package com.xdja.ra.utils;

import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/ra/utils/CertUtils.class */
public class CertUtils {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String PUBLIC_KEY_HEAD = "-----BEGIN PUBLIC KEY-----";
    public static final String PUBLIC_KEY_TAIL = "-----END PUBLIC KEY-----";
    private static Logger logger = LoggerFactory.getLogger(CertUtils.class);
    private static String provider = new BouncyCastleProvider().getName();

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromNormalStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    private static synchronized X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", provider).generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            logger.error("getCertFromB64 error: {}", e.toString());
            return null;
        }
    }

    private static synchronized X509Certificate getCertFromStr16(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", provider).generateCertificate(new ByteArrayInputStream(hex2byte(str)));
        } catch (Exception e) {
            logger.error("getCertFromFullStr error: {}", e.toString());
            return null;
        }
    }

    public static byte[] hex2byte(String str) {
        StringBuffer stringBuffer;
        int length;
        if (null == str || "".equals(str) || (length = (stringBuffer = new StringBuffer(str.trim())).length()) == 0 || length % 2 == 1) {
            return null;
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + stringBuffer.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                return null;
            }
        }
        return bArr;
    }

    private static synchronized X509Certificate getCertFromNormalStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", provider).generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            logger.error("getCertFromFullStr error: {}", e.toString());
            return null;
        }
    }

    public static PublicKey convertSM2PublicKey(String str) throws Exception {
        byte[] decode = Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", ""));
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertSM2PublicKey(bArr, bArr2);
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(GMSSLX509Utils.ECC_SM2_NAME);
        return new BCECPublicKey(GMSSLX509Utils.ECC_SM2_NAME, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static List<X509Certificate> getCertListFromB64(byte[] bArr) {
        if (null == bArr) {
            return null;
        }
        InputStream inputStream = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                List list = (List) certificateFactory.generateCertificates(byteArrayInputStream);
                if (list.size() != 0 && null != list) {
                    List<X509Certificate> sortCerts = sortCerts(list);
                    if (null != byteArrayInputStream) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e) {
                            logger.error("获取证书列表异常", e);
                        }
                    }
                    return sortCerts;
                }
                String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", "");
                byte[] decode = Base64.decode(replace);
                if (decode == null || decode.length == 0) {
                    decode = hex2byte(replace);
                }
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(decode);
                List<X509Certificate> list2 = (List) certificateFactory.generateCertificates(byteArrayInputStream2);
                if (null == list2 || list2.size() == 0) {
                    if (null != byteArrayInputStream2) {
                        try {
                            byteArrayInputStream2.close();
                        } catch (Exception e2) {
                            logger.error("获取证书列表异常", e2);
                        }
                    }
                    return list2;
                }
                List<X509Certificate> sortCerts2 = sortCerts(list2);
                if (null != byteArrayInputStream2) {
                    try {
                        byteArrayInputStream2.close();
                    } catch (Exception e3) {
                        logger.error("获取证书列表异常", e3);
                    }
                }
                return sortCerts2;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Exception e4) {
                        logger.error("获取证书列表异常", e4);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            logger.error("获取证书列表异常", e5);
            throw new RuntimeException("获取证书列表异常");
        }
    }

    /* JADX WARN: Finally extract failed */
    public static List<Certificate> getSortCertListFromB64(String str) {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
                Iterator it = ((List) certificateFactory.generateCertificates(byteArrayInputStream)).iterator();
                ArrayList arrayList = new ArrayList();
                while (it.hasNext()) {
                    arrayList.add((Certificate) it.next());
                }
                List<Certificate> sortCerts = sortCerts(arrayList);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        logger.error("关闭文件流异常", e);
                    }
                }
                return sortCerts;
            } catch (Exception e2) {
                logger.error("获取排序证书链异常", e2);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                        logger.error("关闭文件流异常", e3);
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static List<X509Certificate> getCertListFromP7b(byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration objects = SignedData.getInstance(new ContentInfo(ASN1Sequence.getInstance(bArr)).getContent()).getCertificates().getObjects();
            while (objects.hasMoreElements()) {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ASN1InputStream(((ASN1Encodable) objects.nextElement()).toASN1Primitive().getEncoded())));
            }
            return sortCerts(arrayList);
        } catch (Exception e) {
            throw new RuntimeException();
        }
    }

    public static X509Certificate convertUploadFileToCert(byte[] bArr) {
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2 = null;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            } catch (Exception e) {
                logger.error("证书转换异常", e);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                        logger.error("关闭文件流异常", e2);
                    }
                }
            }
            if (null != x509Certificate) {
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                        logger.error("关闭文件流异常", e3);
                    }
                }
                return x509Certificate;
            }
            String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace("\r", "").replace("\n", "").replace("\\r", "").replace("\\n", "");
            x509Certificate2 = getCertFromB64(replace);
            if (x509Certificate2 == null) {
                x509Certificate2 = getCertFromStr16(replace);
            }
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", e4);
                }
            }
            return x509Certificate2;
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e5) {
                    logger.error("关闭文件流异常", e5);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static CMPCertificate[] getCMPCert(Certificate certificate) throws CertificateEncodingException, IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(certificate.getEncoded());
        try {
            CMPCertificate[] cMPCertificateArr = {new CMPCertificate(org.bouncycastle.asn1.x509.Certificate.getInstance(aSN1InputStream.readObject().toASN1Primitive()))};
            aSN1InputStream.close();
            return cMPCertificateArr;
        } catch (Throwable th) {
            aSN1InputStream.close();
            throw th;
        }
    }

    public static String writeObject(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        GMSSLX509Utils.writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) throws NamingException {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
            int i = 0;
            if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
                i = -1;
            }
            return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 5).toASN1Primitive()).toString();
        } catch (CertificateEncodingException e) {
            logger.error("从x509证书中获取使用者DN异常", e);
            return null;
        }
    }

    public static byte[] writeObjectToByteArray(X509Certificate x509Certificate) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GMSSLX509Utils.writePEM(x509Certificate, new OutputStreamWriter(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }

    public static int getPublicKeyLength(byte[] bArr) throws Exception {
        X509Certificate certFromStr = getCertFromStr(new String(bArr));
        if (null == certFromStr) {
            throw new Exception();
        }
        KeyFactory keyFactory = KeyFactory.getInstance(certFromStr.getPublicKey().getAlgorithm());
        String algorithm = certFromStr.getPublicKey().getAlgorithm();
        if ("RSA".equalsIgnoreCase(algorithm)) {
            return ((RSAPublicKeySpec) keyFactory.getKeySpec(certFromStr.getPublicKey(), RSAPublicKeySpec.class)).getModulus().bitLength();
        }
        if ("EC".equalsIgnoreCase(algorithm)) {
            return 256;
        }
        throw new Exception();
    }

    public static int getPublicKeyLength(X509Certificate x509Certificate) throws Exception {
        return getPublicKeyLength(writeObjectToByteArray(x509Certificate));
    }

    static {
        try {
            Security.addProvider(new BouncyCastleProvider());
        } catch (Exception e) {
            logger.error("转换公钥异常", e);
        }
    }
}
