package com.xdja.pki.common.util;

import cn.com.infosec.netcert.crypto.CryptoUtil;
import com.xdja.pki.common.bean.CaInfo;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.KeyAlgEnum;
import com.xdja.pki.common.enums.SignAlgEnum;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import java.io.ByteArrayInputStream;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.RuntimeOperatorException;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/scms-core-1.0-SNAPSHOT.jar:com/xdja/pki/common/util/CertUtil.class */
public class CertUtil {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CertUtil.class);
    private static final String EC_PRIVATE_KEY_BEGIN = "-----BEGIN EC PRIVATE KEY-----";
    private static final String EC_PRIVATE_KEY_END = "-----END EC PRIVATE KEY-----";
    private static final String RSA_PRIVATE_KEY_BEGIN = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String RSA_PRIVATE_KEY_END = "-----END RSA PRIVATE KEY-----";
    public static final String P10_HEAD = "-----BEGIN CERTIFICATE REQUEST-----";
    public static final String P10_TAIL = "-----END CERTIFICATE REQUEST-----";
    private static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    private static final String CERT_TAIL = "-----END CERTIFICATE-----";

    public static void writeObjectToFile(Object obj, String str) {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        PEMWriter pEMWriter = new PEMWriter(charArrayWriter);
        File file = new File(str);
        file.getParentFile().mkdirs();
        FileOutputStream fileOutputStream = null;
        try {
            try {
                pEMWriter.writeObject(obj);
                pEMWriter.close();
                fileOutputStream = new FileOutputStream(file);
                fileOutputStream.write(charArrayWriter.toString().getBytes());
                if (null != fileOutputStream) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        logger.error("关闭io流失败", (Throwable) e);
                    }
                }
            } catch (Throwable th) {
                if (null != fileOutputStream) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                        logger.error("关闭io流失败", (Throwable) e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            logger.error("写入文件失败", (Throwable) e3);
            if (null != fileOutputStream) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    logger.error("关闭io流失败", (Throwable) e4);
                }
            }
        }
    }

    public static Result getPublicKeyFromP10(String str) {
        try {
            return Result.success(new JcaPEMKeyConverter().setProvider("BC").getPublicKey(new PKCS10CertificationRequest(Base64.decode(str.replace(P10_TAIL, "").replace(P10_HEAD, "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", ""))).getSubjectPublicKeyInfo()));
        } catch (Exception e) {
            logger.error("解析p10失败", (Throwable) e);
            return Result.failure(ErrorEnum.RESOLVE_PUBLIC_KEY_FROM_P10);
        }
    }

    public static String getIssuerByX509Cert(X509Certificate x509Certificate) throws NamingException, CertificateEncodingException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 3).toASN1Primitive()).toString();
    }

    public static String getSubjectByCertStr(String str) throws Exception {
        return getSubjectByX509Cert(getCertFromBase64Str(str));
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) throws NamingException, CertificateEncodingException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 5).toASN1Primitive()).toString();
    }

    public static String getDnByPKCS10(PKCS10CertificationRequest pKCS10CertificationRequest) throws NamingException, CertificateEncodingException, IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(CertificationRequest.getInstance(pKCS10CertificationRequest.getEncoded()).getCertificationRequestInfo().getEncoded());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return DnUtil.reverseDnSeq(X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 2).toASN1Primitive()));
    }

    public static String getSubjectFromP10(String str) {
        try {
            return getDnByPKCS10(new PKCS10CertificationRequest(Base64.decode(str.replace(P10_TAIL, "").replace(P10_HEAD, "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", ""))));
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static String toPem(Object obj) {
        try {
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(obj);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            logger.error("转换asn1结构体失败", (Throwable) e);
            return null;
        }
    }

    public static Object readPEM(String str) throws Exception {
        File file = new File(str);
        if (!file.exists()) {
            throw new FileNotFoundException("文件不存在");
        }
        PEMParser pEMParser = new PEMParser(new FileReader(file));
        Object readObject = pEMParser.readObject();
        pEMParser.close();
        return readObject;
    }

    public static Object readPEM(File file) throws Exception {
        PEMParser pEMParser = new PEMParser(new FileReader(file));
        Object readObject = pEMParser.readObject();
        pEMParser.close();
        return readObject;
    }

    public static KeyPair resolveCipherKeyPair(String str, CaInfo caInfo) throws Exception {
        byte[] sm4Decryption = sm4Decryption(caInfo.getAesKey(), FileUtil.readBytesFromFile(str));
        if (caInfo.getKeyAlg().intValue() == KeyAlgEnum.SM2.type) {
            return resolveEcKeyPair(new String(sm4Decryption));
        }
        if (caInfo.getKeyAlg().intValue() == KeyAlgEnum.RSA.type) {
            return resolveRsaKeyPair(new String(sm4Decryption));
        }
        return null;
    }

