package cfca.mobile.scap;

import android.content.Context;
import android.util.Base64;
import cfca.mobile.constant.CFCAPublicConstant;
import cfca.mobile.exception.CodeException;
import cfca.mobile.scap.util.CFCAUtil;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes.dex */
public class SCAP {
    private static SCAP instance;
    private final NativeCrypto crypto;

    private SCAP(NativeCrypto nativeCrypto) {
        this.crypto = nativeCrypto;
    }

    public static synchronized SCAP getInstance(Context context) {
        SCAP scap;
        synchronized (SCAP.class) {
            if (instance == null) {
                if (context == null) {
                    throw new NullPointerException("Context is null");
                }
                instance = new SCAP(new NativeCrypto(context));
            }
            scap = instance;
        }
        return scap;
    }

    public static String getVersion() {
        return "5.1.3.1";
    }

    public void changePin(String str, String str2, CFCACertificate cFCACertificate) throws CodeException {
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter cert must not be null");
        CFCAUtil.checkNotEmpty(str, "Parameter oldPinCode must not be empty");
        CFCAUtil.checkNotEmpty(str2, "Parameter newPinCode must not be empty");
        int changePwd = this.crypto.changePwd(str, str2, cFCACertificate.getSerialNumber());
        CFCAUtil.checkResultCode(changePwd, "changePin failed: " + Long.toHexString(changePwd));
    }

    public void deleteAllCertificate() throws CodeException {
        int deleteAllCert = this.crypto.deleteAllCert();
        CFCAUtil.checkResultCode(deleteAllCert, "deleteAllCertificate failed: " + Integer.toHexString(deleteAllCert));
    }

    public void deleteCertificate(CFCACertificate cFCACertificate) throws CodeException {
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter cert must not be null");
        int deleteCert = this.crypto.deleteCert(cFCACertificate.getSerialNumber());
        CFCAUtil.checkResultCode(deleteCert, "deleteCertificate failed: " + Long.toHexString(deleteCert));
    }

    public String encodePKCS7SignatureWithTimestamp(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, boolean z2, CFCAPublicConstant.HASH_TYPE hash_type) throws CodeException {
        CFCAUtil.checkNotNull(bArr, "Parameter pkcs1Signature must not be null");
        CFCAUtil.checkNotNull(bArr2, "Parameter certificate must not be null");
        CFCAUtil.checkNotNull(bArr3, "Parameter data must not be null");
        CFCAUtil.checkNotNull(hash_type, "Parameter hash must not be null");
        CFCAUtil.checkArgument((z2 && bArr4 == null) ? false : true, "Parameter src must not be null while withSrc is true");
        CFCAUtil.checkArgument(bArr.length != 0, "Parameter pkcs1Signature must not be empty");
        JniResult<byte[]> encodeP7WithTimestamp = this.crypto.encodeP7WithTimestamp(bArr, bArr2, bArr3, bArr4, z2, hash_type.code());
        CFCAUtil.checkResultCode(encodeP7WithTimestamp.getErrorCode(), "encodePKCS7SignatureWithTimestamp failed: " + Long.toHexString(encodeP7WithTimestamp.getErrorCode()));
        return Base64.encodeToString(encodeP7WithTimestamp.getResult(), 2);
    }

    public byte[] envelopeDecryptMessage(String str, String str2, CFCACertificate cFCACertificate) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter pin must not be null");
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter certificate must not be null");
        CFCAUtil.checkNotEmpty(str2, "Parameter ciphertext must not be empty");
        JniResult<byte[]> envelopeDecryption = this.crypto.envelopeDecryption(str, CFCAUtil.checkAndParseBase64(str2), cFCACertificate.getSerialNumber());
        CFCAUtil.checkResultCode(envelopeDecryption.getErrorCode(), "envelopeDecryptMessage failed: " + Long.toHexString(envelopeDecryption.getErrorCode()));
        return envelopeDecryption.getResult();
    }

