package com.tencent.kona.pkix;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.crypto.spec.RFC5915EncodedKeySpec;
import com.tencent.kona.sun.security.util.DerInputStream;
import com.tencent.kona.sun.security.util.KnownOIDs;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Set;

/* loaded from: input_file:com/tencent/kona/pkix/PKIXUtils.class */
public class PKIXUtils {
    private static final String PRIVATE_KEY_BEGIN = "-----BEGIN PRIVATE KEY-----";
    private static final String PRIVATE_KEY_END = "-----END PRIVATE KEY-----";
    private static final String EC_PARAMS_BEGIN = "-----BEGIN EC PARAMETERS-----";
    private static final String EC_PARAMS_END = "-----END EC PARAMETERS-----";
    private static final String RFC5915_KEY_BEGIN = "-----BEGIN EC PRIVATE KEY-----";
    private static final String RFC5915_KEY_END = "-----END EC PRIVATE KEY-----";
    private static final String PUBLIC_KEY_BEGIN = "-----BEGIN PUBLIC KEY-----";
    private static final String PUBLIC_KEY_END = "-----END PUBLIC KEY-----";

    public static boolean isSM3withSM2(String str) {
        return "SM3withSM2".equalsIgnoreCase(str) || "sm2sig_sm3".equalsIgnoreCase(str);
    }

    public static String getNamedCurveId(String str) throws IOException {
        return new DerInputStream(Base64.getMimeDecoder().decode(str.replace(EC_PARAMS_BEGIN, "").replace(EC_PARAMS_END, ""))).getOID().toString();
    }

    public static PrivateKey getPrivateKey(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return CryptoInsts.getKeyFactory(str).generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(str2.replace(PRIVATE_KEY_BEGIN, "").replace(PRIVATE_KEY_END, ""))));
    }

    public static PrivateKey getRFC5915PrivateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return CryptoInsts.getKeyFactory("EC").generatePrivate(new RFC5915EncodedKeySpec(Base64.getMimeDecoder().decode(str.replace(RFC5915_KEY_BEGIN, "").replace(RFC5915_KEY_END, ""))));
    }

    public static PublicKey getPublicKey(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return CryptoInsts.getKeyFactory(str).generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(str2.replace(PUBLIC_KEY_BEGIN, "").replace(PUBLIC_KEY_END, ""))));
    }

    public static PublicKey getPublicKey(Certificate certificate) throws InvalidKeyException {
        X509Certificate x509Certificate;
        Set<String> criticalExtensionOIDs;
        boolean[] keyUsage;
        if (!(certificate instanceof X509Certificate) || (criticalExtensionOIDs = (x509Certificate = (X509Certificate) certificate).getCriticalExtensionOIDs()) == null || criticalExtensionOIDs.isEmpty() || !criticalExtensionOIDs.contains("2.5.29.15") || (keyUsage = x509Certificate.getKeyUsage()) == null || keyUsage[0]) {
            return certificate.getPublicKey();
        }
        throw new InvalidKeyException("Wrong key usage");
    }

    public static PublicKey getPublicKey(String str) throws InvalidKeyException, CertificateException {
        return getPublicKey(getCertificate(str));
    }

    public static X509Certificate getCertificate(String str) throws CertificateException {
        return (X509Certificate) PKIXInsts.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
    }

    public static boolean isSMCert(X509Certificate x509Certificate) {
        if (x509Certificate.getPublicKey() instanceof ECPublicKey) {
            return KnownOIDs.curveSM2.value().equals(((ECPublicKey) x509Certificate.getPublicKey()).getParams().getObjectId()) && KnownOIDs.SM3withSM2.value().equals(x509Certificate.getSigAlgOID());
        }
        return false;
    }

    public static boolean isCA(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() != -1;
    }

    public static boolean isSignCert(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage == null || keyUsage[0];
    }

    public static boolean isEncCert(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage == null || keyUsage[2] || keyUsage[3] || keyUsage[4];
    }
}