    public static void writeCipherKeyPair(String str, KeyPair keyPair, CaInfo caInfo) throws Exception {
        FileUtil.writeBytesToFile(str, sm4Encryption(caInfo.getAesKey(), toPem(keyPair).getBytes()));
    }

    public static void writeCipherPublicKey(String str, PublicKey publicKey, CaInfo caInfo) throws Exception {
        FileUtil.writeBytesToFile(str, sm4Encryption(caInfo.getAesKey(), toPem(publicKey).getBytes()));
    }

    public static byte[] sm4Encryption(byte[] bArr, byte[] bArr2) throws Exception {
        Cipher cipher = Cipher.getInstance("SM4/ECB/PKCS5Padding", "BC");
        cipher.init(1, new SecretKeySpec(bArr, "SM4"));
        return cipher.doFinal(bArr2);
    }

    public static byte[] sm4Decryption(byte[] bArr, byte[] bArr2) throws Exception {
        Cipher cipher = Cipher.getInstance("SM4/ECB/PKCS5Padding", "BC");
        cipher.init(2, new SecretKeySpec(bArr, "SM4"));
        return cipher.doFinal(bArr2);
    }

    public static KeyPair resolveEcKeyPair(String str) throws Exception {
        ECPrivateKey eCPrivateKey = ECPrivateKey.getInstance(ASN1Sequence.getInstance(Base64.decode(str.replace(EC_PRIVATE_KEY_BEGIN, "").replace(EC_PRIVATE_KEY_END, "").getBytes())));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, eCPrivateKey.getParameters());
        return new JcaPEMKeyConverter().setProvider("BC").getKeyPair(new PEMKeyPair(new SubjectPublicKeyInfo(algorithmIdentifier, eCPrivateKey.getPublicKey().getEncoded()), new PrivateKeyInfo(algorithmIdentifier, eCPrivateKey)));
    }

    public static KeyPair resolveRsaKeyPair(String str) throws Exception {
        RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(ASN1Sequence.getInstance(Base64.decode(str.replace(RSA_PRIVATE_KEY_BEGIN, "").replace(RSA_PRIVATE_KEY_END, "").getBytes())));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
        return new JcaPEMKeyConverter().setProvider("BC").getKeyPair(new PEMKeyPair(new SubjectPublicKeyInfo(algorithmIdentifier, new RSAPublicKey(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent())), new PrivateKeyInfo(algorithmIdentifier, rSAPrivateKey)));
    }

    public static String certToFullB64(Certificate certificate) {
        if (null == certificate) {
            return null;
        }
        String str = "";
        try {
            str = Base64.toBase64String(certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            logger.error("证书转换异常", (Throwable) e);
        }
        return str;
    }

    public static String getSnFillZero(X509Certificate x509Certificate) {
        String lowerCase = x509Certificate.getSerialNumber().toString(16).toLowerCase();
        if (lowerCase.length() % 2 != 0) {
            lowerCase = "0" + lowerCase;
        }
        return lowerCase;
    }

    public static String getCnFromSubject(String str) throws IOException {
        RDN[] rDNs = new X500Name(str).getRDNs(RFC4519Style.f29cn);
        return 0 != rDNs.length ? rDNs[0].getFirst().getValue().toString() : "";
    }

    public static PublicKey resolveEcPublicKey(String str) throws Exception {
        return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(Base64.decode(str)));
    }

    public static PublicKey resolveRsaPublicKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str)));
    }

    public static PrivateKey resolveEcPrivateKey(String str) throws Exception {
        return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str)));
    }

    public static PrivateKey resolveRsaPrivateKey(String str) throws Exception {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str)));
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static boolean certChainVerify(List<X509Certificate> list) {
        X509Certificate x509Certificate = list.get(list.size() - 1);
        if (list.size() == 1) {
            return certTimeVerify(x509Certificate);
        }
        for (int i = 0; i < list.size() - 1; i++) {
            try {
                list.get(i).verify(list.get(i + 1).getPublicKey());
                if (!certTimeVerify(list.get(i))) {
                    return false;
                }
            } catch (Exception e) {
                return false;
            }
        }
        return certTimeVerify(x509Certificate);
    }

    public static boolean certTimeVerify(X509Certificate x509Certificate) {
        return true;
    }

    public static X509Certificate getCertFromBase64Str(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", ""))));
    }

    public static List<X509Certificate> getCertsFromPem(byte[] bArr) throws Exception {
        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X509", "BC").generateCertificates(new ByteArrayInputStream(bArr)).iterator();
        ArrayList arrayList = new ArrayList();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList;
    }

