package com.sansec.ca2kmc.ca;

import com.sansec.asn1.ASN1EncodableVector;
import com.sansec.asn1.ASN1Integer;
import com.sansec.asn1.ASN1ObjectIdentifier;
import com.sansec.asn1.DERGeneralizedTime;
import com.sansec.asn1.DEROctetString;
import com.sansec.asn1.DERSequence;
import com.sansec.asn1.x509.AlgorithmIdentifier;
import com.sansec.ca2kmc.asn1.request.AppUserInfo;
import com.sansec.ca2kmc.asn1.request.ApplyKeyReq;
import com.sansec.ca2kmc.asn1.request.CARequest;
import com.sansec.ca2kmc.asn1.request.EntName;
import com.sansec.ca2kmc.asn1.request.KSRequest;
import com.sansec.ca2kmc.asn1.request.Request;
import com.sansec.ca2kmc.asn1.request.RestoreKeyReq;
import com.sansec.ca2kmc.asn1.request.RevokeKeyReq;
import com.sansec.ca2kmc.exceptions.CryptoException;
import com.sansec.ca2kmc.exceptions.KMCException;
import com.sansec.ca2kmc.exceptions.RequestExcepyion;
import com.sansec.ca2kmc.utils.AlgorithmConstants;
import com.sansec.ca2kmc.utils.AlgorithmTools;
import com.sansec.ca2kmc.utils.CryptoTools;
import com.sansec.jcajce.provider.asymmetric.sm2.JCESM2PublicKey;
import com.sansec.util.BigIntegerUitl;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:WEB-INF/lib/SSLCommAPI-0.0.1.jar:com/sansec/ca2kmc/ca/CARequestGenerator.class */
public class CARequestGenerator {
    private String caSubjectInfo;
    private BigInteger caSerialNum;
    private PublicKey caPublicKey;
    private int caPriKeyIndex;
    private String caHashAlgorithm;

    public CARequestGenerator(X509Certificate x509Certificate, int i, String str) {
        this.caSubjectInfo = x509Certificate.getSubjectDN().toString();
        this.caSerialNum = x509Certificate.getSerialNumber();
        this.caPublicKey = x509Certificate.getPublicKey();
        this.caPriKeyIndex = i;
        this.caHashAlgorithm = str;
    }

    public CARequest createApplyKeyRequest(int i, BigInteger bigInteger, PublicKey publicKey, Date date, Date date2, String str, String str2, String str3, int i2, String str4, String str5) throws KMCException {
        AlgorithmIdentifier algorithmIdentifier;
        try {
            AppUserInfo appUserInfo = new AppUserInfo(bigInteger, this.caPublicKey, date, date2, str, str2, str3);
            ASN1Integer aSN1Integer = new ASN1Integer(i2);
            if (i2 == 256) {
                algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(AlgorithmConstants.KEYALGORITHM_SM2_OID));
            } else {
                if (i2 != 1024 && i2 != 2048) {
                    throw new RequestExcepyion("Unsupport key length : " + i2);
                }
                algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(AlgorithmConstants.KEYALGORITHM_RSA_OID));
            }
            AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(new ASN1ObjectIdentifier(AlgorithmConstants.KEYALGORITHM_SM2_OID));
            String encryptOID = AlgorithmTools.getEncryptOID(str4);
            if (encryptOID == null) {
                throw new RequestExcepyion("Unsupport retSymAlg:" + str4);
            }
            AlgorithmIdentifier algorithmIdentifier3 = new AlgorithmIdentifier(new ASN1ObjectIdentifier(encryptOID));
            String digestOID = AlgorithmTools.getDigestOID(str5);
            if (digestOID == null) {
                throw new RequestExcepyion("Unsupport retHashAlg:" + str5);
            }
            return generateCARequest(i, new Request(new ApplyKeyReq(algorithmIdentifier, aSN1Integer, algorithmIdentifier2, algorithmIdentifier3, new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestOID)), appUserInfo)));
        } catch (IOException e) {
            throw new RequestExcepyion("Generat AppUserInfo error ", e);
        }
    }

