package com.msok.common.util;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/msok/common/util/SecurityUtil.class */
public class SecurityUtil extends DigestUtils {
    public static final int ENCRYPT_MODE = 1;
    public static final int DECRYPT_MODE = 2;
    private static final String DEFAULT_MODE = "ECB";
    private static final String DEFAULT_SYM_PADDING = "PKCS5Padding";
    private static final String DEFAULT_ASYM_PADDING = "PKCS1Padding";
    private static final Logger _log = LoggerFactory.getLogger(SecurityUtil.class);
    private static final ConcurrentMap<String, X509Certificate> certs = new ConcurrentHashMap();
    private static final ConcurrentMap<String, KeyStore> keyStores = new ConcurrentHashMap();

    public static byte[] cipher(byte[] bArr, Key key, int i, String str) throws GeneralSecurityException, IllegalArgumentException {
        long nanoTime = System.nanoTime();
        if (ArrayUtils.isEmpty(bArr)) {
            _log.debug("#cipher empty data!");
            return bArr;
        }
        Validate.isTrue(i == 1 || i == 2, "加密|解密", new Object[0]);
        Validate.notNull(str, "加解密算法不能为空", new Object[0]);
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(i, (Key) Validate.notNull(key, "empty key!", new Object[0]));
        byte[] doFinal = cipher.doFinal(bArr);
        logCipher(bArr, i, doFinal, System.nanoTime() - nanoTime);
        return doFinal;
    }

    static void logCipher(byte[] bArr, int i, byte[] bArr2, long j) {
        if (_log.isDebugEnabled()) {
            Logger logger = _log;
            Object[] objArr = new Object[4];
            objArr[0] = i == 1 ? "encode" : "decode";
            objArr[1] = IOUtil.bcd(bArr, 128);
            objArr[2] = IOUtil.bcd(bArr2, 128);
            objArr[3] = Long.valueOf(j);
            logger.debug("#cipher {} [{}]-->[{}] used {} nano.", objArr);
        }
    }

    private static byte[] symCipher(byte[] bArr, byte[] bArr2, int i, String str) throws GeneralSecurityException, IllegalArgumentException {
        Validate.isTrue(ArrayUtils.isNotEmpty(bArr2), "密钥不能为空", new Object[0]);
        Validate.notNull(str, "加解密算法不能为空", new Object[0]);
        return cipher(bArr, new SecretKeySpec(bArr2, StringUtils.split(str, '/')[0]), i, str);
    }

    public static byte[] symEncrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 1, str);
    }

    public static byte[] symDecrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 2, str);
    }

    public static byte[] desEncrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 1, String.format("DES/%s/%s", str, str2));
    }

    public static byte[] desEncrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return desEncrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] desEncrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return desEncrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    public static byte[] desDecrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 2, String.format("DES/%s/%s", str, str2));
    }

    public static byte[] desDecrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return desDecrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] desDecrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return desDecrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    static byte[] paddingDesedeKey(byte[] bArr) {
        Validate.notNull(bArr, "3DES密钥不能为空", new Object[0]);
        if (bArr.length == 24) {
            return bArr;
        }
        if (bArr.length == 16) {
            return IOUtil.joinBytes(bArr, bArr, 0, 8);
        }
        throw new IllegalArgumentException("3DES密钥只能为16字节/24字节");
    }

    public static byte[] desedeEncrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, paddingDesedeKey(bArr2), 1, String.format("DESede/%s/%s", str, str2));
    }

    public static byte[] desedeEncrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return desedeEncrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] desedeEncrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return desedeEncrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    public static byte[] desedeDecrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, paddingDesedeKey(bArr2), 2, String.format("DESede/%s/%s", str, str2));
    }

    public static byte[] desedeDecrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return desedeDecrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] desedeDecrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return desedeDecrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    public static byte[] aesEncrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 1, String.format("AES/%s/%s", str, str2));
    }

    public static byte[] aesEncrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return aesEncrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] aesEncrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return desEncrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    public static byte[] aesDecrypt(byte[] bArr, byte[] bArr2, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return symCipher(bArr, bArr2, 2, String.format("AES/%s/%s", str, str2));
    }

    public static byte[] aesDecrypt(byte[] bArr, byte[] bArr2, String str) throws GeneralSecurityException, IllegalArgumentException {
        return aesDecrypt(bArr, bArr2, DEFAULT_MODE, str);
    }

    public static byte[] aesDecrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException, IllegalArgumentException {
        return aesDecrypt(bArr, bArr2, DEFAULT_MODE, DEFAULT_SYM_PADDING);
    }

    public static final KeyPair genKeyPair(String str, int i) throws NoSuchAlgorithmException {
        long currentTimeMillis = System.currentTimeMillis();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        if (i <= 0) {
            i = 1024;
        }
        keyPairGenerator.initialize(i, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        if (_log.isDebugEnabled()) {
            _log.debug("# genKeyPair({},{})...use {} ms.", new Object[]{str, Integer.valueOf(i), Long.valueOf(currentTimeMillis2)});
        }
        return generateKeyPair;
    }

    public static final KeyPair genKeyPair(String str) throws NoSuchAlgorithmException {
        return genKeyPair(str, 1024);
    }

