package com.alipay.oasis.client.challenger.util;

import com.alipay.oasis.client.challenger.crypto.key.Constant;
import com.alipay.oasis.client.challenger.exception.OasisCryptoException;
import com.alipay.oasis.client.challenger.exception.UnexpectException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

/* loaded from: input_file:com/alipay/oasis/client/challenger/util/CertUtil.class */
public class CertUtil {
    private static final Log LOGGER = LogFactory.getLog(CertUtil.class);
    private static Pattern CERT_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----", 32);

    public static X509Certificate loadX509CertFromFile(Class<?> cls, String str) throws CertificateException, UnexpectException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(cls.getClassLoader().getResourceAsStream(str));
    }

    public static String x509CertToString(Class<?> cls, String str) throws CertificateException, UnexpectException {
        return "-----BEGIN CERTIFICATE-----\n" + Base64.getEncoder().encodeToString(loadX509CertFromFile(cls, str).getEncoded()) + "\n-----END CERTIFICATE-----\n";
    }

    public static X509Certificate stringToX509Cert(String str) throws UnsupportedEncodingException, UnexpectException, CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8")));
    }

    public static List<X509Certificate> stringToX509CertChain(String str) throws UnsupportedEncodingException, UnexpectException, CertificateException {
        Matcher matcher = CERT_PATTERN.matcher(str);
        ArrayList arrayList = new ArrayList(4);
        while (matcher.find()) {
            arrayList.add(stringToX509Cert("-----BEGIN CERTIFICATE-----" + matcher.group(1) + "-----END CERTIFICATE-----"));
        }
        return arrayList;
    }

    public static List<X509CertificateHolder> loadX509CertChainHolder(String str) {
        try {
            ArrayList arrayList = new ArrayList();
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    return arrayList;
                }
                arrayList.add((X509CertificateHolder) readObject);
            }
        } catch (IOException e) {
            LOGGER.warn("Parse Pem Format CertChain String Fail: " + e.getMessage());
            throw new OasisCryptoException("Get CertChain Fail");
        }
    }

    public static String getCertPublicKey(X509CertificateHolder x509CertificateHolder) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            PublicKey publicKey = new JcaPEMKeyConverter().setProvider(Constant.BC_PROVIDER).getPublicKey(x509CertificateHolder.getSubjectPublicKeyInfo());
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(publicKey);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (IOException e) {
            LOGGER.warn("Get Cert public Key Fail: " + e.getMessage());
            throw new OasisCryptoException("Get Cert Public Key Fail");
        }
    }
}
