package com.xdja.pki.ca.core.ca.util.gm.cert;

import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.RFC4519StyleUpperCase;
import com.xdja.pki.ca.core.ca.util.gm.GMBaseUtil;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.pkcs7.EnvelopedDataUtil;
import com.xdja.pki.ca.core.pkcs7.P7bUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.core.util.FileUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.nutz.http.sender.FilePostSender;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ca-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/core/ca/util/gm/cert/CertUtil.class */
public class CertUtil extends GMBaseUtil {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String P10_HEAD = "-----BEGIN CERTIFICATE REQUEST-----";
    public static final String P10_TAIL = "-----END CERTIFICATE REQUEST-----";
    public static final String PUBLIC_KEY_HEAD = "-----BEGIN PUBLIC KEY-----";
    public static final String PUBLIC_KEY_TAIL = "-----END PUBLIC KEY-----";
    public static final String RSA_BC_NAME = "RSA";
    public static final String SM2_BC_NAME = "EC";
    public static Logger logger = LoggerFactory.getLogger((Class<?>) CertUtil.class);

    public static String fullB64toStr(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            return str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "");
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getUserCertByCertChain(String str) throws Exception {
        X509Certificate[] sortCertChain = sortCertChain(P7bUtils.resolveCertChain(str));
        return sortCertChain[sortCertChain.length - 1];
    }

    public static X509Certificate getUserCertByCertChainPath(String str) throws Exception {
        return getUserCertByCertChain(FileUtils.read(str));
    }

    public static X509Certificate getUserCertByCertChain(InputStream inputStream) throws Exception {
        X509Certificate[] sortCertChain = sortCertChain(P7bUtils.resolvePemCertChain(inputStream));
        return sortCertChain[sortCertChain.length - 1];
    }

    public static X509Certificate getUserCertByCertChain(byte[] bArr) {
        X509Certificate[] sortCertChain = sortCertChain(P7bUtils.getCertListFromB64(bArr));
        return sortCertChain[sortCertChain.length - 1];
    }

    public static X509Certificate getUserCertByCertChain(File file) throws Exception {
        X509Certificate[] sortCertChain = sortCertChain(P7bUtils.resolvePemCertChain(new FileInputStream(file)));
        return sortCertChain[sortCertChain.length - 1];
    }

    public static KeyPair createSm2KeyPair() {
        SecureRandom secureRandom = new SecureRandom(String.valueOf(System.nanoTime()).getBytes());
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SM2_BC_NAME, "BC");
            keyPairGenerator.initialize(256, secureRandom);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void writeRootPri(PrivateKey privateKey) {
        writeObjToFile(privateKey, Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_ROOT_PRIVATE_FILE_NAME);
    }

    public static void writeObjToFile(Object obj, String str) {
        File parentFile = new File(str).getParentFile();
        if (!parentFile.exists()) {
            parentFile.mkdirs();
        }
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        PEMWriter pEMWriter = new PEMWriter(charArrayWriter);
        try {
            pEMWriter.writeObject(obj);
            pEMWriter.close();
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(charArrayWriter.toString().getBytes());
            fileOutputStream.close();
        } catch (Exception e) {
            throw new RuntimeException("写入文件失败");
        }
    }

    public static void writeObjToPem(Object obj, String str) {
        new File(str).getParentFile().mkdirs();
        JcaPEMWriter jcaPEMWriter = null;
        FileWriter fileWriter = null;
        try {
            try {
                fileWriter = new FileWriter(new File(str));
                jcaPEMWriter = new JcaPEMWriter(fileWriter);
                jcaPEMWriter.writeObject(obj);
                try {
                    jcaPEMWriter.flush();
                    jcaPEMWriter.close();
                    fileWriter.close();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                try {
                    jcaPEMWriter.flush();
                    jcaPEMWriter.close();
                    fileWriter.close();
                } catch (Exception e3) {
                    e3.printStackTrace();
                }
            }
        } catch (Throwable th) {
            try {
                jcaPEMWriter.flush();
                jcaPEMWriter.close();
                fileWriter.close();
            } catch (Exception e4) {
                e4.printStackTrace();
            }
            throw th;
        }
    }

    public static String writeObject(Object obj) throws Exception {
        if (null == obj) {
            return null;
        }
        StringWriter stringWriter = new StringWriter();
        GMSSLX509Utils.writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static byte[] writeObjectToByteArray(X509Certificate x509Certificate) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GMSSLX509Utils.writePEM(x509Certificate, new OutputStreamWriter(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }

