package cn.com.syan.ebl;

import cn.com.syan.jce.constant.ErrorCode;
import cn.com.syan.jce.constant.JCEAlgorithmIdentifier;
import cn.com.syan.jce.entity.ECCSdfPublicKey;
import cn.com.syan.jce.exception.EblHsmException;
import cn.com.syan.jce.exception.InputBlockSizeException;
import cn.com.syan.jce.exception.ServiceException;
import cn.com.syan.jce.implSpi.SDFKeyStoreSpi;
import cn.com.syan.jce.service.JceService;
import cn.com.syan.jce.service.impl.JceServiceImpl;
import cn.com.syan.sdfapi.DCUtil;
import cn.com.syan.sdfapi.entity.EccPublicKey;
import cn.com.syan.sdfapi.entity.EccSignature;
import cn.com.syan.sdfapi.entity.RsaPublicKey;
import cn.com.syan.utils.CertificateUtil;
import cn.com.syan.utils.SM4Util;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.pkcs.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;

/* loaded from: input_file:cn/com/syan/ebl/EblHsmEx.class */
public class EblHsmEx {
    public static String genLicenseCode(String str) {
        JceServiceImpl jceServiceImpl = null;
        try {
            try {
                jceServiceImpl = new JceServiceImpl();
                byte[] bArr = new byte[RsaPublicKey.RSA_MAX_PBITS];
                int[] iArr = new int[1];
                if (jceServiceImpl.genLicenseCode(str.getBytes(), bArr, iArr) != 0) {
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return null;
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jceServiceImpl != null) {
                jceServiceImpl.closeSession();
            }
            throw th;
        }
    }

    public static int writeLicenseCode(String str) {
        JceServiceImpl jceServiceImpl = null;
        try {
            try {
                jceServiceImpl = new JceServiceImpl();
                int writeLicenseCode = jceServiceImpl.writeLicenseCode(Base64.getDecoder().decode(str));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return writeLicenseCode;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jceServiceImpl != null) {
                jceServiceImpl.closeSession();
            }
            throw th;
        }
    }

    public static String sealEnvelope(String str, String str2) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] addPkcs5Padding = addPkcs5Padding(Base64.getDecoder().decode(str2), 1);
                if (addPkcs5Padding == null) {
                    throw new SignatureException("padding error");
                }
                byte[] bArr = new byte[addPkcs5Padding.length + 256];
                int[] iArr = {bArr.length};
                int sealEnvelope = jceServiceImpl.sealEnvelope(ErrorCode.SGD_SM4_ECB, Base64.getDecoder().decode(str), addPkcs5Padding, bArr, iArr);
                if (sealEnvelope != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(sealEnvelope)));
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String generateCSR(String str, int i) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                checkPin(jceServiceImpl, i);
                byte[] bArr = new byte[str.length() + RsaPublicKey.RSA_MAX_BITS];
                int[] iArr = {bArr.length};
                int generateCSR = jceServiceImpl.generateCSR(i, str.getBytes(), bArr, iArr);
                if (generateCSR != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(generateCSR)));
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String openEnvelope(int i, String str) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] decode = Base64.getDecoder().decode(str);
                byte[] bArr = new byte[decode.length];
                int[] iArr = {bArr.length};
                checkPin(jceServiceImpl, i);
                int openEnvelope = jceServiceImpl.openEnvelope(i, decode, bArr, iArr);
                if (openEnvelope != 0) {
                    throw new SignatureException("Error code " + String.format("0x%2X", Integer.valueOf(openEnvelope)));
                }
                byte[] byteSub = DCUtil.byteSub(bArr, 0, iArr[0]);
                if (isLastPkg(byteSub)) {
                    String encodeToString = Base64.getEncoder().encodeToString(removePkcs5Padding(byteSub));
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return encodeToString;
                }
                String encodeToString2 = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString2;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String encrypt(int i, String str, byte[] bArr, byte[] bArr2) {
        return Base64.getEncoder().encodeToString(internalCipher(0, i, str, bArr, bArr2));
    }

    public static byte[] decrypt(int i, String str, byte[] bArr, String str2) {
        return internalCipher(1, i, str, bArr, Base64.getDecoder().decode(str2));
    }

