package com.xdja.pki.ca.hsm.manager;

import com.xdja.pki.ca.certmanager.service.racert.bean.PwdUsedEnum;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.common.ErrorEnum;
import com.xdja.pki.ca.core.common.Result;
import com.xdja.pki.ca.core.exception.InvokeException;
import com.xdja.pki.ca.core.exception.ServiceException;
import com.xdja.pki.ca.securitymanager.service.vo.AlgTypeEnum;
import com.xdja.pki.ca.securitymanager.service.vo.CaInfoVO;
import com.xdja.pki.ca.securitymanager.service.vo.CreateP10VO;
import com.xdja.pki.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.sdf.yunhsm.utils.GMSSLYunHsmUtils;
import com.xdja.pki.gmssl.utils.bc.X509CertUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLCertUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLP10Utils;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmExceptionEnum;
import com.xdja.pki.gmssl.x509.utils.bean.YunHsmInfoEntry;
import java.io.FileInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:WEB-INF/lib/ca-manager-hsm-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/hsm/manager/HsmManagerImpl.class */
public class HsmManagerImpl implements HsmManager {
    private Logger logger = LoggerFactory.getLogger(getClass());

    /* renamed from: com.xdja.pki.ca.hsm.manager.HsmManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/ca-manager-hsm-impl-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/hsm/manager/HsmManagerImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum = new int[YunHsmExceptionEnum.values().length];

