package com.xdja.pki.ca.hsm.manager;

import com.xdja.pki.ca.certmanager.service.racert.bean.PwdUsedEnum;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.common.ConfigUtil;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.configBasic.bean.HsmCertNameBean;
import com.xdja.pki.ca.core.enums.DigestAlgEnum;
import com.xdja.pki.ca.core.enums.HsmInfoEnum;
import com.xdja.pki.ca.core.enums.KeyAlgEnum;
import com.xdja.pki.ca.core.enums.P10typeEnum;
import com.xdja.pki.ca.core.enums.SignAlgFormatEnum;
import com.xdja.pki.ca.core.exception.InvokeException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.core.util.CertUtils;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.ca.securitymanager.service.vo.SignAlgTypeEnum;
import com.xdja.pki.gmssl.core.utils.GMSSLBCSignUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLECUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.sdf.SdfSHAType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECKeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECSignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSAKeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLSancHsmUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLCertUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLP10Utils;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import java.io.FileInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import javax.naming.NamingException;
import org.apache.commons.lang3.RandomUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-manager-hsm-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/hsm/manager/HsmManagerImpl.class */
public class HsmManagerImpl implements HsmManager {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private Environment environment;

    /* renamed from: com.xdja.pki.ca.hsm.manager.HsmManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/ca-manager-hsm-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/hsm/manager/HsmManagerImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum = new int[YunHsmExceptionEnum.values().length];

        static {
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.TELNET_PORT_FAILURE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.SIGN_PASSWORD_IS_ERROR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.ENC_PASSWORD_IS_ERROR.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.SIGN_CERT_VERIFY_IS_ERROR.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.ENC_CERT_VERIFY_IS_ERROR.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.OPEN_DEVICE_IS_FAILURE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.OPEN_TRAIN_CERT_P7b_IS_ERROR.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.NORMAL.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean testHsmConnect(String str, Integer num, InputStream inputStream, String str2, InputStream inputStream2, String str3, InputStream inputStream3) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            return false;
        }
        this.logger.debug("系统采用BC作为密码设备，不需要进行连通性测试");
        return true;
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public X509Certificate genX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, CaInfoVO caInfoVO, PublicKey publicKey, List<Extension> list, String str2) {
        try {
            String x500Name = DnUtil.getRFC4519X500Name(str).toString();
            if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
                try {
                    this.logger.debug("系统采用HSM作为密码设备");
                    return GMSSLCertUtils.generateCert(DnUtil.getRFC4519X500Name(caInfoVO.getSubject()), DnUtil.getRFC4519X500Name(x500Name), bigInteger, date, date2, GMSSLSM2KeyUtils.genSdfPrivateKey(caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin()), publicKey, SignAlgTypeEnum.getAlgName(Integer.valueOf(str2).intValue()), list, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
                } catch (Exception e) {
                    throw new ServiceException("使用HSM签发证书出现异常", e);
                }
            }
            this.logger.debug("系统采用BC作为密码设备");
            try {
                this.logger.debug("签名算法为：" + Integer.valueOf(str2) + "----" + SignAlgTypeEnum.getAlgName(Integer.valueOf(str2).intValue()));
                this.logger.debug("公钥" + publicKey);
                this.logger.debug("私钥" + caInfoVO.getRootPrivateKey());
                long currentTimeMillis = System.currentTimeMillis();