    public static byte[] internalCipher(int i, int i2, String str, byte[] bArr, byte[] bArr2) {
        int i3;
        int i4;
        byte[] addPkcs5Padding;
        String[] split = str.split("/");
        if (split.length != 3) {
            throw new ServiceException(-1, "不支持的算法");
        }
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        if (str2.equalsIgnoreCase("sm1")) {
            i3 = 256;
        } else {
            if (!str2.equalsIgnoreCase("sm4")) {
                throw new ServiceException(-1, "不支持的算法");
            }
            i3 = 1024;
        }
        if (str3.equalsIgnoreCase("ecb")) {
            i4 = 1;
        } else if (str3.equalsIgnoreCase("cbc")) {
            i4 = 2;
        } else if (str3.equalsIgnoreCase("cfb")) {
            i4 = 4;
        } else {
            if (!str3.equalsIgnoreCase("ofb")) {
                throw new ServiceException(-1, "不支持的算法");
            }
            i4 = 8;
        }
        int i5 = 0;
        if (str4.equalsIgnoreCase("PKCS5Padding")) {
            i5 = 1;
        }
        if (str4.equalsIgnoreCase("CUSTOMPadding")) {
            i5 = 2;
        }
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                if (i == 0) {
                    if (i5 == 1 || i5 == 2) {
                        addPkcs5Padding = addPkcs5Padding(bArr2, i5);
                        if (addPkcs5Padding == null) {
                            throw new SignatureException("padding error");
                        }
                    } else {
                        addPkcs5Padding = bArr2;
                    }
                    byte[] bArr3 = new byte[addPkcs5Padding.length + 256];
                    int[] iArr = {bArr3.length};
                    int internalSymkeyEncrypt = jceServiceImpl.internalSymkeyEncrypt(i3 | i4, i2, bArr, addPkcs5Padding, bArr3, iArr);
                    if (internalSymkeyEncrypt != 0) {
                        throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(internalSymkeyEncrypt)));
                    }
                    byte[] byteSub = DCUtil.byteSub(bArr3, 0, iArr[0]);
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return byteSub;
                }
                byte[] bArr4 = new byte[bArr2.length];
                int[] iArr2 = {bArr4.length};
                int internalSymkeyDecrypt = jceServiceImpl.internalSymkeyDecrypt(i3 | i4, i2, bArr, bArr2, bArr4, iArr2);
                if (internalSymkeyDecrypt != 0) {
                    throw new SignatureException("Error code " + String.format("0x%2X", Integer.valueOf(internalSymkeyDecrypt)));
                }
                byte[] byteSub2 = DCUtil.byteSub(bArr4, 0, iArr2[0]);
                if (isLastPkg(byteSub2) && i5 == 1) {
                    byte[] removePkcs5Padding = removePkcs5Padding(byteSub2);
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return removePkcs5Padding;
                }
                byte[] byteSub3 = DCUtil.byteSub(bArr4, 0, iArr2[0]);
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return byteSub3;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static byte[] internalMAC(int i, String str, byte[] bArr) {
        if (!str.equalsIgnoreCase("HmacSM3")) {
            throw new ServiceException(-1, "不支持的算法");
        }
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] bArr2 = new byte[bArr.length + 256];
                int[] iArr = {bArr2.length};
                int internalHMAC = jceServiceImpl.internalHMAC(ErrorCode.SGD_HMAC_SM3, i, bArr, bArr2, iArr);
                if (internalHMAC != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(internalHMAC)));
                }
                byte[] byteSub = DCUtil.byteSub(bArr2, 0, iArr[0]);
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return byteSub;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static void fileDoCipherExternal(InputStream inputStream, OutputStream outputStream, int i, String str, String str2, String str3, byte[] bArr, byte[] bArr2, int i2) throws Exception {
        if (inputStream == null || outputStream == null || str == null || str.isEmpty() || str2 == null || str2.isEmpty() || str3 == null || str3.isEmpty() || bArr == null || bArr.length == 0) {
            throw new Exception("Empty parameter");
        }
        byte[] bArr3 = new byte[RsaPublicKey.RSA_MAX_BITS];
        if (i2 > 0) {
            inputStream.skip(i2);
        }
        byte[] bArr4 = null;
        while (true) {
            int read = inputStream.read(bArr3);
            if (read == -1) {
                break;
            }
            byte[] bArr5 = new byte[read];
            System.arraycopy(bArr3, 0, bArr5, 0, read);
            if (read < bArr3.length) {
                bArr4 = bArr5;
            } else {
                byte[] cipher = i == 1 ? str2.equalsIgnoreCase("ECB") ? cipher(str, 0, 0, 0, bArr, bArr2, bArr5) : cipher(str, 0, 1, 0, bArr, bArr2, bArr5) : str2.equalsIgnoreCase("ECB") ? cipher(str, 1, 0, 0, bArr, bArr2, bArr5) : cipher(str, 1, 1, 0, bArr, bArr2, bArr5);
                if (cipher != null) {
                    outputStream.write(cipher);
                }
            }
        }
        if (bArr4 != null) {
            byte[] cipher2 = i == 1 ? str2.equalsIgnoreCase("ECB") ? cipher(str, 0, 0, 1, bArr, bArr2, bArr4) : cipher(str, 0, 1, 1, bArr, bArr2, bArr4) : str2.equalsIgnoreCase("ECB") ? cipher(str, 1, 0, 1, bArr, bArr2, bArr4) : cipher(str, 1, 1, 1, bArr, bArr2, bArr4);
            if (cipher2 != null) {
                outputStream.write(cipher2);
            }
        }
    }

