package com.xdja.pki.gmssl.x509.utils;

import com.xdja.SafeKey.bean.MiniPcieIndexEnum;
import com.xdja.SafeKey.utils.MiniPcieXKFUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentSigner;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentVerifierProvider;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentSignerUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentVerifierProviderUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentSigner;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentVerifierProvider;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import com.xdja.pki.ldap.CryptoTypeStr;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.6-20200917.065347-4.jar:com/xdja/pki/gmssl/x509/utils/GMSSLCertUtils.class */
public class GMSSLCertUtils {
    public static X509Certificate generateCert(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list, boolean z) throws Exception {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, str3, list, z);
    }

    public static X509Certificate generateCert(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list, boolean z) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                SdfPrivateKey sdfPrivateKey = (SdfPrivateKey) privateKey;
                return generateCertByPcie(x500Name, x500Name2, bigInteger, date, date2, sdfPrivateKey.getIndex(), sdfPrivateKey.getStringPassword(), publicKey, str, list, z);
            case XDJA_HSM:
                return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str, (SdfPrivateKey) privateKey, z), list);
            case MINI_PCI_E:
                return generateCertByMiniPcie(x500Name, x500Name2, bigInteger, date, date2, privateKey, publicKey, str, list, z);
            case SANC_HSM:
                return generateCertBySanc(x500Name, x500Name2, bigInteger, date, date2, privateKey, publicKey, str, list, z);
            case BC:
            default:
                return generateCertByBC(x500Name, x500Name2, bigInteger, date, date2, privateKey, publicKey, str, list, z);
        }
    }

    public static boolean verifyCert(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                return verifyCertByPCIE(publicKey, x509Certificate);
            case XDJA_HSM:
                return verifyCertByYunHsm(publicKey, x509Certificate);
            case MINI_PCI_E:
                return verifyCertByMiniPcie(publicKey, x509Certificate);
            case SANC_HSM:
                return verifyCertBySanc(publicKey, x509Certificate);
            case BC:
            default:
                return verifyCertByBC(publicKey, x509Certificate);
        }
    }

    public static boolean writeCertToHardWare(int i, String str, X509Certificate x509Certificate, boolean z) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case MINI_PCI_E:
                return z ? MiniPcieXKFUtils.writeCert(x509Certificate.getEncoded(), MiniPcieIndexEnum.getInfoFromIndex(i).getEncCertIndex(), str) : MiniPcieXKFUtils.writeCert(x509Certificate.getEncoded(), MiniPcieIndexEnum.getInfoFromIndex(i).getSignCertIndex(), str);
            default:
                throw new Exception("un support writeCertToHardWare  with the crypto " + GMSSLPkiCryptoInit.getCryptoType());
        }
    }

    public static X509Certificate readCertFromHardWare(int i, boolean z) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case MINI_PCI_E:
                return z ? GMSSLX509Utils.readCertificateFromCerByte(MiniPcieXKFUtils.readCert(MiniPcieIndexEnum.getInfoFromIndex(i).getEncCertIndex())) : GMSSLX509Utils.readCertificateFromCerByte(MiniPcieXKFUtils.readCert(MiniPcieIndexEnum.getInfoFromIndex(i).getSignCertIndex()));
            default:
                throw new Exception("un support writeCertToHardWare  with the crypto " + GMSSLPkiCryptoInit.getCryptoType());
        }
    }

    public static X509Certificate generateCertBySanc(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list, boolean z) throws CertIOException, CertificateException {
        return generateCertBySanc(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, str3, list, z);
    }

    public static X509Certificate generateCertBySanc(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list, boolean z) throws CertIOException, CertificateException {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, new GMSSLSancContentSigner(str, privateKey, z), list);
    }

    public static boolean verifyCertBySanc(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return verifyCert(new GMSSLSancContentVerifierProvider(publicKey), x509Certificate);
    }

    public static X509Certificate generateCertByMiniPcie(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list, boolean z) throws CertIOException, CertificateException {
        return generateCertByMiniPcie(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, str3, list, z);
    }

    public static X509Certificate generateCertByMiniPcie(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list, boolean z) throws CertIOException, CertificateException {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, new GMSSLXkfContentSigner(str, privateKey, z), list);
    }

    public static boolean verifyCertByMiniPcie(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return verifyCert(new GMSSLXkfContentVerifierProvider(publicKey), x509Certificate);
    }

    public static X509Certificate generateCertByBC(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list) throws Exception {
        return generateCertByBC(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, str3, list, false);
    }

