package cfca.sadk.lib.crypto;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.common.ext.MechanismExt;
import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.algorithm.util.HashEncoderUtil;
import cfca.sadk.algorithm.util.SymmetricHelper;
import cfca.sadk.jcajce.provider.SADKProvider;
import cfca.sadk.org.bouncycastle.crypto.params.DESedeParameters;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPrivateKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.system.CompatibleAlgorithm;
import cfca.sadk.system.Mechanisms;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.global.SM2ContextConfig;
import cfca.sadk.system.logging.LoggerManager;
import cfca.sadk.util.HashUtil;
import cfca.sadk.util.KeyUtil;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cfca/sadk/lib/crypto/BaseLib.class */
public abstract class BaseLib implements Session {
    @Override // cfca.sadk.lib.crypto.Session
    public final KeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        KeyPair ECCGenerateKeyPair;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("GenerateKeyPair>>>>>>Running");
            sb.append("\n mechanism: ");
            sb.append(SADKDebugger.dump(mechanism));
            sb.append("\n bitLength: " + i);
            LoggerManager.debugLogger.debug(sb.toString());
        }
        try {
            if (mechanism == null) {
                throw new PKIException("GenerateKeyPair failure with missing mechanism");
            }
            if (Mechanisms.isSM2Type(mechanism)) {
                ECCGenerateKeyPair = SM2GenerateKeyPair();
            } else if (Mechanisms.isRSAType(mechanism)) {
                ECCGenerateKeyPair = RSAGenerateKeyPair(i);
            } else {
                if (!Mechanisms.isECDSA(mechanism)) {
                    throw new PKIException("GenerateKeyPair failure with invalid keyType=" + mechanism.getMechanismType());
                }
                ECCGenerateKeyPair = ECCGenerateKeyPair(mechanism);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("GenerateKeyPai<<<<<<Finished: keypair=" + ((Object) SADKDebugger.dump(ECCGenerateKeyPair)));
            }
            return ECCGenerateKeyPair;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("GenerateKeyPair<<<<<<Failure", e);
            throw new PKIException("GenerateKeyPair failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("GenerateKeyPair<<<<<<Failure", e2);
            throw new PKIException("GenerateKeyPair failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("GenerateKeyPair<<<<<<Failure", th);
            throw new PKIException("GenerateKeyPair failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Key generateKey(Mechanism mechanism) throws PKIException {
        SecretKeySpec secretKeySpec;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("GenerateKey>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("GenerateKey failure with missing mechanism");
            }
            String mechanismType = mechanism.getMechanismType();
            SecureRandom secureRandom = new SecureRandom();
            if (MechanismKit.SM4_KEY.equals(mechanismType)) {
                byte[] bArr = new byte[16];
                secureRandom.nextBytes(bArr);
                secretKeySpec = new SecretKeySpec(bArr, mechanismType);
            } else if (MechanismKit.DES3_KEY.equals(mechanismType)) {
                byte[] bArr2 = new byte[24];
                do {
                    secureRandom.nextBytes(bArr2);
                    DESedeParameters.setOddParity(bArr2);
                } while (DESedeParameters.isWeakKey(bArr2, 0, bArr2.length));
                secretKeySpec = new SecretKeySpec(bArr2, mechanismType);
            } else {
                if (!"RC4".equals(mechanismType)) {
                    throw new PKIException("GenerateKey failure with invalid keyType=" + mechanism.getMechanismType());
                }
                byte[] bArr3 = new byte[16];
                secureRandom.nextBytes(bArr3);
                secretKeySpec = new SecretKeySpec(bArr3, mechanismType);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("GenerateKey<<<<<<Finished: key=" + SADKDebugger.dump(secretKeySpec));
            }
            return secretKeySpec;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", e);
            throw new PKIException("GenerateKey failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", e2);
            throw new PKIException("GenerateKey failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", th);
            throw new PKIException("GenerateKey failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Key generateKey(Mechanism mechanism, byte[] bArr) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("generateKeyPair>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n keyData: " + SADKDebugger.dump(bArr));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("GenerateKey failure with missing mechanism");
            }
            Key generateKey = KeyUtil.generateKey(mechanism, bArr);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("GenerateKey<<<<<<Finished: key=" + SADKDebugger.dump(generateKey));
            }
            return generateKey;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", e);
            throw new PKIException("GenerateKey failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", e2);
            throw new PKIException("GenerateKey failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("GenerateKey<<<<<<Failure", th);
            throw new PKIException("GenerateKey failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        byte[] ECDSASignHash;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("sign>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PrivateKey: " + SADKDebugger.dump(privateKey) + "\n sourceData: " + SADKDebugger.dump(bArr));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("sign failure with missing mechanism");
            }
            if (privateKey == null) {
                throw new PKIException("sign failure with missing PrivateKey");
            }
            if (bArr == null) {
                throw new PKIException("sign failure with missing sourceData");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("sign failure with invalid mechanism=" + mechanism);
            }
            if (Mechanisms.isSM2WithSM3(mechanism)) {
                SM2PrivateKey SM2PrivateKeyFrom = SM2PrivateKeyFrom(privateKey);
                ECDSASignHash = SM2SignHash(SM2PrivateKeyFrom, SM2ContextConfig.getUseZValue() ? SM2HashMessage(SM2PrivateKeyFrom.getSM2PublicKey(), bArr, true) : SM2HashMessage(null, bArr, false));
