package com.xdja.pki.ra.core.util.cert;

import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.ra.core.asn1.NISTObjectIdentifiers;
import com.xdja.pki.ra.core.asn1.SM2ObjectIdentifiers;
import com.xdja.pki.ra.core.common.CertInfo;
import com.xdja.pki.ra.core.common.CommonVariable;
import com.xdja.pki.ra.core.constant.Constants;
import com.xdja.pki.ra.core.pkcs7.SignedAndEnvelopedData;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;
import org.springframework.web.multipart.MultipartFile;
import sun.security.rsa.RSAPrivateKeyImpl;
import sun.security.util.DerValue;

/* loaded from: input_file:WEB-INF/lib/ra-core-2.0.1-SNAPSHOT.jar:com/xdja/pki/ra/core/util/cert/CertUtils.class */
public class CertUtils {
    public static final String CERT_HEAD = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_TAIL = "-----END CERTIFICATE-----";
    public static final String PUBLIC_KEY_HEAD = "-----BEGIN PUBLIC KEY-----";
    public static final String PUBLIC_KEY_TAIL = "-----END PUBLIC KEY-----";
    private static String provider = new BouncyCastleProvider().getName();
    private static Logger logger = LoggerFactory.getLogger((Class<?>) CertUtils.class);

    public static X509Certificate getCertFromStr(String str) {
        String replace = str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
        X509Certificate certFromB64 = getCertFromB64(replace);
        if (certFromB64 == null) {
            certFromB64 = getCertFromNormalStr(replace);
        }
        if (certFromB64 == null) {
            certFromB64 = getCertFromStr16(replace);
        }
        return certFromB64;
    }

    private static synchronized X509Certificate getCertFromB64(String str) {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", provider);
                byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        logger.error("关闭文件流异常", (Throwable) e);
                    }
                }
                return x509Certificate;
            } catch (Exception e2) {
                logger.error("获取证书异常", (Throwable) e2);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                        logger.error("关闭文件流异常", (Throwable) e3);
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", (Throwable) e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    private static synchronized X509Certificate getCertFromStr16(String str) {
        byte[] hex2byte = hex2byte(str);
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", provider);
                byteArrayInputStream = new ByteArrayInputStream(hex2byte);
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        logger.error("关闭文件流异常", (Throwable) e);
                    }
                }
                return x509Certificate;
            } catch (Throwable th) {
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                        logger.error("关闭文件流异常", (Throwable) e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            logger.error("获取证书异常", (Throwable) e3);
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", (Throwable) e4);
                    return null;
                }
            }
            return null;
        }
    }

    public static byte[] hex2byte(String str) {
        StringBuffer stringBuffer;
        int length;
        if (null == str || "".equals(str) || (length = (stringBuffer = new StringBuffer(str.trim())).length()) == 0 || length % 2 == 1) {
            return null;
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            try {
                bArr[i / 2] = (byte) Integer.decode("0x" + stringBuffer.substring(i, i + 2)).intValue();
            } catch (Exception e) {
                logger.error("进制转换异常", (Throwable) e);
                return null;
            }
        }
        return bArr;
    }

    /* JADX WARN: Finally extract failed */
    private static synchronized X509Certificate getCertFromNormalStr(String str) {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", provider);
                byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        logger.error("关闭文件流异常", (Throwable) e);
                    }
                }
                return x509Certificate;
            } catch (Exception e2) {
                logger.error("获取证书异常", (Throwable) e2);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                        logger.error("关闭文件流异常", (Throwable) e3);
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", (Throwable) e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static PublicKey convertSM2PublicKey(String str) throws Exception {
        byte[] decode = Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", ""));
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertSM2PublicKey(bArr, bArr2);
    }

    public static PublicKey convertECPublicKey(String str, String str2) throws Exception {
        byte[] decode = Base64.decode(str);
        byte[] bArr = new byte[32];
        System.arraycopy(decode, 1, bArr, 0, 32);
        byte[] bArr2 = new byte[32];
        System.arraycopy(decode, 32 + 1, bArr2, 0, 32);
        return convertECPublicKey(bArr, bArr2, str2);
    }

