package com.xdja.pki.ca.certmanager.service.kms.ca;

import com.xdja.pki.ca.certmanager.ans1.request.bean.AppUserInfo;
import com.xdja.pki.ca.certmanager.ans1.request.bean.EntName;
import com.xdja.pki.ca.certmanager.asn1.request.req.ApplyKeyReq;
import com.xdja.pki.ca.certmanager.asn1.request.req.RestoreKeyReq;
import com.xdja.pki.ca.certmanager.asn1.request.req.RevokeKeyReq;
import com.xdja.pki.ca.certmanager.service.util.CaRequestAlgOid;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/ca/certmanager/service/kms/ca/CaRequestGenerator.class */
public class CaRequestGenerator {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private String commSubjectInfo;
    private BigInteger commSerialNum;
    private PublicKey commPublicKey;
    private String privateKeyPin;
    private Integer keyIndex;
    private PrivateKey privateKey;

    public CaRequestGenerator(X509Certificate x509Certificate, int i, String str) {
        this.commSubjectInfo = x509Certificate.getSubjectX500Principal().toString();
        this.commSerialNum = x509Certificate.getSerialNumber();
        this.commPublicKey = x509Certificate.getPublicKey();
        this.keyIndex = Integer.valueOf(i);
        this.privateKeyPin = str;
    }

    public CaRequestGenerator(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.commSubjectInfo = x509Certificate.getSubjectX500Principal().toString();
        this.commSerialNum = x509Certificate.getSerialNumber();
        this.commPublicKey = x509Certificate.getPublicKey();
        this.privateKey = privateKey;
    }

    public CaRequest createApplyKeyRequest(int i, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, String str2, String str3, int i2, CaRequestAlgOid caRequestAlgOid) throws Exception {
        try {
            return generateCARequest(i, new Request(new ApplyKeyReq(caRequestAlgOid.getAppKeyType(), new ASN1Integer(i2), caRequestAlgOid.getRetAsymAlg(), caRequestAlgOid.getRetSymAlg(), caRequestAlgOid.getRetHashAlg(), new AppUserInfo(bigInteger, publicKey, date, date2, str, str2, str3))), caRequestAlgOid);
        } catch (IOException e) {
            throw new ServiceException("Generat AppUserInfo error ", e);
        }
    }

    public CaRequest createRestoreKeyRequest(int i, BigInteger bigInteger, PublicKey publicKey, CaRequestAlgOid caRequestAlgOid) throws Exception {
        return generateCARequest(i, new Request(new RestoreKeyReq(caRequestAlgOid.getRetAsymAlg(), caRequestAlgOid.getRetSymAlg(), caRequestAlgOid.getRetHashAlg(), bigInteger, publicKey)), caRequestAlgOid);
    }

    public CaRequest createRevokeKeyRequest(int i, BigInteger bigInteger, CaRequestAlgOid caRequestAlgOid) throws Exception {
        return generateCARequest(i, new Request(new RevokeKeyReq(bigInteger)), caRequestAlgOid);
    }

    private CaRequest generateCARequest(int i, Request request, CaRequestAlgOid caRequestAlgOid) throws Exception {
        String id = caRequestAlgOid.getDigestAlg().getAlgorithm().getId();
        byte[] convertPublicKey = convertPublicKey(this.commPublicKey, caRequestAlgOid.getDigestAlg());
        this.logger.info("签名证书dn" + this.commSubjectInfo);
        EntName entName = new EntName(id, this.commSubjectInfo, convertPublicKey, this.commSerialNum);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(request);
        KSRequest kSRequest = new KSRequest(entName, new DERSequence(aSN1EncodableVector), new DERGeneralizedTime(new Date()), new ASN1Integer(i));
        ASN1ObjectIdentifier algorithm = caRequestAlgOid.getSignAlg().getAlgorithm();
        byte[] bArr = null;
        try {
            if (algorithm.getId().equalsIgnoreCase(GMObjectIdentifiers.sm2sign_with_sm3.getId())) {
                bArr = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLSM2SignUtils.signByBC(this.privateKey, kSRequest.getEncoded()) : GMSSLSM2SignUtils.signBySdf(SdfCryptoType.YUNHSM, this.keyIndex.intValue(), this.privateKeyPin, kSRequest.getEncoded());
            } else if (algorithm.getId().equalsIgnoreCase(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
                bArr = Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? GMSSLRSASignUtils.signByBC(SignAlgTypeEnum.SHA1_WITH_RSA.algName, this.privateKey, kSRequest.getEncoded()) : GMSSLRSASignUtils.signBySdf(SdfCryptoType.YUNHSM, SignAlgTypeEnum.SHA1_WITH_RSA.algName, this.keyIndex.intValue(), this.privateKeyPin, kSRequest.getEncoded());
            }
            return new CaRequest(kSRequest, new AlgorithmIdentifier(algorithm), new DEROctetString(bArr));
        } catch (Exception e) {
            e.printStackTrace();
            throw new ServiceException("signature error", e);
        }
    }

    private byte[] convertPublicKey(PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1", "BC");
        if (publicKey instanceof RSAPublicKey) {
            byte[] encoded = SubjectPublicKeyInfo.getInstance(this.commPublicKey.getEncoded()).getPublicKeyData().getEncoded();
            byte[] bArr = new byte[encoded.length - 5];
            System.arraycopy(encoded, 5, bArr, 0, encoded.length - 5);
            messageDigest.update(bArr);
            return messageDigest.digest();
        }
        if (!(publicKey instanceof ECPublicKey)) {
            throw new RuntimeException("不支持的非对称密钥算法类型");
        }
        byte[] bArr2 = new byte[65];
        System.arraycopy(new byte[]{4}, 0, bArr2, 0, 1);
        BCECPublicKey bCECPublicKey = this.commPublicKey;
        byte[] byteArray = bCECPublicKey.getW().getAffineX().toByteArray();
        byte[] byteArray2 = bCECPublicKey.getW().getAffineY().toByteArray();
        System.arraycopy(byteArray, byteArray.length - 32, bArr2, 1, 32);
        System.arraycopy(byteArray2, byteArray2.length - 32, bArr2, 33, 32);
        messageDigest.update(bArr2);
        return messageDigest.digest();
    }

    public PrivateKey getRootPrivateKey(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取公钥私服时异常：" + e.getMessage());
        }
    }
}
