package com.xdja.pki.gmssl.x509.utils;

import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.sdf.SdfContentVerifierProvider;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.operator.utils.GMSSLSdfContentSignatureAlgorithm;
import com.xdja.pki.gmssl.operator.utils.GMSSLSdfContentSignerUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-0.1-beta.jar:com/xdja/pki/gmssl/x509/utils/GMSSLCertUtils.class */
public class GMSSLCertUtils {
    public static X509Certificate generateCertByBC(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCertByBC(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, privateKey, publicKey, list);
    }

    public static X509Certificate generateCertByBC(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(x500Name, x500Name2, bigInteger, date, date2, publicKey, GMSSLSdfContentSignerUtils.generateContentSignerByBC(GMSSLSdfContentSignatureAlgorithm.SM3_WITH_SM2, privateKey), list);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCertByYunhsm(str, str2, bigInteger, date, date2, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str3), publicKey, list);
    }

    public static X509Certificate generateCertByYunhsm(String str, String str2, BigInteger bigInteger, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, GMSSLSdfContentSignerUtils.generateContentSignerByYunhsm(privateKey), list);
    }

    public static X509Certificate generateCertByPcie(String str, String str2, BigInteger bigInteger, Date date, Date date2, int i, String str3, PublicKey publicKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, GMSSLSdfContentSignerUtils.generateContentSignerByPcie(GMSSLSM2KeyUtils.genSdfPrivateKey(i, str3)), list);
    }

    public static X509Certificate generateCert(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, ContentSigner contentSigner, List<Extension> list) throws CertIOException, CertificateException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, GMSSLX509Utils.convertSubjectPublicKeyInfo(publicKey));
        if (list != null) {
            Iterator<Extension> it = list.iterator();
            while (it.hasNext()) {
                x509v3CertificateBuilder.addExtension(it.next());
            }
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(contentSigner));
    }

    public static X509Certificate decodeCertByBC(PublicKey publicKey, byte[] bArr) throws OperatorCreationException, CertificateException, IOException, CertException {
        return decodeCert(new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(publicKey), bArr);
    }

    public static X509Certificate decodeCertByYunhsm(PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCert(new SdfContentVerifierProvider(SdfCryptoType.YUNHSM, publicKey), bArr);
    }

    public static X509Certificate decodeCertByPcie(PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCert(new SdfContentVerifierProvider(SdfCryptoType.PCIE, publicKey), bArr);
    }

    public static X509Certificate decodeCertBySdf(SdfCryptoType sdfCryptoType, PublicKey publicKey, byte[] bArr) throws CertificateException, IOException, CertException {
        return decodeCert(new SdfContentVerifierProvider(sdfCryptoType, publicKey), bArr);
    }

    public static X509Certificate decodeCert(ContentVerifierProvider contentVerifierProvider, byte[] bArr) throws IOException, CertException, CertificateException {
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(bArr);
        x509CertificateHolder.isSignatureValid(contentVerifierProvider);
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509CertificateHolder);
    }

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
