package com.xdja.pki.ldap;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.net.URL;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.jcajce.util.MessageDigestUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509CertificatePair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldap-core-0.0.8-SNAPSHOT.jar:com/xdja/pki/ldap/X509Utils.class */
public class X509Utils {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) X509Utils.class);
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";

    public static String getIssuerByX509Cert(X509Certificate x509Certificate) {
        return DnUtil.getRFC4519X500Name(x509Certificate.getIssuerX500Principal().getName()).toString();
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) {
        return DnUtil.getRFC4519X500Name(x509Certificate.getSubjectX500Principal().getName()).toString();
    }

    public static String getCommonName(X500Name x500Name) {
        return x500Name.getRDNs()[0].getFirst().getValue().toString();
    }

    public static String getIssuerByX509CRL(X509CRL x509crl) {
        return DnUtil.getRFC4519X500Name(x509crl.getIssuerX500Principal().getName()).toString();
    }

    public static String transformCommaInDNValues(String str) {
        String[] split = str.split(",");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < split.length; i++) {
            String str2 = split[i];
            if (str2.contains("=")) {
                arrayList.add(str2);
            } else {
                String str3 = (String) arrayList.get(i - 1);
                arrayList.remove(i - 1);
                arrayList.add(str3 + "\\," + str2);
            }
        }
        String str4 = "";
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            str4 = str4 + arrayList.get(i2);
            if (i2 < arrayList.size() - 1) {
                str4 = str4 + ",";
            }
        }
        return str4;
    }

    public static boolean isCACertificate(X509Certificate x509Certificate) {
        int basicConstraints = x509Certificate.getBasicConstraints();
        logger.debug(getSubjectByX509Cert(x509Certificate) + ": basic constraints is " + basicConstraints + " is ca " + (basicConstraints >= 0));
        return basicConstraints >= 0;
    }

    public static boolean isDRL(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        return criticalExtensionOIDs != null && criticalExtensionOIDs.contains(Extension.deltaCRLIndicator.getId());
    }

    public static boolean isARL(X509CRL x509crl) throws IOException {
        byte[] extensionValue = x509crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
        if (extensionValue == null) {
            return false;
        }
        return IssuingDistributionPoint.getInstance(new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject()).onlyContainsCACerts();
    }

    public static List<Certificate> convertCertificate(List<X509Certificate> list) throws CertificateEncodingException, IOException {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(convertCertificate(it.next()));
        }
        return arrayList;
    }

    public static Certificate convertCertificate(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getEncoded()));
    }

    public static X509Certificate convertCertificate(Certificate certificate) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
    }

    public static X509CRL converCRL(CertificateList certificateList) throws Exception {
        return (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(new ByteArrayInputStream(certificateList.getEncoded()));
    }

    public static CertificateList converCRL(X509CRL x509crl) throws Exception {
        return CertificateList.getInstance(ASN1Primitive.fromByteArray(x509crl.getEncoded()));
    }

    public static X509CertificatePair convertCertificatePair(sun.security.provider.certpath.X509CertificatePair x509CertificatePair) throws Exception {
        return new X509CertificatePair(x509CertificatePair.getForward(), x509CertificatePair.getReverse());
    }

    public static sun.security.provider.certpath.X509CertificatePair convertCertificatePair(X509CertificatePair x509CertificatePair) throws Exception {
        return new sun.security.provider.certpath.X509CertificatePair(x509CertificatePair.getForward(), x509CertificatePair.getReverse());
    }

    public static DERSequence toSequence(ASN1Encodable[] aSN1EncodableArr) {
        if (aSN1EncodableArr == null) {
            return null;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (ASN1Encodable aSN1Encodable : aSN1EncodableArr) {
            aSN1EncodableVector.add(aSN1Encodable);
        }
        return new DERSequence(aSN1EncodableVector);
    }

    public static byte[] messageDigest(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws NoSuchProviderException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestUtils.getDigestName(aSN1ObjectIdentifier), "BC");
        messageDigest.update(bArr, 0, bArr.length);
        return messageDigest.digest();
    }

    public static void writePEM(Object obj, Writer writer) throws Exception {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        jcaPEMWriter.writeObject(obj);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
    }

