package cn.tdchain.tdmsp.util;

import cn.tdchain.tdmsp.ca.config.KeyStoreParam;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERGeneralString;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:cn/tdchain/tdmsp/util/PkiUtil.class */
public final class PkiUtil {
    private PkiUtil() {
    }

    public static KeyPair generateRsaKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PkiConstant.RSA, "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateSm2KeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PkiConstant.EC, "BC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) new ECNamedCurveGenParameterSpec(PkiConstant.SM2P256V1), new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateEccKeyPair() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PkiConstant.ECDSA, "BC");
        keyPairGenerator.initialize(new ECGenParameterSpec(PkiConstant.SECP256K1), SecureRandomUtils.secureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateEcEncryptKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PkiConstant.EC, "BC");
        keyPairGenerator.initialize((AlgorithmParameterSpec) ECNamedCurveTable.getParameterSpec(PkiConstant.SECP256K1));
        return keyPairGenerator.generateKeyPair();
    }

    public static X500Name getNameBuilder(String str, String str2, String str3) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        x500NameBuilder.addRDN(BCStyle.O, str2);
        x500NameBuilder.addRDN(BCStyle.C, str3);
        return x500NameBuilder.build();
    }

    public static X500Name getOuNameBuilder(String str, String str2, String str3) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        x500NameBuilder.addRDN(BCStyle.OU, str2);
        x500NameBuilder.addRDN(BCStyle.C, str3);
        return x500NameBuilder.build();
    }

    public static byte[] getRootEncodedHolder(SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name, int i, X500Name x500Name2, PrivateKey privateKey, String str) throws Exception {
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, i);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, valueOf, time, calendar.getTime(), x500Name2, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true).getEncoded());
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(166).getEncoded());
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createSubjectKeyIdentifier(subjectPublicKeyInfo));
        return x509v3CertificateBuilder.build(getSigner(privateKey, str)).getEncoded();
    }

    public static byte[] getEncodedHolder(SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name, int i, X500Name x500Name2, PrivateKey privateKey, String str, PublicKey publicKey) throws Exception {
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, i);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, valueOf, time, calendar.getTime(), x500Name2, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false).getEncoded());
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(144).getEncoded());
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())));
        return x509v3CertificateBuilder.build(getSigner(privateKey, str)).getEncoded();
    }

    public static PKCS10CertificationRequest generateEnrollRequest(KeyPair keyPair, String str, String str2, String str3, String str4) throws Exception {
        return new JcaPKCS10CertificationRequestBuilder(getNameBuilder(str2, str3, str4), keyPair.getPublic()).build(getSigner(keyPair.getPrivate(), str));
    }

    public static PKCS10CertificationRequest generateEccEncryptEnrollCARequest(KeyPair keyPair, String str, String str2, String str3) throws Exception {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        x500NameBuilder.addRDN(BCStyle.O, str2);
        x500NameBuilder.addRDN(BCStyle.C, str3);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500NameBuilder.build(), keyPair.getPublic());
        jcaPKCS10CertificationRequestBuilder.addAttribute(new ASN1ObjectIdentifier("1.2.840.10045.2.1"), new DERGeneralString(PkiConstant.EC));
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(PkiConstant.ALGORITHM_ECC).build(keyPair.getPrivate()));
    }

    public static ContentSigner getSigner(PrivateKey privateKey, String str) throws OperatorCreationException {
        return new JcaContentSignerBuilder(str).setProvider("BC").build(privateKey);
    }

    public static void saveToKeystore(KeyStoreParam keyStoreParam, PrivateKey privateKey, String str) throws Exception {
        KeyStore keyStore = PkiConstant.PKCS12.equals(str) ? KeyStore.getInstance(PkiConstant.PKCS12, "BC") : KeyStore.getInstance(PkiConstant.JCEKS);
        keyStore.load(null, null);
        X509Certificate[] chain = keyStoreParam.getChain();
        keyStore.setCertificateEntry(keyStoreParam.getCertAlias(), chain[0]);
        if (chain.length > 1 && null != keyStoreParam.getRootAlias()) {
            keyStore.setCertificateEntry(keyStoreParam.getRootAlias(), chain[1]);
        }
        keyStore.setKeyEntry(keyStoreParam.getPrivateKeyAlias(), privateKey, keyStoreParam.getPrivateKeyPassword().toCharArray(), chain);
        File file = new File(keyStoreParam.getPath());
        if (!file.exists()) {
            file.mkdirs();
        }
        File file2 = new File(keyStoreParam.getKsFilePath());
        if (file2.exists()) {
            return;
        }
        file2.createNewFile();
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        Throwable th = null;
        try {
            keyStore.store(fileOutputStream, keyStoreParam.getKsPassword().toCharArray());
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            if (chain.length == 1) {
                saveCertToFile(keyStoreParam.getPath() + "rootCert.cer", chain[0]);
            }
            if (chain.length > 1) {
                saveCertToFile(keyStoreParam.getPath() + "ouCert.cer", chain[0]);
                saveCertToFile(keyStoreParam.getPath() + "rootCert.cer", chain[1]);
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public static KeyStore getKeyStore(String str, String str2, String str3) throws Exception {
        if (!new File(str).exists()) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = PkiConstant.JCEKS.equals(str3) ? KeyStore.getInstance(str3) : KeyStore.getInstance(str3, "BC");
                keyStore.load(fileInputStream, str2.toCharArray());
                KeyStore keyStore2 = keyStore;
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyStore2;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static void saveCertToFile(String str, X509Certificate x509Certificate) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(str));
            fileOutputStream.write(x509Certificate.getEncoded());
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static X509Certificate getCertFromCer(String str) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance(PkiConstant.X509, "BC").generateCertificate(new ByteArrayInputStream(IOUtils.getBytes(str)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return x509Certificate;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
