package cfca.sadk.extend.session.bridge.impl.rsa;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.extend.session.CryptoException;
import cfca.sadk.extend.session.CryptoParameterException;
import cfca.sadk.extend.session.ExtendLibHelper;
import cfca.sadk.extend.session.IExtendRSA;
import cfca.sadk.extend.session.bridge.ICryptoBridgePartRSA;
import cfca.sadk.extend.session.util.DataHelper;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.cmp.PKIFailureInfo;
import cfca.sadk.signature.rsa.RSAPackageUtil;
import cfca.sadk.system.logging.LoggerManager;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;

/* loaded from: input_file:cfca/sadk/extend/session/bridge/impl/rsa/RSACard.class */
public final class RSACard implements IExtendRSA, RSACardConstant {
    private static final Session SOFTLIB_SESSION = BCSoftLib.INSTANCE();
    private final ICryptoBridgePartRSA cryptoAPI;

    public RSACard(ICryptoBridgePartRSA iCryptoBridgePartRSA) throws CryptoException {
        if (iCryptoBridgePartRSA == null) {
            throw new CryptoException("CryptoEngine construct failed: cryptoAPI is NULL");
        }
        this.cryptoAPI = iCryptoBridgePartRSA;
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public KeyPair generateKeyPair(boolean z, int i, int i2, int i3) throws CryptoException {
        KeyPair generateInternalKeyPair;
        try {
            if (z) {
                generateInternalKeyPair = generateExternalKeyPair(i);
                if (ExtendLibHelper.isCheckKeypairGeneratorEnabled()) {
                    checkKeyPair(generateInternalKeyPair, i3);
                }
            } else {
                generateInternalKeyPair = generateInternalKeyPair(i2, i3);
                if (ExtendLibHelper.isCheckKeypairGeneratorEnabled()) {
                    checkKeyPair(generateInternalKeyPair, i3);
                }
            }
            return generateInternalKeyPair;
        } catch (CryptoException e) {
            RSACardLoggings.warningGenerateKeyPairFailed(z, i, i2, i3, e);
            throw e;
        } catch (Exception e2) {
            RSACardLoggings.warningGenerateKeyPairFailed(z, i, i2, i3, e2);
            throw new CryptoException("RSACard generateKeyPair failure", e2);
        } catch (Throwable th) {
            RSACardLoggings.warningGenerateKeyPairFailed(z, i, i2, i3, th);
            throw new CryptoException("RSACard generateKeyPair failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] signByHash(PrivateKey privateKey, byte[] bArr) throws CryptoException {
        RSAPrivateKey buildPrivateKey = RSACardKeyHelper.buildPrivateKey(privateKey);
        RSACardKey rSACardKey = buildPrivateKey instanceof RSACardKey ? (RSACardKey) buildPrivateKey : RSACardInvalidKey.INSTANCE;
        try {
            return rSACardKey instanceof RSACardInvalidKey ? RSAPackageUtil.encrypt(bArr, privateKey) : cardPrivateKeyOperationRSA(rSACardKey, RSACardP1Decoder.addPKCS1Padding(bArr, rSACardKey.modulusByteLength(), true));
        } catch (CryptoException e) {
            RSACardLoggings.warningSignByHashFailed(rSACardKey, bArr, e);
            throw e;
        } catch (Exception e2) {
            RSACardLoggings.warningSignByHashFailed(rSACardKey, bArr, e2);
            throw new CryptoException("RSACard signByHash failure", e2);
        } catch (Throwable th) {
            RSACardLoggings.warningSignByHashFailed(rSACardKey, bArr, th);
            throw new CryptoException("RSACard signByHash failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public boolean verifyByHash(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws CryptoException {
