package kl.certdevice;

import com.kl.saic.sso.ssoJW.constant.JWServerStatusCode;
import com.koal.security.asn1.DecodeException;
import com.koal.security.pki.pkcs7.e;
import com.koal.security.pki.pkcs7.w;
import com.koal.security.pki.x509.f;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import kl.cds.android.sdk.bean.policy.CertDevicePolicy;
import kl.certdevice.bean.BlockCipherParam;
import kl.certdevice.bean.ECCCipherBlob;
import kl.certdevice.bean.EnvelopedKeyBlob;
import kl.certdevice.bean.EnvelopedKeyPairData;
import kl.certdevice.constant.AsymmAlgorithm;
import kl.certdevice.constant.DigestAlgorithm;
import kl.certdevice.constant.MACType;
import kl.certdevice.constant.PINType;
import kl.certdevice.constant.SKF;
import kl.certdevice.constant.SymmAlgorithm;
import kl.certdevice.constant.SymnCipher;
import kl.certdevice.exception.DeviceError;
import kl.certdevice.exception.DeviceException;
import kl.certdevice.loader.P7EngineLoader;
import kl.certdevice.loader.ProviderLoader;
import kl.certdevice.provider.ProviderMgr;
import kl.certdevice.util.Args;
import kl.certdevice.util.CertFormat;
import kl.certdevice.util.DigestInfoUtil;
import kl.certdevice.util.JDeviceUtil;
import kl.certdevice.util.PFXUtils;
import kl.certdevice.util.PKCS7Utils;
import kl.certdevice.util.SignAlgorithmUtil;
import kl.certdevice.util.Sym.AESCipher;
import kl.certdevice.util.Sym.ICipher;
import kl.certdevice.util.Sym.KeyCipher;
import kl.certdevice.util.Sym.SymManager;
import kl.certdevice.util.Sym.SymUtil;
import kl.certdevice.util.log.LogSKFJNI;
import kl.security.asn1.EncodeException;
import kl.security.asn1.G;
import kl.security.asn1.v;
import kl.security.b.f.i;
import kl.security.b.j.b;
import kl.security.b.j.c;
import kl.security.b.j.d;
import kl.security.ec.KoalEcPublicKey;
import kl.security.pki.custom.KLKeySafe;
import kl.security.pki.pkcs7.z;
import kl.security.pki.x509.C0552a;
import kl.security.pki.x509.C0563l;
import kl.security.pki.x509.C0570t;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class JDeviceEnroll {
    public static final String COOPERATION_MODE_OID = "2.17.157.1.11000.1.1.2";
    public static final String KEYPAIR_MODEL_FLAG = "2.17.157.1.11000.1.1";
    private static final String KLKEY_SAFE_OID = "1.2.86.11.7.1998.100";
    private static final Logger logger = LoggerFactory.getLogger(JDeviceEnroll.class);
    private final JDevice device;

    public JDeviceEnroll(JDevice jDevice) {
        Args.notNull(jDevice, "device");
        this.device = jDevice;
    }

    @Deprecated
    public static boolean J_P7Verify(byte[] bArr, byte[] bArr2) {
        e eVar = new e();
        try {
            eVar.decode(bArr);
            w wVar = (w) eVar.a().a();
            f b2 = wVar.a().a(0).b();
            try {
                return PKCS7Utils.verify(b2.b(), bArr2 != null ? new String(com.koal.security.util.a.a(bArr2)) : null, new String(com.koal.security.util.a.a(bArr)));
            } catch (Exception unused) {
                throw new DeviceException(1, "签名不能识别");
            }
        } catch (DecodeException unused2) {
            throw new DeviceException(1, "签名不能识别");
        }
    }

    public static boolean P7Verify(byte[] bArr, byte[] bArr2, int i) {
        if (bArr == null) {
            throw new DeviceException(1, new Exception("无签名数据"));
        }
        if (i == 1 && bArr2 == null) {
            throw new DeviceException(1, new Exception("Dettach模式下必须传入原文数据"));
        }
        P7EngineLoader p7Provider = ProviderMgr.getP7Provider();
        boolean Verify = p7Provider.Verify(CertFormat.P7PemFormat(bArr), null, bArr2, i);
        logger.warn("SKF_JNI_P7Engine", new String(p7Provider.GetErrorStr()));
        return Verify;
    }

