package com.hundsun.khylib.ca;

import android.content.Context;
import android.os.Build;
import com.hundsun.khylib.utils.WriteLogFile;
import com.raizlabs.android.dbflow.sql.language.Operator;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URLEncoder;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes4.dex */
public class CertificateHandle {
    public static final String CSRFILENAME = "certification.csr";
    public static final String DEFAULTCRTNAME = "default.crt";
    public static final String DEFAULTKEYENTRY_ALIAS = "savePrivateKey";
    public static final String DEFAULTKEYPASS = "keypass.key";
    public static final String DEFAULTPRIVATEKEYFILENAME = "savePrivateKey.keystore";
    public static final String DEFAULTSTOREPASS = "666999";
    public static final String DN = "OU=Customers01,CN=csdcca,C=CN";
    public static String MD5WITHRSA = "MD5withRSA";
    public static String PASSWORD = "";
    public static final String SHA1WITHRSA = "SHA1withRSA";
    public static final String X509 = "X.509";
    public static PrivateKey privateKey;

    public static String CreateRequestCsr(Context context, String str, String str2) {
        KeyFactory keyFactory;
        KeyPairGenerator keyPairGenerator;
        try {
            if (Build.VERSION.SDK_INT >= 28) {
                keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyFactory = KeyFactory.getInstance("RSA");
            } else {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", "BC");
                keyFactory = KeyFactory.getInstance("RSA", "BC");
                keyPairGenerator = keyPairGenerator2;
            }
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(new byte[20]);
            keyPairGenerator.initialize(2048, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(generateKeyPair.getPublic().getEncoded()));
            privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(generateKeyPair.getPrivate().getEncoded()));
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(MD5WITHRSA, new X509Principal(str), generatePublic, (ASN1Set) null, privateKey, (String) null);
            WriteLogFile.witeLog("生成证书请求文件操作成功");
            SavePrivateKeyToPrivatekeyStore(context, privateKey, null, DEFAULTSTOREPASS);
            return new String(Base64.encode(pKCS10CertificationRequest.getEncoded()));
        } catch (Exception e) {
            e.printStackTrace();
            WriteLogFile.witeLog("CertificateHandle.createRequestCert 生成证书请求文件异常..." + e.hashCode() + ";;;;;" + e.toString());
            return "";
        }
    }

    public static X509Certificate GetCertificationFromCertStore(Context context, String str) {
        try {
            String readSnPassFile = CertFileUtil.readSnPassFile(context, str);
            if (!"-10".equals(readSnPassFile) && !"-1".equals(readSnPassFile) && !"-2".equals(readSnPassFile)) {
                String str2 = CertFileUtil.getCertFileDir(context) + Operator.Operation.DIVISION + "cert_" + str + ".keystore";
                KeyStore keyStore = Build.VERSION.SDK_INT >= 28 ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", "BC");
                FileInputStream fileInputStream = new FileInputStream(str2);
                keyStore.load(fileInputStream, readSnPassFile.toCharArray());
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificateChain(str)[0];
                fileInputStream.close();
                WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore 从keystore中读取证书操作成功 sn:" + str);
                return x509Certificate;
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore ，sn：" + str + "从keystore中读取证书操作异常....." + e.getMessage() + ";;;;;" + e.toString());
            return null;
        }
    }

    public static String GetCsrFromFile(Context context, String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(context.getFilesDir().getPath() + Operator.Operation.DIVISION + str));
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            return new String(bArr);
        } catch (Exception e) {
            WriteLogFile.witeLog("getCsrFromFile异常：" + e.getMessage());
            e.printStackTrace();
            return "";
        }
    }

