package cn.com.jit.pki.core.entity.certmake.impl;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cert.X509CertGenerator;
import cn.com.jit.ida.util.pki.cipher.JKeyPair;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.pkcs.PKCS10;
import cn.com.jit.pki.core.entity.CertInfo;
import cn.com.jit.pki.core.entity.Ctml;
import cn.com.jit.pki.core.entity.certmake.CertMakerException;
import cn.com.jit.pki.core.entity.certmake.ICertMaker;
import cn.com.jit.pki.core.entity.extension.IExtension;
import cn.com.jit.pki.core.entity.policy.IExtensionProcessor;
import cn.com.jit.pki.core.entity.policy.IPolicy;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pki-core-1.0.2.3.jar:cn/com/jit/pki/core/entity/certmake/impl/X509CertMakerImpl.class */
public class X509CertMakerImpl implements ICertMaker {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) X509CertMakerImpl.class);

    @Override // cn.com.jit.pki.core.entity.certmake.ICertMaker
    public byte[] makeCert(CertInfo certInfo, Ctml ctml, X509Name x509Name, Mechanism mechanism, JKeyPair jKeyPair, Session session, String str, boolean z) throws CertMakerException {
        IExtension process;
        long currentTimeMillis = System.currentTimeMillis();
        log.debug("BEGIN INPARAM:CertInfo certInfo=" + certInfo + ", Ctml ctml=" + ctml + ", X509Name authSubject=" + x509Name + ", Mechanism authSignAlgo=" + mechanism + ", JKeyPair authKey=" + jKeyPair + ", Session session=" + session + ", String OIDType=" + str + ", boolean isDouble=" + z);
        if (certInfo == null) {
            throw new NullPointerException("cert make failed, the argument \"certinfo\" is NULL");
        }
        String doublecertsn = z ? certInfo.getDoublecertsn() : certInfo.getCertSN();
        if (doublecertsn == null || doublecertsn.trim() == null) {
            throw new IllegalArgumentException("cert make failed, invalid serial number:" + doublecertsn);
        }
        try {
            BigInteger bigInteger = new BigInteger(doublecertsn, 16);
            boolean isSubjectFromP10 = certInfo.isSubjectFromP10();
            boolean isExtensionsFromP10 = certInfo.isExtensionsFromP10();
            String p10 = certInfo.getP10();
            String subject = certInfo.getSubject();
            if (!isSubjectFromP10 && (subject == null || "".equals(subject.trim()))) {
                throw new IllegalArgumentException("cert make failed, invalid certificate subject:" + subject);
            }
            if ((isSubjectFromP10 || isExtensionsFromP10) && (p10 == null || "".equals(p10.trim()))) {
                throw new IllegalArgumentException("cert make failed, p10 is blank");
            }
            PKCS10 pkcs10 = new PKCS10(session);
            if (isSubjectFromP10 || isExtensionsFromP10) {
                try {
                    pkcs10.load(convertBase64(p10.getBytes()));
                } catch (Exception e) {
                    throw new IllegalArgumentException("cert make failed, load p10 failed", e);
                }
            }
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmssSSS");
            try {
                Date parse = simpleDateFormat.parse(Long.toString(certInfo.getNotBefore()));
                try {
                    Date parse2 = simpleDateFormat.parse(Long.toString(certInfo.getNotAfter()));
                    if (certInfo.getPubKey() == null) {
                        throw new NullPointerException("cert make failed, invalid certificate public key.");
                    }
                    if (ctml == null) {
                        throw new NullPointerException("cert make failed, the argument \"ctml\" is NULL");
                    }
                    if (x509Name == null) {
                        throw new IllegalArgumentException("cert make failed, invalid authority subject:" + subject);
                    }
                    if (mechanism == null || mechanism.getMechanismType() == null) {
                        throw new CertMakerException("cert make failed, signature algorithm is null");
                    }
                    if (jKeyPair == null) {
                        throw new NullPointerException("cert make failed, the argument \"authKey\" is NULL");
                    }
                    if (session == null) {
                        throw new NullPointerException("cert make failed, the argument \"session\" is NULL");
                    }
                    if (!ICertMaker.OIDTYPE_GB.equalsIgnoreCase(str) && !ICertMaker.OIDTYPE_RFC.equalsIgnoreCase(str)) {
                        throw new IllegalArgumentException("cert make failed, unsupported OID type:" + str);
                    }
                    X509CertGenerator x509CertGenerator = new X509CertGenerator();
                    try {
                        x509CertGenerator.setIssuer(x509Name);
                        if (isSubjectFromP10) {
                            x509CertGenerator.setSubject(pkcs10.getX509NameSubject());
                        } else {
                            x509CertGenerator.setSubject(subject.trim());
                        }
                        x509CertGenerator.setSerialNumber(bigInteger);
                        x509CertGenerator.setNotBefore(parse);
                        x509CertGenerator.setNotAfter(parse2);
                        x509CertGenerator.setSignatureAlg(mechanism.getMechanismType());
                        if (z) {
                            x509CertGenerator.setPublicKey(certInfo.getDoublePubKey());
                        } else {
                            x509CertGenerator.setPublicKey(certInfo.getPubKey());
                        }
                        if (isExtensionsFromP10) {
                            x509CertGenerator.setExtensiond(pkcs10.getX509Extensions());
                        } else {
                            IPolicy[] extenPolicy = ctml.getPolicySet().getExtenPolicy();
                            for (int i = 0; i < extenPolicy.length; i++) {
                                if ((!z || !extenPolicy[i].getName().equals("KeyUsagePolicy")) && ((z || !extenPolicy[i].getName().equals("EncKeyUsagePolicy")) && (process = ((IExtensionProcessor) extenPolicy[i]).process(certInfo, ctml, x509Name, mechanism, jKeyPair)) != null)) {
                                    x509CertGenerator.addExtension(process.getOID(), process.getCritical(), process.derEncode());
                                }
                            }
                        }
                        byte[] generateX509Cert = x509CertGenerator.generateX509Cert(jKeyPair.getPrivateKey(), session);
                        log.debug("END TOTALTIME:" + (System.currentTimeMillis() - currentTimeMillis) + " OUTPARAM:byte[]=" + generateX509Cert);
                        return generateX509Cert;
                    } catch (PKIException e2) {
                        log.error("", (Throwable) e2);
                        throw new CertMakerException("cert make failed.", e2);
                    }
                } catch (ParseException e3) {
                    log.error("", (Throwable) e3);
                    throw new CertMakerException("cert make failed, invalid certificate notafter time:" + certInfo.getNotAfter(), e3);
                }
            } catch (ParseException e4) {
                log.error("", (Throwable) e4);
                throw new CertMakerException("cert make failed, invalid certificate notbefore time:" + certInfo.getNotBefore(), e4);
            }
        } catch (NumberFormatException e5) {
            log.error("", (Throwable) e5);
            throw new IllegalArgumentException("cert make failed, invalid serial number:" + doublecertsn, e5);
        }
    }

    public byte[] convertBase64(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            byte read = (byte) byteArrayInputStream.read();
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            if (read != 10 && read != 13 && read != 32) {
                byteArrayOutputStream.write(read);
            }
        }
    }
}
