package com.xdja.ca.utils;

import com.xdja.ca.asn1.NISTObjectIdentifiers;
import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.ca.asn1.SM2ObjectIdentifiers;
import com.xdja.ca.constant.SdkConstants;
import com.xdja.pki.gmssl.core.utils.GMSSLBCSignUtils;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECSignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.x509.utils.GMSSLCertUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.MessageFormat;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.rsa.RSAPrivateKeyImpl;
import sun.security.util.DerValue;

/* loaded from: input_file:com/xdja/ca/utils/SdkHsmUtils.class */
public class SdkHsmUtils {
    protected static final transient Logger logger = LoggerFactory.getLogger(SdkHsmUtils.class.getClass());

    public static String signByYunHsm(String str, int i, String str2, String str3) throws Exception {
        String signByYunHsm;
        SdfPrivateKey sdfPrivateKey = new SdfPrivateKey(i, str2);
        if (SdkConstants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(str)) {
            signByYunHsm = GMSSLSM2SignUtils.signByYunhsm(i, str2, str3);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA1_WHIT_RSA.equalsIgnoreCase(str) || SdkConstants.SIGN_ALG_NAME_SHA1_WHIT_RSA_2.equalsIgnoreCase(str)) {
            signByYunHsm = GMSSLRSASignUtils.signByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), i, str2, str3);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equalsIgnoreCase(str)) {
            signByYunHsm = GMSSLRSASignUtils.signByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), i, str2, str3);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA512_WHIT_RSA.equalsIgnoreCase(str)) {
            signByYunHsm = GMSSLRSASignUtils.signByYunHsm(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), i, str2, str3);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(str)) {
            signByYunHsm = Base64.toBase64String(GMSSLECSignUtils.signByYunHsm(i, str2, Base64.decode(str3), GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName()));
        } else if (SdkConstants.SIGN_ALG_NAME_SHA384_WHIT_ECDSA.equalsIgnoreCase(str)) {
            signByYunHsm = Base64.toBase64String(GMSSLECSignUtils.sign(sdfPrivateKey, Base64.decode(str3), (byte[]) null, GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_384));
        } else {
            if (!SdkConstants.SIGN_ALG_NAME_SHA512_WHIT_ECDSA.equalsIgnoreCase(str)) {
                logger.error("{} 算法不支持", str);
                throw new Exception(MessageFormat.format("不支持的签名算法 {0}", str));
            }
            signByYunHsm = Base64.toBase64String(GMSSLECSignUtils.sign(sdfPrivateKey, Base64.decode(str3), (byte[]) null, GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_521));
        }
        return signByYunHsm;
    }

    public static String signByBC(String str, byte[] bArr, String str2) throws Exception {
        String signByBC;
        logger.info("========= SDK中使用BC进行软签名 ============");
        if (SdkConstants.SIGN_ALG_NAME_SM3_WHIT_SM2.equalsIgnoreCase(str)) {
            PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(bArr);
            signByBC = GMSSLSM2SignUtils.signByBC(KeyFactory.getInstance(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded())), str2);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA1_WHIT_RSA.equalsIgnoreCase(str) || SdkConstants.SIGN_ALG_NAME_SHA1_WHIT_RSA_2.equalsIgnoreCase(str)) {
            signByBC = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), RSAPrivateKeyImpl.parseKey(new DerValue(bArr)), str2);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_RSA.equalsIgnoreCase(str)) {
            signByBC = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), RSAPrivateKeyImpl.parseKey(new DerValue(bArr)), str2);
        } else if (SdkConstants.SIGN_ALG_NAME_SHA512_WHIT_RSA.equalsIgnoreCase(str)) {
            signByBC = GMSSLRSASignUtils.signByBC(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), RSAPrivateKeyImpl.parseKey(new DerValue(bArr)), str2);
        } else {
            PrivateKeyInfo privateKeyInfo2 = PrivateKeyInfo.getInstance(bArr);
            PrivateKey generatePrivate = KeyFactory.getInstance(privateKeyInfo2.getPrivateKeyAlgorithm().getAlgorithm().getId(), (Provider) new BouncyCastleProvider()).generatePrivate(new PKCS8EncodedKeySpec(privateKeyInfo2.getEncoded()));
            if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(str)) {
                signByBC = Base64.toBase64String(GMSSLBCSignUtils.generateSignature(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName(), generatePrivate, Base64.decode(str2)));
            } else if (SdkConstants.SIGN_ALG_NAME_SHA384_WHIT_ECDSA.equalsIgnoreCase(str)) {
                signByBC = Base64.toBase64String(GMSSLBCSignUtils.generateSignature(GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), generatePrivate, Base64.decode(str2)));
            } else {
                if (!SdkConstants.SIGN_ALG_NAME_SHA512_WHIT_ECDSA.equalsIgnoreCase(str)) {
                    logger.error("{} 算法不支持", str);
                    throw new Exception(MessageFormat.format("不支持的签名算法 {0}", str));
                }
                signByBC = Base64.toBase64String(GMSSLBCSignUtils.generateSignature(GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), generatePrivate, Base64.decode(str2)));
            }
        }
        return signByBC;
    }

