package com.xdja.pki.gmssl.main.tomcat.tools;

import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.gmssl.core.utils.GMSSLFileUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4ECBEncryptUtils;
import com.xdja.pki.gmssl.tomcat.utils.GMSSLTomcatUtils;
import java.io.File;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/gmssl/main/tomcat/tools/ResolveCertUtils.class */
public class ResolveCertUtils {
    private static Logger logger = LoggerFactory.getLogger(ResolveCertUtils.class);

    public static void addHttpsPort(String str) throws Exception {
        try {
            TomcatPropertiesEntry tomcatProperties = getTomcatProperties(str);
            System.out.println(tomcatProperties.toString());
            try {
                X509Certificate readCertificateFromCerByte = GMSSLX509Utils.readCertificateFromCerByte(getEncCertByEnvelopData(tomcatProperties.getEncKeyIndex(), tomcatProperties.getEncPriKey(), GMSSLFileUtils.readFileToByte(tomcatProperties.getEncCertPath())).getBytes());
                X509Certificate x509Certificate = null;
                ArrayList arrayList = new ArrayList();
                try {
                    for (X509Certificate x509Certificate2 : getCertsByCertChain(GMSSLFileUtils.fileToString(new File(tomcatProperties.getSignCertPath()), "utf-8"))) {
                        if (x509Certificate2.getSubjectX500Principal().equals(readCertificateFromCerByte.getSubjectX500Principal())) {
                            x509Certificate = x509Certificate2;
                        } else {
                            arrayList.add(x509Certificate2);
                        }
                    }
                    GMSSLTomcatUtils.openHttpsPortByYunHsm(arrayList, x509Certificate, readCertificateFromCerByte, tomcatProperties.getEncKeyIndex(), tomcatProperties.getEncPriKey(), tomcatProperties.getTomcatPath(), tomcatProperties.getHttpsPort());
                } catch (Exception e) {
                    logger.error("解析签名证书链失败", e);
                }
            } catch (Exception e2) {
                logger.error("解析加密证书链失败", e2);
            }
        } catch (IOException e3) {
            logger.error("获取配置信息失败", e3);
        }
    }

    public X509Certificate getEncCert(int i, String str, String str2) throws Exception {
        return GMSSLX509Utils.readCertificateFromCerByte(getEncCertByEnvelopData(i, str, GMSSLFileUtils.readFileToByte(str2)).getBytes());
    }

    public static List<X509Certificate> getCertsByCertChain(String str) throws CMSException, CertificateException {
        ArrayList arrayList = new ArrayList();
        Iterator it = new CMSSignedData(Base64.decode(str)).getCertificates().getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static TomcatPropertiesEntry getTomcatProperties(String str) throws IOException {
        TomcatPropertiesEntry tomcatPropertiesEntry = new TomcatPropertiesEntry();
        JSONObject jSONObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str), "UTF-8")).getJSONObject("Tomcat");
        tomcatPropertiesEntry.setTomcatPath(jSONObject.getString("tomcatPath"));
        tomcatPropertiesEntry.setRootCertPath(jSONObject.getString("rootCertPath"));
        tomcatPropertiesEntry.setSignCertPath(jSONObject.getString("signCertPath"));
        tomcatPropertiesEntry.setEncCertPath(jSONObject.getString("encCertPath"));
        tomcatPropertiesEntry.setEncKeyIndex(jSONObject.getInteger("encKeyIndex").intValue());
        tomcatPropertiesEntry.setEncPriKey(jSONObject.getString("encPriKey"));
        tomcatPropertiesEntry.setHttpsPort(jSONObject.getInteger("httpsPort").intValue());
        tomcatPropertiesEntry.setCryptoType(jSONObject.getString("cryptoType"));
        return tomcatPropertiesEntry;
    }

    public static String getEncCertByEnvelopData(int i, String str, byte[] bArr) throws Exception {
        SM2EnvelopedData sM2EnvelopedData = SM2EnvelopedData.getInstance(Base64.decode(bArr));
        DERSequence objectAt = sM2EnvelopedData.getRecipientInfos().getObjectAt(0);
        DEROctetString dEROctetString = null;
        for (int i2 = 0; i2 < objectAt.size(); i2++) {
            ASN1Encodable objectAt2 = objectAt.getObjectAt(i2);
            if (objectAt2 instanceof DEROctetString) {
                dEROctetString = (DEROctetString) objectAt2;
            }
        }
        return GMSSLSM4ECBEncryptUtils.decryptByBCWithPKCS7Padding(GMSSLSM2EncryptUtils.decryptASN1ByYunhsm(i, str, Base64.toBase64String(dEROctetString.getOctets())), Base64.toBase64String(sM2EnvelopedData.getEncryptedContentInfo().getEncryptedContent().getOctets()));
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
