package com.xdja.pki.gmssl.utils.bc;

import com.xdja.pki.gmssl.asn1.x509.SubjectInformationAccess;
import com.xdja.pki.gmssl.x509.utils.bean.CRLEntry;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.5-Alpha-20200610.013226-6.jar:com/xdja/pki/gmssl/utils/bc/X509CertUtils.class */
public class X509CertUtils {

    /* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.5-Alpha-20200610.013226-6.jar:com/xdja/pki/gmssl/utils/bc/X509CertUtils$ContentCryptoType.class */
    public enum ContentCryptoType {
        BC("bc"),
        PCIE("pcie"),
        YUNHSM("yunhsm");

        private String id;

        public String getId() {
            return this.id;
        }

        ContentCryptoType(String str) {
            this.id = str;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/gmssl-pki-utils-1.0.5-Alpha-20200610.013226-6.jar:com/xdja/pki/gmssl/utils/bc/X509CertUtils$ContentSignatureAlgorithm.class */
    public enum ContentSignatureAlgorithm {
        SM3_WITH_SM2("SM3withSM2");

        private String id;

        public String getId() {
            return this.id;
        }

        ContentSignatureAlgorithm(String str) {
            this.id = str;
        }

        ContentSignatureAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        }
    }

    public static KeyPair generateSM2KeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(new ECGenParameterSpec("sm2p256v1"), new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate generateCert(String str, String str2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey, List<Extension> list) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, privateKey, list, ContentSignatureAlgorithm.SM3_WITH_SM2, ContentCryptoType.BC);
    }

    public static X509Certificate generateCert(String str, String str2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey, List<Extension> list, ContentSignatureAlgorithm contentSignatureAlgorithm, ContentCryptoType contentCryptoType) throws CertIOException, OperatorCreationException, CertificateException {
        return generateCert(new X500Name(RFC4519Style.INSTANCE, str), new X500Name(RFC4519Style.INSTANCE, str2), bigInteger, date, date2, publicKey, privateKey, list, contentSignatureAlgorithm, contentCryptoType);
    }

    private static X509Certificate generateCert(X500Name x500Name, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey, List<Extension> list, ContentSignatureAlgorithm contentSignatureAlgorithm, ContentCryptoType contentCryptoType) throws CertIOException, OperatorCreationException, CertificateException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        Iterator<Extension> it = list.iterator();
        while (it.hasNext()) {
            x509v3CertificateBuilder.addExtension(it.next());
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(genContentSigner(contentCryptoType, contentSignatureAlgorithm, privateKey)));
    }

    public static X509CRL generateCRL(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2) throws IOException, OperatorCreationException, CRLException {
        return generateCRL(x509Certificate, privateKey, bigInteger, date, date2, list, list2, ContentCryptoType.BC, ContentSignatureAlgorithm.SM3_WITH_SM2);
    }

    public static X509CRL generateCRL(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, List<Extension> list, List<CRLEntry> list2, ContentCryptoType contentCryptoType, ContentSignatureAlgorithm contentSignatureAlgorithm) throws IOException, OperatorCreationException, CRLException {
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X500Name(x509Certificate.getSubjectDN().getName()), date);
        x509v2CRLBuilder.addExtension(Extension.cRLNumber, false, (ASN1Encodable) new CRLNumber(bigInteger));
        x509v2CRLBuilder.setNextUpdate(date2);
        Iterator<Extension> it = list.iterator();
        while (it.hasNext()) {
            x509v2CRLBuilder.addExtension(it.next());
        }
        if (list2 != null) {
            for (CRLEntry cRLEntry : list2) {
                x509v2CRLBuilder.addCRLEntry(new BigInteger(cRLEntry.getUserCertificateSerial(), 16), cRLEntry.getRevocationDate(), cRLEntry.getReason());
            }
        }
        return new JcaX509CRLConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCRL(x509v2CRLBuilder.build(genContentSigner(contentCryptoType, contentSignatureAlgorithm, privateKey)));
    }

    public static PKCS10CertificationRequest generateP10(String str, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException {
        return generateP10(str, ContentCryptoType.BC, ContentSignatureAlgorithm.SM3_WITH_SM2, publicKey, privateKey);
    }

    public static PKCS10CertificationRequest generateP10(String str, ContentCryptoType contentCryptoType, ContentSignatureAlgorithm contentSignatureAlgorithm, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(new X500Name(str), publicKey).build(genContentSigner(contentCryptoType, contentSignatureAlgorithm, privateKey));
    }

