package com.xdja.pki.ca.core.util;

import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:WEB-INF/lib/ca-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/core/util/CertUtils.class */
public class CertUtils {
    private Logger logger = LoggerFactory.getLogger(getClass());
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String PUBLIC_KEY_HEAD = "-----BEGIN PUBLIC KEY-----";
    public static final String PUBLIC_KEY_TAIL = "-----END PUBLIC KEY-----";

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromNormalStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    private static synchronized X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", (Provider) new BouncyCastleProvider()).generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            System.err.println("getCertFromB64 error: " + e.toString());
            return null;
        }
    }

    private static synchronized X509Certificate getCertFromStr16(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", (Provider) new BouncyCastleProvider()).generateCertificate(new ByteArrayInputStream(hex2byte(str)));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static void writeObjToFile(Object obj, String str) {
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        PEMWriter pEMWriter = new PEMWriter(charArrayWriter);
        new File(str).getParentFile().mkdirs();
        try {
            pEMWriter.writeObject(obj);
            pEMWriter.close();
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(charArrayWriter.toString().getBytes());
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("写入文件失败");
        }
    }

    public static byte[] hex2byte(String str) {
        StringBuffer stringBuffer;
        int length;
        if (null == str || str.equals("") || (length = (stringBuffer = new StringBuffer(str.trim())).length()) == 0 || length % 2 == 1) {
            return null;
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + stringBuffer.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                return null;
            }
        }
        return bArr;
    }

    private static synchronized X509Certificate getCertFromNormalStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", (Provider) new BouncyCastleProvider()).generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static PublicKey convertSM2PublicKey(String str) throws Exception {
        byte[] decode = Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""));
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertSM2PublicKey(bArr, bArr2);
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("sm2p256v1");
        ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec);
        System.out.println("==========" + eCPublicKeySpec.getClass().getName().toString());
        return new BCECPublicKey("sm2p256v1", eCPublicKeySpec, BouncyCastleProvider.CONFIGURATION);
    }

    public static List<X509Certificate> getCertListFromB64(byte[] bArr) {
        CertificateFactory certificateFactory = null;
        List<X509Certificate> list = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            list = (List) certificateFactory.generateCertificates(byteArrayInputStream);
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (!CollectionUtils.isEmpty(list)) {
            return sortCerts(list);
        }
        String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        try {
            byte[] decode = Base64.decode(replace);
            if (decode == null || decode.length == 0) {
                decode = hex2byte(replace);
            }
            list = (List) certificateFactory.generateCertificates(new ByteArrayInputStream(decode));
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        return !CollectionUtils.isEmpty(list) ? sortCerts(list) : list;
    }

    public static List<Certificate> getSortCertListFromB64(String str) {
        try {
            Iterator it = ((List) CertificateFactory.getInstance("X.509", "BC").generateCertificates(new ByteArrayInputStream(Base64.decode(str)))).iterator();
            ArrayList arrayList = new ArrayList();
            while (it.hasNext()) {
                arrayList.add((Certificate) it.next());
            }
            return sortCerts(arrayList);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        if (arrayList.size() > 1) {
            return arrayList2;
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static final boolean verifyCertIssueCa(String str, String str2) {
        try {
            getCertFromStr(str).verify(getCertFromStr(str2).getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static List<X509Certificate> getCertListFromP7b(byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration objects = SignedData.getInstance(new ContentInfo(ASN1Sequence.getInstance(bArr)).getContent()).getCertificates().getObjects();
            while (objects.hasMoreElements()) {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ASN1InputStream(((ASN1Encodable) objects.nextElement()).toASN1Primitive().getEncoded())));
            }
            return sortCerts(arrayList);
        } catch (Exception e) {
            throw new RuntimeException();
        }
    }

