package cn.com.jit.ida.util.pki.cipher.lib;

import cn.com.jit.ida.util.pki.ECDSAParser;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.PKIToolConfig;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.BERSequence;
import cn.com.jit.ida.util.pki.asn1.DERBitString;
import cn.com.jit.ida.util.pki.asn1.DERNull;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DEROutputStream;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.DigestInfo;
import cn.com.jit.ida.util.pki.asn1Ext.sec.SECNamedCurves;
import cn.com.jit.ida.util.pki.asn1Ext.x9.X9ECParameters;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JHandle;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.JKeyPair;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.param.CBCParam;
import cn.com.jit.ida.util.pki.cipher.param.EnvkeyParam;
import cn.com.jit.ida.util.pki.cipher.param.OAEPParam;
import cn.com.jit.ida.util.pki.cipher.param.PBEParam;
import cn.com.jit.ida.util.pki.cipher.softsm.SM2;
import cn.com.jit.ida.util.pki.cipher.softsm.SM2Result;
import cn.com.jit.ida.util.pki.cipher.softsm.SM3Digest;
import cn.com.jit.ida.util.pki.cipher.softsm.SM3HMAC;
import cn.com.jit.ida.util.pki.cipher.softsm.SM4;
import cn.com.jit.ida.util.pki.cipher.softsm.Sm4_Context;
import cn.com.jit.ida.util.pki.cipher.softsm.Util;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.jce.JitCipher;
import cn.com.jit.ida.util.pki.jce.JitKeyGenerator;
import cn.com.jit.ida.util.pki.jce.JitKeyPairGenerator;
import cn.com.jit.ida.util.pki.jce.JitMac;
import cn.com.jit.ida.util.pki.jce.JitMessageDigest;
import cn.com.jit.ida.util.pki.jce.JitSignature;
import cn.com.jit.ida.util.pki.util.ArraysUtil;
import cn.com.jit.ida.util.pki.util.FidoUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.PSource;
import kotlin.jvm.internal.ByteCompanionObject;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.jce.provider.JCERSAPrivateCrtKey;
import org.bouncycastle.jce.provider.JCERSAPublicKey;
import org.bouncycastle.math.ec.ECPoint;

/* loaded from: classes.dex */
public class JSoftLib implements Session {
    public static final String PROVIDER = "BC";
    private PKIToolConfig CfgTag = null;
    private String tag = JCrypto.JSOFT_LIB;

    private byte[] Digest2DerEncode(byte[] bArr, AlgorithmIdentifier algorithmIdentifier) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(new DigestInfo(algorithmIdentifier, bArr));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] addPaddingData(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + (16 - (bArr.length % 16))];
        bArr2[bArr.length] = ByteCompanionObject.MIN_VALUE;
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private byte[] delPaddingData(byte[] bArr) {
        int length = bArr.length;
        while (true) {
            length--;
            if (length < 0) {
                length = 0;
                break;
            }
            if (bArr[length] == Byte.MIN_VALUE) {
                break;
            }
        }
        return ArraysUtil.copyOfRange(bArr, 0, length);
    }

    private int doCipher(Mechanism mechanism, JKey jKey, boolean z, InputStream inputStream, OutputStream outputStream) throws Exception {
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equalsIgnoreCase(Mechanism.RSA_PKCS)) {
            if ((jKey.getKeyType().equals("RSA_Public") ? ((RSAPublicKey) Parser.convertPublicKey(jKey)).getModulus().bitLength() : jKey.getKeyType().equals(JKey.RSA_PRV_KEY) ? ((RSAPrivateKey) Parser.convertPrivateKey(jKey)).getModulus().bitLength() : -1) > 2048) {
                byte[] bArr = new byte[inputStream.available()];
                inputStream.read(bArr);
                inputStream.close();
                byte[] doCipher_RSA_ext = doCipher_RSA_ext(mechanism, jKey, z, bArr);
                outputStream.write(doCipher_RSA_ext);
                return doCipher_RSA_ext.length;
            }
        }
        Cipher jitCipher = JitCipher.getInstance(mechanismType, "BC");
        int i = z ? 1 : 2;
        if (mechanismType.indexOf("CBC") != -1) {
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            if (cBCParam == null) {
                throw new PKIException("CBC parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new IvParameterSpec(cBCParam.getIv()));
        } else if (mechanismType.indexOf("PBE") != -1) {
            PBEParam pBEParam = (PBEParam) mechanism.getParam();
            if (pBEParam == null) {
                throw new PKIException("PBE parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new PBEParameterSpec(pBEParam.getSalt(), pBEParam.getIterations()));
        } else {
            jitCipher.init(i, Parser.convertKey(jKey));
        }
        byte[] bArr2 = new byte[1024];
        int i2 = 0;
        while (true) {
            int read = inputStream.read(bArr2);
            if (read <= 0) {
                byte[] doFinal = jitCipher.doFinal();
                outputStream.write(doFinal);
                return i2 + doFinal.length;
            }
            byte[] update = jitCipher.update(bArr2, 0, read);
            outputStream.write(update);
            i2 += update.length;
        }
    }

    private byte[] doCipher(Mechanism mechanism, JKey jKey, boolean z, InputStream inputStream) throws Exception {
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equalsIgnoreCase(Mechanism.RSA_PKCS)) {
            if ((jKey.getKeyType().equals("RSA_Public") ? ((RSAPublicKey) Parser.convertPublicKey(jKey)).getModulus().bitLength() : jKey.getKeyType().equals(JKey.RSA_PRV_KEY) ? ((RSAPrivateKey) Parser.convertPrivateKey(jKey)).getModulus().bitLength() : -1) > 2048) {
                byte[] bArr = new byte[inputStream.available()];
                inputStream.read(bArr);
                inputStream.close();
                return doCipher_RSA_ext(mechanism, jKey, z, bArr);
            }
        }
        Cipher jitCipher = JitCipher.getInstance(mechanismType, "BC");
        int i = z ? 1 : 2;
        if (mechanismType.indexOf("CBC") != -1) {
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            if (cBCParam == null) {
                throw new PKIException("CBC parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new IvParameterSpec(cBCParam.getIv()));
        } else if (mechanismType.indexOf("PBE") != -1) {
            PBEParam pBEParam = (PBEParam) mechanism.getParam();
            if (pBEParam == null) {
                throw new PKIException("PBE parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new PBEParameterSpec(pBEParam.getSalt(), pBEParam.getIterations()));
        } else {
            jitCipher.init(i, Parser.convertKey(jKey));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr2);
            if (read <= 0) {
                byteArrayOutputStream.write(jitCipher.doFinal());
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(jitCipher.update(bArr2, 0, read));
        }
    }

    private byte[] doCipher(Mechanism mechanism, JKey jKey, boolean z, byte[] bArr) throws Exception {
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equalsIgnoreCase(Mechanism.RSA_PKCS)) {
            if ((jKey.getKeyType().equals("RSA_Public") ? ((RSAPublicKey) Parser.convertPublicKey(jKey)).getModulus().bitLength() : jKey.getKeyType().equals(JKey.RSA_PRV_KEY) ? ((RSAPrivateKey) Parser.convertPrivateKey(jKey)).getModulus().bitLength() : -1) > 2048) {
                return doCipher_RSA_ext(mechanism, jKey, z, bArr);
            }
        }
        Cipher jitCipher = JitCipher.getInstance(mechanism.getNativeMechanismType(), "BC");
        int i = z ? 1 : 2;
        if (mechanismType.indexOf("PBE") != -1) {
            PBEParam pBEParam = (PBEParam) mechanism.getParam();
            if (pBEParam == null) {
                throw new PKIException("PBE parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new PBEParameterSpec(pBEParam.getSalt(), pBEParam.getIterations()));
        } else if (mechanismType.indexOf("CBC") != -1 || mechanismType.indexOf("GCM") != -1) {
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            if (cBCParam == null) {
                throw new PKIException("CBC parameter is empty");
            }
            jitCipher.init(i, Parser.convertKey(jKey), new IvParameterSpec(cBCParam.getIv()));
        } else if (Mechanism.RSA_OAEP_SHA256_MGF1PADDING.equals(mechanismType)) {
            PSource.PSpecified pSpecified = PSource.PSpecified.DEFAULT;
            Object param = mechanism.getParam();
            if ((param != null) & (param instanceof OAEPParam)) {
                pSpecified = new PSource.PSpecified(((OAEPParam) param).getP());
            }
            jitCipher.init(i, Parser.convertKey(jKey), new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, pSpecified));
        } else {
            jitCipher.init(i, Parser.convertKey(jKey));
        }
        if ((Mechanism.AES_CBC_PBOC.equals(mechanismType) || Mechanism.AES_ECB_PBOC.equals(mechanismType)) && z) {
            bArr = addPaddingData(bArr);
        }
        byte[] doFinal = jitCipher.doFinal(bArr);
        return ((Mechanism.AES_CBC_PBOC.equals(mechanismType) || Mechanism.AES_ECB_PBOC.equals(mechanismType)) && !z) ? delPaddingData(doFinal) : doFinal;
    }

    private byte[] doCipher_RSA_ext(Mechanism mechanism, JKey jKey, boolean z, byte[] bArr) throws Exception {
        CipherParameters rSAPrivateCrtKeyParameters;
        RSAEngine rSAEngine = new RSAEngine();
        if (jKey.getKeyType().equals("RSA_Public")) {
            JCERSAPublicKey jCERSAPublicKey = (JCERSAPublicKey) Parser.convertPublicKey(jKey);
            rSAPrivateCrtKeyParameters = new RSAKeyParameters(false, jCERSAPublicKey.getModulus(), jCERSAPublicKey.getPublicExponent());
        } else {
            JCERSAPrivateCrtKey jCERSAPrivateCrtKey = (JCERSAPrivateCrtKey) Parser.convertPrivateKey(jKey);
            rSAPrivateCrtKeyParameters = new RSAPrivateCrtKeyParameters(jCERSAPrivateCrtKey.getModulus(), jCERSAPrivateCrtKey.getPublicExponent(), jCERSAPrivateCrtKey.getPrivateExponent(), jCERSAPrivateCrtKey.getPrimeP(), jCERSAPrivateCrtKey.getPrimeQ(), jCERSAPrivateCrtKey.getPrimeExponentP(), jCERSAPrivateCrtKey.getPrimeExponentQ(), jCERSAPrivateCrtKey.getCrtCoefficient());
