package cn.tass.hsm.provider.keystores;

import cn.tass.asn1.ASN1InputStream;
import cn.tass.asn1.ASN1OctetString;
import cn.tass.asn1.x509.AuthorityKeyIdentifier;
import cn.tass.asn1.x509.Extension;
import cn.tass.asn1.x509.SubjectKeyIdentifier;
import cn.tass.asn1.x509.SubjectPublicKeyInfo;
import cn.tass.crypto.digests.SHA1Digest;
import cn.tass.hsm.baseapi.JCEProviderBase;
import cn.tass.hsm.io.HsmStoreInputStream;
import cn.tass.hsm.io.HsmStoreOutputStream;
import cn.tass.hsm.keys.HsmPrivateKey;
import cn.tass.hsm.keys.HsmPublicKey;
import cn.tass.hsm.keys.TaSecretKey;
import cn.tass.hsm.provider.factories.X509CertificateFactory;
import cn.tass.hsm.provider.keystores.PKCS12KeyStoreSpi;
import cn.tass.hsm.provider.parameters.HsmStoreLoadParameter;
import cn.tass.kits.Forms;
import cn.tass.kits.structures.Bytes;
import cn.tass.util.Arrays;
import cn.tass.util.Strings;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:cn/tass/hsm/provider/keystores/TaHsmKeyStore.class */
public class TaHsmKeyStore extends KeyStoreSpi {
    private static final String DEFAULT_STORENAME = "TaHsmKeystore";
    private static final byte VERSION_STORE = 0;
    private String storename;
    private IgnoresCaseHashtable keys = new IgnoresCaseHashtable();
    private IgnoresCaseHashtable certs = new IgnoresCaseHashtable();
    private Hashtable<Object, Object> chainCerts = new Hashtable<>();
    private Hashtable<Object, Object> localIds = new Hashtable<>();
    private Hashtable<Object, Object> keyCerts = new Hashtable<>();

    /* loaded from: input_file:cn/tass/hsm/provider/keystores/TaHsmKeyStore$CertId.class */
    public class CertId {
        byte[] id;

        CertId(PublicKey publicKey) {
            this.id = TaHsmKeyStore.this.createSubjectKeyId(publicKey).getKeyIdentifier();
        }

        public CertId(byte[] bArr) {
            this.id = bArr;
        }

        public int hashCode() {
            return Arrays.hashCode(this.id);
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj instanceof CertId) {
                return Arrays.areEqual(this.id, ((CertId) obj).id);
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/tass/hsm/provider/keystores/TaHsmKeyStore$IgnoresCaseHashtable.class */
    public static class IgnoresCaseHashtable {
        private Hashtable<Object, Object> orig;
        private Hashtable<Object, Object> keys;

        private IgnoresCaseHashtable() {
            this.orig = new Hashtable<>();
            this.keys = new Hashtable<>();
        }

        public void put(String str, Object obj) {
            String lowerCase = str == null ? null : Strings.toLowerCase(str);
            String str2 = (String) this.keys.get(lowerCase);
            if (str2 != null) {
                this.orig.remove(str2);
            }
            this.keys.put(lowerCase, str);
            this.orig.put(str, obj);
        }

        public Enumeration<Object> keys() {
            return this.orig.keys();
        }

        public Object remove(String str) {
            String str2 = (String) this.keys.remove(str == null ? null : Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.remove(str2);
        }

        public Object get(String str) {
            String str2 = (String) this.keys.get(str == null ? null : Strings.toLowerCase(str));
            if (str2 == null) {
                return null;
            }
            return this.orig.get(str2);
        }

        public Enumeration<Object> elements() {
            return this.orig.elements();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) {
        return new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())));
    }