            } else {
                ECDSASignHash = Mechanisms.isECDSA(mechanism) ? ECDSASignHash(decodeECCKey(privateKey), RSAHashMessage(mechanism, bArr, false), mechanism) : RSASignHash(privateKey, RSAHashMessage(mechanism, bArr));
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("sign<<<<<<Finished: signValue=" + SADKDebugger.dump(ECDSASignHash));
            }
            return ECDSASignHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", e);
            throw new PKIException("sign failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", e2);
            throw new PKIException("sign failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", th);
            throw new PKIException("sign failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, InputStream inputStream) throws PKIException {
        byte[] ECDSASignHash;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("sign>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PrivateKey: " + SADKDebugger.dump(privateKey) + "\n sourceStream: " + SADKDebugger.dump(inputStream));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("sign failure with missing mechanism");
            }
            if (privateKey == null) {
                throw new PKIException("sign failure with missing PrivateKey");
            }
            if (inputStream == null) {
                throw new PKIException("sign failure with missing sourceStream");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("sign failure with invalid mechanism=" + mechanism);
            }
            if (Mechanisms.isSM2WithSM3(mechanism)) {
                SM2PrivateKey SM2PrivateKeyFrom = SM2PrivateKeyFrom(privateKey);
                ECDSASignHash = SM2SignHash(SM2PrivateKeyFrom, SM2ContextConfig.getUseZValue() ? SM2HashFile(SM2PrivateKeyFrom.getSM2PublicKey(), inputStream, true) : SM2HashFile(null, inputStream, false));
            } else {
                ECDSASignHash = Mechanisms.isECDSA(mechanism) ? ECDSASignHash(decodeECCKey(privateKey), RSAHashFile(mechanism, inputStream, false), mechanism) : RSASignHash(privateKey, RSAHashFile(mechanism, inputStream));
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("sign<<<<<<Finished: signValue=" + SADKDebugger.dump(ECDSASignHash));
            }
            return ECDSASignHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", e);
            throw new PKIException("sign failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", e2);
            throw new PKIException("sign failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("sign<<<<<<Failure", th);
            throw new PKIException("sign failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] signByHash(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("signByHash>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PrivateKey: " + SADKDebugger.dump(privateKey) + "\n hashValue: " + SADKDebugger.dump(bArr));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("signByHash failure with missing mechanism");
            }
            if (privateKey == null) {
                throw new PKIException("signByHash failure with missing PrivateKey");
            }
            if (bArr == null) {
                throw new PKIException("signByHash failure with missing hashValue");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("signByHash failure with invalid mechanism=" + mechanism);
            }
            HashUtil.checkHashLength(mechanism, bArr);
            byte[] SM2SignHash = Mechanisms.isSM2WithSM3(mechanism) ? SM2SignHash(SM2PrivateKeyFrom(privateKey), bArr) : Mechanisms.isECDSA(mechanism) ? ECDSASignHash(decodeECCKey(privateKey), bArr, mechanism) : RSASignHash(privateKey, HashEncoderUtil.derEncoder(mechanism, bArr));
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("signByHash<<<<<<Finished: signValue=" + SADKDebugger.dump(SM2SignHash));
            }
            return SM2SignHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("signByHash<<<<<<Failure", e);
            throw new PKIException("signByHash failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("signByHash<<<<<<Failure", e2);
            throw new PKIException("signByHash failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("signByHash<<<<<<Failure", th);
            throw new PKIException("signByHash failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verify(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        boolean ECDSAVerifyHash;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verify>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PublicKey: " + SADKDebugger.dump(publicKey) + "\n sourceData: " + SADKDebugger.dump(bArr) + "\n signData: " + SADKDebugger.dump(bArr2));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("verify failure with missing mechanism");
            }
            if (publicKey == null) {
                throw new PKIException("verify failure with missing PublicKey");
            }
            if (bArr == null) {
                throw new PKIException("verify failure with missing sourceData");
            }
            if (bArr2 == null) {
                throw new PKIException("verify failure with missing signData");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("verify failure with invalid mechanism=" + mechanism);
            }
            if (Mechanisms.isSM2WithSM3(mechanism)) {
                SM2PublicKey SM2PublicKeyFrom = SM2PublicKeyFrom(publicKey);
                ECDSAVerifyHash = SM2VerifyHash(SM2PublicKeyFrom, SM2HashMessage(SM2PublicKeyFrom, bArr, true), bArr2);
                if (CompatibleAlgorithm.isCompatibleSM2WithoutZ() && !ECDSAVerifyHash) {
                    ECDSAVerifyHash = SM2VerifyHash(SM2PublicKeyFrom, SM2HashMessage(SM2PublicKeyFrom, bArr, false), bArr2);
                }
            } else {
                ECDSAVerifyHash = Mechanisms.isECDSA(mechanism) ? ECDSAVerifyHash(decodeECCKey(publicKey), RSAHashMessage(mechanism, bArr, false), bArr2, mechanism) : RSAVerifyHash(publicKey, RSAHashMessage(mechanism, bArr), bArr2);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("verify<<<<<<Finished: verifyResult=" + ECDSAVerifyHash);
            }
            return ECDSAVerifyHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", e);
            throw new PKIException("verify failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", e2);
            throw new PKIException("sign failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", th);
