package com.icbc.hsm.software.cert;

import com.icbc.api.request.InvestmentFundoutsourceIncomestatementqueryRequestV1;
import com.icbc.bcpkix.org.bouncycastle.cert.X509CertificateHolder;
import com.icbc.bcpkix.org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
import com.icbc.bcpkix.org.bouncycastle.openssl.PEMParser;
import com.icbc.bcpkix.org.bouncycastle.operator.ContentSigner;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.bc.BcContentSignerBuilder;
import com.icbc.bcpkix.org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import com.icbc.bcpkix.org.bouncycastle.pkcs.bc.BcPKCS10CertificationRequestBuilder;
import com.icbc.bcprov.org.bouncycastle.asn1.ASN1Encodable;
import com.icbc.bcprov.org.bouncycastle.asn1.ASN1Primitive;
import com.icbc.bcprov.org.bouncycastle.asn1.gm.GMNamedCurves;
import com.icbc.bcprov.org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import com.icbc.bcprov.org.bouncycastle.asn1.pkcs.RSAPublicKey;
import com.icbc.bcprov.org.bouncycastle.asn1.x500.X500Name;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.BasicConstraints;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.KeyUsage;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.X509Extensions;
import com.icbc.bcprov.org.bouncycastle.asn1.x9.X9ECParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECDomainParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.RSAKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import com.icbc.bcprov.org.bouncycastle.math.ec.ECCurve;
import com.icbc.bcprov.org.bouncycastle.util.encoders.Hex;
import com.icbc.bcprov.org.bouncycastle.util.io.pem.PemObject;
import com.icbc.bcprov.org.bouncycastle.util.io.pem.PemWriter;
import com.icbc.hsm.software.basic.HsmKeyParameter;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.exception.ParmErrorException;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.software.parms.icbc.IcbcAsymmetricKeyParameter;
import com.icbc.hsm.software.parms.icbc.TempKeyBuilder;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.cert.CertificateEncodingException;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/cert/IcbcCertificateHelper.class */
public class IcbcCertificateHelper {
    public static String generateCertificate(X500Name x500Name, BigInteger bigInteger, Date date, Date date2, X500Name x500Name2, IcbcAsymmetricKeyParameter icbcAsymmetricKeyParameter, IcbcAsymmetricKeyParameter icbcAsymmetricKeyParameter2, String str) throws Exception {
        AsymmetricKeyParameter asymmetricKeyParameter = (AsymmetricKeyParameter) icbcAsymmetricKeyParameter.getBCkey();
        AsymmetricKeyParameter asymmetricKeyParameter2 = (AsymmetricKeyParameter) icbcAsymmetricKeyParameter2.getBCkey();
        String keyType = icbcAsymmetricKeyParameter2.getKeyType();
        BcContentSignerBuilder bcContentSignerBuilder = null;
        if (keyType == null) {
            throw new Exception("signatureAlgorithm Name not found in sign private key");
        }
        if (keyType.indexOf("RSA") >= 0) {
            bcContentSignerBuilder = new BcRSAContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(str + "WITHRSA"), new DefaultDigestAlgorithmIdentifierFinder().find(str));
        } else if (keyType.indexOf("SM2") >= 0) {
            bcContentSignerBuilder = new IcbcContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(AlgorithmConstants.SM3withSM2), new DefaultDigestAlgorithmIdentifierFinder().find(str));
        }
        ContentSigner build = bcContentSignerBuilder.build(asymmetricKeyParameter2);
        BcX509v3CertificateBuilder bcX509v3CertificateBuilder = new BcX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, asymmetricKeyParameter);
        bcX509v3CertificateBuilder.addExtension(X509Extensions.BasicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        bcX509v3CertificateBuilder.addExtension(X509Extensions.KeyUsage, false, (ASN1Encodable) new KeyUsage(192));
        bcX509v3CertificateBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricKeyParameter)));
        bcX509v3CertificateBuilder.addExtension(X509Extensions.SubjectKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricKeyParameter)));
        X509CertificateHolder build2 = bcX509v3CertificateBuilder.build(build);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
        try {
            pemWriter.writeObject(new PemObject("CERTIFICATE", build2.getEncoded()));
            pemWriter.close();
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            throw new CertificateEncodingException("can't encode certificate to PEM");
        }
    }