    private static byte[] getDigest(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        SHA1Digest sHA1Digest = new SHA1Digest();
        byte[] bArr = new byte[sHA1Digest.getDigestSize()];
        byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
        sHA1Digest.update(bytes, 0, bytes.length);
        sHA1Digest.doFinal(bArr, 0);
        return bArr;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!(key instanceof TaSecretKey) && !(key instanceof HsmPrivateKey)) {
            throw new KeyStoreException("TaHsmKeyStore does not support class of key<" + key.getClass().getName() + ">");
        }
        if (this.keys.get(str) != null) {
            engineDeleteEntry(str);
        }
        this.keys.put(str, key);
        if (certificateArr != null) {
            this.certs.put(str, certificateArr[0]);
            for (int i = 0; i != certificateArr.length; i++) {
                this.chainCerts.put(new CertId(certificateArr[i].getPublicKey()), certificateArr[i]);
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getKey.");
        }
        return (Key) this.keys.get(str);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getKey.");
        }
        if (!engineIsKeyEntry(str)) {
            return null;
        }
        Certificate engineGetCertificate = engineGetCertificate(str);
        if (engineGetCertificate == null) {
            return null;
        }
        Vector vector = new Vector();
        PKCS12KeyStoreSpi pKCS12KeyStoreSpi = new PKCS12KeyStoreSpi(null, null, null);
        while (engineGetCertificate != null) {
            X509Certificate x509Certificate = (X509Certificate) engineGetCertificate;
            Certificate certificate = null;
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
            if (extensionValue != null) {
                try {
                    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue).readObject()).getOctets()).readObject());
                    if (authorityKeyIdentifier.getKeyIdentifier() != null) {
                        Hashtable<Object, Object> hashtable = this.chainCerts;
                        pKCS12KeyStoreSpi.getClass();
                        certificate = (Certificate) hashtable.get(new PKCS12KeyStoreSpi.CertId(authorityKeyIdentifier.getKeyIdentifier()));
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e.toString());
                }
            }
            if (certificate == null) {
                Principal issuerDN = x509Certificate.getIssuerDN();
                if (!issuerDN.equals(x509Certificate.getSubjectDN())) {
                    Enumeration<Object> keys = this.chainCerts.keys();
                    while (keys.hasMoreElements()) {
                        X509Certificate x509Certificate2 = (X509Certificate) this.chainCerts.get(keys.nextElement());
                        if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                            try {
                                x509Certificate.verify(x509Certificate2.getPublicKey());
                                certificate = x509Certificate2;
                                break;
                            } catch (Exception e2) {
                            }
                        }
                    }
                }
            }
            if (vector.contains(engineGetCertificate)) {
                engineGetCertificate = null;
            } else {
                vector.addElement(engineGetCertificate);
                engineGetCertificate = certificate != engineGetCertificate ? certificate : null;
            }
        }
        Certificate[] certificateArr = new Certificate[vector.size()];
        for (int i = 0; i != certificateArr.length; i++) {
            certificateArr[i] = (Certificate) vector.elementAt(i);
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null alias passed to getCertificate.");
        }
        Certificate certificate = (Certificate) this.certs.get(str);
        if (certificate == null) {
            String str2 = (String) this.localIds.get(str);
            certificate = str2 != null ? (Certificate) this.keyCerts.get(str2) : (Certificate) this.keyCerts.get(str);
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        if (this.keys.get(str) == null && this.certs.get(str) == null) {
            return null;
        }
        return new Date();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new RuntimeException("operation not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (this.keys.get(str) != null) {
            throw new KeyStoreException("There is a key entry with the name " + str + ".");
        }
        this.certs.put(str, certificate);
        this.chainCerts.put(new CertId(certificate.getPublicKey()), certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        Key key = (Key) this.keys.remove(str);
        Certificate certificate = (Certificate) this.certs.remove(str);
        if (certificate != null) {
            this.chainCerts.remove(new CertId(certificate.getPublicKey()));
        }
        if (key != null) {
            String str2 = (String) this.localIds.remove(str);
            if (str2 != null) {
                certificate = (Certificate) this.keyCerts.remove(str2);
            }
            if (certificate != null) {
                this.chainCerts.remove(new CertId(certificate.getPublicKey()));
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        Hashtable hashtable = new Hashtable();
        Enumeration<Object> keys = this.certs.keys();
        while (keys.hasMoreElements()) {
            hashtable.put((String) keys.nextElement(), "cert");
        }