            throw new PKIException("verify failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verify(Mechanism mechanism, PublicKey publicKey, InputStream inputStream, byte[] bArr) throws PKIException {
        boolean ECDSAVerifyHash;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verify>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PublicKey: " + SADKDebugger.dump(publicKey) + "\n sourceStream: " + SADKDebugger.dump(inputStream) + "\n signData: " + SADKDebugger.dump(bArr));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("verify failure with missing mechanism");
            }
            if (publicKey == null) {
                throw new PKIException("verify failure with missing PublicKey");
            }
            if (inputStream == null) {
                throw new PKIException("verify failure with missing sourceStream");
            }
            if (bArr == null) {
                throw new PKIException("verify failure with missing signData");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("verify failure with invalid mechanism=" + mechanism);
            }
            if (Mechanisms.isSM2WithSM3(mechanism)) {
                SM2PublicKey SM2PublicKeyFrom = SM2PublicKeyFrom(publicKey);
                boolean isCompatibleSM2WithoutZ = CompatibleAlgorithm.isCompatibleSM2WithoutZ();
                byte[] bArr2 = new byte[32];
                byte[] bArr3 = new byte[32];
                SM2HashFile(SM2PublicKeyFrom, isCompatibleSM2WithoutZ, inputStream, bArr2, bArr3);
                ECDSAVerifyHash = SM2VerifyHash(SM2PublicKeyFrom, bArr2, bArr);
                if (isCompatibleSM2WithoutZ && !ECDSAVerifyHash) {
                    ECDSAVerifyHash = SM2VerifyHash(SM2PublicKeyFrom, bArr3, bArr);
                }
            } else {
                ECDSAVerifyHash = Mechanisms.isECDSA(mechanism) ? ECDSAVerifyHash(decodeECCKey(publicKey), RSAHashFile(mechanism, inputStream, false), bArr, mechanism) : RSAVerifyHash(publicKey, RSAHashFile(mechanism, inputStream), bArr);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("verify<<<<<<Finished: verifyResult=" + ECDSAVerifyHash);
            }
            return ECDSAVerifyHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", e);
            throw new PKIException("verify failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", e2);
            throw new PKIException("sign failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verify<<<<<<Failure", th);
            throw new PKIException("verify failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verifyByHash(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verifyByHash>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n PublicKey: " + SADKDebugger.dump(publicKey) + "\n hashValue: " + SADKDebugger.dump(bArr) + "\n signValue: " + SADKDebugger.dump(bArr2));
        }
        try {
            if (mechanism == null) {
                throw new PKIException("verifyByHash failure with missing mechanism");
            }
            if (publicKey == null) {
                throw new PKIException("verifyByHash failure with missing PublicKey");
            }
            if (bArr == null) {
                throw new PKIException("verifyByHash failure with missing hashValue");
            }
            HashUtil.checkHashLength(mechanism, bArr);
            if (bArr2 == null) {
                throw new PKIException("verifyByHash failure with missing signValue");
            }
            if (!Mechanisms.isValid(mechanism)) {
                throw new PKIException("verifyByHash failure with invalid mechanism=" + mechanism);
            }
            boolean SM2VerifyHash = Mechanisms.isSM2WithSM3(mechanism) ? SM2VerifyHash(SM2PublicKeyFrom(publicKey), bArr, bArr2) : Mechanisms.isECDSA(mechanism) ? ECDSAVerifyHash(decodeECCKey(publicKey), bArr, bArr2, mechanism) : RSAVerifyHash(publicKey, HashEncoderUtil.derEncoder(mechanism, bArr), bArr2);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("verifyByHash<<<<<<Finished: verifyResult=" + SM2VerifyHash);
            }
            return SM2VerifyHash;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("verifyByHash<<<<<<Failure", e);
            throw new PKIException("verifyByHash failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("verifyByHash<<<<<<Failure", e2);
            throw new PKIException("verifyByHash failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verifyByHash<<<<<<Failure", th);
            throw new PKIException("verifyByHash failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] encrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] DESedeEncryptMessage;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("encrypt>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n Key: " + SADKDebugger.dump(key) + "\n sourceData: " + SADKDebugger.dump(bArr));
        }
        EncryptTypeDetector.forbidECCEncrypt(mechanism);
        try {
            if (mechanism == null) {
                throw new PKIException("encrypt failure with missing mechanism");
            }
            if (key == null) {
                throw new PKIException("encrypt failure with missing key");
            }
            if (bArr == null) {
                throw new PKIException("encrypt failure with missing sourceData");
            }
            String mechanismType = mechanism.getMechanismType();
            if (mechanismType.equals(MechanismKit.SM2)) {
                DESedeEncryptMessage = SM2EncryptMessage(SM2PublicKeyFrom(key), bArr);
            } else if (MechanismExt.SM4.equals(mechanismType)) {
                DESedeEncryptMessage = SM4EncryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals(MechanismKit.RSA_PKCS)) {
                DESedeEncryptMessage = RSAEncryptMessage((PublicKey) key, bArr);
            } else if (mechanismType.equals(MechanismKit.DES3_CBC) || mechanismType.equals(MechanismKit.DES3_ECB)) {
                DESedeEncryptMessage = DESedeEncryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals(MechanismKit.AES_CBC) || mechanismType.equals(MechanismKit.AES_ECB)) {
                DESedeEncryptMessage = AESEncryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals("RC4")) {
                DESedeEncryptMessage = RC4EncryptMessage(mechanism, key, bArr);
            } else {
                if (!mechanismType.equals(MechanismKit.ECC)) {
                    throw new PKIException("encrypt failure with invalid mechanism=" + mechanism);
                }
