package com.xdja.pki.issue;

import com.xdja.pki.asn1.issue.PkixIssue;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/issue/BasicPkixIssue.class */
public class BasicPkixIssue {
    protected PkixIssue issue;
    private Logger logger = LoggerFactory.getLogger(BasicPkixIssue.class);

    boolean isSigned() {
        return this.issue.getSignature() != null;
    }

    public ASN1ObjectIdentifier getSignatureAlgOID() {
        if (isSigned()) {
            return this.issue.getSignature().getSignatureAlgorithm().getAlgorithm();
        }
        return null;
    }

    public PkixIssue getPkixIssue() {
        return this.issue;
    }

    public TBSIssueType getTBSIssueType() throws Exception {
        return TBSIssueType.decode(this.issue.getTBSIssue().getType());
    }

    public byte[] getSignatureValues() {
        if (isSigned()) {
            return this.issue.getSignature().getSignature().getOctets();
        }
        return null;
    }

    public boolean isSignatureValid(ContentVerifierProvider contentVerifierProvider) throws Exception {
        if (!isSigned()) {
            this.logger.error("该结构体没有被签名");
            throw new Exception("attempt to verify signature on unsigned object");
        }
        try {
            ContentVerifier contentVerifier = contentVerifierProvider.get(this.issue.getSignature().getSignatureAlgorithm());
            contentVerifier.getOutputStream().write(this.issue.getSignatureInfo());
            return contentVerifier.verify(getSignatureValues());
        } catch (Exception e) {
            this.logger.error("结构体验签失败");
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    public boolean isSignatureValid(KeyPair keyPair) throws Exception {
        return isSignatureValid(keyPair.getPublic());
    }

    public boolean isSignatureValid(PublicKey publicKey) throws Exception {
        return isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey));
    }

    public boolean verifySignatureByBC(List<X509Certificate> list, String str) throws Exception {
        for (int i = 0; i < list.size(); i++) {
            if (verifySignatureByBC(list.get(i).getPublicKey(), str)) {
                return true;
            }
        }
        return false;
    }

    public boolean verifySignatureBySdf(List<X509Certificate> list, SdfCryptoType sdfCryptoType) throws Exception {
        for (int i = 0; i < list.size(); i++) {
            if (verifySignatureBySdf(list.get(i).getPublicKey(), list.get(i).getSigAlgName(), sdfCryptoType)) {
                return true;
            }
        }
        return false;
    }

    public boolean verifySignatureBySdf(PublicKey publicKey, String str, SdfCryptoType sdfCryptoType) throws Exception {
        if (!isSigned()) {
            this.logger.error("该结构体没有被签名");
            throw new Exception("attempt to verify signature on unsigned object");
        }
        this.logger.debug("通过" + sdfCryptoType.name() + "进行验签");
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
            return GMSSLSM2SignUtils.verifyBySdf(sdfCryptoType, publicKey, this.issue.getTBSIssue().getEncoded("DER"), getSignatureValues());
        }
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName()) || str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName())) {
            return GMSSLRSASignUtils.verifyByYunHsm(str, publicKey, this.issue.getTBSIssue().getEncoded("DER"), getSignatureValues());
        }
        this.logger.error("暂未未找到" + str + "类型验签方式");
        throw new Exception("can't get verify sign with " + str + " type");
    }

    public boolean verifySignatureByBC(PublicKey publicKey, String str) throws Exception {
        if (!isSigned()) {
            this.logger.error("该结构体没有被签名");
            throw new Exception("attempt to verify signature on unsigned object");
        }
        this.logger.debug("通过BC进行验签");
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
            return GMSSLSM2SignUtils.verifyByBC(publicKey, this.issue.getTBSIssue().getEncoded("DER"), getSignatureValues());
        }
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName()) || str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName())) {
            return GMSSLRSASignUtils.verifyByBC(str, publicKey, this.issue.getTBSIssue().getEncoded("DER"), getSignatureValues());
        }
        this.logger.error("暂未未找到" + str + "类型验签方式");
        throw new Exception("can't get verify sign with " + str + " type");
    }

    public byte[] getEncoded() throws IOException {
        return this.issue.getEncoded();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.issue, ((BasicPkixIssue) obj).issue);
    }

    public int hashCode() {
        return Objects.hash(this.issue);
    }
}