    public static PublicKey getPublicKeyFromP10(String str) {
        try {
            return new JcaPEMKeyConverter().setProvider("BC").getPublicKey(new PKCS10CertificationRequest(Base64.decode(str.replace(P10_TAIL, "").replace(P10_HEAD, "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""))).getSubjectPublicKeyInfo());
        } catch (IOException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static String getp10StrFromBr(BufferedReader bufferedReader) throws IOException {
        PemObject readPemObject = new PemReader(bufferedReader).readPemObject();
        new JcaPEMKeyConverter().setProvider("BC").getPublicKey(new PKCS10CertificationRequest(readPemObject.getContent()).getSubjectPublicKeyInfo());
        return Base64.toBase64String(readPemObject.getContent());
    }

    public static Object getDnFromP10(String str) {
        try {
            return getDnByPKCS10(new PKCS10CertificationRequest(Base64.decode(str.replace(P10_TAIL, "").replace(P10_HEAD, "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""))));
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    public static String getDnByPKCS10(PKCS10CertificationRequest pKCS10CertificationRequest) throws NamingException, CertificateEncodingException, IOException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(CertificationRequest.getInstance(pKCS10CertificationRequest.getEncoded()).getCertificationRequestInfo().getEncoded());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 2).toASN1Primitive()).toString();
    }

    public static PKCS10CertificationRequest createP10(X500Name x500Name, PublicKey publicKey, PrivateKey privateKey, String str) {
        try {
            return new JcaPKCS10CertificationRequestBuilder(x500Name, publicKey).build(new JcaContentSignerBuilder(str).setProvider("BC").build(privateKey));
        } catch (Exception e) {
            throw new RuntimeException("生成P10出现异常", e);
        }
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println(DnUtil.getRFC4519X500Name(getDnFromP10(new String("-----BEGIN CERTIFICATE REQUEST-----\nMIIBDTCBtAIBADBSMQswCQYDVQQGEwJjbjEKMAgGA1UEBwwBNDEKMAgGA1UECwwB\nMzERMA8GCgmSJomT8ixkARkWATIxCjAIBgNVBAQMATExDDAKBgNVBAMMAzAwMDBZ\nMBMGByqGSM49AgEGCCqBHM9VAYItA0IABFKnQQcIZm/oFp0hITuz57b7Ew0wfFnt\n/OZKRdcI9uspvu5nl/+cB3lEeRvfIbEo+ij7+2tIgZAXEjPJ06QzEHegADAKBggq\ngRzPVQGDdQNIADBFAiApCtpqT4Db4maGULZx7NRR1/TzLKHIh0ZmoBmYL0oS8AIh\nALVi+zaLcb7qfjbWz5N1sNcLbTa3Qmaiw9i3pAhZkLJk\n-----END CERTIFICATE REQUEST-----\n".getBytes())).toString()));
    }

    public static X509Certificate[] sortCertChain(List<X509Certificate> list) {
        X509Certificate[] x509CertificateArr = new X509Certificate[list.size()];
        HashMap hashMap = new HashMap();
        String str = "";
        if (1 == list.size()) {
            x509CertificateArr[0] = list.get(0);
            return x509CertificateArr;
        }
        for (int i = 0; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            String principal = x509Certificate.getSubjectDN().toString();
            String principal2 = x509Certificate.getIssuerDN().toString();
            if (principal.toLowerCase().equals(principal2.toLowerCase())) {
                x509CertificateArr[0] = x509Certificate;
                str = principal2;
            } else {
                hashMap.put(principal2, x509Certificate);
            }
        }
        for (int i2 = 1; i2 < list.size(); i2++) {
            X509Certificate x509Certificate2 = (X509Certificate) hashMap.get(str);
            x509CertificateArr[i2] = x509Certificate2;
            str = x509Certificate2.getSubjectDN().toString();
        }
        return x509CertificateArr;
    }

    public static boolean verifyCertChainSign(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            try {
                x509Certificate2.verify(x509Certificate.getPublicKey(), "BC");
                x509Certificate = x509Certificate2;
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }
        return true;
    }

    public static PublicKey convertPublicKey(PublicKey publicKey, String str) throws Exception {
        return publicKey instanceof RSAPublicKey ? RsaAlgUtils.getRsaPublicKey(str) : Constants.BASE_ALG_TYPE.intValue() == RsaAlgUtils.SM2_ALG.intValue() ? convertSM2PublicKey(str) : convertECPublicKey(str, NISTNamedCurves.getName(SECObjectIdentifiers.secp256r1));
    }

    public static PublicKey convertECPublicKey(String str, String str2) throws Exception {
        byte[] decode = Base64.decode(str);
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertECPublicKey(bArr, bArr2, str2);
    }

    public static PublicKey convertECPublicKey(byte[] bArr, byte[] bArr2, String str) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        return new BCECPublicKey(str, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static PrivateKey getRootPrivateKey(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new FileReader(str));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取公钥私服时异常：" + e.getMessage());
        }
    }