    public static void printCertificate(X509Certificate x509Certificate) throws Exception {
        writePEM(x509Certificate, new StringWriter());
    }

    public static void writeCertificate(String str, String str2, X509Certificate x509Certificate) throws Exception {
        String str3 = str + str2 + ".cer";
        FileOutputStream fileOutputStream = new FileOutputStream(str3);
        fileOutputStream.write(x509Certificate.getEncoded());
        fileOutputStream.close();
        logger.debug(str3 + " write cer done!");
        String str4 = str + str2 + ".pem";
        writePEM(x509Certificate, new FileWriter(str4));
        logger.debug(str4 + " write pem done!");
    }

    public static void writeCertificatePem(String str, String str2, X509Certificate x509Certificate) throws Exception {
        String str3 = str + str2 + ".pem";
        writePEM(x509Certificate, new FileWriter(str3));
        logger.debug(str3 + " write pem done!");
    }

    public static void appendCertificateToPem(String str, X509Certificate x509Certificate) throws Exception {
        JSONObject readJSONFile = readJSONFile(str);
        readJSONFile.getJSONArray("caCerts").add(getPemObjectString(x509Certificate));
        writeJSONFile(str, readJSONFile);
    }

    public static void writePrivateKey(String str, String str2, KeyPair keyPair) throws Exception {
        String str3 = str + str2 + "_key.pem";
        writePEM(keyPair, new FileWriter(str3));
        logger.debug(str3 + " write key pem done!");
    }

    public static PEMParser getPEMParser(String str) throws Exception {
        InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
        if (systemResourceAsStream == null) {
            systemResourceAsStream = new FileInputStream(str);
        }
        return new PEMParser(new InputStreamReader(systemResourceAsStream));
    }

    public static KeyPair getKeyPairFromPEM(String str) throws Exception {
        return new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair) getPEMParser(str).readObject());
    }

    public static X509Certificate getX509CertificateFromPEM(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(((X509CertificateHolder) getPEMParser(str).readObject()).getEncoded()));
    }

    public static X509Certificate getX509CertificateFromPath(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new FileInputStream(getFileFromPath(str)));
    }

    public static List<X509Certificate> getX509CertificateListFromP7B(String str) throws Exception {
        String replaceFirst = FileUtils.readFileToString(getFileFromPath(str), "UTF-8").replaceFirst("-----BEGIN PKCS7-----", "").replaceFirst("-----END PKCS7-----", "");
        ArrayList arrayList = new ArrayList();
        Iterator it = new CMSSignedData(Base64.decode(replaceFirst)).getCertificates().getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static void convertP7BToCaPemJson(String str, String str2) throws Exception {
        int lastIndexOf = str2.lastIndexOf("/");
        String substring = str2.substring(0, lastIndexOf);
        String substring2 = str2.substring(lastIndexOf + 1);
        new ArrayList();
        writeKeyJson(substring, substring2, "caCerts", getX509CertificateListFromP7B(str));
    }

    public static void writeKeyJson(String str, String str2, String str3, List<X509Certificate> list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            try {
                arrayList.add(getPemObjectString(list.get(i)));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        jSONArray.addAll(arrayList);
        jSONObject.put(str3, jSONArray);
        System.out.println(jSONObject.toJSONString());
        createJsonFile(jSONObject.toString(), str, str2);
    }

    public static boolean createJsonFile(String str, String str2, String str3) {
        boolean z = true;
        try {
            File file = new File(str2 + "/" + str3);
            if (!file.getParentFile().exists()) {
                file.getParentFile().mkdirs();
            }
            if (file.exists()) {
                file.delete();
            }
            file.createNewFile();
            if (str.indexOf("'") != -1) {
                str = str.replaceAll("'", "\\'");
            }
            if (str.indexOf("\"") != -1) {
                str = str.replaceAll("\"", "\\\"");
            }
            if (str.indexOf("\r\n") != -1) {
                str = str.replaceAll("\r\n", "\\u000d\\u000a");
            }
            if (str.indexOf("\n") != -1) {
                str = str.replaceAll("\n", "\\u000a");
            }
            String formatJson = GMSSLYunHsmUtils.formatJson(str);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(file), "UTF-8");
            outputStreamWriter.write(formatJson);
            outputStreamWriter.flush();
            outputStreamWriter.close();
        } catch (Exception e) {
            z = false;
            e.printStackTrace();
        }
        return z;
    }