        RSAPublicKey buildPublicKey = RSACardKeyHelper.buildPublicKey(publicKey);
        RSACardKey rSACardKey = buildPublicKey instanceof RSACardKey ? (RSACardKey) buildPublicKey : RSACardInvalidKey.INSTANCE;
        try {
            boolean equals = Arrays.equals(RSACardP1Decoder.delPKCS1Padding(cardPublicKeyOperationRSA(rSACardKey, bArr2), rSACardKey.modulusByteLength(), true), bArr);
            if (!equals && LoggerManager.exceptionLogger.isWarnEnabled()) {
                StringBuilder sb = new StringBuilder(1024);
                sb.append("RSACard verifyByHash failure: ");
                sb.append("\n hashWithAlgorithm: 0x").append(DataHelper.dump4KPartData(bArr));
                sb.append("\n signedData: 0x").append(DataHelper.dump4KPartData(bArr2));
                sb.append("\n publicKey: ").append(publicKey);
                LoggerManager.exceptionLogger.warn(sb.toString());
            }
            return equals;
        } catch (CryptoException e) {
            RSACardLoggings.warningVerifyByHashFailed(rSACardKey, bArr, e);
            throw e;
        } catch (Exception e2) {
            RSACardLoggings.warningVerifyByHashFailed(rSACardKey, bArr, e2);
            throw new CryptoException("RSACard verifyByHash failure", e2);
        } catch (Throwable th) {
            RSACardLoggings.warningVerifyByHashFailed(rSACardKey, bArr, th);
            throw new CryptoException("RSACard verifyByHash failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] encrypt(PublicKey publicKey, byte[] bArr) throws CryptoException {
        RSAPublicKey buildPublicKey = RSACardKeyHelper.buildPublicKey(publicKey);
        RSACardKey rSACardKey = buildPublicKey instanceof RSACardKey ? (RSACardKey) buildPublicKey : RSACardInvalidKey.INSTANCE;
        try {
            return cardPublicKeyOperationRSA(rSACardKey, RSACardP1Decoder.addPKCS1Padding(bArr, rSACardKey.modulusByteLength(), false));
        } catch (CryptoException e) {
            RSACardLoggings.warningEncryptFailed(rSACardKey, bArr, e);
            throw e;
        } catch (Exception e2) {
            RSACardLoggings.warningEncryptFailed(rSACardKey, bArr, e2);
            throw new CryptoException("RSACard  [PublicKeyOperation]encrypt failure", e2);
        } catch (Throwable th) {
            RSACardLoggings.warningEncryptFailed(rSACardKey, bArr, th);
            throw new CryptoException("RSACard  [PublicKeyOperation]encrypt failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] decrypt(PrivateKey privateKey, byte[] bArr) throws CryptoException {
        RSAPrivateKey buildPrivateKey = RSACardKeyHelper.buildPrivateKey(privateKey);
        RSACardKey rSACardKey = buildPrivateKey instanceof RSACardKey ? (RSACardKey) buildPrivateKey : RSACardInvalidKey.INSTANCE;
        try {
            return rSACardKey instanceof RSACardInvalidKey ? SOFTLIB_SESSION.decrypt(new Mechanism(MechanismKit.RSA_PKCS), privateKey, bArr) : RSACardP1Decoder.delPKCS1Padding(cardPrivateKeyOperationRSA(rSACardKey, bArr), rSACardKey.modulusByteLength(), false);
        } catch (CryptoException e) {
            RSACardLoggings.warninDecryptFailed(rSACardKey, bArr, e);
            throw e;
        } catch (Exception e2) {
            RSACardLoggings.warninDecryptFailed(rSACardKey, bArr, e2);
            throw new CryptoException("RSACard  [PrivateKeyOperation]decrypt failure", e2);
        } catch (Throwable th) {
            RSACardLoggings.warninDecryptFailed(rSACardKey, bArr, th);
            throw new CryptoException("RSACard  [PrivateKeyOperation]decrypt failure", th);
        }
    }

