package cn.com.jit.ida.util.pki.cert;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.DERBitString;
import cn.com.jit.ida.util.pki.asn1.DERInteger;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.TBSCertificateStructure;
import cn.com.jit.ida.util.pki.asn1.x509.Time;
import cn.com.jit.ida.util.pki.asn1.x509.V3TBSCertificateGenerator;
import cn.com.jit.ida.util.pki.asn1.x509.X509Extension;
import cn.com.jit.ida.util.pki.asn1.x509.X509Extensions;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.extension.Extension;
import java.math.BigInteger;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Vector;

/* loaded from: classes.dex */
public class X509CertGenerator {
    private Hashtable extensionSet;
    private V3TBSCertificateGenerator tbsCertGen;
    private Mechanism mechanism = null;
    private String deviceName = null;
    private AlgorithmIdentifier sigAlg = null;
    private String subject = null;
    private String issuer = null;
    private BigInteger serialNumber = null;
    private Date notBefore = null;
    private Date notAfter = null;
    private JKey pubKey = null;
    private DERBitString signature = null;
    private TBSCertificateStructure tbsCert = null;
    private HashMap dnrules = null;
    private Vector ordering = new Vector();

    public X509CertGenerator() {
        this.tbsCertGen = null;
        this.extensionSet = null;
        this.tbsCertGen = new V3TBSCertificateGenerator();
        this.extensionSet = new Hashtable();
    }

    private byte[] constructCertificate() throws PKIException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.tbsCert);
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(this.signature);
        try {
            return Parser.writeDERObj2Bytes(new DERSequence(aSN1EncodableVector).getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.CERT_BYTES, PKIException.CERT_BYTES_DES, e);
        }
    }

    private void generateSignature(JKey jKey, Session session) throws PKIException {
        if (this.extensionSet.size() > 0) {
            this.tbsCertGen.setExtensions(new X509Extensions(this.ordering, this.extensionSet));
        }
        TBSCertificateStructure generateTBSCertificate = this.tbsCertGen.generateTBSCertificate();
        this.tbsCert = generateTBSCertificate;
        try {
            try {
                this.signature = new DERBitString(session.sign(this.mechanism, jKey, Parser.writeDERObj2Bytes(generateTBSCertificate.getDERObject())));
            } catch (Exception e) {
                throw new PKIException("5", PKIException.SIGN_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException(PKIException.TBSCERT_BYTES, PKIException.TBSCERT_BYTES_DES, e2);
        }
    }

    public void SetDnRules(Map map) {
        this.dnrules = (HashMap) map;
    }

    public void addExtension(String str, boolean z, byte[] bArr) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(str);
        this.extensionSet.put(dERObjectIdentifier, new X509Extension(z, new DEROctetString(bArr)));
        this.ordering.add(dERObjectIdentifier);
    }

    public void addExtensiond(Extension extension) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
        extension.getCritical();
        try {
            this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
            this.ordering.add(dERObjectIdentifier);
        } catch (PKIException e) {
            throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, (Exception) e);
        }
    }

    public byte[] generateX509Cert(JKey jKey, Session session) throws PKIException {
        String str = this.issuer;
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        String str2 = this.subject;
        if (str2 == null || str2.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        if (this.pubKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        if (this.sigAlg == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (this.serialNumber == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        if (this.notBefore == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, "The certificate expiration time can not be empty");
        }
        if (this.notAfter == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, "The certificate expiration time can not be empty");
        }
        generateSignature(jKey, session);
        return constructCertificate();
    }

    public void setExtensiond(X509Extensions x509Extensions) throws PKIException {
        if (x509Extensions != null) {
            Enumeration oids = x509Extensions.oids();
            while (oids.hasMoreElements()) {
                DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) oids.nextElement();
                this.extensionSet.put(dERObjectIdentifier, x509Extensions.getExtension(dERObjectIdentifier));
                this.ordering.add(dERObjectIdentifier);
            }
        }
    }

    public void setExtensiond(Vector vector) throws PKIException {
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            Extension extension = (Extension) vector.get(i);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
            extension.getCritical();
            try {
                this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
                this.ordering.add(dERObjectIdentifier);
            } catch (PKIException e) {
                throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, (Exception) e);
            }
        }
    }

    public void setIssuer(X509Name x509Name) throws PKIException {
        if (x509Name == null) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        String x509Name2 = x509Name.toString();
        this.issuer = x509Name2;
        if (x509Name2.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.tbsCertGen.setIssuer(x509Name);
    }

    public void setIssuer(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.issuer = str;
        X509Name x509Name = new X509Name(str);
        HashMap hashMap = this.dnrules;
        if (hashMap != null) {
            x509Name.setRules(hashMap);
        }
        this.tbsCertGen.setIssuer(x509Name);
    }

    public void setIssuerUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setIssuerUniqueID(new DERBitString(bArr));
        }
    }

    public void setNotAfter(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, "The certificate expiration time can not be empty");
        }
        this.notAfter = date;
        this.tbsCertGen.setEndDate(new Time(date));
    }

    public void setNotBefore(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, "The certificate expiration time can not be empty");
        }
        this.notBefore = date;
        this.tbsCertGen.setStartDate(new Time(date));
    }

    public void setPublicKey(JKey jKey) throws PKIException {
        if (jKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        this.pubKey = jKey;
        try {
            this.tbsCertGen.setSubjectPublicKeyInfo(Parser.key2SPKI(jKey));
        } catch (Exception e) {
            throw new PKIException("8134", PKIException.KEY_SPKI_DES, e);
        }
    }

    public void setSerialNumber(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        BigInteger bigInteger = new BigInteger(str, 16);
        this.serialNumber = bigInteger;
        this.tbsCertGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setSerialNumber(BigInteger bigInteger) throws PKIException {
        if (bigInteger == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = bigInteger;
        this.tbsCertGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        Mechanism mechanism = new Mechanism(str);
        this.mechanism = mechanism;
        if (mechanism.isSignabled() || this.mechanism.isPQCSignabled()) {
            AlgorithmIdentifier signAlgorithmIdentifier = PKIConstant.getSignAlgorithmIdentifier(str);
            this.sigAlg = signAlgorithmIdentifier;
            this.tbsCertGen.setSignature(signAlgorithmIdentifier);
        } else {
            throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm: " + str);
        }
    }

    public void setSubject(X509Name x509Name) throws PKIException {
        if (x509Name == null) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        String x509Name2 = x509Name.toString();
        this.subject = x509Name2;
        if (x509Name2.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.tbsCertGen.setSubject(x509Name);
    }

    public void setSubject(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.subject = str;
        X509Name x509Name = new X509Name(str);
        HashMap hashMap = this.dnrules;
        if (hashMap != null) {
            x509Name.setRules(hashMap);
        }
        this.tbsCertGen.setSubject(x509Name);
    }

    public void setSubjectUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setSubjectUniqueID(new DERBitString(bArr));
        }
    }
}
