package cn.com.jit.ida.util.pki.keystore;

import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.JKeyPair;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.param.GenKeyAttribute;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.pkcs.P7B;
import cn.com.jit.ida.util.pki.pkcs.PKCS10;
import cn.com.jit.ida.util.pki.pkcs.PKCS12;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.KeyUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class KeyStoreManager {
    public static final String TRUST_CERT_ID = "trustcertid";
    public static final String tmpCertStr = "MIIC5DCCAk2gAwIBAgIQa6gl/TivVSqXP8dPnZucXDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDTjEMMAoGA1UEChMDSklUMRcwFQYDVQQLEw53d3cuaml0LmNvbS5jbjEPMA0GA1UEAxMGSklUIENBMB4XDTA1MDgxOTA4MTgxOFoXDTI1MDgxNDA4MTgxOFowRTELMAkGA1UEBhMCQ04xDDAKBgNVBAoTA0pJVDEXMBUGA1UECxMOd3d3LmppdC5jb20uY24xDzANBgNVBAMTBkpJVCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApoZCiaMfa8RFFVKZrUP+9QWHNk8c/clRiJIKl2WrUYYnUrL4KVYt7rA8NJdUAA63OM6w4Bd6uVuudGz949p3AkjiY0tOQNMsdsQfZoCdCykvsOazzboY2zTSAzwFZUt33+4nCCsxrxLbqvVSVwuN2x9+VKa327u8+hbYXOq+/JkCAwEAAaOB1DCB0TAfBgNVHSMEGDAWgBTPVrW0/9er9lukYtIum4uhHyzQBzAMBgNVHRMEBTADAQH/MHQGA1UdHwRtMGswQKA+oDykOjA4MQswCQYDVQQGEwJDTjEMMAoGA1UEChMDSklUMQwwCgYDVQQLEwNDUkwxDTALBgNVBAMTBENSTDEwJ6AloCOGIWh0dHA6Ly9qaXRjcmwuaml0LmNvbS5jbi9jcmwxLmNybDALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFM9WtbT/16v2W6Ri0i6bi6EfLNAHMA0GCSqGSIb3DQEBBQUAA4GBAH3FBD56Hebdyp1dh85vOmbxF/AVckS5aXUSkGlKzXJDOIGtr3mPb0r4m6NSJowDwrYpT+RcezFDacg9o+uLuU/q/9LaI4qmFVP1xISx+LG0liUDNoiySMa4TbV45RpkNOxUasLmhlx6oWXRMxTKuiv357yf0M6zGCuiseqNv6P3";
    private String sType = KeyUtil.KEY_STORE;

    private Certificate convert2JavaCert(X509Cert x509Cert) {
        return CertificateFactory.getInstance(KeyUtil.X509, "BC").generateCertificate(new ByteArrayInputStream(x509Cert.getEncoded()));
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x016c  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x0181  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x00f4  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String genP10Request(java.lang.String r14, int r15, java.lang.String r16, java.lang.String r17, java.lang.String r18, java.lang.String r19, int r20) {
        /*
            Method dump skipped, instructions count: 416
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.com.jit.ida.util.pki.keystore.KeyStoreManager.genP10Request(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String, java.lang.String, int):java.lang.String");
    }

