package com.sansec.jcajce.provider.keystore.label;

import com.sansec.asn1.cmp.PKIFailureInfo;
import com.sansec.crypto.CryptoException;
import com.sansec.crypto.RuntimeCryptoException;
import com.sansec.crypto.tls.CipherSuite;
import com.sansec.devicev4.SwxaDeviceFactory;
import com.sansec.devicev4.api.ISDSCrypto;
import com.sansec.devicev4.util.BytesUtil;
import com.sansec.util.KeyIndexUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;
import java.util.regex.Pattern;

/* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore.class */
public class BcLabelKeyStore extends KeyStoreSpi {
    private static final int MAX_ECDSA = 20000000;
    private static final int MAX_SYMM = 2048;
    private static final String PREFIX_ECDSA = "ECCSignKey";
    private static final String PREFIX_SYMM = "MasterKey";
    private ISDSCrypto device;
    private String pin;

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$ChangePinParameter.class */
    public static class ChangePinParameter implements KeyStore.ProtectionParameter {
        private String newPin;

        public ChangePinParameter(String str) {
            BcLabelKeyStore.checkPin(str);
            this.newPin = str;
        }

        public String getPin() {
            return this.newPin;
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$ECDSAKeyParamEntry.class */
    public static class ECDSAKeyParamEntry implements KeyStore.Entry {
        private int keySize;
        private int curveType;
        private String pin;

        public ECDSAKeyParamEntry(int i, int i2, String str) {
            BcLabelKeyStore.checkPin(str);
            this.keySize = i;
            this.curveType = i2;
            this.pin = str;
        }

        public int getKeySize() {
            return this.keySize;
        }

        public Integer getCurveType() {
            return Integer.valueOf(this.curveType);
        }

        public String getPin() {
            return this.pin;
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$ED25519KeyParamEntry.class */
    public static class ED25519KeyParamEntry extends ECDSAKeyParamEntry {
        public ED25519KeyParamEntry(String str) {
            super(256, 524297, str);
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$ImportECDSAKeyParamEntry.class */
    public static class ImportECDSAKeyParamEntry implements KeyStore.Entry {
        private int version = 1;
        private int rsaKeyIndex;
        private int rsaKeyType;
        private int symmAlgId;
        private byte[] encryptedPriKey;
        private ToImportKeyInfo pubKey;
        private byte[] encryptedSymmKey;
        private String pin;

        public ImportECDSAKeyParamEntry(int i, int i2, byte[] bArr, ToImportKeyInfo toImportKeyInfo, byte[] bArr2, String str) {
            if (i < 0) {
                throw new IllegalArgumentException("The rsaKeyIndex should be bigger than 0");
            }
            if (i2 != 1025) {
                throw new IllegalArgumentException("The symmAlgId should be SGD_AES_ECB");
            }
            if (bArr == null) {
                throw new IllegalArgumentException("The encryptedPriKey should not be null");
            }
            if (toImportKeyInfo == null) {
                throw new IllegalArgumentException("The pubKey should not be null");
            }
            if (bArr2 == null) {
                throw new IllegalArgumentException("The encryptedSymmKey should not be null");
            }
            BcLabelKeyStore.checkPin(str);
            try {
                KeyIndexUtil.KeyIndexStruct parse2KeyIndex = KeyIndexUtil.parse2KeyIndex(i);
                this.rsaKeyIndex = parse2KeyIndex.keyIndex;
                this.rsaKeyType = 65792;
                if (parse2KeyIndex.keyType == 2) {
                    this.rsaKeyType = 66048;
                }
                this.symmAlgId = i2;
                this.encryptedPriKey = bArr;
                this.pubKey = toImportKeyInfo;
                this.encryptedSymmKey = bArr2;
                this.pin = str;
            } catch (CryptoException e) {
                throw new IllegalArgumentException("");
            }
        }

        public int getVersion() {
            return this.version;
        }

        public int getRsaKeyIndex() {
            return this.rsaKeyIndex;
        }

        public int getRsaKeyType() {
            return this.rsaKeyType;
        }

        public int getSymmAlgId() {
            return this.symmAlgId;
        }

        public byte[] getEncryptedPriKey() {
            return this.encryptedPriKey;
        }

        public ToImportKeyInfo getPubKey() {
            return this.pubKey;
        }

        public byte[] getEncryptedSymmKey() {
            return this.encryptedSymmKey;
        }

        public String getPin() {
            return this.pin;
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$PinParameter.class */
    public static class PinParameter implements KeyStore.ProtectionParameter {
        private String newPin;

        public PinParameter(String str) {
            BcLabelKeyStore.checkPin(str);
            this.newPin = str;
        }

        public String getPin() {
            return this.newPin;
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$SecretKeyParamEntry.class */
    public static class SecretKeyParamEntry implements KeyStore.Entry {
        private int keySize;
        private int curveType;
        private String pin;