    public ECCCipherBlob EXECCEncrypt(byte[] bArr, String str) {
        try {
            C0563l c0563l = new C0563l();
            c0563l.decode(h.a.a.a.a.a.e(str.getBytes()));
            KoalEcPublicKey koalEcPublicKey = (KoalEcPublicKey) c0563l.g();
            JDeviceMgr.openDevice(getDevice());
            return ProviderLoader.ExtEccEncrypt(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle(), bArr, koalEcPublicKey);
        } catch (Exception unused) {
            throw new DeviceException(1, "ECC公钥加密失败");
        }
    }

    public byte[] EXEccDecrypt(ECCCipherBlob eCCCipherBlob) {
        try {
            JDeviceMgr.openContainer(getDevice());
            return ProviderLoader.ExtEccDecrypt(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), eCCCipherBlob);
        } catch (Exception unused) {
            throw new DeviceException(1, "ECC私钥解密失败");
        }
    }

    public byte[] EnvelopedDecrypt(byte[] bArr, String[] strArr, boolean z) {
        P7EngineLoader p7Provider = ProviderMgr.getP7Provider();
        byte[] Decrypt = p7Provider.Decrypt(CertFormat.P7PemFormat(bArr), CertFormat.Base64ToPem(strArr), !z ? 1 : 0);
        logger.warn("SKF_JNI_P7Engine", new String(p7Provider.GetErrorStr()));
        return Decrypt;
    }

    public byte[] EnvelopedEncrypt(String[] strArr, byte[] bArr) {
        P7EngineLoader p7Provider = ProviderMgr.getP7Provider();
        byte[] Encrypt = p7Provider.Encrypt(bArr, CertFormat.Base64ToPem(strArr), p7Provider.getCipher().getId());
        logger.warn("SKF_JNI_P7Engine", new String(p7Provider.GetErrorStr()));
        return CertFormat.PemToBase64(Encrypt);
    }

    @Deprecated
    public byte[] J_EnvelopedDecrypt(byte[] bArr) {
        return PFXUtils.EnvelopedDecrypt(PKCS7Utils.getPrivateKey(exportEncPfx(JWServerStatusCode.TEMP_SSO_MOBILE_TOKEN), JWServerStatusCode.TEMP_SSO_MOBILE_TOKEN.toCharArray()), bArr);
    }

    @Deprecated
    public byte[] J_EnvelopedEncrypt(C0563l c0563l, byte[] bArr) {
        return PFXUtils.makeEnvelop("DES", bArr, c0563l.g()).encode();
    }

    @Deprecated
    public byte[] J_P7sign(int i, byte[] bArr) {
        try {
            return PKCS7Utils.p7Sign(bArr, exportEncPfx(JWServerStatusCode.TEMP_SSO_MOBILE_TOKEN), JWServerStatusCode.TEMP_SSO_MOBILE_TOKEN, i);
        } catch (NoSuchAlgorithmException unused) {
            throw new DeviceException(1, "没有对应的加密算法");
        } catch (EncodeException unused2) {
            throw new DeviceException(1, "PFX不能解码");
        }
    }

    public byte[] P7sign(int i, byte[] bArr) {
        P7EngineLoader p7Provider = ProviderMgr.getP7Provider();
        byte[] Sign = p7Provider.Sign(bArr, i);
        logger.warn("SKF_JNI_P7Engine", new String(p7Provider.GetErrorStr()));
        return CertFormat.PemToBase64(Sign);
    }

    public byte[] SymDoFinal(long j) {
        byte[] DoFinal = SymManager.getInstance().getCipher(j).DoFinal();
        SymManager.getInstance().removeCipher(Long.valueOf(j));
        return DoFinal;
    }

