package cfca.sadk.extend.session.bridge.impl.ecc;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.extend.session.CryptoException;
import cfca.sadk.extend.session.CryptoParameterException;
import cfca.sadk.extend.session.ECCCurveId;
import cfca.sadk.extend.session.ExtendLibHelper;
import cfca.sadk.extend.session.IExtendECC;
import cfca.sadk.extend.session.bridge.CryptoConstant;
import cfca.sadk.extend.session.bridge.ICryptoBridgePartECC;
import cfca.sadk.extend.session.bridge.impl.ecc.ECCCardDummy;
import cfca.sadk.extend.session.util.DataHelper;
import cfca.sadk.org.bouncycastle.asn1.cmp.PKIFailureInfo;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.logging.LoggerManager;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;

/* loaded from: input_file:cfca/sadk/extend/session/bridge/impl/ecc/ECCCard.class */
public final class ECCCard implements IExtendECC, ECCCardConstant, CryptoConstant {
    private final ICryptoBridgePartECC cryptoAPI;

    public ECCCard(ICryptoBridgePartECC iCryptoBridgePartECC) throws CryptoException {
        if (iCryptoBridgePartECC == null) {
            throw new CryptoException("CryptoEngine construct failed: cryptoAPI is NULL");
        }
        this.cryptoAPI = iCryptoBridgePartECC;
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public KeyPair generateKeyPair(boolean z, int i, int i2, int i3) throws CryptoException {
        KeyPair generateInternalKeyPair;
        try {
            if (!z) {
                generateInternalKeyPair = generateInternalKeyPair(i, i2);
                if (ExtendLibHelper.isCheckKeypairGeneratorEnabled()) {
                    switch (i2) {
                        case 1:
                            throw new UnsupportedOperationException("ECCCard#generateKeyPair->ENCRYPTION_KEY");
                        case 2:
                            checkKeyPairSignOperation(generateInternalKeyPair);
                            break;
                    }
                }
            } else {
                generateInternalKeyPair = generateExternalKeyPair(i3);
                if (ExtendLibHelper.isCheckKeypairGeneratorEnabled()) {
                    checkKeyPairSignOperation(generateInternalKeyPair);
                    checkKeyPairDecryptOperation(generateInternalKeyPair);
                }
            }
            return generateInternalKeyPair;
        } catch (CryptoException e) {
            ECCCardLoggings.warningGenerateKeyPairFailed(z, 0, i, i2, e);
            throw e;
        } catch (Exception e2) {
            ECCCardLoggings.warningGenerateKeyPairFailed(z, 0, i, i2, e2);
            throw new CryptoException("ECCCard generateKeyPair failure", e2);
        } catch (Throwable th) {
            ECCCardLoggings.warningGenerateKeyPairFailed(z, 0, i, i2, th);
            throw new CryptoException("ECCCard generateKeyPair failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public byte[] signByHash(PrivateKey privateKey, byte[] bArr) throws CryptoException {
        ECCCardKey eCCCardKey = (ECCCardKey) ECCCardKeyHelper.buildPrivateKey(privateKey);
        try {
            return cardPrivateKeySignByHash(eCCCardKey, ECCCardHashHelper.formatHashData(eCCCardKey, bArr, true));
        } catch (CryptoException e) {
            ECCCardLoggings.warningSignByHashFailed(eCCCardKey, bArr, e);
            throw e;
        } catch (Exception e2) {
            ECCCardLoggings.warningSignByHashFailed(eCCCardKey, bArr, e2);
            throw new CryptoException("ECCCard signByHash failure", e2);
        } catch (Throwable th) {
            ECCCardLoggings.warningSignByHashFailed(eCCCardKey, bArr, th);
            throw new CryptoException("ECCCard signByHash failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public boolean verifyByHash(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws CryptoException {
        PublicKey buildPublicKey = ECCCardKeyHelper.buildPublicKey(publicKey);
        ECCCardKey eCCCardKey = buildPublicKey instanceof ECCCardKey ? (ECCCardKey) buildPublicKey : ECCCardInvalidKey.INSTANCE;
        try {
            byte[] formatHashData = ECCCardHashHelper.formatHashData(eCCCardKey, bArr, true);
            int cardPublicKeyVerifyByHash = cardPublicKeyVerifyByHash(eCCCardKey, formatHashData, bArr2);
            if (cardPublicKeyVerifyByHash != 0) {
                ECCCardLoggings.warningVerifyByHashFailed(eCCCardKey, formatHashData, bArr2, cardPublicKeyVerifyByHash);
            }
            return cardPublicKeyVerifyByHash == 0;
        } catch (CryptoException e) {
            ECCCardLoggings.warningVerifyByHashFailed(eCCCardKey, bArr, bArr2, e);
            throw e;
        } catch (Exception e2) {
            ECCCardLoggings.warningVerifyByHashFailed(eCCCardKey, bArr, bArr2, e2);
            throw new CryptoException("ECCCard verifyByHash failure", e2);
        } catch (Throwable th) {
            ECCCardLoggings.warningVerifyByHashFailed(eCCCardKey, bArr, bArr2, th);
            throw new CryptoException("ECCCard verifyByHash failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public byte[] encrypt(PublicKey publicKey, byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec) throws CryptoException {
        throw new UnsupportedOperationException("ECCCard#encrypt");
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public byte[] decrypt(PrivateKey privateKey, byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec) throws CryptoException {
        throw new UnsupportedOperationException("ECCCard#decrypt");
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public boolean idleTest() throws CryptoException {
        try {
            return this.cryptoAPI.idleTest();
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("ECCCard idleTest failure", e);
            throw new CryptoException("ECCCard idleTest failure", e);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("ECCCard idleTest failure", th);
            throw new CryptoException("ECCCard idleTest failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public int ensureKeyIndexValid(int i) throws CryptoException {
        return i;
    }

