package com.xdja.pki.gmssl.x509.utils;

import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentSigner;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentVerifierProvider;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentSignerUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentVerifierProviderUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentVerifierUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentSigner;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentVerifierProvider;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.5-Alpha-20200611.080241-11.jar:com/xdja/pki/gmssl/x509/utils/GMSSLP10Utils.class */
public class GMSSLP10Utils {
    private static Logger logger = LoggerFactory.getLogger(GMSSLP10Utils.class.getName());

    public static PKCS10CertificationRequest generateP10(String str, PublicKey publicKey, PrivateKey privateKey, String str2, boolean z) throws OperatorCreationException {
        return generateP10(new X500Name(RFC4519Style.INSTANCE, str), publicKey, privateKey, str2, z);
    }

    public static PKCS10CertificationRequest generateP10(X500Name x500Name, PublicKey publicKey, PrivateKey privateKey, String str, boolean z) throws OperatorCreationException {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                SdfPrivateKey sdfPrivateKey = (SdfPrivateKey) privateKey;
                return generateP10SignByPcie(x500Name, publicKey, sdfPrivateKey.getIndex(), sdfPrivateKey.getStringPassword(), str);
            case XDJA_HSM:
                SdfPrivateKey sdfPrivateKey2 = (SdfPrivateKey) privateKey;
                return generateP10SignByYunhsm(x500Name, publicKey, sdfPrivateKey2.getIndex(), sdfPrivateKey2.getStringPassword(), str);
            case MINI_PCI_E:
                return generateP10ByMiniPcie(x500Name, publicKey, privateKey, str, z);
            case SANC_HSM:
                return generateP10BySanc(x500Name, publicKey, privateKey, str, z);
            case BC:
            default:
                return generateP10SignByBC(x500Name, publicKey, privateKey, str);
        }
    }

    public static boolean verifyP10(PKCS10CertificationRequest pKCS10CertificationRequest) throws Exception {
        PublicKey convertSM2PublicKey = GMSSLX509Utils.convertSM2PublicKey(pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                return pKCS10CertificationRequest.isSignatureValid(GMSSLContentVerifierProviderUtils.generateContentVerifierByPcie(convertSM2PublicKey));
            case XDJA_HSM:
                return pKCS10CertificationRequest.isSignatureValid(GMSSLContentVerifierProviderUtils.generateContentVerifierByYunHsm(convertSM2PublicKey));
            case MINI_PCI_E:
                return verifyP10ByMiniPcie(pKCS10CertificationRequest, convertSM2PublicKey);
            case SANC_HSM:
                return verifyP10BySanc(pKCS10CertificationRequest, convertSM2PublicKey);
            case BC:
            default:
                return pKCS10CertificationRequest.isSignatureValid(GMSSLContentVerifierProviderUtils.generateContentVerifierByBC(convertSM2PublicKey));
        }
    }

    private static PKCS10CertificationRequest generateP10BySanc(String str, PublicKey publicKey, PrivateKey privateKey, String str2, boolean z) throws OperatorCreationException {
        return generateP10(str, new GMSSLSancContentSigner(str2, privateKey, z), publicKey);
    }

    private static PKCS10CertificationRequest generateP10BySanc(X500Name x500Name, PublicKey publicKey, PrivateKey privateKey, String str, boolean z) throws OperatorCreationException {
        return generateP10(x500Name, new GMSSLSancContentSigner(str, privateKey, z), publicKey);
    }

    private static boolean verifyP10BySanc(PKCS10CertificationRequest pKCS10CertificationRequest, PublicKey publicKey) throws Exception {
        return pKCS10CertificationRequest.isSignatureValid(new GMSSLSancContentVerifierProvider(publicKey));
    }

    private static PKCS10CertificationRequest generateP10ByMiniPcie(String str, PublicKey publicKey, PrivateKey privateKey, String str2, boolean z) throws OperatorCreationException {
        return generateP10(str, new GMSSLXkfContentSigner(str2, privateKey, z), publicKey);
    }

    private static PKCS10CertificationRequest generateP10ByMiniPcie(X500Name x500Name, PublicKey publicKey, PrivateKey privateKey, String str, boolean z) throws OperatorCreationException {
        return generateP10(x500Name, new GMSSLXkfContentSigner(str, privateKey, z), publicKey);
    }

    private static boolean verifyP10ByMiniPcie(PKCS10CertificationRequest pKCS10CertificationRequest, PublicKey publicKey) throws Exception {
        return pKCS10CertificationRequest.isSignatureValid(new GMSSLXkfContentVerifierProvider(publicKey));
    }

    public static PKCS10CertificationRequest generateP10SignByBC(String str, PublicKey publicKey, PrivateKey privateKey, String str2) throws OperatorCreationException {
        return generateP10(str, GMSSLContentSignerUtils.generateContentSignerByBC(str2, privateKey), publicKey);
    }

    public static PKCS10CertificationRequest generateP10SignByBC(X500Name x500Name, PublicKey publicKey, PrivateKey privateKey, String str) throws OperatorCreationException {
        return generateP10(x500Name, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey), publicKey);
    }

    public static PKCS10CertificationRequest generateP10SignByYunhsm(String str, PublicKey publicKey, int i, String str2, String str3) throws OperatorCreationException {
        SdfPrivateKey genSdfPrivateKey = GMSSLSM2KeyUtils.genSdfPrivateKey(i, str2);
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? generateP10(str, publicKey, (PrivateKey) genSdfPrivateKey, str3, false) : generateP10(str, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str3, genSdfPrivateKey), publicKey);
    }

