package kz.gov.pki.knca.applet.utils;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.asn1.DERObjectIdentifier;
import kz.gov.pki.kalkan.asn1.cryptopro.CryptoProObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.knca.KNCAObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.kalkan.asn1.x509.X509ObjectIdentifiers;
import kz.gov.pki.kalkan.exception.KalkanException;
import kz.gov.pki.kalkan.exception.PCSCCode;
import kz.gov.pki.kalkan.jce.PKCS10CertificationRequest;
import kz.gov.pki.kalkan.pcsc.generators.AKAlgorithmParameterSpec;
import kz.gov.pki.kalkan.util.KALKANUtils;
import kz.gov.pki.kalkan.util.encoders.Base64;
import kz.gov.pki.kalkan.util.encoders.Hex;
import kz.gov.pki.kalkan.util.io.Streams;
import kz.gov.pki.knca.applet.AppletConstants;
import kz.gov.pki.knca.applet.ResultWrapper;
import kz.gov.pki.knca.applet.exception.AECodes;
import kz.gov.pki.knca.applet.exception.AppletException;
import kz.gov.pki.knca.applet.osgi.BundleLog;

/* loaded from: input_file:kz/gov/pki/knca/applet/utils/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static final HashMap<String, String> mapRDNs = new HashMap<>();

