package com.cht.kms.client.util;

import com.cht.kms.client.cms.PKCS7EnvelopedDataGenerator;
import com.cht.kms.client.cms.PKCS7EnvelopedDataParser;
import com.cht.kms.client.cms.PKCS7SignedDataParser;
import com.cht.kms.client.cms.PKCS7SignerInformation;
import com.cht.kms.client.io.Closer;
import com.cht.kms.client.openssl.PEMEncryptedKeyPair;
import com.cht.kms.client.openssl.PEMParser;
import com.cht.kms.client.openssl.bc.BcPEMDecryptorProvider;
import com.cht.kms.client.openssl.jcajce.JcaPEMKeyConverter;
import com.cht.kms.client.pkcs.PFXKeyStore;
import com.cht.kms.client.rest.KMSClient;
import com.cht.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import com.cht.org.jose4j.lang.StringUtil;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/cht/kms/client/util/CryptoUtil.class */
public class CryptoUtil {
    public static String hash(File file) throws IOException {
        Closer create = Closer.create();
        try {
            try {
                String sha256HashtoBase64String = DigestUtil.sha256HashtoBase64String((InputStream) create.register(openBufferedInputStream(file)));
                create.close();
                return sha256HashtoBase64String;
            } catch (Throwable th) {
                throw create.rethrow(th);
            }
        } catch (Throwable th2) {
            create.close();
            throw th2;
        }
    }

    public static void encrypt(String str, SecretKey secretKey, File file, File file2) throws IOException {
        Closer create = Closer.create();
        try {
            try {
                InputStream inputStream = (InputStream) create.register(openBufferedInputStream(file));
                OutputStream outputStream = (OutputStream) create.register(openBufferedOutputStream(file2));
                PKCS7EnvelopedDataGenerator pKCS7EnvelopedDataGenerator = new PKCS7EnvelopedDataGenerator();
                pKCS7EnvelopedDataGenerator.addKEKRecipient(str.getBytes(StringUtil.UTF_8), secretKey);
                write(inputStream, (OutputStream) create.register(pKCS7EnvelopedDataGenerator.open(outputStream, PKCS7EnvelopedDataGenerator.AES256_CBC)));
                create.close();
            } catch (Throwable th) {
                throw create.rethrow(th);
            }
        } catch (Throwable th2) {
            create.close();
            throw th2;
        }
    }

    public static void encrypt(KeyStore keyStore, char[] cArr, File file, File file2) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, IOException {
        String latestCreationKeyFromStore = getLatestCreationKeyFromStore(keyStore, cArr);
        encrypt(latestCreationKeyFromStore, (SecretKey) keyStore.getKey(latestCreationKeyFromStore, cArr), file, file2);
    }

    public static void decrypt(KeyStore keyStore, char[] cArr, File file, File file2) throws IOException {
        RuntimeException rethrow;
        Closer create = Closer.create();
        try {
            try {
                write((InputStream) create.register(new PKCS7EnvelopedDataParser(keyStore, cArr, file).getRecipientInfo().getContentStream()), (OutputStream) create.register(openBufferedOutputStream(file2)));
                create.close();
            } finally {
            }
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    public static File sign(String str, String str2, String str3, String str4, String str5, File file) throws IOException {
        return sign(new KMSClient(str, str2, str3), str4, str5, file);
    }

    public static File sign(KMSClient kMSClient, String str, String str2, File file) throws IOException {
        RuntimeException rethrow;
        File file2;
        Closer create = Closer.create();
        try {
            try {
                String str3 = (String) kMSClient.sign(str, hash(file), str2, "").get("signature");
                String fileExtension = getFileExtension(file.getAbsolutePath());
                if (fileExtension == null) {
                    file2 = new File(file.getAbsolutePath() + ".p7b");
                } else {
                    file2 = "p7b".equalsIgnoreCase(fileExtension) ? new File(file.getAbsolutePath() + ".p7b") : new File(file.getAbsolutePath().substring(0, file.getAbsolutePath().lastIndexOf(46)) + ".p7b");
                }
                write((InputStream) create.register(new ByteArrayInputStream(str3.getBytes(StringUtil.UTF_8))), (OutputStream) create.register(openBufferedOutputStream(file2)));
                File file3 = file2;
                create.close();
                return file3;
            } finally {
            }
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    public static PKCS7SignerInformation verify(CertStore certStore, File file, File file2) throws IOException {
        RuntimeException rethrow;
        Closer create = Closer.create();
        byte[] bArr = null;
        if (file != null) {
            try {
                try {
                    bArr = DigestUtil.digest(PKCS7SignedDataParser.parse(certStore, file2).getDigestAlgName(), (InputStream) create.register(openBufferedInputStream(file)));
                } finally {
                }
            } catch (Throwable th) {
                create.close();
                throw th;
            }
        }
        PKCS7SignerInformation signerInfo = new PKCS7SignedDataParser(certStore, bArr, file2).getSignerInfo();
        signerInfo.verify();
        create.close();
        return signerInfo;
    }