    public static PublicKey convertECPublicKey(byte[] bArr, byte[] bArr2, String str) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(str);
        return new BCECPublicKey(str, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static PublicKey convertSM2PublicKey(byte[] bArr, byte[] bArr2) throws Exception {
        ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(GMSSLX509Utils.ECC_SM2_NAME);
        return new BCECPublicKey(GMSSLX509Utils.ECC_SM2_NAME, new ECPublicKeySpec(parameterSpec.getCurve().createPoint(BigIntegers.fromUnsignedByteArray(bArr), BigIntegers.fromUnsignedByteArray(bArr2)), parameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static List<X509Certificate> getCertListFromB64(byte[] bArr) {
        if (null == bArr) {
            return null;
        }
        InputStream inputStream = null;
        InputStream inputStream2 = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                List list = (List) certificateFactory.generateCertificates(byteArrayInputStream);
                if (!CollectionUtils.isEmpty(list)) {
                    List<X509Certificate> sortCerts = sortCerts(list);
                    if (null != byteArrayInputStream) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e) {
                            logger.error("关闭文件流异常", (Throwable) e);
                        }
                    }
                    if (0 != 0) {
                        inputStream2.close();
                    }
                    return sortCerts;
                }
                String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
                byte[] decode = Base64.decode(replace);
                if (decode == null || decode.length == 0) {
                    decode = hex2byte(replace);
                }
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(decode);
                List<X509Certificate> list2 = (List) certificateFactory.generateCertificates(byteArrayInputStream2);
                if (CollectionUtils.isEmpty(list2)) {
                    if (null != byteArrayInputStream) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e2) {
                            logger.error("关闭文件流异常", (Throwable) e2);
                        }
                    }
                    if (null != byteArrayInputStream2) {
                        byteArrayInputStream2.close();
                    }
                    return list2;
                }
                List<X509Certificate> sortCerts2 = sortCerts(list2);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e3) {
                        logger.error("关闭文件流异常", (Throwable) e3);
                    }
                }
                if (null != byteArrayInputStream2) {
                    byteArrayInputStream2.close();
                }
                return sortCerts2;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Exception e4) {
                        logger.error("关闭文件流异常", (Throwable) e4);
                        throw th;
                    }
                }
                if (0 != 0) {
                    inputStream2.close();
                }
                throw th;
            }
        } catch (Exception e5) {
            logger.error("获取证书链异常", (Throwable) e5);
            throw new RuntimeException("获取证书链异常");
        }
    }

    public static List<Certificate> getSortCertListFromB64(String str) {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
                Iterator it = ((List) certificateFactory.generateCertificates(byteArrayInputStream)).iterator();
                ArrayList arrayList = new ArrayList();
                while (it.hasNext()) {
                    arrayList.add((Certificate) it.next());
                }
                List<Certificate> sortCerts = sortCerts(arrayList);
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e) {
                        logger.error("关闭文件流异常", (Throwable) e);
                    }
                }
                return sortCerts;
            } catch (Exception e2) {
                logger.error("获取证书链异常", (Throwable) e2);
                throw new RuntimeException("获取证书链异常");
            }
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e3) {
                    logger.error("关闭文件流异常", (Throwable) e3);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static List sortCerts(List list) {
        if (list.size() < 2) {
            return list;
        }
        X500Principal issuerX500Principal = ((X509Certificate) list.get(0)).getIssuerX500Principal();
        boolean z = true;
        int i = 1;
        while (true) {
            if (i == list.size()) {
                break;
            }
            if (!issuerX500Principal.equals(((X509Certificate) list.get(i)).getSubjectX500Principal())) {
                z = false;
                break;
            }
            issuerX500Principal = ((X509Certificate) list.get(i)).getIssuerX500Principal();
            i++;
        }
        if (z) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        ArrayList arrayList2 = new ArrayList(list);
        for (int i2 = 0; i2 < list.size(); i2++) {
            X509Certificate x509Certificate = (X509Certificate) list.get(i2);
            boolean z2 = false;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            int i3 = 0;
            while (true) {
                if (i3 == list.size()) {
                    break;
                }
                if (((X509Certificate) list.get(i3)).getIssuerX500Principal().equals(subjectX500Principal)) {
                    z2 = true;
                    break;
                }
                i3++;
            }
            if (!z2) {
                arrayList.add(x509Certificate);
                list.remove(i2);
            }
        }
        for (int i4 = 0; i4 != arrayList.size(); i4++) {
            X500Principal issuerX500Principal2 = ((X509Certificate) arrayList.get(i4)).getIssuerX500Principal();
            int i5 = 0;
            while (true) {
                if (i5 < list.size()) {
                    X509Certificate x509Certificate2 = (X509Certificate) list.get(i5);
                    if (issuerX500Principal2.equals(x509Certificate2.getSubjectX500Principal())) {
                        arrayList.add(x509Certificate2);
                        list.remove(i5);
                        break;
                    }
                    i5++;
                }
            }
        }
        return list.size() > 0 ? arrayList2 : arrayList;
    }