    public String envelopeEncryptMessage(byte[] bArr, CFCACertificate cFCACertificate, CFCAPublicConstant.SYMMETRIC_ALGORITHM symmetric_algorithm) throws CodeException {
        CFCAUtil.checkNotNull(bArr, "Parameter plaintext must not be null");
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter certificate must not be null");
        CFCAUtil.checkNotNull(symmetric_algorithm, "Parameter alg must not be null");
        CFCAPublicConstant.CERT_TYPE certType = cFCACertificate.getCertType();
        CFCAPublicConstant.CERT_TYPE cert_type = CFCAPublicConstant.CERT_TYPE.CERT_SM2;
        if (certType == cert_type && symmetric_algorithm != CFCAPublicConstant.SYMMETRIC_ALGORITHM.ALG_SM4) {
            throw new CodeException(537006081L, "SM2 certificate should use SM4 algorithem");
        }
        if (cFCACertificate.getCertType() != cert_type && symmetric_algorithm == CFCAPublicConstant.SYMMETRIC_ALGORITHM.ALG_SM4) {
            throw new CodeException(537006081L, "RSA certificate should use DES3_CBC or RC4 algorithem");
        }
        JniResult<byte[]> envelopeEncryption = this.crypto.envelopeEncryption(bArr, symmetric_algorithm.code(), cFCACertificate.getDercode());
        CFCAUtil.checkResultCode(envelopeEncryption.getErrorCode(), "envelopeEncryptMessage failed: " + Long.toHexString(envelopeEncryption.getErrorCode()));
        return Base64.encodeToString(envelopeEncryption.getResult(), 2);
    }

    public String generateCertReq(CFCAPublicConstant.CERT_TYPE cert_type, String str) throws CodeException {
        return generateCertReq(cert_type, str, CFCAPublicConstant.CERT_SYS.SINGLE_CERT);
    }

    public String generateCertReq(CFCAPublicConstant.CERT_TYPE cert_type, String str, CFCAPublicConstant.CERT_SYS cert_sys) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter pinCode must not be empty");
        CFCAUtil.checkNotNull(cert_type, "Parameter certType must not be null");
        CFCAUtil.checkNotNull(cert_sys, "Parameter certSys must not be null");
        JniResult<byte[]> createP10Request = this.crypto.createP10Request(CFCAPublicConstant.SUBJECT, str, cert_type.code(), cert_sys.code());
        CFCAUtil.checkResultCode(createP10Request.getErrorCode(), "createP10Request failed: " + Long.toHexString(createP10Request.getErrorCode()));
        return Base64.encodeToString(createP10Request.getResult(), 2);
    }

    public String generateTimestampReq(CFCAPublicConstant.HASH_TYPE hash_type, byte[] bArr) throws CodeException {
        CFCAUtil.checkNotNull(hash_type, "Parameter hash must not be null");
        CFCAUtil.checkNotNull(bArr, "Parameter data must not be null");
        CFCAUtil.checkArgument(hash_type == CFCAPublicConstant.HASH_TYPE.HASH_SHA1 || hash_type == CFCAPublicConstant.HASH_TYPE.HASH_SHA256 || hash_type == CFCAPublicConstant.HASH_TYPE.HASH_SHA384 || hash_type == CFCAPublicConstant.HASH_TYPE.HASH_SHA512, "Hash type must be sha1 or sha256");
        JniResult<byte[]> generateTimestampReq = this.crypto.generateTimestampReq(hash_type.code(), bArr);
        CFCAUtil.checkResultCode(generateTimestampReq.getErrorCode(), "generateTimestampReq failed: " + Long.toHexString(generateTimestampReq.getErrorCode()));
        return Base64.encodeToString(generateTimestampReq.getResult(), 2);
    }

    public CFCACertificate getCertificateWithSn(String str) {
        List<CFCACertificate> certificates = getCertificates();
        for (int i2 = 0; i2 < certificates.size(); i2++) {
            CFCACertificate cFCACertificate = certificates.get(i2);
            if (CFCAUtil.SerialNumberEquals(str, cFCACertificate.getSerialNumber())) {
                return cFCACertificate;
            }
        }
        return null;
    }

    public List<CFCACertificate> getCertificates() {
        try {
            JniResult<List<CFCACertificate>> allCert = this.crypto.getAllCert();
            CFCAUtil.checkResultCode(allCert.getErrorCode(), "getAllCert failed: " + Long.toHexString(allCert.getErrorCode()));
            return allCert.getResult();
        } catch (CodeException unused) {
            return new ArrayList();
        }
    }

    public void importCertificate(String str) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter strCert must not be empty");
        int importCert = this.crypto.importCert(CFCAUtil.checkAndParseBase64(str));
        CFCAUtil.checkResultCode(importCert, "importCert failed: " + Long.toHexString(importCert));
    }

    public void importDoubleCertificate(String str, String str2, String str3) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter strSignCert must not be empty");
        CFCAUtil.checkNotEmpty(str2, "Parameter strEncryptCert must not be empty");
        CFCAUtil.checkNotEmpty(str3, "Parameter strPri must not be empty");
        int importDoubleCert = this.crypto.importDoubleCert(CFCAUtil.checkAndParseBase64(str.replace(",", "")), CFCAUtil.checkAndParseBase64(str2.replace(",", "")), str3);
        CFCAUtil.checkResultCode(importDoubleCert, "importDoubleCert failed: " + Long.toHexString(importDoubleCert));
    }

