package com.jd.blockchain.ca;

import com.jd.blockchain.crypto.Crypto;
import com.jd.blockchain.crypto.CryptoAlgorithm;
import com.jd.blockchain.crypto.CryptoException;
import com.jd.blockchain.crypto.PrivKey;
import com.jd.blockchain.crypto.PubKey;
import com.jd.blockchain.crypto.service.classic.ClassicAlgorithm;
import com.jd.blockchain.crypto.service.sm.SMAlgorithm;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import utils.io.FileUtils;

/* loaded from: input_file:com/jd/blockchain/ca/CertificateUtils.class */
public class CertificateUtils {
    static final String EC_ALGORITHM = "EC";
    static final String SIGALG_SM3WITHSM2 = "SM3WITHSM2";
    static final String SECP256R1 = "BggqhkjOPQMBBw==";
    static final String SM2ECC = "BggqgRzPVQGCLQ==";
    static final String BEGIN_PARAMS = "-----BEGIN EC PARAMETERS-----";
    static final String END_PARAMS = "-----END EC PARAMETERS-----";
    static Map<String, String> identifierMap = new HashMap();
    static JcaPEMKeyConverter converter;

    public static String toPEMString(X509Certificate x509Certificate) {
        try {
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(x509Certificate);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static String toPEMString(String str, PrivateKey privateKey) {
        try {
            StringWriter stringWriter = new StringWriter();
            if (str.equals("SM2")) {
                stringWriter.append((CharSequence) "-----BEGIN EC PARAMETERS-----\nBggqgRzPVQGCLQ==\n-----END EC PARAMETERS-----\n");
            } else if (str.equals("ECDSA")) {
                stringWriter.append((CharSequence) "-----BEGIN EC PARAMETERS-----\nBggqhkjOPQMBBw==\n-----END EC PARAMETERS-----\n");
            }
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(privateKey);
            jcaPEMWriter.close();
            return stringWriter.getBuffer().toString();
        } catch (Exception e) {
            throw new IllegalStateException("private key to string error", e);
        }
    }

    public static String toPEMString(PrivateKey privateKey) {
        try {
            return ("-----BEGIN PRIVATE KEY-----\n" + Base64.getEncoder().encodeToString(privateKey.getEncoded()) + "\n") + "-----END PRIVATE KEY-----\n";
        } catch (Exception e) {
            throw new IllegalStateException("private key to string error", e);
        }
    }

    public static void checkValidity(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static void checkValidityAny(X509Certificate... x509CertificateArr) {
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                checkValidity(x509Certificate);
                z = true;
                break;
            } catch (Exception e) {
            }
        }
        if (!z) {
            throw new CryptoException("Invalid CAs");
        }
    }

    public static void checkCACertificate(X509Certificate x509Certificate) {
        if (x509Certificate.getBasicConstraints() == -1) {
            throw new CryptoException("not ca certificate!");
        }
    }

    public static boolean checkCACertificateNoException(X509Certificate x509Certificate) {
        return BasicConstraints.getInstance(x509Certificate.getExtensionValue(Extension.basicConstraints.getId())).isCA();
    }

    public static void checkCertificateRole(X509Certificate x509Certificate, CertificateRole certificateRole) {
        if (!getSubject(x509Certificate, BCStyle.OU).contains(certificateRole.name())) {
            throw new CryptoException(certificateRole.name() + " ca invalid!");
        }
    }

    public static void checkCertificateRole(X509Certificate[] x509CertificateArr, CertificateRole certificateRole) {
        Arrays.stream(x509CertificateArr).forEach(x509Certificate -> {
            checkCertificateRole(x509Certificate, certificateRole);
        });
    }

    public static void checkCertificateRolesAny(X509Certificate x509Certificate, CertificateRole... certificateRoleArr) {
        Set<String> subject = getSubject(x509Certificate, BCStyle.OU);
        boolean z = false;
        int length = certificateRoleArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (subject.contains(certificateRoleArr[i].name())) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            throw new CryptoException(certificateRoleArr.toString() + " ca invalid!");
        }
    }

    public static boolean checkCertificateRolesAnyNoException(X509Certificate x509Certificate, CertificateRole... certificateRoleArr) {
        Set<String> subject = getSubject(x509Certificate, BCStyle.OU);
        boolean z = false;
        int length = certificateRoleArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (subject.contains(certificateRoleArr[i].name())) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static boolean checkCertificateRolesAnyNoException(PKCS10CertificationRequest pKCS10CertificationRequest, CertificateRole... certificateRoleArr) {
        Set<String> subject = getSubject(pKCS10CertificationRequest, BCStyle.OU);
        boolean z = false;
        int length = certificateRoleArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (subject.contains(certificateRoleArr[i].name())) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static void checkCertificateRolesAll(X509Certificate x509Certificate, CertificateRole... certificateRoleArr) {
        Set<String> subject = getSubject(x509Certificate, BCStyle.OU);
        for (CertificateRole certificateRole : certificateRoleArr) {
            if (!subject.contains(certificateRole.name())) {
                throw new CryptoException(certificateRoleArr.toString() + " ca invalid!");
            }
        }
    }

    public static void verify(X509Certificate x509Certificate, PublicKey publicKey) {
        try {
            x509Certificate.verify(publicKey);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static void verifyAny(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        boolean z = false;
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            try {
                verify(x509Certificate, x509Certificate2.getPublicKey());
                z = true;
                break;
            } catch (Exception e) {
            }
        }
        if (!z) {
            throw new CryptoException("Invalid CA");
        }
    }

