package com.wangyin.aks.security.api.util;

import com.wangyin.aks.security.api.model.CertDTO;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: input_file:com/wangyin/aks/security/api/util/CertUtil.class */
public class CertUtil {
    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2++) {
            if ((i & (1 << i2)) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    private static CertDTO getSigner(String str, byte[] bArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new ByteArrayInputStream(Base64.decode(new String(bArr))), str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        String str2 = null;
        if (aliases != null) {
            while (aliases.hasMoreElements()) {
                str2 = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                if (certificateChain != null && certificateChain.length != 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                    if (matchUsage(x509Certificate.getKeyUsage(), 1)) {
                        try {
                            x509Certificate.checkValidity();
                            break;
                        } catch (CertificateException e) {
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        if (str2 == null) {
            throw new GeneralSecurityException("None certificate for sign in this keystore");
        }
        X509Certificate[] x509CertificateArr = null;
        if (keyStore.isKeyEntry(str2)) {
            Certificate[] certificateChain2 = keyStore.getCertificateChain(str2);
            for (int i = 0; i < certificateChain2.length; i++) {
                if (!(certificateChain2[i] instanceof X509Certificate)) {
                    throw new GeneralSecurityException("Certificate[" + i + "] in chain '" + str2 + "' is not a X509Certificate.");
                }
            }
            x509CertificateArr = new X509Certificate[certificateChain2.length];
            for (int i2 = 0; i2 < certificateChain2.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateChain2[i2];
            }
        } else {
            if (!keyStore.isCertificateEntry(str2)) {
                throw new GeneralSecurityException(str2 + " is unknown to this keystore");
            }
            Certificate certificate = keyStore.getCertificate(str2);
            if (certificate instanceof X509Certificate) {
                x509CertificateArr = new X509Certificate[]{(X509Certificate) certificate};
            }
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, str.toCharArray());
        if (privateKey == null) {
            throw new GeneralSecurityException(str2 + " could not be accessed");
        }
        CertDTO certDTO = new CertDTO();
        certDTO.setPriKey(privateKey);
        certDTO.setCert(x509CertificateArr);
        return certDTO;
    }

    public static CertDTO getCertInfo(String str, String str2) {
        try {
            return getSigner(str, str2.getBytes());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getPublicCert(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        } catch (CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }
}