        static {
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.TELNET_PORT_FAILURE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.SIGN_PASSWORD_IS_ERROR.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.ENC_PASSWORD_IS_ERROR.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.SIGN_CERT_VERIFY_IS_ERROR.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.ENC_CERT_VERIFY_IS_ERROR.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.OPEN_DEVICE_IS_FAILURE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[YunHsmExceptionEnum.OPEN_TRAIN_CERT_P7b_IS_ERROR.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean testHsmConnect(String str, Integer num, InputStream inputStream, String str2, InputStream inputStream2, String str3, InputStream inputStream3) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            return false;
        }
        this.logger.debug("系统采用BC作为密码设备，不需要进行连通性测试");
        return true;
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public X509Certificate genX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, CaInfoVO caInfoVO, PublicKey publicKey, List<Extension> list) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            this.logger.debug("系统采用BC作为密码设备");
            try {
                return X509CertUtils.generateCert(caInfoVO.getSubject(), str, bigInteger, date, date2, publicKey, caInfoVO.getRootPrivateKey(), list);
            } catch (Exception e) {
                throw new ServiceException("使用BC签发证书出现异常", e);
            }
        }
        try {
            this.logger.debug("系统采用HSM作为密码设备");
            return GMSSLCertUtils.generateCertByYunhsm(caInfoVO.getSubject(), str, bigInteger, date, date2, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), publicKey, list);
        } catch (Exception e2) {
            throw new ServiceException("使用HSM签发证书出现异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public X509Certificate genRootX509Certificate(String str, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, CaInfoVO caInfoVO, List<Extension> list) {
        if (Constants.CRYPT_DEVICE_TYPE.intValue() == Constants.CRYPT_DEVICE_BC.intValue()) {
            this.logger.debug("系统采用BC作为密码设备");
            try {
                return X509CertUtils.generateCert(str, str, bigInteger, date, date2, publicKey, caInfoVO.getRootPrivateKey(), list);
            } catch (Exception e) {
                throw new ServiceException("使用BC签发证书出现异常", e);
            }
        }
        try {
            this.logger.debug("系统采用HSM作为密码设备");
            return GMSSLCertUtils.generateCertByYunhsm(str, str, bigInteger, date, date2, caInfoVO.getCaPwdBean().getKeyIndex().intValue(), caInfoVO.getCaPwdBean().getPrivateKeyPin(), GMSSLSM2KeyUtils.getSignPublicKeyByYunhsm(caInfoVO.getCaPwdBean().getKeyIndex().intValue()), list);
        } catch (Exception e2) {
            throw new ServiceException("使用HSM签发证书出现异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PKCS10CertificationRequest genP10(CreateP10VO createP10VO) {
        PublicKey publicKey;
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            try {
                this.logger.debug("系统采用HSM作为密码设备");
                return GMSSLP10Utils.generateP10SignByYunhsm(createP10VO.getDn(), GMSSLSM2KeyUtils.getSignPublicKeyByYunhsm(createP10VO.getKeyIndex().intValue()), createP10VO.getKeyIndex().intValue(), createP10VO.getPrivateKeyPin());
            } catch (Exception e) {
                throw new ServiceException("使用HSM签发证书出现异常", e);
            }
        }
        this.logger.debug("系统采用BC作为密码设备");
        try {
            CaInfoVO caInfoVO = (CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(AlgTypeEnum.SM2.value));
            if (null != caInfoVO.getRootPrivateKey()) {
                publicKey = caInfoVO.getRootCert().getPublicKey();
            } else {
                KeyPair generateSM2KeyPair = X509CertUtils.generateSM2KeyPair();
                PrivateKey privateKey = generateSM2KeyPair.getPrivate();
                publicKey = generateSM2KeyPair.getPublic();
                caInfoVO.setRootPrivateKey(privateKey);
                CertUtil.writeRootPri(privateKey);
            }
            return CertUtil.createSm2P10(new X500Name(createP10VO.getDn()), publicKey, caInfoVO.getRootPrivateKey());
        } catch (Exception e2) {
            throw new ServiceException("使用BC签发证书出现异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public void recoverHsm() {
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getSignPublicKeyByCryptyDevice(Integer num, Integer num2) {
        PublicKey publicKey;
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            try {
                this.logger.debug("系统采用HSM作为密码设备");
                return GMSSLSM2KeyUtils.getSignPublicKeyByYunhsm(num.intValue());
            } catch (Exception e) {
                throw new ServiceException("使用HSM生成公私钥异常", e);
            }
        }
        this.logger.debug("系统采用BC作为密码设备");
        try {
            if (1 == num2.intValue()) {
                KeyPair generateSM2KeyPair = X509CertUtils.generateSM2KeyPair();
                PrivateKey privateKey = generateSM2KeyPair.getPrivate();
                publicKey = generateSM2KeyPair.getPublic();
                ((CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(AlgTypeEnum.SM2.value))).setRootPrivateKey(privateKey);
                CertUtil.writeRootPri(privateKey);
            } else {
                KeyPair generateSM2KeyPair2 = X509CertUtils.generateSM2KeyPair();
                PrivateKey privateKey2 = generateSM2KeyPair2.getPrivate();
                publicKey = generateSM2KeyPair2.getPublic();
                CertUtil.writeObjToFile(privateKey2, "/home/xdja/conf/ca/caServer.key");
            }
            return publicKey;
        } catch (Exception e2) {
            throw new ServiceException("使用BC生成公私钥异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public PublicKey getEncPublicKeyByCryptyDevice(Integer num, Integer num2) {