    public static ResultWrapper genKeyPairAndGetPKCS10(Storage storage, String str, char[] cArr, String[] strArr, String[] strArr2, int[] iArr, String str2, String str3, String str4, Provider provider) throws AppletException, KalkanException {
        String str5;
        KeyPair genKeyPair;
        String keyIdFromPK;
        X509Name genSubjectDN = genSubjectDN(str2, str3);
        validateSubjectDN(genSubjectDN);
        ResultWrapper resultWrapper = new ResultWrapper();
        for (int i = 0; i < iArr.length; i++) {
            String str6 = str;
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(strArr2[i]);
            if (!dERObjectIdentifier.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !dERObjectIdentifier.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) && !dERObjectIdentifier.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR34310_2004) && !dERObjectIdentifier.equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004)) {
                throw new AppletException(AECodes.GENKEY_UNKNOWN_ALG.toString());
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(storage.getName(), provider.getName());
                if (storage.isToken()) {
                    if (storage.equals(Storage.KZIDCARD)) {
                        StringBuilder sb = new StringBuilder();
                        sb.append(genSubjectDN.getValues(X509Name.CN).get(0).toString()).append(" ");
                        if (genSubjectDN.getValues(X509Name.G).size() - 1 >= 0) {
                            sb.append(genSubjectDN.getValues(X509Name.G).get(0).toString());
                        }
                        ResultWrapper publicPartInfo = TokenLoader.getPublicPartInfo(str);
                        if (!publicPartInfo.getErrorCode().equals("NONE")) {
                            throw new AppletException(publicPartInfo.getErrorCode());
                        }
                        String str7 = publicPartInfo.getResult().toString().split(" ")[0];
                        String trim = publicPartInfo.getResult().toString().replace(str7, "").trim();
                        System.out.println(trim);
                        System.out.println(sb.toString().trim());
                        if (!genSubjectDN.getValues(X509Name.SERIALNUMBER).get(0).toString().equalsIgnoreCase(str7)) {
                            System.err.println("ИИН владельца удостоверения личности не совпадает с ИИН заявителя");
                            throw new AppletException(AECodes.GENKEY_KZIDCARD_INCORRECT_PERSONALINFO.toString());
                        }
                        if (!sb.toString().trim().equalsIgnoreCase(trim)) {
                            System.err.println("ФИО владельца удостоверения личности не совпадает с ФИО заявителя");
                            throw new AppletException(AECodes.GENKEY_KZIDCARD_INCORRECT_PERSONALINFO.toString());
                        }
                    }
                    keyStore.load(Streams.fromString(str), cArr);
                    BundleLog.LOG.info(str + " loaded.");
                    SecureRandom secureRandom = new SecureRandom();
                    byte[] bArr = new byte[12];
                    boolean z = true;
                    while (z) {
                        secureRandom.nextBytes(bArr);
                        int i2 = 0;
                        while (true) {
                            if (i2 >= bArr.length) {
                                break;
                            }
                            if (bArr[i2] == 0) {
                                z = true;
                                break;
                            }
                            z = false;
                            i2++;
                        }
                    }
                    keyIdFromPK = Hex.encodeStr(bArr);
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(dERObjectIdentifier.getId());
                        AKAlgorithmParameterSpec aKAlgorithmParameterSpec = new AKAlgorithmParameterSpec(str, storage.equals(Storage.KZIDCARD) ? strArr[i] + keyIdFromPK : keyIdFromPK);
                        aKAlgorithmParameterSpec.setKeyLength(iArr[i]);
                        keyPairGenerator.initialize((AlgorithmParameterSpec) aKAlgorithmParameterSpec);
                        BundleLog.LOG.info("Generating a key pair on " + storage + " with alias " + aKAlgorithmParameterSpec.getAlias());
                        genKeyPair = keyPairGenerator.genKeyPair();
                    } catch (Exception e) {
                        if (e.getCause() instanceof KalkanException) {
                            throw e.getCause();
                        }
                        e.printStackTrace();
                        throw new AppletException(AECodes.COMMON.toString());
                    }
                } else {
                    Certificate[] certificateArr = {null};
                    keyStore.load(null);
                    KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(dERObjectIdentifier.getId(), provider.getName());
                    if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
                        keyPairGenerator2.initialize(iArr[i]);
                        str5 = AppletConstants.RSA_FILE_PREFIX;
                    } else if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
                        keyPairGenerator2.initialize(iArr[i]);
                        str5 = "RSA256_";
                    } else if (dERObjectIdentifier.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR34310_2004)) {
                        keyPairGenerator2.initialize((AlgorithmParameterSpec) null);
                        str5 = "GOSTGT_";
                    } else {
                        if (!dERObjectIdentifier.equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004)) {
                            throw new AppletException(AECodes.GENKEY_UNKNOWN_ALG.toString());
                        }
                        keyPairGenerator2.initialize(new ECGenParameterSpec("Gost34310-2004-PKIGOVKZ-A"));
                        str5 = "GOSTKNCA_";
                    }
                    genKeyPair = keyPairGenerator2.genKeyPair();
                    keyIdFromPK = KALKANUtils.getKeyIdFromPK(genKeyPair.getPublic());
                    String str8 = str5 + keyIdFromPK;
                    keyStore.setKeyEntry(keyIdFromPK, genKeyPair.getPrivate(), cArr, certificateArr);
                    if (str6.lastIndexOf(System.getProperty("file.separator")) < str6.length() - System.getProperty("file.separator").length()) {
                        str6 = str6 + System.getProperty("file.separator");
                    }
                    str6 = storage.getName().equals(Storage.JKS.getName()) ? str6 + str8 + AppletConstants.JKS_EXTENSION : str6 + str8 + AppletConstants.P12_EXTENSION;
                }
                String[] strArr3 = null;
                if (str4 != null && !str4.isEmpty()) {
                    strArr3 = getSubjectAlternativeNameArray(str4, genSubjectDN.getValues(X509Name.CN).get(0).toString());
                }
                PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(dERObjectIdentifier.getId(), genSubjectDN, genKeyPair.getPublic(), KALKANUtils.getExtensionReqSet(keyIdFromPK, strArr3), genKeyPair.getPrivate());
                if (!pKCS10CertificationRequest.verify()) {
                    throw new AppletException(AECodes.GENKEY_VERIFY_PKCS10.toString());
                }
                String formatPKCS10 = formatPKCS10(pKCS10CertificationRequest.getDEREncoded());
                try {
                    if (keyStore.getType().equals(Storage.PKCS12.getName()) || keyStore.getType().equals(Storage.JKS.getName())) {
                        FileOutputStream fileOutputStream = new FileOutputStream(str6);
                        keyStore.store(fileOutputStream, cArr);
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                    } else {
                        keyStore.store(null, null);
                    }
                    if (formatPKCS10 == null || formatPKCS10.isEmpty()) {
                        throw new AppletException(AECodes.GENKEY_EMPTY_PKCS10.toString());
                    }
                    if (keyIdFromPK == null || keyIdFromPK.isEmpty()) {
                        throw new AppletException(AECodes.GENKEY_EMPTY_KEYID.toString());
                    }
                    if (i == 0) {
                        resultWrapper.setResult(formatPKCS10);
                        resultWrapper.setSecondResult(keyIdFromPK);
                    } else {
                        resultWrapper.setResult(resultWrapper.getResult() + "<:>" + formatPKCS10);
                        resultWrapper.setSecondResult(resultWrapper.getSecondResult() + "<:>" + keyIdFromPK);
                    }
                } catch (Exception e2) {
                    if (e2.getCause() instanceof KalkanException) {
                        throw e2.getCause();
                    }
                    e2.printStackTrace();
                    throw new AppletException(AECodes.COMMON.toString());
                }
            } catch (KalkanException e3) {
                throw e3;
            } catch (Exception e4) {
                if (e4.getCause() instanceof KalkanException) {
                    throw e4.getCause();
                }
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e4);
                throw new AppletException(AECodes.GENKEY_COMMON.toString());
            } catch (AppletException e5) {
                throw e5;
            }
        }
        return resultWrapper;
    }

