package cmbc.cfca.util.cipher.lib;

import cmbc.cfca.asn1.parser.BigFileCipherUtil;
import cmbc.cfca.internal.tool.HashEncoderUtil;
import cmbc.cfca.org.bouncycastle.crypto.encodings.PKCS1Encoding;
import cmbc.cfca.org.bouncycastle.crypto.engines.RSABlindedEngine;
import cmbc.cfca.org.bouncycastle.crypto.engines.RSAEngine;
import cmbc.cfca.org.bouncycastle.crypto.params.RSAKeyParameters;
import cmbc.cfca.rsa.envelope.RSASymmetricCryptoUtil;
import cmbc.cfca.rsa.signature.RSAPackageUtil;
import cmbc.cfca.sadk.signature.sm2.BCSoftSM2;
import cmbc.cfca.sadk.signature.sm2.SM2PackageUtil;
import cmbc.cfca.sm2.envelope.SM2SymmetricCryptoUtil;
import cmbc.cfca.sm2.signature.SM2PrivateKey;
import cmbc.cfca.sm2.signature.SM2PublicKey;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.SecurityContext;
import cmbc.cfca.util.HashUtil;
import java.io.File;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;

/* loaded from: input_file:cmbc/cfca/util/cipher/lib/BCSoftLib.class */
public final class BCSoftLib implements Session {
    static final int encryptedType_SM2 = 1;
    static final int encryptedType_RSA = 2;
    static final int encryptedType_DES_RC4 = 17;
    static final int encryptedType_SM4 = 18;
    static final HashMap hashSignatureAlgorithms = new HashMap();
    static final HashMap hashEncryptedAlgorithms = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean hasSignatureAlgorithm(String str) {
        return hashSignatureAlgorithms.containsKey(str);
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public KeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        KeyPair generateKeyPair;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        try {
            if (Mechanism.SM2.equals(mechanism.getMechanismType())) {
                generateKeyPair = BCSoftSM2.generateKeyPair();
            } else {
                if (!Mechanism.RSA.equals(mechanism.getMechanismType())) {
                    throw new PKIException(PKIException.BC_KEY_PAIR, new StringBuffer().append("产生非对称密钥对失败 本操作不支持此种机制类型").append(mechanism.getMechanismType()).toString());
                }
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Mechanism.RSA);
                    if (i <= 512 || i > 4096) {
                        throw new PKIException(new StringBuffer().append("key length is illgal:").append(i).toString());
                    }
                    keyPairGenerator.initialize(i);
                    generateKeyPair = keyPairGenerator.generateKeyPair();
                } catch (Exception e) {
                    return null;
                }
            }
            return generateKeyPair;
        } catch (Exception e2) {
            throw new PKIException(e2.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAEncrypt((RSAPrivateKey) privateKey, HashUtil.rsaHashMessageDER(bArr, mechanism), mechanism);
            }
            if (!(privateKey instanceof SM2PrivateKey)) {
                throw new PKIException("The private key type is not sm2 type!");
            }
            SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
            return SM2PackageUtil.encryptByBC(HashUtil.sm2HashMessage(sM2PrivateKey.getSM2PublicKey(), bArr, SecurityContext.getUseZValue()), sM2PrivateKey);
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, String str) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAEncrypt((RSAPrivateKey) privateKey, HashUtil.rsaHashFileDER(str, mechanism), mechanism);
            }
            if (!(privateKey instanceof SM2PrivateKey)) {
                throw new PKIException("The private key type is not sm2 type!");
            }
            SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
            return SM2PackageUtil.encryptByBC(HashUtil.sm2HashFile(sM2PrivateKey.getSM2PublicKey(), str, SecurityContext.getUseZValue()), sM2PrivateKey);
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifySign(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAPackageUtil.isRSAHashEqual(RSADecrypt((RSAPublicKey) publicKey, bArr2, mechanism), HashUtil.rsaHashMessageDER(bArr, mechanism));
            }
            if (publicKey instanceof SM2PublicKey) {
                return SM2PackageUtil.verifyByBC(HashUtil.sm2HashMessage((SM2PublicKey) publicKey, bArr, SecurityContext.getUseZValue()), bArr2, publicKey);
            }
            throw new PKIException("The public key type is not sm2 type!");
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifySign(Mechanism mechanism, PublicKey publicKey, String str, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAPackageUtil.isRSAHashEqual(RSADecrypt((RSAPublicKey) publicKey, bArr, mechanism), HashUtil.rsaHashFileDER(str, mechanism));
            }
            if (publicKey instanceof SM2PublicKey) {
                return SM2PackageUtil.verifyByBC(HashUtil.sm2HashFile((SM2PublicKey) publicKey, str, SecurityContext.getUseZValue()), bArr, publicKey);
            }
            throw new PKIException("The public key type is not sm2 type!");
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] signByHash(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for priKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for digest");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAEncrypt((RSAPrivateKey) privateKey, HashEncoderUtil.derEncoder(mechanismType, bArr), mechanism);
            }
            if (privateKey instanceof SM2PrivateKey) {
                return SM2PackageUtil.encryptByBC(bArr, (SM2PrivateKey) privateKey);