        }
        rSAEngine.init(z, rSAPrivateCrtKeyParameters);
        return rSAEngine.processBlock(bArr, 0, bArr.length);
    }

    private byte[] getDigforSign(byte[] bArr, ECPoint eCPoint, byte[] bArr2, boolean z) throws PKIException {
        SM3Digest sM3Digest = new SM3Digest();
        if (z) {
            byte[] Sm2GetZ = SM2.Instance().Sm2GetZ(bArr2, eCPoint);
            sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
        }
        sM3Digest.BlockUpdate(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[32];
        sM3Digest.doFinal(bArr3, 0);
        return bArr3;
    }

    private byte[] getSM2EnvedKey(Mechanism mechanism, byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKIException {
        if (!mechanism.getMechanismType().equals(Mechanism.SM4_ECB)) {
            return null;
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.gm_SM4, new DERNull());
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
            DERBitString dERBitString = new DERBitString(bArr3);
            DERBitString dERBitString2 = new DERBitString(bArr2);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(algorithmIdentifier);
            aSN1EncodableVector.add(aSN1Sequence);
            aSN1EncodableVector.add(dERBitString2);
            aSN1EncodableVector.add(dERBitString);
            return Parser.writeDERObj2Bytes(new BERSequence(aSN1EncodableVector));
        } catch (IOException e) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, (Exception) e);
        }
    }

    private int getSysKeyLen(Mechanism mechanism) throws PKIException {
        if (mechanism == null) {
            return 0;
        }
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals(Mechanism.SF33_ECB) || mechanismType.equals(Mechanism.SF33_CBC)) {
            return 128;
        }
        if (mechanismType.equals(Mechanism.DES_ECB) || mechanismType.equals(Mechanism.DES_CBC)) {
            return 64;
        }
        if (mechanismType.equals(Mechanism.DES3_ECB) || mechanismType.equals(Mechanism.DES3_CBC)) {
            return 192;
        }
        return (mechanismType.equals(Mechanism.AES_ECB) || mechanismType.equals(Mechanism.AES_CBC) || mechanismType.equals("SCB2_ECB") || mechanismType.equals("SCB2_CBC") || mechanismType.equals(Mechanism.SM4_ECB) || mechanismType.equals(Mechanism.SM4_CBC)) ? 128 : 0;
    }

    private boolean isEqualArray(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    private void writeFile(String str, String str2, boolean z, byte[] bArr) throws Exception {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            if (str2 != null) {
                fileOutputStream.write(str2.getBytes());
            }
            if (z) {
                fileOutputStream.write(Base64.encode(bArr));
            } else {
                fileOutputStream.write(bArr);
            }
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean DestroyKeyPair(Mechanism mechanism) throws PKIException {
        throw new UnsupportedOperationException("Method DestroyKeyPair() not yet implemented in JSOFT_LIB.");
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] DigestFinal(JHandle jHandle) throws PKIException {
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8126", "null == mechanism");
        }
        if (mech.getMechanismType().equals(Mechanism.SM3)) {
            SM3Digest sm3 = jHandle.getSm3();
            if (sm3 == null) {
                throw new PKIException("8126", "null == sm3");
            }
            byte[] bArr = new byte[32];
            sm3.doFinal(bArr, 0);
            return bArr;
        }
        try {
            MessageDigest dig = jHandle.getDig();
            if (dig != null) {
                return dig.digest();
            }
            throw new PKIException("8126", "null == m");
        } catch (Exception e) {
            throw new PKIException("8126", PKIException.SIGN_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JHandle DigestInit(Mechanism mechanism) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isDigestabled()) {
            throw new PKIException("8122", "Digest operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        JHandle jHandle = new JHandle();
        jHandle.setMech(mechanism);
        if (!mechanismType.equals(Mechanism.SM3)) {
            try {
                jHandle.setDig(JitMessageDigest.getInstance(mechanismType, "BC"));
                return jHandle;
            } catch (Exception e) {
                throw new PKIException("8122", PKIException.DIGEST_DES, e);
            }
        }
        try {
            SM3Digest sM3Digest = new SM3Digest();
            JKey jKey = (JKey) mechanism.getParam();
            if (jKey != null) {
                SM2 Instance = SM2.Instance();
                byte[] Sm2GetZ = Instance.Sm2GetZ("1234567812345678".getBytes(), Instance.ecc_curve.decodePoint(Util.hardKey2SoftPubKey(jKey)));
                sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
            }
            jHandle.setSm3(sM3Digest);
            return jHandle;
        } catch (Exception e2) {
            throw new PKIException("8122", PKIException.DIGEST_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public void DigestUpdate(JHandle jHandle, byte[] bArr) throws PKIException {
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8126", "null == mechanism");
        }
        if (mech.getMechanismType().equals(Mechanism.SM3)) {
            SM3Digest sm3 = jHandle.getSm3();
            if (sm3 == null) {
                throw new PKIException("8126", "null == sm3");
            }
            sm3.BlockUpdate(bArr, 0, bArr.length);
            return;
        }
        try {
            MessageDigest dig = jHandle.getDig();
            if (dig == null) {
                throw new PKIException("8126", "null == m");
            }
            dig.update(bArr, 0, bArr.length);
        } catch (Exception e) {
            throw new PKIException("8126", PKIException.SIGN_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] SignFinal(JHandle jHandle) throws PKIException {
        return SignFinal(jHandle, 0);
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] SignFinal(JHandle jHandle, int i) throws PKIException {
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8125", "null == mechanism");
        }
        if (!mech.getMechanismType().equals("SM3withSM2Encryption")) {
            try {
                Signature signature = jHandle.getSignature();
                if (signature != null) {
                    return signature.sign();
                }
                throw new PKIException("8125", "null == signature");
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        }
        SM3Digest sm3 = jHandle.getSm3();
        JKey key = jHandle.getKey();
        if (sm3 == null || key == null) {
            throw new PKIException("8125", "null == sm3 || null == prvKey");
        }
        try {
            byte[] bArr = new byte[32];
            sm3.doFinal(bArr, 0);
            BigInteger hardKey2SoftPrivKey = Util.hardKey2SoftPrivKey(key);
            SM2 Instance = SM2.Instance();
            ECPoint multiply = Instance.ecc_point_g.multiply(hardKey2SoftPrivKey);
            SM2Result sM2Result = new SM2Result();
            Instance.Sm2Sign(bArr, hardKey2SoftPrivKey, multiply, sM2Result);
            byte[] soft2HardSignData = Util.soft2HardSignData(sM2Result.r, sM2Result.s);
            if (i <= 72 && i >= 70 && i != soft2HardSignData.length) {
                while (i != soft2HardSignData.length) {
                    SM2Result sM2Result2 = new SM2Result();
                    Instance.Sm2Sign(bArr, hardKey2SoftPrivKey, multiply, sM2Result2);
                    soft2HardSignData = Util.soft2HardSignData(sM2Result2.r, sM2Result2.s);
                }
                return soft2HardSignData;
            }
            return soft2HardSignData;
        } catch (Exception e2) {
            throw new PKIException("8125", PKIException.SIGN_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JHandle SignInit(Mechanism mechanism, JKey jKey) throws PKIException {
        if (mechanism == null || jKey == null) {
            throw new PKIException("8125", "null == mechanism || null == prvKey");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isSignabled()) {
            throw new PKIException("8125", "signature operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        JHandle jHandle = new JHandle();
        jHandle.setKey(jKey);
        jHandle.setMech(mechanism);
        if (!mechanismType.equals("SM3withSM2Encryption")) {
            try {
                Signature jitSignature = JitSignature.getInstance(mechanismType, "BC");
                jitSignature.initSign(Parser.convertPrivateKey(jKey));
                jHandle.setSignature(jitSignature);
                return jHandle;
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        }
        SM2 Instance = SM2.Instance();
        try {
            ECPoint multiply = Instance.ecc_point_g.multiply(Util.hardKey2SoftPrivKey(jKey));
            SM3Digest sM3Digest = new SM3Digest();
            byte[] Sm2GetZ = Instance.Sm2GetZ("1234567812345678".getBytes(), multiply);
            sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
            jHandle.setSm3(sM3Digest);
            return jHandle;
        } catch (Exception e2) {
            throw new PKIException("8125", PKIException.SIGN_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public void SignUpdate(JHandle jHandle, byte[] bArr) throws PKIException {
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8125", "null == mechanism");
        }
        if (!mech.getMechanismType().equals("SM3withSM2Encryption")) {
            try {
                jHandle.getSignature().update(bArr, 0, bArr.length);
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        } else {
