package com.xdja.pki.gmssl.x509.utils;

import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentSigner;
import com.xdja.pki.gmssl.crypto.utils.sanc.GMSSLSancContentVerifierProvider;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentSignerUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLContentVerifierProviderUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentSigner;
import com.xdja.pki.gmssl.operator.utils.GMSSLXkfContentVerifierProvider;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLCryptoType;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:com/xdja/pki/gmssl/x509/utils/GMSSLCRLUtils.class */
public class GMSSLCRLUtils {
    public static X509CRL generateCRL(X509Certificate x509Certificate, PrivateKey privateKey, String str, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, privateKey, str, null, date, date2, list, list2, z);
    }

    public static X509CRL generateCRL(X509Certificate x509Certificate, PrivateKey privateKey, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                SdfPrivateKey sdfPrivateKey = (SdfPrivateKey) privateKey;
                return generateCRLByPCIE(x509Certificate, sdfPrivateKey.getIndex(), sdfPrivateKey.getStringPassword(), str, bigInteger, date, date, list, list2, z);
            case XDJA_HSM:
                SdfPrivateKey sdfPrivateKey2 = (SdfPrivateKey) privateKey;
                return generateCRLByYunhsm(x509Certificate, sdfPrivateKey2.getIndex(), sdfPrivateKey2.getStringPassword(), str, bigInteger, date, date, list, list2, z);
            case DONGJIN_HSM:
                SdfPrivateKey sdfPrivateKey3 = (SdfPrivateKey) privateKey;
                return generateCRLByDongJin(x509Certificate, sdfPrivateKey3.getIndex(), sdfPrivateKey3.getStringPassword(), str, bigInteger, date, date, list, list2, z);
            case MINI_PCI_E:
                return generateCRLByMiniPcie(x509Certificate, privateKey, str, bigInteger, date, date2, list, list2, z);
            case SANC_HSM:
                return generateCRLBySanc(x509Certificate, privateKey, str, bigInteger, date, date2, list, list2, z);
            case BC:
            default:
                return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey), bigInteger, date, date2, list, list2);
        }
    }

    public static boolean verifyCRL(PublicKey publicKey, X509CRL x509crl) throws IOException, CRLException, CertException, OperatorCreationException {
        switch (GMSSLPkiCryptoInit.getCryptoType()) {
            case PCI_E:
                return verifyCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierByPcie(publicKey), x509crl.getEncoded());
            case XDJA_HSM:
                return verifyCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierByYunHsm(publicKey), x509crl.getEncoded());
            case DONGJIN_HSM:
                return verifyCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierBySdf(SdfCryptoType.DONGJIN, publicKey), x509crl.getEncoded());
            case MINI_PCI_E:
                return verifyCRLByMiniPcie(publicKey, x509crl);
            case SANC_HSM:
                return verifyCRLBySanc(publicKey, x509crl);
            case BC:
            default:
                return verifyCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierByBC(publicKey), x509crl.getEncoded());
        }
    }

    public static X509CRL generateCRLBySanc(X509Certificate x509Certificate, PrivateKey privateKey, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, CRLException {
        return generateCRL(x509Certificate, new GMSSLSancContentSigner(str, privateKey, z), bigInteger, date, date2, list, list2);
    }

    public static boolean verifyCRLBySanc(PublicKey publicKey, X509CRL x509crl) throws IOException, CRLException, CertException {
        return verifyCRL(new GMSSLSancContentVerifierProvider(publicKey), x509crl.getEncoded());
    }

    public static X509CRL generateCRLByMiniPcie(X509Certificate x509Certificate, PrivateKey privateKey, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, CRLException {
        return generateCRL(x509Certificate, new GMSSLXkfContentSigner(str, privateKey, z), bigInteger, date, date2, list, list2);
    }

    public static boolean verifyCRLByMiniPcie(PublicKey publicKey, X509CRL x509crl) throws IOException, CRLException, CertException {
        return verifyCRL(new GMSSLXkfContentVerifierProvider(publicKey), x509crl.getEncoded());
    }

