package cn.com.syan.jcee.cm.impl;

import cn.com.syan.jcee.cm.exception.InvalidPinException;
import cn.com.syan.jcee.cm.exception.JCEECMException;
import cn.com.syan.jcee.cm.exception.PrivateKeyNotAccessibleException;
import cn.com.syan.jcee.common.impl.key.SM2BCPublicKey;
import cn.com.syan.jcee.common.impl.utils.CertificateConverter;
import cn.com.syan.jcee.utils.codec.binary.Base64;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: classes.dex */
public class X509Certificate extends AbstractX509Certificate {
    private X509CertificateEntity entity;
    private PrivateKey privateKey;
    private int status;

    public X509Certificate(X509CertificateEntity x509CertificateEntity, PrivateKeyEntity privateKeyEntity) throws JCEECMException {
        this.entity = x509CertificateEntity;
        this.alias = x509CertificateEntity.getAlias();
        setExtension(x509CertificateEntity.getExtension());
        if (x509CertificateEntity.getStatus() != 1) {
            if (x509CertificateEntity.getStatus() != 0) {
                throw new JCEECMException("X509CertificateEntity is not a Certificate Entity");
            }
            this.status = 0;
            PublicKey derivePublicKey = derivePublicKey(Base64.decodeBase64(x509CertificateEntity.getValue()));
            if (!PublicKeyAliasUtil.getAlias(derivePublicKey).equals(x509CertificateEntity.getId())) {
                throw new JCEECMException("invalid key id:" + x509CertificateEntity.getId());
            }
            if (privateKeyEntity != null) {
                this.privateKeyAccessible = true;
                this.privateKey = new PrivateKey(derivePublicKey, privateKeyEntity.getValue(), privateKeyEntity.getLastUpdateTime());
                return;
            }
            return;
        }
        this.status = 1;
        try {
            java.security.cert.X509Certificate fromBase64 = CertificateConverter.fromBase64(x509CertificateEntity.getValue());
            if (!PublicKeyAliasUtil.getAlias(fromBase64).equals(x509CertificateEntity.getId())) {
                throw new JCEECMException("invalid key id:" + x509CertificateEntity.getId());
            }
            setX509Certificate(fromBase64);
            if (privateKeyEntity != null) {
                this.privateKeyAccessible = true;
                this.privateKey = new PrivateKey(fromBase64, privateKeyEntity.getValue(), privateKeyEntity.getLastUpdateTime());
            }
        } catch (CertificateException e) {
            throw new JCEECMException(e);
        }
    }

    private byte[] decryptImpl(byte[] bArr, String str) throws InvalidPinException, PrivateKeyNotAccessibleException, JCEECMException {
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().decrypt(bArr, str);
        }
        throw new PrivateKeyNotAccessibleException();
    }

    private PublicKey derivePublicKey(byte[] bArr) throws JCEECMException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            try {
                return new SM2BCPublicKey(bArr);
            } catch (InvalidKeyException e2) {
                throw new JCEECMException("failed to derive public key");
            }
        }
    }

    private byte[] pkcs1Impl(byte[] bArr, String str) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().sign(bArr, str);
        }
        throw new PrivateKeyNotAccessibleException();
    }

    private byte[] pkcs7Impl(byte[] bArr, boolean z, String str) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        if (this.entity.getStatus() == 0) {
            throw new JCEECMException("pkcs7 will not work until a certificate imported");
        }
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().pkcs7Sign(bArr, z, str, this.x509Certificate, null);
        }
        throw new PrivateKeyNotAccessibleException();
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] envelopeOpen(byte[] bArr, String str) throws PrivateKeyNotAccessibleException, JCEECMException, InvalidPinException {
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().envelopeOpen(bArr, str);
        }
        throw new PrivateKeyNotAccessibleException();
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public IPrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public int getStatus() {
        return this.status;
    }

    public X509CertificateEntity getX509CertificateEntity() {
        return this.entity;
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public boolean isConnected() {
        return true;
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] pkcs1(String str, String str2) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        return pkcs1Impl(str.getBytes(), str2);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] pkcs1(byte[] bArr, String str) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        return pkcs1Impl(bArr, str);
    }

    @Override // cn.com.syan.jcee.cm.impl.AbstractX509Certificate, cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] pkcs1Digest(byte[] bArr, String str, String str2) throws InvalidPinException, JCEECMException, SignatureException, PrivateKeyNotAccessibleException {
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().digestSign(bArr, str, str2);
        }
        throw new PrivateKeyNotAccessibleException();
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] pkcs7(String str, boolean z, String str2) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        return pkcs7Impl(str.getBytes(), z, str2);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] pkcs7(byte[] bArr, boolean z, String str) throws InvalidPinException, SignatureException, PrivateKeyNotAccessibleException, JCEECMException {
        return pkcs7Impl(bArr, z, str);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] privateDecrypt(String str, String str2) throws InvalidPinException, PrivateKeyNotAccessibleException, JCEECMException {
        return decryptImpl(Base64.decodeBase64(str), str2);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] privateDecrypt(byte[] bArr, String str) throws InvalidPinException, PrivateKeyNotAccessibleException, JCEECMException {
        return decryptImpl(bArr, str);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public byte[] privateEncrypt(byte[] bArr, String str, String str2) throws InvalidPinException, PrivateKeyNotAccessibleException, JCEECMException {
        return getPrivateKey().encrypt(bArr, str, str2);
    }

    @Override // cn.com.syan.jcee.cm.impl.ICertificate
    public boolean verifyPin(String str) throws PrivateKeyNotAccessibleException {
        if (isPrivateKeyAccessible()) {
            return getPrivateKey().verifyPin(str);
        }
        throw new PrivateKeyNotAccessibleException();
    }
}