            SM3Digest sm3 = jHandle.getSm3();
            if (sm3 == null) {
                throw new PKIException("8125", "null == sm3");
            }
            sm3.BlockUpdate(bArr, 0, bArr.length);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean VerifyFinal(JHandle jHandle, byte[] bArr) throws PKIException {
        if (jHandle == null || bArr == null) {
            throw new PKIException("8126", "null == handle || null == signData");
        }
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8126", "null == mechanism");
        }
        if (!mech.getMechanismType().equals("SM3withSM2Encryption")) {
            try {
                Signature signature = jHandle.getSignature();
                if (signature != null) {
                    return signature.verify(bArr);
                }
                throw new PKIException("8126", "null == signature");
            } catch (Exception e) {
                throw new PKIException("8126", PKIException.SIGN_DES, e);
            }
        }
        SM3Digest sm3 = jHandle.getSm3();
        JKey key = jHandle.getKey();
        if (sm3 == null || key == null) {
            throw new PKIException("8126", "null == sm3 || null == pubKey");
        }
        try {
            SM2 Instance = SM2.Instance();
            ECPoint decodePoint = Instance.ecc_curve.decodePoint(Util.hardKey2SoftPubKey(key));
            new Mechanism(Mechanism.SM3);
            SM2Result Hard2softSignData = Util.Hard2softSignData(bArr);
            byte[] bArr2 = new byte[32];
            sm3.doFinal(bArr2, 0);
            Instance.Sm2Verify(bArr2, decodePoint, Hard2softSignData.r, Hard2softSignData.s, Hard2softSignData);
            return Hard2softSignData.r.equals(Hard2softSignData.R);
        } catch (Exception e2) {
            throw new PKIException("8126", PKIException.SIGN_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JHandle VerifyInit(Mechanism mechanism, JKey jKey) throws PKIException {
        if (mechanism == null || jKey == null) {
            throw new PKIException("8126", "null == mechanism || null == prvKey");
        }
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isSignabled()) {
            throw new PKIException("8126", "signature operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        JHandle jHandle = new JHandle();
        jHandle.setKey(jKey);
        jHandle.setMech(mechanism);
        if (!mechanismType.equals("SM3withSM2Encryption")) {
            try {
                Signature jitSignature = JitSignature.getInstance(mechanism.getMechanismType(), "BC");
                jitSignature.initVerify(Parser.convertPublicKey(jKey));
                jHandle.setSignature(jitSignature);
                return jHandle;
            } catch (Exception e) {
                throw new PKIException("8126", PKIException.SIGN_DES, e);
            }
        }
        try {
            SM2 Instance = SM2.Instance();
            ECPoint decodePoint = Instance.ecc_curve.decodePoint(Util.hardKey2SoftPubKey(jKey));
            SM3Digest sM3Digest = new SM3Digest();
            byte[] Sm2GetZ = Instance.Sm2GetZ("1234567812345678".getBytes(), decodePoint);
            sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
            jHandle.setSm3(sM3Digest);
            return jHandle;
        } catch (Exception e2) {
            throw new PKIException("8126", PKIException.SIGN_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public void VerifyUpdate(JHandle jHandle, byte[] bArr) throws PKIException {
        Mechanism mech = jHandle.getMech();
        if (mech == null) {
            throw new PKIException("8126", "null == mechanism");
        }
        if (!mech.getMechanismType().equals("SM3withSM2Encryption")) {
            try {
                jHandle.getSignature().update(bArr, 0, bArr.length);
            } catch (Exception e) {
                throw new PKIException("8126", PKIException.SIGN_DES, e);
            }
        } else {
            SM3Digest sm3 = jHandle.getSm3();
            if (sm3 == null) {
                throw new PKIException("8126", "null == sm3");
            }
            sm3.BlockUpdate(bArr, 0, bArr.length);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public List<byte[]> WrapKeyEnc(JKey jKey, JKey jKey2, Mechanism mechanism, Mechanism mechanism2, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        String mechanismType2 = mechanism2.getMechanismType();
        if (!mechanismType2.equals(Mechanism.DES_CBC) && !mechanismType2.equals(Mechanism.DES_ECB) && !mechanismType2.equals(Mechanism.DES3_ECB) && !mechanismType2.equals(Mechanism.DES3_CBC) && !mechanismType2.equals(Mechanism.AES_ECB) && !mechanismType2.equals(Mechanism.AES_CBC) && !mechanismType2.equals(Mechanism.SM4_CBC) && !mechanismType2.equals(Mechanism.SM4_ECB)) {
            throw new PKIException(PKIException.DATA_LOAD_FAIL, "encryption failed This operation does not support this type of mechanism " + mechanismType2);
        }
        if (!mechanismType.equals(Mechanism.RSA_PKCS) && !mechanismType.equals(Mechanism.SM2_RAW)) {
            throw new PKIException(PKIException.DATA_LOAD_FAIL, "encryption failed This operation does not support this type of mechanism " + mechanismType);
        }
        CBCParam cBCParam = (CBCParam) mechanism2.getParam();
        if (cBCParam != null) {
            cBCParam.getIv();
        }
        if (jKey2 == null) {
            jKey2 = generateKey(encMech2genMech(mechanism2), getSysKeyLen(mechanism2));
        }
        byte[] encrypt = encrypt(mechanism2, jKey2, bArr);
        byte[] encrypt2 = encrypt(mechanism, jKey, jKey2.getKey());
        ArrayList arrayList = new ArrayList();
        arrayList.add(encrypt);
        arrayList.add(encrypt2);
        return arrayList;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] WrapPriKey(JKey jKey, JKey jKey2, Mechanism mechanism, Mechanism mechanism2, JKey jKey3) throws PKIException {
        try {
            Util.hardKey2SoftPubKey(jKey);
            BigInteger hardKey2SoftPrivKey = Util.hardKey2SoftPrivKey(jKey3);
            byte[] byteconvert32 = Util.byteconvert32(hardKey2SoftPrivKey);
            byte[] bArr = new byte[byteconvert32.length + 32];
            for (int i = 0; i < 32; i++) {
                bArr[i] = 0;
            }
            System.arraycopy(byteconvert32, 0, bArr, 32, 32);
            mechanism2.setPad(false);
            List<byte[]> WrapKeyEnc = WrapKeyEnc(jKey, jKey2, mechanism, mechanism2, bArr);
            return getSM2EnvedKey(mechanism2, WrapKeyEnc.get(1), SM2.Instance().ecc_point_g.multiply(hardKey2SoftPrivKey).getEncoded(), WrapKeyEnc.get(0));
        } catch (Exception e) {
            throw new PKIException("8120", e.getMessage());
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] WrapPriKey(JKey jKey, JKey jKey2, Mechanism mechanism, Mechanism mechanism2, JKey jKey3, JKey jKey4) throws PKIException {
        try {
            byte[] byteconvert32 = Util.byteconvert32(Util.hardKey2SoftPrivKey(jKey3));
            byte[] bArr = new byte[byteconvert32.length + 32];
            for (int i = 0; i < 32; i++) {
                bArr[i] = 0;
            }
            System.arraycopy(byteconvert32, 0, bArr, 32, 32);
            mechanism2.setPad(false);
            List<byte[]> WrapKeyEnc = WrapKeyEnc(jKey, jKey2, mechanism, mechanism2, bArr);
            return getSM2EnvedKey(mechanism2, WrapKeyEnc.get(1), Util.hardKey2SoftPubKey(jKey4), WrapKeyEnc.get(0));
        } catch (Exception e) {
            throw new PKIException("8120", e.getMessage());
        }
    }

    public void addPacs1Padding(byte[] bArr, byte[] bArr2, int i) throws PKIException {
        if (bArr2.length < bArr.length + 11) {
            throw new PKIException("input padding data length too small.");
        }
        int length = (bArr2.length - 3) - bArr.length;
        if ((1 == i || 2 == i) && length < 8) {
            throw new PKIException("input padding data length invalid.");
        }
        bArr2[0] = 0;
        bArr2[1] = (byte) i;
        if (1 != i) {
            if (2 != i) {
                throw new PKIException("padding type invalid.");
            }
            throw new PKIException("padding type invalid.");
        }
        int i2 = 2;
        while (i2 < length + 2) {
            bArr2[i2] = -1;
            i2++;
        }
        bArr2[i2] = 0;
        System.arraycopy(bArr, 0, bArr2, i2 + 1, bArr.length);
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean createCertObject(byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKIException {
        return false;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public long decrypt(Mechanism mechanism, JKey jKey, InputStream inputStream, OutputStream outputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM2_RAW) && !mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            try {
                return doCipher(mechanism, jKey, false, inputStream, outputStream);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            byte[] bArr = new byte[1024];
            int i = 0;
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    return i;
                }
                byte[] bArr2 = new byte[read];
                System.arraycopy(bArr, 0, bArr2, 0, read);
                byte[] decrypt = decrypt(mechanism, jKey, bArr2);
                outputStream.write(decrypt);
                i += decrypt.length;
            }
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] decrypt(Mechanism mechanism, JKey jKey, InputStream inputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM2_RAW) && !mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            try {
                return doCipher(mechanism, jKey, false, inputStream);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return decrypt(mechanism, jKey, bArr);
        } catch (Exception e2) {