    public static String generatePKCS10CertificationRequest(X500Name x500Name, IcbcAsymmetricKeyParameter icbcAsymmetricKeyParameter, IcbcAsymmetricKeyParameter icbcAsymmetricKeyParameter2, String str) throws Exception {
        AsymmetricKeyParameter asymmetricKeyParameter = (AsymmetricKeyParameter) icbcAsymmetricKeyParameter.getBCkey();
        AsymmetricKeyParameter asymmetricKeyParameter2 = (AsymmetricKeyParameter) icbcAsymmetricKeyParameter2.getBCkey();
        BcPKCS10CertificationRequestBuilder bcPKCS10CertificationRequestBuilder = new BcPKCS10CertificationRequestBuilder(x500Name, asymmetricKeyParameter);
        String keyType = icbcAsymmetricKeyParameter2.getKeyType();
        BcContentSignerBuilder bcContentSignerBuilder = null;
        if (keyType == null) {
            throw new Exception("signatureAlgorithm Name not found in sign private key");
        }
        if (keyType.indexOf("RSA") >= 0) {
            bcContentSignerBuilder = new BcRSAContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(str + "WITHRSA"), new DefaultDigestAlgorithmIdentifierFinder().find(str));
        } else if (keyType.indexOf("SM2") >= 0) {
            bcContentSignerBuilder = new IcbcContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(AlgorithmConstants.SM3withSM2), new DefaultDigestAlgorithmIdentifierFinder().find(str));
        }
        return Base64.toBase64String(bcPKCS10CertificationRequestBuilder.build(bcContentSignerBuilder.build(asymmetricKeyParameter2)).getEncoded());
    }

    public static HsmKeyParameter getPubicKeyFromCert(byte[] bArr) throws Exception {
        ClearKeyParameter clearKeyParameter = null;
        X509CertificateHolder x509CertificateHolder = null;
        PEMParser pEMParser = null;
        try {
            pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr)));
            Object readObject = pEMParser.readObject();
            if (readObject instanceof X509CertificateHolder) {
                x509CertificateHolder = (X509CertificateHolder) readObject;
            }
            pEMParser.close();
        } catch (Exception e) {
            pEMParser.close();
        } catch (Throwable th) {
            pEMParser.close();
            throw th;
        }
        if (x509CertificateHolder == null) {
            String str = new String(bArr);
            if (str.matches("[\\p{Alnum}\\p{Space}\\+\\/\\=]+")) {
                bArr = Base64.decode(str);
            }
            x509CertificateHolder = new X509CertificateHolder(bArr);
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = x509CertificateHolder.getSubjectPublicKeyInfo();
        String aSN1ObjectIdentifier = subjectPublicKeyInfo.getAlgorithmId().getAlgorithm().toString();
        String obj = subjectPublicKeyInfo.getAlgorithmId().getParameters().toString();
        if (aSN1ObjectIdentifier.startsWith("1.2.840.10045.2.1") && obj.startsWith("1.2.156.10197.1.301")) {
            byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
            clearKeyParameter = IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey("SM2", bytes) : ClearKeyParameter.getInstance("SM2", bytes);
        } else if (aSN1ObjectIdentifier.startsWith("1.2.840.113549.1.1")) {
            byte[] encoded = RSAPublicKey.getInstance(subjectPublicKeyInfo.parsePublicKey()).getEncoded();
            clearKeyParameter = IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey("RSA", encoded) : ClearKeyParameter.getInstance("RSA", encoded);
        }
        return clearKeyParameter;
    }

