package kd.ebg.aqap.formplugin.util;

import cfca.sadk.x509.certificate.X509Cert;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.text.SimpleDateFormat;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Base64;
import java.util.Date;
import java.util.Enumeration;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import kd.bos.cache.tempfile.TempFileCacheDownloadable;
import kd.ebg.aqap.common.model.CertInfo;
import kd.ebg.aqap.formplugin.exception.EBBizException;
import kd.ebg.egf.common.log.EBGLogger;
import kd.ebg.egf.common.model.tenant.TenantAuth;
import kd.ebg.egf.common.utils.DTFactoryUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:kd/ebg/aqap/formplugin/util/CertUtil.class */
public class CertUtil {
    private static final EBGLogger logger = EBGLogger.getInstance().getLogger(CertUtil.class);

    public static TenantAuth parse(InputStream inputStream) {
        TenantAuth tenantAuth = new TenantAuth();
        try {
            try {
                X509Certificate x509Certificate = X509Certificate.getInstance(inputStream);
                tenantAuth.setPublicKey(Base64.getEncoder().encodeToString(x509Certificate.getPublicKey().getEncoded()));
                setTenantAuthInfo(tenantAuth, x509Certificate);
                return tenantAuth;
            } catch (CertificateException e) {
                throw new EBBizException(e);
            }
        } finally {
            try {
                inputStream.close();
            } catch (IOException e2) {
            }
        }
    }

    public static void setTenantAuthInfo(TenantAuth tenantAuth, X509Certificate x509Certificate) {
        for (String str : x509Certificate.getSubjectDN().getName().split(",")) {
            String[] split = str.split("=");
            String trim = split[0].trim();
            String trim2 = split[1].trim();
            if ("CN".equalsIgnoreCase(trim)) {
                tenantAuth.setCommonName(trim2);
                tenantAuth.setCertificateName(trim2);
            }
            if ("O".equalsIgnoreCase(trim)) {
                tenantAuth.setOrganization(trim2);
            }
        }
        tenantAuth.setExpireTime(DTFactoryUtil.parseDateTime(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date(x509Certificate.getNotAfter().getTime()))));
    }

    public static CertInfo getCertExpireTimeInfo(InputStream inputStream, String str, String str2, String str3) {
        return StringUtil.isNullOrEmpty(str) ? ("ALIPAY_CMP".equals(str3) || "ZSB_OPA".equalsIgnoreCase(str3)) ? getPublicKeyInfoV2(inputStream, str2, str3) : getPublicKeyInfo(inputStream, str2, str3) : getPrivateKeyInfo(inputStream, str, str2, str3);
    }

    public static CertInfo getPrivateKeyInfo(InputStream inputStream, String str, String str2, String str3) {
        CertInfo certInfo = null;
        String str4 = null;
        try {
            KeyStore keyStore = KeyStore.getInstance((str2.endsWith(".jks") || str2.endsWith(".keystore")) ? "JKS" : "PKCS12");
            keyStore.load(inputStream, StringUtil.isNullOrEmpty(str) ? null : str.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            if (aliases.hasMoreElements()) {
                str4 = aliases.nextElement();
            }
            LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochMilli(X509Certificate.getInstance(keyStore.getCertificate(str4).getEncoded()).getNotAfter().getTime()), ZoneId.systemDefault());
            certInfo = new CertInfo();
            certInfo.setCertPassword(str);
            certInfo.setExpireTime(ofInstant);
            if ("GDB_OPA".equals(str3) && str2.endsWith(".pfx")) {
                certInfo.setFileContent(Base64.getEncoder().encodeToString(keyStore.getKey(str4, str.toCharArray()).getEncoded()));
            }
        } catch (Exception e) {
            logger.error("证书解析失败:{}", new Object[]{e.getMessage()});
        }
        return certInfo;
    }

    public static CertInfo getPublicKeyInfo(InputStream inputStream, String str, String str2) {
        CertInfo certInfo = null;
        try {
            X509Certificate x509Certificate = X509Certificate.getInstance(inputStream);
            LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochMilli(x509Certificate.getNotAfter().getTime()), ZoneId.systemDefault());
            certInfo = new CertInfo();
            certInfo.setExpireTime(ofInstant);
            if ("GDB_OPA".equals(str2) && str.endsWith(".cer")) {
                certInfo.setFileContent(Base64.getEncoder().encodeToString(x509Certificate.getPublicKey().getEncoded()));
            }
        } catch (Exception e) {
            logger.error("证书解析失败:{}", new Object[]{e.getMessage()});
        }
        return certInfo;
    }

    public static CertInfo getPublicKeyInfoV2(InputStream inputStream, String str, String str2) {
        CertInfo certInfo = null;
        try {
            Security.addProvider(new BouncyCastleProvider());
            java.security.cert.X509Certificate x509Certificate = (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inputStream);
            LocalDateTime ofInstant = LocalDateTime.ofInstant(Instant.ofEpochMilli(x509Certificate.getNotAfter().getTime()), ZoneId.systemDefault());
            certInfo = new CertInfo();
            certInfo.setExpireTime(ofInstant);
            if ("GDB_OPA".equals(str2) && str.endsWith(".cer")) {
                certInfo.setFileContent(Base64.getEncoder().encodeToString(x509Certificate.getPublicKey().getEncoded()));
            }
        } catch (Exception e) {
            logger.error("证书解析失败:{}", new Object[]{e.getMessage()});
        }
        return certInfo;
    }

    public static CertInfo getPublicKeyInfo4CMbc(InputStream inputStream) {
        CertInfo certInfo = new CertInfo();
        try {
            certInfo.setExpireTime(LocalDateTime.ofInstant(Instant.ofEpochMilli(new X509Cert(inputStream).getNotAfter().getTime()), ZoneId.systemDefault()));
        } catch (Exception e) {
            logger.error("证书解析失败:{}", new Object[]{e.getMessage()});
        }
        return certInfo;
    }

    public static CertInfo getKeyInfoicbc(InputStream inputStream, TempFileCacheDownloadable.Content content, String str) {
        CertInfo certInfo = new CertInfo();
        try {
            certInfo.setExpireTime(LocalDateTime.of(2099, 12, 30, 23, 59, 59));
            if (kd.bos.dataentity.utils.StringUtils.isNotEmpty(str)) {
                certInfo.setCertPassword(str);
            }
            DataInputStream dataInputStream = new DataInputStream(inputStream);
            byte[] bArr = new byte[content.getLength()];
            dataInputStream.read(bArr);
            certInfo.setFileContent(new String(com.icbc.bcprov.org.bouncycastle.util.encoders.Base64.encode(bArr)));
        } catch (Exception e) {
            logger.error("证书解析失败:{}", new Object[]{e.getMessage()});
        }
        return certInfo;
    }
}
