package com.jyt.baseUtil.rsa;

import com.example.utils.Util;
import com.jyt.baseUtil.exception.AppException;
import com.jyt.baseUtil.utils.Base64Util;
import com.jyt.baseUtil.utils.StringUtil;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Enumeration;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* loaded from: classes.dex */
public class RSAHelper implements Serializable {
    public static final String CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";
    public static final int KEYBIT = 2048;
    public static final String KEY_ALGORITHM = "RSA";
    public static final int RESERVEBYTES = 11;
    public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
    private static final Log log = LogFactory.getLog(RSAHelper.class);
    private static final long serialVersionUID = 1;
    private X509Certificate cfcaRoot;
    private PrivateKey localPrivKey;
    private PublicKey peerPubKey;

    private boolean checkIsInCRL(X509Certificate x509Certificate, X509CRL x509crl) {
        log.info("证书序列号=" + getSerialNumber(x509Certificate).toUpperCase());
        log.info("证书DN=" + x509Certificate.getSubjectDN());
        if (x509crl.isRevoked(x509Certificate)) {
            log.info("证书被吊销");
            return true;
        }
        log.info("证书可用");
        return false;
    }

    public static X509Certificate getCertificate(String str) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(str));
    }

    private PrivateKey getPrivateKey(byte[] bArr, String str, X509CRL x509crl) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            char[] charArray = (str == null || str.trim().equals("")) ? null : str.toCharArray();
            keyStore.load(byteArrayInputStream, charArray);
            byteArrayInputStream.close();
            Enumeration<String> aliases = keyStore.aliases();
            String nextElement = aliases.hasMoreElements() ? aliases.nextElement() : null;
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, charArray);
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            log.info("开始校验我方平台证书有效期");
            x509Certificate.checkValidity();
            log.info("我方平台证书有效期检查OK！");
            if (x509crl != null) {
                log.info("开始检查我方平台是否在CFCA证书吊销列表中");
                if (checkIsInCRL(x509Certificate, x509crl)) {
                    log.error("我方平台在CFCA证书吊销列表中，是有效的证书");
                    throw new AppException("E9000018", "证书在CFCA证书吊销列表中");
                }
                log.info("我方平台不在CFCA证书吊销列表中，是有效的证书");
            }
            log.info("开始平台对证书验签！");
            if (verifyCert(x509Certificate)) {
                log.info("对平台证书验签OK！");
                return privateKey;
            }
            log.info("对证书验签失败，是无效证书");
            throw new AppException("E9000018", "证书验签失败，是无效证书");
        } catch (CertificateExpiredException e) {
            log.error("证书已经失效", e);
            throw new AppException("E9000018", "证书已经失效");
        } catch (CertificateNotYetValidException e2) {
            log.error("当前时间不在证书有效期内", e2);
            throw new AppException("E9000018", "证书已经失效");
        } catch (Exception e3) {
            log.error("加载证书异常", e3);
            throw new AppException("E9000018", "加载证书异常");
        }
    }

    private String getSerialNumber(X509Certificate x509Certificate) {
        String str = null;
        if (x509Certificate != null) {
            byte[] byteArray = x509Certificate.getSerialNumber().toByteArray();
            if (byteArray.length > 0) {
                str = new String();
                for (byte b : byteArray) {
                    String hexString = Integer.toHexString(Byte.valueOf(b).intValue());
                    if (hexString.length() == 8) {
                        hexString = hexString.substring(6);
                    } else if (1 == hexString.length()) {
                        hexString = Util.REALSELLER_SHZ + hexString;
                    }
                    str = str + hexString + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR;
                }
            }
        }
        return str;
    }

    public static X509CRL loadX509CRL(String str) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        FileInputStream fileInputStream = new FileInputStream(str);
        X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(fileInputStream);
        fileInputStream.close();
        return x509crl;
    }

    private boolean verifyCert(X509Certificate x509Certificate) {
        if (this.cfcaRoot == null) {
            log.warn("未配置跟证书，默认不验证证书的签名");
            return true;
        }
        try {
            x509Certificate.verify(this.cfcaRoot.getPublicKey());
            return true;
        } catch (Exception e) {
            log.error("证书验签异常", e);
            return false;
        }
    }

