package org.zodiac.commons.util.crypto;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.zodiac.sdk.toolkit.constants.CharsetConstants;
import org.zodiac.sdk.toolkit.util.NetworkUtil;
import org.zodiac.sdk.toolkit.util.crypto.X509Holder;
import org.zodiac.sdk.toolkit.util.io.IOStreamUtil;
import org.zodiac.sdk.toolkit.util.lang.StrUtil;

/* loaded from: input_file:org/zodiac/commons/util/crypto/CertUtil.class */
public abstract class CertUtil {
    private static final int DEFAULT_KEY_SIZE = 2048;
    private static final int ECC_DEFAULT_KEY_SIZE = 256;
    private static final int DEFAULT_DAYS = 36500;
    private static final String EncryRSA = "RSA";
    private static final String EncryECC = "ECC";
    private static final String BC = "BC";

    private CertUtil() {
    }

    public static String[] extractSNI(X509Certificate x509Certificate) throws InvalidNameException, CertificateParsingException {
        Map<String, String> _extractSNI = _extractSNI(x509Certificate);
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, String>> it = _extractSNI.entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getKey());
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static X509Certificate loadCertificate(String str) throws IOException, CertificateException {
        return loadCertificate(IOStreamUtil.toInputStream(str, CharsetConstants.UTF_8));
    }

    public static X509Certificate loadCertificate(InputStream inputStream) throws IOException, CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static X509Certificate loadCertificate(File file) throws IOException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            X509Certificate loadCertificate = loadCertificate(fileInputStream);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return loadCertificate;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static PrivateKey load(File file) throws IOException, CertificateException {
        FileReader fileReader = new FileReader(file);
        Throwable th = null;
        try {
            Object readObject = new PEMParser(fileReader).readObject();
            if (readObject instanceof PEMKeyPair) {
                PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BC).getKeyPair((PEMKeyPair) readObject).getPrivate();
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                return privateKey;
            }
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new IllegalArgumentException("Unsupported PEM object.");
            }
            PrivateKey privateKey2 = new JcaPEMKeyConverter().setProvider(BC).getPrivateKey((PrivateKeyInfo) readObject);
            if (fileReader != null) {
                if (0 != 0) {
                    try {
                        fileReader.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    fileReader.close();
                }
            }
            return privateKey2;
        } catch (Throwable th4) {
            if (fileReader != null) {
                if (0 != 0) {
                    try {
                        fileReader.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileReader.close();
                }
            }
            throw th4;
        }
    }

    public static PrivateKey load(String str) throws IOException, CertificateException {
        StringReader stringReader = new StringReader(str);
        Throwable th = null;
        try {
            Object readObject = new PEMParser(stringReader).readObject();
            if (readObject instanceof PEMKeyPair) {
                PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BC).getKeyPair((PEMKeyPair) readObject).getPrivate();
                if (stringReader != null) {
                    if (0 != 0) {
                        try {
                            stringReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        stringReader.close();
                    }
                }
                return privateKey;
            }
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new IllegalArgumentException("Unsupported PEM object.");
            }
            PrivateKey privateKey2 = new JcaPEMKeyConverter().setProvider(BC).getPrivateKey((PrivateKeyInfo) readObject);
            if (stringReader != null) {
                if (0 != 0) {
                    try {
                        stringReader.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    stringReader.close();
                }
            }
            return privateKey2;
        } catch (Throwable th4) {
            if (stringReader != null) {
                if (0 != 0) {
                    try {
                        stringReader.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    stringReader.close();
                }
            }
            throw th4;
        }
    }

    public static PrivateKey load(InputStream inputStream) throws IOException, CertificateException {
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        Throwable th = null;
        try {
            Object readObject = new PEMParser(inputStreamReader).readObject();
            if (readObject instanceof PEMKeyPair) {
                PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BC).getKeyPair((PEMKeyPair) readObject).getPrivate();
                if (inputStreamReader != null) {
                    if (0 != 0) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                return privateKey;
            }
            if (!(readObject instanceof PrivateKeyInfo)) {
                throw new IllegalArgumentException("Unsupported PEM object.");
            }
            PrivateKey privateKey2 = new JcaPEMKeyConverter().setProvider(BC).getPrivateKey((PrivateKeyInfo) readObject);
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
            return privateKey2;
        } catch (Throwable th4) {
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
            throw th4;
        }
    }

    private static String pemWriter(Object obj) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(obj);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    public static String content(PrivateKey privateKey) throws IOException {
        return pemWriter(privateKey);
    }

    public static String content(PublicKey publicKey) throws IOException {
        return pemWriter(publicKey);
    }

    public static String content(X509Certificate x509Certificate) throws IOException {
        return pemWriter(x509Certificate);
    }

    public static X509Holder genRSA(String str) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, false, DEFAULT_DAYS, 2048, null, null, null);
    }

    public static X509Holder genRSA(String str, String[] strArr) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, false, DEFAULT_DAYS, 2048, strArr, null, null);
    }

    public static X509Holder genRSA(String str, String[] strArr, int i) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, false, DEFAULT_DAYS, i, strArr, null, null);
    }

    public static X509Holder genRSA(String str, String[] strArr, X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, true, DEFAULT_DAYS, 2048, strArr, x509Certificate, privateKey);
    }

    public static X509Holder genECC(String str) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, false, DEFAULT_DAYS, 256, null, null, null);
    }