    public static KeyStore generateP12(String str, PrivateKey privateKey, Certificate[] certificateArr, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        for (int i = 1; i < certificateArr.length; i++) {
            keyStore.setCertificateEntry(str + "_cert", certificateArr[i]);
        }
        keyStore.setKeyEntry(str + "_key", privateKey, cArr, certificateArr);
        return keyStore;
    }

    public static KeyStore generateP12(String str, PrivateKey privateKey, List<X509Certificate> list, char[] cArr) throws Exception {
        return generateP12(str, privateKey, convertX509Arrays(sortCerts(list)), cArr);
    }

    public static Certificate[] convertX509Arrays(List<X509Certificate> list) {
        Certificate[] certificateArr = new Certificate[list.size()];
        for (int i = 0; i < list.size(); i++) {
            certificateArr[i] = list.get(i);
        }
        return certificateArr;
    }

    public static KeyStore generateJks(String str, PrivateKey privateKey, Certificate[] certificateArr, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        for (int i = 1; i < certificateArr.length; i++) {
            keyStore.setCertificateEntry(str + "_cert", certificateArr[i]);
        }
        keyStore.setKeyEntry(str + "_key", privateKey, cArr, certificateArr);
        return keyStore;
    }

    public static KeyStore generateJks(String str, PrivateKey privateKey, List<X509Certificate> list, char[] cArr) throws Exception {
        return generateJks(str, privateKey, convertX509Arrays(sortCerts(list)), cArr);
    }

    public static SignAlgEnum getCertSignAlg(X509Certificate x509Certificate) {
        return x509Certificate.getSigAlgName().toLowerCase().contains("rsa") ? SignAlgEnum.SHA256_WITH_RSA : SignAlgEnum.SM3_WITH_SM2;
    }

    public static KeyAlgEnum getCertKeyAlg(PublicKey publicKey) {
        return "rsa".equals(publicKey.getAlgorithm().toLowerCase()) ? KeyAlgEnum.RSA : KeyAlgEnum.SM2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static int getKeySize(PublicKey publicKey) {
        if (publicKey instanceof ECPublicKey) {
            return ((ECPublicKey) publicKey).getParams().getOrder().bitLength();
        }
        if (publicKey instanceof RSAPublicKey) {
            return ((RSAPublicKey) publicKey).getModulus().bitLength();
        }
        if (publicKey instanceof RSAKey) {
            return ((RSAKey) publicKey).getModulus().bitLength();
        }
        return -1;
    }

    public static String formatCertForCard(String str) {
        return "-----BEGIN CERTIFICATE-----" + str + "-----END CERTIFICATE-----";
    }

    public static KeyPair resolveCipherKeyPair(String str, String str2, CaInfo caInfo) throws Exception {
        return readKeyPairByPrivateKeyPem(new String(sm4Decryption(caInfo.getAesKey(), FileUtil.readBytesFromFile(str))));
    }

    public static PublicKey readPublicKeyPem(String str, Integer num) {
        PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(str.getBytes())));
        try {
            try {
                PublicKey generatePublic = KeyFactory.getInstance(num.intValue() == 1 ? "RSA" : "EC", "BC").generatePublic(new X509EncodedKeySpec(pemReader.readPemObject().getContent()));
                try {
                    pemReader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
                return generatePublic;
            } catch (Exception e2) {
                e2.printStackTrace();
                try {
                    pemReader.close();
                } catch (IOException e3) {
                    e3.printStackTrace();
                }
                return null;
            }
        } catch (Throwable th) {
            try {
                pemReader.close();
            } catch (IOException e4) {
                e4.printStackTrace();
            }
            throw th;
        }
    }

    public static KeyPair readKeyPairByPrivateKeyPem(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            new JcePEMDecryptorProviderBuilder().build(null);
            return new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) readObject);
        } catch (Exception e) {
            throw new RuntimeOperatorException("转换keypair失败");
        }
    }

    public static PrivateKey readPrivateKeyFromPem(String str) throws Exception {
        return new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(((PEMKeyPair) new PEMParser(new InputStreamReader(new ByteArrayInputStream(str.getBytes()))).readObject()).getPrivateKeyInfo());
    }

    public static String buildDn(String str, String str2, String str3, String str4) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("CN=");
        if (StringUtils.isNotEmpty(str2)) {
            stringBuffer.append(str2).append(" ");
        }
        if (StringUtils.isNotEmpty(str)) {
            stringBuffer.append(str);
        }
        if (StringUtils.isNotEmpty(str3)) {
            stringBuffer.append(",OU=").append(str3);
        }
        stringBuffer.append(",").append(str4);
        return stringBuffer.toString();
    }