            throw new PKIException("8121", PKIException.DECRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] decrypt(Mechanism mechanism, JKey jKey, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM2_RAW)) {
            if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
                try {
                    return doCipher(mechanism, jKey, false, bArr);
                } catch (Exception e) {
                    throw new PKIException("8121", PKIException.DECRYPT_DES, e);
                }
            }
            Sm4_Context sm4_Context = new Sm4_Context();
            SM4 sm4 = new SM4();
            sm4_Context.isPadding = mechanism.isPad();
            try {
                sm4.sm4_setkey_dec(sm4_Context, jKey.getKey());
                if (mechanismType.equals(Mechanism.SM4_ECB)) {
                    return sm4.sm4_crypt_ecb(sm4_Context, bArr);
                }
                CBCParam cBCParam = (CBCParam) mechanism.getParam();
                return sm4.sm4_crypt_cbc(sm4_Context, cBCParam != null ? cBCParam.getIv() : null, bArr);
            } catch (Exception e2) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e2);
            }
        }
        if (!jKey.getKeyType().equals(JKey.SM2_PRV_KEY)) {
            throw new PKIException("8121", PKIException.DECRYPT_DES);
        }
        try {
            byte[] bArr2 = new byte[bArr.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            cn.com.jit.ida.util.pki.cipher.softsm.Cipher cipher = new cn.com.jit.ida.util.pki.cipher.softsm.Cipher();
            SM2 Instance = SM2.Instance();
            BigInteger privKeyD = Util.getPrivKeyD(jKey);
            List<BigInteger> xy = Util.getXY(bArr2);
            cipher.Init_dec(privKeyD, Instance.ecc_curve.createPoint(xy.get(0), xy.get(1), true));
            byte[] enc = Util.getEnc(bArr2);
            cipher.Decrypt(enc);
            byte[] bArr3 = new byte[32];
            cipher.Dofinal(bArr3);
            if (mechanism.isVerifyHash() && !Arrays.equals(bArr3, Util.getHash(bArr2))) {
                throw new PKIException("8127", PKIException.DECRYPT_HASH_ERROR_DES);
            }
            return enc;
        } catch (Exception e3) {
            throw new PKIException("8121", PKIException.DECRYPT_DES, e3);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] decryptFinal(JHandle jHandle, Mechanism mechanism, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            if (mechanismType.equals(Mechanism.SM2_RAW)) {
                throw new PKIException("8120", "encryption failedunsupport sm2 init");
            }
            try {
                return jHandle.getSoftLibHandle().doFinal(bArr);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            SM4 sm4 = jHandle.getSm4();
            Sm4_Context ctx = jHandle.getCtx();
            if (bArr.length % 16 != 0) {
                throw new PKIException("8120", "encryption failedsourceData lens error.");
            }
            if (mechanismType.equals(Mechanism.SM4_ECB)) {
                return sm4.sm4_crypt_ecb(ctx, bArr);
            }
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            if (cBCParam != null) {
                return sm4.sm4_crypt_cbc(ctx, cBCParam.getIv(), bArr);
            }
            throw new PKIException("CBC parameter is empty");
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JHandle decryptInit(Mechanism mechanism, JKey jKey) throws PKIException {
        try {
            String mechanismType = mechanism.getMechanismType();
            if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
                if (mechanismType.equals(Mechanism.SM2_RAW)) {
                    throw new PKIException("8120", "encryption failedunsupport sm2 init");
                }
                Cipher jitCipher = JitCipher.getInstance(mechanismType, "BC");
                if (mechanismType.indexOf("PBE") != -1) {
                    PBEParam pBEParam = (PBEParam) mechanism.getParam();
                    if (pBEParam == null) {
                        throw new PKIException("PBE parameter is empty");
                    }
                    jitCipher.init(2, Parser.convertKey(jKey), new PBEParameterSpec(pBEParam.getSalt(), pBEParam.getIterations()));
                } else if (mechanismType.indexOf("CBC") != -1) {
                    CBCParam cBCParam = (CBCParam) mechanism.getParam();
                    if (cBCParam == null) {
                        throw new PKIException("CBC parameter is empty");
                    }
                    jitCipher.init(2, Parser.convertKey(jKey), new IvParameterSpec(cBCParam.getIv()));
                } else {
                    jitCipher.init(2, Parser.convertKey(jKey));
                }
                return new JHandle(0L, jitCipher);
            }
            try {
                Sm4_Context sm4_Context = new Sm4_Context();
                SM4 sm4 = new SM4();
                sm4_Context.isPadding = mechanism.isPad();
                sm4.sm4_setkey_dec(sm4_Context, jKey.getKey());
                JHandle jHandle = new JHandle();
                jHandle.setSm4(sm4);
                jHandle.setMech(mechanism);
                jHandle.setCtx(sm4_Context);
                return jHandle;
            } catch (Exception e) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.DECRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JKey decryptPrvEnv(JKey jKey, byte[] bArr) throws PKIException {
        if (jKey == null || bArr == null) {
            throw new PKIException(PKIException.CREAT_CERT_OBJECT, "decryption operation failedinvalid param");
        }
        ASN1Sequence dERSequence = DERSequence.getInstance(Parser.writeBytes2DERObj(bArr));
        if (2 != dERSequence.size()) {
            throw new PKIException(PKIException.CREAT_CERT_OBJECT, "decryption operation failedinvalid param");
        }
        DEROctetString dEROctetString = (DEROctetString) DEROctetString.getInstance(dERSequence.getObjectAt(0));
        new DERSequence(dERSequence.getObjectAt(1));
        if (dEROctetString == null) {
            throw new PKIException(PKIException.CREAT_CERT_OBJECT, "decryption operation failedinvalid param");
        }
        byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(dERSequence.getObjectAt(1));
        byte[] octets = dEROctetString.getOctets();
        byte[] decrypt = decrypt(new Mechanism(Mechanism.SM2_RAW), jKey, writeDERObj2Bytes);
        if (decrypt == null) {
            throw new PKIException(PKIException.CREAT_CERT_OBJECT, "decryption operation faileddecrypt syskey error.");
        }
        Mechanism mechanism = new Mechanism(Mechanism.SM4_ECB);
        JKey jKey2 = new JKey("SM4", decrypt);
        byte[] bArr2 = new byte[48];
        if (48 != octets.length) {
            System.arraycopy(octets, 3, bArr2, 0, octets.length - 3);
            octets = bArr2;
        }
        byte[] decrypt2 = decrypt(mechanism, jKey2, octets);
        byte[] bArr3 = new byte[32];
        System.arraycopy(decrypt2, 4, bArr3, 0, decrypt2.length - 4);
        try {
            return Util.getPrvKey(bArr3);
        } catch (Exception e) {
            throw new PKIException(PKIException.CREAT_CERT_OBJECT, "decryption operation failedconvert key data to JKey error", e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] decryptUpdate(JHandle jHandle, Mechanism mechanism, byte[] bArr) throws PKIException {
        byte[] sm4_crypt_cbc;
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            if (mechanismType.equals(Mechanism.SM2_RAW)) {
                throw new PKIException("8120", "encryption failedunsupport sm2 init");
            }
            try {
                return jHandle.getSoftLibHandle().update(bArr);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            if (bArr.length % 16 != 0) {
                throw new PKIException("8120", "encryption failedsourceData lens error.");
            }
            SM4 sm4 = jHandle.getSm4();
            Sm4_Context ctx = jHandle.getCtx();
            boolean z = ctx.isPadding;
            ctx.isPadding = false;
            if (mechanismType.equals(Mechanism.SM4_ECB)) {
                sm4_crypt_cbc = sm4.sm4_crypt_ecb(ctx, bArr);
            } else {
                CBCParam cBCParam = (CBCParam) mechanism.getParam();
                if (cBCParam == null) {
                    throw new PKIException("CBC parameter is empty");
                }
                sm4_crypt_cbc = sm4.sm4_crypt_cbc(ctx, cBCParam.getIv(), bArr);
            }
            ctx.isPadding = z;
            return sm4_crypt_cbc;
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean destroyCertObject(byte[] bArr, byte[] bArr2) throws PKIException {
        return false;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] digest(Mechanism mechanism, InputStream inputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isDigestabled()) {
            throw new PKIException("8122", "Digest operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        if (mechanismType.equals(Mechanism.SM3)) {
            try {
                SM3Digest sM3Digest = new SM3Digest();
                byte[] bArr = new byte[32];
                byte[] bArr2 = new byte[1024];
                JKey jKey = (JKey) mechanism.getParam();
                if (jKey != null) {
                    SM2 Instance = SM2.Instance();
                    byte[] Sm2GetZ = Instance.Sm2GetZ(mechanism.getUserId().getBytes(), Instance.ecc_curve.decodePoint(Util.hardKey2SoftPubKey(jKey)));
                    sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
                }
                while (true) {
                    int read = inputStream.read(bArr2);
                    if (read <= 0) {
                        sM3Digest.doFinal(bArr, 0);
                        return bArr;
                    }
                    sM3Digest.BlockUpdate(bArr2, 0, read);
                }
            } catch (Exception e) {
                throw new PKIException("8122", PKIException.DIGEST_DES, e);
            }
        } else {
            try {