    private String genP10Request4Update(String str, int i, String str2, String str3, String str4, int i2, String str5) {
        Mechanism mechanism;
        String str6;
        Session openSession = openSession(str);
        if (str4.equalsIgnoreCase("RSA")) {
            mechanism = new Mechanism("RSA");
            str6 = "SHA1withRSAEncryption";
        } else if (str4.equalsIgnoreCase(Mechanism.DSA)) {
            mechanism = new Mechanism(Mechanism.DSA);
            str6 = "SHA1withDSA";
        } else if (str4.equalsIgnoreCase("SM2")) {
            mechanism = new Mechanism("SM2");
            str6 = "SM3withSM2Encryption";
        } else {
            mechanism = new Mechanism(Mechanism.ECDSA);
            str6 = "SHA1withECDSA";
        }
        String str7 = str6;
        if (str.equalsIgnoreCase(JCrypto.JSJY05B_LIB)) {
            GenKeyAttribute genKeyAttribute = new GenKeyAttribute();
            genKeyAttribute.setKeyNum(i);
            genKeyAttribute.setIsExport(false);
            mechanism.setParam(genKeyAttribute);
        }
        JKeyPair generateKeyPair = openSession.generateKeyPair(mechanism, i2);
        JKey publicKey = generateKeyPair.getPublicKey();
        JKey privateKey = generateKeyPair.getPrivateKey();
        byte[] generateCertificationRequestData_B64 = new PKCS10(openSession).generateCertificationRequestData_B64(str7, str5, publicKey, null, privateKey);
        File file = new File(str2);
        if (!file.getParentFile().exists()) {
            throw new Exception("keyStore file [" + str2 + "] doesn't exists. please select a correct keyStore file to execute update.");
        }
        KeyStore openKeyStore = openKeyStore(str2, str3);
        Enumeration<String> aliases = openKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (openKeyStore.isKeyEntry(nextElement)) {
                openKeyStore.deleteEntry(nextElement);
            }
        }
        if (str.equalsIgnoreCase(JCrypto.JSOFT_LIB)) {
            PrivateKey convertPrivateKey = Parser.convertPrivateKey(privateKey);
            CertificateFactory certificateFactory = CertificateFactory.getInstance(KeyUtil.X509);
            byte[] decode = Base64.decode("MIIC5DCCAk2gAwIBAgIQa6gl/TivVSqXP8dPnZucXDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDTjEMMAoGA1UEChMDSklUMRcwFQYDVQQLEw53d3cuaml0LmNvbS5jbjEPMA0GA1UEAxMGSklUIENBMB4XDTA1MDgxOTA4MTgxOFoXDTI1MDgxNDA4MTgxOFowRTELMAkGA1UEBhMCQ04xDDAKBgNVBAoTA0pJVDEXMBUGA1UECxMOd3d3LmppdC5jb20uY24xDzANBgNVBAMTBkpJVCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApoZCiaMfa8RFFVKZrUP+9QWHNk8c/clRiJIKl2WrUYYnUrL4KVYt7rA8NJdUAA63OM6w4Bd6uVuudGz949p3AkjiY0tOQNMsdsQfZoCdCykvsOazzboY2zTSAzwFZUt33+4nCCsxrxLbqvVSVwuN2x9+VKa327u8+hbYXOq+/JkCAwEAAaOB1DCB0TAfBgNVHSMEGDAWgBTPVrW0/9er9lukYtIum4uhHyzQBzAMBgNVHRMEBTADAQH/MHQGA1UdHwRtMGswQKA+oDykOjA4MQswCQYDVQQGEwJDTjEMMAoGA1UEChMDSklUMQwwCgYDVQQLEwNDUkwxDTALBgNVBAMTBENSTDEwJ6AloCOGIWh0dHA6Ly9qaXRjcmwuaml0LmNvbS5jbi9jcmwxLmNybDALBgNVHQ8EBAMCAf4wHQYDVR0OBBYEFM9WtbT/16v2W6Ri0i6bi6EfLNAHMA0GCSqGSIb3DQEBBQUAA4GBAH3FBD56Hebdyp1dh85vOmbxF/AVckS5aXUSkGlKzXJDOIGtr3mPb0r4m6NSJowDwrYpT+RcezFDacg9o+uLuU/q/9LaI4qmFVP1xISx+LG0liUDNoiySMa4TbV45RpkNOxUasLmhlx6oWXRMxTKuiv357yf0M6zGCuiseqNv6P3".getBytes());
            openKeyStore.setKeyEntry(getAlias(new X509Cert(decode)), convertPrivateKey, str3.toCharArray(), new Certificate[]{certificateFactory.generateCertificate(new ByteArrayInputStream(decode))});
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        openKeyStore.store(fileOutputStream, str3.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
        return new String(generateCertificationRequestData_B64);
    }

