package cn.topca.api.cert;

import cn.tca.TopBasicCrypto.asn1.ASN1Object;
import cn.tca.TopBasicCrypto.asn1.cms.IssuerAndSerialNumber;
import cn.tca.TopBasicCrypto.asn1.cms.SignerIdentifier;
import cn.tca.TopBasicCrypto.asn1.x500.X500Name;
import cn.tca.TopBasicCrypto.asn1.x509.TBSCertificateStructure;
import cn.tca.TopBasicCrypto.cert.X509CRLHolder;
import cn.tca.TopBasicCrypto.cert.X509CertificateHolder;
import cn.tca.TopBasicCrypto.cms.CMSException;
import cn.tca.TopBasicCrypto.operator.OperatorCreationException;
import cn.tca.TopBasicCrypto.util.CollectionStore;
import cn.topca.core.ext.bc.cms.CMSProcessableByteArray;
import cn.topca.core.ext.bc.cms.CMSSignedData;
import cn.topca.core.ext.bc.cms.CMSSignedDataGenerator;
import cn.topca.core.ext.bc.cms.SignerInfoGenerator;
import cn.topca.core.ext.bc.operator.jcajce.JcaContentSignerBuilder;
import cn.topca.core.ext.bc.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import cn.topca.security.sm.TopSMProvider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cn/topca/api/cert/TCAUtil.class */
public final class TCAUtil {
    private static CertificateFactory cf = null;
    private static Provider sm2Provider;
    private static Provider bcProvider;

    private TCAUtil() {
    }

    public static Provider getBcProvider() {
        return bcProvider;
    }

    public static Provider getSm2Provider() {
        return sm2Provider;
    }

    public static X509Certificate convB64Str2Cert(String str) throws CertApiException {
        return convBin2Cert(Base64.decodeBase64(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll("\r", "").replaceAll("\n", "")));
    }

    public static X509Certificate convBin2Cert(byte[] bArr) throws CertApiException {
        try {
            if (cf == null) {
                cf = CertificateFactory.getInstance("X.509", sm2Provider);
            }
            return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e);
        }
    }

    public static X509Certificate readFile2Cert(String str) throws CertApiException {
        byte[] readFile2Byte = readFile2Byte(str);
        return (readFile2Byte[0] == 77 || readFile2Byte[0] == 45) ? convB64Str2Cert(new String(readFile2Byte)) : convBin2Cert(readFile2Byte);
    }

    public static X509CRL convB642CRL(String str) throws CertApiException {
        return convBin2CRL(decode(str.replaceAll("-----BEGIN CRL-----", "").replaceAll("-----BEGIN X509 CRL-----", "").replaceAll("-----END CRL-----", "").replaceAll("-----END X509 CRL-----", "").replaceAll("\r", "").replaceAll("\n", "")));
    }

    public static X509CRL convBin2CRL(byte[] bArr) throws CertApiException {
        try {
            if (cf == null) {
                cf = CertificateFactory.getInstance("X.509");
            }
            return (X509CRL) cf.generateCRL(new ByteArrayInputStream(bArr));
        } catch (CRLException e) {
            throw new CertApiException(TCAErrCode.ERR_CRL, e);
        } catch (CertificateException e2) {
            throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e2);
        }
    }

    public static String encode(byte[] bArr) {
        return Base64.encodeBase64String(bArr);
    }

    public static byte[] decode(String str) {
        return Base64.decodeBase64(str);
    }

    public static byte[] readURL2Byte(String str) throws CertApiException {
        try {
            InputStream openStream = new URL(str).openStream();
            byte[] bArr = new byte[1024];
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int read = openStream.read(bArr); read != -1; read = openStream.read(bArr)) {
                byteArrayOutputStream.write(bArr, 0, read);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (MalformedURLException e) {
            throw new CertApiException(TCAErrCode.ERR_BAD_URL, e);
        } catch (IOException e2) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e2);
        }
    }

    public static byte[] readIS2Byte(InputStream inputStream) throws CertApiException {
        try {
            byte[] bArr = new byte[1024];
            int read = inputStream.read(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (read != -1) {
                byteArrayOutputStream.write(bArr, 0, read);
                read = inputStream.read(bArr);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e);
        }
    }

    public static byte[] readFile2Byte(String str) throws CertApiException {
        try {
            return readIS2Byte(new FileInputStream(str));
        } catch (FileNotFoundException e) {
            throw new CertApiException(TCAErrCode.ERR_FILE_NOTFOUND, e);
        }
    }

    public static boolean writeByte2File(byte[] bArr, String str) throws CertApiException {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(bArr);
            fileOutputStream.flush();
            fileOutputStream.close();
            return true;
        } catch (FileNotFoundException e) {
            throw new CertApiException(TCAErrCode.ERR_FILE_NOTFOUND, e);
        } catch (IOException e2) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e2);
        }
    }

    public static byte[] PBEEncrypt(char[] cArr, byte[] bArr) throws CertApiException {
        return doPBE(cArr, bArr, true);
    }

    public static byte[] PBEDecrypt(char[] cArr, byte[] bArr) throws CertApiException {
        return doPBE(cArr, bArr, false);
    }

    public static byte[] MD5(String str) throws CertApiException {
        return MD5(str, "UTF8");
    }