            }
            throw new PKIException("The private key type is not sm2 type!");
        } catch (Exception e) {
            throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final boolean verifyByHash(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (publicKey == null) {
            throw new IllegalArgumentException("null not allowed for pubKey");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for digest");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!hasSignatureAlgorithm(mechanismType)) {
            throw new PKIException(PKIException.SIGN, new StringBuffer().append("签名操作失败 本操作不支持此种机制类型 ").append(mechanismType).toString());
        }
        try {
            if (!"SM3withSM2".equals(mechanismType)) {
                return RSAPackageUtil.isRSAHashEqual(RSADecrypt((RSAPublicKey) publicKey, bArr2, mechanism), HashEncoderUtil.derEncoder(mechanismType, bArr));
            }
            if (publicKey instanceof SM2PublicKey) {
                return SM2PackageUtil.verifyByBC(bArr, bArr2, (SM2PublicKey) publicKey);
            }
            throw new PKIException("The public key type is not sm2 type!");
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_SIGN, PKIException.VERIFY_SIGN_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] encrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] cryptoUtil;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for sourceData");
        }
        try {
            String mechanismType = mechanism.getMechanismType();
            Integer num = (Integer) hashEncryptedAlgorithms.get(mechanismType);
            if (num == null) {
                throw new PKIException(PKIException.ENCRYPT, new StringBuffer().append("加密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            switch (num.intValue()) {
                case 1:
                    cryptoUtil = SM2Encrypt((SM2PublicKey) key, bArr);
                    break;
                case 2:
                    cryptoUtil = RSAEncrypt((RSAPublicKey) key, bArr, mechanism);
                    break;
                case 17:
                    cryptoUtil = RSASymmetricCryptoUtil.encrypt(key.getEncoded(), bArr, mechanism);
                    break;
                case 18:
                    cryptoUtil = SM2SymmetricCryptoUtil.cryptoUtil(true, key.getEncoded(), bArr, mechanism);
                    break;
                default:
                    throw new PKIException(PKIException.ENCRYPT, new StringBuffer().append("加密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            return cryptoUtil;
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCRYPT, PKIException.ENCRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final byte[] decrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] cryptoUtil;
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for encryptData");
        }
        try {
            String mechanismType = mechanism.getMechanismType();
            Integer num = (Integer) hashEncryptedAlgorithms.get(mechanismType);
            if (num == null) {
                throw new PKIException(PKIException.DECRYPT, new StringBuffer().append("解密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            switch (num.intValue()) {
                case 1:
                    cryptoUtil = SM2Decrypt((SM2PrivateKey) key, bArr);
                    break;
                case 2:
                    cryptoUtil = RSADecrypt((RSAPrivateKey) key, bArr, mechanism);
                    break;
                case 17:
                    cryptoUtil = RSASymmetricCryptoUtil.decrypt(key.getEncoded(), bArr, mechanism);
                    break;
                case 18:
                    cryptoUtil = SM2SymmetricCryptoUtil.cryptoUtil(false, key.getEncoded(), bArr, mechanism);
                    break;
                default:
                    throw new PKIException(PKIException.DECRYPT, new StringBuffer().append("解密操作失败 本操作不支持此种机制类型").append(mechanismType).toString());
            }
            return cryptoUtil;
        } catch (Exception e) {
            throw new PKIException(PKIException.DECRYPT, PKIException.DECRYPT_DES, e);
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final void encrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for sourceFilePath");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for encryptFilePath");
        }
        try {
            BigFileCipherUtil.bigFileBlockCipher(true, mechanism, key.getEncoded(), new File(str), new File(str2));
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final void decrypt(Mechanism mechanism, Key key, String str, String str2) throws PKIException {
        if (mechanism == null) {
            throw new IllegalArgumentException("null not allowed for mechanism");
        }
        if (key == null) {
            throw new IllegalArgumentException("null not allowed for key");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for encryptFilePath");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("null not allowed for plainTextFilePath");
        }
        try {
            BigFileCipherUtil.bigFileBlockCipher(false, mechanism, key.getEncoded(), new File(str), new File(str2));
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    @Override // cmbc.cfca.util.cipher.lib.Session
    public final Key generateKey(Mechanism mechanism) throws PKIException {
        return RSASymmetricCryptoUtil.generateSecureKey(mechanism);
    }

