package org.nervousync.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Optional;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.nervousync.commons.Globals;
import org.nervousync.utils.LoggerUtils;

/* loaded from: input_file:org/nervousync/utils/CertificateUtils.class */
public final class CertificateUtils {
    private static final LoggerUtils.Logger LOGGER = LoggerUtils.getLogger(CertificateUtils.class);

    private CertificateUtils() {
    }

    public static KeyPair keyPair(String str, String str2, int i) {
        SecureRandom secureRandom;
        if (i % 128 != 0) {
            LOGGER.error("Utils", "Key_Size_Invalid_Error");
            return null;
        }
        KeyPair keyPair = null;
        try {
            if (StringUtils.isEmpty(str2)) {
                LOGGER.warn("Utils", "Random_Algorithm_Default_Warn");
                secureRandom = SecureRandom.getInstance("SHA1PRNG");
            } else {
                secureRandom = SecureRandom.getInstance(str2);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "BC");
            if (str.equalsIgnoreCase("EC")) {
                keyPairGenerator.initialize(new ECGenParameterSpec("sm2p256v1"), secureRandom);
            } else {
                keyPairGenerator.initialize(i, secureRandom);
            }
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            LOGGER.error("Utils", "Init_Key_Pair_Generator_Error");
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Utils", "Stack_Message_Error", e);
            }
        }
        return keyPair;
    }

    public static X509Certificate x509(PublicKey publicKey, long j, Date date, Date date2, String str, PrivateKey privateKey, String str2) {
        if (publicKey == null || privateKey == null || StringUtils.isEmpty(str2)) {
            return null;
        }
        X500Name x500Name = new X500Name("CN=" + str);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(j), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        try {
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE.booleanValue(), new BasicConstraints(Boolean.FALSE.booleanValue()));
            return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str2).setProvider("BC").build(privateKey)));
        } catch (OperatorCreationException | IOException | GeneralSecurityException e) {
            LOGGER.error("Utils", "PKCS12_Generate_Error");
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Utils", "Stack_Message_Error", e);
            return null;
        }
    }

    public static X509Certificate x509(byte[] bArr) {
        return x509(bArr, Boolean.FALSE.booleanValue());
    }

    public static X509Certificate x509(byte[] bArr, PublicKey publicKey) {
        return x509(bArr, publicKey, Boolean.FALSE.booleanValue());
    }

    public static X509Certificate x509(byte[] bArr, boolean z) {
        return x509(bArr, (PublicKey) null, z);
    }

    public static X509Certificate x509(byte[] bArr, PublicKey publicKey, boolean z) {
        X509Certificate x509Certificate;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(bArr));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Utils", "Certificate_SN_Debug", x509Certificate.getSerialNumber().toString());
            }
            if (z) {
                x509Certificate.checkValidity();
            }
            if (publicKey != null) {
                x509Certificate.verify(publicKey, "BC");
            }
        } catch (Exception e) {
            LOGGER.error("Utils", "Certificate_Invalid_Error");
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Utils", "Stack_Message_Error", e);
            }
            x509Certificate = null;
        }
        return x509Certificate;
    }

    public static boolean verify(X509Certificate x509Certificate) {
        return verify(x509Certificate, null, Boolean.TRUE.booleanValue());
    }

    public static boolean verify(X509Certificate x509Certificate, PublicKey publicKey) {
        return verify(x509Certificate, publicKey, Boolean.FALSE.booleanValue());
    }

    public static boolean verify(X509Certificate x509Certificate, PublicKey publicKey, boolean z) {
        if (x509Certificate == null) {
            return Boolean.FALSE.booleanValue();
        }
        if (z) {
            try {
                x509Certificate.checkValidity();
            } catch (Exception e) {
                LOGGER.error("Utils", "Certificate_Invalid_Error");
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Utils", "Stack_Message_Error", e);
                }
                return Boolean.FALSE.booleanValue();
            }
        }
        x509Certificate.verify(publicKey == null ? x509Certificate.getPublicKey() : publicKey, "BC");
        return Boolean.TRUE.booleanValue();
    }

    public static X509Certificate x509(byte[] bArr, String str, String str2) {
        return x509(bArr, str, str2, null, Boolean.FALSE.booleanValue());
    }

    public static X509Certificate x509(String str, String str2, String str3) {
        try {
            return x509(FileUtils.readFileBytes(str), str2, str3);
        } catch (IOException e) {
            return null;
        }
    }

    public static X509Certificate x509(byte[] bArr, String str, String str2, PublicKey publicKey, boolean z) {
        return (X509Certificate) Optional.ofNullable(loadKeyStore(bArr, str2)).filter(keyStore -> {
            return checkKey(keyStore, str);
        }).map(keyStore2 -> {
            X509Certificate x509Certificate;
            try {
                x509Certificate = (X509Certificate) keyStore2.getCertificate(str);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Utils", "Certificate_SN_Debug", x509Certificate.getSerialNumber().toString());
                }
                if (z) {
                    x509Certificate.checkValidity();
                }
                if (publicKey != null) {
                    x509Certificate.verify(publicKey, "BC");
                }
            } catch (Exception e) {
                LOGGER.error("Utils", "Certificate_Invalid_Error");
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Utils", "Stack_Message_Error", e);
                }
                x509Certificate = null;
            }
            return x509Certificate;
        }).orElse(null);
    }

