package com.icbc.hsm.software.cert;

import com.alibaba.excel.constant.ExcelXmlConstants;
import com.baomidou.mybatisplus.core.toolkit.StringPool;
import com.icbc.api.request.InvestmentFundoutsourceIncomestatementqueryRequestV1;
import com.icbc.bcpkix.org.bouncycastle.cert.CertException;
import com.icbc.bcpkix.org.bouncycastle.cert.X509CRLHolder;
import com.icbc.bcpkix.org.bouncycastle.cert.X509CertificateHolder;
import com.icbc.bcpkix.org.bouncycastle.cert.jcajce.JcaCRLStore;
import com.icbc.bcpkix.org.bouncycastle.cert.jcajce.JcaCertStore;
import com.icbc.bcpkix.org.bouncycastle.cert.path.CertPathValidationException;
import com.icbc.bcpkix.org.bouncycastle.cert.path.validations.CRLValidation;
import com.icbc.bcpkix.org.bouncycastle.cms.CMSException;
import com.icbc.bcpkix.org.bouncycastle.cms.CMSProcessableByteArray;
import com.icbc.bcpkix.org.bouncycastle.cms.CMSSignedData;
import com.icbc.bcpkix.org.bouncycastle.cms.CMSSignedDataGenerator;
import com.icbc.bcpkix.org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import com.icbc.bcpkix.org.bouncycastle.cms.SignerId;
import com.icbc.bcpkix.org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import com.icbc.bcpkix.org.bouncycastle.cms.SignerInformationVerifier;
import com.icbc.bcpkix.org.bouncycastle.cms.SignerInformationVerifierProvider;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.OperatorCreationException;
import com.icbc.bcpkix.org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import com.icbc.bcprov.org.bouncycastle.asn1.gm.GMNamedCurves;
import com.icbc.bcprov.org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import com.icbc.bcprov.org.bouncycastle.asn1.x500.X500Name;
import com.icbc.bcprov.org.bouncycastle.asn1.x500.X500NameBuilder;
import com.icbc.bcprov.org.bouncycastle.asn1.x500.style.RFC4519Style;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.icbc.bcprov.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import com.icbc.bcprov.org.bouncycastle.asn1.x9.X9ECParameters;
import com.icbc.bcprov.org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECDomainParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import com.icbc.bcprov.org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.encoders.Base64;
import com.icbc.hsm.utils.encoders.GF;
import com.icbc.hsm.utils.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;
import java.util.Date;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/cert/CertHelper.class */
public class CertHelper {
    private static final X9ECParameters x9 = GMNamedCurves.getByOID(GMObjectIdentifiers.sm2p256v1);
    private static final ECDomainParameters dp = new ECDomainParameters(x9.getCurve(), x9.getG(), x9.getN());

    public static String generateP10Sm2(String str, String str2, String str3) throws OperatorCreationException, IOException {
        return Base64.toBase64String(new PKCS10CertificationRequestBuilder(parseSubject(str3), new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, GMObjectIdentifiers.sm2p256v1), Hex.decode(str2))).build(new IcbcContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(AlgorithmConstants.SM3withSM2), new DefaultDigestAlgorithmIdentifierFinder().find("SM3")).build(new ECPrivateKeyParameters(new BigInteger(str, 16), dp))).getEncoded());
    }

    public static String pkcs7Sign(String str, byte[] bArr, byte[] bArr2) throws CMSException, IOException, CertificateEncodingException, OperatorCreationException {
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr2);
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(bArr);
        JcaCertStore jcaCertStore = new JcaCertStore(Collections.singletonList(x509CertificateHolder));
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new GmDigestCalculatorProvider()).build(new IcbcContentSignerBuilder(x509CertificateHolder.getSignatureAlgorithm(), new AlgorithmIdentifier(GMObjectIdentifiers.sm3)).build(new ECPrivateKeyParameters(new BigInteger(str, 16), dp)), x509CertificateHolder));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return Base64.toBase64String(cMSSignedDataGenerator.generate(cMSProcessableByteArray, false).getEncoded());
    }

    public static boolean pkcs7Verify(byte[] bArr, byte[] bArr2) {
        try {
            final CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr2), bArr);
            return cMSSignedData.verifySignatures(new SignerInformationVerifierProvider() { // from class: com.icbc.hsm.software.cert.CertHelper.1
                @Override // com.icbc.bcpkix.org.bouncycastle.cms.SignerInformationVerifierProvider
                public SignerInformationVerifier get(SignerId signerId) throws OperatorCreationException {
                    return new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new GmContentVerifierProviderBuilder().build(CMSSignedData.this.getCertificates().getMatches(signerId).iterator().next()), new GmDigestCalculatorProvider());
                }
            });
        } catch (CMSException e) {
            e.printStackTrace();
            return false;
        }
    }

    private static X500Name parseSubject(String str) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE);
        for (String str2 : str.split(",")) {
            String[] split = str2.split(StringPool.EQUALS);
            if (split[0].trim().equalsIgnoreCase("cn")) {
                x500NameBuilder.addRDN(RFC4519Style.f173cn, split[1]);
            } else if (split[0].trim().equalsIgnoreCase("ou")) {
                x500NameBuilder.addRDN(RFC4519Style.ou, split[1]);
            } else if (split[0].trim().equalsIgnoreCase("o")) {
                x500NameBuilder.addRDN(RFC4519Style.o, split[1]);
            } else if (split[0].trim().equalsIgnoreCase(ExcelXmlConstants.CELL_TAG)) {
                x500NameBuilder.addRDN(RFC4519Style.c, split[1]);
            }
        }
        return x500NameBuilder.build();
    }

    public static ECPublicKeyParameters parsePublicSm2(String str) {
        String str2;
        if (!GF.verifyHex(str)) {
            throw new RuntimeException("SM2 public key format error.");
        }
        if (str.length() == 130 && str.startsWith(InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind)) {
            str2 = str.substring(2, 130);
        } else {
            if (str.length() != 128) {
                throw new RuntimeException("SM2 public key format error.");
            }
            str2 = str;
        }
        return new ECPublicKeyParameters(x9.getCurve().createPoint(new BigInteger(str2.substring(0, 64), 16), new BigInteger(str2.substring(64, 128), 16)), dp);
    }

    public static ECPrivateKeyParameters parsePrivateSm2(String str) {
        if (GF.verifyHex(str)) {
            return new ECPrivateKeyParameters(new BigInteger(str, 16), dp);
        }
        throw new RuntimeException("SM2 private key error.");
    }

    public static boolean certDateValidate(byte[] bArr, Date date) throws IOException {
        return new X509CertificateHolder(bArr).isValidOn(date);
    }

    public static boolean certSignatureValidate(byte[] bArr, byte[] bArr2) throws IOException, CertException, OperatorCreationException {
        return new X509CertificateHolder(bArr).isSignatureValid(new GmContentVerifierProviderBuilder().build(new X509CertificateHolder(bArr2)));
    }

    public static boolean verifyCRL(byte[] bArr, byte[] bArr2) throws IOException, CRLException {
        X509CRLHolder x509CRLHolder = new X509CRLHolder(bArr);
        try {
            new CRLValidation(x509CRLHolder.getIssuer(), new JcaCRLStore(Collections.singletonList(x509CRLHolder))).validate(null, new X509CertificateHolder(bArr2));
            return true;
        } catch (CertPathValidationException e) {
            return false;
        }
    }

    public static String parseSM2PublicKeyFromX509Cert(byte[] bArr) throws IOException {
        return Hex.toHexString(new X509CertificateHolder(bArr).getSubjectPublicKeyInfo().getPublicKeyData().getOctets());
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
