package com.xdja.cryptoappkit.device.soft;

import com.xdja.cryptoappkit.domain.exception.CryptOperatorException;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.naming.directory.DirContext;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.Selector;

/* loaded from: input_file:com/xdja/cryptoappkit/device/soft/SoftOperatorUtil.class */
public class SoftOperatorUtil {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    private static final String ALGORITHM = "SM3WithSM2";
    private static final String INIT_IV = "1234567812345678";
    public static final String ALGORITHM_SM4 = "SM4";
    public static final String ALGORITHM_NAME_CBC_PKCS7PADDING = "SM4/CBC/PKCS7Padding";

    public static byte[] sm4Encrypt(byte[] bArr, byte[] bArr2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, ALGORITHM_SM4);
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_CBC_PKCS7PADDING, "BC");
            cipher.init(1, secretKeySpec, new IvParameterSpec(INIT_IV.getBytes()));
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            throw new CryptOperatorException("SM4加密失败：" + e.getMessage());
        }
    }

    public static byte[] sm4Decrypt(byte[] bArr, byte[] bArr2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, ALGORITHM_SM4);
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_CBC_PKCS7PADDING, "BC");
            cipher.init(2, secretKeySpec, new IvParameterSpec(INIT_IV.getBytes()));
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            throw new CryptOperatorException("SM4加密失败：" + e.getMessage());
        }
    }

    public static byte[] hmacWithSm3(byte[] bArr, byte[] bArr2) {
        KeyParameter keyParameter = new KeyParameter(bArr);
        HMac hMac = new HMac(new SM3Digest());
        hMac.init(keyParameter);
        hMac.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr3, 0);
        return bArr3;
    }

    public static byte[] sm3(byte[] bArr) {
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    public static boolean verifySign(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance(ALGORITHM, "BC");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new CryptOperatorException(e.getMessage());
        }
    }

    public static PublicKey getPublicKeyByCert(String str) {
        try {
            return getCertFromStr(str).getPublicKey();
        } catch (Exception e) {
            throw new CryptOperatorException("从证书中获取公钥失败");
        }
    }

    public static X509Certificate getX509CertificateByCert(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str.replace(CERT_HEAD, "").replace(CERT_TAIL, "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", ""))));
        } catch (NoSuchProviderException | CertificateException e) {
            throw new CryptOperatorException("解析证书失败");
        }
    }

    public static byte[] changeByteArrayLength(byte[] bArr, int i) {
        return bArr.length == i ? bArr : bArr.length < i ? fillByteArrayWithZeroInHead(bArr, i) : filterByteArrayZeroInHead(bArr, i);
    }

    public static byte[] fillByteArrayWithZeroInHead(byte[] bArr, int i) {
        if (bArr.length == i) {
            return bArr;
        }
        byte[] bArr2 = new byte[i];
        Arrays.fill(bArr2, (byte) 0);
        System.arraycopy(bArr, 0, bArr2, i - bArr.length, bArr.length);
        return bArr2;
    }

    public static byte[] filterByteArrayZeroInHead(byte[] bArr, int i) {
        if (bArr.length < i) {
            return bArr;
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, bArr.length - i, bArr2, 0, i);
        return bArr2;
    }

    public static X509Certificate readCertificateFromCer(String str) throws Exception {
        return readCertificateFromCerInputStream(readInputStreamFromPath(str));
    }

    public static X509Certificate readCertificateFromCerInputStream(InputStream inputStream) throws CertificateException, NoSuchProviderException {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inputStream);
    }

    public static InputStream readInputStreamFromPath(String str) throws FileNotFoundException {
        InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
        if (systemResourceAsStream == null) {
            systemResourceAsStream = new FileInputStream(str);
        }
        return systemResourceAsStream;
    }

    public static byte[] lookupCrl(DirContext dirContext, String str, String str2) throws Exception {
        return (byte[]) ((DirContext) dirContext.lookup(str)).getAttributes("").get(str2).get();
    }

    public static void saveCrlFile(byte[] bArr, String str) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str + "crl.crl");
            try {
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);
                try {
                    bufferedOutputStream.write(bArr);
                    bufferedOutputStream.flush();
                    fileOutputStream.flush();
                    bufferedOutputStream.close();
                    fileOutputStream.close();
                } catch (Throwable th) {
                    try {
                        bufferedOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new CryptOperatorException("crl文件写入失败");
        }
    }

    public static List<X509CRL> getCrlList(String str) {
        try {
            ArrayList arrayList = new ArrayList();
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new FileInputStream(str + "crl.crl"));
            if (x509crl.getNextUpdate().compareTo(new Date()) <= 0) {
                return null;
            }
            arrayList.add(x509crl);
            return arrayList;
        } catch (Exception e) {
            return null;
        }
    }

    public static void main(String[] strArr) {
        try {
            System.out.println((X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new FileInputStream("D:\\crl.crl")));
        } catch (Exception e) {
            throw new CryptOperatorException("从本地crl文件中获取crl列表失败");
        }
    }

    public static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, BigInteger bigInteger) throws OCSPException, OperatorException, CertificateEncodingException {
        CertificateID certificateID = new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate), bigInteger);
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, new DEROctetString(valueOf.toByteArray())));
        oCSPReqBuilder.setRequestExtensions(Extensions.getInstance(new X509Extensions(vector, vector2)));
        oCSPReqBuilder.addRequest(certificateID);
        return oCSPReqBuilder.build();
    }

