package com.bill99.crypto.processor;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.util.CertUtil;
import cfca.sadk.util.EnvelopeUtil;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import com.bill99.crypto.config.CryptoConfig;
import java.security.PrivateKey;

/* loaded from: input_file:com/bill99/crypto/processor/P7CryptoProcessor.class */
public class P7CryptoProcessor {
    private static final Logger logger = LoggerFactory.getLogger(P7CryptoProcessor.class);
    private static CryptoConfig cryptoConfig;

    public CryptoConfig getCryptoConfig() {
        return cryptoConfig;
    }

    public void setCryptoConfig(CryptoConfig cryptoConfig2) {
        cryptoConfig = cryptoConfig2;
    }

    public String p7Sign(String str) throws Exception {
        X509Cert sigMerchantCert = getCryptoConfig().getSigMerchantCert();
        PrivateKey sigMerchantKey = getCryptoConfig().getSigMerchantKey();
        checkNotNull(sigMerchantCert, "签名商户证书必须配置");
        checkNotNull(sigMerchantKey, "签名商户私钥必须配置");
        return new String(new Signature().p7SignMessageDetach(CertUtil.isSM2Cert(sigMerchantCert) ? "SM3withSM2" : "sha256WithRSAEncryption", str.getBytes("UTF-8"), sigMerchantKey, sigMerchantCert, BCSoftLib.INSTANCE()));
    }

    public boolean p7Verify(String str, String str2) throws Exception {
        Signature signature = new Signature();
        if (!signature.p7VerifyMessageDetach(str.getBytes("UTF-8"), str2.getBytes(), BCSoftLib.INSTANCE())) {
            logger.error("验签失败");
            return false;
        }
        X509Cert signerCert = signature.getSignerCert();
        if (signerCert.equals(getCryptoConfig().getVfyKqCert()) || signerCert.equals(getCryptoConfig().getAltVfyKqCert())) {
            return true;
        }
        logger.error("未匹配签名证书SN={}", signerCert.getSerialNumber().toString(16));
        return false;
    }

    public String p7Envelop(String str) throws Exception {
        X509Cert encKqCert = getCryptoConfig().getEncKqCert();
        checkNotNull(encKqCert, "加密快钱证书必须配置");
        return new String(EnvelopeUtil.envelopeMessage(str.getBytes("UTF-8"), CertUtil.isSM2Cert(encKqCert) ? "SM4/CBC/PKCS7Padding" : "AES/CBC/PKCS7Padding", new X509Cert[]{encKqCert}));
    }

    public String p7OpenEnvelope(String str) throws Exception {
        byte[] bArr = null;
        byte[] bytes = str.getBytes();
        boolean z = false;
        PrivateKey decMerchantKey = getCryptoConfig().getDecMerchantKey();
        X509Cert decMerchantCert = getCryptoConfig().getDecMerchantCert();
        checkNotNull(decMerchantKey, "解密商户证书必须配置");
        checkNotNull(decMerchantCert, "解密商户私钥必须配置");
        Throwable th = null;
        try {
            bArr = EnvelopeUtil.openEvelopedMessage(bytes, decMerchantKey, decMerchantCert, BCSoftLib.INSTANCE());
            z = true;
        } catch (PKIException e) {
            th = e;
        }
        if (!z) {
            PrivateKey altDecMerchantKey = getCryptoConfig().getAltDecMerchantKey();
            X509Cert altDecMerchantCert = getCryptoConfig().getAltDecMerchantCert();
            if (altDecMerchantKey != null && altDecMerchantCert != null) {
                try {
                    logger.info("decrypt by default cert config but fail , try to use alternate cert...");
                    bArr = EnvelopeUtil.openEvelopedMessage(bytes, altDecMerchantKey, altDecMerchantCert, BCSoftLib.INSTANCE());
                } catch (PKIException e2) {
                }
            }
        }
        if (bArr != null) {
            return new String(bArr, "UTF-8");
        }
        logger.info("decrypt by default and alternate cert config , but all of them fail...");
        throw th;
    }

    private void checkNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalStateException(str);
        }
    }
}
