package cn.com.infosec.oscca;

import cn.com.infosec.asn1.x509.X509Extensions;
import cn.com.infosec.jce.provider.InfosecProvider;
import cn.com.infosec.netsign.crypto.util.CryptoUtil;
import cn.com.infosec.netsign.der.util.Certificate;
import cn.com.infosec.netsign.der.util.CertificateGenerater;
import cn.com.infosec.netsign.der.util.DERUtil;
import cn.com.infosec.netsign.der.util.Extension;
import cn.com.infosec.netsign.der.util.PublicKey;
import com.secneo.apkwrapper.Helper;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Set;
import org.xmlpull.v1.XmlPullParser;

/* loaded from: classes2.dex */
public class MakeEccCert {
    private static String CACertFile;
    private static String CADN;
    private static int CAKeyIndex;
    private static String CAKeyPass;
    private static byte[] certBs;
    private static String crluri;

    public MakeEccCert() {
        Helper.stub();
    }

    private static Extension genExtension(String str, boolean z) {
        if (!str.equals(X509Extensions.CRLDistributionPoints.getId()) || crluri == null) {
            return null;
        }
        byte[] generateDERCode = DERUtil.generateDERCode(4, DERUtil.generateDERCode(48, DERUtil.generateDERCode(48, DERUtil.generateDERCode(160, DERUtil.generateDERCode(160, DERUtil.generateDERCode(134, crluri.getBytes()))))));
        Extension extension = new Extension();
        extension.setOid(str);
        extension.setCritical(z);
        extension.setValue(generateDERCode);
        return extension;
    }

    private static ArrayList genExts(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            String[] strArr = (String[]) criticalExtensionOIDs.toArray(new String[0]);
            for (int i = 0; i < strArr.length; i++) {
                Extension genExtension = genExtension(strArr[i], true);
                if (genExtension == null) {
                    genExtension = new Extension();
                    genExtension.setOid(strArr[i]);
                    genExtension.setCritical(true);
                    genExtension.setValue(x509Certificate.getExtensionValue(strArr[i]));
                }
                arrayList.add(genExtension);
            }
        }
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs != null) {
            String[] strArr2 = (String[]) nonCriticalExtensionOIDs.toArray(new String[0]);
            for (int i2 = 0; i2 < strArr2.length; i2++) {
                Extension genExtension2 = genExtension(strArr2[i2], false);
                if (genExtension2 == null) {
                    genExtension2 = new Extension();
                    genExtension2.setOid(strArr2[i2]);
                    genExtension2.setValue(x509Certificate.getExtensionValue(strArr2[i2]));
                }
                arrayList.add(genExtension2);
            }
        }
        return arrayList;
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println("Generate SM2 certificates");
        Security.addProvider(new InfosecProvider());
        CryptoUtil.debug = true;
        SDFJNI.connectDev();
        SDFJNI.openSession();
        makeCA();
        makeKeySignCert();
        makeServerSignCert();
    }

    private static void makeCA() throws Exception {
        System.out.print("CA cert file:");
        byte[] bArr = new byte[100];
        System.in.read(bArr);
        CACertFile = new String(bArr).trim();
        FileInputStream fileInputStream = new FileInputStream(CACertFile);
        certBs = new byte[fileInputStream.available()];
        fileInputStream.read(certBs);
        System.out.print("CA key index:");
        byte[] bArr2 = new byte[100];
        System.in.read(bArr2);
        CAKeyIndex = Integer.parseInt(new String(bArr2).trim());
        System.out.print("CA key password:");
        byte[] bArr3 = new byte[100];
        System.in.read(bArr3);
        CAKeyPass = new String(bArr3).trim();
        System.out.print("CA CertDN:");
        byte[] bArr4 = new byte[100];
        System.in.read(bArr4);
        CADN = new String(bArr4).trim();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "INFOSEC").generateCertificate(new ByteArrayInputStream(certBs));
        Certificate certificate = new Certificate();
        certificate.setSerailNumber(x509Certificate.getSerialNumber());
        certificate.setIssuer(CADN);
        certificate.setSignatureAlgOid("1.2.156.197.1.501");
        certificate.setNotAfter(x509Certificate.getNotAfter());
        certificate.setNotBefore(x509Certificate.getNotBefore());
        certificate.setSubject(CADN);
        PublicKey publicKey = new PublicKey();
        publicKey.setKeyAlgOid("1.2.840.10045.2.1");
        publicKey.setKeyLength(7);
        byte[] exportPublicKey = SDFJNI.exportPublicKey(CAKeyIndex);
        byte[] bArr5 = new byte[66];
        bArr5[0] = 0;
        bArr5[1] = 4;
        System.arraycopy(exportPublicKey, 0, bArr5, 2, 64);
        publicKey.setKey(bArr5);
        certificate.setSubjectKeyInfo(publicKey);
        certificate.setExtensions(genExts(x509Certificate));
        CertificateGenerater certificateGenerater = new CertificateGenerater(certificate);
        certificateGenerater.setSignature(SDFJNI.SM2SignWithInnerKey(certificateGenerater.generateTBSCertificate(), "SM3", CAKeyIndex, CAKeyPass, null, null));
        certBs = certificateGenerater.generateCertificate();
        FileOutputStream fileOutputStream = new FileOutputStream(new StringBuffer(String.valueOf(CACertFile)).append(".new.cer").toString());
        CryptoUtil.debug("ca cert", certBs);
        fileOutputStream.write(certBs);
        fileOutputStream.flush();
        System.out.println("Create CA cert finished.");
    }

