package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.sadk.org.bouncycastle.asn1.x500.style.BCStyle;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.Extensions;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.TBSCertificate;
import cfca.sadk.org.bouncycastle.asn1.x509.Time;
import cfca.sadk.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.logging.LoggerManager;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CertGenerator.class */
public class X509CertGenerator {
    private V3TBSCertificateGenerator tbsCertGen;
    private Hashtable extensionSet;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private String subject = null;
    private String issuer = null;
    private BigInteger serialNumber = null;
    private Date notBefore = null;
    private Date notAfter = null;
    private PublicKey pubKey = null;
    private DERBitString signature = null;
    private TBSCertificate tbsCert = null;

    public X509CertGenerator() {
        this.tbsCertGen = null;
        this.extensionSet = null;
        this.tbsCertGen = new V3TBSCertificateGenerator();
        this.extensionSet = new Hashtable();
    }

    public void setSerialNumber(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        setSerialNumber(new BigInteger(str, 16));
    }

    public void setSerialNumber(BigInteger bigInteger) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSerialNumber>>>>>>Running: serialNumber=" + SADKDebugger.dump(bigInteger));
        }
        if (bigInteger == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = bigInteger;
        this.tbsCertGen.setSerialNumber(new ASN1Integer(bigInteger));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSerialNumber<<<<<<Finished");
        }
    }

    public void setSubject(String str) throws PKIException {
        setSubject(BCStyle.INSTANCE, str);
    }

    public void setSubject(X500NameStyle x500NameStyle, String str) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSubject>>>>>>Running: subjectDN=" + str + ",style=" + x500NameStyle);
        }
        if (x500NameStyle == null) {
            throw new PKIException("style is null");
        }
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.subject = str;
        this.tbsCertGen.setSubject(new X500Name(x500NameStyle, str));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSubject<<<<<<Finished");
        }
    }

    public void setIssuer(String str) throws PKIException {
        setIssuer(BCStyle.INSTANCE, str);
    }

    public void setIssuer(X500NameStyle x500NameStyle, String str) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuer>>>>>>Running: issuerDN=" + str + ",style=" + x500NameStyle);
        }
        if (x500NameStyle == null) {
            throw new PKIException("style is null");
        }
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.issuer = str;
        this.tbsCertGen.setIssuer(new X500Name(x500NameStyle, str));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuer<<<<<<Finished");
        }
    }

    public void setNotBefore(Date date) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNotBefore>>>>>>Running: notBefore=" + date);
        }
        if (date == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
        }
        this.notBefore = date;
        this.tbsCertGen.setStartDate(new Time(date));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNotBefore<<<<<<Finished");
        }
    }

    public void setNotAfter(Date date) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNotAfter>>>>>>Running: notAfter=" + date);
        }
        if (date == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
        }
        this.notAfter = date;
        this.tbsCertGen.setEndDate(new Time(date));
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setNotAfter<<<<<<Finished");
        }
    }

    public void setPublicKey(PublicKey publicKey) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setPublicKey>>>>>>Running: publicKey=" + ((Object) SADKDebugger.dump(publicKey)));
        }
        try {
            if (publicKey == null) {
                throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
            }
            this.pubKey = publicKey;
            try {
                this.tbsCertGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSER + PKIException.KEY_SPKI, PKIException.KEY_SPKI_DES, e);
            }
        } catch (PKIException e2) {
            LoggerManager.exceptionLogger.error("setPublicKey<<<<<<Failure", e2);
            throw e2;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("setPublicKey<<<<<<Failure", th);
            throw new PKIException("setPublicKey Failure: " + th.getMessage(), th);
        }
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSignatureAlg>>>>>>Running: signatureAlgorithm=" + str);
        }
        try {
            if (str == null) {
                throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
            }
            this.mechanism = Mechanisms.signMechanismFrom(str);
            if (this.mechanism == null) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, PKIException.NONSUPPORT_SIGALG_DES + ": " + str);
            }
            this.sigAlg = new AlgorithmIdentifier(Mechanism.getObjectIdentifier(str), DERNull.INSTANCE);
            this.tbsCertGen.setSignature(this.sigAlg);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("setSignatureAlg<<<<<<Finished");
            }
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("setSignatureAlg<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("setSignatureAlg<<<<<<Failure", th);
            throw new PKIException("setSignatureAlg Failure: " + th.getMessage(), th);
        }
    }

    public void setIssuerUniqueID(byte[] bArr) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuerUniqueID>>>>>>Running: issuerUniqueID=" + SADKDebugger.dump(bArr));
        }
        if (bArr != null) {
            this.tbsCertGen.setIssuerUniqueID(new DERBitString(bArr));
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setIssuerUniqueID<<<<<<Finished");
        }
    }

    public void setSubjectUniqueID(byte[] bArr) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSubjectUniqueID>>>>>>Running: subjectUniqueID=" + SADKDebugger.dump(bArr));
        }
        if (bArr != null) {
            this.tbsCertGen.setSubjectUniqueID(new DERBitString(bArr));
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("setSubjectUniqueID<<<<<<Finished");
        }
    }