    public byte[] decryptRSA(byte[] bArr, boolean z, String str) throws Exception {
        byte[] decodeBase64 = z ? Base64.decodeBase64(new String(bArr, str)) : bArr;
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        int i = 2048 / 8;
        int i2 = 256 - 11;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((decodeBase64.length / i) * 245);
        cipher.init(2, this.localPrivKey);
        for (int i3 = 0; i3 < decodeBase64.length; i3 += 256) {
            int length = decodeBase64.length - i3;
            if (length > i) {
                length = i;
            }
            byteArrayOutputStream.write(cipher.doFinal(decodeBase64, i3, length));
        }
        byteArrayOutputStream.flush();
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] encryptRSA(byte[] bArr, boolean z, String str) throws Exception {
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        int i = 2048 / 8;
        int i2 = 256 - 11;
        int length = bArr.length / i2;
        if (bArr.length % i2 != 0) {
            length++;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length * 256);
        cipher.init(1, this.peerPubKey);
        for (int i3 = 0; i3 < bArr.length; i3 += 245) {
            int length2 = bArr.length - i3;
            if (length2 > i2) {
                length2 = i2;
            }
            byteArrayOutputStream.write(cipher.doFinal(bArr, i3, length2));
        }
        return z ? Base64.encodeBase64String(byteArrayOutputStream.toByteArray()).getBytes(str) : byteArrayOutputStream.toByteArray();
    }

    public PrivateKey getLocalPrivKey() {
        return this.localPrivKey;
    }

    public PublicKey getPeerPubKey() {
        return this.peerPubKey;
    }

    public RSAPrivateKey getPrivateKey(InputStream inputStream) throws Exception {
        if (inputStream == null) {
            return null;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        try {
            try {
                try {
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        if (readLine.charAt(0) != '-') {
                            sb.append(readLine);
                            sb.append('\r');
                        }
                    }
                    RSAPrivateKey privateKey = getPrivateKey(sb.toString());
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream == null) {
                        return privateKey;
                    }
                    try {
                        inputStream.close();
                        return privateKey;
                    } catch (Exception e2) {
                        throw new Exception("关闭输入流出错");
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e3) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Exception e4) {
                            throw new Exception("关闭输入流出错");
                        }
                    }
                    throw th;
                }
            } catch (NullPointerException e5) {
                throw new Exception("私钥输入流为空");
            }
        } catch (IOException e6) {
            throw new Exception("私钥数据读取错误");
        }
    }

    public RSAPrivateKey getPrivateKey(String str) throws Exception {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64Util.decode(str.getBytes())));
        } catch (NullPointerException e) {
            throw new Exception("私钥数据为空");
        } catch (NoSuchAlgorithmException e2) {
            throw new Exception("无此算法");
        } catch (InvalidKeySpecException e3) {
            throw new Exception("私钥非法");
        }
    }

    public RSAPrivateKey getPrivateKeyByBC(InputStream inputStream) throws Exception {
        if (inputStream == null) {
            return null;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        try {
            try {
                try {
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        if (readLine.charAt(0) != '-') {
                            sb.append(readLine);
                            sb.append('\r');
                        }
                    }
                    RSAPrivateKey privateKeyByBC = getPrivateKeyByBC(sb.toString());
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream == null) {
                        return privateKeyByBC;
                    }
                    try {
                        inputStream.close();
                        return privateKeyByBC;
                    } catch (Exception e2) {
                        throw new Exception("关闭输入流出错");
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e3) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Exception e4) {
                            throw new Exception("关闭输入流出错");
                        }
                    }
                    throw th;
                }
            } catch (NullPointerException e5) {
                throw new Exception("私钥输入流为空");
            }
        } catch (IOException e6) {
            throw new Exception("私钥数据读取错误");
        }
    }

    public RSAPrivateKey getPrivateKeyByBC(String str) throws Exception {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(KEY_ALGORITHM, (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(Base64Util.decode(str.getBytes())));
        } catch (NullPointerException e) {
            throw new Exception("私钥数据为空");
        } catch (NoSuchAlgorithmException e2) {
            throw new Exception("无此算法");
        } catch (InvalidKeySpecException e3) {
            throw new Exception("私钥非法");
        }
    }

    public RSAPublicKey getPublicKey(InputStream inputStream) throws Exception {
        if (inputStream == null) {
            return null;
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        try {
            try {
                try {
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        if (readLine.charAt(0) != '-') {
                            sb.append(readLine);
                            sb.append('\r');
                        }
                    }
                    RSAPublicKey publicKey = getPublicKey(sb.toString());
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream == null) {
                        return publicKey;
                    }
                    try {
                        inputStream.close();
                        return publicKey;
                    } catch (Exception e2) {
                        throw new Exception("关闭输入流出错");
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Exception e3) {
                            throw new Exception("关闭输入缓存流出错");
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Exception e4) {
                            throw new Exception("关闭输入流出错");
                        }
                    }
                    throw th;
                }
            } catch (NullPointerException e5) {
                throw new Exception("公钥输入流为空");
            }
        } catch (IOException e6) {
            throw new Exception("公钥数据流读取错误");
        }
    }

    public RSAPublicKey getPublicKey(String str) throws Exception {
        try {
            return (RSAPublicKey) KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64Util.decode(str.getBytes())));
        } catch (NullPointerException e) {
            throw new Exception("公钥数据为空");
        } catch (NoSuchAlgorithmException e2) {
            throw new Exception("无此算法");
        } catch (InvalidKeySpecException e3) {
            throw new Exception("公钥非法");
        }
    }