                MessageDigest jitMessageDigest = JitMessageDigest.getInstance(mechanismType, "BC");
                byte[] bArr3 = new byte[1024];
                while (true) {
                    int read2 = inputStream.read(bArr3);
                    if (read2 <= 0) {
                        return jitMessageDigest.digest();
                    }
                    jitMessageDigest.update(bArr3, 0, read2);
                }
            } catch (Exception e2) {
                throw new PKIException("8122", PKIException.DIGEST_DES, e2);
            }
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] digest(Mechanism mechanism, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isDigestabled() && !mechanismType.equals(Mechanism.SM3) && !mechanismType.equals(Mechanism.SM3_RAW)) {
            throw new PKIException("8122", "Digest operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        if (!mechanismType.equals(Mechanism.SM3) && !mechanismType.equals(Mechanism.SM3_RAW)) {
            try {
                MessageDigest jitMessageDigest = JitMessageDigest.getInstance(mechanismType, "BC");
                jitMessageDigest.update(bArr);
                return jitMessageDigest.digest();
            } catch (Exception e) {
                throw new PKIException("8122", PKIException.DIGEST_DES, e);
            }
        }
        SM3Digest sM3Digest = new SM3Digest();
        byte[] bArr2 = new byte[32];
        if (mechanism.isSmSignWithZ() && mechanism.getParam() != null && (mechanism.getParam() instanceof JKey)) {
            JKey jKey = (JKey) mechanism.getParam();
            SM2 Instance = SM2.Instance();
            try {
                byte[] Sm2GetZ = Instance.Sm2GetZ(mechanism.getUserId().getBytes(), Instance.ecc_curve.decodePoint(mechanismType.equals(Mechanism.SM3_RAW) ? jKey.getKey() : Util.hardKey2SoftPubKey(jKey)));
                sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        sM3Digest.BlockUpdate(bArr, 0, bArr.length);
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    public Mechanism encMech2genMech(Mechanism mechanism) throws PKIException {
        if (mechanism == null) {
            return null;
        }
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals(Mechanism.SF33_ECB) || mechanismType.equals(Mechanism.SF33_CBC)) {
            return new Mechanism("SF33");
        }
        if (mechanismType.equals(Mechanism.DES_ECB) || mechanismType.equals(Mechanism.DES_CBC)) {
            return new Mechanism("DES");
        }
        if (mechanismType.equals(Mechanism.DES3_ECB) || mechanismType.equals(Mechanism.DES3_CBC)) {
            return new Mechanism("DESede");
        }
        if (mechanismType.equals(Mechanism.AES_ECB) || mechanismType.equals(Mechanism.AES_CBC)) {
            return new Mechanism("AES");
        }
        if (mechanismType.equals("SCB2_ECB") || mechanismType.equals("SCB2_CBC")) {
            return new Mechanism("SCB2");
        }
        if (mechanismType.equals(Mechanism.SM4_ECB) || mechanismType.equals(Mechanism.SM4_CBC)) {
            return new Mechanism("SM4");
        }
        if (mechanismType.equals(Mechanism.RSA_PKCS)) {
            return new Mechanism("RSA");
        }
        if (mechanismType.equals(Mechanism.SM2_RAW)) {
            return new Mechanism("SM2");
        }
        return null;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public long encrypt(Mechanism mechanism, JKey jKey, InputStream inputStream, OutputStream outputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM2_RAW) && !mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            try {
                return doCipher(mechanism, jKey, true, inputStream, outputStream);
            } catch (Exception e) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e);
            }
        }
        try {
            byte[] bArr = new byte[1024];
            int i = 0;
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    return i;
                }
                byte[] bArr2 = new byte[read];
                System.arraycopy(bArr, 0, bArr2, 0, read);
                byte[] encrypt = encrypt(mechanism, jKey, bArr2);
                outputStream.write(encrypt);
                i += encrypt.length;
            }
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] encrypt(Mechanism mechanism, JKey jKey, InputStream inputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM2_RAW) && !mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            try {
                return doCipher(mechanism, jKey, true, inputStream);
            } catch (Exception e) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e);
            }
        }
        try {
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return encrypt(mechanism, jKey, bArr);
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] encrypt(Mechanism mechanism, JKey jKey, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals(Mechanism.SM2_RAW)) {
            byte[] bArr2 = new byte[bArr.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            if (!jKey.getKeyType().equals("SM2_Public")) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES);
            }
            try {
                cn.com.jit.ida.util.pki.cipher.softsm.Cipher cipher = new cn.com.jit.ida.util.pki.cipher.softsm.Cipher();
                SM2 Instance = SM2.Instance();
                ECPoint Init_enc = cipher.Init_enc(Instance, Instance.ecc_curve.decodePoint(Util.hardKey2SoftPubKey(jKey)));
                Init_enc.getEncoded();
                cipher.Encrypt(bArr2);
                byte[] bArr3 = new byte[32];
                cipher.Dofinal(bArr3);
                return Util.encedDataEncode(Init_enc, bArr3, bArr2);
            } catch (Exception e) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e);
            }
        }
        if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            try {
                return doCipher(mechanism, jKey, true, bArr);
            } catch (Exception e2) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
            }
        }
        Sm4_Context sm4_Context = new Sm4_Context();
        SM4 sm4 = new SM4();
        sm4_Context.isPadding = mechanism.isPad();
        try {
            sm4.sm4_setkey_enc(sm4_Context, jKey.getKey());
            if (mechanismType.equals(Mechanism.SM4_ECB)) {
                return sm4.sm4_crypt_ecb(sm4_Context, bArr);
            }
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            return sm4.sm4_crypt_cbc(sm4_Context, cBCParam != null ? cBCParam.getIv() : null, bArr);
        } catch (Exception e3) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e3);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] encryptFinal(JHandle jHandle, Mechanism mechanism, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            if (mechanismType.equals(Mechanism.SM2_RAW)) {
                throw new PKIException("8120", "encryption failedunsupport sm2 init");
            }
            try {
                return jHandle.getSoftLibHandle().doFinal(bArr);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            SM4 sm4 = jHandle.getSm4();
            Sm4_Context ctx = jHandle.getCtx();
            if (bArr.length % 16 != 0 && !ctx.isPadding) {
                throw new PKIException("8120", "encryption failedsourceData lens error.");
            }
            if (mechanismType.equals(Mechanism.SM4_ECB)) {
                return sm4.sm4_crypt_ecb(ctx, bArr);
            }
            CBCParam cBCParam = (CBCParam) mechanism.getParam();
            if (cBCParam != null) {
                return sm4.sm4_crypt_cbc(ctx, cBCParam.getIv(), bArr);
            }
            throw new PKIException("CBC parameter is empty");
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JHandle encryptInit(Mechanism mechanism, JKey jKey) throws PKIException {
        try {
            String mechanismType = mechanism.getMechanismType();
            if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
                if (mechanismType.equals(Mechanism.SM2_RAW)) {
                    throw new PKIException("8120", "encryption failedunsupport sm2 init");
                }
                Cipher jitCipher = JitCipher.getInstance(mechanismType, "BC");
                if (mechanismType.indexOf("PBE") != -1) {
                    PBEParam pBEParam = (PBEParam) mechanism.getParam();
                    if (pBEParam == null) {
                        throw new PKIException("PBE parameter is empty");
                    }
                    jitCipher.init(1, Parser.convertKey(jKey), new PBEParameterSpec(pBEParam.getSalt(), pBEParam.getIterations()));
                } else if (mechanismType.indexOf("CBC") != -1) {
                    CBCParam cBCParam = (CBCParam) mechanism.getParam();
                    if (cBCParam == null) {
                        throw new PKIException("CBC parameter is empty");
                    }
                    jitCipher.init(1, Parser.convertKey(jKey), new IvParameterSpec(cBCParam.getIv()));
                } else {
                    jitCipher.init(1, Parser.convertKey(jKey));
                }
                JHandle jHandle = new JHandle(0L, jitCipher);
                jHandle.setMech(mechanism);
                return jHandle;
            }
            try {
                Sm4_Context sm4_Context = new Sm4_Context();
                SM4 sm4 = new SM4();
                sm4_Context.isPadding = mechanism.isPad();
                sm4.sm4_setkey_enc(sm4_Context, jKey.getKey());
                JHandle jHandle2 = new JHandle();
                jHandle2.setSm4(sm4);
                jHandle2.setMech(mechanism);
                jHandle2.setCtx(sm4_Context);
                return jHandle2;
            } catch (Exception e) {
                throw new PKIException("8120", PKIException.ENCRYPT_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.DECRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] encryptUpdate(JHandle jHandle, Mechanism mechanism, byte[] bArr) throws PKIException {