    public void addExtension(Extension extension) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtension>>>>>>Running: extension=" + SADKDebugger.dump(extension));
        }
        this.extensionSet.put(extension.getExtnId(), extension);
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("addExtension<<<<<<Finished");
        }
    }

    private Extensions generaterExtensions() {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generaterExtensions::>>>>>>Running: ");
        }
        Extensions extensions = null;
        if (this.extensionSet != null) {
            Iterator it = this.extensionSet.entrySet().iterator();
            Vector vector = new Vector();
            while (it.hasNext()) {
                vector.add(((Map.Entry) it.next()).getValue());
            }
            Extension[] extensionArr = new Extension[vector.size()];
            vector.toArray(extensionArr);
            extensions = new Extensions(extensionArr);
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generaterExtensions::<<<<<<Finished: extensions=" + SADKDebugger.dump(extensions));
        }
        return extensions;
    }

    public byte[] generateX509Cert(PrivateKey privateKey, Session session) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generateX509Cert>>>>>>Running: session=" + SADKDebugger.dump(session));
        }
        try {
            if (this.issuer == null || this.issuer.trim().length() == 0) {
                throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
            }
            if (this.subject == null || this.subject.trim().length() == 0) {
                throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
            }
            if (this.pubKey == null) {
                throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
            }
            if (this.sigAlg == null) {
                throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
            }
            if (this.serialNumber == null) {
                throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
            }
            if (this.notBefore == null) {
                throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
            }
            if (this.notAfter == null) {
                throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
            }
            generateSignature(privateKey, session);
            byte[] constructCertificate = constructCertificate();
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("generateX509Cert<<<<<<Finished: certBytes=" + SADKDebugger.dump(constructCertificate));
            }
            return constructCertificate;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("generateX509Cert<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("generateX509Cert<<<<<<Failure", th);
            throw new PKIException("generateX509Cert Failure: " + th.getMessage(), th);
        }
    }

    private void generateSignature(PrivateKey privateKey, Session session) throws PKIException {
        try {
            if (this.extensionSet.size() > 0) {
                this.tbsCertGen.setExtensions(generaterExtensions());
            }
            this.tbsCert = this.tbsCertGen.generateTBSCertificate();
            try {
                try {
                    byte[] sign = session.sign(this.mechanism, privateKey, ASN1Parser.parseDERObj2Bytes(this.tbsCert));
                    this.signature = new DERBitString((MechanismKit.SM2.equalsIgnoreCase(privateKey.getAlgorithm()) || this.mechanism.getMechanismType().toUpperCase().contains(MechanismKit.SM2)) ? new ASN1SM2Signature(sign).getEncoded() : (Mechanisms.isECDSA(privateKey.getAlgorithm()) || Mechanisms.isECDSA(this.mechanism)) ? checkECCSignValue(sign) : sign);
                } catch (Exception e) {
                    throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
                }
            } catch (Exception e2) {
                throw new PKIException(PKIException.TBSCERT_BYTES, PKIException.TBSCERT_BYTES_DES, e2);
            }
        } catch (PKIException e3) {
            throw new PKIException("generateSignature failure", e3);
        } catch (Throwable th) {
            throw new PKIException("generateSignature failure", th);
        }
    }

    private byte[] constructCertificate() throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("constructCertificate::>>>>>>Running");
        }
        try {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(this.tbsCert);
            aSN1EncodableVector.add(this.sigAlg);
            aSN1EncodableVector.add(this.signature);
            try {
                byte[] parseDERObj2Bytes = ASN1Parser.parseDERObj2Bytes(new DERSequence(aSN1EncodableVector));
                if (LoggerManager.debugLogger.isDebugEnabled()) {
                    LoggerManager.debugLogger.debug("constructCertificate::<<<<<<Finished: certData=" + SADKDebugger.dump(parseDERObj2Bytes));
                }
                return parseDERObj2Bytes;
            } catch (Exception e) {
                throw new PKIException(PKIException.CERT_BYTES, PKIException.CERT_BYTES_DES, e);
            }
        } catch (PKIException e2) {
            LoggerManager.exceptionLogger.error("constructCertificate::<<<<<<Failure", e2);
            throw e2;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("constructCertificate::<<<<<<Failure", th);
            throw new PKIException("constructCertificate Failure: " + th.getMessage(), th);
        }
    }

    private byte[] checkECCSignValue(byte[] bArr) throws Exception {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
            Enumeration objects = aSN1Sequence.getObjects();
            if (aSN1Sequence.size() != 2) {
                throw new Exception("ECCSignValue required 2-Node: R+S");
            }
            ASN1Integer aSN1Integer = (ASN1Integer) objects.nextElement();
            ASN1Integer aSN1Integer2 = (ASN1Integer) objects.nextElement();
            if (aSN1Integer == null || aSN1Integer2 == null) {
                throw new Exception("ECCSignValue required R+S");
            }
            return bArr;
        } catch (Exception e) {
            throw new Exception("ECCSignValue decode failed when decodeRS", e);
        }
    }
}