                DESedeEncryptMessage = ECCEncryptMessage((PublicKey) key, bArr);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("encrypt<<<<<<Finished: encryptBytes=" + SADKDebugger.dump(DESedeEncryptMessage));
            }
            return DESedeEncryptMessage;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", e);
            throw new PKIException("encrypt failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", e2);
            throw new PKIException("encrypt failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", th);
            throw new PKIException("encrypt failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] decrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] DESedeDecryptMessage;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("decrypt>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n Key: " + SADKDebugger.dump(key) + "\n encryptData: " + SADKDebugger.dump(bArr));
        }
        EncryptTypeDetector.forbidECCEncrypt(mechanism);
        try {
            if (mechanism == null) {
                throw new PKIException("encrypt failure with missing mechanism");
            }
            if (key == null) {
                throw new PKIException("encrypt failure with missing key");
            }
            if (bArr == null) {
                throw new PKIException("encrypt failure with missing encryptData");
            }
            String mechanismType = mechanism.getMechanismType();
            if (mechanismType.equals(MechanismKit.SM2)) {
                DESedeDecryptMessage = SM2DecryptMessage(SM2PrivateKeyFrom(key), bArr);
            } else if (MechanismExt.SM4.equals(mechanismType)) {
                DESedeDecryptMessage = SM4DecryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals(MechanismKit.RSA_PKCS)) {
                DESedeDecryptMessage = RSADecryptMessage((PrivateKey) key, bArr);
            } else if (mechanismType.equals(MechanismKit.DES3_CBC) || mechanismType.equals(MechanismKit.DES3_ECB)) {
                DESedeDecryptMessage = DESedeDecryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals(MechanismKit.AES_CBC) || mechanismType.equals(MechanismKit.AES_ECB)) {
                DESedeDecryptMessage = AESDecryptMessage(mechanism, key, bArr);
            } else if (mechanismType.equals("RC4")) {
                DESedeDecryptMessage = RC4DecryptMessage(mechanism, key, bArr);
            } else {
                if (!mechanismType.equals(MechanismKit.ECC)) {
                    throw new PKIException("decrypt failure with invalid mechanism=" + mechanism);
                }
                DESedeDecryptMessage = ECCDecryptMessage((PrivateKey) key, bArr);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("decrypt<<<<<<Finished: decryptBytes=" + SADKDebugger.dump(DESedeDecryptMessage));
            }
            return DESedeDecryptMessage;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", e);
            throw new PKIException("decrypt failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", e2);
            throw new PKIException("decrypt failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", th);
            throw new PKIException("decrypt failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final void encrypt(Mechanism mechanism, Key key, InputStream inputStream, OutputStream outputStream) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("encrypt>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n Key: " + SADKDebugger.dump(key) + "\n sourceStream: " + SADKDebugger.dump(inputStream) + "\n encryptStream: " + SADKDebugger.dump(outputStream));
        }
        EncryptTypeDetector.forbidECCEncrypt(mechanism);
        try {
            if (mechanism == null) {
                throw new PKIException("encrypt failure with missing mechanism");
            }
            StreamEncryptChecker.checkAllowedKeyType(key);
            if (inputStream == null) {
                throw new PKIException("encrypt failure with missing sourceStream");
            }
            if (outputStream == null) {
                throw new PKIException("encrypt failure with missing encryptStream");
            }
            SymmetricHelper.fileEncrypt(false, mechanism, key.getEncoded(), inputStream, outputStream);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("encrypt<<<<<<Finished");
            }
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", e);
            throw new PKIException("encrypt failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", e2);
            throw new PKIException("encrypt failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("encrypt<<<<<<Failure", th);
            throw new PKIException("encrypt failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final void decrypt(Mechanism mechanism, Key key, InputStream inputStream, OutputStream outputStream) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("decrypt>>>>>>Running\n mechanism: " + SADKDebugger.dump(mechanism) + "\n Key: " + SADKDebugger.dump(key) + "\n encryptStream: " + SADKDebugger.dump(inputStream) + "\n plainTextStream: " + SADKDebugger.dump(outputStream));
        }
        EncryptTypeDetector.forbidECCEncrypt(mechanism);
        try {
            if (mechanism == null) {
                throw new PKIException("encrypt failure with missing mechanism");
            }
            StreamEncryptChecker.checkAllowedKeyType(key);
            if (inputStream == null) {
                throw new PKIException("encrypt failure with missing encryptStream");
            }
            if (outputStream == null) {
                throw new PKIException("encrypt failure with missing plainTextStream");
            }
            SymmetricHelper.fileDecrypt(false, mechanism, key.getEncoded(), inputStream, outputStream);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("decryp<<<<<<Finished");
            }
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", e);
            throw new PKIException("decrypt failure with exception: " + e.getMessage(), e);
        } catch (Exception e2) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", e2);
            throw new PKIException("decrypt failure with exception: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("decrypt<<<<<<Failure", th);
            throw new PKIException("decrypt failure with throwable: " + th.getMessage(), th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Provider getProvider() {
        return SADKProvider.INSTANCE();
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final String getProviderName() {
        return SADKProvider.INSTANCE().getName();
    }