                X509Certificate generateCertByBC = GMSSLCertUtils.generateCertByBC(DnUtil.getRFC4519X500Name(caInfoVO.getSubject()), DnUtil.getRFC4519X500Name(x500Name), bigInteger, date, date2, caInfoVO.getRootPrivateKey(), publicKey, SignAlgTypeEnum.getAlgName(Integer.valueOf(str2).intValue()), list, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
                this.logger.info("================generateCertByBC=========" + Thread.currentThread().getName() + " ==== " + System.currentTimeMillis() + " === " + (System.currentTimeMillis() - currentTimeMillis));
                return generateCertByBC;
            } catch (Exception e2) {
                throw new ServiceException("使用BC签发证书出现异常", e2);
            }
        } catch (NamingException e3) {
            throw new ServiceException("使用BC签发证书出现异常", e3);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public X509Certificate genRootX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, CaInfoVO caInfoVO, List<Extension> list, String str2) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            this.logger.debug("系统采用BC作为密码设备");
            try {
                return GMSSLCertUtils.generateCertByBC(DnUtil.getRFC4519X500Name(str), DnUtil.getRFC4519X500Name(str), bigInteger, date, date2, caInfoVO.getRootPrivateKey(), publicKey, SignAlgTypeEnum.getAlgName(Integer.parseInt(str2)), list, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
            } catch (Exception e) {
                throw new ServiceException("使用BC签发证书出现异常", e);
            }
        }
        try {
            this.logger.debug("系统采用HSM作为密码设备");
            return GMSSLCertUtils.generateCertByYunhsm(str, str, bigInteger, date, date2, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), publicKey, SignAlgTypeEnum.getAlgName(Integer.parseInt(str2)), list, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
        } catch (Exception e2) {
            throw new ServiceException("使用HSM签发证书出现异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PKCS10CertificationRequest genP10(CreateP10VO createP10VO, Integer num) throws NamingException, NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        PrivateKey privateKey;
        PublicKey publicKey;
        this.logger.debug("生成p10     " + createP10VO.toString());
        String algName = StringUtils.isNotBlank(createP10VO.getAlgName()) ? createP10VO.getAlgName() : getDefaultSignName(createP10VO.getAlg());
        X500Name rFC4519X500Name = DnUtil.getRFC4519X500Name(createP10VO.getDn());
        this.logger.info("p10 4519格式的dn    " + rFC4519X500Name);
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            try {
                this.logger.debug("系统采用HSM作为密码设备");
                PublicKey signPublicKeyByHsm = getSignPublicKeyByHsm(createP10VO.getKeyIndex(), createP10VO.getAlg());
                this.logger.debug("系统采用HSM作为密码设备生成p10");
                return GMSSLP10Utils.generateP10(rFC4519X500Name.toString(), signPublicKeyByHsm, new SdfPrivateKey(createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin()), algName, SignAlgFormatEnum.isBlankSpaceFormat(Constants.SIGN_ALG_FORMAT_FLAG));
            } catch (Exception e) {
                throw new ServiceException("使用HSM签发p10出现异常", e);
            }
        }
        this.logger.debug("系统采用BC作为密码设备");
        try {
            if (num.intValue() == P10typeEnum.CA.value) {
                publicKey = getPublicKey(createP10VO.getAlg(), createP10VO.getAlgLength(), Integer.valueOf(PwdUsedEnum.ROOT_CERT_TYPE.value), false);
                privateKey = CertUtils.readPrivateKeyByPath(Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_ROOT_PRIVATE_FILE_NAME);
            } else if (num.intValue() == P10typeEnum.SubCa.value) {
                publicKey = getPublicKey(createP10VO.getAlg(), createP10VO.getAlgLength(), Integer.valueOf(P10typeEnum.SubCa.value), false);
                privateKey = CertUtils.readPrivateKeyByPath(Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_ROOT_TMP_PRIVATE_FILE_NAME);
                createP10VO.setPublicKey(publicKey);
                createP10VO.setPublicKey(publicKey);
            } else {
                privateKey = createP10VO.getPrivateKey();
                publicKey = createP10VO.getPublicKey();
            }
            return CertUtil.createP10(rFC4519X500Name, publicKey, privateKey, algName);
        } catch (Exception e2) {
            throw new ServiceException("使用BC签发p10出现异常", e2);