    public static String createCertChainByCerts(List<X509Certificate> list) {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray("".getBytes());
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(list));
            return new String(Base64.encode(cMSSignedDataGenerator.generate(cMSProcessableByteArray).getEncoded()));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String writeObject(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        GMSSLX509Utils.writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static X509Certificate convertUploadFileToCert(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (null != x509Certificate) {
            return x509Certificate;
        }
        String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    public static PublicKey getPublicKeyBySubjectPublicInfo(String str) throws Exception {
        return GMSSLX509Utils.convertSM2PublicKey(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(Base64.decode(str))));
    }

    public static X509Certificate getCertFromFile(File file) {
        X509Certificate certFromStandFile = getCertFromStandFile(file);
        if (certFromStandFile == null) {
            certFromStandFile = getCertFromB64File(file);
        }
        return certFromStandFile;
    }

    private static X509Certificate getCertFromStandFile(File file) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new FileInputStream(file));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static X509Certificate getCertFromB64File(File file) {
        try {
            FileReader fileReader = new FileReader(file);
            BufferedReader bufferedReader = new BufferedReader(fileReader);
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    fileReader.close();
                    bufferedReader.close();
                    return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(stringBuffer.toString())));
                }
                stringBuffer.append(readLine);
            }
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getCertFromFile(FileInputStream fileInputStream) {
        X509Certificate certFromStandFile = getCertFromStandFile(fileInputStream);
        if (certFromStandFile == null) {
            certFromStandFile = getCertFromB64File(fileInputStream);
        }
        return certFromStandFile;
    }

    public static String getNameByPath(String str) {
        String[] split = str.split("\\\\");
        return split[split.length - 1];
    }

    private static X509Certificate getCertFromStandFile(FileInputStream fileInputStream) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(fileInputStream);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static X509Certificate getCertFromB64File(FileInputStream fileInputStream) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            if (null != fileInputStream) {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(fileInputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        stringBuffer.append(readLine);
                    }
                } catch (Exception e) {
                    throw new RuntimeException("读取证书流异常", e);
                }
            }
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(stringBuffer.toString())));
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static PrivateKey readPrivateKeyByPath(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取公钥私服时异常：" + e.getMessage());
        }
    }

    public static String removePemTag(String str) {
        return str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
    }

    public static void printHexBinary(Logger logger, String str, byte[] bArr) {
        System.out.println(str);
        System.out.println(GMSSLByteArrayUtils.hexEncode(bArr));
    }