        public SecretKeyParamEntry(int i, String str) {
            BcLabelKeyStore.checkPin(str);
            this.keySize = i;
            this.pin = str;
        }

        public int getKeySize() {
            return this.keySize;
        }

        public Integer getCurveType() {
            return Integer.valueOf(this.curveType);
        }

        public String getPin() {
            return this.pin;
        }
    }

    /* loaded from: input_file:com/sansec/jcajce/provider/keystore/label/BcLabelKeyStore$ToImportKeyInfo.class */
    public static class ToImportKeyInfo {
        private int bits = 256;
        private int curveType = 524296;
        private byte[] publicKeyDataX = new byte[80];
        private byte[] publicKeyDataY = new byte[80];

        public ToImportKeyInfo(int i, String str, byte[] bArr) {
            if (i != 256) {
                throw new IllegalArgumentException("The bits should be 256");
            }
            if (!"ECDSA-secp256k1".equals(str)) {
                throw new IllegalArgumentException("The algorithm should be ECDSA-secp256k1");
            }
            if (bArr == null || bArr.length != 65 || bArr[0] != 4) {
                throw new IllegalArgumentException("The length of pubKey should be 65");
            }
            System.arraycopy(bArr, 1, this.publicKeyDataX, 48, 32);
            System.arraycopy(bArr, 33, this.publicKeyDataY, 48, 32);
        }

        public byte[] encode() {
            byte[] bArr = new byte[CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256];
            byte[] int2bytes = BytesUtil.int2bytes(this.bits);
            byte[] int2bytes2 = BytesUtil.int2bytes(this.curveType);
            System.arraycopy(int2bytes, 0, bArr, 0, 4);
            System.arraycopy(int2bytes2, 0, bArr, 4, 4);
            System.arraycopy(this.publicKeyDataX, 0, bArr, 8, 80);
            System.arraycopy(this.publicKeyDataY, 0, bArr, 88, 80);
            return bArr;
        }
    }

    public BcLabelKeyStore() {
        this.device = null;
        try {
            this.device = SwxaDeviceFactory.getInstance();
        } catch (Exception e) {
            throw new RuntimeCryptoException("Get HSM device instance error", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return new Certificate[0];
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        if (str == null || "".equals(str)) {
            throw new KeyStoreException("alias is null or blank space.");
        }
        if (protectionParameter != null && !(protectionParameter instanceof ChangePinParameter)) {
            throw new KeyStoreException("The protParam must be ChangePinParameter instance");
        }
        if (!str.startsWith(PREFIX_ECDSA)) {
            if (!str.startsWith(PREFIX_SYMM)) {
                throw new KeyStoreException("alias is not start with 'ECCSignKey' or 'MasterKey'");
            }
            if (entry == null || !(entry instanceof SecretKeyParamEntry)) {
                throw new KeyStoreException("The entry must be ParamEntry instance");
            }
            int keyIndex = getKeyIndex(str, PREFIX_SYMM, 2048);
            if (protectionParameter == null) {
                generateSymmKey(keyIndex, entry);
                return;
            } else {
                setSymmKeyPin(keyIndex, entry, protectionParameter);
                return;
            }
        }
        if (entry == null || !((entry instanceof ECDSAKeyParamEntry) || (entry instanceof ImportECDSAKeyParamEntry))) {
            throw new KeyStoreException("The entry must be ParamEntry instance");
        }
        int keyIndex2 = getKeyIndex(str, PREFIX_ECDSA, MAX_ECDSA);
        if (!(entry instanceof ECDSAKeyParamEntry)) {
            importECDSAKeyPair(keyIndex2, entry);
        } else if (protectionParameter == null) {
            generateECDSAKeyPair(keyIndex2, entry);
        } else {
            setECDSAKeyPairPin(keyIndex2, entry, protectionParameter);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (str == null || "".equals(str)) {
            throw new KeyStoreException("alias is null or blank space.");
        }
        if (this.pin == null) {
            throw new KeyStoreException("Please call getEntry(alias,promt) first");
        }
        if (str.startsWith(PREFIX_ECDSA)) {
            deleteECDSAKeyPair(str);
        } else {
            if (!str.startsWith(PREFIX_SYMM)) {
                throw new KeyStoreException("alias is not start with 'ECCSignKey' or 'MasterKey'");
            }
            deleteSymmKey(str);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) {
        if (!(protectionParameter instanceof PinParameter)) {
            throw new IllegalArgumentException("The protParam must be PinParameter instance");
        }
        this.pin = ((PinParameter) protectionParameter).getPin();
        return null;
    }

    private int getKeyIndex(String str, String str2, int i) throws KeyStoreException {
        try {
            int parseInt = Integer.parseInt(str.substring(str2.length()));
            if (parseInt < 1 || parseInt > i) {
                throw new KeyStoreException("Invalid alias, index should be between 1 and " + i);
            }
            return parseInt;
        } catch (NumberFormatException e) {
            throw new KeyStoreException("Invalid alias, index should be between 1 and " + i);
        }
    }

