package com.xdja.pki.gmssl.crypto.utils;

import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfECBaseSigner;
import com.xdja.pki.gmssl.crypto.sdf.SdfECKeyParameters;
import com.xdja.pki.gmssl.crypto.sdf.SdfECSigner;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.sdf.SdfSM2SignerSM3;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentVerifierProviderUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLSdfSM2SignerUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLCertUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import com.xdja.pki.ldap.CryptoTypeStr;
import java.io.IOException;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentVerifier;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.6-20200917.065347-4.jar:com/xdja/pki/gmssl/crypto/utils/GMSSLSM2SignUtils.class */
public class GMSSLSM2SignUtils {
    public static String signByBC(PrivateKey privateKey, String str) throws CryptoException, IOException {
        return GMSSLByteArrayUtils.base64Encode(signByBC(privateKey, GMSSLByteArrayUtils.base64Decode(str)));
    }

    public static byte[] signByBC(PrivateKey privateKey, byte[] bArr) throws CryptoException, IOException {
        AsymmetricKeyParameter convertECPrivateKeyKeyParameters = GMSSLX509Utils.convertECPrivateKeyKeyParameters(privateKey);
        SM2Signer sM2Signer = new SM2Signer();
        sM2Signer.init(true, new ParametersWithRandom(convertECPrivateKeyKeyParameters, new SecureRandom()));
        sM2Signer.update(bArr, 0, bArr.length);
        return sM2Signer.generateSignature();
    }

    public static String signByYunhsm(int i, String str, String str2) throws CryptoException, Exception {
        return signBySdf(SdfCryptoType.YUNHSM, i, str, str2);
    }

    public static String signByPcie(int i, String str, String str2) throws CryptoException, Exception {
        return signBySdf(SdfCryptoType.PCIE, i, str, str2);
    }

    public static String signBySdf(SdfCryptoType sdfCryptoType, int i, String str, String str2) throws CryptoException, Exception {
        return GMSSLByteArrayUtils.base64Encode(signBySdf(sdfCryptoType, i, str, GMSSLByteArrayUtils.base64Decode(str2)));
    }

    public static byte[] signBySdf(SdfCryptoType sdfCryptoType, int i, String str, byte[] bArr) throws CryptoException, Exception {
        return signBySdf(sdfCryptoType, (byte[]) null, i, str, bArr);
    }

    public static byte[] signBySdfWithUserId(SdfCryptoType sdfCryptoType, int i, String str, byte[] bArr, byte[] bArr2) throws CryptoException, Exception {
        return signBySdf(sdfCryptoType, bArr, i, str, bArr2);
    }

    public static boolean verifyByBC(PublicKey publicKey, String str, String str2) throws IOException {
        return verifyByBC(publicKey, GMSSLByteArrayUtils.base64Decode(str), GMSSLByteArrayUtils.base64Decode(str2));
    }

    public static boolean verifyByBC(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws IOException {
        AsymmetricKeyParameter convertECPublicKeyParameters = GMSSLX509Utils.convertECPublicKeyParameters(publicKey);
        SM2Signer sM2Signer = new SM2Signer();
        sM2Signer.init(false, convertECPublicKeyParameters);
        sM2Signer.update(bArr, 0, bArr.length);
        return sM2Signer.verifySignature(bArr2);
    }

    public static boolean verifyByYunhsm(PublicKey publicKey, String str, String str2) throws Exception {
        return verifyBySdf(SdfCryptoType.YUNHSM, publicKey, str, str2);
    }

    public static boolean verifyByPcie(PublicKey publicKey, String str, String str2) throws Exception {
        return verifyBySdf(SdfCryptoType.PCIE, publicKey, str, str2);
    }

    public static boolean verifyBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, String str, String str2) throws Exception {
        return verifyBySdf(sdfCryptoType, publicKey, GMSSLByteArrayUtils.base64Decode(str), GMSSLByteArrayUtils.base64Decode(str2));
    }

    public static boolean verifyBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        return verifyBySdf(sdfCryptoType, (byte[]) null, publicKey, bArr, bArr2);
    }

    public static boolean verifyBySdfWithUserId(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        return verifyBySdf(sdfCryptoType, bArr, publicKey, bArr2, bArr3);
    }

