package com.xdja.pki.cams.util;

import com.xdja.pki.cams.core.KeyAlgEnum;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/xdja/pki/cams/util/CertUtils.class */
public class CertUtils {
    private static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    private static final String CERT_TAIL = "-----END CERTIFICATE-----";

    public static X509Certificate getCertFromBase64Str(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace(CERT_HEAD, "").replace(CERT_TAIL, ""))));
    }

    public static X509Certificate getCertFromP12File(String str, String str2) {
        Certificate[] certificateArr = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    certificateArr = keyStore.getCertificateChain(nextElement);
                }
            }
            return (X509Certificate) sortCerts(Arrays.asList(certificateArr)).get(0);
        } catch (Exception e) {
            throw new RuntimeException("未找到设备证书中的用户证书", e);
        }
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static PrivateKey getPrivateKeyByP12File(String str, String str2) {
        Key key = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(new FileInputStream(str), str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    key = keyStore.getKey(nextElement, str2.toCharArray());
                }
            }
            return (PrivateKey) key;
        } catch (Exception e) {
            throw new RuntimeException("未找到设备证书私钥", e);
        }
    }

    public static Integer getCertKeyAlg(PublicKey publicKey) {
        return Integer.valueOf((KeyAlgEnum.RSA.name.equals(publicKey.getAlgorithm().toLowerCase()) ? KeyAlgEnum.RSA : KeyAlgEnum.SM2).type);
    }

    public static PublicKey getPublicKeyByX509Cert(X509Certificate x509Certificate) {
        return x509Certificate.getPublicKey();
    }

    public static String signByBc(PrivateKey privateKey, String str, Integer num) {
        return signByBc(privateKey, str, KeyAlgEnum.getSignAlgNameByAlgType(num.intValue()));
    }

    public static String signByBc(PrivateKey privateKey, String str, String str2) {
        try {
            return str2.equalsIgnoreCase(KeyAlgEnum.RSA.signAlgName) ? GMSSLRSASignUtils.signByBC(str2, privateKey, str) : GMSSLSM2SignUtils.signByBC(privateKey, str);
        } catch (Exception e) {
            throw new RuntimeException("签名失败", e);
        }
    }