    private void generateECDSAKeyPair(int i, KeyStore.Entry entry) throws KeyStoreException {
        ECDSAKeyParamEntry eCDSAKeyParamEntry = (ECDSAKeyParamEntry) entry;
        try {
            this.device.generateECDSAKeyPair(i, 7, eCDSAKeyParamEntry.getKeySize(), eCDSAKeyParamEntry.getCurveType().intValue(), eCDSAKeyParamEntry.getPin().getBytes("UTF-8"));
        } catch (Exception e) {
            throw new KeyStoreException("Fail to generate ECDSA keypair", e);
        }
    }

    private void importECDSAKeyPair(int i, KeyStore.Entry entry) throws KeyStoreException {
        ImportECDSAKeyParamEntry importECDSAKeyParamEntry = (ImportECDSAKeyParamEntry) entry;
        int version = importECDSAKeyParamEntry.getVersion();
        int rsaKeyIndex = importECDSAKeyParamEntry.getRsaKeyIndex();
        int rsaKeyType = importECDSAKeyParamEntry.getRsaKeyType();
        int symmAlgId = importECDSAKeyParamEntry.getSymmAlgId();
        byte[] bArr = importECDSAKeyParamEntry.encryptedPriKey;
        byte[] encode = importECDSAKeyParamEntry.getPubKey().encode();
        byte[] encryptedSymmKey = importECDSAKeyParamEntry.getEncryptedSymmKey();
        try {
            this.device.importECDSAKeyPair(version, rsaKeyIndex, rsaKeyType, i, PKIFailureInfo.signerNotTrusted, importECDSAKeyParamEntry.getPin().getBytes(StandardCharsets.UTF_8), symmAlgId, bArr, encode, encryptedSymmKey);
        } catch (com.sansec.devicev4.api.CryptoException e) {
            throw new KeyStoreException("Fail to import ECDSA keypair", e);
        }
    }

    private void setECDSAKeyPairPin(int i, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        String pin = ((ECDSAKeyParamEntry) entry).getPin();
        String pin2 = ((ChangePinParameter) protectionParameter).getPin();
        if (pin.equals(pin2)) {
            throw new KeyStoreException("The new Pin should not be same to the old Pin");
        }
        try {
            this.device.setKeyAccessRight(i, 7, pin.getBytes(StandardCharsets.UTF_8), pin2.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new KeyStoreException("Fail to set ECDSA pin", e);
        }
    }

    private void deleteECDSAKeyPair(String str) throws KeyStoreException {
        try {
            this.device.deleteECDSAKeyPair(getKeyIndex(str, PREFIX_ECDSA, MAX_ECDSA), 7, this.pin.getBytes(StandardCharsets.UTF_8));
            this.pin = null;
        } catch (Exception e) {
            throw new KeyStoreException("Fail to delete ECDSAKeyPair", e);
        }
    }

    private void generateSymmKey(int i, KeyStore.Entry entry) throws KeyStoreException {
        SecretKeyParamEntry secretKeyParamEntry = (SecretKeyParamEntry) entry;
        try {
            this.device.generateKey(i, secretKeyParamEntry.getKeySize(), secretKeyParamEntry.getPin().getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new KeyStoreException("Fail to generate kek", e);
        }
    }

    private void setSymmKeyPin(int i, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        String pin = ((SecretKeyParamEntry) entry).getPin();
        String pin2 = ((ChangePinParameter) protectionParameter).getPin();
        if (pin.equals(pin2)) {
            throw new KeyStoreException("The new Pin should not be same to the old Pin");
        }
        try {
            this.device.setKeyAccessRight(i, 1, pin.getBytes(StandardCharsets.UTF_8), pin2.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new KeyStoreException("Fail to set kek pin", e);
        }
    }

    private void deleteSymmKey(String str) throws KeyStoreException {
        try {
            this.device.deleteKey(getKeyIndex(str, PREFIX_SYMM, 2048), this.pin.getBytes(StandardCharsets.UTF_8));
            this.pin = null;
        } catch (Exception e) {
            throw new KeyStoreException("Fail to set kek pin", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkPin(String str) throws IllegalArgumentException {
        if (str == null) {
            throw new IllegalArgumentException("The pin should not be null");
        }
        if (!Pattern.matches("^[`~!@#$%^&*()_\\-+=<>?:\"{}|,.\\/;'\\\\\\[\\]·~！@#￥%……&*（）——\\-+={}|《》？：“”【】、；‘’，。、a-zA-Z0-9]{8,16}$", str)) {
            throw new IllegalArgumentException("The pin should be a-z、A-Z、number、 visible characters ");
        }
    }
}