    public long SymInitCipher(SymmAlgorithm symmAlgorithm, int i, byte[] bArr, byte[] bArr2, int i2) {
        ICipher iCipher;
        if (SymUtil.isAES(symmAlgorithm)) {
            iCipher = new AESCipher();
        } else {
            KeyCipher keyCipher = new KeyCipher();
            keyCipher.setDevice(this.device);
            iCipher = keyCipher;
        }
        long init = iCipher.init(symmAlgorithm, i, bArr, bArr2, i2);
        SymManager.getInstance().addCipher(Long.valueOf(init), iCipher);
        return init;
    }

    public byte[] SymUpdate(long j, byte[] bArr) {
        return SymManager.getInstance().getCipher(j).Update(bArr);
    }

    public byte[] digest(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        return digest(digestAlgorithm, bArr, null);
    }

    public byte[] digest(DigestAlgorithm digestAlgorithm, byte[] bArr, KoalEcPublicKey koalEcPublicKey) {
        Args.notNull(digestAlgorithm, "digestAlgorithm");
        Args.notNull(bArr, "toBeDigested");
        try {
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        if (DigestAlgorithm.SGD_SHA1.equals(digestAlgorithm)) {
            return MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr);
        }
        if (DigestAlgorithm.SGD_SHA256.equals(digestAlgorithm)) {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        }
        JDeviceMgr.openContainer(getDevice());
        long j = 0;
        try {
            j = ProviderLoader.digestInit(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle(), koalEcPublicKey, digestAlgorithm);
            ProviderLoader.digestUpdate(getDevice().getProvider().getHandle(), j, bArr);
            return ProviderLoader.digestFinal(getDevice().getProvider().getHandle(), j);
        } finally {
            JDeviceUtil.closeCryptoHandleQuietly(getDevice().getProvider().getHandle(), j);
        }
    }

    public C0563l exportCertificate(boolean z) {
        if (getDevice().getConName() == null) {
            return null;
        }
        JDeviceMgr.openContainer(getDevice());
        return ProviderLoader.exportCertificate(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), z);
    }

    public i exportEncPfx(String str) {
        Args.notNull(str, "password");
        JDeviceMgr.openContainer(this.device);
        byte[] exportEncPFX = ProviderLoader.exportEncPFX(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), str.getBytes());
        i iVar = new i();
        try {
            iVar.decode(exportEncPFX);
        } catch (kl.security.asn1.DecodeException e2) {
            e2.printStackTrace();
        }
        return iVar;
    }

    public PublicKey exportPublicKey(boolean z) {
        JDeviceMgr.openContainer(getDevice());
        int i = a.f11664b[JDeviceMgr.getContainerType(getDevice()).ordinal()];
        if (i == 1) {
            return ProviderLoader.exportRsaPublicKey(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), z);
        }
        if (i != 2) {
            return null;
        }
        return ProviderLoader.exportEccPublicKey(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), z);
    }

    public PublicKey genKeyPair(AsymmAlgorithm asymmAlgorithm, int i) {
        Args.notNull(asymmAlgorithm, "asymmAlgorithm");
        getDevice().setUserVerified(false);
        JDeviceMgr.openContainer(getDevice());
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        return a.f11663a[asymmAlgorithm.ordinal()] != 1 ? ProviderLoader.genEccKeyPair(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle()) : ProviderLoader.genRsaKeyPair(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), i);
    }