    public static PKCS10CertificationRequest generateP10SignByYunhsm(X500Name x500Name, PublicKey publicKey, int i, String str, String str2) throws OperatorCreationException {
        SdfPrivateKey genSdfPrivateKey = GMSSLSM2KeyUtils.genSdfPrivateKey(i, str);
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? generateP10(x500Name, publicKey, (PrivateKey) genSdfPrivateKey, str2, false) : generateP10(x500Name, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str2, genSdfPrivateKey), publicKey);
    }

    public static PKCS10CertificationRequest generateP10SignByPcie(String str, PublicKey publicKey, int i, String str2, String str3) throws OperatorCreationException {
        return generateP10(str, GMSSLContentSignerUtils.generateContentSignerByPcie(str3, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str2)), publicKey);
    }

    public static PKCS10CertificationRequest generateP10SignByPcie(X500Name x500Name, PublicKey publicKey, int i, String str, String str2) throws OperatorCreationException {
        return generateP10(x500Name, GMSSLContentSignerUtils.generateContentSignerByPcie(str2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str)), publicKey);
    }

    public static PKCS10CertificationRequest generateP10(String str, ContentSigner contentSigner, PublicKey publicKey) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(new X500Name(str), publicKey).build(contentSigner);
    }

    public static PKCS10CertificationRequest generateP10(X500Name x500Name, ContentSigner contentSigner, PublicKey publicKey) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(x500Name, publicKey).build(contentSigner);
    }

    public static byte[] encodeP10(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        return pKCS10CertificationRequest.getEncoded();
    }

    public static PKCS10CertificationRequest decodeP10(String str) throws IOException {
        return new PKCS10CertificationRequest(GMSSLByteArrayUtils.base64Decode(str));
    }

    public static PKCS10CertificationRequest decodeP10(byte[] bArr) throws IOException {
        return new PKCS10CertificationRequest(bArr);
    }

    public static PKCS10CertificationRequest decodeP10VerifyByBC(String str) throws IOException {
        decodeP10VerifyByBC(decodeP10(GMSSLByteArrayUtils.base64Decode(str)));
        return new PKCS10CertificationRequest(GMSSLByteArrayUtils.base64Decode(str));
    }

    public static PKCS10CertificationRequest decodeP10VerifyByBC(byte[] bArr) throws IOException {
        decodeP10VerifyByBC(decodeP10(bArr));
        return new PKCS10CertificationRequest(bArr);
    }

    private static void decodeP10VerifyByBC(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        try {
            boolean isSignatureValid = pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(pKCS10CertificationRequest.getSubjectPublicKeyInfo()));
            if (isSignatureValid) {
                return;
            }
            logger.info("pkcs10 verify={}", Boolean.valueOf(isSignatureValid));
            throw new IOException("can not verify");
        } catch (OperatorCreationException | PKCSException e) {
            throw new IOException("verify error", e);
        }
    }

    public static PKCS10CertificationRequest decodeP10VerifyByYunhsm(String str) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        return decodeP10VerifyBySDF(SdfCryptoType.YUNHSM, GMSSLByteArrayUtils.base64Decode(str));
    }

    public static PKCS10CertificationRequest decodeP10VerifyByYunhsm(byte[] bArr) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        return decodeP10VerifyBySDF(SdfCryptoType.YUNHSM, bArr);
    }

    public static PKCS10CertificationRequest decodeP10VerifyByPCIE(String str) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        return decodeP10VerifyBySDF(SdfCryptoType.PCIE, GMSSLByteArrayUtils.base64Decode(str));
    }

    public static PKCS10CertificationRequest decodeP10VerifyByPCIE(byte[] bArr) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        return decodeP10VerifyBySDF(SdfCryptoType.PCIE, bArr);
    }

    public static PKCS10CertificationRequest decodeP10VerifyBySDF(SdfCryptoType sdfCryptoType, String str) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        decodeP10VerifyBySDF(decodeP10(str), sdfCryptoType);
        return new PKCS10CertificationRequest(GMSSLByteArrayUtils.base64Decode(str));
    }

    public static PKCS10CertificationRequest decodeP10VerifyBySDF(SdfCryptoType sdfCryptoType, byte[] bArr) throws IOException, SdfSDKException, InvalidKeySpecException, NoSuchAlgorithmException {
        decodeP10VerifyBySDF(decodeP10(bArr), sdfCryptoType);
        return new PKCS10CertificationRequest(bArr);
    }

    private static void decodeP10VerifyBySDF(PKCS10CertificationRequest pKCS10CertificationRequest, final SdfCryptoType sdfCryptoType) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, SdfSDKException {
        final PublicKey convertSM2PublicKey = GMSSLX509Utils.convertSM2PublicKey(pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        try {
            if (!pKCS10CertificationRequest.isSignatureValid(new ContentVerifierProvider() { // from class: com.xdja.pki.gmssl.x509.utils.GMSSLP10Utils.1
                @Override // org.bouncycastle.operator.ContentVerifierProvider
                public boolean hasAssociatedCertificate() {
                    return false;
                }

                @Override // org.bouncycastle.operator.ContentVerifierProvider
                public X509CertificateHolder getAssociatedCertificate() {
                    return null;
                }

                @Override // org.bouncycastle.operator.ContentVerifierProvider
                public ContentVerifier get(AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
                    return GMSSLContentVerifierUtils.generateContentVerifierBySdf(SdfCryptoType.this, algorithmIdentifier, convertSM2PublicKey);
                }
            })) {
                throw new IOException("can not verify");
            }
        } catch (PKCSException e) {
            throw new SdfSDKException("verify error", e);
        }
    }

    public static void writeP10ToFile(String str, String str2, Object obj) throws Exception {
        File file = new File(str);
        if (!file.exists()) {
            file.mkdirs();
        }
        FileWriter fileWriter = new FileWriter(str + File.separator + str2 + ".p10");
        GMSSLX509Utils.writePEM(obj, fileWriter);
        fileWriter.close();
    }

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
