package cfca.sadk.cgb.toolkit;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM2Crypto;
import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.algorithm.sm2.SM3Digest;
import cfca.sadk.asn1.pkcs.PKCS12_SM2;
import cfca.sadk.lib.crypto.bcsoft.BCSoftSM2;
import cfca.sadk.org.bouncycastle.crypto.generators.SM2KeyPairGenerator;
import cfca.sadk.system.FileHelper;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:cfca/sadk/cgb/toolkit/SM2Toolkit.class */
public final class SM2Toolkit {
    public KeyPair SM2GenerateKeyPair() throws PKIException {
        try {
            return SM2KeyPairGenerator.SM2GenerateKeyPair();
        } catch (Exception e) {
            throw new PKIException("generate keypair failure", e);
        }
    }

    public KeyPair SM2BuildKeyPairByText(String str, String str2) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sm2Base64Text");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for sm2FilePassword");
        }
        try {
            return SM2BuildKeyPair(Base64.decode(str), str2);
        } catch (Exception e) {
            throw new PKIException("build keypair failure", e);
        }
    }

    public KeyPair SM2BuildKeyPairByFile(String str, String str2) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sm2FilePath");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for sm2FilePassword");
        }
        try {
            return SM2BuildKeyPair(FileHelper.read(str), str2);
        } catch (Exception e) {
            throw new PKIException("sm2FilePath read failure", e);
        }
    }

    private KeyPair SM2BuildKeyPair(byte[] bArr, String str) throws PKIException {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sm2Bytes");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sm2FilePassword");
        }
        PKCS12_SM2 pkcs12_sm2 = new PKCS12_SM2(bArr);
        try {
            SM2PrivateKey privateKey = pkcs12_sm2.getPrivateKey(str);
            if (privateKey == null) {
                throw new PKIException("build keypair failure: not found sm2PrivateKey");
            }
            X509Cert[] publicCert = pkcs12_sm2.getPublicCert();
            if (publicCert == null || publicCert.length == 0) {
                throw new PKIException("build keypair failure: not found sm2PublicKey");
            }
            return new KeyPair(publicCert[0].getPublicKey(), privateKey);
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("build keypair failure", e2);
        }
    }

    public PublicKey SM2BuildPublicKey(String str) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sm2Base64PublicKey");
        }
        try {
            return new SM2PublicKey(Base64.decode(str));
        } catch (Exception e) {
            throw new PKIException("build sm2PublicKey failure", e);
        }
    }

    public PrivateKey SM2BuildPrivateKey(String str) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sm2Base64PrivateKey");
        }
        try {
            return SM2PrivateKey.getInstance(Base64.decode(str));
        } catch (Exception e) {
            throw new PKIException("build sm2PrivateKey failure", e);
        }
    }

    public byte[] SM2EncryptData(PublicKey publicKey, byte[] bArr) throws PKIException {
        if (publicKey == null || !(publicKey instanceof SM2PublicKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PublicKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for data");
        }
        SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
        try {
            SM2Crypto sM2Crypto = new SM2Crypto();
            sM2Crypto.initEncrypt(sM2PublicKey.getQ());
            return sM2Crypto.encrypt(bArr);
        } catch (Exception e) {
            throw new PKIException("encrypted failure", e);
        }
    }

    public byte[] SM2DecryptData(PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (privateKey == null || !(privateKey instanceof SM2PrivateKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PrivateKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for data");
        }
        SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
        try {
            SM2Crypto sM2Crypto = new SM2Crypto();
            sM2Crypto.initDecrypt(sM2PrivateKey.dBigInteger());
            return sM2Crypto.decrypt(bArr);
        } catch (Exception e) {
            throw new PKIException("decrypted failure", e);
        }
    }

    public byte[] SM2Sign(PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (privateKey == null || !(privateKey instanceof SM2PrivateKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PrivateKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for data");
        }
        SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
        try {
            return BCSoftSM2.sign(SM3(bArr, sM2PrivateKey.getSM2PublicKey().getDefaultZ()), sM2PrivateKey.dBigInteger(), true);
        } catch (Exception e) {
            throw new PKIException("signature signed failure", e);
        }
    }

    public boolean SM2Verify(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (publicKey == null || !(publicKey instanceof SM2PublicKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PublicKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for data");
        }
        if (bArr2 == null || bArr2.length < 64) {
            return false;
        }
        SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
        try {
            return BCSoftSM2.verify(SM3(bArr, sM2PublicKey.getDefaultZ()), bArr2, sM2PublicKey.getQ());
        } catch (Exception e) {
            throw new PKIException("signature verified failure", e);
        }
    }

    public byte[] SM2SignHash(PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (privateKey == null || !(privateKey instanceof SM2PrivateKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PrivateKey");
        }
        if (bArr == null || bArr.length != 32) {
            throw new IllegalArgumentException("null/length not allowed for hash");
        }
        return BCSoftSM2.sign(bArr, ((SM2PrivateKey) privateKey).dBigInteger(), true);
    }

    public boolean SM2VerifyHash(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (publicKey == null || !(publicKey instanceof SM2PublicKey)) {
            throw new IllegalArgumentException("null/type not allowed for sm2PublicKey");
        }
        if (bArr == null || bArr.length != 32 || bArr2 == null || bArr2.length < 64) {
            return false;
        }
        return BCSoftSM2.verify(bArr, bArr2, ((SM2PublicKey) publicKey).getQ());
    }

    private byte[] SM3(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[32];
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr2, 0, bArr2.length);
        sM3Digest.update(bArr, 0, bArr.length);
        sM3Digest.doFinal(bArr3, 0);
        return bArr3;
    }
}
