package com.redshield.ebl;

import cn.com.syan.jce.constant.JCEAlgorithmIdentifier;
import cn.com.syan.jce.constant.UserId;
import cn.com.syan.jce.exception.EblHsmException;
import cn.com.syan.jce.pool.SessionPool;
import cn.com.syan.jce.service.JceService;
import cn.com.syan.sdfapi.entity.RsaPublicKey;
import cn.com.syan.utils.CertificateUtil;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.pkcs.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/redshield/ebl/EblHsmEx.class */
public abstract class EblHsmEx {
    private String pin;

    public static EblHsmEx getHardInstance() {
        return new HSM();
    }

    public static EblHsmEx getHardInstance(String str) {
        return new HSM(str);
    }

    public static EblHsmEx getSoftInstance() {
        return new SSM();
    }

    public static EblHsmEx getHardInstanceEx(byte[] bArr) {
        return new HSM(bArr);
    }

    public static EblHsmEx getHardInstanceEx(byte[] bArr, String str, String str2) {
        return new HSM(bArr, str, str2);
    }

    public abstract String genLicenseCode(String str);

    public abstract int writeLicenseCode(String str);

    public abstract String sealEnvelope(String str, String str2);

    public abstract String generateCSR(String str, int i);

    public abstract String openEnvelope(int i, String str);

    public String encrypt(int i, String str, byte[] bArr, byte[] bArr2) {
        return Base64.getEncoder().encodeToString(internalCipher(0, i, str, bArr, bArr2));
    }

    public byte[] encryptBytes(int i, String str, byte[] bArr, byte[] bArr2) {
        return internalCipher(0, i, str, bArr, bArr2);
    }

    public byte[] decrypt(int i, String str, byte[] bArr, String str2) {
        return internalCipher(1, i, str, bArr, Base64.getDecoder().decode(str2));
    }

    public byte[] decrypt(int i, String str, byte[] bArr, byte[] bArr2) {
        return internalCipher(1, i, str, bArr, bArr2);
    }

    public abstract byte[] internalCipher(int i, int i2, String str, byte[] bArr, byte[] bArr2);

    public abstract byte[][] internalBatchCipher(int i, int i2, String str, byte[][] bArr, byte[][] bArr2);

    public abstract byte[] internalMAC(int i, String str, byte[] bArr);

    public void fileDoCipherExternal(InputStream inputStream, OutputStream outputStream, int i, String str, String str2, String str3, byte[] bArr, byte[] bArr2, int i2) throws Exception {
        if (inputStream == null || outputStream == null || str == null || str.isEmpty() || str2 == null || str2.isEmpty() || str3 == null || str3.isEmpty() || bArr == null || bArr.length == 0) {
            throw new Exception("Empty parameter");
        }
        byte[] bArr3 = new byte[RsaPublicKey.RSA_MAX_BITS];
        if (i2 > 0) {
            inputStream.skip(i2);
        }
        byte[] bArr4 = null;
        while (true) {
            int read = inputStream.read(bArr3);
            if (read == -1) {
                break;
            }
            byte[] bArr5 = new byte[read];
            System.arraycopy(bArr3, 0, bArr5, 0, read);
            if (read < bArr3.length) {
                bArr4 = bArr5;
            } else {
                byte[] cipher = i == 1 ? str2.equalsIgnoreCase("ECB") ? cipher(str, 0, 0, 0, bArr, bArr2, bArr5) : cipher(str, 0, 1, 0, bArr, bArr2, bArr5) : str2.equalsIgnoreCase("ECB") ? cipher(str, 1, 0, 0, bArr, bArr2, bArr5) : cipher(str, 1, 1, 0, bArr, bArr2, bArr5);
                if (cipher != null) {
                    outputStream.write(cipher);
                }
            }
        }
        if (bArr4 != null) {
            byte[] cipher2 = i == 1 ? str2.equalsIgnoreCase("ECB") ? cipher(str, 0, 0, 1, bArr, bArr2, bArr4) : cipher(str, 0, 1, 1, bArr, bArr2, bArr4) : str2.equalsIgnoreCase("ECB") ? cipher(str, 1, 0, 1, bArr, bArr2, bArr4) : cipher(str, 1, 1, 1, bArr, bArr2, bArr4);
            if (cipher2 != null) {
                outputStream.write(cipher2);
            }
        }
    }