    public byte[] genP10Req(String str, AsymmAlgorithm asymmAlgorithm, int i, boolean z, String str2) {
        PublicKey genKeyPair;
        String str3;
        byte[] p1Sign;
        Args.notNull(str, "subjectDN");
        Args.notNull(asymmAlgorithm, "asymmAlgorithm");
        try {
            try {
                JDeviceMgr.openContainer(this.device);
                JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
                if (z) {
                    try {
                        genKeyPair = exportPublicKey(true);
                        LogSKFJNI.d("公钥step1：" + com.koal.security.util.a.a(genKeyPair.getEncoded()));
                    } catch (DeviceException unused) {
                        genKeyPair = genKeyPair(asymmAlgorithm, i);
                        LogSKFJNI.d("公钥step1 exception：" + com.koal.security.util.a.a(genKeyPair.getEncoded()));
                    }
                } else {
                    genKeyPair = null;
                }
                if (genKeyPair == null) {
                    genKeyPair = genKeyPair(asymmAlgorithm, i);
                    LogSKFJNI.d("公钥step2：" + com.koal.security.util.a.a(genKeyPair.getEncoded()));
                }
                kl.security.b.e.a aVar = new kl.security.b.e.a();
                aVar.a().clearComponents();
                aVar.e().clearComponents();
                aVar.e().addRDNs(str);
                aVar.f().a(genKeyPair);
                if (str2 != null) {
                    b bVar = new b("extensionRequest");
                    bVar.a().copy(kl.security.b.j.f.k);
                    d dVar = new d("set");
                    C0570t c0570t = new C0570t("symm");
                    c0570t.a().b("1.2.156.10197.1.100");
                    c0570t.a(str2.getBytes());
                    ((c) dVar.getComponent(0)).addComponent(c0570t);
                    if (getDevice().getProvider().getName().equals(CertDevicePolicy.R_Koal_File_Store_V2_0)) {
                        C0570t c0570t2 = new C0570t();
                        c0570t2.a().b(KLKEY_SAFE_OID);
                        KLKeySafe kLKeySafe = new KLKeySafe();
                        kLKeySafe.getKeyModelFlag().setValue(KLKeySafe.v2);
                        System.out.println("============= KLKEY:{}" + new String(com.koal.security.util.a.a(kLKeySafe.encode())));
                        c0570t2.a(kLKeySafe.encode());
                        ((c) dVar.getComponent(0)).addComponent(c0570t2);
                    }
                    bVar.b().a(dVar);
                    aVar.a().addComponent(bVar);
                }
                byte[] encode = aVar.b().encode();
                int i2 = a.f11663a[asymmAlgorithm.ordinal()];
                if (i2 == 1) {
                    str3 = "SHA256WITHRSA";
                    p1Sign = p1Sign("SHA256WITHRSA", encode, null);
                } else {
                    if (i2 != 2) {
                        throw new DeviceException(DeviceError.SAR_NOTSUPPORTYETERR);
                    }
                    str3 = "SM3WITHSM2";
                    p1Sign = p1Sign("SM3WITHSM2", encode, (KoalEcPublicKey) genKeyPair);
                }
                aVar.c().setValue(p1Sign);
                C0552a c0552a = new C0552a("sigAlg");
                c0552a.getAlgorithm().copy(SignAlgorithmUtil.getOIDByName(str3));
                c0552a.a().a(new v("null"));
                aVar.d().copy(c0552a);
                return aVar.encode();
            } catch (Exception e2) {
                throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e2);
            }
        } catch (DeviceException e3) {
            throw e3;
        }
    }

    public byte[] genP10Req(String str, AsymmAlgorithm asymmAlgorithm, int i, boolean z, String str2, String str3, String str4) {
        String str5;
        byte[] p1Sign;
        Args.notNull(str, "subjectDN");
        Args.notNull(asymmAlgorithm, "asymmAlgorithm");
        try {
            JDeviceMgr.openContainer(this.device);
            JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
            PublicKey exportPublicKey = z ? exportPublicKey(true) : genKeyPair(asymmAlgorithm, i);
            kl.security.b.e.a aVar = new kl.security.b.e.a();
            aVar.a().clearComponents();
            aVar.e().clearComponents();
            aVar.e().addRDNs(str);
            aVar.f().a(exportPublicKey);
            if (str2 != null || str3 != null || str4 != null) {
                b bVar = new b("extensionRequest");
                bVar.a().copy(kl.security.b.j.f.k);
                d dVar = new d("set");
                if (str2 != null) {
                    C0570t c0570t = new C0570t("symm");
                    c0570t.a().b("1.2.156.10197.1.100");
                    c0570t.a(str2.getBytes());
                    ((c) dVar.getComponent(0)).addComponent(c0570t);
                }
                if (str3 != null) {
                    C0570t c0570t2 = new C0570t("pkcs7");
                    c0570t2.a().b("2.16.156.1.11000.10.50");
                    c0570t2.a(p7Sign(str3.getBytes()));
                    ((c) dVar.getComponent(0)).addComponent(c0570t2);
                }
                if (str4 != null) {
                    C0570t c0570t3 = new C0570t("newCid");
                    c0570t3.a().b("2.16.156.1.11000.10.51");
                    G g2 = new G();
                    g2.setValue(str4);
                    c0570t3.a(g2.encode());
                    ((c) dVar.getComponent(0)).addComponent(c0570t3);
                }
                bVar.b().a(dVar);
                aVar.a().addComponent(bVar);
            }
            byte[] encode = aVar.b().encode();
            int i2 = a.f11663a[asymmAlgorithm.ordinal()];
            if (i2 == 1) {
                str5 = "SHA256WITHRSA";
                p1Sign = p1Sign("SHA256WITHRSA", encode, null);
            } else {
                if (i2 != 2) {
                    throw new DeviceException(DeviceError.SAR_NOTSUPPORTYETERR);
                }
                str5 = "SM3WITHSM2";
                p1Sign = p1Sign("SM3WITHSM2", encode, (KoalEcPublicKey) exportPublicKey);
            }
            aVar.c().setValue(p1Sign);
            C0552a c0552a = new C0552a("sigAlg");
            c0552a.getAlgorithm().copy(SignAlgorithmUtil.getOIDByName(str5));
            c0552a.a().a(new v("null"));
            aVar.d().copy(c0552a);
            return aVar.encode();
        } catch (DeviceException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e3);
        }
    }