    public static KeyStore getKeyStore(Storage storage, String str, char[] cArr, Provider provider) throws AppletException {
        try {
            KeyStore keyStore = KeyStore.getInstance(storage.getName(), provider.getName());
            InputStream fromString = storage.isToken() ? Streams.fromString(str) : new FileInputStream(str);
            keyStore.load(fromString, cArr);
            if (!storage.isToken()) {
                fromString.close();
            }
            return keyStore;
        } catch (IOException e) {
            if (e.getMessage().equals("PKCS12 key store mac invalid - wrong password or corrupted file.")) {
                throw new AppletException(AECodes.WRONG_PASSWORD.name(), -1);
            }
            Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            if (e.getCause() == null || !(e.getCause() instanceof KalkanException)) {
                throw new AppletException(AECodes.LOAD_KEYSTORE_ERROR.name());
            }
            KalkanException cause = e.getCause();
            if (cause.getErrorCode() != PCSCCode.WRONG_PIN) {
                throw new AppletException(AECodes.LOAD_KEYSTORE_ERROR.name());
            }
            if (storage.equals(Storage.KAZTOKEN) || storage.equals(Storage.KZIDCARD) || storage.equals(Storage.AKEY)) {
                throw new AppletException(AECodes.WRONG_PASSWORD.name(), ((Integer) cause.get("RetryCount")).intValue());
            }
            throw new AppletException(AECodes.WRONG_PASSWORD.name(), -1);
        } catch (Exception e2) {
            throw new AppletException(AECodes.LOAD_KEYSTORE_ERROR.name());
        }
    }

    /* JADX WARN: Finally extract failed */
    public static PrivateKey getPrivateKey(Storage storage, String str, String str2, char[] cArr, Provider provider) throws AppletException {
        try {
            try {
                return (PrivateKey) getKeyStore(storage, str, cArr, provider).getKey(str2, cArr);
            } catch (Exception e) {
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                throw new AppletException(AECodes.COMMON.name());
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable, kz.gov.pki.knca.applet.exception.AppletException] */
    public static ResultWrapper checkKeyStorePassword(Storage storage, String str, char[] cArr, Provider provider) {
        ResultWrapper resultWrapper = new ResultWrapper();
        try {
            try {
                getKeyStore(storage, str, cArr, provider);
                resultWrapper.setResult(Boolean.TRUE);
            } catch (AppletException e) {
                resultWrapper.setResult(Boolean.FALSE);
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                if (e.getTryCount() != -1) {
                    resultWrapper.setSecondResult(Integer.valueOf(e.getTryCount()));
                }
            }
            return resultWrapper;
        } catch (Throwable th) {
            throw th;
        }
    }