    public static byte[] encodeP10(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        return pKCS10CertificationRequest.getEncoded();
    }

    public static PKCS10CertificationRequest decodeP10(byte[] bArr) throws IOException {
        return new PKCS10CertificationRequest(bArr);
    }

    public static ContentSigner genContentSigner(ContentCryptoType contentCryptoType, ContentSignatureAlgorithm contentSignatureAlgorithm, PrivateKey privateKey) throws OperatorCreationException {
        switch (contentCryptoType) {
            case BC:
                return new JcaContentSignerBuilder(contentSignatureAlgorithm.getId()).build(privateKey);
            case PCIE:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
            case YUNHSM:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
            default:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
        }
    }

    public static ContentSignatureAlgorithm convertContentSignatureAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        if (algorithmIdentifier.getAlgorithm() == GMObjectIdentifiers.sm2sign_with_sm3) {
            return ContentSignatureAlgorithm.SM3_WITH_SM2;
        }
        return null;
    }

    public static AlgorithmIdentifier convertAlgorithmIdentifier(ContentSignatureAlgorithm contentSignatureAlgorithm) {
        return new DefaultSignatureAlgorithmIdentifierFinder().find(contentSignatureAlgorithm.getId());
    }

    public static ContentVerifier genContentVerifier(ContentCryptoType contentCryptoType, ContentSignatureAlgorithm contentSignatureAlgorithm, PublicKey publicKey) throws OperatorCreationException {
        return genContentVerifier(contentCryptoType, convertAlgorithmIdentifier(contentSignatureAlgorithm), publicKey);
    }

    public static ContentVerifier genContentVerifier(ContentCryptoType contentCryptoType, AlgorithmIdentifier algorithmIdentifier, PublicKey publicKey) throws OperatorCreationException {
        switch (contentCryptoType) {
            case BC:
                return new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(publicKey).get(algorithmIdentifier);
            case PCIE:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
            case YUNHSM:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
            default:
                throw new OperatorCreationException("un support crypto type " + contentCryptoType);
        }
    }

    public static Extension genAuthorityInfoAccessExtension(String str) throws IOException {
        return new Extension(Extension.authorityInfoAccess, true, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(6, new DEROctetString(str.getBytes())))).getEncoded());
    }

    public static Extension genSubjectInfoAccessExtension(String str) throws IOException {
        return new Extension(Extension.subjectInfoAccess, true, new SubjectInformationAccess(new AccessDescription(SubjectInformationAccess.id_ad_caRepository, new GeneralName(6, new DEROctetString(str.getBytes())))).getEncoded());
    }

    public static Extension genRootCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(6).getEncoded());
    }

    public static Extension genSignatureCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(192).getEncoded());
    }

    public static Extension genOCSPCertExtendedKeyUsageExtension() throws IOException {
        return new Extension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_OCSPSigning).getEncoded());
    }

    public static Extension genEncryptCertKeyUsageExtension() throws IOException {
        return new Extension(Extension.keyUsage, true, new KeyUsage(56).getEncoded());
    }

    public static Extension genAuthorityKeyIdentifierExtension(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, IOException {
        return new Extension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(x509Certificate).getEncoded());
    }

    public static Extension genSubjectKeyIdentifierExtension(PublicKey publicKey) throws IOException, NoSuchAlgorithmException {
        return new Extension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getEncoded());
    }

    public static Extension genBasicConstraintsExtension(int i) throws IOException {
        return new Extension(Extension.basicConstraints, true, new BasicConstraints(i).getEncoded());
    }

    public static Extension genCRLDistributionPointsExtension(String str) throws IOException {
        return new Extension(Extension.cRLDistributionPoints, true, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(genDistributionPointName(str), null, null)}).getEncoded());
    }

    public static Extension genFreshestCRL(String str) throws IOException {
        return new Extension(Extension.freshestCRL, true, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(genDistributionPointName(str), null, null)}).getEncoded());
    }

    public static Extension genARLExtension(String str) throws IOException {
        return new Extension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(genDistributionPointName(str), true, true, new ReasonFlags(32), true, true).getEncoded());
    }

    public static Extension genDRLExtension(int i) throws IOException {
        return new Extension(Extension.deltaCRLIndicator, true, new CRLNumber(BigInteger.valueOf(i)).getEncoded());
    }

    public static DistributionPointName genDistributionPointName(String str) {
        return new DistributionPointName(0, new GeneralNames(new GeneralName(6, new DEROctetString(str.getBytes()))));
    }

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