    public static Set<String> getSubject(X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            HashSet hashSet = new HashSet();
            Arrays.stream(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(aSN1ObjectIdentifier)).forEach(rdn -> {
                hashSet.add(IETFUtils.valueToString(rdn.getFirst().getValue()));
            });
            return hashSet;
        } catch (CertificateEncodingException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static Set<String> getSubject(PKCS10CertificationRequest pKCS10CertificationRequest, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        HashSet hashSet = new HashSet();
        Arrays.stream(pKCS10CertificationRequest.getSubject().getRDNs(aSN1ObjectIdentifier)).forEach(rdn -> {
            hashSet.add(IETFUtils.valueToString(rdn.getFirst().getValue()));
        });
        return hashSet;
    }

    public static X509Certificate[] findIssuers(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        Arrays.stream(x509CertificateArr).forEach(x509Certificate2 -> {
            try {
                verify(x509Certificate, x509Certificate2.getPublicKey());
                arrayList.add(x509Certificate2);
            } catch (Exception e) {
            }
        });
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public static X509Certificate parseCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("x509", "BC").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (NoSuchProviderException | CertificateException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static X509Certificate[] parseCertificates(String[] strArr) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("x509", "BC");
            X509Certificate[] x509CertificateArr = new X509Certificate[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(strArr[i].getBytes()));
            }
            return x509CertificateArr;
        } catch (NoSuchProviderException | CertificateException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static X509Certificate parseCertificate(File file) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("x509", "BC").generateCertificate(new FileInputStream(file));
        } catch (FileNotFoundException | NoSuchProviderException | CertificateException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static PKCS10CertificationRequest parseCertificationRequest(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            Throwable th = null;
            try {
                PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) pEMParser.readObject();
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return pKCS10CertificationRequest;
            } finally {
            }
        } catch (IOException e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static PubKey resolvePubKey(PKCS10CertificationRequest pKCS10CertificationRequest) {
        SubjectPublicKeyInfo subjectPublicKeyInfo = pKCS10CertificationRequest.getSubjectPublicKeyInfo();
        return Crypto.getCASignatureFunction(Crypto.getAlgorithm(identifierMap.get(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId() + ((null == subjectPublicKeyInfo.getAlgorithm().getParameters() || "NULL".equals(subjectPublicKeyInfo.getAlgorithm().getParameters().toString())) ? "" : subjectPublicKeyInfo.getAlgorithm().getParameters().toString())))).resolvePubKey(pKCS10CertificationRequest);
    }

    public static PubKey resolvePubKey(X509Certificate x509Certificate) {
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        return Crypto.getCASignatureFunction(!algorithm.equals(EC_ALGORITHM) ? Crypto.getAlgorithm(algorithm.toUpperCase()) : x509Certificate.getSigAlgName().equals(SIGALG_SM3WITHSM2) ? SMAlgorithm.SM2 : ClassicAlgorithm.ECDSA).resolvePubKey(x509Certificate);
    }

    public static PrivKey parsePrivKey(short s, String str) {
        CryptoAlgorithm cryptoAlgorithm = null;
        if (str.startsWith(BEGIN_PARAMS)) {
            if (str.contains(SECP256R1)) {
                cryptoAlgorithm = ClassicAlgorithm.ECDSA;
            } else {
                if (!str.contains(SM2ECC)) {
                    throw new CryptoException("Unsupported ec algorithm");
                }
                cryptoAlgorithm = SMAlgorithm.SM2;
            }
            str = str.substring(str.indexOf(END_PARAMS) + END_PARAMS.length());
        }
        return Crypto.getCASignatureFunction(null == cryptoAlgorithm ? Crypto.getAlgorithm(s) : cryptoAlgorithm).parsePrivKey(str);
    }

    public static PrivKey parsePrivKey(short s, String str, String str2) {
        CryptoAlgorithm cryptoAlgorithm = null;
        if (str.startsWith(BEGIN_PARAMS)) {
            if (str.contains(SECP256R1)) {
                cryptoAlgorithm = ClassicAlgorithm.ECDSA;
            } else {
                if (!str.contains(SM2ECC)) {
                    throw new CryptoException("Unsupported ec algorithm");
                }
                cryptoAlgorithm = SMAlgorithm.SM2;
            }
            str = str.substring(str.indexOf(END_PARAMS) + END_PARAMS.length());
        }
        return Crypto.getCASignatureFunction(null == cryptoAlgorithm ? Crypto.getAlgorithm(s) : cryptoAlgorithm).parsePrivKey(str, str2.toCharArray());
    }

    public static PrivKey parsePrivKey(short s, File file) {
        return parsePrivKey(s, FileUtils.readText(file));
    }

    public static PrivKey parsePrivKey(short s, File file, String str) {
        return parsePrivKey(s, FileUtils.readText(file), str);
    }

    public static PrivateKey retrievePrivateKey(PrivKey privKey) {
        return Crypto.getCASignatureFunction(Short.valueOf(privKey.getAlgorithm())).retrievePrivateKey(privKey);
    }

    public static PrivateKey retrievePrivateKey(PrivKey privKey, PubKey pubKey) {
        return Crypto.getCASignatureFunction(Short.valueOf(privKey.getAlgorithm())).retrievePrivateKey(privKey, pubKey);
    }

    public static PublicKey retrievePublicKey(PubKey pubKey) {
        return Crypto.getCASignatureFunction(Short.valueOf(pubKey.getAlgorithm())).retrievePublicKey(pubKey);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        converter = new JcaPEMKeyConverter();
        identifierMap.put("1.2.840.10045.2.11.2.840.10045.3.1.7", "ECDSA");
        identifierMap.put("1.3.101.112", "ED25519");
        identifierMap.put("1.2.840.113549.1.1.1", "RSA");
        identifierMap.put("1.2.840.10045.2.11.2.156.10197.1.301", "SM2");
    }
}
