c
            int r0 = r0.getKeyPairCount()     // Catch: java.lang.Throwable -> L3c
            r1 = 0
        L10:
            if (r1 < r0) goto L18
        L12:
            net.netca.pki.Device r5 = r4.device
            r5.unlock()
            return
        L18:
            net.netca.pki.Device r2 = r4.device     // Catch: java.lang.Throwable -> L3c
            net.netca.pki.KeyPair r2 = r2.getKeyPair(r1)     // Catch: java.lang.Throwable -> L3c
            boolean r3 = r4.deleteCertInKeyPair(r2, r5)     // Catch: java.lang.Throwable -> L35
            if (r3 == 0) goto L2d
            r2.delete()     // Catch: java.lang.Throwable -> L35
            if (r2 == 0) goto L12
            r2.free()     // Catch: java.lang.Throwable -> L3c
            goto L12
        L2d:
            if (r2 == 0) goto L32
            r2.free()     // Catch: java.lang.Throwable -> L3c
        L32:
            int r1 = r1 + 1
            goto L10
        L35:
            r5 = move-exception
            if (r2 == 0) goto L3b
            r2.free()     // Catch: java.lang.Throwable -> L3c
        L3b:
            throw r5     // Catch: java.lang.Throwable -> L3c
        L3c:
            r5 = move-exception
            net.netca.pki.Device r0 = r4.device
            r0.unlock()
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.impl.netcajni.NetcaDevice.deleteCert(net.netca.pki.global.X509Certificate):void");
    }

    @Override // net.netca.pki.d
    public void free() {
        this.device.free();
    }

    @Override // net.netca.pki.global.Device
    public List<X509Certificate> getAllCertificates() {
        ArrayList arrayList = new ArrayList();
        this.device.lock();
        try {
            int keyPairCount = this.device.getKeyPairCount();
            for (int i = 0; i < keyPairCount; i++) {
                KeyPair keyPair = this.device.getKeyPair(i);
                try {
                    addCertInKeyPair(arrayList, keyPair);
                } finally {
                    if (keyPair != null) {
                        keyPair.free();
                    }
                }
            }
            return arrayList;
        } finally {
            this.device.unlock();
        }
    }

    @Override // net.netca.pki.global.Device
    public String getId() {
        int type = this.device.getType();
        return String.valueOf(type) + "#" + this.device.getSerialNumber();
    }

    @Override // net.netca.pki.global.Device
    public int getPwdRetryNumber() {
        return this.device.getPwdRetryNumber(this.pwdType, true);
    }

    @Override // net.netca.pki.global.Device
    public void installCert(X509Certificate x509Certificate) {
        this.device.installCert(x509Certificate.derEncode());
    }

    @Override // net.netca.pki.global.Device
    public void installCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str, byte[] bArr) {
        int encKeypairType = getEncKeypairType(str);
        if (encKeypairType != -1) {
            this.device.installCert(x509Certificate != null ? x509Certificate.derEncode() : null, x509Certificate2 != null ? x509Certificate2.derEncode() : null, encKeypairType, bArr);
        } else {
            throw new u("bad encKeypairType " + str);
        }
    }

    @Override // net.netca.pki.global.Device
    public void installEncCert(X509Certificate x509Certificate, String str, byte[] bArr) {
        int encKeypairType = getEncKeypairType(str);
        if (encKeypairType != -1) {
            this.device.installEncCert(x509Certificate != null ? x509Certificate.derEncode() : null, encKeypairType, bArr);
        } else {
            throw new u("bad encKeypairType " + str);
        }
    }

    @Override // net.netca.pki.global.Device
    public boolean unlockPwd(String str, String str2) {
        if (this.device.unlockPwd(1, str, str2)) {
            return true;
        }
        this.pwdType = 2;
        return false;
    }

    @Override // net.netca.pki.global.Device
    public boolean verifyPwd(String str) {
        if (this.device.verifyPwd(1, str)) {
            return true;
        }
        this.pwdType = 1;
        return false;
    }
}