    public RSAPublicKey getPublicKeyFromX509(InputStream inputStream) {
        try {
            return (RSAPublicKey) CertificateFactory.getInstance("X.509").generateCertificate(inputStream).getPublicKey();
        } catch (Exception e) {
            e.printStackTrace();
            throw new AppException("E9000018", "加载公钥异常");
        }
    }

    public RSAPublicKey getPublicKeyFromX509(String str, X509CRL x509crl) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
            log.info("开始校验证书有效期");
            x509Certificate.checkValidity();
            log.info("证书有效期检查OK！");
            if (x509crl != null) {
                log.info("开始检查证书是否在CFCA证书吊销列表中");
                if (checkIsInCRL(x509Certificate, x509crl)) {
                    log.error("证书在CFCA证书吊销列表中，是有效的证书");
                    throw new AppException("E9000018", "证书在CFCA证书吊销列表中");
                }
                log.info("证书不在CFCA证书吊销列表中，是有效的证书");
            }
            log.info("开始对证书验签！");
            if (verifyCert(x509Certificate)) {
                log.info("对证书验签OK！");
                return (RSAPublicKey) x509Certificate.getPublicKey();
            }
            log.info("对证书验签失败，是无效证书");
            throw new AppException("E9000018", "证书验签失败，是无效证书");
        } catch (CertificateExpiredException e) {
            log.error("证书已经失效", e);
            throw new AppException("E9000018", "证书已经失效");
        } catch (CertificateNotYetValidException e2) {
            log.error("当前时间不在证书有效期内", e2);
            throw new AppException("E9000018", "证书已经失效");
        } catch (Exception e3) {
            log.error("加载公钥异常", e3);
            throw new AppException("E9000018", "加载公钥异常");
        }
    }

    public void initKey(String str, String str2, int i) throws Exception {
        try {
            this.localPrivKey = getPrivateKey(str);
            this.peerPubKey = getPublicKey(str2);
        } catch (InvalidKeySpecException e) {
            log.error("加载RSA密钥异常", e);
            throw new AppException("E9000018", "RSA密钥异常");
        }
    }

    public void initKey(String str, String str2, String str3, X509Certificate x509Certificate, X509CRL x509crl) {
        try {
            this.cfcaRoot = x509Certificate;
            this.localPrivKey = getPrivateKey(StringUtil.hexStringToBytes(str), str2, x509crl);
            this.peerPubKey = getPublicKeyFromX509(str3, x509crl);
        } catch (Exception e) {
            log.error("加载RSA密钥异常", e);
            throw new AppException("E9000018", "RSA密钥异常");
        }
    }

    public void initKey(PrivateKey privateKey, PublicKey publicKey) {
        this.localPrivKey = privateKey;
        this.peerPubKey = publicKey;
    }

    public byte[] signRSA(byte[] bArr, boolean z, String str) throws Exception {
        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
        signature.initSign(this.localPrivKey);
        signature.update(bArr);
        return z ? Base64.encodeBase64String(signature.sign()).getBytes(str) : signature.sign();
    }

    public byte[] signRSA(byte[] bArr, boolean z, String str, String str2) throws Exception {
        String str3 = SIGNATURE_ALGORITHM;
        if (!StringUtil.isEmpty(str2)) {
            str3 = str2;
        }
        Signature signature = Signature.getInstance(str3);
        signature.initSign(this.localPrivKey);
        signature.update(bArr);
        return z ? Base64.encodeBase64String(signature.sign()).getBytes(str) : signature.sign();
    }

    public byte[] signRSAbyPub(byte[] bArr, boolean z, String str) throws Exception {
        Cipher cipher = Cipher.getInstance(SIGNATURE_ALGORITHM);
        cipher.init(1, this.peerPubKey);
        byte[] doFinal = cipher.doFinal(bArr);
        return z ? Base64.encodeBase64String(doFinal).getBytes(str) : doFinal;
    }

    public byte[] signRSAbyPub(byte[] bArr, boolean z, String str, String str2) throws Exception {
        String str3 = SIGNATURE_ALGORITHM;
        if (!StringUtil.isEmpty(str2)) {
            str3 = str2;
        }
        Cipher cipher = Cipher.getInstance(str3);
        cipher.init(1, this.peerPubKey);
        byte[] doFinal = cipher.doFinal(bArr);
        return z ? Base64.encodeBase64String(doFinal).getBytes(str) : doFinal;
    }

    public boolean verifyRSA(byte[] bArr, byte[] bArr2, boolean z, String str) throws Exception {
        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
        signature.initVerify(this.peerPubKey);
        signature.update(bArr);
        return z ? signature.verify(Base64.decodeBase64(new String(bArr2, str))) : signature.verify(bArr2);
    }
}
