package com.xdja.pki.gmssl.crypto.utils;

import com.sansec.devicev4.api.ISDSCrypto;
import com.sansec.devicev4.gb.struct.key.IRSArefPublicKey;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLRSAUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.sdf.SdfRSAKeyParameters;
import com.xdja.pki.gmssl.crypto.sdf.SdfRSASigner;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancConnectionUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancConverUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancDigestPreProcessUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancKeyTypeEnum;
import com.xdja.pki.gmssl.operator.utils.GMSSLPKCS1Encodeing;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import com.xdja.pki.ldap.CryptoTypeStr;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.RSAPublicKey;
import org.apache.tomcat.websocket.DigestAuthenticator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.nutz.ioc.meta.IocValue;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.6-20200917.065347-4.jar:com/xdja/pki/gmssl/crypto/utils/GMSSLRSASignUtils.class */
public class GMSSLRSASignUtils {
    public static byte[] sign(PrivateKey privateKey, byte[] bArr, String str) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                SdfPrivateKey sdfPrivateKey = (SdfPrivateKey) privateKey;
                return signBySdf(SdfCryptoType.PCIE, str, sdfPrivateKey.getIndex(), sdfPrivateKey.getStringPassword(), bArr);
            case XDJA_HSM:
                SdfPrivateKey sdfPrivateKey2 = (SdfPrivateKey) privateKey;
                return signBySdf(SdfCryptoType.YUNHSM, str, sdfPrivateKey2.getIndex(), sdfPrivateKey2.getStringPassword(), bArr);
            case SANC_HSM:
                return signBySancHsm(privateKey, bArr, str);
            case BC:
            case MINI_PCI_E:
            default:
                return signByBC(str, privateKey, bArr);
        }
    }

    public static boolean verify(PublicKey publicKey, byte[] bArr, byte[] bArr2, String str) throws Exception {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                return verifyBySdf(SdfCryptoType.PCIE, str, publicKey, bArr, bArr2);
            case XDJA_HSM:
                return verifyBySdf(SdfCryptoType.YUNHSM, str, publicKey, bArr, bArr2);
            case SANC_HSM:
                return verifyBySancHsm(publicKey, bArr, bArr2, str);
            case BC:
            case MINI_PCI_E:
            default:
                return verifyByBC(str, publicKey, bArr, bArr2);
        }
    }

    public static byte[] signBySancHsm(PrivateKey privateKey, byte[] bArr, String str) throws Exception {
        SdfPrivateKey sdfPrivateKey = (SdfPrivateKey) privateKey;
        ISDSCrypto cryptConnection = GMSSLSancConnectionUtils.getCryptConnection();
        byte[] sancPreProcess = sancPreProcess(bArr, str);
        IRSArefPublicKey rSAPublicKey = cryptConnection.getRSAPublicKey(sdfPrivateKey.getIndex(), GMSSLSancKeyTypeEnum.SIGN.getKeyType());
        return cryptConnection.rsaPrivateKeyOperation(sdfPrivateKey.getIndex(), GMSSLSancKeyTypeEnum.SIGN.getKeyType(), GMSSLByteArrayUtils.changeByteArrayLength(GMSSLPKCS1Encodeing.encodePrivateBlock(sancPreProcess, 0, sancPreProcess.length, rSAPublicKey.getBits()), rSAPublicKey.getBits() / 8));
    }

    public static boolean verifyBySancHsm(PublicKey publicKey, byte[] bArr, byte[] bArr2, String str) throws Exception {
        ISDSCrypto cryptConnection = GMSSLSancConnectionUtils.getCryptConnection();
        byte[] sancPreProcess = sancPreProcess(bArr, str);
        IRSArefPublicKey converRSARefPublicKey = GMSSLSancConverUtils.converRSARefPublicKey(publicKey);
        byte[] rsaPublicKeyOperation = cryptConnection.rsaPublicKeyOperation(converRSARefPublicKey, bArr2);
        byte[] decodeBlock = GMSSLPKCS1Encodeing.decodeBlock(rsaPublicKeyOperation, converRSARefPublicKey.getBits());
        if (GMSSLByteArrayUtils.isEqual(decodeBlock, sancPreProcess)) {
            return true;
        }
        GMSSLByteArrayUtils.printHexBinary(null, "operation", rsaPublicKeyOperation);
        GMSSLByteArrayUtils.printHexBinary(null, DigestAuthenticator.schemeName, sancPreProcess);
        GMSSLByteArrayUtils.printHexBinary(null, IocValue.TYPE_NORMAL, decodeBlock);
        return false;
    }

