package com.mindspore.flclient.pki;

import com.mindspore.flclient.LocalFLParameter;
import com.mindspore.flclient.common.FLLoggerGenerater;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.logging.Logger;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:com/mindspore/flclient/pki/PkiUtil.class */
public class PkiUtil {
    private static final Logger LOGGER = FLLoggerGenerater.getModelLogger(PkiUtil.class.toString());

    public static PkiBean genPkiBean(String str, long j) {
        return new PkiBean(signData(str, (LocalFLParameter.getInstance().getFlID() + " " + j).getBytes(StandardCharsets.UTF_8)), getCertificateChain(str));
    }

    public static byte[] getSHA256Str(String str) {
        byte[] bArr = new byte[0];
        try {
            bArr = MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.UTF_8));
        } catch (NoSuchAlgorithmException e) {
            LOGGER.severe("[PkiUtil] catch NoSuchAlgorithmException: " + e.getMessage());
        }
        return bArr;
    }

    public static String getPemFormat(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            try {
                pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
                pemWriter.flush();
                pemWriter.close();
            } catch (IOException | CertificateEncodingException e) {
                LOGGER.severe("[PkiUtil] catch IOException or CertificateEncodingException in getPermFormat: " + e.getMessage());
                pemWriter.flush();
                pemWriter.close();
            }
            return stringWriter.toString();
        } catch (Throwable th) {
            pemWriter.flush();
            pemWriter.close();
            throw th;
        }
    }

    private static byte[] signData(String str, byte[] bArr) {
        Key key;
        byte[] bArr2 = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeyStore");
            keyStore.load(null);
            key = keyStore.getKey(str, null);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            LOGGER.severe("[PkiUtil] catch Exception: " + e.getMessage());
        }
        if (key == null) {
            return new byte[0];
        }
        Signature signature = Signature.getInstance("SHA256withRSA/PSS", "HwUniversalKeyStoreProvider");
        if (key instanceof PrivateKey) {
            signature.initSign((PrivateKey) key);
        }
        signature.update(bArr);
        bArr2 = signature.sign();
        return bArr2;
    }

    public static Certificate[] getCertificateChain(String str) {
        KeyStore.Entry entry;
        Certificate[] certificateArr = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeyStore");
            keyStore.load(null);
            entry = keyStore.getEntry(str, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            LOGGER.severe("[PkiUtil] catch Exception: " + e.getMessage());
        }
        if (entry == null) {
            return new Certificate[0];
        }
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            return new Certificate[0];
        }
        certificateArr = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
        return certificateArr;
    }

    public static String toHexFormat(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format(Locale.ROOT, "%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public static String genEquipCertHash(String str) {
        Certificate[] certificateChain;
        byte[] bArr = null;
        try {
            certificateChain = getCertificateChain(str);
        } catch (IOException e) {
            LOGGER.severe("[PkiUtil] catch Exception: " + e.getMessage());
        }
        if (certificateChain == null || certificateChain.length < 2) {
            return "";
        }
        bArr = getSHA256Str(readPemFormat(certificateChain[1]));
        return toHexFormat(bArr);
    }

    public static String genHashFromCer(X509Certificate x509Certificate) {
        byte[] bArr = null;
        try {
            bArr = getSHA256Str(readPemFormat(x509Certificate));
        } catch (IOException e) {
            LOGGER.severe("[PkiUtil] catch Exception: " + e.getMessage());
        }
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format(Locale.ROOT, "%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public static String readPemFormat(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            if (certificate == null) {
                LOGGER.severe("[PkiUtil] the input parameter certificate is null, please check");
                throw new IllegalArgumentException();
            }
            try {
                pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
                pemWriter.flush();
                pemWriter.close();
            } catch (IOException | CertificateEncodingException e) {
                LOGGER.severe("[PkiUtil] catch IOException or CertificateEncodingException in getPermFormat: " + e.getMessage());
                pemWriter.flush();
                pemWriter.close();
            }
            return stringWriter.toString();
        } catch (Throwable th) {
            pemWriter.flush();
            pemWriter.close();
            throw th;
        }
    }
}
