package com.xdja.pki.ocsp.core.ocsp.util;

import com.xdja.pki.ocsp.core.Constants;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:WEB-INF/lib/ocsp-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ocsp/core/ocsp/util/CertUtils.class */
public class CertUtils {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";

    public static KeyPair getRootKeyPair(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(Constants.PROVIDER);
            return readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject);
        } catch (Exception e) {
            throw new RuntimeException("读取公钥私服时异常：" + e);
        }
    }

    public static void writeObjToFile(Object obj, String str) {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        PEMWriter pEMWriter = new PEMWriter(charArrayWriter);
        new File(str).getParentFile().mkdirs();
        try {
            pEMWriter.writeObject(obj);
            pEMWriter.close();
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(charArrayWriter.toString().getBytes());
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("写入文件失败");
        }
    }

    public static X509Certificate getCertFromStandFile(File file) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", Constants.PROVIDER).generateCertificate(new FileInputStream(file));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static List<X509Certificate> getX509CertificateListFromP7B(String str) throws Exception {
        String replaceFirst = FileUtils.readFileToString(getFileFromPath(str), "UTF-8").replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", "");
        ArrayList arrayList = new ArrayList();
        Iterator it = new CMSSignedData(Base64.decode(replaceFirst)).getCertificates().getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(new JcaX509CertificateConverter().setProvider(Constants.PROVIDER).getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static File getFileFromPath(String str) {
        URL systemResource = ClassLoader.getSystemResource(str);
        return new File(systemResource != null ? systemResource.getPath() : str);
    }

    public static X509Certificate getCertFromB64File(File file) {
        try {
            FileReader fileReader = new FileReader(file);
            BufferedReader bufferedReader = new BufferedReader(fileReader);
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    fileReader.close();
                    bufferedReader.close();
                    return getCertFromStr(stringBuffer.toString());
                }
                stringBuffer.append(readLine);
            }
        } catch (Exception e) {
            return null;
        }
    }

    public static X509Certificate getX509CertificateFromFile(File file) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", Constants.PROVIDER).generateCertificate(new FileInputStream(file));
    }

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromFullStr = getCertFromFullStr(replace);
        if (certFromFullStr == null) {
            certFromFullStr = getCertFromB64(replace);
        }
        return certFromFullStr;
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", Constants.PROVIDER).generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", Constants.PROVIDER).generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate[] sortCertChain(List<X509Certificate> list) {
        X509Certificate[] x509CertificateArr = new X509Certificate[list.size()];
        HashMap hashMap = new HashMap();
        String str = "";
        for (int i = 0; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            String principal = x509Certificate.getSubjectDN().toString();
            String principal2 = x509Certificate.getIssuerDN().toString();
            if (principal.toLowerCase().equals(principal2.toLowerCase())) {
                x509CertificateArr[0] = x509Certificate;
                str = principal2;
            } else {
                hashMap.put(principal2, x509Certificate);
            }
        }
        if (hashMap.isEmpty()) {
            return x509CertificateArr;
        }
        for (int i2 = 1; i2 < list.size(); i2++) {
            X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(str);
            x509CertificateArr[i2] = x509Certificate2;
            str = x509Certificate2.getSubjectDN().toString();
        }
        return x509CertificateArr;
    }

    public static boolean verifyCertChainSign(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr.length <= 1) {
            return true;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            try {
                x509Certificate2.verify(x509Certificate.getPublicKey(), Constants.PROVIDER);
                x509Certificate = x509Certificate2;
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }
        return true;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