    public ICryptoBridgePartECC getCryptoAPI() {
        return this.cryptoAPI;
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public byte[] hash(Mechanism mechanism, byte[] bArr) throws CryptoException {
        return ECCCardHashHelper.hash(mechanism, bArr);
    }

    @Override // cfca.sadk.extend.session.IExtendECC
    public byte[] hash(Mechanism mechanism, InputStream inputStream) throws CryptoException {
        return ECCCardHashHelper.hash(mechanism, inputStream);
    }

    private KeyPair generateInternalKeyPair(int i, int i2) throws CryptoException {
        ensureKeyIndexValid(i);
        if (i2 != 2 && i2 != 1) {
            throw new CryptoException("ECCCard cryptoAPI.exportPublicKeyECC rejected with keyUsage=" + i2);
        }
        byte[] bArr = new byte[ECCCardConstant.ECC_PUB_KEY_DATA_LENGTH];
        try {
            int exportPublicKeyECC = this.cryptoAPI.exportPublicKeyECC(i, i2, bArr);
            if (exportPublicKeyECC != 0) {
                throw new CryptoException(String.format("cryptoAPI.exportPublicKeyECC returnValue=0x%08x", Integer.valueOf(exportPublicKeyECC)));
            }
            try {
                ECCCardPublicKey buildInternalKey = ECCCardPublicKey.buildInternalKey(i, i2, bArr);
                return new KeyPair(buildInternalKey, new ECCCardInternalPrivateKey(i, i2, buildInternalKey));
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("ECCCard buildInternalPublicKey failure: " + SADKDebugger.dump(bArr), e);
                throw new CryptoException("ECCCard buildInternalPublicKey failure", e);
            }
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("ECCCard cryptoAPI.generateKeyPairECCEx failure", e2);
            throw new CryptoException("ECCCard cryptoAPI.exportPublicKeyECC failure", e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("ECCCard cryptoAPI.generateKeyPairECCEx failure", th);
            throw new CryptoException("ECCCard cryptoAPI.exportPublicKeyECC failure", th);
        }
    }

