package com.citicbank.baselib.crypto.util;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.asn1.pkcs.PKCS12_SM2;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.oiw.ElGamalParameter;
import cfca.sadk.org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import cfca.sadk.org.bouncycastle.asn1.pkcs.CertificationRequest;
import cfca.sadk.org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.GeneralName;
import cfca.sadk.org.bouncycastle.asn1.x509.GeneralNames;
import cfca.sadk.org.bouncycastle.asn1.x509.KeyUsage;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.crypto.digests.SHA1Digest;
import cfca.sadk.org.bouncycastle.pkcs.PKCS10CertificationRequest;
import cfca.sadk.util.CertUtil;
import cfca.sadk.util.KeyUtil;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.sadk.x509.certificate.X509CertGenerator;
import com.citicbank.baselib.crypto.algorithm.SM2;
import com.citicbank.baselib.crypto.algorithm.SM4;
import com.citicbank.baselib.crypto.exception.CertificateUtilException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:com/citicbank/baselib/crypto/util/SM2CrtUtil.class */
public class SM2CrtUtil {
    private static Session session;

    public static byte[] generateSM2PKCS10Request(KeyPair keyPair, String str) throws CertificateUtilException {
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()), (ASN1Set) null);
            return cfca.sadk.util.Base64.encode(new PKCS10CertificationRequest(new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(ASN1ObjectIdentifier.getInstance(Mechanism.ALGOIDMap.get("sm3WithSM2Encryption")), DERNull.INSTANCE), new DERBitString(session.sign(new Mechanism("sm3WithSM2Encryption"), keyPair.getPrivate(), certificationRequestInfo.getEncoded("DER"))))).getEncoded());
        } catch (Exception e) {
            throw new CertificateUtilException("generateSM2PKCS10Request fail", e);
        }
    }

    public static byte[] generateSM2Certificate(String str, String str2, PublicKey publicKey, PrivateKey privateKey, String str3, String str4, Date date, Date date2) throws CertificateUtilException {
        try {
            X509CertGenerator x509CertGenerator = new X509CertGenerator();
            x509CertGenerator.setIssuer(str);
            x509CertGenerator.setSubject(str2);
            x509CertGenerator.setPublicKey(publicKey);
            x509CertGenerator.setSignatureAlg(str3);
            x509CertGenerator.setSerialNumber(str4);
            x509CertGenerator.setNotBefore(date);
            x509CertGenerator.setNotAfter(date2);
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1L), BigInteger.valueOf(2L))), new ASN1Integer(3L));
            x509CertGenerator.addExtension(new Extension(Extension.authorityKeyIdentifier, false, new DEROctetString(createAuthorityKeyId(subjectPublicKeyInfo, new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
            x509CertGenerator.addExtension(new Extension(Extension.subjectKeyIdentifier, false, new DEROctetString(new SubjectKeyIdentifier(getDigest(subjectPublicKeyInfo)))));
            x509CertGenerator.addExtension(new Extension(Extension.keyUsage, true, new KeyUsage(132).getEncoded()));
            byte[] generateX509Cert = x509CertGenerator.generateX509Cert(privateKey, session);
            new X509Cert(generateX509Cert);
            return generateX509Cert;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateUtilException("generateSM2Certificate fail", e);
        }
    }

    private static byte[] getDigest(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        SHA1Digest sHA1Digest = new SHA1Digest();
        byte[] bArr = new byte[sHA1Digest.getDigestSize()];
        byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
        sHA1Digest.update(bytes, 0, bytes.length);
        sHA1Digest.doFinal(bArr, 0);
        return bArr;
    }

    private static AuthorityKeyIdentifier createAuthorityKeyId(SubjectPublicKeyInfo subjectPublicKeyInfo, X500Name x500Name, int i) {
        GeneralName generalName = new GeneralName(x500Name);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generalName);
        return new AuthorityKeyIdentifier(subjectPublicKeyInfo, GeneralNames.getInstance(new DERSequence(aSN1EncodableVector)), BigInteger.valueOf(i));
    }

    public static byte[] saveToSM2PFX(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws CertificateUtilException {
        if (x509Certificate == null) {
            throw new CertificateUtilException("saveToSM2PFX input parameter sm2Crt is null");
        }
        if (privateKey == null) {
            throw new CertificateUtilException("saveToSM2PFX input parameter prvk is null");
        }
        if (str == null) {
            throw new CertificateUtilException("saveToSM2PFX input parameter password is null");
        }
        try {
            if (x509Certificate instanceof com.citicbank.baselib.crypto.protocol.X509Certificate) {
                return PKCS12_SM2.generateSM2Data(((com.citicbank.baselib.crypto.protocol.X509Certificate) x509Certificate).getX509Certificate(), privateKey, str);
            }
            throw new Exception("NOT A  VALID SM2 CERTIFICATE");
        } catch (Exception e) {
            throw new CertificateUtilException("saveToSM2PFX fail", e);
        }
    }

    public static byte[] getCertFromSM2PFX(byte[] bArr, char[] cArr) throws CertificateUtilException {
        try {
            return CertUtil.getCertFromSM2(bArr).getEncoded();
        } catch (Exception e) {
            throw new CertificateUtilException("getCertFromSM2PFX fail", e);
        }
    }

    public static PrivateKey getPrivatekeyFromSM2PFX(byte[] bArr, char[] cArr) throws CertificateUtilException {
        try {
            return KeyUtil.getPrivateKeyFromSM2(bArr, new String(cArr));
        } catch (Exception e) {
            throw new CertificateUtilException("getPrivatekeyFromSM2PFX fail", e);
        }
    }

    public static com.citicbank.baselib.crypto.protocol.X509Certificate generateSM2Certificate(String str) throws CertificateUtilException {
        try {
            return new com.citicbank.baselib.crypto.protocol.X509Certificate(new X509Cert(cfca.sadk.util.Base64.decode(str)));
        } catch (Exception e) {
            throw new CertificateUtilException("generateSM2Certificate fail", e);
        }
    }

    public static com.citicbank.baselib.crypto.protocol.X509Certificate generateSM2Certificate(byte[] bArr) throws CertificateUtilException {
        try {
            return new com.citicbank.baselib.crypto.protocol.X509Certificate(new X509Cert(bArr));
        } catch (Exception e) {
            throw new CertificateUtilException("generateSM2Certificate fail", e);
        }
    }

    public static SM2PrivateKey decryptedSM2PrivateKey(String str, String str2) throws CertificateUtilException {
        try {
            byte[] decode = cfca.sadk.util.Base64.decode(str.getBytes());
            return SM2.generatePrivateKey(str2 == null ? decode : (decode.length == 124 || decode.length == 116) ? CryptUtil.decryptPrivateKey(decode, str2.toCharArray()).getDByBytesWithPublicKey() : SM4.decrypt(decode, CryptUtil.digest(str2.getBytes(), "MD5"), SM4.SM4_CBC_PKCS7Padding, null));
        } catch (Exception e) {
            throw new CertificateUtilException("decryptedSM2PrivateKey fail", e);
        }
    }

    static {
        session = null;
        if (session == null) {
            session = new BCSoftLib();
        }
    }
}