    public static boolean verifyCertByYunHsm(X509Certificate x509Certificate, PublicKey publicKey) throws Exception {
        boolean verify;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLCertUtils.verifyCert(publicKey, x509Certificate);
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (RsaObjectIdentifiers.sha512WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (NISTObjectIdentifiers.sha256WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLECSignUtils.verifyByYunHsm(publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature(), GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName());
        } else if (NISTObjectIdentifiers.sha384WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verify = GMSSLECSignUtils.verify(publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature(), (byte[]) null, GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_384);
        } else {
            if (!NISTObjectIdentifiers.sha512WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
                logger.error("{} 算法OID不支持", sigAlgOID);
                throw new Exception(MessageFormat.format("不支持的OID算法 {0}", sigAlgOID));
            }
            verify = GMSSLECSignUtils.verify(publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature(), (byte[]) null, GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_521);
        }
        return verify;
    }

    public static boolean verifyCertByBC(X509Certificate x509Certificate, PublicKey publicKey) throws Exception {
        boolean verifySignature;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLSM2SignUtils.verifyByBC(publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (RsaObjectIdentifiers.sha512WithRSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (NISTObjectIdentifiers.sha256WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (NISTObjectIdentifiers.sha384WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else {
            if (!NISTObjectIdentifiers.sha512WithECDSA.getId().equalsIgnoreCase(sigAlgOID)) {
                logger.error("{} 算法OID不支持", sigAlgOID);
                throw new Exception(MessageFormat.format("不支持的OID算法 {0}", sigAlgOID));
            }
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), publicKey, x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        }
        return verifySignature;
    }

    public static boolean verifyCertByBC(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        boolean verifySignature;
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLSM2SignUtils.verifyByBC(publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha512WithRSA.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLRSASignUtils.verifyByBC(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (NISTObjectIdentifiers.sha256WithECDSA.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (NISTObjectIdentifiers.sha384WithECDSA.getId().equalsIgnoreCase(str)) {
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else {
            if (!NISTObjectIdentifiers.sha512WithECDSA.getId().equalsIgnoreCase(str)) {
                logger.error("{} 算法OID不支持", str);
                throw new Exception(MessageFormat.format("不支持的OID算法 {0}", str));
            }
            verifySignature = GMSSLBCSignUtils.verifySignature(GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), publicKey, bArr, bArr2);
        }
        return verifySignature;
    }

    public static boolean verifyCertByYunHsm(String str, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        boolean z = false;
        if ("SM3withSm2".equalsIgnoreCase(str)) {
            z = GMSSLCertUtils.verifyCert(x509Certificate2.getPublicKey(), x509Certificate);
        } else if ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if ("SHA256WithRSA".equalsIgnoreCase(str)) {
            z = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), x509Certificate2.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getSignature());
        } else if (SdkConstants.SIGN_ALG_NAME_SHA256_WHIT_ECDSA.equalsIgnoreCase(str)) {
            z = GMSSLECSignUtils.verifyByYunHsm(x509Certificate2.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getTBSCertificate(), GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName());
        }
        return z;
    }

    public static boolean verifyCertByYunHsm(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws Exception {
        boolean verify;
        if (SM2ObjectIdentifiers.sm2SignWithSm3.getId().equalsIgnoreCase(str)) {
            verify = GMSSLSM2SignUtils.verifyBySdf(SdfCryptoType.YUNHSM, publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha1WithRSA.getId().equalsIgnoreCase(str)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha256WithRSA.getId().equalsIgnoreCase(str)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (RsaObjectIdentifiers.sha512WithRSA.getId().equalsIgnoreCase(str)) {
            verify = GMSSLRSASignUtils.verifyByYunHsm(GMSSLSignatureAlgorithm.SHA512_WITH_RSA.getSigAlgName(), publicKey, bArr, bArr2);
        } else if (NISTObjectIdentifiers.sha256WithECDSA.getId().equalsIgnoreCase(str)) {
            verify = GMSSLECSignUtils.verifyByYunHsm(publicKey, bArr, bArr2, GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName());
        } else if (NISTObjectIdentifiers.sha384WithECDSA.getId().equalsIgnoreCase(str)) {
            verify = GMSSLECSignUtils.verify(publicKey, bArr, bArr2, (byte[]) null, GMSSLSignatureAlgorithm.SHA384_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_384);
        } else {
            if (!NISTObjectIdentifiers.sha512WithECDSA.getId().equalsIgnoreCase(str)) {
                logger.error("{} 算法OID不支持", str);
                throw new Exception(MessageFormat.format("不支持的OID算法 {0}", str));
            }
            verify = GMSSLECSignUtils.verify(publicKey, bArr, bArr2, (byte[]) null, GMSSLSignatureAlgorithm.SHA512_WITH_ECDSA.getSigAlgName(), SdkConstants.NIST_521);
        }
        return verify;
    }
}