    public static void fileDoCipherInternal(InputStream inputStream, OutputStream outputStream, int i, String str, String str2, Integer num, byte[] bArr, int i2) throws Exception {
        if (inputStream == null || outputStream == null || str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new Exception("Empty parameter");
        }
        byte[] bArr2 = new byte[RsaPublicKey.RSA_MAX_BITS];
        if (i2 > 0) {
            inputStream.skip(i2);
        }
        byte[] bArr3 = null;
        while (true) {
            int read = inputStream.read(bArr2);
            if (read == -1) {
                break;
            }
            byte[] bArr4 = new byte[read];
            System.arraycopy(bArr2, 0, bArr4, 0, read);
            if (read < bArr2.length) {
                bArr3 = bArr4;
            } else {
                String str3 = str + "/" + str2 + "/CUSTOMPadding";
                byte[] internalCipher = i == 1 ? internalCipher(0, num.intValue(), str3, bArr, bArr4) : internalCipher(1, num.intValue(), str3, bArr, bArr4);
                if (internalCipher != null) {
                    outputStream.write(internalCipher);
                }
            }
        }
        if (bArr3 != null) {
            String str4 = str + "/" + str2 + "/PKCS5Padding";
            byte[] internalCipher2 = i == 1 ? internalCipher(0, num.intValue(), str4, bArr, bArr3) : internalCipher(1, num.intValue(), str4, bArr, bArr3);
            if (internalCipher2 != null) {
                outputStream.write(internalCipher2);
            }
        }
    }

    public static String hmac(byte[] bArr, String str, byte[] bArr2) {
        if (!str.equalsIgnoreCase("HmacSM3")) {
            throw new ServiceException(-1, "不支持的算法");
        }
        JceService jceService = null;
        long[] jArr = new long[1];
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                jceServiceImpl.symCipherImportKey(bArr, jArr);
                byte[] bArr3 = new byte[bArr2.length + 256];
                int[] iArr = {bArr3.length};
                int eblExternalHMAC = jceServiceImpl.eblExternalHMAC(ErrorCode.SGD_HMAC_SM3, jArr[0], bArr2, bArr3, iArr);
                if (eblExternalHMAC != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(eblExternalHMAC)));
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr3, 0, iArr[0]));
                if (jArr[0] != 0) {
                    jceServiceImpl.destroyKey(jArr);
                }
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jArr[0] != 0) {
                jceService.destroyKey(jArr);
            }
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static byte[] genRandom(int i) {
        JceServiceImpl jceServiceImpl = null;
        try {
            try {
                jceServiceImpl = new JceServiceImpl();
                byte[] bArr = new byte[i];
                int generateRandom = jceServiceImpl.generateRandom(i, bArr);
                if (generateRandom != 0) {
                    throw new ServiceException(generateRandom, "随机数异常");
                }
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return bArr;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jceServiceImpl != null) {
                jceServiceImpl.closeSession();
            }
            throw th;
        }
    }

