package com.ajaxjs.wechat.common;

import com.ajaxjs.util.StrUtil;
import com.ajaxjs.util.io.Resources;
import com.ajaxjs.util.io.StreamHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/ajaxjs/wechat/common/PemUtil.class */
public class PemUtil {
    private static String privateKeyContent;

    public static PrivateKey loadPrivateKeyByPath(String str) {
        if (privateKeyContent == null) {
            privateKeyContent = Resources.getResourceText(str);
        }
        return loadPrivateKey(privateKeyContent);
    }

    public static PrivateKey loadPrivateKey(String str) {
        Objects.requireNonNull(str, "没有私钥内容");
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s+", ""))));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("当前Java环境不支持RSA", e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException("无效的密钥格式");
        }
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2048);
        byte[] bArr = new byte[StreamHelper.BUFFER_SIZE];
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return loadPrivateKey(byteArrayOutputStream.toString(StrUtil.UTF8_SYMBOL));
                }
                byteArrayOutputStream.write(bArr, 0, read);
            } catch (IOException e) {
                throw new IllegalArgumentException("无效的密钥", e);
            }
        }
    }

    public static Map<BigInteger, X509Certificate> deserializeToCerts(String str, Map<String, Object> map) throws GeneralSecurityException {
        AesUtil aesUtil = new AesUtil(StrUtil.getUTF8_Bytes(str));
        List list = (List) map.get("data");
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(list)) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Map map2 = (Map) ((Map) it.next()).get("encrypt_certificate");
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(aesUtil.decryptToString(StrUtil.getUTF8_Bytes(remove(map2.get("associated_data"))), StrUtil.getUTF8_Bytes(remove(map2.get("nonce"))), remove(map2.get("ciphertext"))).getBytes(StandardCharsets.UTF_8)));
                try {
                    x509Certificate.checkValidity();
                    hashMap.put(x509Certificate.getSerialNumber(), x509Certificate);
                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                }
            }
        }
        return hashMap;
    }

    private static String remove(Object obj) {
        return obj.toString().replace("\"", "");
    }
}