    public static final boolean verifyCertIssueCa(String str, String str2) {
        X509Certificate certFromStr = getCertFromStr(str);
        X509Certificate certFromStr2 = getCertFromStr(str2);
        if (null == certFromStr2 || null == certFromStr) {
            return false;
        }
        try {
            certFromStr.verify(certFromStr2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static List<X509Certificate> getCertListFromP7b(byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration objects = SignedData.getInstance(new ContentInfo(ASN1Sequence.getInstance(bArr)).getContent()).getCertificates().getObjects();
            while (objects.hasMoreElements()) {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ASN1InputStream(((ASN1Encodable) objects.nextElement()).toASN1Primitive().getEncoded())));
            }
            return sortCerts(arrayList);
        } catch (Exception e) {
            throw new RuntimeException();
        }
    }

    public static X509Certificate convertUploadFileToCert(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                if (null != x509Certificate) {
                    if (null != byteArrayInputStream) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e) {
                            logger.error("关闭文件流异常", (Throwable) e);
                        }
                    }
                    return x509Certificate;
                }
                String replace = new String(bArr).replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(StringUtils.CR, "").replace("\n", "").replace("\\r", "").replace("\\n", "");
                X509Certificate certFromB64 = getCertFromB64(replace);
                if (certFromB64 == null) {
                    certFromB64 = getCertFromStr16(replace);
                }
                X509Certificate x509Certificate2 = certFromB64;
                if (null != byteArrayInputStream) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                        logger.error("关闭文件流异常", (Throwable) e2);
                    }
                }
                return x509Certificate2;
            } catch (Exception e3) {
                logger.error("获取证书文件异常", (Throwable) e3);
                throw new RuntimeException("获取证书文件异常");
            }
        } catch (Throwable th) {
            if (null != byteArrayInputStream) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e4) {
                    logger.error("关闭文件流异常", (Throwable) e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    public static String getEncCertByEnvelopDataByHsm(int i, String str, MultipartFile multipartFile) throws Exception {
        SM2EnvelopedData sM2EnvelopedData = SM2EnvelopedData.getInstance(Base64.decode(new String(multipartFile.getBytes()).getBytes()));
        DLSequence objectAt = sM2EnvelopedData.getRecipientInfos().getObjectAt(0);
        DEROctetString dEROctetString = null;
        for (int i2 = 0; i2 < objectAt.size(); i2++) {
            ASN1Encodable objectAt2 = objectAt.getObjectAt(i2);
            if (objectAt2 instanceof DEROctetString) {
                dEROctetString = (DEROctetString) objectAt2;
            }
        }
        String valueOf = String.valueOf(objectAt.getObjectAt(2).getObjectAt(0));
        ASN1OctetString encryptedContent = sM2EnvelopedData.getEncryptedContentInfo().getEncryptedContent();
        if (null == dEROctetString) {
            return null;
        }
        return HsmUtils.symmetryDecryptByYunHsm(sM2EnvelopedData.getEncryptedContentInfo().getContentEncryptionAlgorithm().getAlgorithm().getId(), HsmUtils.asymmetryDecryptByYunHsm(valueOf, i, str, Base64.toBase64String(dEROctetString.getOctets())), Base64.toBase64String(encryptedContent.getOctets()));
    }

