package cn.com.infosec.mobile.netcert.framework.crypto.impl;

import cn.com.infosec.asn1.DERObjectIdentifier;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.x509.AlgorithmIdentifier;
import cn.com.infosec.asn1.x509.SubjectPublicKeyInfo;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.mobile.netcert.framework.crypto.CipherUtil;
import cn.com.infosec.mobile.netcert.framework.crypto.CryptoException;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import cn.com.infosec.mobile.netcert.framework.crypto.WrapedEncKeyByUser;
import cn.com.infosec.mobile.netcert.framework.crypto.impl.gm.SM2Impl;
import cn.com.infosec.x509.X509V3CertificateGenerator;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public class SoftImpl implements IHSM {
    private String alias = "infosec";
    private Map<String, PrivateKey> priMap = new HashMap();
    private Map<String, PublicKey> pubMap = new HashMap();
    private Map<String, byte[]> SM2priMap = new HashMap();
    private Map<String, PublicKey> SM2pubMap = new HashMap();
    private String[] supportedSymAlg_GM = {IHSM.SM4};

    private PrivateKey getRsaPrivateKey(String str, String str2, char[] cArr) throws Exception {
        if (!this.priMap.containsKey(str)) {
            File file = new File(str + ".jks");
            if (!file.exists()) {
                throw new CryptoException(str + " NOT found.");
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(fileInputStream, cArr);
            this.priMap.put(str, (PrivateKey) keyStore.getKey(this.alias, cArr));
            fileInputStream.close();
        }
        return this.priMap.get(str);
    }

    public byte[] asymDec(byte[] bArr, String str, String str2, char[] cArr) throws CryptoException {
        if (IHSM.RSA.equals(str2)) {
            try {
                PrivateKey rsaPrivateKey = getRsaPrivateKey(str, IHSM.ENC, cArr);
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
                cipher.init(2, rsaPrivateKey);
                cipher.update(bArr);
                return cipher.doFinal();
            } catch (Exception e) {
                throw new CryptoException(e);
            }
        }
        if (!IHSM.SM2.equals(str2)) {
            throw new CryptoException(str2 + " NOT support");
        }
        try {
            byte[] decrypt = SM2Impl.decrypt(bArr, getSM2PrivateKey(str, IHSM.ENC, cArr));
            if (decrypt != null) {
                return decrypt;
            }
            throw new CryptoException("sm2 decryption fail");
        } catch (Exception e2) {
            throw new CryptoException(e2);
        }
    }

    public byte[] asymEnc(byte[] bArr, PublicKey publicKey) throws CryptoException {
        if (IHSM.EC.equals(publicKey.getAlgorithm())) {
            try {
                return SM2Impl.encrypt(bArr, CipherUtil.sm2PublicKeyToByte(publicKey));
            } catch (Exception e) {
                throw new CryptoException(e);
            }
        }
        if (!IHSM.RSA.equals(publicKey.getAlgorithm())) {
            throw new CryptoException("public key Alg[" + publicKey.getAlgorithm() + "] is NOT support");
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
            cipher.init(1, publicKey);
            cipher.update(bArr);
            return cipher.doFinal();
        } catch (Exception e2) {
            throw new CryptoException(e2);
        }
    }

