package com.hundsun.obmbase.util;

import android.util.Base64;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes3.dex */
public class CertUtil {
    private static CertificateFactory cf = null;
    private static Provider provBC = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);

    public static X509Certificate convB64Str2Cert(String str) throws CertificateException {
        return convBin2Cert(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll(StringUtils.CR, "").replaceAll(StringUtils.LF, ""), 0));
    }

    public static Collection<Certificate> convB64Str2Certs(String str) throws CertificateException {
        return convBin2Certs(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll(StringUtils.CR, "").replaceAll(StringUtils.LF, ""), 0));
    }

    public static X509Certificate convBin2Cert(byte[] bArr) throws CertificateException {
        try {
            if (cf == null) {
                cf = CertificateFactory.getInstance("X.509", provBC);
            }
            return (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw e;
        }
    }

    public static Collection<Certificate> convBin2Certs(byte[] bArr) throws CertificateException {
        try {
            if (cf == null) {
                cf = CertificateFactory.getInstance("X.509", provBC);
            }
            return cf.generateCertificates(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw e;
        }
    }

    private static X509Certificate getCert(Collection<Certificate> collection, Principal principal, String str) {
        Iterator<Certificate> it = collection.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            if ("1".equals(str)) {
                if (principal.equals(x509Certificate.getSubjectDN())) {
                    return x509Certificate;
                }
            } else if (principal.equals(x509Certificate.getIssuerDN())) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static X509Certificate getUserCert(Collection<Certificate> collection) {
        Iterator<Certificate> it = collection.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            if (getCert(collection, x509Certificate.getSubjectDN(), "2") == null) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey, String str) throws Exception {
        if (str == null || str.equals("")) {
            str = "SHA1withRSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, String str, X509Certificate x509Certificate, String str2) throws Exception {
        if (str2 == null || str2.equals("")) {
            str2 = "SHA1withRSA";
        }
        Collection<Certificate> convB64Str2Certs = convB64Str2Certs(str);
        Iterator<Certificate> it = convB64Str2Certs.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            PublicKey publicKey = x509Certificate2.getPublicKey();
            Log.i("TAG", "verify ----issuerDN ：" + issuerDN + "------subjectDN:" + subjectDN + "----sn:" + x509Certificate2.getSerialNumber());
            if (issuerDN.equals(subjectDN)) {
                x509Certificate2.verify(publicKey);
            } else {
                X509Certificate cert = getCert(convB64Str2Certs, issuerDN, "1");
                if (cert == null) {
                    throw new RuntimeException("证书链不完整");
                }
                x509Certificate2.verify(cert.getPublicKey());
            }
        }
        Signature signature = Signature.getInstance(str2);
        X509Certificate userCert = getUserCert(convB64Str2Certs);
        signature.initVerify(userCert.getPublicKey());
        signature.update(bArr);
        return signature.verify(bArr2) && userCert.getNotAfter().compareTo(new Date()) >= 0;
    }
}
