package cmbc.cfca.util.cipher.lib;

import cmbc.cfca.asn1.parser.BigFileCipherUtil;
import cmbc.cfca.internal.tool.HashEncoderUtil;
import cmbc.cfca.org.bouncycastle.crypto.params.ECDomainParameters;
import cmbc.cfca.org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import cmbc.cfca.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import cmbc.cfca.rsa.envelope.RSASymmetricCryptoUtil;
import cmbc.cfca.rsa.signature.RSAPackageUtil;
import cmbc.cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.SM2Params;
import cmbc.cfca.sadk.signature.sm2.SM2PackageUtil;
import cmbc.cfca.sm2.envelope.SM2SymmetricCryptoUtil;
import cmbc.cfca.sm2.signature.SM2PrivateKey;
import cmbc.cfca.sm2.signature.SM2PublicKey;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.SecurityContext;
import cmbc.cfca.util.HashUtil;
import cmbc.cryptokit.SMJNI.SM2JNI;
import cmbc.cryptokit.SMJNI.SM3JNI;
import cryptokit.jni.JNISM2;
import java.io.File;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:cmbc/cfca/util/cipher/lib/JNISoftLib.class */
public final class JNISoftLib implements Session {
    @Override // cmbc.cfca.util.cipher.lib.Session
    public final KeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        KeyPair generateKeyPair;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        try {
            if (Mechanism.SM2.equals(mechanism.getMechanismType())) {
                byte[] bArr = new byte[32];
                byte[] bArr2 = new byte[32];
                byte[] bArr3 = new byte[32];
                try {
                    SM2JNI.generateKeypair(bArr, bArr2, bArr3);
                    ECDomainParameters eCDomainParameters = SM2Params.sm2DomainParameters;
                    generateKeyPair = new KeyPair(new SM2PublicKey(new ECPublicKeyParameters(eCDomainParameters.getCurve().createPoint(new BigInteger(1, bArr2), new BigInteger(1, bArr3)), eCDomainParameters)), new SM2PrivateKey(new ECPrivateKeyParameters(new BigInteger(1, bArr), eCDomainParameters)));
                } catch (Exception e) {
                    throw new PKIException(e.getMessage());
                }
            } else {
                if (!Mechanism.RSA.equals(mechanism.getMechanismType())) {
                    throw new PKIException(PKIException.JNI_KEY_PAIR, new StringBuffer().append("产生非对称密钥对失败 本操作不支持此种机制类型").append(mechanism.getMechanismType()).toString());
                }
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Mechanism.RSA);
                    if (i <= 512 || i > 4096) {
                        throw new PKIException(new StringBuffer().append("key length is illgal:").append(i).toString());
                    }
                    keyPairGenerator.initialize(i);
                    generateKeyPair = keyPairGenerator.generateKeyPair();
                } catch (Exception e2) {
                    return null;
                }
            }
            return generateKeyPair;
        } catch (Exception e3) {
            throw new PKIException(e3.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if ("SM3withSM2".equals(mechanismType)) {
                if (!(privateKey instanceof SM2PrivateKey)) {
                    throw new PKIException("The private key type is not sm2 type!");
                }
                SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
                return SM2PackageUtil.encryptByJNI(HashUtil.sm2HashMessage(sM2PrivateKey.getSM2PublicKey(), bArr, SecurityContext.getUseZValue()), sM2PrivateKey.getD_Bytes());
            }
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new PKIException("The private key type is not rsa type!");
            }
            return RSAPackageUtil.encryptByJNI(HashUtil.rsaHashMessageDER(bArr, mechanism), (RSAPrivateKey) privateKey);
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, String str) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if ("SM3withSM2".equals(mechanismType)) {
                if (!(privateKey instanceof SM2PrivateKey)) {
                    throw new PKIException("The private key type is not sm2 type!");
                }
                SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
                return SM2PackageUtil.encryptByJNI(HashUtil.sm2HashFile(sM2PrivateKey.getSM2PublicKey(), str, SecurityContext.getUseZValue()), sM2PrivateKey.getD_Bytes());
            }
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new PKIException("The private key type is not rsa type!");
            }
            return RSAPackageUtil.encryptByJNI(HashUtil.rsaHashFileDER(str, mechanism), (RSAPrivateKey) privateKey);
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifySign(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                if (!(publicKey instanceof RSAPublicKey)) {
                    throw new PKIException("The public key type is not rsa type!");
                }
                return RSAPackageUtil.isRSAHashEqual(RSAPackageUtil.decryptByJNI(bArr2, (RSAPublicKey) publicKey), HashUtil.rsaHashMessageDER(bArr, mechanism));
            }
            if (!(publicKey instanceof SM2PublicKey)) {
                throw new PKIException("The public key type is not sm2 type!");
            }
            SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
            byte[] bArr3 = new byte[32];
            SM3JNI sm3jni = new SM3JNI();
            sm3jni.update(sM2PublicKey.getDefaultZ());
            sm3jni.doFinal(bArr, bArr3);
            return SM2PackageUtil.verifyByJNI(bArr3, bArr2, sM2PublicKey.getPubX(), sM2PublicKey.getPubY());
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifySign(Mechanism mechanism, PublicKey publicKey, String str, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if ("SM3withSM2".equals(mechanismType)) {
                if (!(publicKey instanceof SM2PublicKey)) {
                    throw new PKIException("The public key type is not sm2 type!");
                }
                SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
                return SM2PackageUtil.verifyByJNI(HashUtil.sm2HashFile(sM2PublicKey, str, SecurityContext.getUseZValue()), bArr, sM2PublicKey.getPubX(), sM2PublicKey.getPubY());
            }
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new PKIException("The public key type is not rsa type!");
            }
            return RSAPackageUtil.isRSAHashEqual(RSAPackageUtil.decryptByJNI(bArr, (RSAPublicKey) publicKey), HashUtil.rsaHashFileDER(str, mechanism));
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] signByHash(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for digest");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if ("SM3withSM2".equals(mechanismType)) {
                if (privateKey instanceof SM2PrivateKey) {
                    return SM2PackageUtil.encryptByJNI(bArr, ((SM2PrivateKey) privateKey).getD_Bytes());
                }
                throw new PKIException("The private key type is not sm2 type!");
            }
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new PKIException("The private key type is not rsa type!");
            }
            return RSAPackageUtil.encryptByJNI(HashEncoderUtil.derEncoder(mechanismType, bArr), (RSAPrivateKey) privateKey);
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifyByHash(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for digest");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!BCSoftLib.hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if ("SM3withSM2".equals(mechanismType)) {
                if (!(publicKey instanceof SM2PublicKey)) {
                    throw new PKIException("The public key type is not sm2 type!");
                }
                SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
                return SM2PackageUtil.verifyByJNI(bArr, bArr2, sM2PublicKey.getPubX(), sM2PublicKey.getPubY());
            }
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new PKIException("The public key type is not rsa type!");
            }
            return RSAPackageUtil.isRSAHashEqual(RSAPackageUtil.decrypt(bArr2, publicKey), HashEncoderUtil.derEncoder(mechanismType, bArr));
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] encrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] cryptoUtil;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        try {
            String mechanismType = mechanism.getMechanismType();
            Integer num = (Integer) BCSoftLib.hashEncryptedAlgorithms.get(mechanismType);
            if (num == null) {
                throw new PKIException(PKIException.ENCRYPT, new StringBuffer().append("加密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            switch (num.intValue()) {
                case 1:
                    cryptoUtil = SM2Encrypt(key, bArr);
                    break;
                case 2:
                    cryptoUtil = RSAEncrypt((RSAPublicKey) key, bArr, mechanism);
                    break;
                case 17:
                    cryptoUtil = RSASymmetricCryptoUtil.encrypt(key.getEncoded(), bArr, mechanism);
                    break;
                case 18:
                    cryptoUtil = SM2SymmetricCryptoUtil.cryptoUtil(true, key.getEncoded(), bArr, mechanism);
                    break;
                default:
                    throw new PKIException(PKIException.ENCRYPT, new StringBuffer().append("加密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            return cryptoUtil;
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCRYPT, PKIException.ENCRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] decrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] cryptoUtil;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for encryptData");
        }
        try {
            String mechanismType = mechanism.getMechanismType();
            Integer num = (Integer) BCSoftLib.hashEncryptedAlgorithms.get(mechanismType);
            if (num == null) {
                throw new PKIException(PKIException.DECRYPT, new StringBuffer().append("解密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            switch (num.intValue()) {
                case 1:
                    cryptoUtil = SM2Decrypt(key, bArr);
                    break;
                case 2:
                    cryptoUtil = RSADecrypt((RSAPrivateKey) key, bArr, mechanism);
                    break;
                case 17:
                    cryptoUtil = RSASymmetricCryptoUtil.decrypt(key.getEncoded(), bArr, mechanism);
                    break;
                case 18:
                    cryptoUtil = SM2SymmetricCryptoUtil.cryptoUtil(false, key.getEncoded(), bArr, mechanism);
                    break;
                default:
                    throw new PKIException(PKIException.DECRYPT, new StringBuffer().append("解密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            return cryptoUtil;
        } catch (Exception e) {
            throw new PKIException(PKIException.DECRYPT, PKIException.DECRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final void encrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for encryptFilePath");
        }
        try {
            BigFileCipherUtil.bigFileBlockCipher(true, mechanism, key.getEncoded(), new File(str), new File(str2));
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final void decrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for encryptFilePath");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for plainTextFilePath");
        }
        try {
            BigFileCipherUtil.bigFileBlockCipher(false, mechanism, key.getEncoded(), new File(str), new File(str2));
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final Key generateKey(Mechanism mechanism) throws PKIException {
        return RSASymmetricCryptoUtil.generateSecureKey(mechanism);
    }