    public static String getKeyList(Storage storage, String str, char[] cArr, Provider provider, String str2) throws AppletException, KalkanException {
        StringBuilder sb = new StringBuilder();
        try {
            try {
                KeyStore keyStore = getKeyStore(storage, str, cArr, provider);
                if (keyStore == null) {
                    throw new AppletException(AECodes.SIGN_NULL_KEYSTORE.toString());
                }
                Map<String, X509Certificate> aliasCertMapFromKeyStore = getAliasCertMapFromKeyStore(keyStore);
                if (aliasCertMapFromKeyStore.isEmpty()) {
                    System.err.println("Key Store has no certificates set.");
                    throw new AppletException(AECodes.SIGN_EMPTY_STORAGE.toString());
                }
                int i = 0;
                for (String str3 : aliasCertMapFromKeyStore.keySet()) {
                    X509Certificate x509Certificate = aliasCertMapFromKeyStore.get(str3);
                    X509Name x509Name = new X509Name(x509Certificate.getSubjectDN().getName());
                    X509Name x509Name2 = new X509Name(x509Certificate.getIssuerDN().getName());
                    if (!storage.equals(Storage.PKCS12) && i == 0 && x509Certificate == null) {
                        System.err.println("PKCS12 Key Store has no certificates set.");
                        throw new AppletException(AECodes.SIGN_EMPTY_PKCS12_STORAGE.toString());
                    }
                    String sigAlgName = x509Certificate.getSigAlgName();
                    Object obj = AppletConstants.KEY_TYPE_UNKNOWN;
                    if (X509Util.isAuthCert(x509Certificate)) {
                        obj = AppletConstants.KEY_TYPE_AUTH;
                    }
                    if (X509Util.isSignKey(x509Certificate)) {
                        obj = AppletConstants.KEY_TYPE_SIGN;
                    }
                    if (str2.equals(AppletConstants.KEY_TYPE_ALL) || str2.equals(obj)) {
                        if (i != 0) {
                            sb.append("<:>");
                        }
                        sb.append(sigAlgName).append(AppletConstants.KEY_DETAILS_SEPERATOR);
                        sb.append(x509Name.getValues(X509Name.CN).get(0).toString()).append(AppletConstants.KEY_DETAILS_SEPERATOR);
                        sb.append(str3).append(AppletConstants.KEY_DETAILS_SEPERATOR);
                        sb.append(x509Certificate.getSerialNumber().toString(16)).append(AppletConstants.KEY_DETAILS_SEPERATOR);
                        sb.append(x509Name2.getValues(X509Name.CN).get(0).toString());
                        i++;
                    }
                }
                return sb.toString();
            } catch (Exception e) {
                if (e.getCause() instanceof KalkanException) {
                    throw e.getCause();
                }
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                throw new AppletException(AECodes.SIGN_COMMON.toString());
            } catch (AppletException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    private static void validateNewPassword(String str, Storage storage) throws AppletException {
        if (str == null || str.isEmpty()) {
            System.err.println("Пустой пароль не допускается.");
            throw new AppletException(AECodes.CHANGEPASS_EMPTY_NEWPASS.toString());
        }
        Matcher matcher = Pattern.compile("[a-zA-Z0-9]*$").matcher(str);
        int i = 8;
        if (storage.getName().equals(Storage.KAZTOKEN.getName())) {
            i = 32;
        } else if (storage.getName().equals(Storage.ETOKEN_72K.getName())) {
            i = 10;
        } else if (storage.getName().equals(Storage.JACARTA.getName())) {
            i = 31;
        }
        if (str.length() > i || !matcher.matches()) {
            System.err.println("Пароль должен содержать латинские буквы нижнего и верхнего регистров, а также цифры. Максимальная длина - " + i + " символов.");
            throw new AppletException(AECodes.CHANGEPASS_INCORRECT_NEWPASS_PATTERN.toString());
        }
    }

    private static void validateSubjectDN(X509Name x509Name) throws AppletException {
        Vector values = x509Name.getValues(new DERObjectIdentifier("2.5.4.5"));
        Vector values2 = x509Name.getValues(X509ObjectIdentifiers.organizationalUnitName);
        Vector values3 = x509Name.getValues(X509ObjectIdentifiers.countryName);
        if (values.size() > 0) {
            String str = (String) values.get(0);
            if (!str.startsWith("IIN") || str.length() != 15) {
                System.err.println("Incorrect values within DN:\nIIN = " + str);
                throw new AppletException(AECodes.GENKEY_INCORRECT_DN_VALUE.toString());
            }
        }
        if (values2.size() > 0) {
            Iterator it = values2.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (str2.startsWith("BIN") && str2.length() != 15) {
                    System.err.println("Incorrect values within DN:\nBIN = " + str2);
                    throw new AppletException(AECodes.GENKEY_INCORRECT_DN_VALUE.toString());
                }
            }
        }
        if (values3.size() > 0) {
            String str3 = (String) values3.get(0);
            if (str3.equals("KZ")) {
                return;
            }
            System.err.println("Error: Incorrect values within DN:\nC = " + str3);
            throw new AppletException(AECodes.GENKEY_INCORRECT_DN_VALUE.toString());
        }
    }

