package cn.paypalm.merchant;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Vector;
import javax.crypto.Cipher;

/* loaded from: input_file:cn/paypalm/merchant/PPCACert.class */
public class PPCACert {
    public static final String CSP_NAME_BC = "BC";
    public static final String CIPHER_ALGORITHM = "RSA/NONE/PKCS1Padding";
    private static final String ROOT_CA_CERT = "DemoCA.pem";
    private static final String OCSP_SERVER_CERT = "OCSPServer.pem";

    public static KeyStore getKeyStoreByPath(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        FileInputStream fileInputStream = new FileInputStream(str);
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    public static KeyStore getKeyStoreByStr(String str, String str2) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(PPCrypto.base64StrDecode(str));
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(byteArrayInputStream, str2.toCharArray());
        byteArrayInputStream.close();
        return keyStore;
    }

    public static KeyStore getKeyStoreJksByPath(String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(str);
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    public static KeyStore getKeyStoreJksByStr(String str, String str2) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(PPCrypto.base64StrDecode(str));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(byteArrayInputStream, str2.toCharArray());
        byteArrayInputStream.close();
        return keyStore;
    }

    public static byte[] getCertificateDerByPath(String str) throws Exception {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
        byte[] bArr = new byte[1024];
        while (true) {
            int read = bufferedInputStream.read(bArr);
            if (read == -1) {
                bufferedInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public static String getCertificateB64ByPath(String str) throws Exception {
        return new String(PPCrypto.base64EncodeStr(getCertificateDerByPath(str)));
    }

    public static Certificate getCertificateByStr(String str) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(PPCrypto.base64StrDecode(str));
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return generateCertificate;
    }

    public static Certificate getCertificateByPath(String str) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(str);
        Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        return generateCertificate;
    }

    private static X509Certificate getCertFromFile(String str) {
        File file;
        X509Certificate x509Certificate = null;
        try {
            file = new File(str);
        } catch (Exception e) {
            System.out.println("Can't construct X509 Certificate. " + e.getMessage());
        }
        if (!file.canRead()) {
            throw new IOException(" File " + file.toString() + " is unreadable");
        }
        x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(str));
        return x509Certificate;
    }

    public static Certificate getCertificateByStore(String str, String str2, String str3) throws Exception {
        return getKeyStoreByPath(str, str3).getCertificate(str2);
    }

    public static PublicKey getPublicKeyByCertificate(String str) throws Exception {
        return getCertificateByPath(str).getPublicKey();
    }

    public static PrivateKey getPrivateKeyByStore(String str, String str2, String str3) throws Exception {
        return (PrivateKey) getKeyStoreByPath(str, str3).getKey(str2, str3.toCharArray());
    }

    public static PrivateKey getPrivateKeyByStore(KeyStore keyStore, String str) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        PrivateKey privateKey = null;
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                privateKey = (PrivateKey) keyStore.getKey(nextElement, str.toCharArray());
                break;
            }
        }
        return privateKey;
    }

    public static byte[] encryptByPrivateKey(byte[] bArr, String str, String str2, String str3) throws Exception {
        PrivateKey privateKeyByStore = getPrivateKeyByStore(str, str2, str3);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(1, privateKeyByStore);
        return cipher.doFinal(bArr);
    }

    public static byte[] decryptByPrivateKey(byte[] bArr, String str, String str2, String str3) throws Exception {
        PrivateKey privateKeyByStore = getPrivateKeyByStore(str, str3, str2);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(2, privateKeyByStore);
        return cipher.doFinal(bArr);
    }

    public static byte[] decryptByPrivateKey(byte[] bArr, PrivateKey privateKey) throws Exception {
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }

    public static byte[] encryptByPublicKey(byte[] bArr, String str) throws Exception {
        PublicKey publicKeyByCertificate = getPublicKeyByCertificate(str);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(1, publicKeyByCertificate);
        return cipher.doFinal(bArr);
    }

    public static byte[] encryptByCertificate(byte[] bArr, Certificate certificate) throws Exception {
        PublicKey publicKey = certificate.getPublicKey();
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    public static byte[] encryptByCertificate(byte[] bArr, String str) throws Exception {
        PublicKey publicKeyByCertificate = getPublicKeyByCertificate(str);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(2, publicKeyByCertificate);
        return cipher.doFinal(bArr);
    }