    public static X509Certificate generateCertByBC(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list, boolean z) throws Exception {
        return generateCertByBC(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, str3, list, z);
    }

    public static X509Certificate generateCertByBC(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list) throws Exception {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey), list);
    }

    public static X509Certificate generateCertByBC(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list, boolean z) throws Exception {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey, z), list);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, String str4, List<Extension> list) throws Exception {
        return generateCertByYunhsm(str, str2, bigInteger, date, date2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str3), publicKey, str4, list);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, String str4, List<Extension> list, boolean z) throws Exception {
        return generateCertByYunhsm(str, str2, bigInteger, date, date2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str3), publicKey, str4, list, z);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return generateCert(str, str2, bigInteger, date, date2, privateKey, publicKey, str3, list, false);
        }
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str3, privateKey), list);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str3, List<Extension> list, boolean z) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return generateCert(str, str2, bigInteger, date, date2, privateKey, publicKey, str3, list, z);
        }
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str3, privateKey, z), list);
    }

    public static X509Certificate generateCertByYunhsm(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, String str, List<Extension> list, boolean z) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str, privateKey, z), list);
    }

    public static X509Certificate generateCertByPcie(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, String str4, List<Extension> list) throws Exception {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByPcie(str4, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str3)), list);
    }

    public static X509Certificate generateCertByPcie(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, String str4, List<Extension> list, boolean z) throws Exception {
        return generateCertByPcie(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, i, str3, publicKey, str4, list, z);
    }

    public static X509Certificate generateCertByPcie(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, int i, String str, PublicKey publicKey, String str2, List<Extension> list, boolean z) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLContentSignerUtils.generateContentSignerByPcie(str2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str), z), list);
    }

    public static X509Certificate generateCert(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, ContentSigner contentSigner, List<Extension> list) throws CertIOException, CertificateException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, GMSSLX509Utils.convertSubjectPublicKeyInfo(publicKey));
        if (list != null) {
            Iterator<Extension> it = list.iterator();
            while (it.hasNext()) {
                x509v3CertificateBuilder.addExtension(it.next());
            }
        }
        return new JcaX509CertificateConverter().setProvider(CryptoTypeStr.BC).getCertificate(x509v3CertificateBuilder.build(contentSigner));
    }

    public static X509Certificate decodeCertByBC(PublicKey publicKey, byte[] bArr) throws OperatorCreationException, CertificateException, IOException, CertException {
        return decodeCert(GMSSLContentVerifierProviderUtils.generateContentVerifierByBC(publicKey), bArr);
    }

    public static X509Certificate decodeCertByYunhsm(PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCertBySdf(SdfCryptoType.YUNHSM, publicKey, bArr);
    }

    public static X509Certificate decodeCertByPcie(PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCertBySdf(SdfCryptoType.PCIE, publicKey, bArr);
    }

    public static X509Certificate decodeCertBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCert(GMSSLContentVerifierProviderUtils.generateContentVerifierBySdf(sdfCryptoType, publicKey), bArr);
    }

    public static X509Certificate decodeCert(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws IOException, CertException, CertificateException {
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(bArr);
        x509CertificateHolder.isSignatureValid(contentVerifierProvider);
        return new JcaX509CertificateConverter().setProvider(CryptoTypeStr.BC).getCertificate(x509CertificateHolder);
    }

    public static boolean verifyCertByBC(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return verifyCert(GMSSLContentVerifierProviderUtils.generateContentVerifierByBC(publicKey), x509Certificate);
    }

    public static boolean verifyCertByYunHsm(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return verifyCertBySdf(SdfCryptoType.YUNHSM, publicKey, x509Certificate);
    }

    public static boolean verifyCertByPCIE(PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return verifyCertBySdf(SdfCryptoType.PCIE, publicKey, x509Certificate);
    }

    public static boolean verifyCertBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, X509Certificate x509Certificate) throws Exception {
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? verifyCert(publicKey, x509Certificate) : verifyCert(GMSSLContentVerifierProviderUtils.generateContentVerifierBySdf(sdfCryptoType, publicKey), x509Certificate);
    }

    public static boolean verifyCert(ContentVerifierProvider contentVerifierProvider, X509Certificate x509Certificate) throws Exception {
        return verifyCert(contentVerifierProvider, x509Certificate.getEncoded());
    }

    public static boolean verifyCert(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws Exception {
        return new X509CertificateHolder(bArr).isSignatureValid(contentVerifierProvider);
    }

    static {
        if (Security.getProvider(CryptoTypeStr.BC) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