    public static boolean verifyCertByYunHsm(X509Certificate x509Certificate, PublicKey publicKey) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return GMSSLCertUtils.verifyCert(publicKey, x509Certificate);
        }
        try {
            Certificate convertCertificate = GMSSLX509Utils.convertCertificate(x509Certificate);
            return verify(convertCertificate.getSignatureAlgorithm(), publicKey, convertCertificate.getTBSCertificate().getEncoded(), convertCertificate.getSignature().getOctets());
        } catch (Exception e) {
            throw new Exception("exception processing signature: " + e, e);
        }
    }

    public static boolean verify(AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        ContentVerifier contentVerifier = GMSSLContentVerifierProviderUtils.generateContentVerifierBySdf(SdfCryptoType.YUNHSM, publicKey).get(algorithmIdentifier);
        OutputStream outputStream = contentVerifier.getOutputStream();
        outputStream.write(bArr);
        outputStream.close();
        return contentVerifier.verify(bArr2);
    }

    public static byte[] signBySdf(SdfCryptoType sdfCryptoType, byte[] bArr, int i, String str, byte[] bArr2) throws CryptoException, Exception {
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? GMSSLECSignUtils.sign(new SdfPrivateKey(i), bArr2, bArr, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName()) : signBySdf(GMSSLSdfSM2SignerUtils.generateSM2Signer(sdfCryptoType), bArr, i, str, bArr2);
    }

    public static byte[] signBySdfHSM(SdfCryptoType sdfCryptoType, byte[] bArr, int i, String str, byte[] bArr2) throws CryptoException, Exception {
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? GMSSLECSignUtils.sign(new SdfPrivateKey(i), bArr2, bArr, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName()) : signBySdf(new SdfECSigner(sdfCryptoType), bArr, i, str, bArr2);
    }

    public static byte[] signBySdf(SdfECBaseSigner sdfECBaseSigner, byte[] bArr, int i, String str, byte[] bArr2) throws CryptoException, Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return GMSSLECSignUtils.sign(new SdfPrivateKey(i), bArr2, bArr, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName());
        }
        ParametersWithID sdfECKeyParameters = new SdfECKeyParameters(GMSSLSM2KeyUtils.genSdfPrivateKey(i, str));
        sdfECBaseSigner.init(true, bArr != null ? new ParametersWithID(sdfECKeyParameters, bArr) : sdfECKeyParameters);
        sdfECBaseSigner.update(bArr2, 0, bArr2.length);
        byte[] generateSignature = sdfECBaseSigner.generateSignature();
        sdfECBaseSigner.release();
        return generateSignature;
    }

    public static boolean verifyBySdf(SdfCryptoType sdfCryptoType, byte[] bArr, PublicKey publicKey, byte[] bArr2, byte[] bArr3) throws Exception {
        return GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM ? GMSSLECSignUtils.verify(publicKey, bArr2, bArr3, bArr, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName()) : verifyBySdf(new SdfSM2SignerSM3(sdfCryptoType), bArr, publicKey, bArr2, bArr3);
    }

    public static boolean verifyByHSM(SdfCryptoType sdfCryptoType, byte[] bArr, PublicKey publicKey, byte[] bArr2, byte[] bArr3) throws Exception {
        return verifyBySdf(new SdfECSigner(sdfCryptoType), bArr, publicKey, bArr2, bArr3);
    }

    public static boolean verifyBySdf(SdfECBaseSigner sdfECBaseSigner, byte[] bArr, PublicKey publicKey, byte[] bArr2, byte[] bArr3) throws Exception {
        if (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM) {
            return GMSSLECSignUtils.verify(publicKey, bArr2, bArr3, bArr, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName());
        }
        ParametersWithID sdfECKeyParameters = new SdfECKeyParameters((ECPublicKey) publicKey);
        sdfECBaseSigner.init(false, bArr != null ? new ParametersWithID(sdfECKeyParameters, bArr) : sdfECKeyParameters);
        sdfECBaseSigner.update(bArr2, 0, bArr2.length);
        boolean verifySignature = sdfECBaseSigner.verifySignature(bArr3);
        sdfECBaseSigner.release();
        return verifySignature;
    }

    static {
        if (Security.getProvider(CryptoTypeStr.BC) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