    public HashMap<String, String> getPubicKeyFromCert(byte[] bArr, String str) throws Exception {
        HashMap<String, String> hashMap = new HashMap<>();
        HsmKeyParameter pubicKeyFromCert = getPubicKeyFromCert(bArr);
        try {
            if (pubicKeyFromCert.getAlgorithm().equalsIgnoreCase(str) && str.equalsIgnoreCase("RSA")) {
                String publicKey = ((ClearKeyParameter) pubicKeyFromCert).getPublicKey();
                RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(ASN1Primitive.fromByteArray(Hex.decode(publicKey)));
                String bigInteger = rSAPublicKey.getModulus().toString(16);
                String bigInteger2 = rSAPublicKey.getPublicExponent().toString(16);
                hashMap.put("pubStringKey", publicKey);
                hashMap.put("modulus", bigInteger);
                hashMap.put("exponent", bigInteger2);
            } else if (pubicKeyFromCert.getAlgorithm().equalsIgnoreCase(str) && str.equalsIgnoreCase("SM2")) {
                hashMap.put("pubStringKey", ((ClearKeyParameter) pubicKeyFromCert).getPublicKey());
            }
            return hashMap;
        } catch (Exception e) {
            throw new ParmErrorException("getPubicKeyFromCert:get PubicKey From Cert fail!" + e.getMessage());
        }
    }

    public static AsymmetricKeyParameter getPrivateKey(byte[] bArr) throws Exception {
        PrivateKeyInfo privateKeyInfo;
        RSAKeyParameters rSAKeyParameters = null;
        PrivateKeyInfo privateKeyInfo2 = null;
        PrivateKeyInfo privateKeyInfo3 = null;
        try {
            privateKeyInfo2 = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr)));
            Object readObject = privateKeyInfo2.readObject();
            if (readObject instanceof PrivateKeyInfo) {
                privateKeyInfo3 = (PrivateKeyInfo) readObject;
                privateKeyInfo3.getEncoded();
            }
            privateKeyInfo2.parsePrivateKey().toASN1Primitive().getEncoded();
            privateKeyInfo2.close();
            try {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
                if (rSAPrivateKey instanceof RSAPrivateCrtKey) {
                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) rSAPrivateKey;
                    rSAKeyParameters = new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
                } else if (rSAPrivateKey instanceof RSAPrivateKey) {
                    rSAKeyParameters = new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent());
                }
                return rSAKeyParameters;
            } catch (Exception e) {
                return null;
            }
        } catch (Exception e2) {
            return null;
        } finally {
            privateKeyInfo2.close();
        }
    }

    public static AsymmetricKeyParameter toAsymmetricKey(byte[] bArr, String str) throws Exception {
        if ("SM2private".equalsIgnoreCase(str)) {
            X9ECParameters byName = GMNamedCurves.getByName("sm2p256v1");
            ECCurve curve = byName.getCurve();
            return new ECPrivateKeyParameters(new BigInteger(1, bArr), new ECDomainParameters(curve, byName.getG(), curve.getOrder()));
        }
        if (!"SM2public".equalsIgnoreCase(str)) {
            if ("RSAprivate".equalsIgnoreCase(str)) {
                com.icbc.bcprov.org.bouncycastle.asn1.pkcs.RSAPrivateKey rSAPrivateKey = com.icbc.bcprov.org.bouncycastle.asn1.pkcs.RSAPrivateKey.getInstance(bArr);
                return new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
            }
            if (!"RSApublic".equalsIgnoreCase(str)) {
                throw new Exception("key type not support! " + str);
            }
            RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(bArr);
            return new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
        }
        X9ECParameters byName2 = GMNamedCurves.getByName("sm2p256v1");
        ECCurve curve2 = byName2.getCurve();
        ECDomainParameters eCDomainParameters = new ECDomainParameters(curve2, byName2.getG(), curve2.getOrder());
        String hexString = Hex.toHexString(bArr);
        if (!hexString.startsWith(InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind)) {
            throw new Exception("key data error!");
        }
        return new ECPublicKeyParameters(curve2.createPoint(new BigInteger(hexString.substring(2, 64), 16), new BigInteger(hexString.substring(66), 16)), eCDomainParameters);
    }
}
