package cmbc.cfca.util.cipher.lib;

import cmbc.cfca.internal.tool.HashEncoderUtil;
import cmbc.cfca.org.bouncycastle.asn1.cmp.PKIFailureInfo;
import cmbc.cfca.rsa.signature.RSAPackageUtil;
import cmbc.cfca.sm2rsa.common.CBCParam;
import cmbc.cfca.sm2rsa.common.GenKeyAttribute;
import cmbc.cfca.sm2rsa.common.GlobalVariable;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.sm2rsa.common.SymmetricAlgorithm;
import cmbc.cfca.system.SM2Compatible;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:cmbc/cfca/util/cipher/lib/HardLib.class */
public class HardLib implements Session {
    private static String signByHash_ALG = "SimuSM2";
    String providerName;

    public HardLib(String str) throws PKIException {
        try {
            Provider provider = (Provider) Class.forName((str == null || str.trim().equals("")) ? "com.sansec.jce.provider.SwxaProvider" : str).newInstance();
            Security.addProvider(provider);
            this.providerName = provider.getName();
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT, "初始化加密设备失败 " + this.providerName, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr, boolean z) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            Signature signature = Signature.getInstance(mechanismType, this.providerName);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] sign(Mechanism mechanism, PrivateKey privateKey, String str, boolean z) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                Signature signature = Signature.getInstance(mechanismType, this.providerName);
                signature.initSign(privateKey);
                byte[] bArr = new byte[GlobalVariable.BIG_FILE_BUFFER];
                bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
                while (true) {
                    int read = bufferedInputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    signature.update(bArr, 0, read);
                }
                byte[] sign = signature.sign();
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e) {
                        throw new PKIException(e);
                    }
                }
                return sign;
            } catch (Exception e2) {
                throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e2);
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    throw new PKIException(e3);
                }
            }
            throw th;
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public boolean verifySign(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (bArr2.length == 128) {
            throw new RuntimeException("unsupported signature length 128 bytes!");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            Signature signature = Signature.getInstance(mechanismType, this.providerName);
            if (mechanismType.equals("SM3withSM2")) {
                publicKey = getSM2HardPublicKey(publicKey);
            }
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public boolean verifySign(Mechanism mechanism, PublicKey publicKey, String str, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                if (mechanismType.equals("SM3withSM2")) {
                    publicKey = getSM2HardPublicKey(publicKey);
                }
                Signature signature = Signature.getInstance(mechanismType, this.providerName);
                signature.initVerify(publicKey);
                byte[] bArr2 = new byte[GlobalVariable.BIG_FILE_BUFFER];
                bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
                while (true) {
                    int read = bufferedInputStream.read(bArr2);
                    if (read <= 0) {
                        break;
                    }
                    signature.update(bArr2, 0, read);
                }
                boolean verify = signature.verify(bArr);
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e) {
                        throw new PKIException(e);
                    }
                }
                return verify;
            } catch (Throwable th) {
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e2) {
                        throw new PKIException(e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e3);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] encrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!SymmetricAlgorithm.isValidValue(mechanismType)) {
            throw new PKIException(PKIException.DECRYPT, "解密操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            Cipher cipher = Cipher.getInstance(mechanismType, this.providerName);
            cipher.init(1, key);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCRYPT, PKIException.ENCRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] decrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!SymmetricAlgorithm.isValidValue(mechanismType)) {
            throw new PKIException(PKIException.DECRYPT, "解密操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            Cipher cipher = Cipher.getInstance(mechanismType, this.providerName);
            cipher.init(2, key);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.DECRYPT, PKIException.DECRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public KeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.RSA) && !mechanismType.equals(Mechanism.SM2)) {
            throw new PKIException(PKIException.HARD_KEY_PAIR, "产生非对称密钥对失败 本操作不支持此种机制类型 " + mechanismType);
        }
        boolean z = true;
        int i2 = 0;
        Object param = mechanism.getParam();
        if (param != null) {
            GenKeyAttribute genKeyAttribute = (GenKeyAttribute) param;
            z = genKeyAttribute.isExport;
            if (!z) {
                i2 = genKeyAttribute.keyNum;
            }
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(mechanismType, this.providerName);
            if (z) {
                keyPairGenerator.initialize(i);
            } else {
                keyPairGenerator.initialize(i2 << 16);
            }
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new PKIException(PKIException.HARD_KEY_PAIR, "产生非对称密钥对失败", e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] signByHash(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            if (!mechanismType.equalsIgnoreCase("SM3withSM2")) {
                Cipher cipher = Cipher.getInstance(Mechanism.RSA_PKCS, this.providerName);
                cipher.init(1, privateKey);
                return cipher.doFinal(HashEncoderUtil.derEncoder(mechanismType, bArr));
            }
            Signature signature = Signature.getInstance(signByHash_ALG, this.providerName);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCRYPT, PKIException.ENCRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public boolean verifyByHash(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("MD5withRSAEncryption") && !mechanismType.equals("SHA1withRSAEncryption") && !mechanismType.equals("SHA256withRSAEncryption") && !mechanismType.equals("SHA512withRSA") && !mechanismType.equals("SM3withSM2")) {
            throw new PKIException(PKIException.SIGN, "签名操作失败 本操作不支持此种机制类型 " + mechanismType);
        }
        try {
            if (!mechanismType.equalsIgnoreCase("SM3withSM2")) {
                Cipher cipher = Cipher.getInstance(Mechanism.RSA_PKCS, this.providerName);
                cipher.init(2, publicKey);
                return RSAPackageUtil.isRSAHashEqual(cipher.doFinal(bArr2), HashEncoderUtil.derEncoder(mechanismType, bArr));
            }
            Signature signature = Signature.getInstance(signByHash_ALG, this.providerName);
            signature.initVerify(getSM2HardPublicKey(publicKey));
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new PKIException(PKIException.DECRYPT, PKIException.DECRYPT_DES, e);
        }
    }