    public static String createCertChainByCerts(List<X509Certificate> list) throws Exception {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray("".getBytes());
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(list));
        return new String(Base64.encode(cMSSignedDataGenerator.generate(cMSProcessableByteArray).getEncoded()));
    }

    public static List<X509Certificate> getCertsByCertChain(String str) throws Exception {
        CMSSignedData cMSSignedData;
        ArrayList arrayList = new ArrayList();
        try {
            cMSSignedData = new CMSSignedData(Base64.decode(str));
        } catch (Exception e) {
            cMSSignedData = new CMSSignedData(str.getBytes());
        }
        Iterator it = cMSSignedData.getCertificates().getMatches((Selector) null).iterator();
        while (it.hasNext()) {
            arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static X509Certificate getCertFromPemString(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace(CERT_HEAD, "").replace(CERT_TAIL, "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", ""))));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getPemObjectString(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static File getFileFromPath(String str) {
        URL systemResource = ClassLoader.getSystemResource(str);
        return new File(systemResource != null ? systemResource.getPath() : str);
    }

    public static JSONObject readJSONFile(String str) throws IOException {
        return JSONObject.parseObject(FileUtils.readFileToString(getFileFromPath(str), "UTF-8"));
    }

    public static void writeJSONFile(String str, JSONObject jSONObject) throws IOException {
        FileUtils.writeStringToFile(getFileFromPath(str), jSONObject.toJSONString());
    }

    public static List<X509Certificate> getX509CertificateListFromFile(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = readJSONFile(str).getJSONArray("caCerts");
        for (int i = 0; i < jSONArray.size(); i++) {
            arrayList.add(getCertFromPemString((String) jSONArray.get(i)));
        }
        return arrayList;
    }

    public static X509Certificate getX509CertificateFromCer(String str) throws Exception {
        InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
        if (systemResourceAsStream == null) {
            systemResourceAsStream = new FileInputStream(str);
        }
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(systemResourceAsStream);
    }

    public static boolean verifyPublicKey(List<X509Certificate> list, X509Certificate x509Certificate) throws Exception {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getPublicKey().equals(x509Certificate.getPublicKey())) {
                return true;
            }
        }
        return false;
    }

    public static boolean verifyCert(List<X509Certificate> list, X509Certificate x509Certificate) throws Exception {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (verifyCert(it.next(), x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public static boolean verifyCRL(X509CRL x509crl, List<X509Certificate> list) throws Exception {
        for (int i = 0; i < list.size(); i++) {
            if (verifyCRL(x509crl, list.get(i).getPublicKey())) {
                return true;
            }
        }
        return false;
    }

    public static boolean verifyCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        return verifyCert(x509Certificate2, x509Certificate.getPublicKey());
    }

    public static boolean verifyCert(X509Certificate x509Certificate, PublicKey publicKey) throws Exception {
        ContentVerifierProvider build = new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey);
        try {
            Certificate convertCertificate = convertCertificate(x509Certificate);
            ContentVerifier contentVerifier = build.get(convertCertificate.getSignatureAlgorithm());
            contentVerifier.getOutputStream().write(convertCertificate.getTBSCertificate().getEncoded());
            return contentVerifier.verify(convertCertificate.getSignature().getOctets());
        } catch (Exception e) {
            logger.error("exception processing signature: ", (Throwable) e);
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    public static boolean verifyCRL(X509CRL x509crl, PublicKey publicKey) throws Exception {
        ContentVerifierProvider build = new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey);
        try {
            CertificateList converCRL = converCRL(x509crl);
            ContentVerifier contentVerifier = build.get(converCRL.getSignatureAlgorithm());
            contentVerifier.getOutputStream().write(converCRL.getTBSCertList().getEncoded());
            return contentVerifier.verify(converCRL.getSignature().getOctets());
        } catch (Exception e) {
            logger.error("exception processing signature: ", (Throwable) e);
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