    public static byte[] encryptByPublicKey(byte[] bArr, Certificate certificate) throws Exception {
        PublicKey publicKey = certificate.getPublicKey();
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    public static byte[] decryptByPublicKey(byte[] bArr, String str) throws Exception {
        PublicKey publicKeyByCertificate = getPublicKeyByCertificate(str);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM, "BC");
        cipher.init(2, publicKeyByCertificate);
        return cipher.doFinal(bArr);
    }

    public static byte[] sign(byte[] bArr, String str, String str2, String str3) throws Exception {
        Signature signature = Signature.getInstance(((X509Certificate) getCertificateByStore(str, str2, str3)).getSigAlgName());
        signature.initSign(getPrivateKeyByStore(str, str2, str3));
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, String str) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) getCertificateByPath(str);
        Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
        signature.initVerify(x509Certificate);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static void ValidateCertUseCRL(String str, String str2) {
        try {
            Vector vector = new Vector();
            URL url = null;
            vector.add(getCertFromFile(str));
            if (str2.length() > 0) {
                url = new URL(str2);
                System.out.println("Using the CRL at: " + str2);
                System.out.println("to check the revocation status of: " + vector.elementAt(0));
                System.out.println();
            } else {
                System.out.println("Using the CRL specified in the cert to check the revocation status of: " + vector.elementAt(0));
                System.out.println();
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            CertPath generateCertPath = certificateFactory.generateCertPath(vector);
            TrustAnchor trustAnchor = new TrustAnchor(getCertFromFile(ROOT_CA_CERT), null);
            HashSet hashSet = new HashSet();
            hashSet.add(trustAnchor);
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            if (url != null) {
                URLConnection openConnection = url.openConnection();
                openConnection.setDoInput(true);
                openConnection.setUseCaches(false);
                DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
                X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(dataInputStream);
                dataInputStream.close();
                pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(x509crl))));
            }
            X509Certificate trustedCert = ((PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert();
            if (trustedCert == null) {
                System.out.println("Trusted Cert = NULL");
            } else {
                System.out.println("Trusted CA DN = " + trustedCert.getSubjectDN());
            }
        } catch (CertPathValidatorException e) {
            e.printStackTrace();
            System.exit(1);
        } catch (Exception e2) {
            e2.printStackTrace();
            System.exit(-1);
        }
        System.out.println("CERTIFICATE VALIDATION SUCCEEDED");
        System.exit(0);
    }

    public static void ValidateCertUseOCSP(String[] strArr) {
        try {
            Vector vector = new Vector();
            URI uri = null;
            if (strArr.length == 0 || strArr.length > 2) {
                System.out.println("Usage: java ValidateCert <cert-file> [<OCSP-server>]");
                System.exit(-1);
            }
            vector.add(getCertFromFile(strArr[0]));
            if (strArr.length == 2) {
                uri = new URI(strArr[1]);
                System.out.println("Using the OCSP server at: " + strArr[1]);
                System.out.println("to check the revocation status of: " + vector.elementAt(0));
                System.out.println();
            } else {
                System.out.println("Using the OCSP server specified in the cert to check the revocation status of: " + vector.elementAt(0));
                System.out.println();
            }
            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(vector);
            TrustAnchor trustAnchor = new TrustAnchor(getCertFromFile(ROOT_CA_CERT), null);
            HashSet hashSet = new HashSet();
            hashSet.add(trustAnchor);
            HashSet hashSet2 = new HashSet();
            X509Certificate certFromFile = getCertFromFile(OCSP_SERVER_CERT);
            hashSet2.add(certFromFile);
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.addCertStore(certStore);
            Security.setProperty("ocsp.enable", "true");
            if (uri != null) {
                Security.setProperty("ocsp.responderURL", strArr[1]);
                Security.setProperty("ocsp.responderCertSubjectName", certFromFile.getSubjectX500Principal().getName());
            }
            X509Certificate trustedCert = ((PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert();
            if (trustedCert == null) {
                System.out.println("Trsuted Cert = NULL");
            } else {
                System.out.println("Trusted CA DN = " + trustedCert.getSubjectDN());
            }
        } catch (CertPathValidatorException e) {
            e.printStackTrace();
            System.exit(1);
        } catch (Exception e2) {
            e2.printStackTrace();
            System.exit(-1);
        }
        System.out.println("CERTIFICATE VALIDATION SUCCEEDED");
        System.exit(0);
    }

    public static void main(String[] strArr) throws Exception {
    }
}
