package com.star.security;

import com.star.collection.ArrayUtil;
import com.star.exception.pojo.ToolException;
import com.star.string.HexUtil;
import com.star.string.StringUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/star/security/CertificateUtil.class */
public final class CertificateUtil extends BaseSecureUtil {
    public static final String KEY_STORE = "JKS";
    public static final String X509 = "X.509";
    public static final String SUNX509 = "SunX509";
    public static final String SSL = "SSL";

    private CertificateUtil() {
    }

    private static PrivateKey getPrivateKey(String str, String str2, String str3) {
        try {
            return (PrivateKey) getKeyStore(str, str3).getKey(str2, str3.toCharArray());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new ToolException(StringUtil.format("get private from keystore failure,the reason is: {}", e.getMessage()), e);
        }
    }

    private static PublicKey getPublicKey(String str) {
        return getCertificate(str).getPublicKey();
    }

    private static Certificate getCertificate(String str) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
            FileInputStream fileInputStream = new FileInputStream(str);
            Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
            fileInputStream.close();
            return generateCertificate;
        } catch (IOException | CertificateException e) {
            throw new ToolException(StringUtil.format("get certificate failure,the reason is: {}", e.getMessage()), e);
        }
    }

    private static Certificate getCertificate(String str, String str2, String str3) {
        try {
            return getKeyStore(str, str3).getCertificate(str2);
        } catch (KeyStoreException e) {
            throw new ToolException(StringUtil.format("get certificate failure,the reason is: {}", e.getMessage()), e);
        }
    }

    private static KeyStore getKeyStore(String str, String str2) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new ToolException(StringUtil.format("get keystore failure,the reason is: {}", e.getMessage()), e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], java.lang.Object[]] */
    public static byte[] decrypt(byte[] bArr, String str, String str2, String str3, Boolean bool) {
        byte[] bArr2;
        if (ArrayUtil.isEmpty(new byte[]{bArr})) {
            bArr2 = new byte[0];
        } else {
            Key privateKey = bool.booleanValue() ? getPrivateKey(str, str2, str3) : getPublicKey(str);
            try {
                Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
                cipher.init(2, privateKey);
                bArr2 = cipher.doFinal(bArr);
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new ToolException(StringUtil.format("decrypt failure,the reason is: {}", e.getMessage()), e);
            }
        }
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], java.lang.Object[]] */
    public static byte[] encrypt(byte[] bArr, String str, String str2, String str3, Boolean bool) {
        byte[] bArr2;
        if (ArrayUtil.isEmpty(new byte[]{bArr})) {
            bArr2 = new byte[0];
        } else {
            Key privateKey = bool.booleanValue() ? getPrivateKey(str, str2, str3) : getPublicKey(str);
            try {
                Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
                cipher.init(1, privateKey);
                bArr2 = cipher.doFinal(bArr);
            } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                throw new ToolException(StringUtil.format("encrypt failure: {}", e.getMessage()), e);
            }
        }
        return bArr2;
    }

    public static boolean verifyCertificate(String str) {
        return verifyCertificate(new Date(), str);
    }

    public static boolean verifyCertificate(Date date, String str) {
        return verifyCertificate(date, (X509Certificate) getCertificate(str));
    }

    private static boolean verifyCertificate(Date date, X509Certificate x509Certificate) {
        boolean z = true;
        try {
            x509Certificate.checkValidity(date);
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            z = false;
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], java.lang.Object[]] */
    public static byte[] sign(byte[] bArr, String str, String str2, String str3) {
        byte[] bArr2;
        if (ArrayUtil.isEmpty(new byte[]{bArr})) {
            bArr2 = new byte[0];
        } else {
            X509Certificate x509Certificate = (X509Certificate) getCertificate(str, str2, str3);
            try {
                PrivateKey privateKey = (PrivateKey) getKeyStore(str, str3).getKey(str2, str3.toCharArray());
                Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
                signature.initSign(privateKey);
                signature.update(bArr);
                bArr2 = signature.sign();
            } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException e) {
                throw new ToolException(StringUtil.format("sign failure,the reason is: {}", e.getMessage()), e);
            }
        }
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], java.lang.Object[]] */
    public static boolean verify(byte[] bArr, String str, String str2) {
        Boolean bool;
        if (ArrayUtil.isEmpty(new byte[]{bArr})) {
            bool = false;
        } else {
            X509Certificate x509Certificate = (X509Certificate) getCertificate(str2);
            PublicKey publicKey = x509Certificate.getPublicKey();
            try {
                Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
                signature.initVerify(publicKey);
                signature.update(bArr);
                bool = Boolean.valueOf(signature.verify(HexUtil.hex2Byte(str)));
            } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                throw new ToolException(StringUtil.format("verify sign failure,the reason is: {}", e.getMessage()), e);
            }
        }
        return bool.booleanValue();
    }

    public static boolean verifyCertificate(Date date, String str, String str2, String str3) {
        return verifyCertificate(date, (X509Certificate) getCertificate(str, str2, str3));
    }

    public static boolean verifyCertificate(String str, String str2, String str3) {
        return verifyCertificate(new Date(), str, str2, str3);
    }

    public static SSLSocketFactory getSSLSocketFactory(String str, String str2, String str3) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SUNX509);
            keyManagerFactory.init(getKeyStore(str2, str), str.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SUNX509);
            trustManagerFactory.init(getKeyStore(str3, str));
            SSLContext sSLContext = SSLContext.getInstance(SSL);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new ToolException(StringUtil.format("get sslsokcetfactory failure,the reason is: {}", e.getMessage()), e);
        }
    }

    public static void configSSLSocketFactory(HttpsURLConnection httpsURLConnection, String str, String str2, String str3) {
        httpsURLConnection.setSSLSocketFactory(getSSLSocketFactory(str, str2, str3));
    }
}