    public static String getDataFromSignedAndEnvelopedDataByBc(byte[] bArr, byte[] bArr2, String str) throws Exception {
        SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(ASN1Sequence.getInstance(Base64.decode(bArr2)));
        DLSequence objectAt = signedAndEnvelopedData.getRecipientInfos().getObjectAt(0);
        DEROctetString dEROctetString = null;
        for (int i = 0; i < objectAt.size(); i++) {
            ASN1Encodable objectAt2 = objectAt.getObjectAt(i);
            if (objectAt2 instanceof DEROctetString) {
                dEROctetString = (DEROctetString) objectAt2;
            }
        }
        String valueOf = String.valueOf(objectAt.getObjectAt(2).getObjectAt(0));
        ASN1OctetString encryptedContent = signedAndEnvelopedData.getEncryptedContentInfo().getEncryptedContent();
        if (null == dEROctetString) {
            return null;
        }
        String base64String = Base64.toBase64String(dEROctetString.getOctets());
        logger.info(base64String);
        return HsmUtils.symmetryDecryptByBC(signedAndEnvelopedData.getEncryptedContentInfo().getContentEncryptionAlgorithm().getAlgorithm().getId(), HsmUtils.asymmetryDecryptByBC(valueOf, bArr, base64String), Base64.toBase64String(encryptedContent.getOctets()), str);
    }

    public static String getDataFromEnvelopDataByBc(byte[] bArr, byte[] bArr2, String str) throws Exception {
        EnvelopedData envelopedData = EnvelopedData.getInstance(Base64.decode(bArr2));
        ASN1Sequence objectAt = envelopedData.getRecipientInfos().getObjectAt(0);
        DEROctetString dEROctetString = null;
        for (int i = 0; i < objectAt.size(); i++) {
            ASN1Encodable objectAt2 = objectAt.getObjectAt(i);
            if (objectAt2 instanceof DEROctetString) {
                dEROctetString = (DEROctetString) objectAt2;
            }
        }
        String valueOf = String.valueOf(objectAt.getObjectAt(2).getObjectAt(0));
        ASN1OctetString encryptedContent = envelopedData.getEncryptedContentInfo().getEncryptedContent();
        if (null == dEROctetString) {
            return null;
        }
        return HsmUtils.symmetryDecryptByBC(envelopedData.getEncryptedContentInfo().getContentEncryptionAlgorithm().getAlgorithm().getId(), HsmUtils.asymmetryDecryptByBC(valueOf, bArr, Base64.toBase64String(dEROctetString.getOctets())), Base64.toBase64String(encryptedContent.getOctets()), str);
    }

    public static CMPCertificate[] getCMPCert(Certificate certificate) throws CertificateEncodingException, IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(certificate.getEncoded());
        try {
            CMPCertificate[] cMPCertificateArr = {new CMPCertificate(org.bouncycastle.asn1.x509.Certificate.getInstance(aSN1InputStream.readObject().toASN1Primitive()))};
            aSN1InputStream.close();
            return cMPCertificateArr;
        } catch (Throwable th) {
            aSN1InputStream.close();
            throw th;
        }
    }

    public static String writeObject(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        GMSSLX509Utils.writePEM(obj, stringWriter);
        return stringWriter.toString();
    }

    public static String getIssuerByX509Certold(X509Certificate x509Certificate) {
        try {
            return DnUtil.getRFC4519X500Name(x509Certificate.getIssuerX500Principal().getName()).toString();
        } catch (NamingException e) {
            return null;
        }
    }

    public static String getIssuerByX509Cert(X509Certificate x509Certificate) {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
            int i = 0;
            if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
                i = -1;
            }
            return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 3).toASN1Primitive()).toString();
        } catch (CertificateEncodingException e) {
            logger.error("从x509证书中获取签发者DN异常", (Throwable) e);
            return null;
        }
    }

    public static String getSubjectByX509Certold(X509Certificate x509Certificate) {
        try {
            return DnUtil.getRFC4519X500Name(x509Certificate.getSubjectX500Principal().getName()).toString();
        } catch (NamingException e) {
            return null;
        }
    }