        }
    }

    private String getDefaultSignName(Integer num) {
        if (AlgTypeEnum.RSA.value == num.intValue()) {
            return SignAlgTypeEnum.SHA256_WITH_RSA.algName;
        }
        if (AlgTypeEnum.SM2.value == num.intValue()) {
            return SignAlgTypeEnum.SM3_WITH_SM2.algName;
        }
        if (AlgTypeEnum.NISTP256.value == num.intValue()) {
            return SignAlgTypeEnum.SHA256_WITH_ECDSA.algName;
        }
        throw new RuntimeException("不支持的算法类型");
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public void recoverHsm() {
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getSignPublicKeyByCryptyDevice(Integer num, Integer num2, Integer num3, Integer num4) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            this.logger.debug("系统采用BC作为密码设备");
            try {
                return getPublicKey(num3, num4, num2, true);
            } catch (Exception e) {
                throw new ServiceException("使用BC生成公私钥异常", e);
            }
        }
        try {
            this.logger.debug("系统采用HSM作为密码设备");
            return getSignPublicKeyByHsm(num, num3);
        } catch (Exception e2) {
            throw new ServiceException("使用HSM生成公私钥异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getSignPublicKeyByHsm(Integer num, Integer num2) {
        try {
            this.logger.debug("系统采用HSM获取签名公钥信息");
            return AlgTypeEnum.RSA.value == num2.intValue() ? GMSSLRSAKeyUtils.getSignPublicKeyByYunhsm(num.intValue()) : AlgTypeEnum.SM2.value == num2.intValue() ? GMSSLECKeyUtils.getSignPublicKeyByYunhsm(num.intValue(), GMSSLECKeyUtils.SM2p256) : GMSSLECKeyUtils.getSignPublicKeyByYunhsm(num.intValue(), GMSSLECKeyUtils.NISTp256);
        } catch (Exception e) {
            throw new ServiceException("从HSM获取公私钥异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getEncPublicKeyByCryptyDevice(Integer num, Integer num2, Integer num3, Integer num4) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            this.logger.debug("系统采用BC作为密码设备");
            try {
                return getPublicKey(num3, num4, num2, false);
            } catch (Exception e) {
                throw new ServiceException("使用BC生成公私钥异常", e);
            }
        }
        try {
            this.logger.debug("系统采用HSM作为密码设备");
            return getEncPublicKeyByHsm(num, num3);
        } catch (Exception e2) {
            throw new ServiceException("使用HSM生成公私钥异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getPublicKey(Integer num, Integer num2, Integer num3, Boolean bool) {
        try {
            KeyPair generateSM2KeyPairByBC = num.intValue() == AlgTypeEnum.SM2.value ? GMSSLSM2KeyUtils.generateSM2KeyPairByBC() : num.intValue() == AlgTypeEnum.RSA.value ? GMSSLRSAKeyUtils.generateKeyPairByBC(num2.intValue()) : GMSSLECUtils.generateKeyPair(NISTNamedCurves.getName(SECObjectIdentifiers.secp256r1));
            PrivateKey privateKey = generateSM2KeyPairByBC.getPrivate();
            PublicKey publicKey = generateSM2KeyPairByBC.getPublic();
            if (PwdUsedEnum.ROOT_CERT_TYPE.value == num3.intValue()) {
                CertUtil.writeRootPri(privateKey);
                CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Constants.BASE_ALG_TYPE);
                caInfoVO.setRootPrivateKey(privateKey);
                Constants.CA_INFO.put(Constants.BASE_ALG_TYPE, caInfoVO);
            } else if (PwdUsedEnum.SERVER_CERT_TYPE.value == num3.intValue()) {
                if (bool.booleanValue()) {
                    CertUtil.writeObjToFile(privateKey, Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_SERVER_SIGN_PRIVATE_FILE_NAME);
                } else {
                    CertUtil.writeObjToFile(privateKey, Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_SERVER_ENC_PRIVATE_FILE_NAME);
                }
            } else if (P10typeEnum.SubCa.value == num3.intValue()) {
                PrivateKey privateKey2 = generateSM2KeyPairByBC.getPrivate();
                publicKey = generateSM2KeyPairByBC.getPublic();
                CertUtil.writeObjToFile(privateKey2, Constants.CA_ROOT_PRIVATE_PATH + Constants.CA_ROOT_TMP_PRIVATE_FILE_NAME);
            }
            return publicKey;
        } catch (Exception e) {
            throw new ServiceException("使用BC生成公私钥失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public String signDataByHsm(Integer num, Integer num2, String str, String str2) {
