package com.xdja.pki.gmssl.main.tomcat.tools;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLFileUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSAEncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSAKeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4ECBEncryptUtils;
import com.xdja.pki.gmssl.keystore.utils.GMSSLKeyStoreUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import com.xdja.pki.gmssl.tomcat.utils.GMSSLTomcatUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLP10Utils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/gmssl/main/tomcat/tools/ResolveCertUtils.class */
public class ResolveCertUtils {
    private static Logger logger = LoggerFactory.getLogger(ResolveCertUtils.class);

    public static void addHttpsPort(String str) throws Exception {
        try {
            TomcatPropertiesEntry tomcatProperties = getTomcatProperties(str);
            System.out.println(tomcatProperties.toString());
            if (tomcatProperties.getKeyType().equalsIgnoreCase("RSA")) {
                addRSAHttpsPort(tomcatProperties, str);
            } else if (tomcatProperties.getKeyType().equalsIgnoreCase("EC")) {
                addECHttpsPort(tomcatProperties);
            } else {
                if (!tomcatProperties.getKeyType().equalsIgnoreCase("BCEC")) {
                    throw new Exception("暂不支持" + tomcatProperties.getKeyType() + "类型密钥");
                }
                addBCECHttpsPort(tomcatProperties);
            }
        } catch (IOException e) {
            logger.error("获取配置信息失败", e);
        }
    }

    public static void getSignCert(String str, String str2) throws Exception {
        for (X509Certificate x509Certificate : getCertsByCertChain(GMSSLFileUtils.fileToString(new File(str), "utf-8"))) {
            if (!GMSSLX509Utils.isCACertificate(x509Certificate)) {
                GMSSLX509Utils.writeCertificateToCer(str2 + "/", "sign", x509Certificate);
                GMSSLX509Utils.writeCertificateToPem(str2 + "/", "sign", x509Certificate);
                System.out.println("已将证书写入至" + str2 + "路径下");
            }
        }
    }

    public static void addRSAHttpsPort(TomcatPropertiesEntry tomcatPropertiesEntry, String str) throws Exception {
        ToolsCertBean commonCert = getCommonCert(tomcatPropertiesEntry.getEncCertPath(), tomcatPropertiesEntry.getEncPrivateKey(), tomcatPropertiesEntry.getSignCertPath(), false);
        GMSSLTomcatUtils.openHttpsPortByJKSWithRSA(commonCert.getRootCerts(), commonCert.getSignCert(), commonCert.getEncCert(), tomcatPropertiesEntry.getSignPrivateKey(), tomcatPropertiesEntry.getEncPrivateKey(), tomcatPropertiesEntry.getTomcatPath(), tomcatPropertiesEntry.getHttpsPort());
        System.out.println("已配置" + tomcatPropertiesEntry.getTomcatPath() + "路径下Tomcat的" + tomcatPropertiesEntry.getHttpsPort() + "端口为TLSV1.2类型的Https通道");
    }

    public static void addBCECHttpsPort(TomcatPropertiesEntry tomcatPropertiesEntry) throws Exception {
        ToolsCertBean commonCert = getCommonCert(tomcatPropertiesEntry.getEncCertPath(), tomcatPropertiesEntry.getEncPrivateKey(), tomcatPropertiesEntry.getSignCertPath(), true);
        GMSSLTomcatUtils.openHttpsPortByBC(commonCert.getRootCerts(), commonCert.getSignCert(), commonCert.getEncCert(), tomcatPropertiesEntry.getSignPrivateKey(), tomcatPropertiesEntry.getEncPrivateKey(), tomcatPropertiesEntry.getTomcatPath(), tomcatPropertiesEntry.getHttpsPort());
        System.out.println("已配置" + tomcatPropertiesEntry.getTomcatPath() + "路径下Tomcat的" + tomcatPropertiesEntry.getHttpsPort() + "端口为GMSSLV1.1类型的Https通道");
    }

