package com.ksign.cmp;

import com.ksign.KCaseLogging;
import com.ksign.asn1.ASN1Encodable;
import com.ksign.asn1.ASN1EncodableVector;
import com.ksign.asn1.ASN1InputStream;
import com.ksign.asn1.ASN1Sequence;
import com.ksign.asn1.BERSequence;
import com.ksign.asn1.BERSet;
import com.ksign.asn1.DERBitString;
import com.ksign.asn1.DEREncodable;
import com.ksign.asn1.DERGeneralizedTime;
import com.ksign.asn1.DERInteger;
import com.ksign.asn1.DEROctetString;
import com.ksign.asn1.DERSequence;
import com.ksign.asn1.DERTaggedObject;
import com.ksign.asn1.cmp.CMPCertificate;
import com.ksign.asn1.cmp.CMPObjectIdentifiers;
import com.ksign.asn1.cmp.CertRepMessage;
import com.ksign.asn1.cmp.CertResponse;
import com.ksign.asn1.cmp.CertifiedKeyPair;
import com.ksign.asn1.cmp.ErrorMsgContent;
import com.ksign.asn1.cmp.GenMsgContent;
import com.ksign.asn1.cmp.GenRepContent;
import com.ksign.asn1.cmp.InfoTypeAndValue;
import com.ksign.asn1.cmp.PKIBody;
import com.ksign.asn1.cmp.PKIConfirmContent;
import com.ksign.asn1.cmp.PKIFreeText;
import com.ksign.asn1.cmp.PKIHeader;
import com.ksign.asn1.cmp.PKIHeaderBuilder;
import com.ksign.asn1.cmp.PKIMessage;
import com.ksign.asn1.cmp.PKIStatusInfo;
import com.ksign.asn1.cmp.ProtectedPart;
import com.ksign.asn1.cmp.RevDetails;
import com.ksign.asn1.cmp.RevRepContent;
import com.ksign.asn1.cms.IssuerAndSerialNumber;
import com.ksign.asn1.crmf.AttributeTypeAndValue;
import com.ksign.asn1.crmf.CertReqMsg;
import com.ksign.asn1.crmf.CertRequest;
import com.ksign.asn1.crmf.CertTemplateBuilder;
import com.ksign.asn1.crmf.Controls;
import com.ksign.asn1.crmf.EncryptedValue;
import com.ksign.asn1.crmf.POPOSigningKey;
import com.ksign.asn1.crmf.POPOSigningKeyInput;
import com.ksign.asn1.crmf.ProofOfPossession;
import com.ksign.asn1.kisa.KISAObjectIdentifiers;
import com.ksign.asn1.korea.EncryptedVID;
import com.ksign.asn1.nist.NISTObjectIdentifiers;
import com.ksign.asn1.pkcs.Attribute;
import com.ksign.asn1.pkcs.PKCSObjectIdentifiers;
import com.ksign.asn1.pkcs.PrivateKeyInfo;
import com.ksign.asn1.x509.AlgorithmIdentifier;
import com.ksign.asn1.x509.GeneralName;
import com.ksign.asn1.x509.ReasonFlags;
import com.ksign.asn1.x509.SubjectPublicKeyInfo;
import com.ksign.asn1.x509.X509CertificateStructure;
import com.ksign.protocol.CMPTransport;
import com.ksign.protocol.TCPIP;
import com.ksign.wizsign.others.smartchannel.crypt.Crypto;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import ksign.jce.provider.signer.spec.EPKIKCDSA2048Spec;
import ksign.jce.util.Base64;

/* loaded from: classes.dex */
public class CMP {
    private static /* synthetic */ int[] $SWITCH_TABLE$com$ksign$cmp$CMP$CertType = null;
    public static final boolean KEYUPDTETYPE = true;
    public static final boolean NONEKEYUPDTETYPE = false;
    public static final int errorMsgRep = 6;
    public static final int finalMsgRep = 5;
    private static final int maybe_ietf_version2 = 0;
    public static final int negPollRep = 3;
    public static final int partialMsgRep = 4;
    public static final int pkiMsg = 0;
    public static final int pollRep = 1;
    public static final int pollReq = 2;
    private boolean keyupdate = false;
    Provider KSignP = null;
    private SecureRandom random = null;
    private CmpTransporter tr = new CmpTransporter();
    private CmpParameter p = new CmpParameter();
    private CaPolicy pol = new CaPolicy();
    private String _pbeAlgName = "PBEWithSHA1AndDESede";
    private int _pbeIterationCount = 16;
    private String _randomProviderName = "SHA1PRNG";

    /* loaded from: classes.dex */
    class CMPConfigVariable {
        public static final String CMP_ALLOW_SUSPEND = "allow_suspend";
        public static final String CMP_DIR_SERVER_ADDR = "dir_server_addr";
        public static final String CMP_KEY_SIZE = "key_size";
        public static final String CMP_KEY_UPDATE_DAY = "key_update_day";
        public static final String CMP_KM_KEY_BACKUP = "km_key_backup";
        public static final String CMP_KM_KEY_GEN = "km_key_gen";
        public static final String CMP_PASSWD_ALPHA_LEN = "passwd_alpha_len";
        public static final String CMP_PASSWD_LEN = "passwd_len";
        public static final String CMP_PASSWD_MOD = "passwd_mod";
        public static final String CMP_PASSWD_NUM_LEN = "passwd_num_len";
        public static final String CMP_PROTEC_ALGORITHM = "protect_algorithm";
        public static final String CMP_SIG_ALGORITHM = "signature_algorithm";
        public static final String CMP_SIG_ALGORITHM_1 = "algorithm";
        public static final String CMP_USER_NOTICE = "user_notice";

