package cfca.util.api;

import cfca.internal.tool.MechanismUtil;
import cfca.internal.tool.PKCS12;
import cfca.internal.tool.PKCS12_SM2;
import cfca.org.bouncycastle.asn1.ASN1Set;
import cfca.org.bouncycastle.asn1.DERBitString;
import cfca.org.bouncycastle.asn1.pkcs.CertificationRequest;
import cfca.org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.org.bouncycastle.pkcs.PKCS10CertificationRequest;
import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sm2rsa.common.Mechanism;
import cfca.sm2rsa.common.PKIException;
import cfca.system.Debugger;
import cfca.util.Base64;
import cfca.util.KeyUtil;
import cfca.util.cipher.lib.JCrypto;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.security.KeyPair;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/util/api/P12FileKit.class */
public final class P12FileKit {
    private KeyPair keypair;
    static final Logger logger = LoggerFactory.getLogger((Class<?>) P12FileKit.class);
    static volatile Session session = null;

    public final String RSAGeneratep10(String str, int i) throws PKIException {
        try {
            Session session2 = session();
            if (i != 1024 && i != 2048) {
                throw new PKIException("PFX KeyPair Invalid bitLength=" + i);
            }
            this.keypair = KeyUtil.generateRSAKeyPair(new Mechanism("RSA"), i, session2);
            try {
                return new String(generateP10(str, "SHA256withRSAEncryption"));
            } catch (PKIException e) {
                throw new PKIException("PFX P10 Generated PKCS10 failure ", e);
            }
        } catch (PKIException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("RSAGenerateP10<<<<<<Failure", (Throwable) e2);
            }
            throw e2;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("RSAGenerateP10<<<<<<Failure", th);
            }
            throw new PKIException("RSAGenerateP10 Failure", th);
        }
    }

    public final String SM2GenerateP10(String str) throws PKIException {
        try {
            this.keypair = KeyUtil.generateSM2KeyPair(new Mechanism("SM2"), session());
            try {
                return new String(generateP10(str, "SM3withSM2"));
            } catch (PKIException e) {
                throw new PKIException("SM2 P10 Generated PKCS10 failure ", e);
            }
        } catch (PKIException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("SM2GenerateP10<<<<<<Failure", (Throwable) e2);
            }
            throw e2;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("SM2GenerateP10<<<<<<Failure", th);
            }
            throw new PKIException("SM2GenerateP10 Failure", th);
        }
    }

    public KeyPair getKeyPair() {
        return this.keypair;
    }

    public final String RSACombineP12(PrivateKey privateKey, String str, String str2) throws PKIException {
        if (privateKey == null) {
            throw new PKIException("null not allowed for privateKey");
        }
        if (StringHelper.isEmpty(str)) {
            throw new PKIException("null not allowed for base64CertData");
        }
        if (StringHelper.isEmpty(str2)) {
            throw new PKIException("null not allowed for password");
        }
        try {
            try {
                X509Cert x509Cert = new X509Cert(str.getBytes());
                checkKeys(privateKey, x509Cert, "SHA1withRSAEncryption");
                try {
                    return new String(Base64.encode(PKCS12.generatePfxData(x509Cert, privateKey, str2)), "UTF8");
                } catch (Exception e) {
                    throw new PKIException("PFX Combine failure", e);
                }
            } catch (PKIException e2) {
                throw new PKIException("PFX Combine Decoded base64CertData failure", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("RSACombineP12>>>>>>Running");
                stringBuffer.append("\n base64EncryptedKeyData: ");
                stringBuffer.append("\n base64CertData: ");
                stringBuffer.append(Debugger.dump(str));
                logger.error(stringBuffer.toString());
                logger.error("RSACombineP12<<<<<<Failure", (Throwable) e3);
            }
            throw e3;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("RSACombineP12<<<<<<Failure", th);
            }
            throw new PKIException("RSACombineP12 Failure", th);
        }
    }