    private final byte[] SM2Encrypt(Key key, byte[] bArr) throws Exception {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        byte[] bArr2 = new byte[bArr.length + 96];
        SM2PublicKey sM2PublicKey = (SM2PublicKey) key;
        if (JNISM2.encrypt(bArr, sM2PublicKey.getPubX(), sM2PublicKey.getPubY(), bArr2)) {
            return bArr2;
        }
        throw new SecurityException("encrypted failure");
    }

    private final byte[] SM2Decrypt(Key key, byte[] bArr) throws Exception {
        if (bArr == null || bArr.length < 96) {
            throw new IllegalArgumentException("null or length not allowed for encryptData");
        }
        byte[] bArr2 = new byte[bArr.length - 96];
        if (JNISM2.decrypt(bArr, ((SM2PrivateKey) key).getD_Bytes(), bArr2)) {
            return bArr2;
        }
        throw new SecurityException("decrypted failure");
    }

    private byte[] RSAEncrypt(RSAPublicKey rSAPublicKey, byte[] bArr, Mechanism mechanism) throws Exception {
        return RSAPackageUtil.encryptByJNI(bArr, rSAPublicKey);
    }

    private byte[] RSADecrypt(RSAPrivateKey rSAPrivateKey, byte[] bArr, Mechanism mechanism) throws Exception {
        return RSAPackageUtil.decryptByJNI(bArr, rSAPrivateKey);
    }
}