        byte[] sm4_crypt_cbc;
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.SM4_ECB) && !mechanismType.equals(Mechanism.SM4_CBC)) {
            if (mechanismType.equals(Mechanism.SM2_RAW)) {
                throw new PKIException("8120", "encryption failedunsupport sm2 init");
            }
            try {
                return jHandle.getSoftLibHandle().update(bArr);
            } catch (Exception e) {
                throw new PKIException("8121", PKIException.DECRYPT_DES, e);
            }
        }
        try {
            if (bArr.length % 16 != 0) {
                throw new PKIException("8120", "encryption failedsourceData lens error.");
            }
            SM4 sm4 = jHandle.getSm4();
            Sm4_Context ctx = jHandle.getCtx();
            boolean z = ctx.isPadding;
            ctx.isPadding = false;
            if (mechanismType.equals(Mechanism.SM4_ECB)) {
                sm4_crypt_cbc = sm4.sm4_crypt_ecb(ctx, bArr);
            } else {
                CBCParam cBCParam = (CBCParam) mechanism.getParam();
                if (cBCParam == null) {
                    throw new PKIException("CBC parameter is empty");
                }
                sm4_crypt_cbc = sm4.sm4_crypt_cbc(ctx, cBCParam.getIv(), bArr);
            }
            ctx.isPadding = z;
            return sm4_crypt_cbc;
        } catch (Exception e2) {
            throw new PKIException("8120", PKIException.ENCRYPT_DES, e2);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JKey generateKey(Mechanism mechanism, int i) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("DES") && !mechanismType.equals("DESede") && !mechanismType.equals("RC2") && !mechanismType.equals("RC4") && !mechanismType.equals("CAST5") && !mechanismType.equals("IDEA") && !mechanismType.equals("SM4") && !mechanismType.equals("AES")) {
            throw new PKIException("8110", "A symmetric key operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        try {
            if (mechanismType.equals("SM4")) {
                return new JKey("SM4", generateRandom(new Mechanism(Mechanism.RANDOM), 16));
            }
            KeyGenerator jitKeyGenerator = JitKeyGenerator.getInstance(mechanism.getMechanismType(), "BC");
            jitKeyGenerator.init(i);
            SecretKey generateKey = jitKeyGenerator.generateKey();
            return new JKey(generateKey.getAlgorithm(), generateKey.getEncoded());
        } catch (Exception e) {
            throw new PKIException("8110", PKIException.SYM_KEY_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JKeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        JKey jKey;
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isGenerateKeyPairabled() && !mechanismType.equals("SM2")) {
            throw new PKIException("8111", "An asymmetric key pair failed This operation does not support this type of mechanism " + mechanismType);
        }
        try {
            if (mechanismType.equals("SM2")) {
                AsymmetricCipherKeyPair generateKeyPair = SM2.Instance().ecc_key_pair_generator.generateKeyPair();
                return Util.getSM2Key((ECPublicKeyParameters) generateKeyPair.getPublic(), (ECPrivateKeyParameters) generateKeyPair.getPrivate());
            }
            if (!mechanismType.equals(Mechanism.SECP256_r1) && !mechanismType.equals(Mechanism.SECP256_k1) && !mechanismType.equals(Mechanism.SECP384_r1)) {
                KeyPairGenerator jitKeyPairGenerator = JitKeyPairGenerator.getInstance(mechanismType, "BC");
                jitKeyPairGenerator.initialize(i, new SecureRandom());
                KeyPair generateKeyPair2 = jitKeyPairGenerator.generateKeyPair();
                PublicKey publicKey = generateKeyPair2.getPublic();
                PrivateKey privateKey = generateKeyPair2.getPrivate();
                byte[] encoded = publicKey.getEncoded();
                byte[] encoded2 = privateKey.getEncoded();
                JKey jKey2 = null;
                if (mechanism.getMechanismType().equals("RSA")) {
                    jKey2 = new JKey("RSA_Public", encoded);
                    jKey = new JKey(JKey.RSA_PRV_KEY, encoded2);
                } else if (mechanism.getMechanismType().equals(Mechanism.DSA)) {
                    jKey2 = new JKey(JKey.DSA_PUB_KEY, encoded);
                    jKey = new JKey(JKey.DSA_PRV_KEY, encoded2);
                } else if (mechanism.getMechanismType().equals(Mechanism.ECDSA)) {
                    jKey2 = new JKey(JKey.ECDSA_PUB_KEY, encoded);
                    jKey = new JKey(JKey.ECDSA_PRV_KEY, encoded2);
                } else if (mechanism.getMechanismType().equals(Mechanism.ECIES)) {
                    jKey2 = new JKey(JKey.ECIES_PUB_KEY, encoded);
                    jKey = new JKey(JKey.ECIES_PRV_KEY, encoded2);
                } else {
                    jKey = null;
                }
                return new JKeyPair(jKey2, jKey);
            }
            X9ECParameters byName = SECNamedCurves.getByName(mechanismType);
            ECKeyGenerationParameters eCKeyGenerationParameters = new ECKeyGenerationParameters(new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH()), new SecureRandom());
            ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
            eCKeyPairGenerator.init(eCKeyGenerationParameters);
            AsymmetricCipherKeyPair generateKeyPair3 = eCKeyPairGenerator.generateKeyPair();
            return Util.getSECPKeyPair((ECPublicKeyParameters) generateKeyPair3.getPublic(), (ECPrivateKeyParameters) generateKeyPair3.getPrivate(), mechanism);
        } catch (Exception e) {
            throw new PKIException("8111", PKIException.KEY_PAIR_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public EnvkeyParam generateKeyPair_ex(JKey jKey, Mechanism mechanism, int i, String str, String str2) throws PKIException {
        return null;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public JKey generatePBEKey(Mechanism mechanism, char[] cArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals("PBEWithMD5AndDES") && !mechanismType.equals("PBEWITHSHAAND2-KEYTRIPLEDES-CBC") && !mechanismType.equals("PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) {
            if (!mechanismType.equalsIgnoreCase("PBE/PKCS5")) {
                throw new PKIException("8112", "Failed to generate PBE key This operation does not support this type of mechanism " + mechanismType);
            }
            mechanismType = "PBEWithMD5AndDES";
        }
        try {
            byte[] bytes = new String(cArr).getBytes();
            return mechanismType.equals("PBEWithMD5AndDES") ? new JKey("PBEWithMD5AndDES", bytes) : mechanismType.equals("PBEWITHSHAAND2-KEYTRIPLEDES-CBC") ? new JKey("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", bytes) : new JKey("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", bytes);
        } catch (Exception e) {
            throw new PKIException("8112", PKIException.PBE_KEY_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] generateRandom(Mechanism mechanism, int i) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (mechanism.getMechanismType().equals(Mechanism.RANDOM)) {
            byte[] bArr = new byte[i];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }
        throw new PKIException("8113", "Failed to generate random number This operation does not support this type of mechanism " + mechanismType);
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] getCertObject(byte[] bArr) throws PKIException {
        return null;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public PKIToolConfig getCfgTag() throws PKIException {
        return this.CfgTag;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public String getCfgTagName() throws PKIException {
        return this.tag;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] mac(Mechanism mechanism, JKey jKey, InputStream inputStream) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanismType.equals(Mechanism.HMAC_MD2) && !mechanismType.equals(Mechanism.HMAC_MD5) && !mechanismType.equals(Mechanism.HMAC_SHA1)) {
            throw new PKIException("8123", "MAC operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        try {
            Mac jitMac = JitMac.getInstance(mechanism.getMechanismType(), "BC");
            jitMac.init(Parser.convertSecretKey(jKey));
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    return jitMac.doFinal();
                }
                jitMac.update(bArr, 0, read);
            }
        } catch (Exception e) {
            throw new PKIException("8123", PKIException.MAC_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] mac(Mechanism mechanism, JKey jKey, byte[] bArr) throws PKIException {
        if (!mechanism.isMac()) {
            throw new PKIException("8123", "MAC operation failed This operation does not support this type of mechanism " + mechanism.getMechanismType());
        }
        if (Mechanism.HMAC_SM3.equals(mechanism.getMechanismType())) {
            SM3HMAC sm3hmac = new SM3HMAC();
            sm3hmac.init(jKey.getKey());
            sm3hmac.update(bArr);
            byte[] bArr2 = new byte[sm3hmac.getMacSize()];
            sm3hmac.doFinal(bArr2, 0);
            return bArr2;
        }
        try {
            Mac jitMac = JitMac.getInstance(mechanism.getMechanismType(), "BC");
            if (mechanism.getParam() == null || !(mechanism.getParam() instanceof CBCParam)) {
                jitMac.init(Parser.convertSecretKey(jKey));
            } else {
                jitMac.init(Parser.convertSecretKey(jKey), new IvParameterSpec(((CBCParam) mechanism.getParam()).getIv()));
            }
            jitMac.update(bArr);
            return jitMac.doFinal();
        } catch (Exception e) {
            throw new PKIException("8123", PKIException.MAC_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public void setCfgTag(PKIToolConfig pKIToolConfig) throws PKIException {