    private boolean checkKeyPair(KeyPair keyPair, int i) throws CryptoException {
        boolean z = false;
        if (i == 2) {
            byte[] decodeHexString = DataHelper.decodeHexString("45f70cf58f607e6d891c93f594f1826ffb3a0ddea7d2a0753b0c110836d6aecb");
            byte[] decodeHexString2 = DataHelper.decodeHexString("3031300d06096086480165030402010500042045f70cf58f607e6d891c93f594f1826ffb3a0ddea7d2a0753b0c110836d6aecb");
            byte[] signByHash = signByHash(keyPair.getPrivate(), decodeHexString2);
            try {
                verifyByHashWithCard(keyPair, decodeHexString2, signByHash);
                verifyByHashWithSoft(keyPair, decodeHexString, signByHash);
                z = true;
            } catch (Exception e) {
                if (LoggerManager.exceptionLogger.isErrorEnabled()) {
                    StringBuilder sb = new StringBuilder(PKIFailureInfo.wrongIntegrity);
                    sb.append("\nRSACard generateKeyPair: check keypair failure: ");
                    RSACardLoggings.buildKeyPairCheckFailed(sb, keyPair);
                    sb.append("\nhashValue: ").append(DataHelper.dump4KPartData(decodeHexString));
                    sb.append("\nhashWithAlgorithm: ").append(DataHelper.dump4KPartData(decodeHexString2));
                    sb.append("\nsignData: ").append(DataHelper.dump4KPartData(signByHash));
                    LoggerManager.exceptionLogger.error(sb.toString(), e);
                }
                throw new CryptoException("RSACard generateKeyPair: check keypair failure", e);
            }
        }
        if (i == 1) {
            byte[] decodeHexString3 = DataHelper.decodeHexString("45f70cf58f607e6d891c93f594f1826ffb3a0ddea7d2a0753b0c110836d6aecb");
            try {
                if (!Arrays.equals(decodeHexString3, decrypt(keyPair.getPrivate(), encrypt(keyPair.getPublic(), decodeHexString3)))) {
                    throw new CryptoException("RSACard generateKeyPair: check keypair failure[encryptByHard]");
                }
                z = Arrays.equals(decodeHexString3, decrypt(keyPair.getPrivate(), SOFTLIB_SESSION.encrypt(new Mechanism(MechanismKit.RSA_PKCS), keyPair.getPublic(), decodeHexString3)));
                if (!z) {
                    throw new CryptoException("RSACard generateKeyPair: check keypair failure[encryptBySoft]");
                }
            } catch (PKIException e2) {
                String str = "RSACard generateKeyPair: check keypair failure[" + ((String) null) + "]";
                if (LoggerManager.exceptionLogger.isErrorEnabled()) {
                    StringBuilder sb2 = new StringBuilder(PKIFailureInfo.wrongIntegrity);
                    sb2.append("\n").append(str);
                    RSACardLoggings.buildKeyPairCheckFailed(sb2, keyPair);
                    sb2.append("\nsourceData: ").append(DataHelper.dump4KPartData(decodeHexString3));
                    sb2.append("\nencryptData: ").append(DataHelper.dump4KPartData(null));
                    LoggerManager.exceptionLogger.error(sb2.toString(), e2);
                }
                throw new CryptoException(str, e2);
            }
        }
        return z;
    }

    private boolean verifyByHashWithCard(KeyPair keyPair, byte[] bArr, byte[] bArr2) throws CryptoException {
        boolean verifyByHash = verifyByHash(keyPair.getPublic(), bArr, bArr2);
        if (verifyByHash) {
            return verifyByHash;
        }
        throw new CryptoException("verifyByHashWithCard return False");
    }

    private boolean verifyByHashWithSoft(KeyPair keyPair, byte[] bArr, byte[] bArr2) throws CryptoException, PKIException {
        boolean verifyByHash = SOFTLIB_SESSION.verifyByHash(new Mechanism(MechanismKit.SHA256_RSA), keyPair.getPublic(), bArr, bArr2);
        if (verifyByHash) {
            return verifyByHash;
        }
        throw new CryptoException("verifyByHashWithSoft return False");
    }

    private KeyPair generateExternalKeyPair(int i) throws CryptoException {
        if (i != 1024 && i != 2048 && i != 4096) {
            throw new CryptoException("RSACard cryptoAPI.generateKeyPairRSA rejected with invalid bitLength=" + i);
        }
        byte[] bArr = new byte[RSACardConstant.RSA_PUB_KEY_DATA_LENGTH];
        byte[] bArr2 = new byte[RSACardConstant.RSA_PRI_KEY_DATA_LENGTH];
        try {
            int generateKeyPairRSA = this.cryptoAPI.generateKeyPairRSA(i, bArr, bArr2);
            if (generateKeyPairRSA != 0) {
                throw new CryptoException(String.format("cryptoAPI.generateKeyPairRSA returnValue=0x%08x", Integer.valueOf(generateKeyPairRSA)));
            }
            return new KeyPair(RSACardPublicKey.buildExternalSoftKey(bArr), new RSACardExternalPrivateKey(bArr2));
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("RSACard cryptoAPI.generateKeyPairRSA failure", e);
            throw new CryptoException("RSACard cryptoAPI.generateKeyPairRSA failure", e);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("RSACard cryptoAPI.generateKeyPairRSA failure", th);
            throw new CryptoException("RSACard cryptoAPI.generateKeyPairRSA failure", th);
        }
    }

