package com.xdja.ca.utils;

import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ca-sdk-0.0.1-SNAPSHOT.jar:com/xdja/ca/utils/SdkCertUtils.class */
public class SdkCertUtils {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String PKCS7_HEAD = "-----BEGIN PKCS7-----";
    public static final String PKCS7_TAIL = "-----END PKCS7-----";
    public static final String PUBLIC_KEY_HEAD = "-----BEGIN PUBLIC KEY-----";
    public static final String PUBLIC_KEY_TAIL = "-----END PUBLIC KEY-----";
    private static Logger logger;

    public static String getIssuerByX509Certold(X509Certificate x509Certificate) throws NamingException {
        try {
            return DnUtil.getRFC4519X500Name(x509Certificate.getIssuerX500Principal().getName()).toString();
        } catch (NamingException e) {
            return null;
        }
    }

    public static String getIssuerByX509Cert(X509Certificate x509Certificate) {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
            int i = 0;
            if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
                i = -1;
            }
            return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 3).toASN1Primitive()).toString();
        } catch (CertificateEncodingException e) {
            logger.error("从x509证书中获取签发者信息", (Throwable) e);
            return null;
        }
    }

    public static String getSubjectByCertStr(String str) throws NamingException {
        return DnUtil.getRFC4519X500Name(getCertFromStr(str).getSubjectX500Principal().getName()).toString();
    }

    public static String getSubjectByX509Certold(X509Certificate x509Certificate) {
        try {
            return DnUtil.getRFC4519X500Name(x509Certificate.getSubjectX500Principal().getName()).toString();
        } catch (NamingException e) {
            return null;
        }
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
            int i = 0;
            if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
                i = -1;
            }
            return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 5).toASN1Primitive()).toString();
        } catch (CertificateEncodingException e) {
            logger.error("从x509证书中获取使用者DN异常", (Throwable) e);
            return null;
        }
    }

    public static X509Certificate getCertFromStr16(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(hex2byte(str)));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static byte[] hex2byte(String str) {
        StringBuffer stringBuffer;
        int length;
        if (null == str || str.equals("") || (length = (stringBuffer = new StringBuffer(str.trim())).length()) == 0 || length % 2 == 1) {
            return null;
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + stringBuffer.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                return null;
            }
        }
        return bArr;
    }

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromFullStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    public static X509Certificate getCertFromFullStr(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            System.err.println("getCertFromFullStr error: " + e.toString());
            return null;
        }
    }

    public static synchronized X509Certificate getCertFromB64(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (Exception e) {
            System.err.println("getCertFromB64 error: " + e.toString());
            return null;
        }
    }

    public static String getSn(X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber().toString(16).toLowerCase();
    }

    public static String getSnFillZero(X509Certificate x509Certificate) {
        String lowerCase = x509Certificate.getSerialNumber().toString(16).toLowerCase();
        if (lowerCase.length() % 2 != 0) {
            lowerCase = "0" + lowerCase;
        }
        return lowerCase;
    }

    public static String certToFullB64(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        String str = "";
        try {
            str = bytesToFullB64(certificate.getEncoded());
        } catch (Exception e) {
            System.err.println("certToFullB64 error:" + e.toString());
        }
        return str;
    }

    public static String bytesToFullB64(byte[] bArr) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.encode(bArr)) + "\n-----END CERTIFICATE-----\n";
        } catch (Exception e) {
            System.err.println("certDerToFullB64 error:" + e.toString());
            return null;
        }
    }

    public static String bytesToFullB642(byte[] bArr) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + new String(Base64.encode(bArr)) + "\n-----END CERTIFICATE-----\n";
        } catch (Exception e) {
            System.err.println("certDerToFullB64 error:" + e.toString());
            return null;
        }
    }

    public static X509Certificate convertDerCertToCert(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (null != x509Certificate) {
            return x509Certificate;
        }
        String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    public static final String convertHexStr2Base64(String str) {
        return new String(Base64.encode(hexStr2Bytes(str)));
    }