    private KeyPair generateExternalKeyPair(int i) throws CryptoException {
        ECCCurveId findECCCurveId = ECCCurveId.findECCCurveId(i);
        if (findECCCurveId == null) {
            throw new CryptoException("ECCCard cryptoAPI.generateKeyPairECC rejected with invalid curveId=" + i);
        }
        if (!ECCCurveId.isCardSupport(findECCCurveId)) {
            throw new CryptoException("ECCCard cryptoAPI.generateKeyPairECC rejected with unsupport curveId=" + i);
        }
        byte[] bArr = new byte[ECCCardConstant.ECC_PUB_KEY_DATA_LENGTH];
        byte[] bArr2 = new byte[74];
        try {
            int generateKeyPairECC = this.cryptoAPI.generateKeyPairECC(i, findECCCurveId.getCurveBitLength(), bArr, bArr2);
            if (generateKeyPairECC != 0) {
                throw new CryptoException(String.format("cryptoAPI.generateKeyPairECC returnValue=0x%08x", Integer.valueOf(generateKeyPairECC)));
            }
            try {
                return new KeyPair(ECCCardPublicKey.buildExternalKey(bArr), ECCCardExternalPrivateKey.buildExternalSoftKey(bArr2));
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("ECCCard buildExternalPublicKey failure: " + SADKDebugger.dump(bArr), e);
                throw new CryptoException("ECCCard buildExternalPublicKey failure", e);
            }
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("ECCCard cryptoAPI.generateKeyPairECC failure", e2);
            throw new CryptoException("ECCCard cryptoAPI.generateKeyPairECC failure", e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("ECCCard cryptoAPI.generateKeyPairECC failure", th);
            throw new CryptoException("ECCCard cryptoAPI.generateKeyPairECC failure", th);
        }
    }

    private byte[] cardPrivateKeySignByHash(ECCCardKey eCCCardKey, byte[] bArr) throws CryptoException {
        if (eCCCardKey == null) {
            throw new CryptoParameterException("ECCCard cardPrivateKeySignByHash rejected: eccKey = null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoParameterException("ECCCard cardPrivateKeySignByHash rejected: dataInput = null ");
        }
        if (bArr.length != eCCCardKey.getCurveByteLength()) {
            throw new CryptoParameterException("ECCCard cardPrivateKeySignByHash rejected:  dataInputLength= " + bArr.length + ",requiredHashLength=" + eCCCardKey.getCurveByteLength());
        }
        byte[] bArr2 = new byte[ECCCardConstant.ECC_SIGN_LENGTH];
        try {
            if (eCCCardKey.isInternalKey()) {
                int internalSignECC = this.cryptoAPI.internalSignECC(ensureKeyIndexValid(eCCCardKey.getKeyIndex()), bArr, bArr.length, bArr2);
                if (internalSignECC != 0) {
                    throw new CryptoException(String.format("cryptoAPI.internalSignECC returnValue=0x%08x", Integer.valueOf(internalSignECC)));
                }
            } else {
                int externalSignECC = this.cryptoAPI.externalSignECC(262144, eCCCardKey.keyData(), bArr, bArr.length, bArr2);
                if (externalSignECC != 0) {
                    throw new CryptoException(String.format("cryptoAPI.externalSignECC returnValue=0x%08x", Integer.valueOf(externalSignECC)));
                }
            }
            return ECCCardSignValue.encodeToStdAsn1(eCCCardKey.getCurveId(), bArr2);
        } catch (Exception e) {
            String buildPrivateKeySignByHashFailedMessage = ECCCardLoggings.buildPrivateKeySignByHashFailedMessage(eCCCardKey, bArr);
            LoggerManager.exceptionLogger.error("ECCCard cardPrivateKeySignByHash failure", e);
            throw new CryptoException(buildPrivateKeySignByHashFailedMessage, e);
        } catch (Throwable th) {
            String buildPrivateKeySignByHashFailedMessage2 = ECCCardLoggings.buildPrivateKeySignByHashFailedMessage(eCCCardKey, bArr);
            LoggerManager.exceptionLogger.error("ECCCard cardPrivateKeySignByHash failure", th);
            throw new CryptoException(buildPrivateKeySignByHashFailedMessage2, th);
        }
    }