    public final String SM2CombineP12(PrivateKey privateKey, String str, String str2) throws PKIException {
        if (privateKey == null) {
            throw new PKIException("null not allowed for privateKey");
        }
        if (StringHelper.isEmpty(str)) {
            throw new PKIException("null not allowed for base64CertData");
        }
        if (StringHelper.isEmpty(str2)) {
            throw new PKIException("null not allowed for password");
        }
        try {
            try {
                X509Cert x509Cert = new X509Cert(str.getBytes());
                checkKeys(privateKey, x509Cert, "SM3withSM2");
                try {
                    String str3 = new String(Base64.encode(SM2CombineP12Data(x509Cert, privateKey, str2)), "UTF8");
                    if (logger.isDebugEnabled()) {
                        logger.debug("SM2CombineP12<<<<<<Finished: base64SM2P12Text=" + str3);
                    }
                    return str3;
                } catch (Exception e) {
                    throw new PKIException("SM2 Combine failure", e);
                }
            } catch (PKIException e2) {
                throw new PKIException("SM2 Combine Fatched base64CertData failure", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("SM2CombineP12>>>>>>Running");
                stringBuffer.append("\n base64EncryptedKeyData: ");
                stringBuffer.append("\n base64CertData: ");
                stringBuffer.append(Debugger.dump(str));
                logger.error(stringBuffer.toString());
                logger.error("SM2CombineP12<<<<<<Failure", (Throwable) e3);
            }
            throw e3;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("SM2CombineP12<<<<<<Failure", th);
            }
            throw new PKIException("SM2CombineP12 Failure", th);
        }
    }

    private byte[] SM2CombineP12Data(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        try {
            byte[] CombineSM2Data = PKCS12_SM2.CombineSM2Data(x509Cert, privateKey, str);
            if (logger.isDebugEnabled()) {
                logger.debug("SM2CombineP12Data<<<<<<Finished: binaryP12Data=" + Debugger.dump(CombineSM2Data));
            }
            return CombineSM2Data;
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("SM2CombineP12Data>>>>>>Running");
                stringBuffer.append("\n x509Cert: ");
                stringBuffer.append(Debugger.dump(x509Cert));
                logger.error(stringBuffer.toString());
                logger.error("SM2CombineP12Data<<<<<<Failure", (Throwable) e);
            }
            throw e;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("SM2CombineP12Data<<<<<<Failure", th);
            }
            throw new PKIException("SM2CombineP12Data Failure", th);
        }
    }

    private void checkKeys(PrivateKey privateKey, X509Cert x509Cert, String str) throws PKIException {
        Session session2 = session();
        byte[] bytes = "Testing".getBytes();
        Mechanism mechanism = new Mechanism(str);
        if (!session2.verifySign(mechanism, x509Cert.getPublicKey(), bytes, session2.sign(mechanism, privateKey, bytes))) {
            throw new PKIException("使用的公钥证书和签名者的私钥证书不匹配");
        }
    }

    private final byte[] generateP10(String str, String str2) throws PKIException {
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Name(StringHelper.isEmpty(str) ? "CN=certRequisition,O=CFCA AGENT,C=CN" : str), SubjectPublicKeyInfo.getInstance(this.keypair.getPublic().getEncoded()), (ASN1Set) null);
            return Base64.encode(new PKCS10CertificationRequest(new CertificationRequest(certificationRequestInfo, MechanismUtil.getAlgorithmIdentifier(str2), new DERBitString(session.sign(new Mechanism(str2), this.keypair.getPrivate(), certificationRequestInfo.getEncoded("DER"), true)))).getEncoded());
        } catch (Exception e) {
            throw new PKIException("851712", "申请工具包构建申请文件失败", e);
        }
    }

    private static final Session session() throws PKIException {
        if (session == null) {
            synchronized (Session.class) {
                if (session == null) {
                    try {
                        JCrypto.getInstance().initialize("JSOFT_LIB", null);
                        session = JCrypto.getInstance().openSession("JSOFT_LIB");
                    } catch (PKIException e) {
                        throw new PKIException("Open session failure: " + e.getMessage());
                    }
                }
            }
        }
        return session;
    }
}
