package com.kica.tls;

import com.kica.km.KMCertificateFactory;
import com.kica.km.KMKeyFactory;
import com.kica.km.KMRsaCipher;
import com.kica.km.KMSigner;
import com.sg.openews.api.crypto.SGCertPath;
import com.sg.openews.api.crypto.SGRsaCipher;
import com.sg.openews.api.crypto.SGSigner;
import com.sg.openews.api.exception.CertValidatorException;
import com.sg.openews.api.exception.SGCryptoException;
import com.sg.openews.api.exception.SGException;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGCertificateFactory;
import com.sg.openews.api.key.SGCertificateSet;
import com.sg.openews.api.key.SGPrivateKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateException;
import java.util.List;

/* loaded from: classes.dex */
public class TlsCertificateSet {
    public static final int KM = 1;
    public static final int SIGN = 0;
    static final SGCertificateFactory cf = SGCertificateFactory.getInstance();
    byte[] encodedKmCert;
    byte[] encodedSignCert;
    SGCertificate kmCert;
    SGPrivateKey kmKey;
    SGCertificate rootCert;
    SGCertificate signCert;
    SGPrivateKey signKey;

    public TlsCertificateSet() throws CertificateException, CertValidatorException, IOException, SGCryptoException {
        this.encodedSignCert = null;
        this.encodedKmCert = null;
        KMKeyFactory.getInstance();
        this.signCert = KMCertificateFactory.getInstance().getCertificate(0);
        this.kmCert = KMCertificateFactory.getInstance().getCertificate(1);
        this.encodedSignCert = doEncode(downloadCertChain(this.signCert));
        this.encodedKmCert = doEncode(downloadCertChain(this.kmCert));
    }

    public TlsCertificateSet(SGCertificateSet sGCertificateSet) throws CertificateException, CertValidatorException, IOException {
        this.encodedSignCert = null;
        this.encodedKmCert = null;
        this.signCert = sGCertificateSet.getSignCertificate();
        this.kmCert = sGCertificateSet.getKmCertificate();
        this.signKey = sGCertificateSet.getSignPrivateKey();
        this.kmKey = sGCertificateSet.getKmPrivateKey();
        this.encodedSignCert = doEncode(downloadCertChain(this.signCert));
        this.encodedKmCert = doEncode(downloadCertChain(this.kmCert));
    }

    public byte[] decrypt(byte[] bArr) throws SGCryptoException {
        return this.kmKey == null ? decryptKMCipher(bArr) : decryptSGCipher(bArr);
    }

    byte[] decryptKMCipher(byte[] bArr) throws SGCryptoException {
        KMRsaCipher kMRsaCipher = new KMRsaCipher();
        kMRsaCipher.init(KMKeyFactory.getInstance().getPrivateKey(1));
        return kMRsaCipher.doFinal(bArr);
    }

    byte[] decryptSGCipher(byte[] bArr) throws SGCryptoException {
        SGRsaCipher sGRsaCipher = new SGRsaCipher();
        sGRsaCipher.init(this.kmKey);
        return sGRsaCipher.doFinal(bArr);
    }

    byte[] doEncode(List list) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; i < list.size(); i++) {
            byte[] encoded = ((SGCertificate) list.get(i)).getEncoded();
            TlsUtils.writeUint24(encoded.length, byteArrayOutputStream);
            byteArrayOutputStream.write(encoded);
        }
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        TlsUtils.writeUint24(byteArrayOutputStream.toByteArray().length, byteArrayOutputStream2);
        byteArrayOutputStream2.write(byteArrayOutputStream.toByteArray());
        return byteArrayOutputStream2.toByteArray();
    }

    byte[] doKMSigner(byte[] bArr) throws SGCryptoException {
        KMSigner kMSigner = new KMSigner(this.signCert.getSigAlgName());
        kMSigner.init(KMKeyFactory.getInstance().getPrivateKey(0), KMCertificateFactory.getInstance().getCertificate(0));
        return kMSigner.sign(bArr);
    }

    byte[] doSGSigner(byte[] bArr) throws SGCryptoException, SGException {
        SGSigner sGSigner = new SGSigner(this.signCert.getSigAlgName());
        sGSigner.init(this.signKey, this.signCert);
        sGSigner.update(bArr);
        return sGSigner.sign();
    }

    List downloadCertChain(SGCertificate sGCertificate) throws CertificateException, CertValidatorException {
        sGCertificate.getX509Certificate();
        try {
            return new SGCertPath().getCetficiateChain(sGCertificate);
        } catch (CertPathBuilderException e) {
            throw new CertValidatorException(e);
        }
    }

    public byte[] encrypt(byte[] bArr) throws SGCryptoException {
        SGRsaCipher sGRsaCipher = new SGRsaCipher();
        sGRsaCipher.init(this.kmCert);
        return sGRsaCipher.doFinal(bArr);
    }

    public SGCertificate getCertificate(int i) {
        return i == 0 ? this.signCert : this.kmCert;
    }

    public SGPrivateKey getPrivateKey(int i) {
        return i == 0 ? this.signKey : this.kmKey;
    }

    public SGCertificate getRootCert() {
        return this.rootCert;
    }

    public byte[] getTlsCertificates(int i) {
        if (i == 0) {
            return this.encodedSignCert;
        }
        if (i == 1) {
            return this.encodedKmCert;
        }
        throw new IllegalArgumentException(new StringBuffer("Unknown Certificate Type, type=").append(i).toString());
    }

    public byte[] sign(byte[] bArr) throws SGCryptoException, SGException {
        return this.signKey == null ? doKMSigner(bArr) : doSGSigner(bArr);
    }
}