    private static byte[] sancPreProcess(byte[] bArr, String str) throws Exception {
        byte[] sha1Digest;
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName())) {
            sha1Digest = GMSSLSancDigestPreProcessUtils.sha256Digest(bArr);
        } else {
            if (!str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
                throw new Exception("can't support the signAlgorithm " + str);
            }
            sha1Digest = GMSSLSancDigestPreProcessUtils.sha1Digest(bArr);
        }
        return sha1Digest;
    }

    public static String signByBC(String str, PrivateKey privateKey, String str2) throws Exception {
        return GMSSLByteArrayUtils.base64Encode(GMSSLRSAUtils.generateSignature(str, privateKey, GMSSLByteArrayUtils.base64Decode(str2)));
    }

    public static boolean verifyByBC(String str, PublicKey publicKey, String str2, String str3) throws Exception {
        return GMSSLRSAUtils.verifySignature(str, publicKey, GMSSLByteArrayUtils.base64Decode(str2), GMSSLByteArrayUtils.base64Decode(str3));
    }

    public static byte[] signByBC(String str, PrivateKey privateKey, byte[] bArr) throws Exception {
        return GMSSLRSAUtils.generateSignature(str, privateKey, bArr);
    }

    public static boolean verifyByBC(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        return GMSSLRSAUtils.verifySignature(str, publicKey, bArr, bArr2);
    }

    public static byte[] signByYunHsm(String str, int i, String str2, byte[] bArr) throws Exception {
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? sign(new SdfPrivateKey(i), bArr, str) : signBySdf(SdfCryptoType.YUNHSM, str, i, str2, bArr);
    }

    public static String signByYunHsm(String str, int i, String str2, String str3) throws Exception {
        byte[] base64Decode = GMSSLByteArrayUtils.base64Decode(str3);
        return GMSSLByteArrayUtils.base64Encode(GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? sign(new SdfPrivateKey(i), base64Decode, str) : signBySdf(SdfCryptoType.YUNHSM, str, i, str2, base64Decode));
    }

    public static byte[] signByPcie(String str, int i, String str2, byte[] bArr) throws Exception {
        return signBySdf(SdfCryptoType.PCIE, str, i, str2, bArr);
    }

    public static String signByPcie(String str, int i, String str2, String str3) throws Exception {
        return GMSSLByteArrayUtils.base64Encode(signBySdf(SdfCryptoType.PCIE, str, i, str2, GMSSLByteArrayUtils.base64Decode(str3)));
    }

    public static boolean verifyByYunHsm(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        return verifyBySdf(SdfCryptoType.YUNHSM, str, publicKey, bArr, bArr2);
    }

    public static boolean verifyByYunHsm(String str, PublicKey publicKey, String str2, String str3) throws Exception {
        return verifyBySdf(SdfCryptoType.YUNHSM, str, publicKey, GMSSLByteArrayUtils.base64Decode(str2), GMSSLByteArrayUtils.base64Decode(str3));
    }

    public static boolean verifyByPcie(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        return verifyBySdf(SdfCryptoType.PCIE, str, publicKey, bArr, bArr2);
    }

    public static boolean verifyByPcie(String str, PublicKey publicKey, String str2, String str3) throws Exception {
        return verifyBySdf(SdfCryptoType.PCIE, str, publicKey, GMSSLByteArrayUtils.base64Decode(str2), GMSSLByteArrayUtils.base64Decode(str3));
    }

    public static byte[] signBySdf(SdfCryptoType sdfCryptoType, String str, int i, String str2, byte[] bArr) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return sign(new SdfPrivateKey(i), bArr, str);
        }
        SdfRSASigner sdfRSASigner = new SdfRSASigner(sdfCryptoType, new DefaultSignatureAlgorithmIdentifierFinder().find(str));
        sdfRSASigner.init(true, new SdfRSAKeyParameters(GMSSLSM2KeyUtils.genSdfPrivateKey(i, str2)));
        sdfRSASigner.update(bArr, 0, bArr.length);
        byte[] generateSignature = sdfRSASigner.generateSignature();
        sdfRSASigner.release();
        return generateSignature;
    }

    public static boolean verifyBySdf(SdfCryptoType sdfCryptoType, String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return verify(publicKey, bArr, bArr2, str);
        }
        SdfRSASigner sdfRSASigner = new SdfRSASigner(sdfCryptoType, new DefaultSignatureAlgorithmIdentifierFinder().find(str));
        sdfRSASigner.init(false, new SdfRSAKeyParameters((RSAPublicKey) publicKey));
        sdfRSASigner.update(bArr, 0, bArr.length);
        boolean verifySignature = sdfRSASigner.verifySignature(bArr2);
        sdfRSASigner.release();
        return verifySignature;
    }

    static {
        if (Security.getProvider(CryptoTypeStr.BC) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
