package com.xdja.pki.ca.openpki.cmp.helper;

import ch.qos.logback.core.net.ssl.SSL;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.openapi.cmp.vo.UserCertInfo;
import com.xdja.pki.ca.openpki.cmp.utils.CertUtils;
import com.xdja.pki.ca.openpki.cmp.utils.FileUtils;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Random;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.crmf.CertTemplate;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/openpki/cmp/helper/PKICertHelper.class */
public class PKICertHelper {
    public static Result generateCertAndPriKey(SubjectPublicKeyInfo subjectPublicKeyInfo, PrivateKey privateKey, String str, String str2, CertTemplate certTemplate) {
        Result result = new Result();
        BigInteger probablePrime = BigInteger.probablePrime(32, new Random());
        Date date = new Date();
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(certTemplate.getIssuer(), probablePrime, date, new Date(date.getTime() + 1039228928), certTemplate.getSubject(), subjectPublicKeyInfo);
        try {
            x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectPublicKeyInfo.toString().getBytes()));
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new DERSequence(new BasicConstraints(1)));
            x509v3CertificateBuilder.addExtension(Extension.subjectInfoAccess, false, new DERSequence(new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(6, "http://certs.xdja.com/CrlDownload?dp=RootCA.cer"))));
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
            x509v3CertificateBuilder.addExtension(Extension.issuerAlternativeName, false, new GeneralName(7, "192.168.2.1"));
        } catch (Exception e) {
            e.printStackTrace();
        }
        UserCertInfo userCertInfo = new UserCertInfo();
        try {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
            userCertInfo.setSignCert(CertUtils.certToFullB64((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(privateKey.getEncoded()))).getEncoded()))));
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        String readByBytes = FileUtils.readByBytes("F:\\cmp_cert\\sign.cer");
        String readByBytes2 = FileUtils.readByBytes("F:\\cmp_cert\\enc.cer");
        userCertInfo.setSignCert(readByBytes);
        userCertInfo.setEncCert(readByBytes2);
        result.setInfo(userCertInfo);
        return result;
    }

    public static PrivateKey createPrivateKeyFromP12() {
        PrivateKey privateKey = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(new FileInputStream("F:\\cmp_sign_2c2e7a54.p12"), "2c2e7a54".toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                privateKey = (PrivateKey) keyStore.getKey(aliases.nextElement(), "2c2e7a54".toCharArray());
            }
            return privateKey;
        } catch (Exception e) {
            e.printStackTrace();
            return privateKey;
        }
    }

    public static PublicKey getPublicKeyFromSubjectPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        if (subjectPublicKeyInfo.getPublicKeyData().equals(DERNull.INSTANCE)) {
            return null;
        }
        try {
            return KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId(), str).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()));
        } catch (IOException | InvalidKeySpecException e) {
            InvalidKeyException invalidKeyException = new InvalidKeyException("Error decoding public key.");
            invalidKeyException.initCause(e);
            throw invalidKeyException;
        }
    }

    public static PublicKey getSubjectPublicKeyFromPublicKey(PublicKey publicKey, String str) {
        return null;
    }
}