    public static Result checkP10(String str, Integer num, Integer num2) {
        Result publicKeyFromP10 = getPublicKeyFromP10(str);
        return publicKeyFromP10.isSuccess() ? checkPublic((PublicKey) publicKeyFromP10.getInfo(), num, num2) : publicKeyFromP10;
    }

    public static Result checkP10AndKeySize(String str, Integer num, Integer num2) {
        Result publicKeyFromP10 = getPublicKeyFromP10(str);
        return publicKeyFromP10.isNotSuccess() ? publicKeyFromP10 : checkPublic((PublicKey) publicKeyFromP10.getInfo(), num, num2);
    }

    public static Result checkPublic(PublicKey publicKey, Integer num, Integer num2) {
        Result success = Result.success(publicKey);
        if (getCertKeyAlg(publicKey).type != num.intValue()) {
            success = Result.failure(ErrorEnum.P10_OR_PUBLICKEY_ALG_ERROR);
        }
        if (null != num2 && getKeySize(publicKey) != num2.intValue()) {
            success = Result.failure(ErrorEnum.P10_OR_PUBLICKEY_ALGLENGTH_ERROR);
        }
        return success;
    }

    public static X509CRL getCrl(String str) {
        try {
            return (X509CRL) CertificateFactory.getInstance("x.509", "BC").generateCRL(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static boolean verifyByBc(PublicKey publicKey, String str, String str2, Integer num) {
        return verifyByBc(publicKey, str, str2, KeyAlgEnum.getSignAlgNameByAlgType(num.intValue()));
    }

    public static boolean verifyByBc(PublicKey publicKey, String str, String str2, String str3) {
        try {
            return str3.equalsIgnoreCase(KeyAlgEnum.RSA.signAlgName) ? GMSSLRSASignUtils.verifyByBC(str3, publicKey, str, str2) : GMSSLSM2SignUtils.verifyByBC(publicKey, str, str2);
        } catch (Exception e) {
            throw new RuntimeException("验签失败", e);
        }
    }

    public static X509Certificate getCertFromP7b(String str) {
        Certificate[] certChain;
        ByteArrayInputStream byteArrayInputStream = null;
        X509Certificate x509Certificate = null;
        try {
            certChain = CryptoUtil.getCertChain(Base64.decode(str));
        } catch (Exception e) {
            logger.error("getCertFromP7b error: " + e.toString());
            e.printStackTrace();
            x509Certificate = getCertFromStr(str);
        }
        if (certChain == null) {
            logger.error("getCertFromP7b " + str + " faild: certs=null ");
            return null;
        }
        if (certChain.length == 1) {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(certChain[0].getEncoded()));
        }
        if (certChain.length >= 2) {
            byteArrayInputStream = new ByteArrayInputStream(certChain[0].getEncoded());
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(byteArrayInputStream);
            String name = x509Certificate.getSubjectDN().getName();
            String name2 = x509Certificate.getIssuerDN().getName();
            if (name != null && name.length() > 0 && name2 != null && name2.length() > 0 && name2.equalsIgnoreCase(name)) {
                byteArrayInputStream = new ByteArrayInputStream(certChain[certChain.length - 1].getEncoded());
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(byteArrayInputStream);
            }
        }
        byteArrayInputStream.close();
        return x509Certificate;
    }

    public static X509Certificate getCertFromStr(String str) {
        X509Certificate certFromFullStr = getCertFromFullStr(str);
        if (certFromFullStr == null) {
            certFromFullStr = getCertFromB64(str);
        }
        return certFromFullStr;
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            logger.error("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            logger.error("getCertFromB64 error: " + e.toString());
            e.printStackTrace();
            return null;
        }
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        getCrl("-----BEGIN X509 CRL-----\nMIIBLTCB1QIBATAKBggqgRzPVQGDdTAtMQ8wDQYDVQQDDAZhYWFzdWIxDTALBgNV\nBAoMBHhkamExCzAJBgNVBAYTAkNOFw0yMTA1MjQwOTE3MDlaFw0yMTA1MjQwOTIy\nMDlaoHcwdTAKBgNVHRQEAwIBKDBnBgNVHSMEYDBegBT+BrigMJeElP0MHmrKzE/z\nwhNOBqFDpEEwPzELMAkGA1UEBhMCQ04xDTALBgNVBAoMBFhESkExDjAMBgNVBAsM\nBXN1c2hpMREwDwYDVQQDDAhzbTIgcm9vdIIBBTAKBggqgRzPVQGDdQNHADBEAiAF\nxu1yEIgxVl2obK/SKbuMgKFqPFMNwFAbRX+Ae6CVjwIgYQoicROgP/IygYqCZay9\ngwwqV003NI39OSo5pQ4BQXA=\n-----END X509 CRL-----");
        System.out.println("ok");
    }
}