    private final byte[] SM2Encrypt(SM2PublicKey sM2PublicKey, byte[] bArr) throws Exception {
        return SM2SymmetricCryptoUtil.sm2Encrypt(true, sM2PublicKey, bArr);
    }

    private final byte[] SM2Decrypt(SM2PrivateKey sM2PrivateKey, byte[] bArr) throws Exception {
        return SM2SymmetricCryptoUtil.sm2Encrypt(false, sM2PrivateKey, bArr);
    }

    private byte[] RSAEncrypt(RSAPublicKey rSAPublicKey, byte[] bArr, Mechanism mechanism) throws Exception {
        RSAKeyParameters generatePublicKeyParameter = RSAPackageUtil.generatePublicKeyParameter(rSAPublicKey);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSAEngine());
        pKCS1Encoding.init(true, generatePublicKeyParameter);
        return pKCS1Encoding.processBlock(bArr, 0, bArr.length);
    }

    private byte[] RSADecrypt(RSAPrivateKey rSAPrivateKey, byte[] bArr, Mechanism mechanism) throws Exception {
        RSAKeyParameters generatePrivateKeyParameter = RSAPackageUtil.generatePrivateKeyParameter(rSAPrivateKey);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSAEngine());
        pKCS1Encoding.init(false, generatePrivateKeyParameter);
        return pKCS1Encoding.processBlock(bArr, 0, bArr.length);
    }

    private byte[] RSAEncrypt(RSAPrivateKey rSAPrivateKey, byte[] bArr, Mechanism mechanism) throws Exception {
        RSAKeyParameters generatePrivateKeyParameter = RSAPackageUtil.generatePrivateKeyParameter(rSAPrivateKey);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
        pKCS1Encoding.init(true, generatePrivateKeyParameter);
        return pKCS1Encoding.processBlock(bArr, 0, bArr.length);
    }

    private byte[] RSADecrypt(RSAPublicKey rSAPublicKey, byte[] bArr, Mechanism mechanism) throws Exception {
        RSAKeyParameters generatePublicKeyParameter = RSAPackageUtil.generatePublicKeyParameter(rSAPublicKey);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
        pKCS1Encoding.init(false, generatePublicKeyParameter);
        return pKCS1Encoding.processBlock(bArr, 0, bArr.length);
    }

    static {
        hashSignatureAlgorithms.put("SM3withSM2", null);
        hashSignatureAlgorithms.put("SHA1withRSAEncryption", null);
        hashSignatureAlgorithms.put("SHA256withRSAEncryption", null);
        hashSignatureAlgorithms.put("SHA512withRSA", null);
        hashSignatureAlgorithms.put("MD5withRSAEncryption", null);
        hashEncryptedAlgorithms.put(Mechanism.SM2, 1);
        hashEncryptedAlgorithms.put(Mechanism.RSA_PKCS, 2);
        hashEncryptedAlgorithms.put("DESede/CBC/PKCS7Padding", 17);
        hashEncryptedAlgorithms.put("DESede/ECB/PKCS7Padding", 17);
        hashEncryptedAlgorithms.put("RC4", 17);
        hashEncryptedAlgorithms.put("SM4/CBC/PKCS7Padding", 18);
        hashEncryptedAlgorithms.put("SM4/ECB/PKCS7Padding", 18);
    }
}