    public void clearCache() {
        this.priMap.clear();
        this.pubMap.clear();
        this.SM2priMap.clear();
        this.SM2pubMap.clear();
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public PublicKey exportPublicKey(String str, String str2, String str3, int i, char[] cArr) throws CryptoException {
        try {
            if (IHSM.RSA.equalsIgnoreCase(str)) {
                if (this.pubMap.containsKey(str3)) {
                    return this.pubMap.get(str3);
                }
                File file = new File(str3 + ".jks");
                if (file.exists()) {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, cArr);
                    fileInputStream.close();
                    PublicKey publicKey = keyStore.getCertificate(this.alias).getPublicKey();
                    this.pubMap.put(str3, publicKey);
                    return publicKey;
                }
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(IHSM.RSA, IHSM.INFOSEC);
                keyPairGenerator.initialize(i, new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                PrivateKey privateKey = generateKeyPair.getPrivate();
                PublicKey publicKey2 = generateKeyPair.getPublic();
                X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
                x509V3CertificateGenerator.setSerialNumber(new BigInteger("1"));
                x509V3CertificateGenerator.setSubjectDN(new X509Name("cn=test"));
                x509V3CertificateGenerator.setIssuerDN(new X509Name("cn=test"));
                x509V3CertificateGenerator.setNotBefore(new Date());
                x509V3CertificateGenerator.setNotAfter(new Date());
                x509V3CertificateGenerator.setPublicKey(publicKey2);
                x509V3CertificateGenerator.setSignatureAlgorithm(IHSM.SHA1withRSA);
                X509Certificate generate = x509V3CertificateGenerator.generate(privateKey);
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(null, null);
                keyStore2.setKeyEntry(this.alias, privateKey, cArr, new Certificate[]{generate});
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                keyStore2.store(fileOutputStream, cArr);
                fileOutputStream.close();
                this.pubMap.put(str3, publicKey2);
                this.priMap.put(str3, privateKey);
                return publicKey2;
            }
            if (!IHSM.SM2.equalsIgnoreCase(str)) {
                throw new CryptoException(str + " NOT support.");
            }
            if (this.SM2pubMap.containsKey(str3)) {
                return this.SM2pubMap.get(str3);
            }
            File file2 = new File(str3 + ".pub");
            if (file2.exists()) {
                FileInputStream fileInputStream2 = new FileInputStream(file2);
                byte[] bArr = new byte[fileInputStream2.available()];
                fileInputStream2.read(bArr);
                fileInputStream2.close();
                PublicKey generatePublic = KeyFactory.getInstance(IHSM.EC, IHSM.INFOSEC).generatePublic(new X509EncodedKeySpec(bArr));
                this.SM2pubMap.put(str3, generatePublic);
                return generatePublic;
            }
            byte[] bArr2 = new byte[32];
            byte[] bArr3 = new byte[65];
            SM2Impl.genKeyPair(bArr2, bArr3);
            byte[] PBEencrypt = CipherUtil.PBEencrypt(cArr, bArr2);
            FileOutputStream fileOutputStream2 = new FileOutputStream(new File(str3 + ".pri"));
            fileOutputStream2.write(PBEencrypt);
            fileOutputStream2.close();
            byte[] encoded = new SubjectPublicKeyInfo(new AlgorithmIdentifier(new DERObjectIdentifier(IHSM.SM2PublickOid), new DERObjectIdentifier("1.2.156.10197.1.301")), bArr3).getEncoded();
            FileOutputStream fileOutputStream3 = new FileOutputStream(file2);
            fileOutputStream3.write(encoded);
            fileOutputStream3.close();
            PublicKey generatePublic2 = KeyFactory.getInstance(IHSM.EC, IHSM.INFOSEC).generatePublic(new X509EncodedKeySpec(encoded));
            this.SM2priMap.put(str3, bArr2);
            this.SM2pubMap.put(str3, generatePublic2);
            return generatePublic2;
        } catch (Exception e) {
            throw new CryptoException(e);
        }
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public byte[][] genEncKeyPair(byte[] bArr, String str, int i, char[] cArr, String str2, String str3, String str4, int i2) throws CryptoException {
        throw new CryptoException("Not support");
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public byte[] genKEK(int i, String str, int i2, char[] cArr, String str2) throws CryptoException {
        throw new CryptoException("Not support");
    }

    public byte[] getSM2PrivateKey(String str, String str2, char[] cArr) throws Exception {
        if (!this.SM2priMap.containsKey(str)) {
            File file = new File(str + ".pri");
            if (!file.exists()) {
                throw new CryptoException(str + " NOT found.");
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            this.SM2priMap.put(str, CipherUtil.PBEdecrypt(cArr, bArr));
        }
        return this.SM2priMap.get(str);
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public String[] getSupportedSymAlg_GM() {
        return this.supportedSymAlg_GM;
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public void init() throws CryptoException {
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public byte[] reWrapPrivKeyByKek(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, String str2, int i, String str3, char[] cArr) throws CryptoException {
        throw new CryptoException("Not support");
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public void release() throws CryptoException {
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public void setSupportedSymAlg_GM(String[] strArr) {
        this.supportedSymAlg_GM = strArr;
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public byte[] sign(String str, int i, char[] cArr, byte[] bArr, String str2, String str3) throws CryptoException {
        String str4 = IHSM.SHA1withRSA;
        if (str2 != null) {
            try {
                if (str2.equalsIgnoreCase(IHSM.SHA1withRSA) || str2.equalsIgnoreCase(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) || str2.equalsIgnoreCase(IHSM.SHA256withRSA) || str2.equalsIgnoreCase(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                    if (str2.equalsIgnoreCase(IHSM.SHA256withRSA) || str2.equalsIgnoreCase(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                        str4 = IHSM.SHA256withRSA;
                    }
                    Signature signature = Signature.getInstance(str4, IHSM.INFOSEC);
                    signature.initSign(getRsaPrivateKey(str, IHSM.SIGN, cArr));
                    signature.update(bArr);
                    return signature.sign();
                }
            } catch (Exception e) {
                throw new CryptoException(e);
            }
        }
        if (str2 != null && (str2.equalsIgnoreCase(IHSM.SM3withSM2) || str2.equals("1.2.156.10197.1.501"))) {
            return SM2Impl.signHash((str3 == null || str3.length() <= 0) ? CipherUtil.hash(IHSM.SM3, bArr) : CipherUtil.SM3WithId(bArr, str3.getBytes(), exportPublicKey(IHSM.SM2, IHSM.SIGN, str, 256, cArr)), getSM2PrivateKey(str, IHSM.SIGN, cArr));
        }
        throw new CryptoException(str2 + " NOT support.");
    }