    public static PrivateKey GetPrivateFromCertStore(Context context, String str) {
        FileInputStream fileInputStream;
        PrivateKey privateKey2;
        PrivateKey privateKey3 = null;
        try {
            String readSnPassFile = CertFileUtil.readSnPassFile(context, str);
            String str2 = CertFileUtil.getCertFileDir(context) + Operator.Operation.DIVISION + "cert_" + str + ".keystore";
            KeyStore keyStore = Build.VERSION.SDK_INT >= 28 ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", "BC");
            fileInputStream = new FileInputStream(str2);
            keyStore.load(fileInputStream, readSnPassFile.toCharArray());
            privateKey2 = (PrivateKey) keyStore.getKey(str, readSnPassFile.toCharArray());
        } catch (Exception e) {
            e = e;
        }
        try {
            fileInputStream.close();
            WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore 从keystore中读取私钥操作成功 sn：" + str);
            return privateKey2;
        } catch (Exception e2) {
            privateKey3 = privateKey2;
            e = e2;
            e.printStackTrace();
            WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore ，sn：" + str + "从keystore中读取私钥操作异常....." + e.getMessage() + ";;;;;" + e.toString());
            return privateKey3;
        }
    }

    public static PrivateKey GetPrivateFromPrivatekeyStore(Context context, String str) {
        PrivateKey privateKey2 = null;
        try {
            String str2 = CertFileUtil.getCertFileDir(context) + Operator.Operation.DIVISION + DEFAULTPRIVATEKEYFILENAME;
            KeyStore keyStore = Build.VERSION.SDK_INT >= 28 ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", "BC");
            FileInputStream fileInputStream = new FileInputStream(str2);
            keyStore.load(fileInputStream, str.toCharArray());
            PrivateKey privateKey3 = (PrivateKey) keyStore.getKey(DEFAULTKEYENTRY_ALIAS, str.toCharArray());
            try {
                fileInputStream.close();
                WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore 从keystore中读取私钥操作成功");
                return privateKey3;
            } catch (Exception e) {
                privateKey2 = privateKey3;
                e = e;
                e.printStackTrace();
                WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore 从keystore中读取私钥操作异常....." + e.getMessage() + ";;;;;" + e.toString());
                return privateKey2;
            }
        } catch (Exception e2) {
            e = e2;
        }
    }

    public static int SaveCertificateToCertKeystore(Context context, PrivateKey privateKey2, Certificate certificate, String str, String str2) {
        if (privateKey2 == null) {
            try {
                privateKey2 = GetPrivateFromPrivatekeyStore(context, DEFAULTSTOREPASS);
            } catch (Exception e) {
                WriteLogFile.witeLog("CertificateHandle.getPrivateFromKeyStore 保存证书操作异常....." + e.getMessage() + ";;;;;" + e.toString());
                e.printStackTrace();
                return -1;
            }
        }
        String saveSnPassFile = CertFileUtil.saveSnPassFile(context, str2, str);
        if (!"0".equals(saveSnPassFile)) {
            WriteLogFile.witeLog("将密码放到sn文件操作错误，sn：" + str2 + " error：" + saveSnPassFile);
            return -1;
        }
        WriteLogFile.witeLog("将密码放到sn文件操作成功");
        String str3 = CertFileUtil.getCertFileDir(context) + Operator.Operation.DIVISION + "cert_" + str2 + ".keystore";
        WriteLogFile.witeLog("生成证书的路径：" + str3);
        KeyStore keyStore = Build.VERSION.SDK_INT >= 28 ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str2, privateKey2, str.toCharArray(), new Certificate[]{certificate});
        FileOutputStream fileOutputStream = new FileOutputStream(str3);
        keyStore.store(fileOutputStream, str.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
        return 0;
    }