    public void fileDoCipherInternal(InputStream inputStream, OutputStream outputStream, int i, String str, String str2, Integer num, byte[] bArr, int i2) throws Exception {
        if (inputStream == null || outputStream == null || str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new Exception("Empty parameter");
        }
        byte[] bArr2 = new byte[RsaPublicKey.RSA_MAX_BITS];
        if (i2 > 0) {
            inputStream.skip(i2);
        }
        byte[] bArr3 = null;
        while (true) {
            int read = inputStream.read(bArr2);
            if (read == -1) {
                break;
            }
            byte[] bArr4 = new byte[read];
            System.arraycopy(bArr2, 0, bArr4, 0, read);
            if (read < bArr2.length) {
                bArr3 = bArr4;
            } else {
                String str3 = str + "/" + str2 + "/CUSTOMPadding";
                byte[] internalCipher = i == 1 ? internalCipher(0, num.intValue(), str3, bArr, bArr4) : internalCipher(1, num.intValue(), str3, bArr, bArr4);
                if (internalCipher != null) {
                    outputStream.write(internalCipher);
                }
            }
        }
        if (bArr3 != null) {
            String str4 = str + "/" + str2 + "/PKCS5Padding";
            byte[] internalCipher2 = i == 1 ? internalCipher(0, num.intValue(), str4, bArr, bArr3) : internalCipher(1, num.intValue(), str4, bArr, bArr3);
            if (internalCipher2 != null) {
                outputStream.write(internalCipher2);
            }
        }
    }

    public abstract String hmac(byte[] bArr, String str, byte[] bArr2);

    public abstract byte[] hmacBytes(byte[] bArr, String str, byte[] bArr2);

    public abstract byte[] generateRandom(int i);

    public abstract String sm3(byte[] bArr);

    public abstract byte[] sm3Bytes(byte[] bArr);

    public abstract String sm3WithPubkey(byte[] bArr, PublicKey publicKey);

    public abstract byte[] sm3WithPubkeyBytes(byte[] bArr, PublicKey publicKey);

    public abstract String sm3WithCert(byte[] bArr, String str);

    public abstract byte[] sm3WithCertBytes(byte[] bArr, String str);

    public abstract String sm3WithPubkey(byte[] bArr, String str);

    public abstract byte[] sm3WithPubkeyBytes(byte[] bArr, String str);

    public abstract String sm4EcbEncrypt(byte[] bArr, byte[] bArr2);

    public abstract byte[] sm4EcbEncryptBytes(byte[] bArr, byte[] bArr2);

    public abstract byte[] sm4EcbDecrypt(byte[] bArr, String str);

    public abstract byte[] sm4EcbDecrypt(byte[] bArr, byte[] bArr2);

    public abstract String sm4CbcEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3);

    public abstract byte[] sm4CbcEncryptBytes(byte[] bArr, byte[] bArr2, byte[] bArr3);

    public abstract byte[] sm4CbcDecrypt(byte[] bArr, byte[] bArr2, String str);

    public abstract byte[] sm4CbcDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3);

    public abstract byte[] cipher(String str, int i, int i2, int i3, byte[] bArr, byte[] bArr2, byte[] bArr3);

    public abstract String signDigest(int i, String str);

    public abstract byte[] signDigest(int i, byte[] bArr);

    public abstract byte[] signDigestWithoutCheckPin(int i, byte[] bArr);

    public abstract String signDigestRS(int i, String str);

    public abstract byte[] signDigestRS(int i, byte[] bArr);

    public abstract String signDigestAsn1(int i, String str);

    public abstract byte[] signDigestAsn1(int i, byte[] bArr);

    public abstract String sign(int i, byte[] bArr);

    public abstract byte[] signBytes(int i, byte[] bArr);

    public abstract String signAsn1(int i, byte[] bArr);

    public abstract byte[] signAsn1Bytes(int i, byte[] bArr);

    public abstract String signRS(int i, byte[] bArr);

    public abstract byte[] signRSBytes(int i, byte[] bArr);

    public abstract boolean verifySignDigest(String str, String str2, String str3);

    public abstract boolean verifySignDigest(PublicKey publicKey, String str, String str2);

    public abstract boolean verifySignDigest(PublicKey publicKey, byte[] bArr, byte[] bArr2);

    public abstract boolean verifySign(String str, String str2, byte[] bArr);