    public static final PrivateKey getPKCS8PrivateKey(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static final PublicKey getX509PublicKey(byte[] bArr) throws GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static final X509Certificate readX509Cert(InputStream inputStream) throws GeneralSecurityException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static final KeyStore readKeyStore(InputStream inputStream, String str, String str2) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        try {
            keyStore.load(inputStream, str.toCharArray());
            return keyStore;
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static final KeyStore readJks(InputStream inputStream, String str) throws IOException, GeneralSecurityException {
        return readKeyStore(inputStream, str, "JKS");
    }

    public static final KeyStore readPKCS12(InputStream inputStream, String str) throws IOException, GeneralSecurityException {
        return readKeyStore(inputStream, str, "PKCS12");
    }

    public static final void printKeyStore(KeyStore keyStore, String str) throws GeneralSecurityException {
        int i = 0;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                Date notBefore = x509Certificate.getNotBefore();
                Date notAfter = x509Certificate.getNotAfter();
                _log.debug("{}.证书别名:{} ", Integer.valueOf(i), nextElement);
                _log.debug("{}.证书类型:{}/v{}", new Object[]{Integer.valueOf(i), x509Certificate.getType(), Integer.valueOf(x509Certificate.getVersion())});
                _log.debug("{}.密钥算法:{} ", Integer.valueOf(i), x509Certificate.getPublicKey().getAlgorithm());
                _log.debug("{}.签名算法:{} ", Integer.valueOf(i), x509Certificate.getSigAlgName());
                _log.debug("{}.证书序号:{} ", Integer.valueOf(i), x509Certificate.getSerialNumber());
                _log.debug("{}.有效期({}----{})", new Object[]{Integer.valueOf(i), notBefore, notAfter});
                _log.debug("{}.持有者:{} ", Integer.valueOf(i), x509Certificate.getSubjectDN());
                _log.debug("{}.签发者:{} ", Integer.valueOf(i), x509Certificate.getIssuerDN());
            }
            if (str != null) {
                Key key = keyStore.getKey(nextElement, str.toCharArray());
                if (key == null) {
                    _log.debug("{}.别名:{}无私钥 ", Integer.valueOf(i), nextElement);
                } else {
                    _log.debug("{}.私钥类名:{} ", Integer.valueOf(i), key.getClass());
                    _log.debug("{}.私钥格式:{}/{}", new Object[]{Integer.valueOf(i), key.getAlgorithm(), key.getFormat()});
                }
            }
            i++;
        }
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey, String str) throws GeneralSecurityException {
        long currentTimeMillis = System.currentTimeMillis();
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        _log.debug("# sign() using {} use {} ms.", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return sign;
    }

    public static boolean verify(byte[] bArr, PublicKey publicKey, String str, byte[] bArr2) throws GeneralSecurityException {
        long currentTimeMillis = System.currentTimeMillis();
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        boolean verify = signature.verify(bArr2);
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        if (_log.isDebugEnabled()) {
            _log.debug("# verify() using {} result is {} use {} ms.", new Object[]{str, Boolean.valueOf(verify), Long.valueOf(currentTimeMillis2)});
        }
        return verify;
    }

    public static String signPEM(byte[] bArr, PrivateKey privateKey, String str) throws GeneralSecurityException {
        return org.apache.commons.codec.binary.Base64.encodeBase64String(sign(bArr, privateKey, str));
    }

    public static boolean verifyPEM(byte[] bArr, PublicKey publicKey, String str, String str2) throws GeneralSecurityException {
        return verify(bArr, publicKey, str, org.apache.commons.codec.binary.Base64.decodeBase64(str2));
    }

    public static void printProvidersInfo() {
        for (String str : new String[]{"Signature", "MessageDigest", "Cipher", "Mac", "KeyStore"}) {
            _log.debug("{} = {}", str, Security.getAlgorithms(str));
        }
    }

    private static byte[] asymCipher(byte[] bArr, Key key, int i, String str) throws GeneralSecurityException, IllegalArgumentException {
        Validate.notNull(key, "密钥不能为空", new Object[0]);
        Validate.notNull(str, "加解密算法不能为空", new Object[0]);
        return cipher(bArr, key, i, str);
    }

    public static byte[] rsaEncrypt(byte[] bArr, Key key, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return asymCipher(bArr, key, 1, String.format("RSA/%s/%s", str, str2));
    }

    public static byte[] rsaEncrypt(byte[] bArr, Key key, String str) throws GeneralSecurityException, IllegalArgumentException {
        return rsaEncrypt(bArr, key, DEFAULT_MODE, str);
    }

    public static byte[] rsaEncrypt(byte[] bArr, Key key) throws GeneralSecurityException, IllegalArgumentException {
        return rsaEncrypt(bArr, key, DEFAULT_MODE, DEFAULT_ASYM_PADDING);
    }

    public static byte[] rsaDecrypt(byte[] bArr, Key key, String str, String str2) throws GeneralSecurityException, IllegalArgumentException {
        return asymCipher(bArr, key, 2, String.format("RSA/%s/%s", str, str2));
    }

    public static byte[] rsaDecrypt(byte[] bArr, Key key, String str) throws GeneralSecurityException, IllegalArgumentException {
        return rsaDecrypt(bArr, key, DEFAULT_MODE, str);
    }

    public static byte[] rsaDecrypt(byte[] bArr, Key key) throws GeneralSecurityException, IllegalArgumentException {
        return rsaDecrypt(bArr, key, DEFAULT_MODE, DEFAULT_ASYM_PADDING);
    }
}