        try {
            this.logger.debug("使用HSM签名");
            return AlgTypeEnum.RSA.value == num.intValue() ? GMSSLRSASignUtils.signByYunHsm(SignAlgTypeEnum.SHA256_WITH_RSA.algName, num2.intValue(), str, str2) : AlgTypeEnum.SM2.value == num.intValue() ? GMSSLSM2SignUtils.signByYunhsm(num2.intValue(), str, Base64.toBase64String(str2.getBytes())) : Base64.toBase64String(GMSSLECSignUtils.signByYunHsm(num2.intValue(), str, Base64.decode(str2), SignAlgTypeEnum.SHA256_WITH_ECDSA.algName));
        } catch (Exception e) {
            this.logger.error("使用密码机签名异常", (Throwable) e);
            throw new ServiceException("使用密码机签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public String signDataByDefaultHash(Integer num, CaInfoVO caInfoVO, String str) {
        try {
            return Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? signDataByBC(num, caInfoVO.getRootPrivateKey(), str) : signDataByHsm(num, caInfoVO.getCaPwdBean().getKeyIndex(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), str);
        } catch (Exception e) {
            this.logger.error("使用密码机签名异常", (Throwable) e);
            throw new ServiceException("使用密码机签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public String signDataByBC(Integer num, PrivateKey privateKey, String str) {
        try {
            if (AlgTypeEnum.RSA.value == num.intValue()) {
                return GMSSLRSASignUtils.signByBC(SignAlgTypeEnum.SHA256_WITH_RSA.algName, privateKey, str);
            }
            if (AlgTypeEnum.NISTP256.value == num.intValue()) {
                return Base64.toBase64String(GMSSLBCSignUtils.generateSignature(SignAlgTypeEnum.SHA256_WITH_ECDSA.algName, privateKey, str.getBytes()));
            }
            if (AlgTypeEnum.SM2.value == num.intValue()) {
                return GMSSLSM2SignUtils.signByBC(privateKey, str);
            }
            throw new RuntimeException("不支持的算法类型");
        } catch (Exception e) {
            this.logger.error("使用BC签名异常", (Throwable) e);
            throw new ServiceException("使用BC签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean verifySignByHsm(Integer num, Integer num2, String str, String str2) {
        try {
            PublicKey signPublicKeyByHsm = getSignPublicKeyByHsm(num2, num);
            this.logger.debug("系统采用HSM进行验签");
            return AlgTypeEnum.RSA.value == num.intValue() ? GMSSLRSASignUtils.verifyByYunHsm(SignAlgTypeEnum.SHA256_WITH_RSA.algName, signPublicKeyByHsm, str, str2) : AlgTypeEnum.SM2.value == num.intValue() ? GMSSLSM2SignUtils.verifyByYunhsm(signPublicKeyByHsm, Base64.toBase64String(str.getBytes()), str2) : GMSSLECSignUtils.verifyByYunHsm(signPublicKeyByHsm, str, str2, SignAlgTypeEnum.SHA256_WITH_ECDSA.algName);
        } catch (Exception e) {
            this.logger.error("使用密码机验证签名异常", (Throwable) e);
            throw new ServiceException("使用密码机验证签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean verifySignByBcDefaultAlg(Integer num, PublicKey publicKey, String str, String str2) {
        try {
            if (AlgTypeEnum.RSA.value == num.intValue()) {
                return GMSSLRSASignUtils.verifyByBC(SignAlgTypeEnum.SHA256_WITH_RSA.algName, publicKey, str, str2);
            }
            if (AlgTypeEnum.NISTP256.value == num.intValue()) {
                return GMSSLBCSignUtils.verifySignature(SignAlgTypeEnum.SHA256_WITH_ECDSA.algName, publicKey, str.getBytes(), Base64.decode(str2));
            }
            if (AlgTypeEnum.SM2.value == num.intValue()) {
                return GMSSLSM2SignUtils.verifyByBC(publicKey, str, str2);
            }
            throw new RuntimeException("不支持的签名算法");
        } catch (Exception e) {
            this.logger.error("使用密码机验证签名异常", (Throwable) e);
            throw new ServiceException("使用密码机验证签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean verifySignByDefaultHash(Integer num, CaInfoVO caInfoVO, PublicKey publicKey, String str, String str2) {
        try {
            return Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? verifySignByBcDefaultAlg(num, publicKey, str, str2) : verifySignByHsm(num, caInfoVO.getCaPwdBean().getKeyIndex(), str, str2);
        } catch (Exception e) {
            this.logger.error("使用密码机验证签名异常", (Throwable) e);
            throw new ServiceException("使用密码机验证签名异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getEncPublicKeyByHsm(Integer num, Integer num2) {
        try {
