package cfca.sadk.timestamp.client;

import cfca.sadk.algorithm.common.GMObjectIdentifiers;
import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.common.X9ObjectIdentifiers;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.pkcs.RSAPublicKey;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Certificate;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.cert.X509CertificateHolder;
import cfca.sadk.org.bouncycastle.crypto.params.RSAKeyParameters;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.IOException;
import java.security.PublicKey;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/TSACertHolder.class */
public final class TSACertHolder extends X509CertificateHolder {
    public static final int CERT_TYPE_UNKNOWN = -1;
    public static final int CERT_TYPE_SM2CERT = 1;
    public static final int CERT_TYPE_RSACERT = 2;
    private static final int SM2_PUBLIC_KEY_RAW_LENGTH = 64;
    private static final int SM2_PUBLIC_KEY_RAW_LENGTH_WITH_04 = 65;
    private byte[] encoding;
    private PublicKey publicKey;
    private int certType;

    public TSACertHolder(byte[] bArr) throws IOException {
        super(bArr);
        this.encoding = null;
        this.certType = -1;
        this.encoding = bArr == null ? null : (byte[]) bArr.clone();
    }

    public TSACertHolder(Certificate certificate) {
        super(certificate);
        this.encoding = null;
        this.certType = -1;
    }

    public static TSACertHolder from(X509CertificateHolder x509CertificateHolder) {
        if (x509CertificateHolder == null) {
            throw new IllegalArgumentException("missing x509Cert");
        }
        return new TSACertHolder(x509CertificateHolder.toASN1Structure());
    }

    public static TSACertHolder from(X509Cert x509Cert) {
        if (x509Cert == null) {
            throw new IllegalArgumentException("missing x509Cert");
        }
        TSACertHolder tSACertHolder = new TSACertHolder(x509Cert.getCertStructure());
        tSACertHolder.encoding = x509Cert.getEncoding();
        return tSACertHolder;
    }

    public byte[] getEncoded() throws IOException {
        if (this.encoding == null) {
            this.encoding = super.getEncoded();
        }
        return this.encoding;
    }

    public PublicKey getPublicKey() throws PKIException {
        if (this.publicKey == null) {
            this.publicKey = buildPublicKey(toASN1Structure());
        }
        return this.publicKey;
    }

    public boolean isSM2Cert() {
        buildCertType();
        return this.certType == 1;
    }

    public boolean isRSACert() {
        buildCertType();
        return this.certType == 2;
    }

    private final PublicKey buildPublicKey(Certificate certificate) throws PKIException {
        PublicKey buildRSAPublicKey;
        Args.notNull(certificate, "cert");
        buildCertType();
        SubjectPublicKeyInfo subjectPublicKeyInfo = certificate.getSubjectPublicKeyInfo();
        switch (this.certType) {
            case CERT_TYPE_SM2CERT /* 1 */:
                buildRSAPublicKey = buildSM2PublicKey(subjectPublicKeyInfo);
                break;
            case CERT_TYPE_RSACERT /* 2 */:
                buildRSAPublicKey = buildRSAPublicKey(subjectPublicKeyInfo);
                break;
            default:
                throw new PKIException(PKIException.SPKI_KEY, PKIException.SPKI_KEY_DES);
        }
        return buildRSAPublicKey;
    }

    private boolean isSM2PubKeyDataValid(byte[] bArr) {
        return bArr != null && (bArr.length == SM2_PUBLIC_KEY_RAW_LENGTH || bArr.length == SM2_PUBLIC_KEY_RAW_LENGTH_WITH_04);
    }

    private PublicKey buildSM2PublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws PKIException {
        Args.notNull(subjectPublicKeyInfo, "subjectPublicKeyInfo");
        try {
            byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
            if (!isSM2PubKeyDataValid(bytes)) {
                throw new PKIException(PKIException.SPKI_KEY, PKIException.SPKI_KEY_DES);
            }
            int i = bytes.length == SM2_PUBLIC_KEY_RAW_LENGTH_WITH_04 ? 1 : 0;
            byte[] bArr = new byte[32];
            byte[] bArr2 = new byte[32];
            System.arraycopy(bytes, i, bArr, 0, 32);
            System.arraycopy(bytes, i + 32, bArr2, 0, 32);
            return new SM2PublicKey(bArr, bArr2);
        } catch (Exception e) {
            throw new PKIException(PKIException.SPKI_KEY, "Convert SubjectPublicKeyInfo TO SM2PubKey Failed", e);
        }
    }

    private PublicKey buildRSAPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws PKIException {
        Args.notNull(subjectPublicKeyInfo, "subjectPublicKeyInfo");
        try {
            RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(subjectPublicKeyInfo.parsePublicKey());
            return new BCRSAPublicKey(new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        } catch (IOException e) {
            throw new PKIException(PKIException.SPKI_KEY, "Convert SubjectPublicKeyInfo TO RSAPubKey Failed", e);
        }
    }

    private final int buildCertType() {
        if (this.certType == -1) {
            int i = 0;
            Certificate aSN1Structure = toASN1Structure();
            if (aSN1Structure != null) {
                AlgorithmIdentifier algorithm = aSN1Structure.getSubjectPublicKeyInfo().getAlgorithm();
                String id = algorithm.getAlgorithm().getId();
                if (id.equals(PKCSObjectIdentifiers.rsaEncryption.getId())) {
                    i = 2;
                } else if (id.equals(GMObjectIdentifiers.ecPubKey.getId())) {
                    ASN1ObjectIdentifier parameters = algorithm.getParameters();
                    if (parameters != null && (parameters instanceof ASN1ObjectIdentifier)) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier = parameters;
                        if (aSN1ObjectIdentifier.equals(GMObjectIdentifiers.sm2_old)) {
                            i = 1;
                        } else if (aSN1ObjectIdentifier.equals(GMObjectIdentifiers.sm2PubKey)) {
                            i = 1;
                        }
                    }
                    if (i != 1) {
                        String id2 = aSN1Structure.getSignatureAlgorithm().getAlgorithm().getId();
                        if (id2.equals(X9ObjectIdentifiers.sm3WithSM2Encryption.getId())) {
                            i = 1;
                        } else if (id2.equals(X9ObjectIdentifiers.sm3WithSM2Encryption_OLD.getId())) {
                            i = 1;
                        }
                    }
                }
                this.certType = i;
            }
        }
        return this.certType;
    }

    public X509Cert getX509Cert() {
        return new X509Cert(toASN1Structure());
    }
}