    public byte[] genRandom(int i) {
        JDeviceMgr.openContainer(getDevice());
        return ProviderLoader.genRandom(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle(), i);
    }

    public JDevice getDevice() {
        return this.device;
    }

    public SymnCipher getEnvelopSymnAlgorithm() {
        return ProviderMgr.getP7Provider().getCipher();
    }

    public void importCertificate(boolean z, byte[] bArr) {
        Args.notNull(bArr, "x509CertBytes");
        JDeviceMgr.openContainer(getDevice());
        ProviderLoader.importCertificate(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), z, bArr);
    }

    public void importECCKeyPair(byte[] bArr) {
        Args.notNull(bArr, "envelopedKeyPair");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        ProviderLoader.importEccKeyPair(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), EnvelopedKeyBlob.valueOf(bArr));
    }

    public void importKeyPair(AsymmAlgorithm asymmAlgorithm, byte[] bArr) {
        Args.notNull(asymmAlgorithm, "asymmAlgorithm");
        Args.notNull(bArr, "envelopedKeyPair");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        try {
            EnvelopedKeyPairData envelopedKeyPairData = new EnvelopedKeyPairData();
            envelopedKeyPairData.decode(bArr);
            byte[] bArr2 = (byte[]) envelopedKeyPairData.getEncryptedSymmKeyData().getValue();
            byte[] bArr3 = (byte[]) envelopedKeyPairData.getEncryptedKeyPairData().getValue();
            byte[] bArr4 = (byte[]) envelopedKeyPairData.getSymmetricCipherOID().getValue();
            int i = a.f11663a[asymmAlgorithm.ordinal()];
            if (i == 1) {
                importRSAKeyPair(new String(bArr4), bArr2, bArr3);
            } else {
                if (i != 2) {
                    throw new DeviceException(SKF.SAR.SAR_NOTSUPPORTYETERR);
                }
                importECCKeyPair(bArr3);
            }
        } catch (Exception e2) {
            throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e2);
        }
    }

    public void importPfx(String str, boolean z, byte[] bArr) {
        Args.notNull(str, "pin");
        Args.notNull(bArr, "p12Data");
        try {
            try {
                long handle = this.device.getProvider().getHandle();
                try {
                    long connect = ProviderLoader.connect(handle, this.device.getDevName());
                    ProviderLoader.importPFX(handle, ProviderLoader.openContainer(handle, ProviderLoader.openApplication(handle, connect, this.device.getAppName()), this.device.getConName()), str.trim().getBytes(), z, bArr);
                    ProviderLoader.disConnect(handle, connect);
                } catch (Exception e2) {
                    e = e2;
                    throw new DeviceException(1, "导入pfx失败", e);
                }
            } catch (Throwable th) {
                th = th;
                ProviderLoader.disConnect(0L, 0L);
                throw th;
            }
        } catch (Exception e3) {
            e = e3;
        } catch (Throwable th2) {
            th = th2;
            ProviderLoader.disConnect(0L, 0L);
            throw th;
        }
    }