    public static PublicKey publicKey(String str, byte[] bArr) {
        try {
            return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.error("Utils", "Data_Generate_Key_Error");
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Utils", "Stack_Message_Error", e);
            return null;
        }
    }

    public static PrivateKey privateKey(String str, byte[] bArr) {
        try {
            return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.error("Utils", "Data_Generate_Key_Error");
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Utils", "Stack_Message_Error", e);
            return null;
        }
    }

    public static PrivateKey privateKey(byte[] bArr, String str, String str2) {
        KeyStore loadKeyStore = loadKeyStore(bArr, str2);
        if (loadKeyStore == null || !checkKey(loadKeyStore, str)) {
            return null;
        }
        return privateKey(loadKeyStore, str, str2);
    }

    public static PrivateKey privateKey(String str, String str2, String str3) {
        KeyStore loadKeyStore = loadKeyStore(str, str3);
        if (loadKeyStore == null || !checkKey(loadKeyStore, str2)) {
            return null;
        }
        return privateKey(loadKeyStore, str2, str3);
    }

    public static byte[] PKCS12(KeyPair keyPair, long j, Date date, Date date2, String str, String str2, String str3, PrivateKey privateKey, String str4) {
        char[] charArray = StringUtils.isEmpty(str3) ? Globals.DEFAULT_VALUE_STRING.toCharArray() : str3.toCharArray();
        X500Name x500Name = new X500Name("CN=" + str2);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(j), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                x509v3CertificateBuilder.addExtension(Extension.basicConstraints, Boolean.FALSE.booleanValue(), new BasicConstraints(Boolean.FALSE.booleanValue()));
                X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str4).setProvider("BC").build(privateKey == null ? keyPair.getPrivate() : privateKey)));
                KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                keyStore.load(null, null);
                keyStore.setKeyEntry(str, keyPair.getPrivate(), charArray, new Certificate[]{certificate});
                byteArrayOutputStream = new ByteArrayOutputStream();
                keyStore.store(byteArrayOutputStream, charArray);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                IOUtils.closeStream(byteArrayOutputStream);
                return byteArray;
            } catch (OperatorCreationException | IOException | GeneralSecurityException e) {
                LOGGER.error("Utils", "PKCS12_Generate_Error");
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Utils", "Stack_Message_Error", e);
                }
                byte[] bArr = new byte[0];
                IOUtils.closeStream(byteArrayOutputStream);
                return bArr;
            }
        } catch (Throwable th) {
            IOUtils.closeStream(byteArrayOutputStream);
            throw th;
        }
    }

    public static KeyStore loadKeyStore(byte[] bArr, String str) {
        return loadKeyStore(new ByteArrayInputStream(bArr), str);
    }

    public static KeyStore loadKeyStore(String str, String str2) {
        try {
            return loadKeyStore(new FileInputStream(str), str2);
        } catch (FileNotFoundException e) {
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Utils", "Load_Key_Store_Error", e);
            return null;
        }
    }

    public static KeyStore loadKeyStore(InputStream inputStream, String str) {
        KeyStore keyStore;
        try {
            try {
                keyStore = KeyStore.getInstance("PKCS12", "BC");
                keyStore.load(inputStream, str == null ? null : str.toCharArray());
                IOUtils.closeStream(inputStream);
            } catch (Exception e) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Utils", "Load_Key_Store_Error", e);
                }
                keyStore = null;
                IOUtils.closeStream(inputStream);
            }
            return keyStore;
        } catch (Throwable th) {
            IOUtils.closeStream(inputStream);
            throw th;
        }
    }

    public static boolean checkKey(KeyStore keyStore, String str) {
        if (keyStore == null || str == null) {
            return Boolean.FALSE.booleanValue();
        }
        try {
            return keyStore.isKeyEntry(str);
        } catch (KeyStoreException e) {
            return Boolean.FALSE.booleanValue();
        }
    }

    public static X509Certificate x509(KeyStore keyStore, String str) {
        try {
            return (X509Certificate) keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            LOGGER.error("Utils", "Read_Certificate_Error");
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Utils", "Stack_Message_Error", e);
            return null;
        }
    }

    public static PrivateKey privateKey(KeyStore keyStore, String str, String str2) {
        char[] charArray;
        if (str2 == null) {
            charArray = null;
        } else {
            try {
                charArray = str2.toCharArray();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                LOGGER.error("Utils", "Read_Private_Key_From_Store_Error");
                if (!LOGGER.isDebugEnabled()) {
                    return null;
                }
                LOGGER.debug("Utils", "Stack_Message_Error", e);
                return null;
            }
        }
        return (PrivateKey) keyStore.getKey(str, charArray);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