        CMPConfigVariable() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum CMPStep {
        INIT,
        GENM,
        GENP,
        IR,
        IP,
        KUR,
        KUP,
        CR,
        CP,
        P10CR,
        POPDECC,
        POPDECR,
        KRR,
        KRP,
        RR,
        RP,
        CCR,
        CCP,
        CKUANN,
        CANN,
        RANN,
        CRLANN,
        NESTED,
        ERROR,
        CONF;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static CMPStep[] valuesCustom() {
            CMPStep[] valuesCustom = values();
            int length = valuesCustom.length;
            CMPStep[] cMPStepArr = new CMPStep[length];
            System.arraycopy(valuesCustom, 0, cMPStepArr, 0, length);
            return cMPStepArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class CaPolicy {
        public static final int KCM_KEYBACKUP_CA = 2;
        public static final int KCM_KEYBACKUP_DISKETTE = 1;
        public static final int KCM_KEYBACKUP_NO = 3;
        public static final String KCM_KM_KEY_GEN_CA = "ca";
        public static final String KCM_KM_KEY_GEN_USER = "user";
        public static final int KCM_VIDTYPE_R = 1;
        public static final int KCM_VIDTYPE_VIDR = 2;
        String assyAlgorithm;
        String assyAlgorithm_km;
        int assyKeySize_km;
        String backupLocation;
        String kmKeyGen;
        int nPasswdLen;
        int nPasswdLen_Alpha;
        int nPasswdLen_Num;
        String protecAlgorithm;
        int status;
        String statusString;
        String userChoice;
        String userNotice;
        public Certificate kmCert = null;
        public Certificate caCert = null;
        boolean useKeyBackup = false;
        int assyKeySize = 0;

        CaPolicy() {
        }
    }

    /* loaded from: classes.dex */
    public enum CertType {
        sign,
        km;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static CertType[] valuesCustom() {
            CertType[] valuesCustom = values();
            int length = valuesCustom.length;
            CertType[] certTypeArr = new CertType[length];
            System.arraycopy(valuesCustom, 0, certTypeArr, 0, length);
            return certTypeArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class CmpParameter {
        private static /* synthetic */ int[] $SWITCH_TABLE$com$ksign$cmp$CMP$CertType;
        public String authCode;
        public byte[] caNonce;
        public CMPCertificate[] caPubs;
        public String ip_authcode;
        public String issuerDN;
        public String keyAlgoName;
        public String keyEncAlgoName;
        public String newKID;
        public String password;
        public String refNum;
        public BigInteger serialNo_km;
        public BigInteger serialNo_sign;
        public String subjectDN;
        public byte[] myNonce = new byte[128];
        public byte[] rValue = new byte[20];
        public int keySize = 1024;
        private String signAlg = "SHA1withRSA";
        public int keyEncSize = 0;
        private String encSignAlg = "SHA1withRSA";
        public ReasonFlags reason = new ReasonFlags(128);
        public Map certMap = new HashMap();
        public Map certKeyPairMap = new HashMap();
        public Map oldCertMap = new HashMap();
        public Map oldCertKeyPairMap = new HashMap();
        CMPStep currentStep = CMPStep.INIT;
        Provider provider = null;
        KeyStore ks = null;

        static /* synthetic */ int[] $SWITCH_TABLE$com$ksign$cmp$CMP$CertType() {
            int[] iArr = $SWITCH_TABLE$com$ksign$cmp$CMP$CertType;
            if (iArr == null) {
                iArr = new int[CertType.valuesCustom().length];
                try {
                    iArr[CertType.km.ordinal()] = 2;
                } catch (NoSuchFieldError e) {
                }
                try {
                    iArr[CertType.sign.ordinal()] = 1;
                } catch (NoSuchFieldError e2) {
                }
                $SWITCH_TABLE$com$ksign$cmp$CMP$CertType = iArr;
            }
            return iArr;
        }

        CmpParameter() {
        }

        private void setAlgKeySig(String str, String str2, CertType certType) {
            switch ($SWITCH_TABLE$com$ksign$cmp$CMP$CertType()[certType.ordinal()]) {
                case 1:
                    this.keyAlgoName = str2;
                    if (str == null || str.toLowerCase().indexOf("sha1") <= -1) {
                        this.keySize = 2048;
                        this.signAlg = "SHA256With";
                    } else {
                        this.keySize = 1024;
                        this.signAlg = "SHA1With";
                    }
                    this.signAlg = String.valueOf(this.signAlg) + str2;
                    return;
                case 2:
                    this.keyEncAlgoName = str2;
                    if (str == null || str.toLowerCase().indexOf("sha1") <= -1) {
                        this.keyEncSize = 2048;
                        this.encSignAlg = "SHA256With";
                    } else {
                        this.keyEncSize = 1024;
                        this.encSignAlg = "SHA1With";
                    }
                    this.encSignAlg = String.valueOf(this.encSignAlg) + str2;
                    return;
                default:
                    return;
            }
        }

        public CMPStep getCurrentStep() {
            return this.currentStep;
        }

        public boolean issuable() {
            if (this.refNum == null || this.refNum.length() < 1) {
                return false;
            }
            return this.authCode != null && this.authCode.length() >= 1;
        }

        public void setCurrentStep(CMPStep cMPStep) {
            this.currentStep = cMPStep;
        }

        public void setEncSignAlg(String str, String str2) {
            setAlgKeySig(str, str2, CertType.km);
        }

        public void setSignAlg(String str, String str2) {
            setAlgKeySig(str, str2, CertType.sign);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class CmpTransporter implements CMPTransport {
        public CMPTransport transport = null;