    private KeyPair generateInternalKeyPair(int i, int i2) throws CryptoException {
        ensureKeyIndexValid(i);
        if (i2 != 2) {
            throw new CryptoException("RSACard generateInternalKeyPair rejected with keyUsage=" + i2);
        }
        byte[] bArr = new byte[RSACardConstant.RSA_PUB_KEY_DATA_LENGTH];
        try {
            int exportPublicKeyRSA = this.cryptoAPI.exportPublicKeyRSA(i, i2, bArr);
            if (exportPublicKeyRSA != 0) {
                throw new CryptoException(String.format("cryptoAPI.exportPublicKeyRSA returnValue=0x%08x", Integer.valueOf(exportPublicKeyRSA)));
            }
            return new KeyPair(RSACardPublicKey.buildInternalHardKey(i, i2, bArr), new RSACardInternalPrivateKey(i, i2, bArr));
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("RSACard cryptoAPI.generateKeyPairRSAEx failure", e);
            throw new CryptoException("RSACard cryptoAPI.exportPublicKeyRSA failure", e);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("RSACard cryptoAPI.generateKeyPairRSAEx failure", th);
            throw new CryptoException("RSACard cryptoAPI.exportPublicKeyRSA failure", th);
        }
    }

    private byte[] cardPrivateKeyOperationRSA(RSACardKey rSACardKey, byte[] bArr) throws CryptoException {
        if (rSACardKey == null) {
            throw new CryptoParameterException("RSACard cardPrivateKeyOperationRSA rejected: rsaKey = null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoParameterException("RSACard cardPrivateKeyOperationRSA rejected: encryptData = null ");
        }
        int modulusByteLength = rSACardKey.modulusByteLength();
        if (bArr.length != modulusByteLength) {
            throw new CryptoParameterException("RSACard cardPrivateKeyOperationRSA rejected:  dataInputLength= " + bArr.length + ",moduleLength=" + modulusByteLength);
        }
        int[] iArr = {0};
        byte[] bArr2 = new byte[bArr.length];
        try {
            if (rSACardKey.isInternalKey()) {
                int internalPrivateKeyOperationRSA = this.cryptoAPI.internalPrivateKeyOperationRSA(ensureKeyIndexValid(rSACardKey.getKeyIndex()), bArr, bArr2, iArr);
                if (internalPrivateKeyOperationRSA != 0) {
                    throw new CryptoException(String.format("cryptoAPI.internalPrivateKeyOperationRSA returnValue=0x%08x", Integer.valueOf(internalPrivateKeyOperationRSA)));
                }
            } else {
                int externalPrivateKeyOperationRSA = this.cryptoAPI.externalPrivateKeyOperationRSA(rSACardKey.keyData(), bArr, bArr2, iArr);
                if (externalPrivateKeyOperationRSA != 0) {
                    throw new CryptoException(String.format("cryptoAPI.externalPrivateKeyOperationRSA returnValue=0x%08x", Integer.valueOf(externalPrivateKeyOperationRSA)));
                }
            }
            if (iArr[0] != bArr2.length) {
                throw new CryptoException("RSACard cardPrivateKeyOperationRSA failure with dataOutputSize!=modulusBitsLength");
            }
            return bArr2;
        } catch (Exception e) {
            String buildPrivateKeyOperationRSAFailedMessage = RSACardLoggings.buildPrivateKeyOperationRSAFailedMessage(rSACardKey, bArr);
            LoggerManager.exceptionLogger.error("RSACard cardPrivateKeyOperationRSA failure", e);
            throw new CryptoException(buildPrivateKeyOperationRSAFailedMessage, e);
        } catch (Throwable th) {
            String buildPrivateKeyOperationRSAFailedMessage2 = RSACardLoggings.buildPrivateKeyOperationRSAFailedMessage(rSACardKey, bArr);
            LoggerManager.exceptionLogger.error("RSACard cardPrivateKeyOperationRSA failure", th);
            throw new CryptoException(buildPrivateKeyOperationRSAFailedMessage2, th);
        }
    }

