package cn.org.bjca.gaia.assemb.util;

import cn.org.bjca.gaia.asn1.ASN1EncodableVector;
import cn.org.bjca.gaia.asn1.ASN1ObjectIdentifier;
import cn.org.bjca.gaia.asn1.ASN1Primitive;
import cn.org.bjca.gaia.asn1.ASN1Sequence;
import cn.org.bjca.gaia.asn1.ASN1Set;
import cn.org.bjca.gaia.asn1.DERBitString;
import cn.org.bjca.gaia.asn1.DERNull;
import cn.org.bjca.gaia.asn1.DERSet;
import cn.org.bjca.gaia.asn1.DERUTF8String;
import cn.org.bjca.gaia.asn1.gm.GMObjectIdentifiers;
import cn.org.bjca.gaia.asn1.pkcs.Attribute;
import cn.org.bjca.gaia.asn1.pkcs.CertificationRequest;
import cn.org.bjca.gaia.asn1.pkcs.CertificationRequestInfo;
import cn.org.bjca.gaia.asn1.pkcs.PKCSObjectIdentifiers;
import cn.org.bjca.gaia.asn1.x500.X500Name;
import cn.org.bjca.gaia.asn1.x509.AlgorithmIdentifier;
import cn.org.bjca.gaia.asn1.x509.SubjectPublicKeyInfo;
import cn.org.bjca.gaia.asn1.x9.X9ObjectIdentifiers;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.constant.AlgConstant;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.param.AlgPolicy;
import cn.org.bjca.gaia.assemb.param.BjcaKey;
import cn.org.bjca.gaia.assemb.param.SM3Param;
import cn.org.bjca.gaia.util.encoders.Base64;
import java.security.Signature;
import java.util.Map;

/* loaded from: classes.dex */
public class P10Util {
    private GaiaProvider provider;

    public P10Util(GaiaProvider gaiaProvider) {
        this.provider = null;
        this.provider = gaiaProvider;
    }

    public static void checkDN(String str) {
        try {
            new X500Name(str);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.CHECK_DN, ErrorCode.Pkcs10.CHECK_DN_DES, e);
        }
    }

    public static String getP10DN(String str) {
        try {
            return CertificationRequest.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str))).getCertificationRequestInfo().getSubject().toString();
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.PARSE_DN, ErrorCode.Pkcs10.PARSE_DN_DES, e);
        }
    }

    public static BjcaKey getP10PublicKey(String str) {
        try {
            return KeyPairUtil.subjectPubKeyInfo2Key(CertificationRequest.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str))).getCertificationRequestInfo().getSubjectPublicKeyInfo());
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.PARSE_PUBLIC, ErrorCode.Pkcs10.PARSE_PUBLIC_DES, e);
        }
    }

    private String rsaP10Generator(String str, String str2, ASN1Set aSN1Set, BjcaKey bjcaKey, BjcaKey bjcaKey2) {
        String convertSignAlgToHashAlg;
        String str3 = "SHA1WithRSA";
        if (str.equals("SHA1WithRSA") || str.equals("SHA256WithRSA")) {
            str3 = str;
            convertSignAlgToHashAlg = AlgConstant.convertSignAlgToHashAlg(str);
        } else {
            convertSignAlgToHashAlg = "SHA1";
        }
        try {
            CertificationRequestInfo semsRsaP10Generator = semsRsaP10Generator(str2, aSN1Set, bjcaKey);
            byte[] encoded = semsRsaP10Generator.getEncoded("DER");
            byte[] hash = this.provider.hash(new AlgPolicy(convertSignAlgToHashAlg), encoded);
            byte[] signHashedData = this.provider.signHashedData(new AlgPolicy(str3), hash, bjcaKey2);
            ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.sha1WithRSAEncryption;
            if (str3.equals("SHA256WithRSA")) {
                aSN1ObjectIdentifier = PKCSObjectIdentifiers.sha256WithRSAEncryption;
            }
            return new String(Base64.encode(new CertificationRequest(semsRsaP10Generator, new AlgorithmIdentifier(aSN1ObjectIdentifier, DERNull.INSTANCE), new DERBitString(signHashedData)).getEncoded("DER")));
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }

    private CertificationRequestInfo semsRsaP10Generator(String str, ASN1Set aSN1Set, BjcaKey bjcaKey) {
        try {
            return new CertificationRequestInfo(new X500Name(str), SubjectPublicKeyInfo.getInstance((ASN1Sequence) ASN1Primitive.fromByteArray(bjcaKey.getKey())), aSN1Set);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }

    private CertificationRequestInfo semsSm2P10Generator(String str, ASN1Set aSN1Set, BjcaKey bjcaKey) {
        try {
            return new CertificationRequestInfo(new X500Name(str), new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1), bjcaKey.getKey()), aSN1Set);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }

    private String sm2P10Generator(String str, ASN1Set aSN1Set, BjcaKey bjcaKey, BjcaKey bjcaKey2) {
        try {
            CertificationRequestInfo semsSm2P10Generator = semsSm2P10Generator(str, aSN1Set, bjcaKey);
            byte[] encoded = semsSm2P10Generator.getEncoded("DER");
            byte[] hash = this.provider.hash(new AlgPolicy("SM3", new SM3Param(bjcaKey.getKey())), encoded);
            return new String(Base64.encode(new CertificationRequest(semsSm2P10Generator, new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3), new DERBitString(this.provider.signHashedData(new AlgPolicy("SM3WithSM2"), hash, bjcaKey2))).getEncoded("DER")));
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }

    public String generatorP10(String str, String str2, Map map, BjcaKey bjcaKey, BjcaKey bjcaKey2) {
        DERSet dERSet;
        if (!str.equals("RSA") && !str.equals("SHA1WithRSA") && !str.equals("SHA256WithRSA") && !str.equals("SM2")) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, "产生P10失败 不支持的算法类型 alg =" + str);
        }
        if (map == null || map.size() <= 0) {
            dERSet = null;
        } else {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (Map.Entry entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier((String) entry.getKey()), new DERSet(new DERUTF8String((String) entry.getValue()))));
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        if (str.contains("RSA")) {
            return rsaP10Generator(str, str2, dERSet, bjcaKey, bjcaKey2);
        }
        if ("SM2".equals(str)) {
            return sm2P10Generator(str2, dERSet, bjcaKey, bjcaKey2);
        }
        return null;
    }

    public String generatorP10(String str, String str2, Map map, BjcaKey bjcaKey, Signature signature) {
        AlgPolicy algPolicy;
        CertificationRequestInfo semsSm2P10Generator;
        String str3 = "SHA1";
        if (!str.equals("RSA") && !str.equals("SHA1WithRSA") && !str.equals("SHA256WithRSA") && !str.equals("SM2")) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, "产生P10失败 不支持的算法类型 alg =" + str);
        }
        DERSet dERSet = null;
        if (map != null && map.size() > 0) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (Map.Entry entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier((String) entry.getKey()), new DERSet(new DERUTF8String((String) entry.getValue()))));
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        try {
            if (str.contains("RSA")) {
                if (!str.toUpperCase().contains("SHA1")) {
                    str3 = "SHA256";
                }
                algPolicy = new AlgPolicy(str3);
                semsSm2P10Generator = semsRsaP10Generator(str2, dERSet, bjcaKey);
            } else {
                algPolicy = new AlgPolicy("SM3", new SM3Param(bjcaKey.getKey()));
                semsSm2P10Generator = semsSm2P10Generator(str2, dERSet, bjcaKey);
            }
            signature.update(this.provider.hash(algPolicy, semsSm2P10Generator.getEncoded("DER")));
            return Base64.toBase64String(new CertificationRequest(semsSm2P10Generator, AlgConstant.convertAlgorithmIdentifier(str), new DERBitString(signature.sign())).getEncoded("DER"));
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }

    public byte[] semsP10(String str, String str2, Map map, BjcaKey bjcaKey) {
        DERSet dERSet;
        if (!str.equals("RSA") && !str.equals("SHA1WithRSA") && !str.equals("SHA256WithRSA") && !str.equals("SM2")) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, "产生P10失败 不支持的算法类型 alg =" + str);
        }
        CertificationRequestInfo certificationRequestInfo = null;
        if (map == null || map.size() <= 0) {
            dERSet = null;
        } else {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (Map.Entry entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier((String) entry.getKey()), new DERSet(new DERUTF8String((String) entry.getValue()))));
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        try {
            if (str.contains("RSA")) {
                certificationRequestInfo = semsRsaP10Generator(str2, dERSet, bjcaKey);
            } else if ("SM2".equals(str)) {
                certificationRequestInfo = semsSm2P10Generator(str2, dERSet, bjcaKey);
            }
            if (certificationRequestInfo != null) {
                return certificationRequestInfo.getEncoded("DER");
            }
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, "产生P10失败 certReqInfo is null ");
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs10.GEN_P10, ErrorCode.Pkcs10.GEN_P10_DES, e);
        }
    }
}