        this.CfgTag = pKIToolConfig;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] sign(Mechanism mechanism, JKey jKey, InputStream inputStream) throws PKIException {
        if (!mechanism.isSignabled()) {
            throw new PKIException("8125", "signature operation failed This operation does not support this type of mechanism " + mechanism.getMechanismType());
        }
        String mechanismType = mechanism.getMechanismType();
        PKIToolConfig pKIToolConfig = this.CfgTag;
        if (pKIToolConfig != null && pKIToolConfig.isSecpReplaceECDSA()) {
            if ("SHA1withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA1");
            }
            if ("SHA224withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA224);
            }
            if ("SHA256withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA256");
            }
            if ("SHA384withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA384);
            }
            if ("SHA512withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA512");
            }
        }
        String mechanismType2 = mechanism.getMechanismType();
        if (mechanismType2.equals("SM3withSM2Encryption") || mechanismType2.equals(Mechanism.SM3_SM2_RAW)) {
            SM2 Instance = SM2.Instance();
            new Mechanism(Mechanism.SM3);
            try {
                BigInteger hardKey2SoftPrivKey = Util.hardKey2SoftPrivKey(jKey);
                ECPoint multiply = Instance.ecc_point_g.multiply(hardKey2SoftPrivKey);
                SM3Digest sM3Digest = new SM3Digest();
                byte[] Sm2GetZ = Instance.Sm2GetZ(mechanism.getUserId().getBytes(), multiply);
                sM3Digest.BlockUpdate(Sm2GetZ, 0, Sm2GetZ.length);
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    sM3Digest.BlockUpdate(bArr, 0, read);
                }
                byte[] bArr2 = new byte[32];
                sM3Digest.doFinal(bArr2, 0);
                SM2Result sM2Result = new SM2Result();
                Instance.Sm2Sign(bArr2, hardKey2SoftPrivKey, multiply, sM2Result);
                return mechanismType2.equals(Mechanism.SM3_SM2_RAW) ? FidoUtil.convertSECP(sM2Result.r, sM2Result.s, mechanism) : Util.soft2HardSignData(sM2Result.r, sM2Result.s);
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        }
        if (!Mechanism.SECP384_r1_RAW.equals(mechanismType2) && !Mechanism.SECP384_r1_DER.equals(mechanismType2) && !Mechanism.SECP256_r1_RAW.equals(mechanismType2) && !Mechanism.SECP256_r1_DER.equals(mechanismType2) && !Mechanism.SECP256_k1_RAW.equals(mechanismType2) && !Mechanism.SECP256_k1_DER.equals(mechanismType2)) {
            try {
                Signature jitSignature = JitSignature.getInstance(mechanism.getNativeMechanismType(), "BC");
                if (Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2)) {
                    jitSignature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
                }
                jitSignature.initSign(Parser.convertPrivateKey(jKey));
                byte[] bArr3 = new byte[1024];
                while (true) {
                    int read2 = inputStream.read(bArr3);
                    if (read2 <= 0) {
                        break;
                    }
                    jitSignature.update(bArr3, 0, read2);
                }
                byte[] sign = jitSignature.sign();
                return (Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2) || Mechanism.SHA256_RSA_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_DER.equals(mechanismType2)) ? FidoUtil.convertRSA(sign, mechanism) : sign;
            } catch (Exception e2) {
                throw new PKIException("8125", PKIException.SIGN_DES, e2);
            }
        }
        try {
            byte[] bArr4 = new byte[inputStream.available()];
            inputStream.read(bArr4);
            Mechanism mechanism2 = new Mechanism(mechanism.getSignType());
            if (mechanism2.isDigestabled()) {
                bArr4 = digest(mechanism2, bArr4);
            }
            X9ECParameters byName = SECNamedCurves.getByName(mechanism.getNativeMechanismType());
            ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
            ECDSASigner eCDSASigner = new ECDSASigner();
            eCDSASigner.init(true, new ECPrivateKeyParameters(ECDSAParser.convertECDSAPriKey2BigInteger(jKey), eCDomainParameters));
            BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr4);
            byte[] convertSECP = FidoUtil.convertSECP(generateSignature[0], generateSignature[1], mechanism);
            PKIToolConfig pKIToolConfig2 = this.CfgTag;
            if (pKIToolConfig2 != null && pKIToolConfig2.isSecpReplaceECDSA()) {
                mechanism.setMechanismType(mechanismType);
            }
            return convertSECP;
        } catch (Exception e3) {
            throw new PKIException("8125", PKIException.SIGN_DES, e3);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] sign(Mechanism mechanism, JKey jKey, byte[] bArr) throws PKIException {
        byte[] convertSECP;
        byte[] bArr2 = bArr;
        if (!mechanism.isSignabled()) {
            throw new PKIException("8125", "signature operation failed This operation does not support this type of mechanism " + mechanism.getMechanismType());
        }
        String mechanismType = mechanism.getMechanismType();
        PKIToolConfig pKIToolConfig = this.CfgTag;
        if (pKIToolConfig != null && pKIToolConfig.isSecpReplaceECDSA()) {
            if ("SHA1withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA1");
            }
            if ("SHA224withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA224);
            }
            if ("SHA256withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA256");
            }
            if ("SHA384withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA384);
            }
            if ("SHA512withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPriKeyType(jKey));
                mechanism.setSignType("SHA512");
            }
        }
        String mechanismType2 = mechanism.getMechanismType();
        if (mechanismType2.equals(Mechanism.RSA_PKCS)) {
            try {
                convertSECP = doCipher(mechanism, jKey, true, bArr2);
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        } else if (mechanismType2.equals("SM3withSM2Encryption") || mechanismType2.equals(Mechanism.SM3_SM2_RAW)) {
            SM2 Instance = SM2.Instance();
            new Mechanism(Mechanism.SM3);
            try {
                BigInteger hardKey2SoftPrivKey = Util.hardKey2SoftPrivKey(jKey);
                ECPoint multiply = Instance.ecc_point_g.multiply(hardKey2SoftPrivKey);
                byte[] digforSign = getDigforSign(bArr2, multiply, mechanism.getUserId().getBytes(), mechanism.isSmSignWithZ());
                SM2Result sM2Result = new SM2Result();
                Instance.Sm2Sign(digforSign, hardKey2SoftPrivKey, multiply, sM2Result);
                convertSECP = mechanismType2.equals(Mechanism.SM3_SM2_RAW) ? FidoUtil.convertSECP(sM2Result.r, sM2Result.s, mechanism) : Util.soft2HardSignData(sM2Result.r, sM2Result.s);
            } catch (Exception e2) {
                throw new PKIException("8125", PKIException.SIGN_DES, e2);
            }
        } else if (Mechanism.SECP384_r1_RAW.equals(mechanismType2) || Mechanism.SECP384_r1_DER.equals(mechanismType2) || Mechanism.SECP256_r1_RAW.equals(mechanismType2) || Mechanism.SECP256_r1_DER.equals(mechanismType2) || Mechanism.SECP256_k1_RAW.equals(mechanismType2) || Mechanism.SECP256_k1_DER.equals(mechanismType2)) {
            try {
                Mechanism mechanism2 = new Mechanism(mechanism.getSignType());
                if (mechanism2.isDigestabled()) {
                    bArr2 = digest(mechanism2, bArr2);
                }
                X9ECParameters byName = SECNamedCurves.getByName(mechanism.getNativeMechanismType());
                ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
                ECDSASigner eCDSASigner = new ECDSASigner();
                eCDSASigner.init(true, new ECPrivateKeyParameters(ECDSAParser.convertECDSAPriKey2BigInteger(jKey), eCDomainParameters));
                BigInteger[] generateSignature = eCDSASigner.generateSignature(bArr2);
                convertSECP = FidoUtil.convertSECP(generateSignature[0], generateSignature[1], mechanism);
            } catch (Exception e3) {
                throw new PKIException("8125", PKIException.SIGN_DES, e3);
            }
        } else {
            try {
                Signature jitSignature = JitSignature.getInstance(mechanism.getNativeMechanismType(), "BC");
                if (Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2)) {
                    jitSignature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
                }
                jitSignature.initSign(Parser.convertPrivateKey(jKey));
                jitSignature.update(bArr2);
                convertSECP = jitSignature.sign();
                if (Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2) || Mechanism.SHA256_RSA_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_DER.equals(mechanismType2)) {
                    convertSECP = FidoUtil.convertRSA(convertSECP, mechanism);
                }
            } catch (Exception e4) {
                throw new PKIException("8125", PKIException.SIGN_DES, e4);
            }
        }
        PKIToolConfig pKIToolConfig2 = this.CfgTag;
        if (pKIToolConfig2 != null && pKIToolConfig2.isSecpReplaceECDSA()) {
            mechanism.setMechanismType(mechanismType);
        }
        return convertSECP;
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public byte[] signHash(Mechanism mechanism, JKey jKey, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (!mechanism.isSignabled()) {
            throw new PKIException("8125", "signature operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        if (mechanismType.equals("SM3withSM2Encryption")) {