        Enumeration<Object> keys2 = this.keys.keys();
        while (keys2.hasMoreElements()) {
            String str = (String) keys2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.keys();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return (this.certs.get(str) == null && this.keys.get(str) == null) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        Hashtable hashtable = new Hashtable();
        Enumeration<Object> keys = this.certs.keys();
        while (keys.hasMoreElements()) {
            hashtable.put(keys.nextElement(), "cert");
        }
        Enumeration<Object> keys2 = this.keys.keys();
        while (keys2.hasMoreElements()) {
            String str = (String) keys2.nextElement();
            if (hashtable.get(str) == null) {
                hashtable.put(str, "key");
            }
        }
        return hashtable.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.keys.get(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.certs.get(str) != null && this.keys.get(str) == null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Enumeration<Object> elements = this.certs.elements();
        Enumeration<Object> keys = this.certs.keys();
        while (elements.hasMoreElements()) {
            Certificate certificate2 = (Certificate) elements.nextElement();
            String str = (String) keys.nextElement();
            if (certificate2.equals(certificate)) {
                return str;
            }
        }
        Enumeration<Object> elements2 = this.keyCerts.elements();
        Enumeration<Object> keys2 = this.keyCerts.keys();
        while (elements2.hasMoreElements()) {
            Certificate certificate3 = (Certificate) elements2.nextElement();
            String str2 = (String) keys2.nextElement();
            if (certificate3.equals(certificate)) {
                return str2;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        HsmStoreOutputStream hsmStoreOutputStream;
        Bytes bytes = new Bytes();
        int i = 0;
        if (outputStream == null) {
            if (this.storename == null) {
                this.storename = DEFAULT_STORENAME;
            }
            hsmStoreOutputStream = new HsmStoreOutputStream(this.storename);
        } else if (outputStream instanceof HsmStoreOutputStream) {
            hsmStoreOutputStream = (HsmStoreOutputStream) outputStream;
        } else {
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream));
            bufferedWriter.write(String.format("%s-V%d\r\n", DEFAULT_STORENAME, (byte) 0));
            if (this.storename == null) {
                this.storename = DEFAULT_STORENAME;
            }
            bufferedWriter.write(this.storename + "\r\n");
            bufferedWriter.flush();
            bufferedWriter.close();
            hsmStoreOutputStream = new HsmStoreOutputStream(this.storename);
        }
        Enumeration<Object> keys = this.keys.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            Key key = (Key) this.keys.get(str);
            Bytes bytes2 = new Bytes();
            if (key instanceof TaSecretKey) {
                bytes2.writeBytes(new byte[]{1, (byte) str.length()});
                bytes2.writeString(str);
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) ((TaSecretKey) key).getAlgTag()});
                int storeIndex = ((TaSecretKey) key).getStoreIndex();
                bytes2.write32Bit(storeIndex);
                if (storeIndex <= 0) {
                    byte[] encoded = key.getEncoded();
                    bytes2.write32Bit(encoded.length);
                    bytes2.writeBytes(encoded);
                    bytes2.writeBytes(((TaSecretKey) key).getKeycv());
                }
            } else if (key instanceof HsmPrivateKey) {
                bytes2.writeBytes(new byte[]{3, (byte) str.length()});
                bytes2.writeString(str);
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) ((HsmPrivateKey) key).getAlgTag()});
                int storeIndex2 = ((HsmPrivateKey) key).getStoreIndex();
                bytes2.write32Bit(storeIndex2);
                if (storeIndex2 <= 0) {
                    byte[] encoded2 = key.getEncoded();
                    bytes2.write32Bit(encoded2.length);
                    bytes2.writeBytes(encoded2);
                }
            } else if (key instanceof HsmPublicKey) {
                bytes2.writeBytes(new byte[]{2, (byte) str.length()});
                bytes2.writeString(str);
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) "".length()});
                bytes2.writeString("");
                bytes2.writeBytes(new byte[]{(byte) ((HsmPublicKey) key).getAlgTag()});
                int storeIndex3 = ((HsmPublicKey) key).getStoreIndex();
                bytes2.write32Bit(storeIndex3);
                if (storeIndex3 <= 0) {
                    byte[] encoded3 = key.getEncoded();
                    bytes2.write32Bit(encoded3.length);
                    bytes2.writeBytes(encoded3);
                }
            }
            i++;
            bytes.writeBytes(bytes2.getBytes());
        }
        Enumeration<Object> keys2 = this.certs.keys();
        while (keys2.hasMoreElements()) {
            String str2 = (String) keys2.nextElement();
            bytes.writeBytes(new byte[]{4, (byte) str2.length()});
            bytes.writeString(str2);
            byte[] encoded4 = ((Certificate) this.certs.get(str2)).getEncoded();
            bytes.write32Bit(encoded4.length);
            bytes.writeBytes(encoded4);
            i++;
        }
        bytes.setOffset(0);
        hsmStoreOutputStream.setRight(new String(cArr));