        CmpTransporter() {
        }

        @Override // com.ksign.protocol.CMPTransport
        public boolean bindAddress(String str) {
            this.transport = new TCPIP();
            return this.transport.bindAddress(str);
        }

        @Override // com.ksign.protocol.CMPTransport
        public void close() {
            this.transport.close();
        }

        @Override // com.ksign.protocol.CMPTransport
        public void connect() {
            CMP.this.p.setCurrentStep(CMPStep.INIT);
            this.transport.connect();
        }

        public TCPPKIMessage recv() {
            int intValue = new BigInteger(recv(4)).intValue();
            TCPPKIMessage tCPPKIMessage = new TCPPKIMessage();
            tCPPKIMessage.setPkitype(recv(1)[0]);
            if (intValue > 1 && tCPPKIMessage.getPkitype() != 3) {
                tCPPKIMessage.setPkim(PKIMessage.getInstance(recv(intValue - 1)));
            }
            return tCPPKIMessage;
        }

        @Override // com.ksign.protocol.CMPTransport
        public byte[] recv(int i) {
            return this.transport.recv(i);
        }

        public void send(ASN1Encodable aSN1Encodable) {
            if (CMP.this.p.getCurrentStep() != CMPStep.KUR && CMP.this.p.getCurrentStep() == CMPStep.CONF) {
            }
            send(aSN1Encodable.getEncoded());
        }

        @Override // com.ksign.protocol.CMPTransport
        public void send(byte[] bArr) {
            int length = bArr.length + 1;
            byte[] bArr2 = new byte[5];
            for (int i = 3; i >= 0; i--) {
                bArr2[i] = (byte) (length % 256);
                length >>= 8;
            }
            bArr2[4] = 0;
            this.transport.send(CMP.concat(bArr2, 0, bArr2.length, bArr, 0, bArr.length));
        }

        @Override // com.ksign.protocol.CMPTransport
        public void setTimeOut(int i) {
            this.transport.setTimeOut(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class TCPPKIMessage {
        private PKIMessage pkim;
        private int pkitype;

        TCPPKIMessage() {
        }

        public PKIMessage getPkim() {
            return this.pkim;
        }

        public int getPkitype() {
            return this.pkitype;
        }

        public void setPkim(PKIMessage pKIMessage) {
            this.pkim = pKIMessage;
        }

        public void setPkitype(int i) {
            this.pkitype = i;
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ksign$cmp$CMP$CertType() {
        int[] iArr = $SWITCH_TABLE$com$ksign$cmp$CMP$CertType;
        if (iArr == null) {
            iArr = new int[CertType.valuesCustom().length];
            try {
                iArr[CertType.km.ordinal()] = 2;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[CertType.sign.ordinal()] = 1;
            } catch (NoSuchFieldError e2) {
            }
            $SWITCH_TABLE$com$ksign$cmp$CMP$CertType = iArr;
        }
        return iArr;
    }

    public CMP() {
        setRandomProvider(this._randomProviderName);
    }

    public static String byteArrayToHex(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            stringBuffer.append(("0" + Integer.toHexString(b & 255)).substring(r2.length() - 2));
        }
        return stringBuffer.toString();
    }

    public static byte[] concat(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) {
        byte[] bArr3 = new byte[i2 + i4];
        System.arraycopy(bArr, i, bArr3, 0, i2);
        System.arraycopy(bArr2, i3, bArr3, i2, i4);
        return bArr3;
    }

    private void extractUserCerts(CertResponse[] certResponseArr) {
        byte[] encoded;
        CertType certType;
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= certResponseArr.length) {
                return;
            }
            CertifiedKeyPair certifiedKeyPair = certResponseArr[i2].getCertifiedKeyPair();
            CMPCertificate certificate = certifiedKeyPair.getCertOrEncCert().getCertificate();
            EncryptedValue encryptedCert = certifiedKeyPair.getCertOrEncCert().getEncryptedCert();
            if (certificate == null) {
                byte[] bytes = "01234567".getBytes();
                byte[] bytes2 = encryptedCert.getEncSymmKey().getBytes();
                KCaseLogging.println("extractUserCerts : before RSA[" + i2 + "]");
                Cipher cipher = Cipher.getInstance("RSA");
                KeyPair keyPair = (KeyPair) this.p.certKeyPairMap.get(CertType.km);
                KCaseLogging.println("extractUserCerts : KeyPair RSA[" + i2 + "]");
                cipher.init(2, keyPair.getPrivate());
                KCaseLogging.println("CMP.generatePoP() : kye :[" + Base64.encode2(keyPair.getPrivate().getEncoded()) + "]");
                KCaseLogging.println("CMP.generatePoP() : value :[" + Base64.encode2(bytes2) + "]");
                byte[] doFinal = cipher.doFinal(bytes2);
                KCaseLogging.println("extractUserCerts : before RSA key[" + i2 + "]");
                Cipher cipher2 = Cipher.getInstance("DES/OFB/PKCS5Padding");
                cipher2.init(2, new SecretKeySpec(doFinal, Crypto.ALGORITHM_DES), new IvParameterSpec(bytes));
                encoded = cipher2.doFinal(encryptedCert.getEncValue().getBytes());
                KCaseLogging.println("extractUserCerts : DES/OFB/PKCS5Padding[" + i2 + "]");
                certType = CertType.km;
                this.p.ip_authcode = byteArrayToHex(doFinal);
            } else {
                encoded = certificate.getEncoded();
                certType = CertType.sign;
            }
            if (encoded == null) {
                throw new RuntimeException("");
            }
            setHotCertificate(certType, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(encoded)));
            i = i2 + 1;
        }
    }

