package com.xdja.pki.issue;

import com.xdja.pki.asn1.issue.TBSIssue;
import com.xdja.pki.bean.CryptoTypeEnum;
import com.xdja.pki.gmssl.core.utils.GMSSLBCSignUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECSignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.List;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.Signature;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/issue/BasicPkixIssueBuilder.class */
public class BasicPkixIssueBuilder {
    protected KeyPair keyPair;
    protected List<X509Certificate> caCerts;
    protected int privateKeyIndex;
    protected String privateKeyPassword;
    protected SdfCryptoType sdfCryptoType;
    protected String sdfCryptoCode;
    private Logger logger = LoggerFactory.getLogger(BasicPkixIssue.class);
    protected boolean isSignByBC = true;

    public BasicPkixIssueBuilder(KeyPair keyPair, List<X509Certificate> list) {
        this.keyPair = keyPair;
        this.caCerts = list;
    }

    public BasicPkixIssueBuilder(int i, String str, List<X509Certificate> list, SdfCryptoType sdfCryptoType) {
        this.privateKeyIndex = i;
        this.privateKeyPassword = str;
        this.caCerts = list;
        this.sdfCryptoType = sdfCryptoType;
    }

    public BasicPkixIssueBuilder(int i, List<X509Certificate> list, String str) {
        this.privateKeyIndex = i;
        this.caCerts = list;
        this.sdfCryptoCode = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Signature getSignature(TBSIssue tBSIssue, String str) throws Exception {
        return this.isSignByBC ? getSignatureByBC(tBSIssue, str) : getSignatureBySdf(tBSIssue, str);
    }

    protected Signature getSignatureByBC(TBSIssue tBSIssue, String str) throws Exception {
        this.logger.debug(" getSignatureByBC");
        AlgorithmIdentifier signatureWithString = getSignatureWithString(str);
        byte[] encoded = tBSIssue.getEncoded("DER");
        return new Signature(signatureWithString, new DERBitString(str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName()) ? GMSSLSM2SignUtils.signByBC(this.keyPair.getPrivate(), encoded) : str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName()) ? GMSSLBCSignUtils.generateSignature(str, this.keyPair.getPrivate(), encoded) : GMSSLRSASignUtils.signByBC(str, this.keyPair.getPrivate(), encoded)));
    }

    protected Signature getSignatureBySdf(TBSIssue tBSIssue, String str) throws Exception {
        byte[] signByYunHsm;
        byte[] sign;
        AlgorithmIdentifier signatureWithString = getSignatureWithString(str);
        byte[] encoded = tBSIssue.getEncoded("DER");
        if (CryptoTypeEnum.SWXAHSM.cryptoCode != this.sdfCryptoCode) {
            this.logger.debug(" getSignatureBySdf {}", this.sdfCryptoType.name());
            this.logger.info("get SignAlg is {}", str);
            if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
                this.logger.info("choice sm2");
                signByYunHsm = GMSSLSM2SignUtils.signBySdf(this.sdfCryptoType, this.privateKeyIndex, this.privateKeyPassword, encoded);
            } else if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName())) {
                this.logger.info("choice nist");
                signByYunHsm = GMSSLECSignUtils.signByYunHsm(this.privateKeyIndex, this.privateKeyPassword, encoded, str);
            } else {
                this.logger.info("choice rsa");
                signByYunHsm = GMSSLRSASignUtils.signByYunHsm(str, this.privateKeyIndex, this.privateKeyPassword, encoded);
            }
            return new Signature(signatureWithString, new DERBitString(signByYunHsm));
        }
        this.logger.debug(" getSignatureBySdf {}", this.sdfCryptoCode);
        this.logger.info("get SignAlg is {}", str);
        GMSSLPkiCryptoInit.getSancHsmInstance();
        SdfPrivateKey sdfPrivateKey = new SdfPrivateKey(this.privateKeyIndex, (byte[]) null);
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
            this.logger.info("choice sm2");
            sign = GMSSLECSignUtils.sign(sdfPrivateKey, encoded, (byte[]) null, str);
        } else {
            if (!str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName()) && !str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
                this.logger.debug("不支持的算法类型");
                throw new Exception("三未信安HSM不支持[{}]算法 " + str);
            }
            this.logger.info("choice RSA");
            sign = GMSSLRSASignUtils.sign(sdfPrivateKey, encoded, str);
        }
        return new Signature(signatureWithString, new DERBitString(sign));
    }

    private AlgorithmIdentifier getSignatureWithString(String str) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_RSA.getSigAlgName())) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption);
        } else if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA1_WITH_RSA.getSigAlgName())) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption);
        } else if (str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
            algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3);
        } else {
            if (!str.equalsIgnoreCase(GMSSLSignatureAlgorithm.SHA256_WITH_ECDSA.getSigAlgName())) {
                throw new Exception("can sign with " + str + " type");
            }
            algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256);
        }
        return algorithmIdentifier;
    }
}
