package com.xdja.pki.ca.openpki.cmp.utils;

import com.xdja.pki.ldap.CryptoTypeStr;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/ca/openpki/cmp/utils/CertUtils.class */
public class CertUtils {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) CertUtils.class);
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String PKCS7_HEAD = "-----BEGIN PKCS7-----";
    public static final String PKCS7_TAIL = "-----END PKCS7-----";
    public static final String EMPTY_STR = "";

    public static X509Certificate getCertFromStr16(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", CryptoTypeStr.BC).generateCertificate(new ByteArrayInputStream(hex2byte(str)));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static byte[] hex2byte(String str) {
        StringBuffer stringBuffer;
        int length;
        if (null == str || str.equals("") || (length = (stringBuffer = new StringBuffer(str.trim())).length()) == 0 || length % 2 == 1) {
            return null;
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + stringBuffer.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                return null;
            }
        }
        return bArr;
    }

    public static String getPubKey(String str, int i) {
        String str2;
        X509Certificate certFromStr = getCertFromStr(str);
        if (null == certFromStr) {
            logger.error("证书内容为空");
            return "";
        }
        if (i == 1) {
            str2 = ((RSAPublicKey) certFromStr.getPublicKey()).getModulus().toString(16).toUpperCase();
        } else {
            ECPublicKey eCPublicKey = (ECPublicKey) certFromStr.getPublicKey();
            str2 = eCPublicKey.getW().getAffineX().toString(16) + "#" + eCPublicKey.getW().getAffineY().toString(16);
        }
        return str2;
    }

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromFullStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", CryptoTypeStr.BC).generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static synchronized X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", CryptoTypeStr.BC).generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            System.err.println("getCertFromB64 error: " + e.toString());
            return null;
        }
    }

    public static String getSn(X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber().toString(16).toLowerCase();
    }

    public static String getSnFillZero(X509Certificate x509Certificate) {
        String lowerCase = x509Certificate.getSerialNumber().toString(16).toLowerCase();
        if (lowerCase.length() % 2 != 0) {
            lowerCase = "0" + lowerCase;
        }
        return lowerCase;
    }

    public static String certToFullB64(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        String str = "";
        try {
            str = bytesToFullB64(certificate.getEncoded());
        } catch (Exception e) {
            System.err.println("certToFullB64 error:" + e.toString());
        }
        return str;
    }

    public static String bytesToFullB64(byte[] bArr) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.encode(bArr)) + "\n-----END CERTIFICATE-----\n";
        } catch (Exception e) {
            System.err.println("certDerToFullB64 error:" + e.toString());
            return null;
        }
    }

    public static String bytesToFullB642(byte[] bArr) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.encode(bArr)) + "\n-----END CERTIFICATE-----\n";
        } catch (Exception e) {
            System.err.println("certDerToFullB64 error:" + e.toString());
            return null;
        }
    }

    public static X509Certificate convertUploadFileToCert(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", CryptoTypeStr.BC).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            logger.error(e.getMessage(), (Throwable) e);
        }
        if (null != x509Certificate) {
            return x509Certificate;
        }
        String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    public static final String convertHexStr2Base64(String str) {
        return new String(Base64.encode(hexStr2Bytes(str)));
    }

    private static final byte[] hexStr2Bytes(String str) {
        String upperCase = str.toUpperCase();
        int length = upperCase.length() / 2;
        char[] charArray = upperCase.toCharArray();
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) ((charToByte(charArray[i2]) << 4) | (charToByte(charArray[i2 + 1]) & 255));
        }
        return bArr;
    }

    private static final byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }

    public static final boolean isSignCert(String str) {
        X509Certificate certFromB64 = getCertFromB64(str);
        if (null == certFromB64) {
            throw new IllegalArgumentException("证书转换非法");
        }
        return isSignCert(certFromB64);
    }

    public static final boolean isSignCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[0] || keyUsage[1];
    }

    public static final boolean isEncCert(String str) {
        X509Certificate certFromB64 = getCertFromB64(str);
        if (null == certFromB64) {
            throw new IllegalArgumentException("证书转换非法");
        }
        return isEncCert(certFromB64);
    }

    public static final boolean isEncCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[2] || keyUsage[3] || keyUsage[7] || keyUsage[8];
    }

    public static final boolean verifyCertIssueCa(String str, String str2) {
        X509Certificate certFromStr = getCertFromStr(str);
        X509Certificate certFromStr2 = getCertFromStr(str2);
        if (null == certFromStr || null == certFromStr2) {
            return false;
        }
        try {
            certFromStr.verify(certFromStr2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static CMPCertificate[] getCMPCert(Certificate certificate) throws CertificateEncodingException, IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(certificate.getEncoded());
        try {
            CMPCertificate[] cMPCertificateArr = {new CMPCertificate(org.bouncycastle.asn1.x509.Certificate.getInstance(aSN1InputStream.readObject().toASN1Primitive()))};
            aSN1InputStream.close();
            return cMPCertificateArr;
        } catch (Throwable th) {
            aSN1InputStream.close();
            throw th;
        }
    }

    public static PublicKey getPublicKeyFromSubjectPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        if (subjectPublicKeyInfo.getPublicKeyData().equals(DERNull.INSTANCE)) {
            return null;
        }
        try {
            return KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId(), str).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()));
        } catch (IOException | InvalidKeySpecException e) {
            InvalidKeyException invalidKeyException = new InvalidKeyException("Error decoding public key.");
            invalidKeyException.initCause(e);
            throw invalidKeyException;
        }
    }

    static {
        if (Security.getProvider(CryptoTypeStr.BC) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