    public static String getSubjectByX509Cert(X509Certificate x509Certificate) {
        try {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(x509Certificate.getTBSCertificate());
            int i = 0;
            if (!(aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject)) {
                i = -1;
            }
            return X500Name.getInstance(RFC4519StyleUpperCase.INSTANCE, aSN1Sequence.getObjectAt(i + 5).toASN1Primitive()).toString();
        } catch (CertificateEncodingException e) {
            logger.error("从x509证书中获取使用者DN异常", (Throwable) e);
            return null;
        }
    }

    public static String getCnByDn(String str) throws NamingException {
        RDN[] rDNs = DnUtil.getRFC4519X500Name(str).getRDNs(RFC4519StyleUpperCase.cn);
        return rDNs.length > 0 ? rDNs[rDNs.length - 1].getFirst().getValue().toString() : "管理员";
    }

    public static byte[] writeObjectToByteArray(X509Certificate x509Certificate) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GMSSLX509Utils.writePEM(x509Certificate, new OutputStreamWriter(byteArrayOutputStream));
        return byteArrayOutputStream.toByteArray();
    }

    public static int getPublicKeyLength(byte[] bArr) throws Exception {
        X509Certificate certFromStr = getCertFromStr(new String(bArr));
        if (null == certFromStr) {
            throw new Exception();
        }
        KeyFactory keyFactory = KeyFactory.getInstance(certFromStr.getPublicKey().getAlgorithm());
        String algorithm = certFromStr.getPublicKey().getAlgorithm();
        if (Constants.KEY_ALG_NAME_RSA.equalsIgnoreCase(algorithm)) {
            return ((RSAPublicKeySpec) keyFactory.getKeySpec(certFromStr.getPublicKey(), RSAPublicKeySpec.class)).getModulus().bitLength();
        }
        if ("EC".equalsIgnoreCase(algorithm)) {
            return 256;
        }
        throw new Exception();
    }

    public static int getPublicKeyLength(X509Certificate x509Certificate) throws Exception {
        return getPublicKeyLength(writeObjectToByteArray(x509Certificate));
    }

    public static String getKeyAlg(X509Certificate x509Certificate) throws Exception {
        return getKeyAlgAndLength(x509Certificate).getKeyAlg();
    }

    public static CertInfo getKeyAlgAndLength(X509Certificate x509Certificate) throws Exception {
        String str;
        CertInfo certInfo = new CertInfo();
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        if (Constants.KEY_ALG_NAME_RSA.equalsIgnoreCase(algorithm)) {
            Integer valueOf = Integer.valueOf(((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength());
            certInfo.setKeyAlg(algorithm);
            certInfo.setKeyLength(valueOf.intValue());
        } else {
            String sigAlgName = x509Certificate.getSigAlgName();
            if ("SM3withSM2".equalsIgnoreCase(sigAlgName)) {
                str = "SM2";
            } else {
                if (!"SHA256withECDSA".equalsIgnoreCase(sigAlgName)) {
                    throw new Exception();
                }
                str = Constants.KEY_ALG_NAME_NIST;
            }
            certInfo.setKeyLength(256);
            certInfo.setKeyAlg(str);
        }
        return certInfo;
    }

    public static byte[] encrypByMd5(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest();
        StringBuffer stringBuffer = new StringBuffer("");
        for (int i = 0; i < digest.length; i++) {
            int i2 = digest[i];
            if (i2 < 0) {
                i2 += 256;
            }
            if (i2 < 16) {
                stringBuffer.append("0");
            }
            stringBuffer.append(Integer.toHexString(i2));
        }
        return stringBuffer.toString().getBytes();
    }

    public static Object readPEM(String str) throws Exception {
        File file = new File(str);
        if (!file.exists()) {
            throw new FileNotFoundException("文件不存在");
        }
        PEMParser pEMParser = new PEMParser(new FileReader(file));
        Object readObject = pEMParser.readObject();
        pEMParser.close();
        return readObject;
    }

    public static PublicKey getPublicKeyFromSubjectPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) throws Exception {
        if (subjectPublicKeyInfo.getPublicKeyData().equals(DERNull.INSTANCE)) {
            return null;
        }
        try {
            return KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId(), str).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()));
        } catch (Exception e) {
            InvalidKeyException invalidKeyException = new InvalidKeyException("Error decoding public key.");
            invalidKeyException.initCause(e);
            throw invalidKeyException;
        }
    }