    public static void SavePrivateKeyToPrivatekeyStore(Context context, PrivateKey privateKey2, Certificate certificate, String str) {
        if (certificate == null) {
            try {
                InputStream open = context.getResources().getAssets().open(DEFAULTCRTNAME);
                byte[] bArr = new byte[open.available()];
                open.read(bArr);
                byte[] decode = Base64.decode(bArr);
                CertificateFactory certificateFactory = Build.VERSION.SDK_INT >= 28 ? CertificateFactory.getInstance(X509) : CertificateFactory.getInstance(X509, Security.getProvider("BC"));
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
            } catch (Exception e) {
                e.printStackTrace();
                WriteLogFile.witeLog("CertificateHandle.savePrivateKeyToKeyStore 将私钥及证书存放到keystore中操作异常......" + e.getMessage() + ";;;;;" + e.toString());
                return;
            }
        }
        String str2 = CertFileUtil.getCertFileDir(context) + Operator.Operation.DIVISION + DEFAULTPRIVATEKEYFILENAME;
        KeyStore keyStore = Build.VERSION.SDK_INT >= 28 ? KeyStore.getInstance("PKCS12") : KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry(DEFAULTKEYENTRY_ALIAS, privateKey2, str.toCharArray(), new Certificate[]{certificate});
        FileOutputStream fileOutputStream = new FileOutputStream(str2);
        keyStore.store(fileOutputStream, str.toCharArray());
        fileOutputStream.flush();
        fileOutputStream.close();
        WriteLogFile.witeLog("CertificateHandle.savePrivateKeyToKeyStore 将私钥及证书存放到keystore中操作成功savePrivateKey");
    }

    public static String Signature(Context context, String str, String str2) {
        SignerInfoGenerator build;
        try {
            X509Certificate GetCertificationFromCertStore = GetCertificationFromCertStore(context, str);
            WriteLogFile.witeLog("CertificateHandle   =====X509Certificate has been created");
            if (GetCertificationFromCertStore == null) {
                return "-101";
            }
            if (GetCertificationFromCertStore.getNotAfter().before(new Date())) {
                return "-103";
            }
            PrivateKey GetPrivateFromCertStore = GetPrivateFromCertStore(context, str);
            if (GetPrivateFromCertStore == null) {
                return "-102";
            }
            Security.addProvider(new BouncyCastleProvider());
            try {
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(GetCertificationFromCertStore);
                JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
                if (Build.VERSION.SDK_INT >= 28) {
                    build = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder("SHA1withRSA").build(GetPrivateFromCertStore), GetCertificationFromCertStore);
                } else {
                    build = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(GetPrivateFromCertStore), GetCertificationFromCertStore);
                }
                cMSSignedDataGenerator.addSignerInfoGenerator(build);
                cMSSignedDataGenerator.addCertificates(jcaCertStore);
                CMSSignedData generate = cMSSignedDataGenerator.generate((CMSTypedData) new CMSProcessableByteArray(str2.getBytes("utf-8")), false);
                WriteLogFile.witeLog("sn：" + str + "  CertificateHandle.Signature >>>>>用私钥数字签名完成");
                return URLEncoder.encode(new String(Base64.encode(generate.getEncoded())));
            } catch (Exception e) {
                e.printStackTrace();
                WriteLogFile.witeLog("sn：" + str + "  CertificateHandle.Signature >>>>>用私钥数字签名异常：" + e.getMessage() + ";;;;;" + e.toString());
                return "-104";
            }
        } catch (Exception e2) {
            WriteLogFile.witeLog("sn：" + str + "  CertificateHandle.Signature >>>>>用私钥数字签名异常：" + e2.getMessage() + ";;;;;" + e2.toString());
            return "-104";
        }
    }

    public static X509Certificate String2Certificate(String str) {
        if (str != null && !"".equals(str)) {
            try {
                return (X509Certificate) (Build.VERSION.SDK_INT >= 28 ? CertificateFactory.getInstance(X509) : CertificateFactory.getInstance(X509, Security.getProvider("BC"))).generateCertificate(new ByteArrayInputStream(Base64.decode(str.getBytes())));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return null;
    }

    public String checkCertWithSn(Context context, String str) {
        return CertFileUtil.readSnPassFile(context, str);
    }

    public String readKeyPassFromfile(Context context, String str) {
        return CertFileUtil.readSnPassFile(context, str);
    }

    public String saveKeyPassTofile(Context context, String str, String str2) {
        return CertFileUtil.saveSnPassFile(context, str, str2);
    }
}