    public static void addECHttpsPort(TomcatPropertiesEntry tomcatPropertiesEntry) throws Exception {
        try {
            X509Certificate readCertificateFromCerByte = GMSSLX509Utils.readCertificateFromCerByte(GMSSLByteArrayUtils.base64Decode(getEncCertByEnvelopData(Integer.valueOf(tomcatPropertiesEntry.getEncKeyIndex()), tomcatPropertiesEntry.getEncPriKey(), GMSSLFileUtils.readFileToByte(tomcatPropertiesEntry.getEncCertPath()), true, null)));
            X509Certificate x509Certificate = null;
            ArrayList arrayList = new ArrayList();
            try {
                for (X509Certificate x509Certificate2 : getCertsByCertChain(GMSSLFileUtils.fileToString(new File(tomcatPropertiesEntry.getSignCertPath()), "utf-8"))) {
                    if (x509Certificate2.getSubjectX500Principal().equals(readCertificateFromCerByte.getSubjectX500Principal())) {
                        x509Certificate = x509Certificate2;
                    } else {
                        arrayList.add(x509Certificate2);
                    }
                }
                GMSSLTomcatUtils.openHttpsPortByYunHsm(arrayList, x509Certificate, readCertificateFromCerByte, tomcatPropertiesEntry.getEncKeyIndex(), tomcatPropertiesEntry.getEncPriKey(), tomcatPropertiesEntry.getTomcatPath(), tomcatPropertiesEntry.getHttpsPort());
                System.out.println("已配置" + tomcatPropertiesEntry.getTomcatPath() + "路径下Tomcat" + tomcatPropertiesEntry.getHttpsPort() + "GMSSLSDFYUNHSMV1.1类型的Https通道");
            } catch (Exception e) {
                logger.error("解析签名证书链失败", e);
            }
        } catch (Exception e2) {
            logger.error("解析加密证书链失败", e2);
        }
    }

    private static ToolsCertBean getCommonCert(String str, PrivateKey privateKey, String str2, boolean z) throws Exception {
        ToolsCertBean toolsCertBean = new ToolsCertBean();
        try {
            X509Certificate readCertificateFromCerByte = GMSSLX509Utils.readCertificateFromCerByte(GMSSLByteArrayUtils.base64Decode(getEncCertByEnvelopData(null, null, GMSSLFileUtils.readFileToByte(str), privateKey instanceof BCECPrivateKey, privateKey)));
            X509Certificate x509Certificate = null;
            ArrayList arrayList = new ArrayList();
            try {
                for (X509Certificate x509Certificate2 : getCertsByCertChain(GMSSLFileUtils.fileToString(new File(str2), "utf-8"))) {
                    if (x509Certificate2.getSubjectX500Principal().equals(readCertificateFromCerByte.getSubjectX500Principal())) {
                        x509Certificate = x509Certificate2;
                    } else {
                        arrayList.add(x509Certificate2);
                    }
                }
                toolsCertBean.setEncCert(readCertificateFromCerByte);
                toolsCertBean.setSignCert(x509Certificate);
                toolsCertBean.setRootCerts(arrayList);
                return toolsCertBean;
            } catch (Exception e) {
                logger.error("解析签名证书链失败", e);
                throw new Exception("解析签名证书链失败", e);
            }
        } catch (Exception e2) {
            logger.error("解析加密证书链失败", e2);
            throw new Exception("解析加密证书链失败", e2);
        }
    }

    public X509Certificate getEncCert(int i, String str, String str2) throws Exception {
        return GMSSLX509Utils.readCertificateFromCerByte(GMSSLByteArrayUtils.base64Decode(getEncCertByEnvelopData(Integer.valueOf(i), str, GMSSLFileUtils.readFileToByte(str2), true, null)));
    }

    public static List<X509Certificate> getCertsByCertChain(String str) throws CMSException, CertificateException {
        String replaceFirst = str.replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", "");
        ArrayList arrayList = new ArrayList();
        Iterator it = new CMSSignedData(Base64.decode(replaceFirst)).getCertificates().getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static TomcatPropertiesEntry getTomcatProperties(String str) throws IOException {
        TomcatPropertiesEntry tomcatPropertiesEntry = new TomcatPropertiesEntry();
        JSONObject jSONObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str), "UTF-8")).getJSONObject("Tomcat");
        tomcatPropertiesEntry.setTomcatPath(jSONObject.getString("tomcatPath"));
        tomcatPropertiesEntry.setRootCertPath(jSONObject.getString("rootCertPath"));
        tomcatPropertiesEntry.setSignCertPath(jSONObject.getString("signCertPath"));
        tomcatPropertiesEntry.setEncCertPath(jSONObject.getString("encCertPath"));
        tomcatPropertiesEntry.setEncKeyIndex(jSONObject.getInteger("encKeyIndex").intValue());
        tomcatPropertiesEntry.setEncPriKey(jSONObject.getString("encPriKey"));
        tomcatPropertiesEntry.setHttpsPort(jSONObject.getInteger("httpsPort").intValue());
        tomcatPropertiesEntry.setCryptoType(jSONObject.getString("cryptoType"));
        tomcatPropertiesEntry.setKeyType(jSONObject.getString("keyType"));
        tomcatPropertiesEntry.setEncPriKeyPath(jSONObject.getString("encPriKeyPath"));
        tomcatPropertiesEntry.setSignPriKeyPath(jSONObject.getString("signPriKeyPath"));
        return tomcatPropertiesEntry;
    }