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromFullStr = getCertFromFullStr(replace);
        if (certFromFullStr == null) {
            certFromFullStr = getCertFromB64(replace);
        }
        return certFromFullStr;
    }

    public static X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getPublicKeyStrBySubjectKeyInfo(String str) throws Exception {
        return Base64.toBase64String(SubjectPublicKeyInfo.getInstance(new PemReader(new StringReader(str)).readPemObject().getContent()).getPublicKeyData().getBytes());
    }

    public static PublicKey getPublicKeyBySubjectKeyInfo(Integer num, String str) throws Exception {
        return KeyFactory.getInstance(EnvelopedDataUtil.RSA_ALG.intValue() == num.intValue() ? "RSA" : SM2_BC_NAME, "BC").generatePublic(new X509EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""))));
    }

    public static String getPublicKeyStrKeyByBr(String str) throws Exception {
        try {
            System.out.println(str);
            return getPublicKeyStrBySubjectKeyInfo(str);
        } catch (Exception e) {
            try {
                return getPublicKeyStrByBase64(str);
            } catch (Exception e2) {
                convertSM2PublicKey(str);
                return str;
            }
        }
    }

    public static String getPublicKeyStrByBase64(String str) throws Exception {
        return Base64.toBase64String(new PemReader(new StringReader(str)).readPemObject().getContent());
    }

    public static X509Certificate getCertFromB64File(File file) {
        try {
            FileReader fileReader = new FileReader(file);
            BufferedReader bufferedReader = new BufferedReader(fileReader);
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    fileReader.close();
                    bufferedReader.close();
                    return getCertFromStr(stringBuffer.toString());
                }
                stringBuffer.append(readLine);
            }
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] fullB64ToBytes(String str) {
        byte[] bArr = null;
        try {
            bArr = Base64.decode(str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", ""));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return bArr;
    }

    public static String strToFullB64(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        try {
            boolean z = str.length() % 64 != 0;
            int i = 0;
            while (i < str.length() / 64) {
                stringBuffer.append(str.substring(i * 64, (i + 1) * 64) + FilePostSender.SEPARATOR);
                i++;
            }
            stringBuffer.append(str.substring(i * 64));
            if (z) {
                stringBuffer.insert(0, "-----BEGIN CERTIFICATE-----\r\n");
                stringBuffer.append("\r\n-----END CERTIFICATE-----");
            } else {
                stringBuffer.insert(0, "-----BEGIN CERTIFICATE-----\r\n");
                stringBuffer.append("-----END CERTIFICATE-----");
            }
            return stringBuffer.toString();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static int getVersionByCertStr(String str) {
        return getCertFromStr(str).getVersion();
    }

    public static String getSNByCertStr(String str) {
        return getCertFromStr(str).getSerialNumber().toString(16);
    }

    public static String getIssuerByCertStr(String str) throws NamingException {
        return DnUtil.getRFC4519X500Name(getCertFromStr(str).getIssuerX500Principal().getName()).toString();
    }

    public static String getIssuerByX509Cert(X509Certificate x509Certificate) throws NamingException, CertificateEncodingException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 3).toASN1Primitive()).toString();
    }

    public static String getSubjectByCertStr(String str) throws NamingException, CertificateEncodingException {
        return getSubjectByX509Cert(getCertFromStr(str));
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) throws NamingException, CertificateEncodingException {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
        int i = 0;
        if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
            i = -1;
        }
        return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 5).toASN1Primitive()).toString();
    }

    public String getNotbeforeTimeByCertStr(String str) {
        return getCertFromStr(str).getNotBefore().toString();
    }

    public String getNotAfterTimeByCertStr(String str) {
        return getCertFromStr(str).getNotAfter().toString();
    }