    private static void makeKeySignCert() throws Exception {
        System.out.println("Generate the sign cer for usb key");
        System.out.print("Sign cert file:");
        byte[] bArr = new byte[100];
        System.in.read(bArr);
        String trim = new String(bArr).trim();
        if (trim == null || trim.equals(XmlPullParser.NO_NAMESPACE)) {
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(trim);
        certBs = new byte[fileInputStream.available()];
        fileInputStream.read(certBs);
        System.out.print("Sign cert serial number(radix 16):");
        byte[] bArr2 = new byte[100];
        System.in.read(bArr2);
        BigInteger bigInteger = new BigInteger(new String(bArr2).trim(), 16);
        System.out.print("Sign cert DN:");
        byte[] bArr3 = new byte[100];
        System.in.read(bArr3);
        String trim2 = new String(bArr3).trim();
        System.out.print("Crl distribution point URI(ldaps://192.168.2.149:389/O=ca,CN=crl1):");
        byte[] bArr4 = new byte[100];
        System.in.read(bArr4);
        crluri = new String(bArr4).trim();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "INFOSEC").generateCertificate(new ByteArrayInputStream(certBs));
        Certificate certificate = new Certificate();
        certificate.setSerailNumber(bigInteger);
        certificate.setIssuer(CADN);
        certificate.setSignatureAlgOid("1.2.156.197.1.501");
        certificate.setNotAfter(x509Certificate.getNotAfter());
        certificate.setNotBefore(x509Certificate.getNotBefore());
        certificate.setSubject(trim2);
        PublicKey publicKey = new PublicKey();
        publicKey.setKeyAlgOid("1.2.840.10045.2.1");
        publicKey.setKeyLength(7);
        publicKey.setKey(DERUtil.getDERInnerData(DERUtil.getDERInnerData(DERUtil.getDERInnerData(DERUtil.getDERInnerData(certBs)), 7), 2));
        certificate.setSubjectKeyInfo(publicKey);
        certificate.setExtensions(genExts(x509Certificate));
        CertificateGenerater certificateGenerater = new CertificateGenerater(certificate);
        certificateGenerater.setSignature(SDFJNI.SM2SignWithInnerKey(certificateGenerater.generateTBSCertificate(), "SM3", CAKeyIndex, CAKeyPass, null, null));
        certBs = certificateGenerater.generateCertificate();
        FileOutputStream fileOutputStream = new FileOutputStream(new StringBuffer(String.valueOf(trim)).append(".4usbkey.cer").toString());
        CryptoUtil.debug("Sign cert for usbkey", certBs);
        fileOutputStream.write(certBs);
        fileOutputStream.flush();
        System.out.println("Generate sign cert for usbkey finished.");
    }

    private static void makeServerSignCert() throws Exception {
        System.out.println("Generate the sign cer for netsignserver");
        System.out.print("Sign cert file:");
        byte[] bArr = new byte[100];
        System.in.read(bArr);
        String trim = new String(bArr).trim();
        if (trim == null || trim.equals(XmlPullParser.NO_NAMESPACE)) {
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(trim);
        certBs = new byte[fileInputStream.available()];
        fileInputStream.read(certBs);
        System.out.print("Sign cert serial number(radix 16):");
        byte[] bArr2 = new byte[100];
        System.in.read(bArr2);
        BigInteger bigInteger = new BigInteger(new String(bArr2).trim(), 16);
        System.out.print("Sign cert DN:");
        byte[] bArr3 = new byte[100];
        System.in.read(bArr3);
        String trim2 = new String(bArr3).trim();
        System.out.print("Key index:");
        byte[] bArr4 = new byte[100];
        System.in.read(bArr4);
        int parseInt = Integer.parseInt(new String(bArr4).trim());
        System.out.print("Crl distribution point URI(ldaps://192.168.2.149:389/O=ca,CN=crl1):");
        byte[] bArr5 = new byte[100];
        System.in.read(bArr5);
        crluri = new String(bArr5).trim();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "INFOSEC").generateCertificate(new ByteArrayInputStream(certBs));
        Certificate certificate = new Certificate();
        certificate.setSerailNumber(bigInteger);
        certificate.setIssuer(CADN);
        certificate.setSignatureAlgOid("1.2.156.197.1.501");
        certificate.setNotAfter(x509Certificate.getNotAfter());
        certificate.setNotBefore(x509Certificate.getNotBefore());
        certificate.setSubject(trim2);
        PublicKey publicKey = new PublicKey();
        publicKey.setKeyAlgOid("1.2.840.10045.2.1");
        publicKey.setKeyLength(7);
        byte[] exportPublicKey = SDFJNI.exportPublicKey(parseInt);
        byte[] bArr6 = new byte[66];
        bArr6[0] = 0;
        bArr6[1] = 4;
        System.arraycopy(exportPublicKey, 0, bArr6, 2, 64);
        publicKey.setKey(bArr6);
        certificate.setSubjectKeyInfo(publicKey);
        certificate.setExtensions(genExts(x509Certificate));
        CertificateGenerater certificateGenerater = new CertificateGenerater(certificate);
        certificateGenerater.setSignature(SDFJNI.SM2SignWithInnerKey(certificateGenerater.generateTBSCertificate(), "SM3", CAKeyIndex, CAKeyPass, null, null));
        certBs = certificateGenerater.generateCertificate();
        FileOutputStream fileOutputStream = new FileOutputStream(new StringBuffer(String.valueOf(trim)).append(".4netsign.cer").toString());
        CryptoUtil.debug("Sign cert for usbkey", certBs);
        fileOutputStream.write(certBs);
        fileOutputStream.flush();
        System.out.println("Generate sign cert for netsignserver finished.");
    }
}