    public static OCSPResp getOcspResponse(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws GeneralSecurityException, OCSPException, IOException, OperatorException {
        if (x509Certificate == null || x509Certificate2 == null || str == null) {
            return null;
        }
        byte[] encoded = generateOCSPRequest(x509Certificate2, x509Certificate.getSerialNumber()).getEncoded();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestProperty("Content-Type", "application/ocsp-request");
        httpURLConnection.setRequestProperty("Accept", "application/ocsp-response");
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setConnectTimeout(3000);
        httpURLConnection.setReadTimeout(5000);
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(httpURLConnection.getOutputStream()));
        dataOutputStream.write(encoded);
        dataOutputStream.flush();
        dataOutputStream.close();
        if (httpURLConnection.getResponseCode() != 200) {
            throw new CryptOperatorException("ocsp响应异常,code：" + httpURLConnection.getResponseCode());
        }
        return new OCSPResp((InputStream) httpURLConnection.getContent());
    }

    public static BigInteger[] derSignatureDecode(byte[] bArr) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(bArr));
        if (aSN1Sequence.size() != 2) {
            return null;
        }
        BigInteger value = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getValue();
        BigInteger value2 = ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getValue();
        if (org.bouncycastle.util.Arrays.constantTimeAreEqual(derSignatureEncode(value, value2), bArr)) {
            return new BigInteger[]{value, value2};
        }
        return null;
    }

    public static byte[] derSignatureEncode(BigInteger bigInteger, BigInteger bigInteger2) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(bigInteger));
        aSN1EncodableVector.add(new ASN1Integer(bigInteger2));
        return new DERSequence(aSN1EncodableVector).getEncoded("DER");
    }

    public static byte[][] sm2SignDerDecode(byte[] bArr) throws IOException {
        return signDerDecode(bArr, 32, 32);
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    public static byte[][] signDerDecode(byte[] bArr, int i, int i2) throws IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(bArr));
        return aSN1Sequence.size() != 2 ? (byte[][]) null : new byte[]{changeByteArrayLength(BigIntegers.asUnsignedByteArray(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getValue()), i), changeByteArrayLength(BigIntegers.asUnsignedByteArray(ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getValue()), i)};
    }

    public static byte[] derSignatureEncode(byte[] bArr, byte[] bArr2) throws IOException {
        return derSignatureEncode(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2));
    }

    private static List<X509Certificate> getCertsByCertChain(String str) {
        try {
            String replace = new String(Files.readAllBytes(Paths.get(str, new String[0]))).replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", "");
            ArrayList arrayList = new ArrayList();
            Iterator it = new CMSSignedData(Base64.getDecoder().decode(replace)).getCertificates().getMatches((Selector) null).iterator();
            while (it.hasNext()) {
                arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it.next()));
            }
            return arrayList;
        } catch (Exception e) {
            throw new CryptOperatorException("验证证书链失败" + e.getMessage());
        }
    }

    public static void checkCertChain(String str, String str2, String str3) {
        if (StringUtils.isBlank(str2)) {
            throw new CryptOperatorException("没有找到根证书");
        }
        X509Certificate certFromStr = getCertFromStr(str);
        Principal issuerDN = certFromStr.getIssuerDN();
        boolean z = false;
        try {
            X509Certificate readCertificateFromCer = readCertificateFromCer(str2);
            List<X509Certificate> certsByCertChain = getCertsByCertChain(str3);
            try {
                certsByCertChain.get(0).verify(readCertificateFromCer.getPublicKey());
                Principal principal = null;
                Date date = new Date();
                for (int i = 0; i < certsByCertChain.size(); i++) {
                    X509Certificate x509Certificate = certsByCertChain.get(i);
                    Principal issuerDN2 = x509Certificate.getIssuerDN();
                    Principal subjectDN = x509Certificate.getSubjectDN();
                    if (issuerDN.equals(subjectDN)) {
                        try {
                            certFromStr.verify(x509Certificate.getPublicKey());
                            try {
                                certFromStr.checkValidity(date);
                                z = true;
                            } catch (Exception e) {
                                throw new CryptOperatorException("证书已过期");
                            }
                        } catch (Exception e2) {
                            throw new CryptOperatorException("证书链校验失败");
                        }
                    }
                    if (principal != null) {
                        if (!issuerDN2.equals(principal)) {
                            throw new CryptOperatorException("证书链验证失败，存在非法的证书");
                        }
                        try {
                            certsByCertChain.get(i).verify(certsByCertChain.get(i - 1).getPublicKey());
                            certsByCertChain.get(i).checkValidity(date);
                        } catch (Exception e3) {
                            throw new CryptOperatorException("证书链验证失败，存在非法的证书");
                        }
                    }
                    principal = subjectDN;
                }
                if (!z) {
                    throw new CryptOperatorException("当前证书不在证书链里面");
                }
            } catch (Exception e4) {
                throw new CryptOperatorException("当前证书不是由根证书签发");
            }
        } catch (Exception e5) {
            throw new CryptOperatorException(e5.getMessage());
        }
    }

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace(CERT_HEAD, "").replace(CERT_TAIL, "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromFullStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        if (null == certFromB64) {
            throw new CryptOperatorException("证书解析失败");
        }
        return certFromB64;
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            return null;
        }
    }

    public static synchronized X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            return null;
        }
    }

    public static X509Certificate getCertFromStr16(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(hex2byte(str)));
        } catch (Exception e) {
            return null;
        }
    }

    public static byte[] hex2byte(String str) {
        if (null == str || "".equals(str)) {
            return new byte[0];
        }
        StringBuilder sb = new StringBuilder(str.trim());
        int length = sb.length();
        if (length == 0 || length % 2 == 1) {
            return new byte[0];
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + sb.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                return new byte[0];
            }
        }
        return bArr;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