    public static String getEncCertByEnvelopData(Integer num, String str, byte[] bArr, boolean z, PrivateKey privateKey) throws Exception {
        SM2EnvelopedData sM2EnvelopedData = SM2EnvelopedData.getInstance(Base64.decode(bArr));
        ASN1Set recipientInfos = sM2EnvelopedData.getRecipientInfos();
        recipientInfos.getObjectAt(0);
        ASN1Sequence objectAt = recipientInfos.getObjectAt(0);
        DEROctetString dEROctetString = null;
        for (int i = 0; i < objectAt.size(); i++) {
            ASN1Encodable objectAt2 = objectAt.getObjectAt(i);
            if (objectAt2 instanceof DEROctetString) {
                dEROctetString = (DEROctetString) objectAt2;
            }
        }
        ASN1OctetString encryptedContent = sM2EnvelopedData.getEncryptedContentInfo().getEncryptedContent();
        String base64String = Base64.toBase64String(dEROctetString.getOctets());
        return GMSSLSM4ECBEncryptUtils.decryptByBCWithPKCS7Padding(z ? privateKey != null ? GMSSLSM2EncryptUtils.decryptASN1ByBC(privateKey, base64String) : GMSSLSM2EncryptUtils.decryptASN1ByYunhsm(num.intValue(), str, base64String) : GMSSLRSAEncryptUtils.decryptDataPKCS1ByBC(privateKey, base64String), Base64.toBase64String(encryptedContent.getOctets()));
    }

    public static void writeKeyJson(String str, String str2, String str3, List<X509Certificate> list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            try {
                arrayList.add(getPemObjectString(list.get(i)));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        jSONArray.addAll(arrayList);
        jSONObject.put(str3, jSONArray);
        System.out.println(jSONObject.toJSONString());
        createJsonFile(jSONObject.toString(), str, str2);
    }

    public static String getPemObjectString(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        GMSSLX509Utils.writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static boolean createJsonFile(String str, String str2, String str3) {
        boolean z = true;
        try {
            File file = new File(str2 + File.separator + str3);
            if (!file.getParentFile().exists()) {
                file.getParentFile().mkdirs();
            }
            if (file.exists()) {
                file.delete();
            }
            file.createNewFile();
            if (str.indexOf("'") != -1) {
                str = str.replaceAll("'", "\\'");
            }
            if (str.indexOf("\"") != -1) {
                str = str.replaceAll("\"", "\\\"");
            }
            if (str.indexOf("\r\n") != -1) {
                str = str.replaceAll("\r\n", "\\u000d\\u000a");
            }
            if (str.indexOf("\n") != -1) {
                str = str.replaceAll("\n", "\\u000a");
            }
            String formatJson = GMSSLYunHsmUtils.formatJson(str);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(file), "UTF-8");
            outputStreamWriter.write(formatJson);
            outputStreamWriter.flush();
            outputStreamWriter.close();
        } catch (Exception e) {
            z = false;
            e.printStackTrace();
        }
        return z;
    }

