package cn.tdchain.tdmsp.ca.root;

import cn.tdchain.tdmsp.ca.config.SystemConfig;
import cn.tdchain.tdmsp.util.PkiConstant;
import cn.tdchain.tdmsp.util.PkiUtil;
import java.io.ByteArrayInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

/* loaded from: input_file:cn/tdchain/tdmsp/ca/root/RsaCertificate.class */
public class RsaCertificate {
    public void creatRootCA(String str, String str2) {
        createRoot(str, str2);
    }

    public void creatOuCert(SystemConfig systemConfig) {
        creatOrganizationCert(systemConfig);
    }

    public void creatOuCert(SystemConfig systemConfig, KeyStore keyStore) {
        creatOrganizationCert(systemConfig, keyStore);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createRoot(String str, String str2) {
        SystemConfig systemConfig = new SystemConfig(str, str2);
        String[] split = systemConfig.getIssuerdn().split("@");
        X500Name nameBuilder = PkiUtil.getNameBuilder(split[0], split[1], split[2]);
        try {
            KeyPair generateKeyPair = generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            systemConfig.setChain(new X509Certificate[]{(X509Certificate) CertificateFactory.getInstance(PkiConstant.X509, "BC").generateCertificate(new ByteArrayInputStream(PkiUtil.getRootEncodedHolder(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), nameBuilder, Integer.valueOf(systemConfig.getValidTime()).intValue(), nameBuilder, privateKey, getAlgorithm())))});
            PkiUtil.saveRootToKeystore(systemConfig, privateKey, PkiConstant.PKCS12);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void creatOrganizationCert(SystemConfig systemConfig) {
        try {
            KeyPair generateKeyPair = generateKeyPair();
            KeyStore rootCaStore = getRootCaStore(systemConfig);
            X509Certificate x509Certificate = (X509Certificate) rootCaStore.getCertificate(systemConfig.getRootAlias());
            systemConfig.setChain(new X509Certificate[]{(X509Certificate) CertificateFactory.getInstance(PkiConstant.X509, "BC").generateCertificate(new ByteArrayInputStream(PkiUtil.getEncodedHolder(SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()), new X500Name(x509Certificate.getIssuerX500Principal().getName()), systemConfig.getValidTime(), PkiUtil.getOuNameBuilder(systemConfig.getCommonName(), systemConfig.getOrganizationUnit(), systemConfig.getCountry()), (PrivateKey) rootCaStore.getKey(systemConfig.getRootAlias(), systemConfig.getRootPassword().toCharArray()), getAlgorithm(), x509Certificate.getPublicKey()))), x509Certificate});
            PkiUtil.saveCertToKeystore(systemConfig, generateKeyPair.getPrivate(), PkiConstant.PKCS12);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void creatOrganizationCert(SystemConfig systemConfig, KeyStore keyStore) {
        try {
            KeyPair generateKeyPair = generateKeyPair();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(systemConfig.getRootAlias());
            systemConfig.setChain(new X509Certificate[]{(X509Certificate) CertificateFactory.getInstance(PkiConstant.X509, "BC").generateCertificate(new ByteArrayInputStream(PkiUtil.getEncodedHolder(SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()), new X500Name(x509Certificate.getIssuerX500Principal().getName()), systemConfig.getValidTime(), PkiUtil.getOuNameBuilder(systemConfig.getCommonName(), systemConfig.getOrganizationUnit(), systemConfig.getCountry()), (PrivateKey) keyStore.getKey(systemConfig.getRootAlias(), systemConfig.getRootPassword().toCharArray()), getAlgorithm(), x509Certificate.getPublicKey()))), x509Certificate});
            PkiUtil.saveCertToKeystore(systemConfig, generateKeyPair.getPrivate(), PkiConstant.PKCS12);
        } catch (Exception e) {
        }
    }

    protected String getAlgorithm() {
        return PkiConstant.ALGORITHM_RSA;
    }

    protected KeyPair generateKeyPair() throws Exception {
        return PkiUtil.generateRsaKeyPair();
    }

    private KeyStore getRootCaStore(SystemConfig systemConfig) {
        try {
            return PkiUtil.getKeyStore(systemConfig.getRootKsPath() + systemConfig.getRootKsFileName(), systemConfig.getRootPassword(), PkiConstant.PKCS12);
        } catch (Exception e) {
            return null;
        }
    }
}