    private byte[] cardPublicKeyOperationRSA(RSACardKey rSACardKey, byte[] bArr) throws CryptoException {
        if (rSACardKey == null) {
            throw new CryptoParameterException("RSACard cardPublicKeyOperationRSA rejected: rsaKey = null");
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoParameterException("RSACard cardPublicKeyOperationRSA rejected: encryptData = null");
        }
        int modulusByteLength = rSACardKey.modulusByteLength();
        if (bArr.length != modulusByteLength) {
            throw new CryptoParameterException("RSACard cardPublicKeyOperationRSA rejected:  dataInputLength= " + bArr.length + ",moduleLength=" + modulusByteLength);
        }
        byte[] bArr2 = new byte[bArr.length];
        int[] iArr = {0};
        try {
            if (rSACardKey.isInternalKey()) {
                int internalPublicKeyOperationRSA = this.cryptoAPI.internalPublicKeyOperationRSA(ensureKeyIndexValid(rSACardKey.getKeyIndex()), bArr, bArr2, iArr);
                if (internalPublicKeyOperationRSA != 0) {
                    throw new CryptoException(String.format("cryptoAPI.internalPublicKeyOperationRSA returnValue=0x%08x", Integer.valueOf(internalPublicKeyOperationRSA)));
                }
            } else {
                int externalPublicKeyOperationRSA = this.cryptoAPI.externalPublicKeyOperationRSA(rSACardKey.keyData(), bArr, bArr2, iArr);
                if (externalPublicKeyOperationRSA != 0) {
                    throw new CryptoException(String.format("cryptoAPI.externalPublicKeyOperationRSA returnValue=0x%08x", Integer.valueOf(externalPublicKeyOperationRSA)));
                }
            }
            if (iArr[0] != bArr2.length) {
                throw new CryptoException("RSACard cardPublicKeyOperationRSA failure with dataOutputSize!=modulusBitsLength");
            }
            return bArr2;
        } catch (Exception e) {
            String buildPublicKeyOperationRSAFailedMessage = RSACardLoggings.buildPublicKeyOperationRSAFailedMessage(rSACardKey, bArr);
            LoggerManager.exceptionLogger.error("RSACard cardPublicKeyOperationRSA failure", e);
            throw new CryptoException(buildPublicKeyOperationRSAFailedMessage, e);
        } catch (Throwable th) {
            String buildPublicKeyOperationRSAFailedMessage2 = RSACardLoggings.buildPublicKeyOperationRSAFailedMessage(rSACardKey, bArr);
            LoggerManager.exceptionLogger.error("RSACard cardPublicKeyOperationRSA failure", th);
            throw new CryptoException(buildPublicKeyOperationRSAFailedMessage2, th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public int ensureKeyIndexValid(int i) throws CryptoException {
        return i;
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public boolean idleTest() throws CryptoException {
        try {
            return this.cryptoAPI.idleTest();
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("RSACard idleTest failure", e);
            throw new CryptoException("RSACard idleTest failure", e);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("RSACard idleTest failure", th);
            throw new CryptoException("RSACard idleTest failure", th);
        }
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] hashDigestInfo(Mechanism mechanism, byte[] bArr) throws CryptoException {
        return RSACardHashHelper.hashDigestInfo(mechanism, bArr);
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] hashDigestInfo(Mechanism mechanism, InputStream inputStream) throws CryptoException {
        return RSACardHashHelper.hashDigestInfo(mechanism, inputStream);
    }

    @Override // cfca.sadk.extend.session.IExtendRSA
    public byte[] buildDigestInfo(Mechanism mechanism, byte[] bArr) throws CryptoException {
        return RSACardHashHelper.buildDigestInfo(mechanism, bArr);
    }
}
