package cn.com.jsgxca.client.cert;

import cn.com.jsgxca.client.exception.JSGXCAException;
import cn.com.jsgxca.client.util.StringUtil;
import com.custle.security.common.util.KeyFromDER;
import com.custle.security.common.util.SignatureAlgorithmConvert;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:WEB-INF/lib/jsgxcatoolsmt-2.4-huc.jar:cn/com/jsgxca/client/cert/CertificateInfo.class */
public class CertificateInfo {
    private String issuer;
    private String subject;
    private String commonName;
    private PublicKey publicKey;
    private ECPublicKeyParameters ecPublicKeyParam;
    private byte[] signData;
    private String signAlg;
    private String keyAlg;
    private int keyLength;
    private String serialNumber;
    private Certificate certificate;
    private X509Certificate x509Certificate;
    private String base64CertString;
    private Extensions extensions;
    private int version;
    private Date notBefore;
    private Date notAfter;
    private Map<String, String> subjectDN;

    public CertificateInfo(byte[] bArr) throws JSGXCAException {
        decode(new String(StringUtil.checkPEM(bArr) == null ? Base64.encode(bArr) : bArr));
    }

    public CertificateInfo(String str) throws JSGXCAException {
        decode(str);
    }

    private void decode(String str) throws JSGXCAException {
        try {
            String replaceAll = str.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", "").replaceAll("-----END NEW CERTIFICATE REQUEST-----", "").replaceAll("(\r\n|\r|\n|\n\r)", "").replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll("-----BEGIN CERTIFICATE REQUEST-----", "").replaceAll("-----END CERTIFICATE REQUEST-----", "").replaceAll("-----BEGINCERTIFICATE-----", "").replaceAll("-----ENDCERTIFICATE-----", "");
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(Base64.decode(replaceAll)));
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            this.certificate = Certificate.getInstance(aSN1Sequence);
            this.issuer = this.certificate.getIssuer().toString();
            this.subject = this.certificate.getSubject().toString();
            if (this.subject != null && !"".equals(this.subject)) {
                this.subjectDN = new HashMap();
                String[] split = this.subject.split(",");
                for (int i = 0; i < split.length; i++) {
                    this.subjectDN.put(split[i].split("=")[0], split[i].split("=")[1]);
                }
                this.commonName = this.subjectDN.get("CN");
            }
            this.keyAlg = getPublicKeyAlgoFromCert(replaceAll);
            this.signAlg = SignatureAlgorithmConvert.getAlgByIdentify(this.certificate.getSignatureAlgorithm());
            this.signData = this.certificate.getSignature().getBytes();
            this.serialNumber = Hex.toHexString(this.certificate.getSerialNumber().getValue().toByteArray()).toUpperCase();
            this.extensions = this.certificate.getTBSCertificate().getExtensions();
            this.version = this.certificate.getVersionNumber();
            this.notBefore = this.certificate.getStartDate().getDate();
            this.notAfter = this.certificate.getEndDate().getDate();
            this.base64CertString = replaceAll;
            this.x509Certificate = new X509CertificateObject(this.certificate);
            this.publicKey = KeyFromDER.getPublicKeyFromCert(replaceAll);
            if (this.publicKey == null || this.publicKey.getEncoded() == null) {
                return;
            }
            this.keyLength = this.publicKey.getEncoded().length;
        } catch (Exception e) {
            e.printStackTrace();
            throw new JSGXCAException("证书解析出错！", e);
        }
    }

    public String getX509CertificateExtension(String str) throws IOException {
        ASN1Encodable extensionParsedValue;
        String str2 = null;
        if (this.extensions != null && (extensionParsedValue = this.extensions.getExtensionParsedValue(new ASN1ObjectIdentifier(str))) != null) {
            str2 = extensionParsedValue.toString();
        }
        return str2;
    }

    public String[] getCrlAddress() throws Exception {
        String[] strArr = null;
        try {
            ASN1Encodable extensionParsedValue = this.extensions.getExtensionParsedValue(X509Extensions.CRLDistributionPoints);
            if (extensionParsedValue != null) {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) extensionParsedValue;
                int size = aSN1Sequence.size();
                strArr = new String[size];
                for (int i = 0; i < size; i++) {
                    DistributionPointName distributionPoint = new DistributionPoint(ASN1Sequence.getInstance(aSN1Sequence.getObjectAt(i))).getDistributionPoint();
                    if (distributionPoint != null && distributionPoint.getType() == 0) {
                        strArr[i] = ((GeneralNames) distributionPoint.getName()).getNames()[0].getName().toString();
                    }
                }
            }
            return strArr;
        } catch (Exception e) {
            throw new Exception("get Ext Crl Distribution Point error!", e);
        }
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getSubject() {
        return this.subject;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public byte[] getSignData() {
        return this.signData;
    }

    public String getSignAlg() {
        return this.signAlg;
    }

    public String getKeyAlg() {
        return this.keyAlg;
    }

    public int getKeyLength() {
        return this.keyLength;
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public int getVersion() {
        return this.version;
    }

    public String getBase64CertString() {
        return this.base64CertString;
    }

    public Date getNotBefore() {
        return this.notBefore;
    }

    public Date getNotAfter() {
        return this.notAfter;
    }

    public X509Certificate getX509Certificate() {
        return this.x509Certificate;
    }

    public Map<String, String> getSubjectDN() {
        return this.subjectDN;
    }

    public String getCommonName() {
        return this.commonName;
    }

    public Extensions getExtensions() {
        return this.extensions;
    }

    public ECPublicKeyParameters getEcPublicKeyParam() {
        return this.ecPublicKeyParam;
    }

    private String getPublicKeyAlgoFromCert(String str) throws NoSuchAlgorithmException, IOException {
        ASN1InputStream aSN1InputStream = null;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(Base64.decode(str.replaceAll("-----BEGIN NEW CERTIFICATE REQUEST-----", "").replaceAll("-----END NEW CERTIFICATE REQUEST-----", "").replaceAll("(\r\n|\r|\n|\n\r)", "").replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll("-----BEGIN CERTIFICATE REQUEST-----", "").replaceAll("-----END CERTIFICATE REQUEST-----", "").replaceAll("-----BEGINCERTIFICATE-----", "").replaceAll("-----ENDCERTIFICATE-----", ""))));
            String algByIdentify = SignatureAlgorithmConvert.getAlgByIdentify(Certificate.getInstance(ASN1Sequence.getInstance(aSN1InputStream.readObject())).getSubjectPublicKeyInfo().getAlgorithm());
            if (aSN1InputStream != null) {
                aSN1InputStream.close();
            }
            return algByIdentify;
        } catch (Throwable th) {
            if (aSN1InputStream != null) {
                aSN1InputStream.close();
            }
            throw th;
        }
    }

    public BCECPublicKey convertPublicKey(byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException {
        return (BCECPublicKey) KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePublic(new X509EncodedKeySpec(bArr));
    }

    public SubjectPublicKeyInfo getPublicKeyInfo(byte[] bArr) throws IOException {
        return Certificate.getInstance((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getSubjectPublicKeyInfo();
    }

    public ECPublicKeyParameters convertPublicKey(BCECPublicKey bCECPublicKey) {
        ECParameterSpec parameters = bCECPublicKey.getParameters();
        return new ECPublicKeyParameters(bCECPublicKey.getQ(), new ECDomainParameters(parameters.getCurve(), parameters.getG(), parameters.getN(), parameters.getH()));
    }

    public BCECPublicKey convertPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return convertPublicKey(subjectPublicKeyInfo.toASN1Primitive().getEncoded(ASN1Encoding.DER));
    }
}