    public static X509Holder genECC(String str, String[] strArr) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, false, DEFAULT_DAYS, 256, strArr, null, null);
    }

    public static X509Holder genECC(String str, String[] strArr, int i) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, false, DEFAULT_DAYS, i, strArr, null, null);
    }

    public static X509Holder genECC(String str, String[] strArr, X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, true, DEFAULT_DAYS, 256, strArr, x509Certificate, privateKey);
    }

    public static X509Holder genCA(String str) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, true, DEFAULT_DAYS, 2048, null, null, null);
    }

    public static X509Holder genCA(String str, int i) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryRSA, str, true, i, 2048, null, null, null);
    }

    public static X509Holder genCAuseECC(String str) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, true, DEFAULT_DAYS, 256, null, null, null);
    }

    public static X509Holder genCAuseECC(String str, int i) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        return gen(EncryECC, str, true, i, 256, null, null, null);
    }

    public static String toPKCS8(PrivateKey privateKey) throws NoSuchAlgorithmException, IOException {
        try {
            PemObject pemObject = new PemObject("PRIVATE KEY", KeyFactory.getInstance(EncryRSA).generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded())).getEncoded());
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(pemObject);
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return stringWriter.toString();
                } finally {
                }
            } catch (Throwable th3) {
                if (jcaPEMWriter != null) {
                    if (th != null) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                throw th3;
            }
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeyPair createECKeyPair() {
        return createECKeyPair("secp384r1");
    }

    public static KeyPair createECKeyPair(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BC);
            keyPairGenerator.initialize((AlgorithmParameterSpec) ECNamedCurveTable.getParameterSpec(str), new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new IllegalStateException(e);
        }
    }

    public static AsymmetricCipherKeyPair generateEd25519KeyPair() {
        Ed25519KeyPairGenerator ed25519KeyPairGenerator = new Ed25519KeyPairGenerator();
        ed25519KeyPairGenerator.init(new Ed25519KeyGenerationParameters((SecureRandom) null));
        return ed25519KeyPairGenerator.generateKeyPair();
    }

    private static Map<String, String> _extractSNI(X509Certificate x509Certificate) throws InvalidNameException, CertificateParsingException {
        HashMap hashMap = new HashMap();
        String str = null;
        Iterator it = new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Rdn rdn = (Rdn) it.next();
            if (rdn.getType().equalsIgnoreCase("CN")) {
                str = rdn.getValue().toString();
                break;
            }
        }
        if (StrUtil.isNotBlank(str)) {
            hashMap.put(str, str);
        }
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (list.get(1) != null) {
                    String valueOf = String.valueOf(list.get(1));
                    hashMap.put(valueOf, valueOf);
                }
            }
        }
        return hashMap;
    }

    private static X509Holder gen(String str, String str2, boolean z, int i, int i2, String[] strArr, X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, IOException, CertificateException, OperatorCreationException, InvalidAlgorithmParameterException {
        ContentSigner build;
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        X509Holder x509Holder = new X509Holder();
        KeyPairGenerator keyPairGenerator = null;
        if (StrUtil.isBlank(str) || StrUtil.equalsIgnoreCase(EncryRSA, str)) {
            keyPairGenerator = KeyPairGenerator.getInstance(EncryRSA);
            keyPairGenerator.initialize(i2);
        } else if (StrUtil.equalsIgnoreCase(EncryECC, str)) {
            try {
                keyPairGenerator = KeyPairGenerator.getInstance("EC", BC);
                keyPairGenerator.initialize((AlgorithmParameterSpec) ECNamedCurveTable.getParameterSpec("P-" + i2), new SecureRandom());
            } catch (NoSuchProviderException e) {
                throw new RuntimeException(e);
            }
        }
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey2 = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        X500Name x500Name = new X500Name(str2);
        Date date = new Date(System.currentTimeMillis() - 86400000);
        Date date2 = new Date(date.getTime() + (i * 24 * 60 * 60 * 1000));
        if (x509Certificate == null) {
            build = StrUtil.equalsIgnoreCase("EC", privateKey2.getAlgorithm()) ? new JcaContentSignerBuilder("SHA256with" + privateKey2.getAlgorithm() + "DSA").setProvider(BC).build(privateKey2) : new JcaContentSignerBuilder("SHA256with" + privateKey2.getAlgorithm()).setProvider(BC).build(privateKey2);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500Name, publicKey);
        } else {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(str2), publicKey);
            build = new JcaContentSignerBuilder("SHA256with" + privateKey.getAlgorithm()).setProvider(BC).build(privateKey);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, new BigInteger(64, new SecureRandom()), date, date2, jcaPKCS10CertificationRequestBuilder.build(build).getSubject(), publicKey);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(x509Certificate == null));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6).getEncoded());
        if (strArr != null && strArr.length > 0) {
            ArrayList arrayList = new ArrayList();
            for (String str3 : strArr) {
                if (NetworkUtil.isInetAddress(str3)) {
                    arrayList.add(new GeneralName(7, str3));
                } else {
                    arrayList.add(new GeneralName(2, str3));
                }
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        }
        X509CertificateHolder build2 = jcaX509v3CertificateBuilder.build(build);
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider(BC);
        X509Certificate certificate = jcaX509CertificateConverter.getCertificate(build2);
        x509Holder.setCert(content(certificate));
        x509Holder.setKey(content(privateKey2));
        x509Holder.setCertificate(certificate);
        x509Holder.setKeyPair(generateKeyPair);
        return x509Holder;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