    public static void main(String[] strArr) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate certFromBase64Str = getCertFromBase64Str("MIIBijCCAS+gAwIBAgIIKREAAAAAAAYwDAYIKoEcz1UBg3UFADAxMQswCQYDVQQGEwJjbjENMAsGA1UEChMEeGRqYTETMBEGA1UEAxMKWGRqYVJvb3RDYTAeFw0xNTA0MTEwODUzNTZaFw00NTA0MDMwODUzNTZaMDExCzAJBgNVBAYTAmNuMQ0wCwYDVQQKEwR4ZGphMRMwEQYDVQQDEwpYZGphUm9vdENhMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEH4Ps8RLPQ0jiwMiJA6JP3PFOC0zIZ9bvxysuk7D9O+M/so34IJp/7RKUTeNpI9fEmblIP0dPzcw7s60IhchgKKMvMC0wHQYDVR0OBBYEFIDHKCJTWnByiumpthf5PR3Q5t4lMAwGA1UdEwQFMAMBAf8wDAYIKoEcz1UBg3UFAANHADBEAiBmTfrftw3jxMVzTDlQgHXeIOIwns26xmeshMFlMwlEEgIgOFTN+78Xn4JtLPaRs/2jyjyLINfp9coAMxwG1AO/0Y4=");
        X509Certificate certFromBase64Str2 = getCertFromBase64Str("MIICSzCCAe6gAwIBAgIIKREAAAAAABIwDAYIKoEcz1UBg3UFADAxMQswCQYDVQQGEwJjbjENMAsGA1UEChMEeGRqYTETMBEGA1UEAxMKWGRqYVJvb3RDYTAeFw0xNTA0MTQwNjA0MzBaFw0zNTA0MDkwNjA0MzBaMEYxCzAJBgNVBAYTAmNuMR8wHQYDVQQKExZYaW5EYUppZUFuIENvcnBvcmF0aW9uMRYwFAYDVQQDDA1YZGphU3ViQ2Ffc20yMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAECPu7MgDyFiD/FY9XbfOAz8+trpIHTjlgg6IVYgTKSRwfaHtEiE3TjOBu+euDLn1brSWEAU2TillQgDhi0IgadKOB2DCB1TBgBgNVHSMEWTBXgBSAxygiU1pwcorpqbYX+T0d0ObeJaE1pDMwMTELMAkGA1UEBhMCY24xDTALBgNVBAoTBHhkamExEzARBgNVBAMTClhkamFSb290Q2GCCCkRAAAAAAAGMB0GA1UdDgQWBBRFrACoYnxqqPNQLL0Io5yB0XD7RjAMBgNVHRMEBTADAQH/MEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly8xMjcuMC4wLjEvQ3JsRG93bmxvYWQ/ZHA9cm9vdDAuY3JsJmNhQWxnPTIuMDAMBggqgRzPVQGDdQUAA0kAMEYCIQCOlTcE7c2aln03EQEJb/3OnT9q4jzuRZiPm+HzO/zOTQIhAPIMkbhx7wLuyonl88lRmTph0IFwOGL/6vttRIjyQyKL");
        X509Certificate certFromBase64Str3 = getCertFromBase64Str("MIICMTCCAdWgAwIBAgIIYhEAAAAGqVIwDAYIKoEcz1UBg3UFADBGMQswCQYDVQQGEwJjbjEfMB0GA1UEChMWWGluRGFKaWVBbiBDb3Jwb3JhdGlvbjEWMBQGA1UEAwwNWGRqYVN1YkNhX3NtMjAeFw0xNjAxMjgwODMxMjJaFw0zNTA0MDkwNjA0MzBaMFExCzAJBgNVBAYTAmNuMR8wHQYDVQQKExZYaW5EYUppZUFuIENvcnBvcmF0aW9uMQ8wDQYDVQQLEwZkZXZpY2UxEDAOBgNVBAMTB3RvbmdkYW8wWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAASl9P3tftxdwtrB67BUt2VQAUmcjzynHfd9AD4UzJg5gwqIu7otgrBQPCPiM4LZ+xUrqyKzgGTYivT+fM1wv/Wvo4GfMIGcMB8GA1UdIwQYMBaAFEWsAKhifGqo81AsvQijnIHRcPtGMB0GA1UdDgQWBBTbegktm6t15oqEtohFeklcw2PEODAJBgNVHRMEAjAAME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwuc2FmZWNlbnRlci5jb20vQ3JsRG93bmxvYWQ/ZHA9VXNlckNBNC5jcmwmY2FBbGc9Mi4wMAwGCCqBHM9VAYN1BQADSAAwRQIhALYcf1dhLCoA0HPKaUj2rCRqMMhQBCVDX+bb8b3EC6oBAiBSU7V1V8h5+hX37mriaeXklwVs/0Y51skSGkuVUrwdeA==");
        System.out.println(GMSSLX509Utils.verifyCert(certFromBase64Str2, certFromBase64Str.getPublicKey()));
        System.out.println(GMSSLX509Utils.verifyCert(certFromBase64Str3, certFromBase64Str2.getPublicKey()));
    }

    public static String toPem(Object obj) {
        try {
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(obj);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            return null;
        }
    }

    public static byte[] getSm2PrivateKey(PrivateKey privateKey) {
        return BigIntegers.asUnsignedByteArray(32, ((ECPrivateKey) privateKey).getS());
    }

    public static void writeBytesToFile(String str, byte[] bArr) {
        File file = new File(str);
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                if (!file.getParentFile().exists()) {
                    file.getParentFile().mkdirs();
                }
                if (!file.exists() && !file.createNewFile()) {
                    throw new IOException();
                }
                BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(file));
                bufferedOutputStream2.write(bArr);
                bufferedOutputStream2.flush();
                if (null != bufferedOutputStream2) {
                    try {
                        bufferedOutputStream2.close();
                    } catch (IOException e) {
                        throw new RuntimeException();
                    }
                }
            } catch (Exception e2) {
                throw new RuntimeException("保存文件异常");
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedOutputStream.close();
                } catch (IOException e3) {
                    throw new RuntimeException();
                }
            }
            throw th;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