            this.logger.debug("系统采用HSM获取加密公钥信息");
            return num2.intValue() == AlgTypeEnum.SM2.value ? GMSSLECKeyUtils.getEncryptPublicKeyByYunhsm(num.intValue(), GMSSLECKeyUtils.SM2p256) : num2.intValue() == AlgTypeEnum.RSA.value ? GMSSLRSAKeyUtils.getEncryptPublicKeyByYunhsm(num.intValue()) : GMSSLECKeyUtils.getEncryptPublicKeyByYunhsm(num.intValue(), GMSSLECKeyUtils.NISTp256);
        } catch (Exception e) {
            throw new ServiceException("使用HSM生成公私钥异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public String generateRandom(int i) {
        try {
            return Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC) ? Base64.toBase64String(RandomUtils.nextBytes(i)) : GMSSLRandomUtils.generateRandomByYunhsm(i);
        } catch (Exception e) {
            this.logger.error("调用密码机生成数据数失败", (Throwable) e);
            throw new InvokeException("调用密码机生成数据数失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean verifySign(int i, int i2, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            boolean z = false;
            if (Constants.CRYPT_DEVICE_TYPE.equals(Constants.CRYPT_DEVICE_BC)) {
                this.logger.debug("使用BC进行验签");
                if (i == KeyAlgEnum.SM2.value && i2 == DigestAlgEnum.SM3.value) {
                    z = GMSSLSM2SignUtils.verifyByBC(publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.RSA.value && i2 == DigestAlgEnum.SHA1.value) {
                    z = GMSSLRSASignUtils.verifyByBC(SdfSHAType.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.RSA.value && i2 == DigestAlgEnum.SHA256.value) {
                    z = GMSSLRSASignUtils.verifyByBC(SdfSHAType.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.NIST.value && i2 == DigestAlgEnum.SHA256.value) {
                    z = GMSSLBCSignUtils.verifySignature(SignAlgTypeEnum.SHA256_WITH_ECDSA.algName, publicKey, bArr, bArr2);
                }
            } else {
                this.logger.debug("使用HSM进行验签");
                if (i == KeyAlgEnum.SM2.value && i2 == DigestAlgEnum.SM3.value) {
                    z = GMSSLSM2SignUtils.verifyBySdf(SdfCryptoType.YUNHSM, publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.RSA.value && i2 == DigestAlgEnum.SHA1.value) {
                    z = GMSSLRSASignUtils.verifyByYunHsm(SdfSHAType.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.RSA.value && i2 == DigestAlgEnum.SHA256.value) {
                    z = GMSSLRSASignUtils.verifyByYunHsm(SdfSHAType.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
                } else if (i == KeyAlgEnum.NIST.value && i2 == DigestAlgEnum.SHA256.value) {
                    z = GMSSLECSignUtils.verifyByBC(publicKey, bArr, bArr2, SignAlgTypeEnum.SHA256_WITH_ECDSA.algName);
                }
            }
            return z;
        } catch (Exception e) {
            this.logger.error("调用密码机验证签名失败", (Throwable) e);
            throw new InvokeException("调用密码机验证签名失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public byte[] digest(byte[] bArr) {
        try {
            return Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue() ? GMSSLSM3DigestUtils.digestByBC(bArr) : GMSSLSM3DigestUtils.digestByYunhsm(bArr);
        } catch (Exception e) {
            this.logger.error("调用密码机获取摘要失败", (Throwable) e);
            throw new InvokeException("调用密码机获取摘要失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public Result testAndSaveHsmConfig(HsmCertNameBean hsmCertNameBean, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) {
        try {
            Result success = Result.success();
            if (HsmInfoEnum.XDJA_HSM.hsmType == hsmCertNameBean.getHsmType()) {
                YunHsmExceptionEnum initYunHsmConfigAndTestConnect = GMSSLYunHsmUtils.initYunHsmConfigAndTestConnect(hsmCertNameBean.getIp(), hsmCertNameBean.getPort().intValue(), hsmCertNameBean.getSignCertPwd(), hsmCertNameBean.getEncCertPwd(), fileInputStream, fileInputStream2, fileInputStream3);
                this.logger.info("测试和保存密码信息配置信息返回值为value=" + initYunHsmConfigAndTestConnect.value);
                switch (AnonymousClass1.$SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[initYunHsmConfigAndTestConnect.ordinal()]) {
                    case 1:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 2:
                        success.setError(ErrorEnum.SIGN_PFX_PWD_ERROR);
                        break;
                    case 3:
                        success.setError(ErrorEnum.ENC_PFX_PWD_ERROR);