    private void generateKeys() {
        KCaseLogging.println("CMP.geberateKeys....2");
        if (this.p.getCurrentStep() == CMPStep.KUR && !this.keyupdate) {
            this.p.certKeyPairMap.put(CertType.km, this.p.oldCertKeyPairMap.get(CertType.km));
            this.p.certKeyPairMap.put(CertType.sign, this.p.oldCertKeyPairMap.get(CertType.sign));
            return;
        }
        System.out.println("sign :" + this.p.keyAlgoName + "\\" + this.p.keySize);
        this.p.certKeyPairMap.put(CertType.sign, getKeyPair(this.p.keyAlgoName, this.p.keySize));
        System.out.println("key gen End");
        System.out.println("km :" + this.p.keyEncAlgoName + "\\" + this.p.keyEncSize);
        this.p.certKeyPairMap.put(CertType.km, getKeyPair(this.p.keyEncAlgoName, this.p.keyEncSize));
        System.out.println("key gen End");
    }

    public static KeyPair generateKeysForMobile() {
        return generateKeysForMobile(1024);
    }

    public static KeyPair generateKeysForMobile(int i) {
        if (i != 1024 && i != 2048) {
            throw new Exception("key Size Error 1024|2048");
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    private ProofOfPossession generatePoP(PrivateKey privateKey, SubjectPublicKeyInfo subjectPublicKeyInfo, CertType certType) {
        POPOSigningKeyInput pOPOSigningKeyInput = new POPOSigningKeyInput(new GeneralName(1, " "), subjectPublicKeyInfo);
        String algName = getAlgName(certType);
        KCaseLogging.println("CMP.generatePoP() : before signature getInstance");
        Signature signature = this.p.provider != null ? Signature.getInstance(algName, this.p.provider) : Signature.getInstance(algName);
        signature.initSign(privateKey);
        signature.update(pOPOSigningKeyInput.getEncoded());
        return new ProofOfPossession(new POPOSigningKey(pOPOSigningKeyInput, getOID(algName), new DERBitString(signature.sign())));
    }

    private CertReqMsg generateReqMsg(CertType certType) {
        Controls controls;
        PrivateKey privateKey = ((KeyPair) this.p.certKeyPairMap.get(certType)).getPrivate();
        int i = certType == CertType.km ? 1 : 0;
        if (this.p.getCurrentStep() == CMPStep.KUR) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            GeneralName generalName = new GeneralName(4, this.p.issuerDN);
            DERInteger dERInteger = new DERInteger(this.p.serialNo_sign);
            aSN1EncodableVector.add(generalName);
            aSN1EncodableVector.add(dERInteger);
            controls = new Controls(new AttributeTypeAndValue(CMPObjectIdentifiers.regCtrl_oldCertID, new BERSequence(aSN1EncodableVector)));
        } else {
            controls = null;
        }
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setPublicKey(getSubjectPublicKeyInfo((KeyPair) this.p.certKeyPairMap.get(certType)));
        CertRequest certRequest = new CertRequest(i, certTemplateBuilder.build(), controls);
        ProofOfPossession generatePoP = generatePoP(privateKey, getSubjectPublicKeyInfo((KeyPair) this.p.certKeyPairMap.get(certType)), certType);
        return certType == CertType.sign ? new CertReqMsg(certRequest, generatePoP, getRegInfowithR()) : new CertReqMsg(certRequest, generatePoP, null);
    }

    private String getAlgName(CertType certType) {
        switch ($SWITCH_TABLE$com$ksign$cmp$CMP$CertType()[certType.ordinal()]) {
            case 1:
                return this.p.signAlg;
            case 2:
                return this.p.encSignAlg;
            default:
                return this.p.signAlg;
        }
    }

    private KeyPair getKeyPair(String str, int i) {
        KeyPairGenerator keyPairGenerator = this.p.provider != null ? KeyPairGenerator.getInstance(str, this.p.provider) : KeyPairGenerator.getInstance(str);
        if (str.equals("KCDSA")) {
            keyPairGenerator.initialize(new EPKIKCDSA2048Spec(), new SecureRandom());
        } else {
            keyPairGenerator.initialize(i);
        }
        return keyPairGenerator.generateKeyPair();
    }

    private DERBitString getMACProtection(PKIHeader pKIHeader, PKIBody pKIBody, String str) {
        byte[] bArr = new byte[8];
        byte[] bytes = "aaaaabbbbb".getBytes();
        byte[] bytes2 = str.getBytes();
        byte[] concat = concat(bytes, 0, bytes.length, bytes2, 0, bytes2.length);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        byte[] bArr2 = concat;
        for (int i = 0; i < 2; i++) {
            bArr2 = messageDigest.digest(bArr2);
        }
        System.arraycopy(bArr2, 0, bArr, 0, 8);
        byte[] dEREncoded = new ProtectedPart(pKIHeader, pKIBody).getDEREncoded();
        CBCBlockCipherMac cBCBlockCipherMac = new CBCBlockCipherMac(new DESEngine(), 64);
        byte[] bArr3 = new byte[cBCBlockCipherMac.getMacSize()];
        cBCBlockCipherMac.init(bArr);
        cBCBlockCipherMac.KSignUpdate(dEREncoded, 0, dEREncoded.length);
        cBCBlockCipherMac.doFinal(bArr3, 0);
        return new DERBitString(bArr3);
    }