        hsmStoreOutputStream.write(Forms.bytes_Bits32(bytes.remainLength() + 4));
        hsmStoreOutputStream.write(Forms.bytes_Bits32(i));
        hsmStoreOutputStream.write(bytes.getBytes());
        hsmStoreOutputStream.flush();
        hsmStoreOutputStream.close();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (loadStoreParameter instanceof HsmStoreLoadParameter) {
            this.storename = ((HsmStoreLoadParameter) loadStoreParameter).getStoreName();
            engineStore(new HsmStoreOutputStream(this.storename), ((HsmStoreLoadParameter) loadStoreParameter).getPassword());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        HsmStoreInputStream hsmStoreInputStream;
        HsmPrivateKey hsmPrivateKey;
        if (JCEProviderBase.baseapi == null) {
            JCEProviderBase.getBaseapi(new String(cArr));
        }
        if (inputStream == null) {
            return;
        }
        if (inputStream instanceof HsmStoreInputStream) {
            hsmStoreInputStream = (HsmStoreInputStream) inputStream;
        } else {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                if (!String.format("%s-V%d", DEFAULT_STORENAME, (byte) 0).startsWith(bufferedReader.readLine())) {
                    bufferedReader.close();
                    throw new IOException("Ivalid sream input.");
                }
                this.storename = bufferedReader.readLine();
                if (this.storename == null || this.storename.length() == 0) {
                    this.storename = DEFAULT_STORENAME;
                }
                bufferedReader.close();
                hsmStoreInputStream = new HsmStoreInputStream(this.storename);
            } catch (Exception e) {
                e.printStackTrace();
                throw new IOException(e.getMessage());
            }
        }
        if (cArr == null) {
            throw new IOException("Invalid value<null> of password.");
        }
        try {
            hsmStoreInputStream.setRight(new String(cArr));
            Bytes buff = hsmStoreInputStream.getBuff();
            if (buff.remainLength() == 0) {
                return;
            }
            int Read32Bits = buff.Read32Bits();
            if (Read32Bits > buff.remainLength()) {
                throw new IOException("Keystore abnormal rode[" + buff.remainLength() + "] < need[" + Read32Bits + "].");
            }
            int Read32Bits2 = buff.Read32Bits();
            while (Read32Bits2 > 0) {
                byte ReadByte = buff.ReadByte();
                String ReadString = buff.ReadString(buff.ReadByte() & 255);
                Read32Bits2--;
                switch (ReadByte) {
                    case 1:
                        buff.skipBytes(buff.ReadByte() & 255);
                        buff.skipBytes(buff.ReadByte() & 255);
                        int ReadByte2 = buff.ReadByte() & 255;
                        int Read32Bits3 = buff.Read32Bits();
                        this.keys.put(ReadString, Read32Bits3 <= 0 ? new TaSecretKey(JCEProviderBase.cipherKeyFormat, JCEProviderBase.baseapi.getSymmAlgName(ReadByte2), buff.ReadByteArray(buff.Read32Bits()), buff.ReadByteArray(4)) : new TaSecretKey(JCEProviderBase.baseapi.getSymmAlgName(ReadByte2), Read32Bits3));
                        break;
                    case 2:
                    default:
                        throw new IOException("Data abnormal rode from stream.");
                    case 3:
                        buff.skipBytes(buff.ReadByte() & 255);
                        buff.skipBytes(buff.ReadByte() & 255);
                        int ReadByte3 = buff.ReadByte() & 255;
                        String asymmAlgName = JCEProviderBase.baseapi.getAsymmAlgName(ReadByte3);
                        int Read32Bits4 = buff.Read32Bits();
                        if (Read32Bits4 <= 0) {
                            byte[] ReadByteArray = buff.ReadByteArray(buff.Read32Bits());
                            hsmPrivateKey = new HsmPrivateKey(asymmAlgName, ReadByteArray, JCEProviderBase.cipherKeyFormat, -1, JCEProviderBase.baseapi.getAsymmPriKeyStrength(asymmAlgName, ReadByteArray) * 8);
                        } else {
                            hsmPrivateKey = new HsmPrivateKey(JCEProviderBase.baseapi.getAsymmAlgName(ReadByte3), Read32Bits4, JCEProviderBase.baseapi.getAsymmPriKeyStrength(asymmAlgName, Integer.valueOf(Read32Bits4)) * 8);
                        }
                        this.keys.put(ReadString, hsmPrivateKey);
                        break;
                    case 4:
                        this.certs.put(ReadString, new X509CertImpl(buff.ReadByteArray(buff.Read32Bits())));
                        break;
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new IOException(e2.getMessage());
        }
    }

    private Certificate loadCert(byte[] bArr) throws CertificateException, IOException {
        X509CertificateFactory x509CertificateFactory = new X509CertificateFactory();
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        Certificate engineGenerateCertificate = x509CertificateFactory.engineGenerateCertificate(aSN1InputStream);
        aSN1InputStream.close();
        return engineGenerateCertificate;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (!(loadStoreParameter instanceof HsmStoreLoadParameter)) {
            throw new NoSuchAlgorithmException("Invalid classtype<" + loadStoreParameter.getClass().getName() + ">.");
        }
        this.storename = ((HsmStoreLoadParameter) loadStoreParameter).getStoreName();
        engineLoad(new HsmStoreInputStream(this.storename), ((HsmStoreLoadParameter) loadStoreParameter).getPassword());
    }
}