    public String getSubjectPublicKeyInfoByCertStr(String str) {
        X509Certificate certFromStr = getCertFromStr(str);
        if (null == certFromStr.getExtensionValue(Extension.subjectKeyIdentifier.toString())) {
            return null;
        }
        return new String(certFromStr.getExtensionValue(Extension.subjectKeyIdentifier.toString()));
    }

    public String getIssuerUniqueIdByCertStr(String str) {
        X509Certificate certFromStr = getCertFromStr(str);
        if (null == certFromStr.getExtensionValue(Extension.subjectKeyIdentifier.toString())) {
            return null;
        }
        return new String(certFromStr.getExtensionValue(Extension.subjectKeyIdentifier.toString()));
    }

    public static String getBasicConstraints(String str) {
        X509Certificate certFromStr = getCertFromStr(str);
        if (null == certFromStr.getExtensionValue(Extension.basicConstraints.toString())) {
            return null;
        }
        return new String(certFromStr.getExtensionValue(Extension.basicConstraints.toString()));
    }

    public static Map<String, Object> enPEncCert(X509Certificate x509Certificate, X509Certificate x509Certificate2, Integer num) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("signCert", writeObject(x509Certificate));
        hashMap.put("signSn", x509Certificate.getSerialNumber().toString(16));
        hashMap.put("encSn", x509Certificate2.getSerialNumber().toString(16));
        if (Constants.BASE_ALG_TYPE.intValue() == RsaAlgUtils.NIST_ALG.intValue()) {
            hashMap.put("encCert", writeObject(x509Certificate2));
        } else {
            hashMap.put("encCert", new String(Base64.toBase64String(EnvelopedDataUtil.getEnvelopedData(num, x509Certificate2).getEncoded("DER"))));
        }
        return hashMap;
    }

    public static String formatEncCert(X509Certificate x509Certificate, Integer num) throws Exception {
        return Constants.BASE_ALG_TYPE.intValue() == RsaAlgUtils.NIST_ALG.intValue() ? writeObject(x509Certificate) : new String(Base64.toBase64String(EnvelopedDataUtil.getEnvelopedData(num, x509Certificate).getEncoded("DER")));
    }

    public static List<Extension> genExtensions(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        ArrayList arrayList = new ArrayList();
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        Iterator it = x509CertificateHolder.getExtensionOIDs().iterator();
        while (it.hasNext()) {
            arrayList.add(x509CertificateHolder.getExtension((ASN1ObjectIdentifier) it.next()));
        }
        return arrayList;
    }

    public static PublicKey convertSM2PublicKey(String str) throws Exception {
        byte[] decode = Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""));
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertSM2PublicKey(bArr, bArr2);
    }

    public static String convertBitStringSM2PublicKey(ECPublicKey eCPublicKey) throws Exception {
        return convertBitStringSM2PublicKey(eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY());
    }

    public static String convertBitStringSM2PublicKey(BigInteger bigInteger, BigInteger bigInteger2) throws Exception {
        return convertBitStringSM2PublicKey(BigIntegers.asUnsignedByteArray(bigInteger), BigIntegers.asUnsignedByteArray(bigInteger2));
    }

    public static String convertBitStringSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        if (bArr.length != 32 || bArr2.length != 32) {
            throw new Exception("x or y length error x: " + bArr.length + " y: " + bArr2.length);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(4);
        byteArrayOutputStream.write(bArr);
        byteArrayOutputStream.write(bArr2);
        return new String(Base64.encode(byteArrayOutputStream.toByteArray()));
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(GMSSLX509Utils.ECC_SM2_NAME);
        return new BCECPublicKey(GMSSLX509Utils.ECC_SM2_NAME, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static PrivateKey getPrivateKey(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            PEMDecryptorProvider build = new JcePEMDecryptorProviderBuilder().build((char[]) null);
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            return (readObject instanceof PEMEncryptedKeyPair ? provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(build)) : provider.getKeyPair((PEMKeyPair) readObject)).getPrivate();
        } catch (Exception e) {
            throw new ServiceException("读取私钥时异常：" + e.getMessage());
        }
    }

    public static PublicKey getPublicKey(String str) {
        try {
            File file = new File(str);
            if (!file.exists()) {
                return null;
            }
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            return new JcaPEMKeyConverter().setProvider("BC").getPublicKey(SubjectPublicKeyInfo.getInstance(readObject));
        } catch (IOException e) {
            throw new ServiceException("读取公钥时异常：" + e.getMessage());
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