    public static String sm3(byte[] bArr) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] bArr2 = new byte[32];
                int[] iArr = new int[1];
                int hash = jceServiceImpl.hash(1, (EccPublicKey) null, (byte[]) null, 0, bArr, bArr2, iArr);
                if (hash != 0) {
                    throw new ServiceException(hash, "服务调用异常");
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr2, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String sm3WithPubkey(byte[] bArr, String str) {
        byte[] bytes = "1234567812345678".getBytes();
        try {
            EccPublicKey parsePubKey = ECCSdfPublicKey.parsePubKey(CertificateUtil.buildX509Certificate(str).getPublicKey());
            JceService jceService = null;
            try {
                try {
                    JceServiceImpl jceServiceImpl = new JceServiceImpl();
                    byte[] bArr2 = new byte[32];
                    int[] iArr = new int[1];
                    int hash = jceServiceImpl.hash(1, parsePubKey, bytes, bytes.length, bArr, bArr2, iArr);
                    if (hash != 0) {
                        throw new ServiceException(hash, "服务调用异常");
                    }
                    String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr2, 0, iArr[0]));
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return encodeToString;
                } catch (Throwable th) {
                    if (0 != 0) {
                        jceService.closeSession();
                    }
                    throw th;
                }
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static String sm3WithPubkey(byte[] bArr, PublicKey publicKey) {
        byte[] bytes = "1234567812345678".getBytes();
        EccPublicKey parsePubKey = ECCSdfPublicKey.parsePubKey(publicKey);
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] bArr2 = new byte[32];
                int[] iArr = new int[1];
                int hash = jceServiceImpl.hash(1, parsePubKey, bytes, bytes.length, bArr, bArr2, iArr);
                if (hash != 0) {
                    throw new ServiceException(hash, "服务调用异常");
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.byteSub(bArr2, 0, iArr[0]));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String sm4EcbEncrypt(byte[] bArr, byte[] bArr2) {
        return Base64.getEncoder().encodeToString(cipher(SM4Util.ALGORITHM_NAME, 0, 0, 1, bArr, null, bArr2));
    }

    public static byte[] sm4EcbDecrypt(byte[] bArr, String str) {
        return cipher("sm4", 1, 0, 1, bArr, null, Base64.getDecoder().decode(str));
    }

    public static String sm4CbcEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return Base64.getEncoder().encodeToString(cipher(SM4Util.ALGORITHM_NAME, 0, 1, 1, bArr, bArr2, bArr3));
    }

    public static byte[] sm4CbcDecrypt(byte[] bArr, byte[] bArr2, String str) {
        return cipher("sm4", 1, 1, 1, bArr, bArr2, Base64.getDecoder().decode(str));
    }