    private int cardPublicKeyVerifyByHash(ECCCardKey eCCCardKey, byte[] bArr, byte[] bArr2) throws CryptoException {
        int externalVerifyECC;
        if (eCCCardKey == null) {
            throw new CryptoParameterException("ECCCard cardPublicKeyVerifyByHash rejected: eccKey = null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoParameterException("ECCCard cardPublicKeyVerifyByHash rejected: dataInput = null");
        }
        if (bArr.length != eCCCardKey.getCurveByteLength()) {
            throw new CryptoParameterException("ECCCard cardPublicKeyVerifyByHash rejected:  dataInputLength= " + bArr.length + ",requiredHashLength=" + eCCCardKey.getCurveByteLength());
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new CryptoParameterException("ECCCard cardPublicKeyVerifyByHash rejected: signature = null");
        }
        try {
            byte[] decodeFromStdAsn1 = ECCCardSignValue.decodeFromStdAsn1(eCCCardKey.getCurveId(), bArr2);
            if (decodeFromStdAsn1.length != 132) {
                throw new CryptoParameterException("ECCCard cardPublicKeyVerifyByHash rejected:  signatureLength= " + bArr2.length + ",requiredLength=" + ECCCardConstant.ECC_SIGN_LENGTH);
            }
            if (eCCCardKey.isInternalKey()) {
                externalVerifyECC = this.cryptoAPI.internalVerifyECC(ensureKeyIndexValid(eCCCardKey.getKeyIndex()), bArr, bArr.length, decodeFromStdAsn1);
                if (externalVerifyECC != 0) {
                    LoggerManager.exceptionLogger.error(String.format("cryptoAPI.internalVerifyECC returnValue=0x%08x", Integer.valueOf(externalVerifyECC)));
                }
            } else {
                externalVerifyECC = this.cryptoAPI.externalVerifyECC(262144, eCCCardKey.keyData(), bArr, bArr.length, decodeFromStdAsn1);
                if (externalVerifyECC != 0) {
                    LoggerManager.exceptionLogger.error(String.format("cryptoAPI.externalVerifyECC returnValue=0x%08x", Integer.valueOf(externalVerifyECC)));
                }
            }
            if (externalVerifyECC == 0 || externalVerifyECC == 16777230) {
                return externalVerifyECC;
            }
            throw new CryptoException(String.format("Verify failed: 0x%08x", Integer.valueOf(externalVerifyECC)));
        } catch (Exception e) {
            String buildPublicKeyVerifyByHashFailedMessage = ECCCardLoggings.buildPublicKeyVerifyByHashFailedMessage(eCCCardKey, bArr, bArr2);
            LoggerManager.exceptionLogger.error("ECCCard cardPublicKeyVerifyByHash failure", e);
            throw new CryptoException(buildPublicKeyVerifyByHashFailedMessage, e);
        } catch (Throwable th) {
            String buildPublicKeyVerifyByHashFailedMessage2 = ECCCardLoggings.buildPublicKeyVerifyByHashFailedMessage(eCCCardKey, bArr, bArr2);
            LoggerManager.exceptionLogger.error("ECCCard cardPublicKeyVerifyByHash failure", th);
            throw new CryptoException(buildPublicKeyVerifyByHashFailedMessage2, th);
        }
    }

    private boolean checkKeyPairSignOperation(KeyPair keyPair) throws CryptoException {
        byte[] decodeHexString = DataHelper.decodeHexString("45f70cf58f607e6d891c93f594f1826ffb3a0dde");
        byte[] signByHash = signByHash(keyPair.getPrivate(), decodeHexString);
        try {
            verifyByHashWithCard(keyPair, decodeHexString, signByHash);
            verifyByHashWithSoft(keyPair, decodeHexString, signByHash);
            return true;
        } catch (Exception e) {
            if (LoggerManager.exceptionLogger.isErrorEnabled()) {
                StringBuilder sb = new StringBuilder(PKIFailureInfo.wrongIntegrity);
                sb.append("\nECCCard checkKeyPairSignOperation: check keypair failure: ");
                ECCCardLoggings.buildKeyPairCheckFailed(sb, keyPair);
                sb.append("\nhashValue: ").append(DataHelper.dump4KPartData(decodeHexString));
                sb.append("\nsignValue: ").append(DataHelper.dump4KPartData(signByHash));
                LoggerManager.exceptionLogger.error(sb.toString(), e);
            }
            throw new CryptoException("ECCCard checkKeyPairSignOperation: check keypair failure", e);
        }
    }

    private void checkKeyPairDecryptOperation(KeyPair keyPair) throws CryptoException {
    }

    private boolean verifyByHashWithCard(KeyPair keyPair, byte[] bArr, byte[] bArr2) throws CryptoException {
        boolean verifyByHash = verifyByHash(keyPair.getPublic(), bArr, bArr2);
        if (verifyByHash) {
            return verifyByHash;
        }
        throw new CryptoException("verifyByHashWithCard return False");
    }

    private boolean verifyByHashWithSoft(KeyPair keyPair, byte[] bArr, byte[] bArr2) throws CryptoException {
        boolean verifyByHash = ECCCardDummy.Dummy.INSTANCE.verifyByHash(keyPair.getPublic(), bArr, bArr2);
        if (verifyByHash) {
            return verifyByHash;
        }
        throw new CryptoException("verifyByHashWithSoft return False");
    }
}
