package org.ofdrw.gm.cert;

import com.centit.support.security.SM2Util;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import oracle.net.nt.CustomSSLSocketFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:BOOT-INF/lib/ofdrw-gm-2.3.6.jar:org/ofdrw/gm/cert/PKCGenerate.class */
public class PKCGenerate {
    public static X500Name TestND() {
        return new X500NameBuilder().addRDN(BCStyle.C, "CN").addRDN(BCStyle.O, "OFD R&W").addRDN(BCStyle.ST, "Zhejiang").addRDN(BCStyle.L, "Hangzhou").addRDN(BCStyle.CN, "Test Certificate").build();
    }

    public static PKCS10CertificationRequest CertRequest(KeyPair keyPair, X500Name x500Name) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SM3withSM2").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate()));
    }

    public static KeyPair GenerateKeyPair() throws GeneralSecurityException {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(SM2Util.CRYPTO_NAME_SM2);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
        keyPairGenerator.initialize(eCGenParameterSpec);
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    /* JADX WARN: Type inference failed for: r4v1, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r5v3, types: [java.time.ZonedDateTime] */
    public static X509Certificate GenCert(PKCS10CertificationRequest pKCS10CertificationRequest, Certificate certificate, PrivateKey privateKey) throws GeneralSecurityException, IOException, OperatorCreationException {
        JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(pKCS10CertificationRequest);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(new JcaX509v3CertificateBuilder(new X509CertificateHolder(certificate.getEncoded()).getSubject(), BigInteger.valueOf(Instant.now().toEpochMilli()), Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()), Date.from(LocalDateTime.now().plusYears(2L).atZone(ZoneId.systemDefault()).toInstant()), jcaPKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey()).addExtension(Extension.keyUsage, false, (ASN1Encodable) new X509KeyUsage(196)).addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)).addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false)).addExtension(MiscObjectIdentifiers.netscapeCertType, false, (ASN1Encodable) new NetscapeCertType(128)).build(new JcaContentSignerBuilder("SM3withSM2").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey)));
    }

    public static void SaveToPKCS12(KeyPair keyPair, Certificate[] certificateArr, String str, Path path) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(CustomSSLSocketFactory.PKCS12_WALLET_TYPE, BouncyCastleProvider.PROVIDER_NAME);
        keyStore.load(null, null);
        char[] charArray = str.toCharArray();
        keyStore.setKeyEntry("private", keyPair.getPrivate(), charArray, certificateArr);
        OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.store(newOutputStream, charArray);
                if (newOutputStream != null) {
                    if (0 == 0) {
                        newOutputStream.close();
                        return;
                    }
                    try {
                        newOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th4;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