    public static String getLatestCreationKeyFromStore(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        String str = null;
        Date date = new Date(1L);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement) && (keyStore.getKey(nextElement, cArr) instanceof SecretKey)) {
                Date creationDate = keyStore.getCreationDate(nextElement);
                if (creationDate.after(date)) {
                    str = nextElement;
                    date = creationDate;
                }
            }
        }
        return str;
    }

    public static InputStream openBufferedInputStream(File file) throws IOException {
        InputStream fileInputStream = new FileInputStream(file);
        return fileInputStream instanceof BufferedInputStream ? (BufferedInputStream) fileInputStream : new BufferedInputStream(fileInputStream);
    }

    public static OutputStream openBufferedOutputStream(File file) throws IOException {
        OutputStream fileOutputStream = new FileOutputStream(file);
        return fileOutputStream instanceof BufferedOutputStream ? (BufferedOutputStream) fileOutputStream : new BufferedOutputStream(fileOutputStream);
    }

    public static String read(File file, String str) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), str));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine).append("\n");
            }
            String sb2 = sb.toString();
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            return sb2;
        } catch (Throwable th) {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    public static void write(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[8192];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    private static String getFileExtension(String str) {
        String name = new File(str).getName();
        int lastIndexOf = name.lastIndexOf(46);
        if (lastIndexOf == -1) {
            return null;
        }
        return name.substring(lastIndexOf + 1);
    }

    public static Key loadKeyFromFile(File file, char[] cArr) throws IOException {
        PEMParser pEMParser = null;
        try {
            PEMParser pEMParser2 = new PEMParser(new FileReader(file));
            Key publicKey = cArr == null ? new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) pEMParser2.readObject()) : new JcaPEMKeyConverter().getKeyPair(((PEMEncryptedKeyPair) pEMParser2.readObject()).decryptKeyPair(new BcPEMDecryptorProvider(cArr))).getPrivate();
            if (pEMParser2 != null) {
                pEMParser2.close();
            }
            return publicKey;
        } catch (Throwable th) {
            if (0 != 0) {
                pEMParser.close();
            }
            throw th;
        }
    }

    public static KeyStore loadKeyStoreFromFile(File file, char[] cArr, String str) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            fileInputStream = new FileInputStream(file);
            keyStore.load(fileInputStream, cArr);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static CertStore getCertificatesFromStore(File file, char[] cArr, String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, InvalidAlgorithmParameterException {
        KeyStore loadKeyStoreFromFile = loadKeyStoreFromFile(file, cArr, str);
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = loadKeyStoreFromFile.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (loadKeyStoreFromFile.isCertificateEntry(nextElement)) {
                arrayList.add(loadKeyStoreFromFile.getCertificate(nextElement));
            }
        }
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList));
    }

    public static X509Certificate generateCertificateFromFile(File file) throws IOException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static void generateCertificateSigningRequest(KMSClient kMSClient, String str, File file) throws IOException {
        RuntimeException rethrow;
        Closer create = Closer.create();
        try {
            try {
                write((InputStream) create.register(new ByteArrayInputStream(((String) kMSClient.generateCertificateSigningRequest(str).get("csr")).getBytes(StringUtil.UTF_8))), (OutputStream) create.register(openBufferedOutputStream(file)));
                create.close();
            } finally {
            }
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    public static void generateCertificateSigningRequest(File file, char[] cArr, File file2) throws IOException {
        RuntimeException rethrow;
        Closer create = Closer.create();
        try {
            try {
                write((InputStream) create.register(new ByteArrayInputStream(PFXKeyStore.load(file.getAbsolutePath(), cArr).generateCertreq(cArr).getBytes(StringUtil.UTF_8))), (OutputStream) create.register(openBufferedOutputStream(file2)));
                create.close();
            } finally {
            }
        } catch (Throwable th) {
            create.close();
            throw th;
        }
    }

    public static X509Certificate loadCertificateFromFile(String str) throws IOException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static String encrypt(String str, String str2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec((str2 == null || "".equals(str2)) ? new byte[]{-47, -21, 20, 90, -70, -117, -13, -47, -57, -27} : str2.getBytes(StringUtil.UTF_8), "Blowfish");
        Cipher cipher = Cipher.getInstance("Blowfish");
        cipher.init(1, secretKeySpec);
        return new BigInteger(cipher.doFinal(str.getBytes(StringUtil.UTF_8))).toString(16);
    }

    public static String decrypt(String str, String str2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec((str2 == null || "".equals(str2)) ? new byte[]{-47, -21, 20, 90, -70, -117, -13, -47, -57, -27} : str2.getBytes(StringUtil.UTF_8), "Blowfish");
        byte[] byteArray = new BigInteger(str, 16).toByteArray();
        Cipher cipher = Cipher.getInstance("Blowfish");
        cipher.init(2, secretKeySpec);
        return new String(cipher.doFinal(byteArray), StringUtil.UTF_8);
    }
}