    public void importRSAKeyPair(String str, byte[] bArr, byte[] bArr2) {
        Args.notNull(str, "symAlgorithmOID");
        Args.notNull(bArr, "encryptedSymmKey");
        Args.notNull(bArr2, "encryptedKeyPair");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        if ("1.2.156.10197.1.104".equals(str) || "1.2.156.10197.1.104.1".equals(str)) {
            ProviderLoader.importRsaKeyPair(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), SymmAlgorithm.SGD_SMS4_ECB.getId(), bArr, bArr2);
        } else {
            throw new DeviceException(SKF.SAR.SAR_NOTSUPPORTYETERR, "不支持的保护算法 " + str);
        }
    }

    public byte[] mac(MACType mACType, byte[] bArr) {
        throw new DeviceException(SKF.SAR.SAR_NOTSUPPORTYETERR);
    }

    public byte[] nakeSign(AsymmAlgorithm asymmAlgorithm, byte[] bArr) {
        Args.notNull(asymmAlgorithm, "asymmAlgorithm");
        Args.notNull(bArr, "toBeSignedData");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        int i = a.f11663a[asymmAlgorithm.ordinal()];
        if (i == 1) {
            return ProviderLoader.nakedSignRsa(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), bArr);
        }
        if (i != 2) {
            throw new DeviceException(SKF.SAR.SAR_NOTSUPPORTYETERR);
        }
        try {
            return ProviderLoader.nakedSignEcc(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), bArr).encode();
        } catch (EncodeException e2) {
            throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e2);
        }
    }

    public byte[] nakeSign(byte[] bArr) {
        Args.notNull(bArr, "toBeSignedData");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        if (a.f11664b[JDeviceMgr.getContainerType(getDevice()).ordinal()] == 1) {
            return ProviderLoader.nakedSignRsa(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), bArr);
        }
        try {
            return ProviderLoader.nakedSignEcc(getDevice().getProvider().getHandle(), getDevice().getHandle().getConHandle(), bArr).encode();
        } catch (EncodeException e2) {
            throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e2);
        }
    }

    public byte[] p1Sign(String str, byte[] bArr, KoalEcPublicKey koalEcPublicKey) {
        byte[] digest;
        AsymmAlgorithm asymmAlgorithm;
        Args.notNull(str, "signAlgorithm");
        Args.notNull(bArr, "toBeSigned");
        JDeviceMgr.openContainer(this.device);
        JDeviceMgr.verifyPIN(getDevice(), PINType.USER);
        String upperCase = str.toUpperCase();
        if (upperCase.contains("RSA") && upperCase.contains("SHA1")) {
            digest = DigestInfoUtil.encodeASNDigestInfo("SHA1", digest(DigestAlgorithm.SGD_SHA1, bArr));
        } else {
            if (!upperCase.contains("RSA") || !upperCase.contains("SHA256")) {
                if (!upperCase.contains("SM2") || !upperCase.contains("SM3")) {
                    throw new DeviceException(SKF.SAR.SAR_NOTSUPPORTYETERR);
                }
                if (koalEcPublicKey == null) {
                    throw new IllegalArgumentException("使用 “SM2WITHSM3” 算法签名的时候，必须有 ecPublicKey");
                }
                digest = digest(DigestAlgorithm.SGD_SM3, bArr, koalEcPublicKey);
                asymmAlgorithm = AsymmAlgorithm.SGD_SM2_1;
                return nakeSign(asymmAlgorithm, digest);
            }
            digest = DigestInfoUtil.encodeASNDigestInfo("SHA256", digest(DigestAlgorithm.SGD_SHA256, bArr));
        }
        asymmAlgorithm = AsymmAlgorithm.SGD_RSA;
        return nakeSign(asymmAlgorithm, digest);
    }