    public static void generateP10(int i, String str, String str2, String str3) throws Exception {
        System.out.println("将随机生成" + i + "bits的RSA公钥");
        System.out.println("生成的P10 DN为" + str);
        System.out.println("生成的P10 签名算法为" + str2.toUpperCase());
        KeyPair generateKeyPairByBC = GMSSLRSAKeyUtils.generateKeyPairByBC(i);
        KeyPair generateKeyPairByBC2 = GMSSLRSAKeyUtils.generateKeyPairByBC(i);
        PKCS10CertificationRequest generateP10SignByBC = GMSSLP10Utils.generateP10SignByBC(str, generateKeyPairByBC.getPublic(), generateKeyPairByBC.getPrivate(), str2);
        GMSSLX509Utils.writePublicKeyToDat(str3, "server_enc.dat", generateKeyPairByBC2.getPublic());
        GMSSLP10Utils.writeP10ToFile(str3, "server_sign", generateP10SignByBC);
        GMSSLX509Utils.writePrivateKeyToPem(str3, "sign_key", generateKeyPairByBC.getPrivate());
        GMSSLX509Utils.writePrivateKeyToPem(str3, "enc_key", generateKeyPairByBC2.getPrivate());
        System.out.println("已生成相关文件在" + str3 + "路径下");
    }

    public static void generateSm2P10(String str, String str2) throws Exception {
        System.out.println("将随机生成SM2公钥");
        System.out.println("生成的P10 DN为" + str);
        KeyPair generateSM2KeyPairByBC = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        KeyPair generateSM2KeyPairByBC2 = GMSSLSM2KeyUtils.generateSM2KeyPairByBC();
        PKCS10CertificationRequest generateP10SignByBC = GMSSLP10Utils.generateP10SignByBC(str, generateSM2KeyPairByBC.getPublic(), generateSM2KeyPairByBC.getPrivate(), GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName());
        GMSSLX509Utils.writePublicKeyToDat(str2, "server_enc.dat", generateSM2KeyPairByBC2.getPublic());
        GMSSLP10Utils.writeP10ToFile(str2, "server_sign", generateP10SignByBC);
        GMSSLX509Utils.writePrivateKeyToPem(str2, "sign_key", generateSM2KeyPairByBC.getPrivate());
        GMSSLX509Utils.writePrivateKeyToPem(str2, "enc_key", generateSM2KeyPairByBC2.getPrivate());
        System.out.println("已生成相关文件在" + str2 + "路径下");
    }

    public static void getPriKeyStore(String str) throws Exception {
        try {
            KeyStorePropertiesEntry keyStoreEntry = getKeyStoreEntry(str);
            System.out.println(keyStoreEntry.toString());
            ToolsCertBean commonCert = getCommonCert(keyStoreEntry.getEncCertPath(), keyStoreEntry.getEncPrivateKey(), keyStoreEntry.getSignCertPath(), false);
            GMSSLKeyStoreUtils.saveGMSSLKeyStore(keyStoreEntry.getEncPrivateKey() instanceof BCECPrivateKey ? GMSSLKeyStoreUtils.generateGMSSLKeyStoreWithBKS("password", commonCert.getRootCerts().get(0), "sign", keyStoreEntry.getSignPrivateKey(), commonCert.getSignCert(), "enc", keyStoreEntry.getEncPrivateKey(), commonCert.getEncCert()) : GMSSLKeyStoreUtils.generateGMSSLKeyStoreWithJKS("password", commonCert.getRootCerts().get(0), "sign", keyStoreEntry.getSignPrivateKey(), commonCert.getSignCert(), "enc", keyStoreEntry.getEncPrivateKey(), commonCert.getEncCert()), "password", keyStoreEntry.getWritePath(), "privateKey");
            System.out.println("已生成相关文件privateKey.keystore在" + keyStoreEntry.getWritePath() + "路径下");
        } catch (IOException e) {
            logger.error("获取配置信息失败", e);
        }
    }

    public static KeyStorePropertiesEntry getKeyStoreEntry(String str) throws IOException {
        KeyStorePropertiesEntry keyStorePropertiesEntry = new KeyStorePropertiesEntry();
        JSONObject jSONObject = JSONObject.parseObject(FileUtils.readFileToString(new File(str), "UTF-8")).getJSONObject("keystore");
        keyStorePropertiesEntry.setWritePath(jSONObject.getString("writePath"));
        keyStorePropertiesEntry.setSignCertPath(jSONObject.getString("signCertPath"));
        keyStorePropertiesEntry.setEncCertPath(jSONObject.getString("encCertPath"));
        keyStorePropertiesEntry.setEncPriKeyPath(jSONObject.getString("encPriKeyPath"));
        keyStorePropertiesEntry.setSignPriKeyPath(jSONObject.getString("signPriKeyPath"));
        return keyStorePropertiesEntry;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