    public static X509CRL generateCRLByBC(X509Certificate x509Certificate, PrivateKey privateKey, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByBC(X509Certificate x509Certificate, PrivateKey privateKey, String str, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByBC(str, privateKey, z), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByYunhsm(X509Certificate x509Certificate, int i, String str, String str2, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        SdfPrivateKey genSdfPrivateKey = GMSSLSM2KeyUtils.genSdfPrivateKey(i, str);
        return (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM || GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.DONGJIN_HSM) ? generateCRL(x509Certificate, genSdfPrivateKey, str2, bigInteger, date, date2, list, list2, false) : generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str2, genSdfPrivateKey), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByDongJin(X509Certificate x509Certificate, int i, String str, String str2, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerBySDF(SdfCryptoType.DONGJIN, str2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str), z), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByYunhsm(X509Certificate x509Certificate, int i, String str, String str2, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        SdfPrivateKey genSdfPrivateKey = GMSSLSM2KeyUtils.genSdfPrivateKey(i, str);
        return (GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.SANC_HSM || GMSSLPkiCryptoInit.getCryptoType() == GMSSLCryptoType.DONGJIN_HSM) ? generateCRL(x509Certificate, genSdfPrivateKey, str2, bigInteger, date, date2, list, list2, z) : generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByYunhsm(str2, genSdfPrivateKey, z), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByPCIE(X509Certificate x509Certificate, int i, String str, String str2, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByPcie(str2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str)), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRLByPCIE(X509Certificate x509Certificate, int i, String str, String str2, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, boolean z) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, GMSSLContentSignerUtils.generateContentSignerByPcie(str2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str), z), bigInteger, date, date2, list, list2);
    }

    public static X509CRL generateCRL(X509Certificate x509Certificate, ContentSigner contentSigner, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, CRLException {
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X500Name(x509Certificate.getSubjectDN().getName()), date);
        if (null != bigInteger) {
            x509v2CRLBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(bigInteger));
        }
        x509v2CRLBuilder.setNextUpdate(date2);
        if (list != null) {
            Iterator<Extension> it = list.iterator();
            while (it.hasNext()) {
                x509v2CRLBuilder.addExtension(it.next());
            }
        }
        if (list2 != null) {
            for (CRLEntry cRLEntry : list2) {
                x509v2CRLBuilder.addCRLEntry(new BigInteger(cRLEntry.getUserCertificateSerial(), 16), cRLEntry.getRevocationDate(), cRLEntry.getReason());
            }
        }
        return new JcaX509CRLConverter().setProvider("BC").getCRL(x509v2CRLBuilder.build(contentSigner));
    }

    public static X509CRL decodeCRLByBC(PublicKey publicKey, byte[] bArr) throws OperatorCreationException, CRLException, IOException, CertException {
        return decodeCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierByBC(publicKey), bArr);
    }

    public static X509CRL decodeCRLByYunhsm(PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRLBySdf(SdfCryptoType.YUNHSM, publicKey, bArr);
    }

    public static X509CRL decodeCRLByPcie(PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRLBySdf(SdfCryptoType.PCIE, publicKey, bArr);
    }

    public static X509CRL decodeCRLBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr) throws CRLException, IOException, CertException {
        return decodeCRL(GMSSLContentVerifierProviderUtils.generateContentVerifierBySdf(sdfCryptoType, publicKey), bArr);
    }

    public static X509CRL decodeCRL(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws IOException, CertException, CRLException {
        X509CRLHolder x509CRLHolder = new X509CRLHolder(bArr);
        x509CRLHolder.isSignatureValid(contentVerifierProvider);
        return new JcaX509CRLConverter().setProvider("BC").getCRL(x509CRLHolder);
    }

    private static boolean verifyCRL(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws IOException, CertException {
        return new X509CRLHolder(bArr).isSignatureValid(contentVerifierProvider);
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
