package com.alipay.oasis.client.challenger.crypto;

import com.alipay.oasis.client.challenger.crypto.key.AesGcm128BitKey;
import com.alipay.oasis.client.challenger.crypto.key.AesGcm128BitTag;
import com.alipay.oasis.client.challenger.crypto.key.AesGcmInitVector;
import com.alipay.oasis.client.challenger.crypto.key.Constant;
import com.alipay.oasis.client.challenger.crypto.key.CryptoData;
import com.alipay.oasis.client.challenger.crypto.key.Rsa2048PrivateKey;
import com.alipay.oasis.client.challenger.crypto.key.Rsa2048PublicKey;
import com.alipay.oasis.client.challenger.crypto.key.Rsa2048Signature;
import com.alipay.oasis.client.challenger.exception.OasisCryptoException;
import com.alipay.oasis.client.challenger.util.Assert;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/alipay/oasis/client/challenger/crypto/CryptoUtil.class */
public class CryptoUtil {
    private static final Log LOGGER = LogFactory.getLog(CryptoUtil.class);
    private static final int START_INDEX = 0;
    private static final int BYTE_BIT_SIZE = 8;

    public static void aesEncrypt(AesGcm128BitKey aesGcm128BitKey, CryptoData cryptoData, CryptoData cryptoData2, AesGcm128BitTag aesGcm128BitTag) {
        try {
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, new AesGcmInitVector().getIv());
            SecretKeySpec secretKeySpec = new SecretKeySpec(aesGcm128BitKey.getKey(), Constant.AES_KEY_ALGO);
            Cipher cipher = Cipher.getInstance(Constant.AES_GCM_NOPADDING_CIPHER);
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            byte[] doFinal = cipher.doFinal(cryptoData.getData());
            cryptoData2.setData(Arrays.copyOfRange(doFinal, START_INDEX, cryptoData.getData().length));
            aesGcm128BitTag.setTag(Arrays.copyOfRange(doFinal, cryptoData.getData().length, doFinal.length));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warn("Aes Encrypt Data Fail", e);
            throw new OasisCryptoException("Aes Encrypt Data Fail: " + e.getMessage());
        }
    }

    public static void aesDecrypt(AesGcm128BitKey aesGcm128BitKey, CryptoData cryptoData, AesGcm128BitTag aesGcm128BitTag, CryptoData cryptoData2) {
        try {
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, new AesGcmInitVector().getIv());
            SecretKeySpec secretKeySpec = new SecretKeySpec(aesGcm128BitKey.getKey(), Constant.AES_KEY_ALGO);
            Cipher cipher = Cipher.getInstance(Constant.AES_GCM_NOPADDING_CIPHER);
            cipher.init(2, secretKeySpec, gCMParameterSpec);
            cryptoData2.setData(cipher.doFinal(ArrayUtils.addAll(cryptoData.getData(), aesGcm128BitTag.getTag())));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warn("Aes Encrypt Data Fail", e);
            throw new OasisCryptoException("Aes Encrypt Data Fail: " + e.getMessage());
        }
    }

    public static void rsaEncrypt(Rsa2048PublicKey rsa2048PublicKey, CryptoData cryptoData, CryptoData cryptoData2) {
        try {
            PublicKey publicKey = rsa2048PublicKey.getPublicKey();
            Cipher cipher = Cipher.getInstance(Constant.RSA_NONE_OAEPPADDING_CIPHER);
            cipher.init(1, publicKey);
            cryptoData2.setData(cipher.doFinal(cryptoData.getData()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warn("Rsa Encrypt Data Fail", e);
            throw new OasisCryptoException("Rsa Encrypt Data Fail: " + e.getMessage());
        }
    }

    public static void rsaDecrypt(Rsa2048PrivateKey rsa2048PrivateKey, CryptoData cryptoData, CryptoData cryptoData2) {
        try {
            PrivateKey privateKey = rsa2048PrivateKey.getPrivateKey();
            Cipher cipher = Cipher.getInstance(Constant.RSA_NONE_OAEPPADDING_CIPHER);
            cipher.init(2, privateKey);
            cryptoData2.setData(cipher.doFinal(cryptoData.getData()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LOGGER.warn("Rsa Encrypt Data Fail", e);
            throw new OasisCryptoException("Rsa Encrypt Data Fail: " + e.getMessage());
        }
    }

    public static void rsaSign(Rsa2048PrivateKey rsa2048PrivateKey, CryptoData cryptoData, Rsa2048Signature rsa2048Signature) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            PrivateKey privateKey = rsa2048PrivateKey.getPrivateKey();
            Signature signature = Signature.getInstance(Constant.SHA256_WITH_RSA_CIPHER, Constant.BC_PROVIDER);
            signature.initSign(privateKey);
            signature.update(cryptoData.getData());
            rsa2048Signature.setSignature(signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            LOGGER.warn("Rsa Encrypt Data Fail", e);
            throw new OasisCryptoException("Rsa Encrypt Data Fail: " + e.getMessage());
        }
    }

    public static void rsaVerify(Rsa2048PublicKey rsa2048PublicKey, CryptoData cryptoData, Rsa2048Signature rsa2048Signature) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            PublicKey publicKey = rsa2048PublicKey.getPublicKey();
            Signature signature = Signature.getInstance(Constant.SHA256_WITH_RSA_CIPHER, Constant.BC_PROVIDER);
            signature.initVerify(publicKey);
            signature.update(cryptoData.getData());
            Assert.isTrue(signature.verify(rsa2048Signature.getSignature()), "Signature is Not Match For Current Data");
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            LOGGER.warn("Rsa Verify Data Fail", e);
            throw new OasisCryptoException("Rsa Verify Data Fail: " + e.getMessage());
        }
    }
}