    private KeyStore openKeyStore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance(this.sType);
        File file = new File(str);
        if (!file.getParentFile().exists()) {
            file.getParentFile().mkdirs();
        }
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
        } else {
            file.createNewFile();
            keyStore.load(null, null);
        }
        return keyStore;
    }

    private Session openSession(String str) {
        JCrypto jCrypto = JCrypto.getInstance();
        jCrypto.initialize(str, null);
        return jCrypto.openSession(str);
    }

    private void setKeyCertWithPfx(String str, String str2, JKey jKey, X509Cert[] x509CertArr) {
        X509Cert x509Cert;
        X509Cert[] x509CertArr2 = null;
        if (x509CertArr == null) {
            x509Cert = null;
        } else if (x509CertArr.length >= 2) {
            X509Cert[] x509CertArr3 = new X509Cert[x509CertArr.length - 1];
            Session openSession = openSession(JCrypto.JSOFT_LIB);
            X509Cert x509Cert2 = null;
            int i = 0;
            for (int i2 = 0; i2 < x509CertArr.length; i2++) {
                JKey publicKey = x509CertArr[i2].getPublicKey();
                Mechanism mechanism = publicKey.getKeyType().equals("RSA_Public") ? new Mechanism("SHA1withRSAEncryption") : new Mechanism("SHA1withECDSA");
                byte[] bytes = "JIT".getBytes();
                if (openSession.verifySign(mechanism, publicKey, bytes, openSession.sign(mechanism, jKey, bytes))) {
                    x509Cert2 = x509CertArr[i2];
                } else {
                    x509CertArr3[i] = x509CertArr[i2];
                    i++;
                }
            }
            x509CertArr2 = x509CertArr3;
            x509Cert = x509Cert2;
        } else {
            x509Cert = x509CertArr[0];
        }
        KeyStore openKeyStore = openKeyStore(str, str2);
        Enumeration<String> aliases = openKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            openKeyStore.deleteEntry(aliases.nextElement());
        }
        x509Cert.getSubject().toLowerCase();
        openKeyStore.setKeyEntry(getAlias(x509Cert), Parser.convertPrivateKey(jKey), str2.toCharArray(), new Certificate[]{convert2JavaCert(x509Cert)});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        openKeyStore.store(fileOutputStream, str2.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
        if (x509CertArr2 != null) {
            setTrustCerts(str, str2, x509CertArr2);
        }
    }

    public Enumeration alias(String str, String str2) {
        return openKeyStore(str, str2).aliases();
    }

    public void changePassword(String str, String str2, String str3) {
        KeyStore keyStore;
        KeyStore keyStore2 = KeyStore.getInstance(this.sType);
        if (new File(str).exists()) {
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore2.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            if (keyStore2.size() != 0) {
                keyStore = KeyStore.getInstance(this.sType);
                keyStore.load(null, null);
            } else {
                keyStore = null;
            }
            Enumeration<String> aliases = keyStore2.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore2.isKeyEntry(nextElement)) {
                    keyStore.setKeyEntry(nextElement, keyStore2.getKey(nextElement, str2.toCharArray()), str3.toCharArray(), keyStore2.getCertificateChain(nextElement));
                } else if (keyStore2.isCertificateEntry(nextElement)) {
                    keyStore.setCertificateEntry(nextElement, keyStore2.getCertificate(nextElement));
                }
            }
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            keyStore.store(fileOutputStream, str3.toCharArray());
            fileOutputStream.flush();
            fileOutputStream.close();
        }
    }

    public void genKeyStoreWithPfx(String str, String str2, InputStream inputStream, char[] cArr) {
        openSession(JCrypto.JSOFT_LIB);
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.load(inputStream);
        pkcs12.decrypt(cArr);
        setKeyCertWithPfx(str, str2, pkcs12.getPrivateKey(), pkcs12.getCerts());
    }

    public void genKeyStoreWithPfx(String str, String str2, String str3, char[] cArr) {
        openSession(JCrypto.JSOFT_LIB);
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.load(str3);
        pkcs12.decrypt(cArr);
        setKeyCertWithPfx(str, str2, pkcs12.getPrivateKey(), pkcs12.getCerts());
    }