    private PublicKey getSM2HardPublicKey(PublicKey publicKey) throws PKIException {
        try {
            return KeyFactory.getInstance(Mechanism.SM2, this.providerName).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
        } catch (Exception e) {
            throw new PKIException(PKIException.COV_PUB_KEY, PKIException.COV_PUB_KEY_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public void encrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        try {
            doCipher(true, mechanism, key, str, str2);
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public void decrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        try {
            doCipher(false, mechanism, key, str, str2);
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    private void doCipher(boolean z, Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        try {
            String mechanismType = mechanism.getMechanismType();
            if (!mechanismType.equals("RC4") && !mechanismType.equals("DESede/CBC/PKCS7Padding") && !mechanismType.equals("SM4/CBC/PKCS7Padding") && !mechanismType.equals("DESede/ECB/PKCS7Padding") && !mechanismType.equals("SM4/ECB/PKCS7Padding")) {
                throw new PKIException("do not support this algorithm:" + mechanismType);
            }
            Cipher cipher = Cipher.getInstance(mechanismType, this.providerName);
            int i = z ? 1 : 2;
            if (mechanismType.indexOf("CBC") != -1) {
                cipher.init(i, key, new IvParameterSpec(((CBCParam) mechanism.getParam()).getIv()));
            } else {
                cipher.init(i, key);
            }
            byte[] bArr = new byte[PKIFailureInfo.badCertTemplate];
            if (z) {
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new CipherOutputStream(new FileOutputStream(str2), cipher), PKIFailureInfo.badCertTemplate);
                BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str), PKIFailureInfo.badCertTemplate);
                while (true) {
                    int read = bufferedInputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    } else {
                        bufferedOutputStream.write(bArr, 0, read);
                    }
                }
                bufferedOutputStream.close();
                bufferedInputStream.close();
            } else {
                BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(str2), PKIFailureInfo.badCertTemplate);
                BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new CipherInputStream(new FileInputStream(str), cipher), PKIFailureInfo.badCertTemplate);
                while (true) {
                    int read2 = bufferedInputStream2.read(bArr);
                    if (read2 <= 0) {
                        break;
                    } else {
                        bufferedOutputStream2.write(bArr, 0, read2);
                    }
                }
                bufferedOutputStream2.close();
                bufferedInputStream2.close();
            }
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public Key generateKey(Mechanism mechanism) throws PKIException {
        int i;
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals("RC4")) {
            i = 128;
        } else if (mechanismType.equals(Mechanism.DES3_KEY)) {
            i = 192;
        } else {
            if (!mechanismType.equals(Mechanism.SM4_KEY)) {
                throw new PKIException("do not support this key type:" + mechanismType);
            }
            i = 128;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(mechanismType, this.providerName);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (Exception e) {
            throw new PKIException(e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        return sign(mechanism, privateKey, bArr, SM2Compatible.isOutputSM2SignedWithZ());
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public byte[] sign(Mechanism mechanism, PrivateKey privateKey, String str) throws PKIException {
        return sign(mechanism, privateKey, str, SM2Compatible.isOutputSM2SignedWithZ());
    }
}
