package com.xdja.pki.gmssl.utils.bc;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Set;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.x509.X509CertificatePair;

/* loaded from: input_file:com/xdja/pki/gmssl/utils/bc/X509Utils.class */
public class X509Utils {
    public static PublicKey readPublicKeyFromCer(String str) throws Exception {
        return readCertificateFromCer(str).getPublicKey();
    }

    public static X509Certificate readCertificateFromCer(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new FileInputStream(str));
    }

    public static X509Certificate readCertificateFromP12(String str, char[] cArr) throws Exception {
        KeyStore readKeyStoreFromP12 = readKeyStoreFromP12(str, cArr);
        return (X509Certificate) readKeyStoreFromP12.getCertificate(readKeyStoreFromP12.aliases().nextElement());
    }

    public static PublicKey readPublicKeyFromP12(String str, char[] cArr) throws Exception {
        KeyStore readKeyStoreFromP12 = readKeyStoreFromP12(str, cArr);
        return readKeyStoreFromP12.getCertificate(readKeyStoreFromP12.aliases().nextElement()).getPublicKey();
    }

    public static PrivateKey readPrivateKeyFromP12(String str, char[] cArr) throws Exception {
        KeyStore readKeyStoreFromP12 = readKeyStoreFromP12(str, cArr);
        return (PrivateKey) readKeyStoreFromP12.getKey(readKeyStoreFromP12.aliases().nextElement(), cArr);
    }

    public static KeyStore readKeyStoreFromP12(String str, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("pkcs12", "BC");
        InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
        if (systemResourceAsStream == null) {
            systemResourceAsStream = new FileInputStream(str);
        }
        keyStore.load(systemResourceAsStream, cArr);
        return keyStore;
    }

    public static void writeCertificateToCer(String str, String str2, X509Certificate x509Certificate) throws Exception {
        File file = new File(str);
        if (!file.exists()) {
            file.mkdirs();
        }
        String str3 = str + str2 + ".cer";
        FileOutputStream fileOutputStream = new FileOutputStream(str3);
        fileOutputStream.write(x509Certificate.getEncoded());
        fileOutputStream.close();
        System.out.println(str3 + " write certificate done!");
    }

    public static void writeCertificateToPem(String str, String str2, X509Certificate x509Certificate) throws Exception {
        File file = new File(str);
        if (!file.exists()) {
            file.mkdirs();
        }
        String str3 = str + str2 + ".cer";
        FileWriter fileWriter = new FileWriter(str3);
        writePEM(x509Certificate, fileWriter);
        fileWriter.close();
        System.out.println(str3 + " write certificate done!");
    }

    public static void writePEM(Object obj, Writer writer) throws Exception {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        jcaPEMWriter.writeObject(obj);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
    }

    public static void writeKeyStoreToP12(KeyStore keyStore, char[] cArr, String str, String str2) throws Exception {
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "BC");
        keyStore2.load(null, null);
        keyStore2.setCertificateEntry(str2, keyStore.getCertificate(str2));
        if (keyStore.getKey(str2, cArr) != null) {
            keyStore2.setKeyEntry(str2, keyStore.getKey(str2, cArr), cArr, keyStore.getCertificateChain(str2));
        }
        FileOutputStream fileOutputStream = new FileOutputStream(str + str2 + ".p12");
        keyStore2.store(fileOutputStream, cArr);
        fileOutputStream.close();
    }

    public static void writeKeyStoreToP12(KeyStore keyStore, char[] cArr, String str) throws Exception {
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "BC");
        keyStore2.load(null, null);
        while (keyStore.aliases().hasMoreElements()) {
            String nextElement = keyStore.aliases().nextElement();
            if (keyStore.getCertificate(nextElement) != null) {
                keyStore2.setCertificateEntry(nextElement, keyStore.getCertificate(nextElement));
            }
            if (keyStore.getKey(nextElement, cArr) != null) {
                keyStore2.setKeyEntry(nextElement, keyStore.getKey(nextElement, cArr), cArr, keyStore.getCertificateChain(nextElement));
            }
        }
        FileOutputStream fileOutputStream = new FileOutputStream(str + ".p12");
        keyStore2.store(fileOutputStream, cArr);
        fileOutputStream.close();
    }

    public static boolean verifyCert(X509Certificate x509Certificate, PublicKey publicKey) throws Exception {
        try {
            Certificate convertCertificate = convertCertificate(x509Certificate);
            return verify(convertCertificate.getSignatureAlgorithm(), publicKey, convertCertificate.getTBSCertificate().getEncoded(), convertCertificate.getSignature().getOctets());
        } catch (Exception e) {
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    public static boolean verifyCRL(X509CRL x509crl, PublicKey publicKey) throws Exception {
        try {
            CertificateList converCRL = converCRL(x509crl);
            return verify(converCRL.getSignatureAlgorithm(), publicKey, converCRL.getTBSCertList().getEncoded(), converCRL.getSignature().getOctets());
        } catch (Exception e) {
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    public static boolean verify(AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        ContentVerifier contentVerifier = new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey).get(algorithmIdentifier);
        OutputStream outputStream = contentVerifier.getOutputStream();
        outputStream.write(bArr);
        outputStream.close();
        return contentVerifier.verify(bArr2);
    }

    public static AsymmetricKeyParameter convertECPublicKeyParameters(PublicKey publicKey) throws IOException {
        return PublicKeyFactory.createKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    public static AsymmetricKeyParameter convertECPublicKeyParameters(PrivateKey privateKey) throws IOException {
        return PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(privateKey.getEncoded()));
    }

    public static SubjectPublicKeyInfo covertSubjectPublicKeyInfo(PublicKey publicKey) {
        return SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
    }

    public static Certificate convertCertificate(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getEncoded()));
    }

    public static X509Certificate convertCertificate(Certificate certificate) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
    }

    public static X509CRL converCRL(CertificateList certificateList) throws Exception {
        return (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new ByteArrayInputStream(certificateList.getEncoded()));
    }

    public static CertificateList converCRL(X509CRL x509crl) throws Exception {
        return CertificateList.getInstance(ASN1Primitive.fromByteArray(x509crl.getEncoded()));
    }

    public static X509CertificatePair convertCertificatePair(sun.security.provider.certpath.X509CertificatePair x509CertificatePair) throws Exception {
        return new X509CertificatePair(x509CertificatePair.getForward(), x509CertificatePair.getReverse());
    }

    public static sun.security.provider.certpath.X509CertificatePair convertCertificatePair(X509CertificatePair x509CertificatePair) throws Exception {
        return new sun.security.provider.certpath.X509CertificatePair(x509CertificatePair.getForward(), x509CertificatePair.getReverse());
    }

    public static boolean isCACertificate(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() >= 0;
    }

    public static boolean isDRL(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        return criticalExtensionOIDs != null && criticalExtensionOIDs.contains(Extension.deltaCRLIndicator.getId());
    }

    public static boolean isARL(X509CRL x509crl) throws IOException {
        byte[] extensionValue = x509crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
        if (extensionValue == null) {
            return false;
        }
        return IssuingDistributionPoint.getInstance(new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject()).onlyContainsCACerts();
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