    public void genKeyStoreWithPfx(String str, String str2, byte[] bArr, char[] cArr) {
        openSession(JCrypto.JSOFT_LIB);
        PKCS12 pkcs12 = new PKCS12();
        pkcs12.load(bArr);
        pkcs12.decrypt(cArr);
        setKeyCertWithPfx(str, str2, pkcs12.getPrivateKey(), pkcs12.getCerts());
    }

    public String genP10Request4UpdateWithHardLib(int i, String str, String str2, String str3, String str4, int i2) {
        return genP10Request4Update(JCrypto.JSJY05B_LIB, i, str, str2, str4, i2, str3);
    }

    public String genP10Request4UpdateWithSoftLib(String str, String str2, String str3, String str4, int i) {
        return genP10Request4Update(JCrypto.JSOFT_LIB, 0, str, str2, str4, i, str3);
    }

    public String genP10RequestWithHardLib(int i, String str, String str2, String str3, String str4, int i2) {
        return genP10Request(JCrypto.JSJY05B_LIB, i, str, str2, str3, str4, i2);
    }

    public String genP10RequestWithSoftLib(String str, String str2, String str3, String str4, int i) {
        return genP10Request(JCrypto.JSOFT_LIB, 0, str, str2, str3, str4, i);
    }

    public String getAlias(X509Cert x509Cert) {
        return getAlias(x509Cert.getPublicKey());
    }

    public String getAlias(JKey jKey) {
        return new String(Base64.encode(openSession(JCrypto.JSOFT_LIB).digest(new Mechanism("MD5"), jKey.getKey())));
    }

    public X509Cert getCertEntry(String str, String str2, String str3) {
        Certificate certificate = openKeyStore(str, str2).getCertificate(str3.toLowerCase());
        if (certificate != null) {
            return new X509Cert(certificate.getEncoded());
        }
        return null;
    }

    public KeyEntry getKeyEntry(String str, String str2) {
        KeyEntry keyEntry = new KeyEntry();
        KeyStore openKeyStore = openKeyStore(str, str2);
        Enumeration<String> aliases = openKeyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (openKeyStore.isKeyEntry(nextElement)) {
                Key key = openKeyStore.getKey(nextElement, str2.toCharArray());
                JKey jKey = AlgorithmIdentifier.getInstance(((ASN1Sequence) Parser.writeBytes2DERObj(key.getEncoded())).getObjectAt(1)).getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) ? new JKey(JKey.RSA_PRV_KEY, key.getEncoded()) : new JKey(JKey.ECDSA_PRV_KEY, key.getEncoded());
                X509Cert x509Cert = new X509Cert(openKeyStore.getCertificate(nextElement).getEncoded());
                keyEntry.setAilas(nextElement);
                keyEntry.setCert(x509Cert);
                keyEntry.setKey(jKey);
            }
        }
        return keyEntry;
    }

    public void setKeyCertWithHardLib(int i, String str, String str2, X509Cert x509Cert) {
        Session openSession = openSession(JCrypto.JSJY05B_LIB);
        GenKeyAttribute genKeyAttribute = new GenKeyAttribute();
        genKeyAttribute.setKeyNum(i);
        genKeyAttribute.setIsExport(false);
        JKey publicKey = x509Cert.getPublicKey();
        Mechanism mechanism = publicKey.getKeyType().equals("RSA_Public") ? new Mechanism("RSA") : new Mechanism(Mechanism.ECDSA);
        mechanism.setParam(genKeyAttribute);
        if (!Arrays.equals(openSession.generateKeyPair(mechanism, 1024).getPublicKey().getKey(), publicKey.getKey())) {
            throw new Exception("verify certificate public key failure.");
        }
        openSession.destroyCertObject(null, openSession.getCfgTag().getNoExportRSAKey(i).getBytes());
        openSession.createCertObject(x509Cert.getSubject().getBytes(), x509Cert.getEncoded(), openSession.getCfgTag().getNoExportRSAKey(i).getBytes());
        setTrustCert(str, str2, x509Cert);
    }