    public CFCACertificate parseCertificateBase64(String str) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter certificateBase64 must not be null");
        return parseCertificateDercode(CFCAUtil.checkAndParseBase64(str));
    }

    public CFCACertificate parseCertificateDercode(byte[] bArr) throws CodeException {
        CFCAUtil.checkNotNull(bArr, "Parameter certificate must not be null");
        JniResult<CFCACertificate> parseCertificate = this.crypto.parseCertificate(bArr);
        CFCAUtil.checkResultCode(parseCertificate.getErrorCode(), "parseCertificate failed: " + Long.toHexString(parseCertificate.getErrorCode()));
        return parseCertificate.getResult();
    }

    public String signHashData(String str, byte[] bArr, CFCAPublicConstant.HASH_TYPE hash_type, CFCAPublicConstant.SIGN_FORMAT sign_format, CFCACertificate cFCACertificate) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter pinCode must not be empty");
        CFCAUtil.checkNotNull(bArr, "Parameter srcData must not be null");
        CFCAUtil.checkNotNull(hash_type, "Parameter hashType must not be null");
        CFCAUtil.checkNotNull(sign_format, "Parameter signType must not be null");
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter cert must not be null");
        boolean z2 = true;
        CFCAUtil.checkArgument(sign_format != CFCAPublicConstant.SIGN_FORMAT.SIGN_PKCS7_A, "signHashData doesn't support PKCS7_ATTACH");
        if (cFCACertificate.getKeyUsage() != CFCAPublicConstant.KEY_USAGE.USAGE_SIGN_AND_ENCRYPT && cFCACertificate.getKeyUsage() != CFCAPublicConstant.KEY_USAGE.USAGE_SIGN) {
            z2 = false;
        }
        CFCAUtil.checkArgument(z2, "Certificate key usage can not support sign");
        JniResult<byte[]> signHashData = this.crypto.signHashData(str, bArr, hash_type.code(), sign_format.code(), cFCACertificate.getSerialNumber());
        CFCAUtil.checkResultCode(signHashData.getErrorCode(), "signHashData failed: " + Integer.toHexString(signHashData.getErrorCode()));
        return Base64.encodeToString(signHashData.getResult(), 2);
    }

    public String signMessage(String str, byte[] bArr, CFCAPublicConstant.HASH_TYPE hash_type, CFCAPublicConstant.SIGN_FORMAT sign_format, CFCACertificate cFCACertificate) throws CodeException {
        CFCAUtil.checkNotEmpty(str, "Parameter pinCode must not be empty");
        CFCAUtil.checkNotNull(bArr, "Parameter srcData must not be null");
        CFCAUtil.checkNotNull(hash_type, "Parameter hashType must not be null");
        CFCAUtil.checkNotNull(sign_format, "Parameter signType must not be null");
        CFCAUtil.checkNotNull(cFCACertificate, "Parameter cert must not be null");
        CFCAUtil.checkArgument(cFCACertificate.getKeyUsage() == CFCAPublicConstant.KEY_USAGE.USAGE_SIGN_AND_ENCRYPT || cFCACertificate.getKeyUsage() == CFCAPublicConstant.KEY_USAGE.USAGE_SIGN, "Certificate key usage can not support sign");
        JniResult<byte[]> signMsg = this.crypto.signMsg(str, bArr, hash_type.code(), sign_format.code(), cFCACertificate.getSerialNumber());
        CFCAUtil.checkResultCode(signMsg.getErrorCode(), "signMessage failed: " + Integer.toHexString(signMsg.getErrorCode()));
        return Base64.encodeToString(signMsg.getResult(), 2);
    }

    public String updateTimestampInPKCS7Signature(byte[] bArr, byte[] bArr2) throws CodeException {
        CFCAUtil.checkNotNull(bArr, "Parameter pkcs7Signature must not be null");
        CFCAUtil.checkNotNull(bArr2, "Parameter timestampResp must not be null");
        JniResult<byte[]> updateTimestamp = this.crypto.updateTimestamp(bArr, bArr2);
        CFCAUtil.checkResultCode(updateTimestamp.getErrorCode(), "updateTimestampInPKCS7Signature failed: " + Long.toHexString(updateTimestamp.getErrorCode()));
        return Base64.encodeToString(updateTimestamp.getResult(), 2);
    }
}
