package com.huawei.wienerchain.security;

import com.huawei.wienerchain.exception.ConfigException;
import com.huawei.wienerchain.exception.CryptoException;
import io.grpc.netty.GrpcSslContexts;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.SSLException;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/huawei/wienerchain/security/CryptoX509.class */
public abstract class CryptoX509 implements Crypto {
    private PrivateKey privateKey;
    private byte[] priKey;
    private byte[] cert;
    private CertificateFactory certificateFactory;

    @Override // com.huawei.wienerchain.security.Crypto
    public void loadPrivateKey(byte[] bArr) throws CryptoException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            this.priKey = bArr;
            this.privateKey = KeyFactory.getInstance("ECDSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(new String(bArr).replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\r", "").replaceAll("\n", ""))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new CryptoException("load private key error", e);
        }
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public void loadPublicKey(byte[] bArr) {
        this.cert = bArr;
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public byte[] getCertificate() {
        return this.cert;
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public byte[] getHash(byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.update(bArr, 0, bArr.length);
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    public static Crypto getCrypto(String str, byte[] bArr, byte[] bArr2) throws CryptoException, ConfigException {
        CryptoX509 cryptoSm;
        boolean z = -1;
        switch (str.hashCode()) {
            case 265618517:
                if (str.equals("ecdsa_with_sha256")) {
                    z = false;
                    break;
                }
                break;
            case 1574795623:
                if (str.equals("sm2_with_sm3")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                cryptoSm = new CryptoEcdsa();
                break;
            case true:
                cryptoSm = new CryptoSm();
                break;
            default:
                throw new ConfigException("Client ssl type not support!");
        }
        cryptoSm.loadPrivateKey(bArr);
        cryptoSm.loadPublicKey(bArr2);
        cryptoSm.setCertificateFactory(cryptoSm.getCertificateFactory());
        return cryptoSm;
    }

    public static SslContext getSslContext(byte[] bArr, byte[] bArr2, byte[][] bArr3) throws CryptoException {
        SslContextBuilder configure = GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.OPENSSL);
        configure.keyManager(new ByteArrayInputStream(bArr2), new ByteArrayInputStream(bArr));
        int length = bArr3.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr3[i]));
            }
            configure.trustManager(x509CertificateArr);
            return configure.build();
        } catch (CertificateException | SSLException e) {
            throw new CryptoException("Get SslContext error", e);
        }
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public byte[] getPemPriKey() {
        return this.priKey;
    }

    public abstract CertificateFactory getCertificateFactory() throws CryptoException;

    @Override // com.huawei.wienerchain.security.Crypto
    public String getCommonName() throws CryptoException {
        for (Rdn rdn : getLdapName().getRdns()) {
            if (rdn.getType().equals("CN")) {
                return rdn.getValue().toString();
            }
        }
        return "";
    }

    @Override // com.huawei.wienerchain.security.Crypto
    public String getOrg() throws CryptoException {
        for (Rdn rdn : getLdapName().getRdns()) {
            if (rdn.getType().equals("O")) {
                return rdn.getValue().toString();
            }
        }
        return "";
    }

    private void setCertificateFactory(CertificateFactory certificateFactory) {
        this.certificateFactory = certificateFactory;
    }

    private LdapName getLdapName() throws CryptoException {
        try {
            return new LdapName(((X509Certificate) this.certificateFactory.generateCertificate(new ByteArrayInputStream(this.cert))).getSubjectDN().getName());
        } catch (CertificateException | InvalidNameException e) {
            throw new CryptoException("get Ldap name exception", e);
        }
    }
}