    private AlgorithmIdentifier getOID(String str) {
        String str2 = "";
        if (str.toLowerCase().equals("sha1withrsa")) {
            str2 = "1.2.840.113549.1.1.5";
        } else if (str.toLowerCase().equals("sha256withrsa")) {
            str2 = "1.2.840.113549.1.1.11";
        } else if (str.toLowerCase().equals("sha1withkcdsaa")) {
            str2 = "1.2.410.200004.1.23";
        } else if (str.toLowerCase().equals("sha256withkcdsa")) {
            str2 = "1.2.410.200004.1.38";
        }
        return AlgorithmIdentifier.getInstance(str2);
    }

    private PrivateKey getOldPrivateKey(CertType certType) {
        try {
            Object obj = this.p.oldCertKeyPairMap.get(certType);
            if (obj != null) {
                return ((KeyPair) obj).getPrivate();
            }
        } catch (Exception e) {
            KCaseLogging.print(e);
        }
        return null;
    }

    private AttributeTypeAndValue[] getRegInfowithR() {
        this.random.nextBytes(this.p.rValue);
        byte[] stringToDigest = stringToDigest("123456123456789", Crypto.HASH_SHA256);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
        aSN1EncodableVector.add(new DERTaggedObject(true, 0, (DEREncodable) new DEROctetString(stringToDigest)));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new BERSequence(aSN1EncodableVector));
        aSN1EncodableVector2.add(new DERBitString(this.p.rValue));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(1, this.pol.caCert.getPublicKey());
        byte[] doFinal = cipher.doFinal(new BERSequence(aSN1EncodableVector2).getDEREncoded());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
        X509CertificateStructure x509CertificateStructure = X509CertificateStructure.getInstance(ASN1Sequence.getInstance(this.pol.caCert.getEncoded()));
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertificateStructure.getIssuer(), x509CertificateStructure.getSerialNumber().getValue());
        DEROctetString dEROctetString = new DEROctetString(doFinal);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(new DERTaggedObject(true, 2, (DEREncodable) algorithmIdentifier));
        aSN1EncodableVector3.add(new DERTaggedObject(true, 3, (DEREncodable) issuerAndSerialNumber));
        aSN1EncodableVector3.add(new DERTaggedObject(true, 4, (DEREncodable) dEROctetString));
        return new AttributeTypeAndValue[]{new AttributeTypeAndValue(KISAObjectIdentifiers.id_EncryptedVID, EncryptedVID.getInstance(new BERSequence(aSN1EncodableVector3)))};
    }

    private DERBitString getSignedProtection(PKIHeader pKIHeader, PKIBody pKIBody, PrivateKey privateKey, CertType certType) {
        byte[] dEREncoded = new ProtectedPart(pKIHeader, pKIBody).getDEREncoded();
        Signature signature = Signature.getInstance(getAlgName(certType));
        signature.initSign(privateKey);
        signature.update(dEREncoded);
        return new DERBitString(signature.sign());
    }

    private SubjectPublicKeyInfo getSubjectPublicKeyInfo(KeyPair keyPair) {
        return SubjectPublicKeyInfo.getInstance(new ASN1InputStream(keyPair.getPublic().getEncoded()).readObject());
    }

    public static byte[] hexToBytes(String str) {
        byte[] bArr = null;
        if (str != null && str.length() >= 2) {
            int length = str.length() / 2;
            bArr = new byte[length];
            for (int i = 0; i < length; i++) {
                bArr[i] = (byte) Integer.parseInt(str.substring(i * 2, (i * 2) + 2), 16);
            }
        }
        return bArr;
    }

    private void parseFreeText(PKIFreeText pKIFreeText) {
        if (pKIFreeText == null) {
            return;
        }
        HashMap hashMap = new HashMap();
        for (int i = 0; i < pKIFreeText.size(); i++) {
            for (String str : pKIFreeText.getStringAt(i).getString().split("\\$")) {
                String[] split = str.split("=");
                split[0].trim();
                split[1].trim();
                hashMap.put(split[0], split[1]);
            }
        }
        this.pol.userNotice = (String) hashMap.get(CMPConfigVariable.CMP_USER_NOTICE);
        this.pol.assyAlgorithm = (String) hashMap.get(CMPConfigVariable.CMP_SIG_ALGORITHM);
        this.pol.assyAlgorithm_km = this.pol.assyAlgorithm;
        this.pol.assyKeySize = Integer.parseInt((String) hashMap.get(CMPConfigVariable.CMP_KEY_SIZE));
        this.pol.assyKeySize_km = this.pol.assyKeySize;
        this.pol.userChoice = (String) hashMap.get(CMPConfigVariable.CMP_KM_KEY_GEN);
        this.pol.backupLocation = (String) hashMap.get(CMPConfigVariable.CMP_KM_KEY_BACKUP);
        this.pol.protecAlgorithm = (String) hashMap.get(CMPConfigVariable.CMP_PROTEC_ALGORITHM);
    }

