package com.kayak.sign;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.misc.BASE64Encoder;
import sun.security.pkcs10.PKCS10;

/* loaded from: input_file:com/kayak/sign/CertUtil.class */
public class CertUtil {
    public static void verifyCA(String str, String str2) throws FileNotFoundException, CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        readCer(new FileInputStream(str2)).verify(readCer(new FileInputStream(str)).getPublicKey());
    }

    public static PKCS10 readCsrString(String str) throws Exception {
        Matcher matcher = Pattern.compile("-----BEGIN (?:NEW)?\\s?CERTIFICATE REQUEST-----([\\s\\S]*?)-----END (?:NEW)?\\s?CERTIFICATE REQUEST-----([\\s\\S]*)").matcher(str);
        if (matcher.find()) {
            return new PKCS10(Base64.decode(matcher.group(1)));
        }
        throw new Exception("文件错误 ，无法读取csr");
    }

    public static PKCS10 readCsr(InputStream inputStream) throws Exception {
        byte[] bArr = new byte[inputStream.available()];
        inputStream.read(bArr);
        inputStream.close();
        Matcher matcher = Pattern.compile("-----BEGIN (?:NEW)?\\s?CERTIFICATE REQUEST-----([\\s\\S]*?)-----END (?:NEW)?\\s?CERTIFICATE REQUEST-----([\\s\\S]*)").matcher(new String(bArr, "ISO-8859-1"));
        if (matcher.find()) {
            return new PKCS10(Base64.decode(matcher.group(1)));
        }
        throw new Exception("文件错误 ，无法读取csr");
    }

    public static KeyPair exKeyFromJks(String str, String str2) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        Enumeration<String> aliases = keyStore.aliases();
        String str3 = null;
        if (aliases.hasMoreElements()) {
            str3 = aliases.nextElement();
        }
        Key key = keyStore.getKey(str3, str2.toCharArray());
        if (key instanceof PrivateKey) {
            return new KeyPair(keyStore.getCertificate(str3).getPublicKey(), (PrivateKey) key);
        }
        return null;
    }

    public static Certificate[] exChainsFromJks(String str, String str2) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        Enumeration<String> aliases = keyStore.aliases();
        String str3 = null;
        if (aliases.hasMoreElements()) {
            str3 = aliases.nextElement();
        }
        return keyStore.getCertificateChain(str3);
    }

    public static X509Certificate readCer(InputStream inputStream) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static void fixPfx(String str, String str2, String str3, String str4) throws Exception {
        try {
            Security.addProvider(new BouncyCastleProvider());
            KeyStore keyStore = KeyStore.getInstance("pkcs12", "BC");
            keyStore.load(null, str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            String str5 = null;
            if (aliases.hasMoreElements()) {
                str5 = aliases.nextElement();
            }
            keyStore.setKeyEntry(str5, exKeyFromJks(str, str2).getPrivate(), str2.toCharArray(), exChainsFromJks(str, str2));
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str3) + str4 + ".pfx");
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (IOException e) {
            throw new Exception("文件读写失败");
        } catch (KeyStoreException e2) {
            throw new Exception("KeyStore错误");
        } catch (NoSuchAlgorithmException e3) {
            throw new Exception("无效的算法");
        } catch (NoSuchProviderException e4) {
            throw new Exception("未知的错误");
        } catch (CertificateException e5) {
            throw new Exception("证书异常");
        }
    }

    public static String getPrivateKey(String str, String str2) throws Exception {
        KeyPair exKeyFromJks = exKeyFromJks(str, str2);
        if (exKeyFromJks != null) {
            return Base64.encode(exKeyFromJks.getPrivate().getEncoded());
        }
        return null;
    }

    public static byte[] getPrivateKeybyte(String str, String str2) throws Exception {
        KeyPair exKeyFromJks = exKeyFromJks(str, str2);
        if (exKeyFromJks != null) {
            return exKeyFromJks.getPrivate().getEncoded();
        }
        return null;
    }

    public static String getPublicKey(String str, String str2) throws Exception {
        if (str.toUpperCase().endsWith(".JKS")) {
            KeyPair exKeyFromJks = exKeyFromJks(str, str2);
            if (exKeyFromJks == null) {
                return null;
            }
            return new BASE64Encoder().encodeBuffer(exKeyFromJks.getPublic().getEncoded());
        }
        if (!str.toUpperCase().endsWith(".CER")) {
            return null;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        X509Certificate readCer = readCer(fileInputStream);
        fileInputStream.close();
        return new BASE64Encoder().encodeBuffer(readCer.getPublicKey().getEncoded());
    }
}