            throw new PKIException("8125", "signature operation failed This operation does not support this type of mechanism " + mechanismType);
        }
        try {
            DERObjectIdentifier Sign2DigOid = Mechanism.Sign2DigOid(mechanism);
            if (Sign2DigOid == null) {
                throw new PKIException("8125", "signature operation failed,Sign2DigOid error.");
            }
            return doCipher(new Mechanism(Mechanism.RSA_PKCS), jKey, true, Digest2DerEncode(bArr, new AlgorithmIdentifier(Sign2DigOid)));
        } catch (Exception e) {
            throw new PKIException("8125", PKIException.SIGN_DES, e);
        }
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean updateKeyPair(Mechanism mechanism, JKey jKey, JKey jKey2, int i) throws PKIException {
        throw new PKIException("8128195", "PKIERRORNO updateKeyPair() JSoftLib didn't support Stream-Operation yet. ");
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean verifyMac(Mechanism mechanism, JKey jKey, InputStream inputStream, byte[] bArr) throws PKIException {
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals(Mechanism.HMAC_MD2) || mechanismType.equals(Mechanism.HMAC_MD5) || mechanismType.equals(Mechanism.HMAC_SHA1)) {
            try {
                return Parser.isEqualArray(mac(mechanism, jKey, inputStream), bArr);
            } catch (Exception e) {
                throw new PKIException("8124", PKIException.VERIFY_MAC_DES, e);
            }
        }
        throw new PKIException("8124", "Verify MAC operation failed This operation does not support this type of mechanism " + mechanismType);
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean verifyMac(Mechanism mechanism, JKey jKey, byte[] bArr, byte[] bArr2) throws PKIException {
        try {
            return Parser.isEqualArray(mac(mechanism, jKey, bArr), bArr2);
        } catch (Exception e) {
            throw new PKIException("8124", PKIException.VERIFY_MAC_DES, e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:57:0x0176 A[Catch: Exception -> 0x017a, LOOP:0: B:55:0x014c->B:57:0x0176, LOOP_END, TRY_LEAVE, TryCatch #1 {Exception -> 0x017a, blocks: (B:39:0x00e5, B:42:0x00f7, B:44:0x0117, B:47:0x0121, B:50:0x0128, B:52:0x012e, B:54:0x0141, B:55:0x014c, B:59:0x0152, B:61:0x0158, B:63:0x015e, B:65:0x0164, B:69:0x0171, B:73:0x016d, B:57:0x0176, B:74:0x0134, B:75:0x0139, B:76:0x00fd), top: B:38:0x00e5 }] */
    /* JADX WARN: Removed duplicated region for block: B:58:0x0152 A[EDGE_INSN: B:58:0x0152->B:59:0x0152 BREAK  A[LOOP:0: B:55:0x014c->B:57:0x0176], SYNTHETIC] */
    @Override // cn.com.jit.ida.util.pki.cipher.Session
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean verifySign(cn.com.jit.ida.util.pki.cipher.Mechanism r22, cn.com.jit.ida.util.pki.cipher.JKey r23, java.io.InputStream r24, byte[] r25) throws cn.com.jit.ida.util.pki.PKIException {
        /*
            Method dump skipped, instructions count: 634
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.com.jit.ida.util.pki.cipher.lib.JSoftLib.verifySign(cn.com.jit.ida.util.pki.cipher.Mechanism, cn.com.jit.ida.util.pki.cipher.JKey, java.io.InputStream, byte[]):boolean");
    }

    @Override // cn.com.jit.ida.util.pki.cipher.Session
    public boolean verifySign(Mechanism mechanism, JKey jKey, byte[] bArr, byte[] bArr2) throws PKIException {
        byte[] deConvertRSA;
        JKey jKey2 = jKey;
        byte[] bArr3 = bArr;
        if (!mechanism.isSignabled()) {
            throw new PKIException("8126", "Verify signature failed operation This operation does not support this type of mechanism " + mechanism.getMechanismType());
        }
        String mechanismType = mechanism.getMechanismType();
        PKIToolConfig pKIToolConfig = this.CfgTag;
        if (pKIToolConfig != null && pKIToolConfig.isSecpReplaceECDSA()) {
            if ("SHA1withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPubKeyType(jKey));
                mechanism.setSignType("SHA1");
            }
            if ("SHA224withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPubKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA224);
            }
            if ("SHA256withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPubKeyType(jKey));
                mechanism.setSignType("SHA256");
            }
            if ("SHA384withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPubKeyType(jKey));
                mechanism.setSignType(Mechanism.SHA384);
            }
            if ("SHA512withECDSA".equals(mechanism.getMechanismType())) {
                mechanism.setMechanismType(ECDSAParser.getECDSAPubKeyType(jKey));
                mechanism.setSignType("SHA512");
            }
        }
        String mechanismType2 = mechanism.getMechanismType();
        if (mechanismType2.equals(Mechanism.RSA_PKCS)) {
            try {
                return isEqualArray(doCipher(mechanism, jKey2, false, bArr2), bArr3);
            } catch (Exception e) {
                throw new PKIException("8125", PKIException.SIGN_DES, e);
            }
        }
        if (mechanismType2.equals("SM3withSM2Encryption") || mechanismType2.equals(Mechanism.SM3_SM2_RAW)) {
            try {
                SM2 Instance = SM2.Instance();
                ECPoint decodePoint = Instance.ecc_curve.decodePoint(mechanismType2.equals(Mechanism.SM3_SM2_RAW) ? jKey.getKey() : Util.hardKey2SoftPubKey(jKey));
                Mechanism mechanism2 = new Mechanism(Mechanism.SM3);
                if (mechanismType2.equals(Mechanism.SM3_SM2_RAW)) {
                    mechanism2 = new Mechanism(Mechanism.SM3_RAW);
                }
                mechanism2.setParam(jKey2);
                mechanism2.setUserId(mechanism.getUserId());
                mechanism2.setSmSignWithZ(mechanism.isSmSignWithZ());
                byte[] digest = digest(mechanism2, bArr3);
                SM2Result deConvertSM2 = mechanismType2.equals(Mechanism.SM3_SM2_RAW) ? FidoUtil.deConvertSM2(bArr2) : Util.JitHard2softSignData(bArr2);
                Instance.Sm2Verify(digest, decodePoint, deConvertSM2.r, deConvertSM2.s, deConvertSM2);
                return deConvertSM2.r.equals(deConvertSM2.R);
            } catch (Exception e2) {
                throw new PKIException("8126", PKIException.VERIFY_SIGN_DES, e2);
            }
        }
        if (Mechanism.SECP384_r1_RAW.equals(mechanismType2) || Mechanism.SECP384_r1_DER.equals(mechanismType2) || Mechanism.SECP256_r1_RAW.equals(mechanismType2) || Mechanism.SECP256_r1_DER.equals(mechanismType2) || Mechanism.SECP256_k1_RAW.equals(mechanismType2) || Mechanism.SECP256_k1_DER.equals(mechanismType2)) {
            try {
                Mechanism mechanism3 = new Mechanism(mechanism.getSignType());
                if (mechanism3.isDigestabled()) {
                    bArr3 = digest(mechanism3, bArr3);
                }
                if (Mechanism.SECP384_r1_DER.equals(mechanismType2) || Mechanism.SECP256_r1_DER.equals(mechanismType2) || Mechanism.SECP256_k1_DER.equals(mechanismType2)) {
                    jKey2 = FidoUtil.derKey2RawKey(jKey);
                }
                ECDSASigner eCDSASigner = new ECDSASigner();
                X9ECParameters byName = SECNamedCurves.getByName(mechanism.getNativeMechanismType());
                ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
                eCDSASigner.init(false, new ECPublicKeyParameters(eCDomainParameters.getCurve().decodePoint(jKey2.getKey()), eCDomainParameters));
                BigInteger[] deConvertSECP = FidoUtil.deConvertSECP(bArr2, mechanism);
                boolean verifySignature = eCDSASigner.verifySignature(bArr3, deConvertSECP[0], deConvertSECP[1]);
                PKIToolConfig pKIToolConfig2 = this.CfgTag;
                if (pKIToolConfig2 != null && pKIToolConfig2.isSecpReplaceECDSA()) {
                    mechanism.setMechanismType(mechanismType);
                }
                return verifySignature;
            } catch (Exception e3) {
                throw new PKIException("8126", PKIException.VERIFY_SIGN_DES, e3);
            }
        }
        try {
            Signature jitSignature = JitSignature.getInstance(mechanism.getNativeMechanismType(), "BC");
            if (Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) || Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2)) {
                jitSignature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
            }
            if (!Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) && !Mechanism.SHA256_RSA_RAW.equals(mechanismType2)) {
                if (Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2) || Mechanism.SHA256_RSA_DER.equals(mechanismType2)) {
                    jKey2 = FidoUtil.simpleDerKey2StandardDerKey4RSA(jKey2, mechanism);
                }
                jitSignature.initVerify(Parser.convertPublicKey(jKey2));
                jitSignature.update(bArr3);
                if (!Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2) && !Mechanism.SHA256_RSA_PSS_DER.equals(mechanismType2) && !Mechanism.SHA256_RSA_RAW.equals(mechanismType2) && !Mechanism.SHA256_RSA_DER.equals(mechanismType2)) {
                    deConvertRSA = bArr2;
                    return jitSignature.verify(deConvertRSA);
                }
                deConvertRSA = FidoUtil.deConvertRSA(bArr2, mechanism);
                return jitSignature.verify(deConvertRSA);
            }
            jKey2 = FidoUtil.rawKey2DerKey(jKey2, mechanism, mechanism.getKeyLength());
            jitSignature.initVerify(Parser.convertPublicKey(jKey2));
            jitSignature.update(bArr3);
            if (!Mechanism.SHA256_RSA_PSS_RAW.equals(mechanismType2)) {
                deConvertRSA = bArr2;
                return jitSignature.verify(deConvertRSA);
            }
            deConvertRSA = FidoUtil.deConvertRSA(bArr2, mechanism);
            return jitSignature.verify(deConvertRSA);
        } catch (Exception e4) {
            throw new PKIException("8126", PKIException.VERIFY_SIGN_DES, e4);
        }
    }
}