    private boolean processGenMGenP(boolean z) {
        this.p.setCurrentStep(CMPStep.GENM);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(0, z ? new GeneralName(4, this.p.subjectDN) : new GeneralName(1, " "), new GeneralName(1, " "));
        if (z) {
            pKIHeaderBuilder.setSenderKID(byteArrayToHex(this.p.serialNo_sign.toByteArray()).getBytes());
        } else {
            pKIHeaderBuilder.setSenderKID(this.p.newKID.getBytes());
        }
        this.tr.send(new PKIMessage(pKIHeaderBuilder.build(), new PKIBody(21, new GenMsgContent(new InfoTypeAndValue(CMPObjectIdentifiers.it_caProtEncCert)))));
        KCaseLogging.println("GenM Send");
        this.p.setCurrentStep(CMPStep.GENP);
        PKIMessage pkim = this.tr.recv().getPkim();
        parseFreeText(pkim.getHeader().getFreeText());
        PKIBody body = pkim.getBody();
        if (body.getType() == 22) {
            InfoTypeAndValue[] infoTypeAndValueArray = GenRepContent.getInstance(body.getContent()).toInfoTypeAndValueArray();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (InfoTypeAndValue infoTypeAndValue : infoTypeAndValueArray) {
                this.pol.caCert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(infoTypeAndValue.getInfoValue().getEncoded()));
            }
            KCaseLogging.println("GenM genp");
            return true;
        }
        close();
        if (body.getType() != 23) {
            this.pol.statusString = "Corrupt response! GENP";
            this.pol.status = 2;
            return false;
        }
        ErrorMsgContent errorMsgContent = ErrorMsgContent.getInstance(body.getContent());
        this.pol.status = errorMsgContent.getPKIStatusInfo().getStatus().intValue();
        this.pol.statusString = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
        return false;
    }

    private boolean processIRIP() {
        this.p.setCurrentStep(CMPStep.IR);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(0, new GeneralName(1, " "), new GeneralName(1, " "));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        this.random.nextBytes(this.p.myNonce);
        pKIHeaderBuilder.setSenderNonce(this.p.myNonce);
        pKIHeaderBuilder.setProtectionAlg(AlgorithmIdentifier.getInstance(CMPObjectIdentifiers.passwordBasedMac));
        pKIHeaderBuilder.setMessageTime(new DERGeneralizedTime(Calendar.getInstance().getTime()));
        pKIHeaderBuilder.setSenderKID(this.p.newKID.getBytes());
        generateKeys();
        aSN1EncodableVector.add(generateReqMsg(CertType.sign));
        aSN1EncodableVector.add(generateReqMsg(CertType.km));
        PKIBody pKIBody = new PKIBody(0, new DERSequence(aSN1EncodableVector));
        PKIHeader build = pKIHeaderBuilder.build();
        this.tr.send(new PKIMessage(build, pKIBody, getMACProtection(build, pKIBody, this.p.authCode)));
        this.p.setCurrentStep(CMPStep.IP);
        PKIMessage pkim = this.tr.recv().getPkim();
        this.p.caNonce = pkim.getHeader().getSenderNonce().getOctets();
        PKIBody body = pkim.getBody();
        if (body.getType() != 1) {
            close();
            if (body.getType() != 23) {
                this.pol.statusString = "Corrupt response! IP";
                this.pol.status = 2;
                return false;
            }
            ErrorMsgContent errorMsgContent = ErrorMsgContent.getInstance(body.getContent());
            this.pol.status = errorMsgContent.getPKIStatusInfo().getStatus().intValue();
            this.pol.statusString = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
            return false;
        }
        CertRepMessage certRepMessage = CertRepMessage.getInstance(body.getContent());
        this.p.caPubs = certRepMessage.getCaPubs();
        CertResponse[] response = certRepMessage.getResponse();
        this.pol.statusString = response[0].getStatus().getStatusString().getStringAt(0).getString();
        this.pol.status = response[0].getStatus().getStatus().intValue();
        if (this.pol.status != 0) {
            return false;
        }
        extractUserCerts(response);
        return true;
    }

    private boolean processKurKup() {
        this.p.setCurrentStep(CMPStep.KUR);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(0, new GeneralName(4, this.p.subjectDN), new GeneralName(1, " "));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        this.random.nextBytes(this.p.myNonce);
        pKIHeaderBuilder.setSenderNonce(this.p.myNonce);
        pKIHeaderBuilder.setMessageTime(new DERGeneralizedTime(Calendar.getInstance().getTime()));
        generateKeys();
        aSN1EncodableVector.add(generateReqMsg(CertType.sign));
        aSN1EncodableVector.add(generateReqMsg(CertType.km));
        PKIBody pKIBody = new PKIBody(7, new DERSequence(aSN1EncodableVector));
        PKIHeader build = pKIHeaderBuilder.build();
        PKIMessage pKIMessage = new PKIMessage(build, pKIBody, getSignedProtection(build, pKIBody, getOldPrivateKey(CertType.sign), CertType.sign));
        KCaseLogging.println("CMPStep.KUR");
        this.tr.send(pKIMessage);
        KCaseLogging.println("CMPStep.send");
        this.p.setCurrentStep(CMPStep.KUP);
        PKIMessage pkim = this.tr.recv().getPkim();
        this.p.caNonce = pkim.getHeader().getSenderNonce().getOctets();
        PKIBody body = pkim.getBody();
        if (body.getType() != 8) {
            close();
            if (body.getType() != 23) {
                this.pol.statusString = "Corrupt response! KUP";
                this.pol.status = 2;
                return false;
            }
            ErrorMsgContent errorMsgContent = ErrorMsgContent.getInstance(body.getContent());
            this.pol.status = errorMsgContent.getPKIStatusInfo().getStatus().intValue();
            this.pol.statusString = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
            return false;
        }
        KCaseLogging.println("crm : " + new String(Base64.encode(body.getContent().getEncoded())));
        CertRepMessage certRepMessage = CertRepMessage.getInstance(body.getContent());
        KCaseLogging.println("CMPStep.CertRepMessage");
        this.p.caPubs = certRepMessage.getCaPubs();
        CertResponse[] response = certRepMessage.getResponse();
        this.pol.statusString = response[0].getStatus().getStatusString().getStringAt(0).getString();
        this.pol.status = response[0].getStatus().getStatus().intValue();
        if (this.pol.status != 0) {
            return false;
        }
        KCaseLogging.println("CMPStep.extractUserCerts ");
        extractUserCerts(response);
        return true;
    }