    public static void main(String[] strArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] decode = Base64.decode("v/NwKLpAkrsZkA0Jpx0SpJj3ZVyL8JOSXa5N2Fgq3xX26488u7loYrPf4uCoRXUP8/odGZT/TcfkEpUo2iHGkwS3jDtSNHP/GZ50v6pzDJPG7rkKM7HjP32IF4ZtWf33aFQFZf4wq+b6lZaYboLcY9K/YDpNfu6TjhQcHN0QR1EglUBj5TL3EypL7NsNSFxh8+B7CczIagjKlJLk53uKmIuVgovXZTG7ivYUA8n6FyOIfV4fLF3g5TS5gu4PoiEc0YYoSp8eKrDs/0ysH0kEnggBXNsdbVzMQbbY5oxeYMSZ5KxB0AETg5Fyn4gdSIisl9/B/BkCFU5evXfm7AP3nQ==");
        System.out.println();
        printHexBinary(null, "usbkey public key m", decode);
        PublicKey generatePublic = KeyFactory.getInstance("RSA", (Provider) new BouncyCastleProvider()).generatePublic(new RSAPublicKeySpec(new BigInteger(decode), BigInteger.valueOf(65537L)));
        System.out.println("证书请求时的公钥信息 ==== " + Base64.toBase64String(generatePublic.getEncoded()));
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generatePublic;
        printHexBinary(null, "public key m", rSAPublicKey.getModulus().toByteArray());
        printHexBinary(null, "public key m", BigIntegers.asUnsignedByteArray(rSAPublicKey.getModulus()));
        System.out.println(rSAPublicKey);
        System.out.println(rSAPublicKey.getClass());
        PublicKey publicKey = getCertFromStr("-----BEGIN CERTIFICATE-----\nMIIELTCCAxWgAwIBAgIEEAAAMDANBgkqhkiG9w0BAQsFADArMQswCQYDVQQGEwJD\nTjENMAsGA1UECgwEWERKQTENMAsGA1UEAwwEcm9vdDAeFw0xOTA5MjkwNjQzNDFa\nFw0xOTA5MjkxMDQzNDFaMD8xCzAJBgNVBAYTAkNOMQ0wCwYDVQQKDARYREpBMQsw\nCQYDVQQDDAJSQTEUMBIGA1UEAwwLUkHlvZXjgIHliLYwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQC/83AoukCSuxmQDQmnHRKkmPdlXIvwk5Jdrk3YWCrf\nFfbrjzy7uWhis9/i4KhFdQ/z+h0ZlP9Nx+QSlSjaIcaTBLeMO1I0c/8ZnnS/qnMM\nk8buuQozseM/fYgXhm1Z/fdoVAVl/jCr5vqVlphugtxj0r9gOk1+7pOOFBwc3RBH\nUSCVQGPlMvcTKkvs2w1IXGHz4HsJzMhqCMqUkuTne4qYi5WCi9dlMbuK9hQDyfoX\nI4h9Xh8sXeDlNLmC7g+iIRzRhihKnx4qsOz/TKwfSQSeCAFc2x1tXMxBttjmjF5g\nxJnkrEHQARODkXKfiB1IiKyX38H8GQIVTl69d+bsA/edAgMBAAGjggFDMIIBPzBW\nBgNVHSMETzBNgBR27elv4yMF6AebppqAZP4bQUf336EvpC0wKzELMAkGA1UEBhMC\nQ04xDTALBgNVBAoMBFhESkExDTALBgNVBAMMBHJvb3SCBBAAAAAwHQYDVR0OBBYE\nFLBpqVwfHCsIIPbXK3fsiN9iXUcxMA4GA1UdDwEB/wQEAwIDODCBtQYIKwYBBQUH\nAQEEgagwgaUwNQYIKwYBBQUHMAGGKWh0dHA6Ly8xMS4xMi4xMTAuODQ6ODA4Mi9v\nY3NwLXdlYi9vY3NwL3YxMGwGCCsGAQUFBzAChmBsZGFwOi8vMTEuMTIuMTEwLjE6\nODA4MC9BUEkvQ049cm9vdCxPPVhESkEsQz1DTj9jQUNlcnRpZmljYXRlO2JpbmFy\neSxjcm9zc0NlcnRpZmljYXRlUGFpcjtiaW5hcnkwDQYJKoZIhvcNAQELBQADggEB\nAAsyzGlzDLMtiVdZZZXYcvPefkADnW/LITiLunvq3LuO6geIrCqINLekThw8y8dC\nA6OTH0KFmvSZIfl9sgAR0ljS2EqzyEkKFgSNpD4TWYQi8h/XdaBeoikk+OX+VGuZ\neSNUDvjWR9qT3TS67LrPKLqeNZCkE8sDTJtdNCk62aGo/mlF/Ai9CRwUa3tpjDGx\ni4gai8/iZTjGmAYAw++cAcpZ0StBhskLf0jKkqKWq5q59zO3uHIwc8BKz1kO4CqN\ngLAySTJnxF1nKmwHAXDYB0oSjkIWHGRYmNOw6Tz5rQkwm3ps5SbcEMLr+jQBKrBn\nkj3b7tD1SsFXGr/9yH+UgFg=\n-----END CERTIFICATE-----").getPublicKey();
        RSAPublicKey rSAPublicKey2 = (RSAPublicKey) publicKey;
        printHexBinary(null, "cert public key", rSAPublicKey2.getModulus().toByteArray());
        printHexBinary(null, "cert public key", BigIntegers.asUnsignedByteArray(rSAPublicKey2.getModulus()));
        System.out.println(rSAPublicKey2);
        System.out.println(rSAPublicKey2.getClass());
        System.out.println("生成的证书中的公钥信息 == " + Base64.toBase64String(publicKey.getEncoded()));
        System.out.println(rSAPublicKey2.equals(rSAPublicKey));
    }
}
