package org.zz.gmhelper.cert;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12SafeBagFactory;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
import org.zz.gmhelper.BCECUtil;
import org.zz.gmhelper.SM2Util;

/* loaded from: input_file:BOOT-INF/lib/infras-crypto-0.1.3-SNAPSHOT.jar:org/zz/gmhelper/cert/SM2CertUtil.class */
public class SM2CertUtil {
    public static BCECPublicKey getBCECPublicKey(X509Certificate x509Certificate) {
        ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
        return new BCECPublicKey(eCPublicKey.getAlgorithm(), new ECPublicKeySpec(eCPublicKey.getQ(), new ECParameterSpec(SM2Util.CURVE, SM2Util.G_POINT, SM2Util.SM2_ECC_N, SM2Util.SM2_ECC_H)), BouncyCastleProvider.CONFIGURATION);
    }

    public static boolean verifyCertificate(BCECPublicKey bCECPublicKey, X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(bCECPublicKey, BouncyCastleProvider.PROVIDER_NAME);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static X509Certificate getX509Certificate(String str) throws IOException, CertificateException, NoSuchProviderException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            X509Certificate x509Certificate = getX509Certificate(fileInputStream);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static X509Certificate getX509Certificate(byte[] bArr) throws CertificateException, NoSuchProviderException {
        return getX509Certificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate getX509Certificate(InputStream inputStream) throws CertificateException, NoSuchProviderException {
        return (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(inputStream);
    }

    public static CertPath getCertificateChain(String str) throws IOException, CertificateException, NoSuchProviderException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            CertPath certificateChain = getCertificateChain(fileInputStream);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return certificateChain;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static CertPath getCertificateChain(byte[] bArr) throws CertificateException, NoSuchProviderException {
        return getCertificateChain(new ByteArrayInputStream(bArr));
    }

    public static byte[] getCertificateChainBytes(CertPath certPath) throws CertificateEncodingException {
        return certPath.getEncoded(PEMParser.TYPE_PKCS7);
    }

    public static CertPath getCertificateChain(InputStream inputStream) throws CertificateException, NoSuchProviderException {
        return CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertPath(inputStream, PEMParser.TYPE_PKCS7);
    }

    public static CertPath getCertificateChain(List<X509Certificate> list) throws CertificateException, NoSuchProviderException {
        return CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertPath(list);
    }

    public static X509Certificate getX509CertificateFromPfx(byte[] bArr, String str) throws Exception {
        InputDecryptorProvider build = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(str.toCharArray());
        ContentInfo[] contentInfos = new PKCS12PfxPdu(bArr).getContentInfos();
        if (contentInfos.length != 2) {
            throw new Exception("Only support one pair ContentInfo");
        }
        for (int i = 0; i != contentInfos.length; i++) {
            if (contentInfos[i].getContentType().equals((ASN1Primitive) PKCSObjectIdentifiers.encryptedData)) {
                return getX509Certificate(((X509CertificateHolder) new PKCS12SafeBagFactory(contentInfos[i], build).getSafeBags()[0].getBagValue()).getEncoded());
            }
        }
        throw new Exception("Not found X509Certificate in this pfx");
    }

    public static BCECPublicKey getPublicKeyFromPfx(byte[] bArr, String str) throws Exception {
        return getBCECPublicKey(getX509CertificateFromPfx(bArr, str));
    }

    public static BCECPrivateKey getPrivateKeyFromPfx(byte[] bArr, String str) throws Exception {
        InputDecryptorProvider build = new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(str.toCharArray());
        ContentInfo[] contentInfos = new PKCS12PfxPdu(bArr).getContentInfos();
        if (contentInfos.length != 2) {
            throw new Exception("Only support one pair ContentInfo");
        }
        for (int i = 0; i != contentInfos.length; i++) {
            if (!contentInfos[i].getContentType().equals((ASN1Primitive) PKCSObjectIdentifiers.encryptedData)) {
                return BCECUtil.convertPKCS8ToECPrivateKey(((PKCS8EncryptedPrivateKeyInfo) new PKCS12SafeBagFactory(contentInfos[i]).getSafeBags()[0].getBagValue()).decryptPrivateKeyInfo(build).getEncoded());
            }
        }
        throw new Exception("Not found Private Key in this pfx");
    }
}