    private boolean processRrRp() {
        X509Certificate[] oldCert = getOldCert();
        this.p.setCurrentStep(CMPStep.RR);
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(0, new GeneralName(4, oldCert[0].getSubjectDN().getName()), new GeneralName(1, " "));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        this.random.nextBytes(this.p.myNonce);
        pKIHeaderBuilder.setSenderNonce(this.p.myNonce);
        pKIHeaderBuilder.setMessageTime(new DERGeneralizedTime(Calendar.getInstance().getTime()));
        ReasonFlags reasonFlags = this.p.reason;
        CertTemplateBuilder certTemplateBuilder = new CertTemplateBuilder();
        certTemplateBuilder.setSerialNumber(new DERInteger(oldCert[0].getSerialNumber()));
        aSN1EncodableVector.add(new RevDetails(certTemplateBuilder.build(), reasonFlags));
        if (oldCert.length > 1) {
            certTemplateBuilder.setSerialNumber(new DERInteger(oldCert[1].getSerialNumber()));
            aSN1EncodableVector.add(new RevDetails(certTemplateBuilder.build(), reasonFlags));
        }
        PKIBody pKIBody = new PKIBody(11, new DERSequence(aSN1EncodableVector));
        PKIHeader build = pKIHeaderBuilder.build();
        this.tr.send(new PKIMessage(build, pKIBody, getSignedProtection(build, pKIBody, getOldPrivateKey(CertType.sign), CertType.sign)));
        this.p.setCurrentStep(CMPStep.RP);
        PKIBody body = this.tr.recv().getPkim().getBody();
        if (body.getType() != 12) {
            close();
            if (body.getType() != 23) {
                this.pol.statusString = "Corrupt response! KUP";
                this.pol.status = 2;
                return false;
            }
            ErrorMsgContent errorMsgContent = ErrorMsgContent.getInstance(body.getContent());
            this.pol.status = errorMsgContent.getPKIStatusInfo().getStatus().intValue();
            this.pol.statusString = errorMsgContent.getPKIStatusInfo().getStatusString().getStringAt(0).getString();
            return false;
        }
        PKIStatusInfo[] status = RevRepContent.getInstance(body.getContent()).getStatus();
        this.pol.statusString = status[0].getStatusString().getStringAt(0).toString();
        this.pol.status = status[0].getStatus().intValue();
        if (this.pol.status != 0) {
            return false;
        }
        if (status.length > 1) {
            this.pol.statusString = status[0].getStatusString().getStringAt(0).toString();
            this.pol.status = status[0].getStatus().intValue();
            if (this.pol.status != 0) {
                return false;
            }
        }
        return true;
    }

    private void setHash(CertType certType, int i) {
        if (i == 1024) {
            switch ($SWITCH_TABLE$com$ksign$cmp$CMP$CertType()[certType.ordinal()]) {
                case 1:
                    this.p.signAlg = "SHA1with" + this.p.keyAlgoName;
                    return;
                case 2:
                    this.p.encSignAlg = "SHA1with" + this.p.keyEncAlgoName;
                    return;
                default:
                    return;
            }
        }
        if (i == 2048) {
            switch ($SWITCH_TABLE$com$ksign$cmp$CMP$CertType()[certType.ordinal()]) {
                case 1:
                    this.p.signAlg = "SHA256with" + this.p.keyAlgoName;
                    return;
                case 2:
                    this.p.encSignAlg = "SHA256with" + this.p.keyEncAlgoName;
                    return;
                default:
                    return;
            }
        }
    }

    private void setHotCertificate(CertType certType, Certificate certificate) {
        this.p.certMap.put(certType, certificate);
    }

    private byte[] stringToDigest(String str, String str2) {
        return MessageDigest.getInstance(str2).digest(str.getBytes());
    }

    public void bind(String str) {
        this.tr.bindAddress(str);
    }

    public void close() {
        this.tr.close();
    }

    public void connect() {
        this.tr.connect();
    }

    public CMPCertificate[] getCaPubs() {
        return this.p.caPubs;
    }

    public Certificate getHotCertificate(CertType certType) {
        return (Certificate) this.p.certMap.get(certType);
    }

    public byte[] getHotEncryptedPrivateKeyInfo(CertType certType) {
        byte[] bArr = new byte[8];
        this.random.nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, this._pbeIterationCount);
        SecretKey generateSecret = SecretKeyFactory.getInstance(this._pbeAlgName).generateSecret(new PBEKeySpec(this.p.password.toCharArray()));
        Cipher cipher = Cipher.getInstance(this._pbeAlgName);
        PrivateKey privateKey = ((KeyPair) this.p.certKeyPairMap.get(certType)).getPrivate();
        cipher.init(1, generateSecret, pBEParameterSpec);
        byte[] doFinal = cipher.doFinal(privateKey.getEncoded());
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(this._pbeAlgName);
        algorithmParameters.init(pBEParameterSpec);
        return new EncryptedPrivateKeyInfo(algorithmParameters, doFinal).getEncoded();
    }

    public PrivateKey getHotPrivateKey(CertType certType) {
        return ((KeyPair) this.p.certKeyPairMap.get(certType)).getPrivate();
    }