                        break;
                    case 4:
                        success.setError(ErrorEnum.SIGN_PFX_FORMAT_ERROR);
                        break;
                    case 5:
                        success.setError(ErrorEnum.ENC_PFX_FORMAT_ERROR);
                        break;
                    case 6:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 7:
                        success.setError(ErrorEnum.HSM_CA_CHAIN_VERIFY_ERROR);
                        break;
                    case 8:
                        HsmCertNameBean hsmConfig = ConfigUtil.getHsmConfig(this.environment);
                        if (StringUtils.isBlank(hsmCertNameBean.getEncCert()) && null != hsmConfig) {
                            hsmCertNameBean.setEncCert(hsmConfig.getEncCert());
                        }
                        if (StringUtils.isBlank(hsmCertNameBean.getSignCert()) && null != hsmConfig) {
                            hsmCertNameBean.setSignCert(hsmConfig.getSignCert());
                        }
                        if (StringUtils.isBlank(hsmCertNameBean.getHsmCaChain()) && null != hsmConfig) {
                            hsmCertNameBean.setHsmCaChain(hsmConfig.getHsmCaChain());
                        }
                        ConfigUtil.saveHsmConfig(this.environment, hsmCertNameBean);
                        GMSSLPkiCryptoInit.getXdjaYunHsmInstance();
                        break;
                    default:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                }
            } else {
                if (HsmInfoEnum.SWXA_HSM.hsmType != hsmCertNameBean.getHsmType()) {
                    throw new ServiceException("测试和保存密码机配置信息时密码机类型错误");
                }
                YunHsmExceptionEnum initConfigAndTestConnect = GMSSLSancHsmUtils.initConfigAndTestConnect(hsmCertNameBean.getIp(), hsmCertNameBean.getPort().intValue(), hsmCertNameBean.getAccessPwd(), false);
                this.logger.info("测试和保存密码信息配置信息返回值为value=" + initConfigAndTestConnect.value);
                switch (AnonymousClass1.$SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[initConfigAndTestConnect.ordinal()]) {
                    case 1:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 6:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 8:
                        HsmCertNameBean hsmConfig2 = ConfigUtil.getHsmConfig(this.environment);
                        if (StringUtils.isBlank(hsmCertNameBean.getAccessPwd()) && null != hsmConfig2) {
                            hsmCertNameBean.setAccessPwd(hsmConfig2.getAccessPwd());
                        }
                        ConfigUtil.saveHsmConfig(this.environment, hsmCertNameBean);
                        GMSSLPkiCryptoInit.getSancHsmInstance();
                        break;
                    default:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                }
            }
            return success;
        } catch (Exception e) {
            throw new ServiceException("测试和保存密码机配置信息时异常", e);
        }
    }

    public String getNameByPath(String str) {
        String[] split = str.split("\\\\");
        return split[split.length - 1];
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public Result getHsmConfig() {
        try {
            HsmCertNameBean hsmConfig = ConfigUtil.getHsmConfig(this.environment);
            if (null == hsmConfig) {
                hsmConfig = new HsmCertNameBean();
            }
            return Result.success(hsmConfig);
        } catch (Exception e) {
            throw new ServiceException("获取密码机配置信息时异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public Result testHsmConfig(HsmCertNameBean hsmCertNameBean, FileInputStream fileInputStream, FileInputStream fileInputStream2, FileInputStream fileInputStream3) {
        Result success = Result.success();
        try {
            if (HsmInfoEnum.XDJA_HSM.hsmType != hsmCertNameBean.getHsmType()) {
                if (HsmInfoEnum.SWXA_HSM.hsmType == hsmCertNameBean.getHsmType()) {
                    YunHsmExceptionEnum testConnect = GMSSLSancHsmUtils.testConnect(hsmCertNameBean.getIp(), hsmCertNameBean.getPort().intValue(), hsmCertNameBean.getAccessPwd(), true);
                    this.logger.info(testConnect.value);
                    switch (AnonymousClass1.$SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[testConnect.ordinal()]) {