    public abstract boolean verifySign(String str, byte[] bArr, byte[] bArr2);

    public abstract boolean verifySign(PublicKey publicKey, String str, byte[] bArr);

    public abstract boolean verifySign(PublicKey publicKey, byte[] bArr, byte[] bArr2);

    public abstract String encryptEcc(PublicKey publicKey, String str);

    public abstract byte[] encryptEcc(PublicKey publicKey, byte[] bArr);

    public abstract String decryptEcc(int i, String str);

    public abstract byte[] decryptEcc(int i, byte[] bArr);

    public abstract PublicKey exportPublicKey(int i, boolean z);

    public abstract byte[] internalCMAC(int i, String str, byte[] bArr, byte[] bArr2);

    public abstract byte[] CMAC(byte[] bArr, String str, byte[] bArr2, byte[] bArr3);

    public List<Map<String, String>> batchEncrypt(int i, String str, byte[] bArr, List<Map<String, String>> list) {
        return internalCipher(0, i, str, bArr, list);
    }

    public List<Map<String, String>> batchDecrypt(int i, String str, byte[] bArr, List<Map<String, String>> list) {
        return internalCipher(1, i, str, bArr, list);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    public List<Map<String, String>> internalCipher(int i, int i2, String str, byte[] bArr, List<Map<String, String>> list) throws EblHsmException {
        validateDataMapList(list);
        ArrayList arrayList = new ArrayList();
        ?? r0 = new byte[list.size()];
        ?? r02 = new byte[list.size()];
        initializeArrays(i, list, r0, r02, bArr);
        populateResultMapList(i, list, arrayList, internalBatchCipher(i, i2, str, r02, r0));
        return arrayList;
    }

    private void validateDataMapList(List<Map<String, String>> list) throws EblHsmException {
        if (list == null || list.isEmpty()) {
            throw new EblHsmException("数据不存在");
        }
    }

    private void initializeArrays(int i, List<Map<String, String>> list, byte[][] bArr, byte[][] bArr2, byte[] bArr3) throws EblHsmException {
        if (bArr3 == null) {
            bArr3 = new byte[16];
        }
        for (int i2 = 0; i2 < list.size(); i2++) {
            Map<String, String> map = list.get(i2);
            validateKey(map);
            if (i == 0) {
                validateData(map);
                bArr[i2] = Base64.getDecoder().decode(map.get("data"));
                if (bArr2 != null) {
                    bArr2[i2] = bArr3;
                }
            } else if (i == 1) {
                validateCipher(map);
                bArr[i2] = Base64.getDecoder().decode(map.get("cipher"));
                if (bArr2 != null) {
                    bArr2[i2] = (byte[]) bArr3.clone();
                }
            }
        }
    }

    private void validateKey(Map<String, String> map) throws EblHsmException {
        if (map.get("key") == null || map.get("key").isEmpty()) {
            throw new EblHsmException("数据格式错误");
        }
    }

    private void validateData(Map<String, String> map) throws EblHsmException {
        if (map.get("data") == null || map.get("data").isEmpty()) {
            throw new EblHsmException("数据格式错误");
        }
    }

    private void validateCipher(Map<String, String> map) throws EblHsmException {
        if (map.get("cipher") == null || map.get("cipher").isEmpty()) {
            throw new EblHsmException("数据格式错误");
        }
    }

    private void populateResultMapList(int i, List<Map<String, String>> list, List<Map<String, String>> list2, byte[][] bArr) {
        for (int i2 = 0; i2 < bArr.length; i2++) {
            byte[] bArr2 = bArr[i2];
            System.out.println(Arrays.toString(bArr2));
            Map<String, String> map = list.get(i2);
            HashMap hashMap = new HashMap();
            hashMap.put("key", map.get("key"));
            if (i == 0) {
                hashMap.put("data", map.get("data"));
                hashMap.put("cipher", Base64.getEncoder().encodeToString(bArr2));
            } else {
                hashMap.put("data", Base64.getEncoder().encodeToString(bArr2));
                hashMap.put("cipher", map.get("cipher"));
            }
            list2.add(hashMap);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkPin(JceService jceService, int i) throws SignatureException {
        int accessPrivateKey = jceService.accessPrivateKey(null, i, getPin().getBytes(), getPin().length());
        if (accessPrivateKey != 0) {
            throw new SignatureException("Error code " + String.format("0x%2X", Integer.valueOf(accessPrivateKey)));
        }
    }