    public byte[] getHotPrivateKeyBytes(CertType certType) {
        PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(ASN1Sequence.getInstance(((KeyPair) this.p.certKeyPairMap.get(certType)).getPrivate().getEncoded()));
        return new PrivateKeyInfo(privateKeyInfo.getAlgorithmId(), privateKeyInfo.getPrivateKey(), new BERSet(new Attribute(KISAObjectIdentifiers.id_randomNum, new BERSet(new DERBitString(this.p.rValue))))).getDEREncoded();
    }

    public X509Certificate[] getOldCert() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.p.oldCertMap.get(CertType.km) != null ? 2 : 1];
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            x509CertificateArr[0] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((Certificate) this.p.oldCertMap.get(CertType.sign)).getEncoded()));
            if (this.p.oldCertMap.get(CertType.km) != null) {
                x509CertificateArr[1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(((Certificate) this.p.oldCertMap.get(CertType.km)).getEncoded()));
            }
        } catch (Exception e) {
            KCaseLogging.println(e);
            KCaseLogging.println("error to get Signature cert." + e.getMessage());
        }
        return x509CertificateArr;
    }

    public boolean issue() {
        if (!this.p.issuable()) {
            return false;
        }
        connect();
        return processGenMGenP(false) && processIRIP();
    }

    public boolean issueGenMGEnP() {
        if (!this.p.issuable()) {
            return false;
        }
        connect();
        return processGenMGenP(false);
    }

    public boolean issueIRIP() {
        return processIRIP();
    }

    public boolean restore() {
        connect();
        if (!sendConf()) {
            return false;
        }
        close();
        return true;
    }

    public boolean revoke() {
        connect();
        if (!processRrRp()) {
            return false;
        }
        close();
        return true;
    }

    public boolean sendConf() {
        PKIHeaderBuilder pKIHeaderBuilder = new PKIHeaderBuilder(0, new GeneralName(1, " "), new GeneralName(1, " "));
        pKIHeaderBuilder.setSenderNonce(this.p.myNonce);
        pKIHeaderBuilder.setRecipNonce(this.p.caNonce);
        pKIHeaderBuilder.setMessageTime(new DERGeneralizedTime(Calendar.getInstance().getTime()));
        if (this.p.getCurrentStep() != CMPStep.KUP && this.p.getCurrentStep() != CMPStep.CONF) {
            pKIHeaderBuilder.setSenderKID(this.p.newKID.getBytes());
        }
        PKIBody pKIBody = new PKIBody(19, new PKIConfirmContent());
        PKIHeader build = pKIHeaderBuilder.build();
        PKIMessage pKIMessage = this.p.getCurrentStep() == CMPStep.KUP ? new PKIMessage(build, pKIBody, getSignedProtection(build, pKIBody, getOldPrivateKey(CertType.sign), CertType.sign)) : new PKIMessage(build, pKIBody, getMACProtection(build, pKIBody, this.p.ip_authcode));
        this.p.setCurrentStep(CMPStep.CONF);
        this.tr.send(pKIMessage);
        this.tr.close();
        return true;
    }

    public void setEncKeyAlgo(String str, int i) {
        this.p.keyEncAlgoName = str;
        this.p.keyEncSize = i;
        setHash(CertType.km, i);
    }

    public void setEncSingAlgo(String str, String str2) {
        this.p.setEncSignAlg(str, str2);
    }

    public void setKeyAlgo(String str, int i) {
        this.p.keyAlgoName = str;
        this.p.keySize = i;
        setHash(CertType.sign, i);
        this.p.keyEncAlgoName = str;
        this.p.keyEncSize = i;
        setHash(CertType.km, i);
    }

    public void setOldCertWithPriKey(CertType certType, Certificate certificate, PrivateKey privateKey) {
        this.p.oldCertMap.put(certType, certificate);
        this.p.oldCertKeyPairMap.put(certType, new KeyPair(certificate.getPublicKey(), privateKey));
    }

    public void setParameter(String str, String str2) {
        this.p.refNum = str;
        this.p.authCode = str2;
        StringBuilder sb = new StringBuilder();
        sb.append(this.p.refNum).append("$").append(this.p.authCode);
        this.p.newKID = sb.toString();
    }

    public void setPassword(String str) {
        this.p.password = str;
    }

    public void setPbeAlgo(String str) {
        this._pbeAlgName = str;
    }

    public void setProvider(Provider provider, KeyStore keyStore) {
        this.p.provider = provider;
        this.p.ks = keyStore;
    }

    public void setRandomProvider(String str) {
        this.random = SecureRandom.getInstance(str);
        this._randomProviderName = str;
    }

    public void setRevocationReason(ReasonFlags reasonFlags) {
        this.p.reason = reasonFlags;
    }

    public void setSingAlgo(String str, String str2) {
        this.p.setSignAlg(str, str2);
    }

    public void setTimeOut(int i) {
        this.tr.setTimeOut(i);
    }

    public int status() {
        return this.pol.status;
    }

    public String statusString() {
        return this.pol.statusString;
    }

    public boolean suspend() {
        setRevocationReason(new ReasonFlags(2));
        return revoke();
    }

    public boolean update() {
        return update(false);
    }

    public boolean update(boolean z) {
        this.keyupdate = z;
        connect();
        X509Certificate[] oldCert = getOldCert();
        this.p.subjectDN = oldCert[0].getSubjectDN().getName();
        this.p.serialNo_sign = oldCert[0].getSerialNumber();
        this.p.issuerDN = oldCert[0].getIssuerDN().getName();
        KCaseLogging.println("Load old cert");
        if (!processGenMGenP(true) || !processKurKup()) {
            return false;
        }
        KCaseLogging.println("kur/kup completed........");
        if (!sendConf()) {
            return false;
        }
        close();
        return true;
    }
}