    public byte[] p7Sign(byte[] bArr) {
        byte[] p1Sign;
        z zVar;
        try {
            C0563l exportCertificate = exportCertificate(true);
            PublicKey exportPublicKey = exportPublicKey(true);
            if (exportPublicKey instanceof RSAPublicKey) {
                zVar = PKCS7Utils.createSignerInfo(exportCertificate, digest(DigestAlgorithm.valueOfByCommonName(SignAlgorithmUtil.getDigestAlgorithm("SHA256WITHRSA")), bArr), "SHA256WITHRSA");
                p1Sign = p1Sign("SHA256WITHRSA", zVar.f(), null);
            } else {
                if (!(exportPublicKey instanceof KoalEcPublicKey)) {
                    throw new DeviceException(SKF.SAR.SAR_INVALIDPARAMERR, new Exception("未知的非对称公钥类型"));
                }
                z createSignerInfo = PKCS7Utils.createSignerInfo(exportCertificate, digest(DigestAlgorithm.valueOfByCommonName("SM3"), bArr, (KoalEcPublicKey) exportPublicKey), "SM3WITHSM2");
                p1Sign = p1Sign("SM3WITHSM2", createSignerInfo.f(), (KoalEcPublicKey) exportPublicKey);
                zVar = createSignerInfo;
            }
            return PKCS7Utils.createP7S(exportCertificate, bArr, zVar, p1Sign);
        } catch (DeviceException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new DeviceException(SKF.SAR.SAR_UNKNOWNERR, e3);
        }
    }

    public void setEnvelopSymnAlgorithm(SymnCipher symnCipher) {
        ProviderMgr.getP7Provider().setCipher(symnCipher);
    }

    public byte[] symDecrypt(SymmAlgorithm symmAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        Args.notNull(symmAlgorithm, "symmAlgorithm");
        Args.notNull(bArr, "keyData");
        Args.notNull(bArr2, "toBeDecrypted");
        if (SymUtil.isAES(symmAlgorithm)) {
            return SymUtil.AESEncrypt(symmAlgorithm, bArr, bArr2, bArr3, i, 2);
        }
        JDeviceMgr.openDevice(getDevice());
        long j = 0;
        try {
            j = ProviderLoader.importSymKey(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle(), symmAlgorithm, bArr);
            BlockCipherParam blockCipherParam = new BlockCipherParam();
            blockCipherParam.setPaddingType(i);
            if (bArr3 != null) {
                blockCipherParam.setIv(bArr3);
            }
            ProviderLoader.symDecryptInit(getDevice().getProvider().getHandle(), j, blockCipherParam);
            return h.a.a.c.a.a(ProviderLoader.symDecryptUpdate(getDevice().getProvider().getHandle(), j, bArr2), ProviderLoader.symDecryptFinal(getDevice().getProvider().getHandle(), j));
        } finally {
            JDeviceUtil.closeCryptoHandleQuietly(getDevice().getProvider().getHandle(), j);
        }
    }

    public byte[] symEncrypt(SymmAlgorithm symmAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        Args.notNull(symmAlgorithm, "symmAlgorithm");
        Args.notNull(bArr, "keyData");
        Args.notNull(bArr2, "toBeEncrypted");
        if (SymUtil.isAES(symmAlgorithm)) {
            return SymUtil.AESEncrypt(symmAlgorithm, bArr, bArr2, bArr3, i, 1);
        }
        JDeviceMgr.openDevice(getDevice());
        long j = 0;
        try {
            j = ProviderLoader.importSymKey(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle(), symmAlgorithm, bArr);
            BlockCipherParam blockCipherParam = new BlockCipherParam();
            blockCipherParam.setPaddingType(i);
            if (bArr3 != null) {
                blockCipherParam.setIv(bArr3);
            }
            ProviderLoader.symEncryptInit(getDevice().getProvider().getHandle(), j, blockCipherParam);
            return h.a.a.c.a.a(ProviderLoader.symEncryptUpdate(getDevice().getProvider().getHandle(), j, bArr2), ProviderLoader.symEncryptFinal(getDevice().getProvider().getHandle(), j));
        } finally {
            ProviderLoader.disConnect(getDevice().getProvider().getHandle(), getDevice().getHandle().getDevHandle());
            JDeviceUtil.closeCryptoHandleQuietly(getDevice().getProvider().getHandle(), j);
        }
    }
}