    public static String fromP1ToP7a(String str, String str2, String str3, String str4) {
        return fromP1ToP7(str, str2, str3, str4);
    }

    public static String fromP1ToP7d(String str, String str2, String str3) {
        return fromP1ToP7(str, null, str2, str3);
    }

    public static String fromP1ToP7(String str, String str2, String str3, String str4) {
        Certificate certificate = Certificate.getInstance(Base64.getDecoder().decode(str4));
        Certificate certificate2 = null;
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (str3 != null && !str3.isEmpty()) {
            certificate2 = Certificate.getInstance(Base64.getDecoder().decode(str3));
        }
        if (str != null && !str.isEmpty()) {
            bArr = Base64.getDecoder().decode(str);
        }
        if (str2 != null && !str2.isEmpty()) {
            bArr2 = Base64.getDecoder().decode(str2);
        }
        try {
            return Base64.getEncoder().encodeToString(makeSignedData(certificate, certificate2, bArr, bArr2));
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    public abstract void free();

    public static void initEblHsmEx(String str) {
        HSM.globalInit(null, str);
    }

    public static void initEblHsmEx() {
        HSM.globalInit(null);
    }

    public static void initEblHsmExPool() {
        HSM.globalInit(null);
        HSM.setIsOpenConnectionPool(true);
    }

    public static void initEblHsmExPoolAndSize(int i) {
        HSM.globalInit(null);
        HSM.setIsOpenConnectionPool(true);
        SessionPool.setQueueCapacity(i);
    }

    public static void initEblHsmExWithConfig(byte[] bArr) {
        HSM.globalInit(bArr);
    }

    public static void initEblHsmExWithConfig(byte[] bArr, String str) {
        HSM.globalInit(bArr, str);
    }

    public static void initEblHsmExWithConfigEx(byte[] bArr, String str) {
        HSM.globalInitEx(bArr, str);
    }

    public static void initEblHsmExWithConfigEx(byte[] bArr, String str, String str2) {
        HSM.globalInitEx(bArr, str, str2);
    }

    public static void destroyEblHsm() {
        HSM.closeGlobalDev();
    }

    public boolean isRevoked(String str, byte[] bArr, InputStream inputStream) {
        Security.addProvider(new BouncyCastleProvider());
        try {
            X509Certificate buildX509Certificate = CertificateUtil.buildX509Certificate(str);
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(inputStream);
            try {
                x509crl.verify(CertificateUtil.buildX509Certificate(bArr).getPublicKey(), (Provider) new BouncyCastleProvider());
                return x509crl.getRevokedCertificate(buildX509Certificate) == null;
            } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (CRLException | CertificateException e2) {
            throw new EblHsmException(e2.getMessage());
        }
    }

    private static byte[] makeSignedData(Certificate certificate, Certificate certificate2, byte[] bArr, byte[] bArr2) throws Exception {
        ASN1Integer aSN1Integer = new ASN1Integer(1L);
        DERSet dERSet = new DERSet(new AlgorithmIdentifier(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.SM3_ALGORITHM_OID), (ASN1Encodable) null));
        ContentInfo contentInfo = new ContentInfo(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.PKCS7_SM2_DATA_OID), bArr2 == null ? null : new BEROctetString(bArr2));
        DERSet dERSet2 = new DERSet(getSignerInfo(certificate, bArr));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate);
        if (certificate2 != null) {
            aSN1EncodableVector.add(certificate2);
        }
        return new ContentInfo(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.PKCS7_SM2_SIGNED_DATA_OID), new SignedData(aSN1Integer, dERSet, contentInfo, new DERSet(aSN1EncodableVector), (ASN1Set) null, dERSet2)).toASN1Primitive().getEncoded("DER");
    }

    private static SignerInfo getSignerInfo(Certificate certificate, byte[] bArr) throws Exception {
        try {
            return new SignerInfo(new ASN1Integer(1L), new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue()), new AlgorithmIdentifier(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.SM3_ALGORITHM_OID), (ASN1Encodable) null), (ASN1Set) null, new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.301.1")), new DEROctetString(bArr), (ASN1Set) null);
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    public void setPin(String str) {
        this.pin = str;
    }

    public String getPin() {
        return this.pin == null ? UserId.Pass : this.pin;
    }
}
