package com.xdja.pki.ra.core.util.cert;

import ch.qos.logback.core.net.ssl.SSL;
import com.xdja.pki.gmssl.core.utils.GMSSLECUtils;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.constant.PathConstants;
import com.xdja.pki.ra.core.util.file.FileUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPrivateKey;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;

/* loaded from: input_file:WEB-INF/lib/ra-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ra/core/util/cert/KeyStoreUtils.class */
public class KeyStoreUtils {
    public static PrivateKey getPrivateKeyFromP12(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", (Provider) new BouncyCastleProvider());
        keyStore.load(new FileInputStream(str2), str3.toCharArray());
        return (PrivateKey) keyStore.getKey(str, str3.toCharArray());
    }

    public static PublicKey getPublicKeyFromP12(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("pkcs12", (Provider) new BouncyCastleProvider());
        keyStore.load(new FileInputStream(str2), str3.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        String str4 = null;
        while (true) {
            String str5 = str4;
            if (!aliases.hasMoreElements()) {
                return keyStore.getCertificate(str5).getPublicKey();
            }
            str4 = aliases.nextElement();
        }
    }

    public static void storePriKeyToPKCS12(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), x509CertificateArr);
        keyStore.store(new FileOutputStream(str3), str2.toCharArray());
    }

    public static void storePriKeyToJKS(String str, PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), x509CertificateArr);
        keyStore.store(new FileOutputStream(str3), str2.toCharArray());
    }

    public static PrivateKey getPriKeyByAliasFromJKS(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        keyStore.load(new FileInputStream(str2), str3.toCharArray());
        return (PrivateKey) keyStore.getKey(str, str3.toCharArray());
    }

    public static JCEECPrivateKey convertJCEECPrivateKey(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey) {
        JCEECPrivateKey jCEECPrivateKey = new JCEECPrivateKey(eCPrivateKey);
        ECParameterSpec parameters = jCEECPrivateKey.getParameters();
        return new JCEECPrivateKey(eCPrivateKey.getAlgorithm(), new ECPrivateKeyParameters(jCEECPrivateKey.getD(), new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN())), (JCEECPublicKey) eCPublicKey, eCPrivateKey.getParams());
    }

    public static JCEECPublicKey convertSM2PublicKey(BigInteger bigInteger, BigInteger bigInteger2, String str) {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        return new JCEECPublicKey(str, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(bigInteger, bigInteger2, false), parameterSpec));
    }