    protected final SM2PublicKey SM2PublicKeyFrom(Key key) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("SM2PublicKeyFrom::>>>>>>Running\n key: " + SADKDebugger.dump(key));
        }
        SM2PublicKey sM2PublicKey = key instanceof SM2PublicKey ? (SM2PublicKey) key : new SM2PublicKey(key.getEncoded());
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("SM2PublicKeyFrom::<<<<<<Finished: sm2PublicKey=" + ((Object) SADKDebugger.dump(sM2PublicKey)));
        }
        return sM2PublicKey;
    }

    protected final SM2PrivateKey SM2PrivateKeyFrom(Key key) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("SM2PrivateKeyFrom::>>>>>>Running\n key: " + SADKDebugger.dump(key));
        }
        SM2PrivateKey sM2PrivateKey = key instanceof SM2PrivateKey ? (SM2PrivateKey) key : new SM2PrivateKey(key.getEncoded());
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("SM2PrivateKeyFrom::<<<<<<Finished: sm2PrivateKey=" + SADKDebugger.dump(sM2PrivateKey));
        }
        return sM2PrivateKey;
    }

    protected abstract KeyPair SM2GenerateKeyPair() throws PKIException;

    protected abstract KeyPair RSAGenerateKeyPair(int i) throws PKIException;