        PublicKey publicKey;
        if (Constants.CRYPT_DEVICE_TYPE.intValue() != Constants.CRYPT_DEVICE_BC.intValue()) {
            try {
                this.logger.debug("系统采用HSM作为密码设备");
                return GMSSLSM2KeyUtils.getEncryptPublicKeyByYunhsm(num.intValue());
            } catch (Exception e) {
                throw new ServiceException("使用HSM生成公私钥异常", e);
            }
        }
        this.logger.debug("系统采用BC作为密码设备");
        try {
            if (PwdUsedEnum.ROOT_CERT_TYPE.value == num2.intValue()) {
                KeyPair generateSM2KeyPair = X509CertUtils.generateSM2KeyPair();
                PrivateKey privateKey = generateSM2KeyPair.getPrivate();
                publicKey = generateSM2KeyPair.getPublic();
                ((CaInfoVO) Constants.CA_INFO.get(Integer.valueOf(AlgTypeEnum.SM2.value))).setRootPrivateKey(privateKey);
                CertUtil.writeRootPri(privateKey);
            } else {
                KeyPair generateSM2KeyPair2 = X509CertUtils.generateSM2KeyPair();
                PrivateKey privateKey2 = generateSM2KeyPair2.getPrivate();
                publicKey = generateSM2KeyPair2.getPublic();
                CertUtil.writeObjToFile(privateKey2, "/home/xdja/conf/ca/caServer.key");
            }
            return publicKey;
        } catch (Exception e2) {
            throw new ServiceException("使用BC生成公私钥异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public String generateRandom(int i) {
        try {
            return GMSSLRandomUtils.generateRandomByYunhsm(i);
        } catch (Exception e) {
            this.logger.error("调用密码机生成数据数失败", (Throwable) e);
            throw new InvokeException("调用密码机生成数据数失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public boolean verifySign(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            return GMSSLSM2SignUtils.verifyBySdf(SdfCryptoType.YUNHSM, publicKey, bArr, bArr2);
        } catch (Exception e) {
            this.logger.error("调用密码机验证签名失败", (Throwable) e);
            throw new InvokeException("调用密码机验证签名失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public byte[] digest(byte[] bArr) {
        try {
            return GMSSLSM3DigestUtils.digestByYunhsm(bArr);
        } catch (Exception e) {
            this.logger.error("调用密码机获取摘要失败", (Throwable) e);
            throw new InvokeException("调用密码机获取摘要失败", e);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public Result testAndSaveHsmConfig(String str, Integer num, MultipartFile multipartFile, String str2, MultipartFile multipartFile2, String str3, MultipartFile multipartFile3) {
        try {
            Result success = Result.success();
            FileInputStream fileInputStream = null;
            FileInputStream fileInputStream2 = null;
            FileInputStream fileInputStream3 = null;
            if (null != multipartFile) {
                try {
                    if (0 != multipartFile.getSize()) {
                        fileInputStream = (FileInputStream) multipartFile.getInputStream();
                    }
                } catch (Exception e) {
                    this.logger.debug("pfx证书文件流异常", (Throwable) e);
                    return Result.failure(ErrorEnum.ILLEGAL_REQUEST_PARAMETER);
                }
            }
            if (null != multipartFile2 && 0 != multipartFile2.getSize()) {
                fileInputStream2 = (FileInputStream) multipartFile2.getInputStream();
            }
            if (null != multipartFile3 && 0 != multipartFile3.getSize()) {
                fileInputStream3 = (FileInputStream) multipartFile3.getInputStream();
            }
            YunHsmExceptionEnum initYunHsmConfigAndTestConnect = GMSSLYunHsmUtils.initYunHsmConfigAndTestConnect(str, num.intValue(), str2, str3, fileInputStream, fileInputStream2, fileInputStream3);
            this.logger.info("测试和保存密码信息配置信息返回值为value=" + initYunHsmConfigAndTestConnect.value);
            switch (AnonymousClass1.$SwitchMap$com$xdja$pki$gmssl$x509$utils$bean$YunHsmExceptionEnum[initYunHsmConfigAndTestConnect.ordinal()]) {
                case 1:
                    success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                    break;
                case 2:
                    success.setError(ErrorEnum.SIGN_PFX_PWD_ERROR);
                    break;
                case 3:
                    success.setError(ErrorEnum.ENC_PFX_PWD_ERROR);
                    break;
                case 4:
                    success.setError(ErrorEnum.SIGN_PFX_FORMAT_ERROR);
                    break;
                case 5:
                    success.setError(ErrorEnum.ENC_PFX_FORMAT_ERROR);
                    break;
                case 6:
                    success.setError(ErrorEnum.HSM_CONNECT_FAIL);
                    break;
                case 7:
                    success.setError(ErrorEnum.HSM_CA_CHAIN_VERIFY_ERROR);
                    break;
            }
            return success;
        } catch (Exception e2) {
            throw new ServiceException("测试和保存密码机配置信息时异常", e2);
        }
    }

    @Override // com.xdja.pki.ca.hsm.manager.HsmManager
    public Result getHsmConfig() {
        try {
            return Result.success(buildHsmConfig(GMSSLYunHsmUtils.getYunHsmInfo()));
        } catch (Exception e) {
            throw new ServiceException("获取密码机配置信息时异常", e);
        }
    }

    private Map<String, Object> buildHsmConfig(YunHsmInfoEntry yunHsmInfoEntry) {
        HashMap hashMap = new HashMap();
        hashMap.put("ip", yunHsmInfoEntry.getServerIp());
        hashMap.put("port", Integer.valueOf(yunHsmInfoEntry.getServerPort()));
        hashMap.put("signCert", yunHsmInfoEntry.getSignCertName());
        hashMap.put("signCertPwd", yunHsmInfoEntry.getSignCertPassword());
        hashMap.put("encCert", yunHsmInfoEntry.getEncCertName());
        hashMap.put("encCertPwd", yunHsmInfoEntry.getEncCertPassword());
        hashMap.put("hsmCaChain", yunHsmInfoEntry.getCaCertName());
        return hashMap;
    }
}