    public static PrivateKey getPrivateBybytes(String str, byte[] bArr) throws Exception {
        PrivateKey privateKey = null;
        if ("SM3withSM2".equalsIgnoreCase(str)) {
            PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(bArr);
            privateKey = KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
        } else if ("SHA-1withRSA".equalsIgnoreCase(str) || "SHA1withRSA".equalsIgnoreCase(str) || "SHA256withRSA".equalsIgnoreCase(str)) {
            privateKey = RSAPrivateKeyImpl.parseKey(new DerValue(bArr));
        } else if ("SHA256withECDSA".equalsIgnoreCase(str)) {
            PrivateKeyInfo privateKeyInfo2 = PrivateKeyInfo.getInstance(bArr);
            privateKey = KeyFactory.getInstance(privateKeyInfo2.getPrivateKeyAlgorithm().getAlgorithm().getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo2.getEncoded()));
        }
        return privateKey;
    }

    public static PublicKey getPublicKeyByString(String str) {
        try {
            return "SM2".equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? convertSM2PublicKey(str) : Constants.KEY_ALG_NAME_NIST.equalsIgnoreCase(CommonVariable.getKeyAlgName()) ? convertECPublicKey(str, NISTNamedCurves.getName(SECObjectIdentifiers.secp256r1)) : KeyFactory.getInstance(Constants.KEY_ALG_NAME_RSA, (Provider) new BouncyCastleProvider()).generatePublic(new RSAPublicKeySpec(BigIntegers.fromUnsignedByteArray(Base64.decode(str)), BigInteger.valueOf(65537L)));
        } catch (Exception e) {
            logger.error("转换公钥信息异常！", (Throwable) e);
            return null;
        }
    }

    public static Boolean checkPublicKey(PublicKey publicKey, String str, Integer num) {
        String str2;
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        ASN1Encodable parameters = subjectPublicKeyInfo.getAlgorithmId().getParameters();
        if (Constants.KEY_ALG_NAME_RSA.equals(publicKey.getAlgorithm())) {
            str2 = Constants.KEY_ALG_NAME_RSA;
        } else {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(parameters.toString());
            if (aSN1ObjectIdentifier.equals(SM2ObjectIdentifiers.sm2256)) {
                str2 = "SM2";
            } else {
                if (!aSN1ObjectIdentifier.equals(NISTObjectIdentifiers.nist256)) {
                    logger.info("不支持的签名算法");
                    return false;
                }
                str2 = Constants.KEY_ALG_NAME_NIST_2;
            }
        }
        logger.info("申请书中的用户算法为:{}", str2);
        if (!str2.equalsIgnoreCase(str)) {
            logger.info("用户证书算法和当前模板公钥算法不一致");
            return false;
        }
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes());
            if (str2.equalsIgnoreCase("SM2") || str2.equalsIgnoreCase(Constants.KEY_ALG_NAME_NIST_2)) {
                logger.info("证书密钥算法长度为:{}", Integer.valueOf(KeyFactory.getInstance("EC", "BC").generatePublic(x509EncodedKeySpec).getW().getAffineX().bitLength()));
                if (num.intValue() != 256) {
                    logger.info("用户证书秘钥算法长度和模板秘钥长度不一致");
                    return false;
                }
            } else {
                if (num.intValue() != KeyFactory.getInstance(Constants.KEY_ALG_NAME_RSA, "BC").generatePublic(x509EncodedKeySpec).getModulus().bitLength()) {
                    logger.info("用户证书秘钥算法长度和模板秘钥长度不一致");
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            logger.error("[CertApplyServiceImpl#checkApplyMsgEqualP10] 申请信息和P10一致性校验 Exception", (Throwable) e);
            return false;
        }
    }

    public static PublicKey getPublicKeyBySubjectPublicInfo(String str) {
        try {
            return GMSSLX509Utils.convertSM2PublicKey(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(Base64.decode(str))));
        } catch (Exception e) {
            logger.error("获取publicKey异常", (Throwable) e);
            return null;
        }
    }
}