    protected abstract KeyPair ECCGenerateKeyPair(Mechanism mechanism) throws PKIException;

    protected abstract byte[] SM2EncryptMessage(SM2PublicKey sM2PublicKey, byte[] bArr) throws PKIException;

    protected abstract byte[] SM2DecryptMessage(SM2PrivateKey sM2PrivateKey, byte[] bArr) throws PKIException;

    protected abstract byte[] SM2SignHash(SM2PrivateKey sM2PrivateKey, byte[] bArr) throws PKIException;

    protected abstract boolean SM2VerifyHash(SM2PublicKey sM2PublicKey, byte[] bArr, byte[] bArr2) throws PKIException;

    protected abstract byte[] SM2HashMessage(SM2PublicKey sM2PublicKey, byte[] bArr, boolean z) throws PKIException;

    protected abstract byte[] SM2HashFile(SM2PublicKey sM2PublicKey, InputStream inputStream, boolean z) throws PKIException;

    protected abstract byte[] RSAEncryptMessage(PublicKey publicKey, byte[] bArr) throws PKIException;

    protected abstract byte[] RSADecryptMessage(PrivateKey privateKey, byte[] bArr) throws PKIException;

    protected abstract byte[] RSASignHash(PrivateKey privateKey, byte[] bArr) throws PKIException;

    protected abstract boolean RSAVerifyHash(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException;

    protected abstract byte[] RSAHashMessage(Mechanism mechanism, byte[] bArr) throws PKIException;

    protected abstract byte[] RSAHashMessage(Mechanism mechanism, byte[] bArr, boolean z) throws PKIException;

    protected abstract byte[] RSAHashFile(Mechanism mechanism, InputStream inputStream) throws PKIException;

    protected abstract byte[] RSAHashFile(Mechanism mechanism, InputStream inputStream, boolean z) throws PKIException;

    protected abstract byte[] SM4EncryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] SM4DecryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] RC4EncryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] RC4DecryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] DESedeEncryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] DESedeDecryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] AESEncryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract byte[] AESDecryptMessage(Mechanism mechanism, Key key, byte[] bArr) throws PKIException;

    protected abstract void SM2HashFile(SM2PublicKey sM2PublicKey, boolean z, InputStream inputStream, byte[] bArr, byte[] bArr2) throws PKIException;

    protected abstract byte[] ECDSASignHash(PrivateKey privateKey, byte[] bArr, Mechanism mechanism) throws PKIException;

    protected abstract boolean ECDSAVerifyHash(PublicKey publicKey, byte[] bArr, byte[] bArr2, Mechanism mechanism) throws PKIException;

    protected abstract byte[] ECCEncryptMessage(PublicKey publicKey, byte[] bArr) throws PKIException;

    protected abstract byte[] ECCDecryptMessage(PrivateKey privateKey, byte[] bArr) throws PKIException;

    private final PrivateKey decodeECCKey(PrivateKey privateKey) throws PKIException {
        PrivateKey generatePrivate;
        if (privateKey instanceof ECPrivateKey) {
            generatePrivate = privateKey;
        } else {
            try {
                generatePrivate = KeyFactory.getInstance("EC", SADKProvider.INSTANCE()).generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded()));
            } catch (Exception e) {
                throw new PKIException("sign failure priKey is not supported: " + privateKey.getClass(), e);
            }
        }
        return generatePrivate;
    }

    private final PublicKey decodeECCKey(PublicKey publicKey) throws PKIException {
        PublicKey generatePublic;
        if (publicKey instanceof ECPublicKey) {
            generatePublic = publicKey;
        } else {
            try {
                generatePublic = KeyFactory.getInstance("EC", SADKProvider.INSTANCE()).generatePublic(new X509EncodedKeySpec(publicKey.getEncoded()));
            } catch (Exception e) {
                throw new PKIException("verify failure pubKey is not supported: " + publicKey.getClass(), e);
            }
        }
        return generatePublic;
    }

    @Override // cfca.sadk.lib.crypto.Session
    public boolean checkIdleTest() throws PKIException {
        return true;
    }
}