    private static X509Name genSubjectDN(String str, String str2) throws AppletException {
        String[] split = str.split("<:>");
        String[] split2 = str2.split("<:>");
        String str3 = "";
        for (int i = 0; i < split.length; i++) {
            if (mapRDNs.containsKey(split[i])) {
                if (split2[i].contains("\n")) {
                    split2[i] = split2[i].replaceAll("\n", "");
                }
                str3 = str3 + mapRDNs.get(split[i]) + "=" + escape(split2[i].trim()) + ",";
            }
        }
        if (str3.length() <= 0) {
            System.err.println("Error: SubjectDN is empty.");
            throw new AppletException(AECodes.GENKEY_EMPTY_DN.toString());
        }
        String upperCase = str3.substring(0, str3.length() - 1).trim().toUpperCase();
        System.out.println("DN: " + upperCase);
        return new X509Name(upperCase);
    }

    private static String escape(String str) {
        return str.replaceAll("[-\\[\\]{}()*+?.,\\\\^$|#\\\"]", "\\\\$0");
    }

    private static String formatPKCS10(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] encode = Base64.encode(bArr);
        int i = 0;
        byteArrayOutputStream.write(AppletConstants.BEGIN_NEW_CR.getBytes());
        byteArrayOutputStream.write(10);
        while (i < encode.length) {
            int length = encode.length - i < 64 ? encode.length - i : 64;
            byteArrayOutputStream.write(encode, i, length);
            byteArrayOutputStream.write(10);
            i += length;
        }
        byteArrayOutputStream.write(AppletConstants.END_NEW_CR.getBytes());
        byteArrayOutputStream.close();
        return new String(byteArrayOutputStream.toByteArray());
    }

    private static String getRSAAUTHFileName(String str) {
        File file = new File(str);
        return (file.getName().startsWith("AUTH_") || file.getName().startsWith("auth_")) ? file.getAbsolutePath() : file.getParent() + File.separator + "AUTH_" + file.getName();
    }

    private static Map<String, X509Certificate> getAliasCertMapFromKeyStore(KeyStore keyStore) throws IOException, KeyStoreException, NoSuchProviderException, FileNotFoundException, NoSuchAlgorithmException, CertificateException {
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                hashMap.put(nextElement, x509Certificate);
            }
        }
        return hashMap;
    }

    private static String[] getSubjectAlternativeNameArray(String str, String str2) {
        if (str == null || str.isEmpty()) {
            return new String[]{str2};
        }
        String[] split = str.split(",");
        boolean z = false;
        for (int i = 0; i < split.length; i++) {
            split[i] = split[i].trim();
            if (split[i].equalsIgnoreCase(str2)) {
                z = true;
            }
        }
        if (z) {
            return split;
        }
        String[] strArr = new String[split.length + 1];
        strArr[0] = str2;
        for (int i2 = 1; i2 < strArr.length; i2++) {
            strArr[i2] = split[i2 - 1];
        }
        return strArr;
    }

    static {
        mapRDNs.put("2.5.4.3", "CN");
        mapRDNs.put("2.5.4.4", "SURNAME");
        mapRDNs.put("2.5.4.5", "SERIALNUMBER");
        mapRDNs.put("2.5.4.6", "C");
        mapRDNs.put("2.5.4.7", "L");
        mapRDNs.put("2.5.4.8", "S");
        mapRDNs.put("2.5.4.10", "O");
        mapRDNs.put("2.5.4.11", "OU");
        mapRDNs.put("2.5.4.42", "G");
        mapRDNs.put("2.5.4.15", "BusinessCategory");
        mapRDNs.put("1.2.840.113549.1.9.1", "E");
        mapRDNs.put("0.9.2342.19200300.100.1.25", "DC");
    }
}