    public CARequest createRestoreKeyRequest(int i, BigInteger bigInteger, PublicKey publicKey, String str, String str2) throws KMCException {
        PublicKey publicKey2 = this.caPublicKey;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(AlgorithmConstants.KEYALGORITHM_SM2_OID));
        String encryptOID = AlgorithmTools.getEncryptOID(str);
        if (encryptOID == null) {
            throw new RequestExcepyion("Unsupport retSymAlg:" + str);
        }
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(new ASN1ObjectIdentifier(encryptOID));
        String digestOID = AlgorithmTools.getDigestOID(str2);
        if (digestOID == null) {
            throw new RequestExcepyion("Unsupport retHashAlg:" + str2);
        }
        return generateCARequest(i, new Request(new RestoreKeyReq(algorithmIdentifier, algorithmIdentifier2, new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestOID)), bigInteger, publicKey2)));
    }

    public CARequest createRevokeKeyRequest(int i, BigInteger bigInteger) throws KMCException {
        return generateCARequest(i, new Request(new RevokeKeyReq(bigInteger)));
    }

    private CARequest generateCARequest(int i, Request request) throws KMCException {
        String str;
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        String digestOID = AlgorithmTools.getDigestOID(this.caHashAlgorithm);
        if (digestOID == null) {
            throw new RequestExcepyion("Unkonw hash algorithm : " + this.caHashAlgorithm);
        }
        byte[] bArr = null;
        if (digestOID.equals(AlgorithmConstants.DIGEST_SM3) && (this.caPublicKey instanceof JCESM2PublicKey)) {
            bArr = new byte[80];
            JCESM2PublicKey jCESM2PublicKey = this.caPublicKey;
            byte[] asUnsigned32ByteArray = BigIntegerUitl.asUnsigned32ByteArray(jCESM2PublicKey.getW().getAffineX());
            byte[] asUnsigned32ByteArray2 = BigIntegerUitl.asUnsigned32ByteArray(jCESM2PublicKey.getW().getAffineY());
            byte[] bytes = "1234567812345678".getBytes();
            System.arraycopy(asUnsigned32ByteArray, 0, bArr, 0, 32);
            System.arraycopy(asUnsigned32ByteArray2, 0, bArr, 32, 32);
            System.arraycopy(bytes, 0, bArr, 64, 16);
        }
        try {
            EntName entName = new EntName(digestOID, this.caSubjectInfo, CryptoTools.digest(this.caHashAlgorithm, this.caPublicKey.getEncoded(), bArr), this.caSerialNum);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(request);
            KSRequest kSRequest = new KSRequest(entName, new DERSequence(aSN1EncodableVector), new DERGeneralizedTime(new Date()), new ASN1Integer(i));
            String keyAlgorithm = AlgorithmTools.getKeyAlgorithm(this.caPublicKey);
            if (keyAlgorithm == null) {
                throw new RequestExcepyion("Unsupport key algorithm : " + keyAlgorithm);
            }
            if (keyAlgorithm.equals(AlgorithmConstants.KEYALGORITHM_RSA)) {
                str = AlgorithmConstants.SIGALG_SHA1_WITH_RSA;
                aSN1ObjectIdentifier = new ASN1ObjectIdentifier(AlgorithmConstants.SIGALG_SHA1_WITH_RSA_OID);
            } else {
                str = AlgorithmConstants.SIGALG_SM3_WITH_SM2;
                aSN1ObjectIdentifier = new ASN1ObjectIdentifier(AlgorithmConstants.SIGALG_SM3_WITH_SM2_OID);
            }
            try {
                return new CARequest(kSRequest, new AlgorithmIdentifier(aSN1ObjectIdentifier), new DEROctetString(CryptoTools.sign(str, this.caPriKeyIndex, kSRequest.getEncoded())));
            } catch (CryptoException e) {
                throw new RequestExcepyion("signature error", e);
            } catch (IOException e2) {
                throw new RequestExcepyion("signature error", e2);
            }
        } catch (Exception e3) {
            throw new RequestExcepyion("Digest ca public key error", e3);
        }
    }
}