    private static final byte[] hexStr2Bytes(String str) {
        String upperCase = str.toUpperCase();
        int length = upperCase.length() / 2;
        char[] charArray = upperCase.toCharArray();
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) ((charToByte(charArray[i2]) << 4) | charToByte(charArray[i2 + 1]));
        }
        return bArr;
    }

    private static final byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }

    public static final boolean isSignCert(String str) {
        X509Certificate certFromB64 = getCertFromB64(str);
        if (null == certFromB64) {
            throw new IllegalArgumentException("证书转换非法");
        }
        return isSignCert(certFromB64);
    }

    public static final boolean isSignCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[0] || keyUsage[1];
    }

    public static final boolean isEncCert(String str) {
        X509Certificate certFromB64 = getCertFromB64(str);
        if (null == certFromB64) {
            throw new IllegalArgumentException("证书转换非法");
        }
        return isEncCert(certFromB64);
    }

    public static final boolean isEncCert(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[2] || keyUsage[3] || keyUsage[7] || keyUsage[8];
    }

    public static List<X509Certificate> getCertListFromB64(byte[] bArr) {
        CertificateFactory certificateFactory = null;
        List<X509Certificate> list = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            list = (List) certificateFactory.generateCertificates(byteArrayInputStream);
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (null != list && list.size() != 0) {
            return sortCerts(list);
        }
        String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        try {
            byte[] decode = Base64.decode(replace);
            if (decode == null || decode.length == 0) {
                decode = hex2byte(replace);
            }
            list = (List) certificateFactory.generateCertificates(new ByteArrayInputStream(decode));
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        return null != list ? sortCerts(list) : list;
    }

    public static List<Certificate> getSortCertListFromB64(String str) {
        try {
            Iterator it = ((List) CertificateFactory.getInstance("X.509", "BC").generateCertificates(new ByteArrayInputStream(Base64.decode(str)))).iterator();
            ArrayList arrayList = new ArrayList();
            while (it.hasNext()) {
                arrayList.add((Certificate) it.next());
            }
            return sortCerts(arrayList);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static final boolean verifyCertIssueCa(String str, String str2) {
        try {
            getCertFromStr(str).verify(getCertFromStr(str2).getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static Date[] computeNotBeforeAndAfter(int i, X509Certificate x509Certificate) {
        if (i < 1 || i > 10950) {
            i = 10950;
        }
        Date date = new Date();
        long time = date.getTime() + (86400000 * i);
        if (time > x509Certificate.getNotAfter().getTime()) {
            time = x509Certificate.getNotAfter().getTime();
        }
        if (date.getTime() > time) {
            return null;
        }
        return new Date[]{date, new Date(time)};
    }

    public static PublicKey convertSM2PublicKey(String str) throws Exception {
        byte[] decode = Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""));
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertSM2PublicKey(bArr, bArr2);
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(GMSSLX509Utils.ECC_SM2_NAME);
        return new BCECPublicKey(GMSSLX509Utils.ECC_SM2_NAME, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static PublicKey getPublicKeyFromSubjectPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) throws Exception {
        if (subjectPublicKeyInfo.getPublicKeyData().equals(DERNull.INSTANCE)) {
            return null;
        }
        try {
            return KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId(), str).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()));
        } catch (Exception e) {
            InvalidKeyException invalidKeyException = new InvalidKeyException("Error decoding public key.");
            invalidKeyException.initCause(e);
            throw invalidKeyException;
        }
    }

    public static PublicKey convertECPublicKey(String str, String str2) throws Exception {
        byte[] decode = Base64.decode(str);
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertECPublicKey(bArr, bArr2, str2);
    }

    public static PublicKey convertECPublicKey(byte[] bArr, byte[] bArr2, String str) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        return new BCECPublicKey(str, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static byte[] writeObjectToByteArray(X509Certificate x509Certificate) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GMSSLX509Utils.writePEM(x509Certificate, new OutputStreamWriter(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] byteMergerAll(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        logger = LoggerFactory.getLogger((Class<?>) SdkCertUtils.class);
    }
}