    public static Map<String, byte[]> generateDoubleCertByKeyStore(boolean z, X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, PrivateKey privateKey2, int i, String str, String str2) throws Exception {
        String str3 = SSL.DEFAULT_KEYSTORE_TYPE;
        KeyStore keyStore = null;
        String str4 = ".p12";
        HashMap hashMap = new HashMap();
        if (i == Constants.PFX_PRIVATE_KEY_STORE_TYPE_1) {
            str3 = "PKCS12";
            str4 = ".p12";
        } else if (i == Constants.JKS_PRIVATE_KEY_STORE_TYPE_2) {
            str3 = SSL.DEFAULT_KEYSTORE_TYPE;
            str4 = ".jks";
        } else if (i == Constants.JKS_PRIVATE_KEY_STORE_TYPE_3) {
            str3 = "BKS";
            str4 = ".bks";
        }
        File file = new File(str2 + "/" + str);
        if (file.exists()) {
            file.delete();
        }
        file.mkdirs();
        X509Certificate[] superCaCerts = CommonVariable.getSuperCaCerts();
        for (int i2 = 0; i2 < superCaCerts.length; i2++) {
            keyStore = KeyStore.getInstance(str3);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trust-" + i2, superCaCerts[i2]);
        }
        String stringRandom = getStringRandom(8);
        FileOutputStream fileOutputStream = new FileOutputStream(str2 + "/" + str + "/ca_" + stringRandom + str4);
        keyStore.store(fileOutputStream, stringRandom.toCharArray());
        fileOutputStream.close();
        hashMap.put("caPwd", stringRandom.getBytes());
        hashMap.put("keyStoreCA", FileUtils.readByBinary(str2 + "/" + str + "/ca_" + stringRandom + str4));
        KeyStore keyStore2 = KeyStore.getInstance(str3);
        KeyStore keyStore3 = KeyStore.getInstance(str3);
        KeyStore keyStore4 = KeyStore.getInstance(str3);
        keyStore2.load(null, null);
        String stringRandom2 = getStringRandom(8);
        keyStore2.setKeyEntry(str + "_sign", privateKey, stringRandom2.toCharArray(), x509CertificateArr);
        FileOutputStream fileOutputStream2 = new FileOutputStream(str2 + "/" + str + "/SignCert_" + stringRandom2 + str4);
        keyStore2.store(fileOutputStream2, stringRandom2.toCharArray());
        fileOutputStream2.close();
        hashMap.put("signStorePwd", stringRandom2.getBytes());
        hashMap.put("signStore", FileUtils.readByBinary(str2 + "/" + str + "/SignCert_" + stringRandom2 + str4));
        if (null != x509CertificateArr2 && null != privateKey2) {
            if (CommonVariable.getKeyAlgName().equalsIgnoreCase(Constants.KEY_ALG_NAME_SM2)) {
                ECPublicKey eCPublicKey = (ECPublicKey) x509CertificateArr2[0].getPublicKey();
                privateKey2 = convertJCEECPrivateKey((ECPrivateKey) privateKey2, convertSM2PublicKey(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY(), GMSSLECUtils.SM2p256));
            }
            keyStore3.load(null, null);
            String stringRandom3 = getStringRandom(8);
            keyStore3.setKeyEntry(str + "_enc", privateKey2, stringRandom3.toCharArray(), x509CertificateArr2);
            FileOutputStream fileOutputStream3 = new FileOutputStream(str2 + "/" + str + "/EncCert_" + stringRandom3 + str4);
            keyStore3.store(fileOutputStream3, stringRandom3.toCharArray());
            fileOutputStream3.close();
            hashMap.put("encStorePwd", stringRandom3.getBytes());
            hashMap.put("encStore", FileUtils.readByBinary(str2 + "/" + str + "/EncCert_" + stringRandom3 + str4));
            keyStore4.load(null, null);
            String stringRandom4 = getStringRandom(8);
            keyStore4.setKeyEntry(str + "_enc", privateKey2, stringRandom4.toCharArray(), x509CertificateArr2);
            keyStore4.setKeyEntry(str + "_sign", privateKey, stringRandom4.toCharArray(), x509CertificateArr);
            FileOutputStream fileOutputStream4 = new FileOutputStream(str2 + "/" + str + "/signAndEncCert_" + stringRandom4 + str4);
            keyStore4.store(fileOutputStream4, stringRandom4.toCharArray());
            fileOutputStream4.close();
            hashMap.put("signAndEncPwd", stringRandom4.getBytes());
            hashMap.put("signAndEncStore", FileUtils.readByBinary(str2 + "/" + str + "/signAndEncCert_" + stringRandom4 + str4));
        }
        byte[] readByBinary = FileUtils.readByBinary(PathConstants.CA_TRUST_SERVICE_CERT_FILE_PATH);
        FileUtils.saveFile(readByBinary, str2 + "/" + str + "/CACert.p7b");
        hashMap.put("caCert", readByBinary);
        if (!z) {
            FileUtils.deleteFile(new File(str2 + "/" + str));
        }
        return hashMap;
    }

    public static String getStringRandom(int i) {
        String str = "";
        Random random = new Random();
        for (int i2 = 0; i2 < i; i2++) {
            String str2 = random.nextInt(2) % 2 == 0 ? "char" : "num";
            if ("char".equalsIgnoreCase(str2)) {
                str = str + ((char) (random.nextInt(26) + 97));
            } else if ("num".equalsIgnoreCase(str2)) {
                str = str + String.valueOf(random.nextInt(10));
            }
        }
        return str;
    }

    public static String getThreeRandom() {
        int i = 0;
        int i2 = 1;
        for (int i3 = 0; i3 < 3; i3++) {
            i += ThreadLocalRandom.current().nextInt(10) * i2;
            i2 *= 10;
        }
        return String.valueOf(i);
    }
}