    public static byte[] MD5(String str, String str2) throws CertApiException {
        try {
            return MD5(str.getBytes(str2));
        } catch (UnsupportedEncodingException e) {
            throw new CertApiException(TCAErrCode.ERR_ENCODE, e);
        }
    }

    public static byte[] MD5(byte[] bArr) throws CertApiException {
        return doHash(TCA.MD5, bArr);
    }

    public static byte[] SHA1(String str) throws CertApiException {
        return SHA1(str, "UTF8");
    }

    public static byte[] SHA1(String str, String str2) throws CertApiException {
        try {
            return SHA1(str.getBytes(str2));
        } catch (UnsupportedEncodingException e) {
            throw new CertApiException(TCAErrCode.ERR_ENCODE, e);
        }
    }

    public static byte[] SHA1(byte[] bArr) throws CertApiException {
        return doHash(TCA.SHA1, bArr);
    }

    public static byte[] SHA256(String str) throws CertApiException {
        return SHA256(str, "UTF8");
    }

    public static byte[] SHA256(String str, String str2) throws CertApiException {
        try {
            return SHA256(str.getBytes(str2));
        } catch (UnsupportedEncodingException e) {
            throw new CertApiException(TCAErrCode.ERR_ENCODE, e);
        }
    }

    public static byte[] SHA256(byte[] bArr) throws CertApiException {
        return doHash(TCA.SHA256, bArr);
    }

    public static byte[] SM3(String str) throws CertApiException {
        return SM3(str, "UTF8");
    }

    public static byte[] SM3(String str, String str2) throws CertApiException {
        try {
            return SM3(str.getBytes(str2));
        } catch (UnsupportedEncodingException e) {
            throw new CertApiException(TCAErrCode.ERR_ENCODE, e);
        }
    }

    public static byte[] SM3(byte[] bArr) throws CertApiException {
        return doHash(TCA.SM3, bArr);
    }

    public static String bin2HexStr(byte[] bArr) {
        return Hex.encodeHexString(bArr);
    }

    public static String genPubKeyHash(PublicKey publicKey) throws CertApiException {
        return bin2HexStr(SHA1(publicKey.getEncoded()));
    }

    public static CMSSignedData doGenSignedData(byte[] bArr, List<SignerInfoGenerator> list, List<X509CertificateHolder> list2, List<X509CRLHolder> list3, boolean z) throws CMSException {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        if (list2 != null && !list2.isEmpty()) {
            cMSSignedDataGenerator.addCertificates(new CollectionStore(list2));
        }
        if (list3 != null && !list3.isEmpty()) {
            cMSSignedDataGenerator.addCRLs(new CollectionStore(list3));
        }
        Iterator<SignerInfoGenerator> it = list.iterator();
        while (it.hasNext()) {
            cMSSignedDataGenerator.addSignerInfoGenerator(it.next());
        }
        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), z);
    }

    public static SignerInfoGenerator genSignerInfoGenerator(X509Certificate x509Certificate, PrivateKey privateKey, String str, boolean z, Provider provider) throws OperatorCreationException {
        SignerIdentifier signerIdentifier = new SignerIdentifier(getIssuerAndSerialNumber(x509Certificate));
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder((str == null || str.isEmpty()) ? x509Certificate.getSigAlgName() : str + "with" + x509Certificate.getPublicKey().getAlgorithm());
        jcaContentSignerBuilder.setProvider(provider);
        return new SignerInfoGenerator(signerIdentifier, jcaContentSignerBuilder.build(privateKey), new JcaDigestCalculatorProviderBuilder().build(), !z);
    }

    private static TBSCertificateStructure getTBSCertificateStructure(X509Certificate x509Certificate) {
        try {
            return TBSCertificateStructure.getInstance(ASN1Object.fromByteArray(x509Certificate.getTBSCertificate()));
        } catch (Exception e) {
            throw new IllegalArgumentException("can't extract TBS structure from this cert");
        }
    }

    private static IssuerAndSerialNumber getIssuerAndSerialNumber(X509Certificate x509Certificate) {
        TBSCertificateStructure tBSCertificateStructure = getTBSCertificateStructure(x509Certificate);
        return new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificateStructure.getIssuer()), tBSCertificateStructure.getSerialNumber().getValue());
    }

    private static byte[] doHash(String str, byte[] bArr) throws CertApiException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            if (messageDigest == null) {
                return null;
            }
            return messageDigest.digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new CertApiException(TCAErrCode.ERR_UNKNOWN_ALG, e);
        }
    }

    private static byte[] doPBE(char[] cArr, byte[] bArr, boolean z) throws CertApiException {
        try {
            byte[] bytes = "noEvilShallEscapeMySight".getBytes();
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWITHMD5andDES").generateSecret(new PBEKeySpec(cArr));
            Cipher cipher = Cipher.getInstance("PBEWITHMD5andDES");
            if (z) {
                cipher.init(1, generateSecret, new PBEParameterSpec(bytes, bytes.length));
            } else {
                cipher.init(2, generateSecret, new PBEParameterSpec(bytes, bytes.length));
            }
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new CertApiException(z ? TCAErrCode.ERR_PBEENC : TCAErrCode.ERR_PBEDEC, e);
        }
    }

    static {
        if (Security.getProvider("TopSM") == null) {
            Security.addProvider(TopSMProvider.INSTANCE);
        }
        if (Security.getProperty("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        sm2Provider = Security.getProvider("TopSM");
        bcProvider = Security.getProvider("BC");
    }
}