    public byte[] signSM2(byte[] bArr, PublicKey publicKey, byte[] bArr2, String str, String str2) throws CryptoException {
        if (str != null) {
            try {
                if (str.equalsIgnoreCase(IHSM.SM3withSM2) || str.equals("1.2.156.10197.1.501")) {
                    return SM2Impl.signHash((str2 == null || str2.length() <= 0) ? CipherUtil.hash(IHSM.SM3, bArr2) : CipherUtil.SM3WithId(bArr2, str2.getBytes(), publicKey), bArr);
                }
            } catch (Exception e) {
                throw new CryptoException(e);
            }
        }
        throw new CryptoException(str + " NOT support.");
    }

    public byte[] sm2Decrypt(byte[] bArr, byte[] bArr2, String str) throws CryptoException {
        if (!IHSM.SM2.equals(str)) {
            throw new CryptoException(str + " NOT support");
        }
        try {
            byte[] decrypt = SM2Impl.decrypt(bArr, bArr2);
            if (decrypt != null) {
                return decrypt;
            }
            throw new CryptoException("sm2 decryption fail");
        } catch (Exception e) {
            throw new CryptoException(e);
        }
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str, String str2) throws CryptoException {
        String str3 = IHSM.SHA1withRSA;
        if (str != null) {
            try {
                if (str.equalsIgnoreCase(IHSM.SHA1withRSA) || str.equalsIgnoreCase(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) || str.equalsIgnoreCase(IHSM.SHA256withRSA) || str.equalsIgnoreCase(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()) || str.equalsIgnoreCase(IHSM.MD5withRSA) || str.equalsIgnoreCase(PKCSObjectIdentifiers.md5WithRSAEncryption.getId()) || str.equals("1.3.14.3.2.3")) {
                    if (!str.equalsIgnoreCase(IHSM.SHA256withRSA) && !str.equalsIgnoreCase(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                        if (!str.equalsIgnoreCase(IHSM.SHA1withRSA) && !str.equalsIgnoreCase(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) && (str.equalsIgnoreCase(IHSM.MD5withRSA) || str.equalsIgnoreCase(PKCSObjectIdentifiers.md5WithRSAEncryption.getId()) || str.equals("1.3.14.3.2.3"))) {
                            str3 = IHSM.MD5withRSA;
                        }
                        Signature signature = Signature.getInstance(str3, IHSM.INFOSEC);
                        signature.initVerify(publicKey);
                        signature.update(bArr);
                        return signature.verify(bArr2);
                    }
                    str3 = IHSM.SHA256withRSA;
                    Signature signature2 = Signature.getInstance(str3, IHSM.INFOSEC);
                    signature2.initVerify(publicKey);
                    signature2.update(bArr);
                    return signature2.verify(bArr2);
                }
            } catch (Exception e) {
                throw new CryptoException(e);
            }
        }
        if ((str != null && str.equalsIgnoreCase(IHSM.SM3withSM2)) || str.equals("1.2.156.10197.1.501")) {
            return SM2Impl.verifyHash((str2 == null || str2.length() <= 0) ? CipherUtil.hash(IHSM.SM3, bArr) : CipherUtil.SM3WithId(bArr, str2.getBytes(), publicKey), bArr2, CipherUtil.sm2PublicKeyToByte(publicKey));
        }
        throw new CryptoException(str + " NOT support.");
    }

    @Override // cn.com.infosec.mobile.netcert.framework.crypto.IHSM
    public WrapedEncKeyByUser wrapPrivKeyByUserPubKey(byte[] bArr, byte[] bArr2, String str, String str2, String str3, char[] cArr, PublicKey publicKey, String str4) throws CryptoException {
        throw new CryptoException("Not support");
    }

    public byte[] wrapSymKey(String str, int i, String str2, String str3) throws CryptoException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, IHSM.INFOSEC);
            keyGenerator.init(i);
            SecretKey generateKey = keyGenerator.generateKey();
            PublicKey exportPublicKey = exportPublicKey(str3, IHSM.ENC, str2, 0, null);
            if (str3 != null && str3.equalsIgnoreCase(IHSM.RSA)) {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
                cipher.init(1, exportPublicKey);
                cipher.update(generateKey.getEncoded());
                return cipher.doFinal();
            }
            if (str3 != null && str3.equalsIgnoreCase(IHSM.SM2)) {
                return SM2Impl.encrypt(generateKey.getEncoded(), CipherUtil.sm2PublicKeyToByte(exportPublicKey));
            }
            throw new CryptoException(str3 + " NOT support.");
        } catch (Exception e) {
            throw new CryptoException(e);
        }
    }
}
