package com.xdja.ca.utils;

import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.ca.asn1.SM2ObjectIdentifiers;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.rsa.RSAPrivateKeyImpl;
import sun.security.util.DerValue;

/* loaded from: input_file:WEB-INF/lib/ca-sdk-0.0.1-SNAPSHOT.jar:com/xdja/ca/utils/SdkHsmUtils.class */
public class SdkHsmUtils {
    protected static final transient Logger logger = Logger.getLogger(SdkHsmUtils.class.getClass());

    public static String signByYunHsm(String str, int i, String str2, String str3) throws Exception {
        String str4 = null;
        if ("SM3withSM2".equalsIgnoreCase(str)) {
            str4 = GMSSLSM2SignUtils.signByYunhsm(i, str2, str3);
        } else if ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str)) {
            str4 = GMSSLRSASignUtils.signByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), i, str2, str3);
        } else if ("SHA256WithRSA".equalsIgnoreCase(str)) {
            str4 = GMSSLRSASignUtils.signByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), i, str2, str3);
        }
        return str4;
    }

    public static String signByBC(String str, byte[] bArr, String str2) throws Exception {
        String str3 = null;
        logger.info("========= SDK中使用BC进行软签名 ============");
        if ("SM3withSM2".equalsIgnoreCase(str)) {
            PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(bArr);
            str3 = GMSSLSM2SignUtils.signByBC(KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded())), str2);
        } else if ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str)) {
            str3 = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), RSAPrivateKeyImpl.parseKey(new DerValue(bArr)), str2);
        } else if ("SHA256WithRSA".equalsIgnoreCase(str)) {
            str3 = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), RSAPrivateKeyImpl.parseKey(new DerValue(bArr)), str2);
        }
        return str3;
    }

    public static boolean verifyCertByBC(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        boolean z = false;
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(str)) {
            z = GMSSLSM2SignUtils.verifyByBC(publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        }
        return z;
    }

    public static boolean verifyCertByYunHsm(String str, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        boolean z = false;
        if ("SM3withSm2".equalsIgnoreCase(str)) {
            z = GMSSLSM2SignUtils.verifyCertByYunHsm(x509Certificate, x509Certificate2.getPublicKey());
        } else if ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if ("SHA256WithRSA".equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        }
        return z;
    }

    public static boolean verifyCertByYunHsm(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        boolean z = false;
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(str)) {
            z = GMSSLSM2SignUtils.verifyBySdf(SdfCryptoType.YUNHSM, publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        }
        return z;
    }
}