    public void setKeyCertWithHardLib(int i, String str, String str2, X509Cert x509Cert, String str3) {
        Session openSession = JCrypto.getInstance().openSession(JCrypto.JSJY05B_LIB, str3);
        GenKeyAttribute genKeyAttribute = new GenKeyAttribute();
        genKeyAttribute.setKeyNum(i);
        genKeyAttribute.setIsExport(false);
        JKey publicKey = x509Cert.getPublicKey();
        Mechanism mechanism = publicKey.getKeyType().equals("RSA_Public") ? new Mechanism("RSA") : new Mechanism(Mechanism.ECDSA);
        mechanism.setParam(genKeyAttribute);
        if (!Arrays.equals(openSession.generateKeyPair(mechanism, 1024).getPublicKey().getKey(), publicKey.getKey())) {
            throw new Exception("verify certificate public key failure.");
        }
        openSession.destroyCertObject(null, openSession.getCfgTag().getNoExportRSAKey(i).getBytes());
        openSession.createCertObject(x509Cert.getSubject().getBytes(), x509Cert.getEncoded(), openSession.getCfgTag().getNoExportRSAKey(i).getBytes());
        setTrustCert(str, str2, x509Cert);
    }

    public void setKeyCertWithSoftLib(String str, String str2, X509Cert x509Cert) {
        KeyStore openKeyStore = openKeyStore(str, str2);
        String alias = getAlias(x509Cert);
        Key key = openKeyStore.getKey(alias, str2.toCharArray());
        if (key == null) {
            throw new Exception("KeyStore doesn't contain key enry named [" + alias + StrUtil.BRACKET_END);
        }
        JKey jKey = new JKey(JKey.RSA_PRV_KEY, key.getEncoded());
        JKey publicKey = x509Cert.getPublicKey();
        Mechanism mechanism = publicKey.getKeyType().equals("RSA_Public") ? new Mechanism("SHA1withRSAEncryption") : publicKey.getKeyType().equals("SM2_Public") ? new Mechanism("SM3withSM2Encryption") : new Mechanism("SHA1withECDSA");
        byte[] bytes = "JIT".getBytes();
        Session openSession = openSession(JCrypto.JSOFT_LIB);
        if (!openSession.verifySign(mechanism, publicKey, bytes, openSession.sign(mechanism, jKey, bytes))) {
            throw new Exception("verify certificate public key failure.");
        }
        openKeyStore.deleteEntry(alias);
        openKeyStore.setKeyEntry(alias, key, str2.toCharArray(), new Certificate[]{convert2JavaCert(x509Cert)});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        openKeyStore.store(fileOutputStream, str2.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    public void setStoreType(String str) {
        this.sType = str;
    }

    public void setTrustCert(String str, String str2, X509Cert x509Cert) {
        KeyStore openKeyStore = openKeyStore(str, str2);
        String alias = getAlias(x509Cert);
        if (openKeyStore.containsAlias(alias)) {
            openKeyStore.deleteEntry(alias);
        }
        openKeyStore.setCertificateEntry(alias, convert2JavaCert(x509Cert));
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        openKeyStore.store(fileOutputStream, str2.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    public void setTrustCertWithP7B(String str, String str2, String str3) {
        setTrustCerts(str, str2, new P7B().parseP7b(str3));
    }

    public void setTrustCertWithP7B(String str, String str2, byte[] bArr) {
        setTrustCerts(str, str2, new P7B().parseP7b(bArr));
    }

    public void setTrustCerts(String str, String str2, X509Cert[] x509CertArr) {
        KeyStore openKeyStore = openKeyStore(str, str2);
        for (int i = 0; i < x509CertArr.length; i++) {
            String alias = getAlias(x509CertArr[i]);
            if (openKeyStore.containsAlias(alias)) {
                openKeyStore.deleteEntry(alias);
            }
            openKeyStore.setCertificateEntry(alias, convert2JavaCert(x509CertArr[i]));
        }
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        openKeyStore.store(fileOutputStream, str2.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
    }
}