                        case 1:
                            success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                            break;
                        case 6:
                            success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                            break;
                        case 8:
                            break;
                        default:
                            success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                            break;
                    }
                }
            } else {
                YunHsmExceptionEnum testConnect2 = GMSSLYunHsmUtils.testConnect(hsmCertNameBean.getIp(), hsmCertNameBean.getPort().intValue(), hsmCertNameBean.getSignCertPwd(), hsmCertNameBean.getEncCertPwd(), fileInputStream, fileInputStream2, fileInputStream3);
                this.logger.info(testConnect2.value);
                switch (AnonymousClass1.$SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[testConnect2.ordinal()]) {
                    case 1:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 2:
                        success.setError(ErrorEnum.SIGN_PFX_PWD_ERROR);
                        break;
                    case 3:
                        success.setError(ErrorEnum.ENC_PFX_PWD_ERROR);
                        break;
                    case 4:
                        success.setError(ErrorEnum.SIGN_PFX_FORMAT_ERROR);
                        break;
                    case 5:
                        success.setError(ErrorEnum.ENC_PFX_FORMAT_ERROR);
                        break;
                    case 6:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                    case 7:
                        success.setError(ErrorEnum.HSM_CA_CHAIN_VERIFY_ERROR);
                        break;
                    case 8:
                        break;
                    default:
                        success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                        break;
                }
            }
            return success;
        } catch (Exception e) {
            throw new ServiceException("密码机连接异常", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public void getCaServerPwd(Integer num, Integer num2, PublicKey publicKey, PublicKey publicKey2, Integer num3, String str) {
        try {
            if (num.intValue() == AlgTypeEnum.RSA.value || Constants.BASE_ALG_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
                getPublicKey(num, num2, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), true);
                getPublicKey(num, num2, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), false);
            } else {
                getEncPublicKeyByCryptyDevice(num3, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), num, num2);
                getSignPublicKeyByCryptyDevice(num3, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), num, num2);
            }
        } catch (Exception e) {
            throw new ServiceException("获取CA服务器证书密钥信息失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getCaSignServerPwd(Integer num, Integer num2, Integer num3) {
        try {
            return (num.intValue() == AlgTypeEnum.NISTP256.value || num.intValue() == AlgTypeEnum.RSA.value || Constants.BASE_ALG_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue() || Constants.BASE_ALG_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue()) ? getPublicKey(num, num2, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), true) : getSignPublicKeyByCryptyDevice(num3, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), num, num2);
        } catch (Exception e) {
            throw new ServiceException("获取CA服务器证书密钥信息失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getCaEncServerPwd(Integer num, Integer num2, Integer num3) {
        try {
            return (num.intValue() == AlgTypeEnum.NISTP256.value || num.intValue() == AlgTypeEnum.RSA.value || Constants.BASE_ALG_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue() || Constants.BASE_ALG_TYPE.intValue() == Constants.CRYPT_DEVICE_SWXA_HSM.intValue()) ? getPublicKey(num, num2, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), false) : getEncPublicKeyByCryptyDevice(num3, Integer.valueOf(PwdUsedEnum.SERVER_CERT_TYPE.value), num, num2);
        } catch (Exception e) {
            throw new ServiceException("获取CA服务器证书密钥信息失败", e);
        }
    }
}