    public static byte[] cipher(String str, int i, int i2, int i3, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4;
        JceService jceService = null;
        long[] jArr = new long[1];
        int i4 = 1;
        if (i2 == 1) {
            i4 = 2;
        }
        int i5 = 1024;
        if (str.equalsIgnoreCase("SM1")) {
            i5 = 256;
        }
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                jceServiceImpl.symCipherImportKey(bArr, jArr);
                if (i == 0) {
                    if (i3 == 1) {
                        bArr4 = addPkcs5Padding(bArr3, 1);
                        if (bArr4 == null) {
                            throw new SignatureException("padding error");
                        }
                    } else {
                        bArr4 = bArr3;
                    }
                    byte[] bArr5 = new byte[((bArr4.length + 15) / 16) * 16];
                    int[] iArr = {bArr5.length};
                    int encrypt = jceServiceImpl.encrypt(jArr[0], i5 | i4, bArr2, bArr4, bArr5, iArr);
                    if (encrypt != 0) {
                        throw new ServiceException(encrypt, "sm4EcbEncrypt 异常");
                    }
                    byte[] byteSub = DCUtil.byteSub(bArr5, 0, iArr[0]);
                    if (jArr[0] != 0) {
                        jceServiceImpl.destroyKey(jArr);
                    }
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return byteSub;
                }
                byte[] bArr6 = new byte[bArr3.length];
                int[] iArr2 = {bArr6.length};
                int decrypt = jceServiceImpl.decrypt(jArr[0], i5 | i4, bArr2, bArr3, bArr6, iArr2);
                if (decrypt != 0) {
                    throw new ServiceException(decrypt, "sm4CbcDecrypt 异常");
                }
                byte[] byteSub2 = DCUtil.byteSub(bArr6, 0, iArr2[0]);
                if (isLastPkg(byteSub2)) {
                    byte[] removePkcs5Padding = removePkcs5Padding(byteSub2);
                    if (jArr[0] != 0) {
                        jceServiceImpl.destroyKey(jArr);
                    }
                    if (jceServiceImpl != null) {
                        jceServiceImpl.closeSession();
                    }
                    return removePkcs5Padding;
                }
                byte[] byteSub3 = DCUtil.byteSub(bArr6, 0, iArr2[0]);
                if (jArr[0] != 0) {
                    jceServiceImpl.destroyKey(jArr);
                }
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return byteSub3;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jArr[0] != 0) {
                jceService.destroyKey(jArr);
            }
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String signDigest(int i, String str) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                checkPin(jceServiceImpl, i);
                EccSignature eccSignature = new EccSignature();
                int internalSignEcc = jceServiceImpl.internalSignEcc(i, Base64.getDecoder().decode(str), eccSignature);
                if (internalSignEcc != 0) {
                    throw new ServiceException(internalSignEcc, "签名结果异常");
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.addBytes(eccSignature.getR(), eccSignature.getS()));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static String sign(int i, byte[] bArr) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                checkPin(jceServiceImpl, i);
                EccPublicKey eccPublicKey = new EccPublicKey();
                int exportEccPublicKey = jceServiceImpl.exportEccPublicKey(1, i, eccPublicKey);
                if (exportEccPublicKey != 0) {
                    throw new SignatureException("Signature SM3 ExportSignPublicKey error code:" + exportEccPublicKey);
                }
                byte[] bytes = "1234567812345678".getBytes();
                byte[] bArr2 = new byte[32];
                int[] iArr = {bArr2.length};
                int hash = jceServiceImpl.hash(1, eccPublicKey, bytes, bytes.length, bArr, bArr2, iArr);
                if (hash != 0) {
                    throw new SignatureException("Signature SM3 HASH error code:" + hash);
                }
                EccSignature eccSignature = new EccSignature();
                int internalSignEcc = jceServiceImpl.internalSignEcc(i, DCUtil.byteSub(bArr2, 0, iArr[0]), eccSignature);
                if (internalSignEcc != 0) {
                    throw new ServiceException(internalSignEcc, "签名结果异常");
                }
                String encodeToString = Base64.getEncoder().encodeToString(DCUtil.addBytes(eccSignature.getR(), eccSignature.getS()));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return encodeToString;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static boolean verifySignDigest(String str, String str2, String str3) {
        JceServiceImpl jceServiceImpl = null;
        try {
            try {
                jceServiceImpl = new JceServiceImpl();
                boolean eccSignVerify = jceServiceImpl.eccSignVerify(Base64.getDecoder().decode(str3), CertificateUtil.buildX509Certificate(str).getPublicKey(), Base64.getDecoder().decode(str2));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return eccSignVerify;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jceServiceImpl != null) {
                jceServiceImpl.closeSession();
            }
            throw th;
        }
    }

    public static boolean verifySignDigest(PublicKey publicKey, String str, String str2) {
        JceServiceImpl jceServiceImpl = null;
        try {
            try {
                jceServiceImpl = new JceServiceImpl();
                boolean eccSignVerify = jceServiceImpl.eccSignVerify(Base64.getDecoder().decode(str2), publicKey, Base64.getDecoder().decode(str));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return eccSignVerify;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jceServiceImpl != null) {
                jceServiceImpl.closeSession();
            }
            throw th;
        }
    }

    public static boolean verifySign(String str, String str2, byte[] bArr) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                X509Certificate buildX509Certificate = CertificateUtil.buildX509Certificate(str);
                byte[] bytes = "1234567812345678".getBytes();
                byte[] bArr2 = new byte[32];
                int[] iArr = {bArr2.length};
                int hash = jceServiceImpl.hash(1, EccPublicKey.parsePubKey(buildX509Certificate.getPublicKey()), bytes, bytes.length, bArr, bArr2, iArr);
                if (hash != 0) {
                    throw new SignatureException("Signature SM3 HASH error code:" + hash);
                }
                boolean eccSignVerify = jceServiceImpl.eccSignVerify(DCUtil.byteSub(bArr2, 0, iArr[0]), buildX509Certificate.getPublicKey(), Base64.getDecoder().decode(str2));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return eccSignVerify;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static boolean verifySign(PublicKey publicKey, String str, byte[] bArr) {
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                byte[] bytes = "1234567812345678".getBytes();
                byte[] bArr2 = new byte[32];
                int[] iArr = {bArr2.length};
                int hash = jceServiceImpl.hash(1, EccPublicKey.parsePubKey(publicKey), bytes, bytes.length, bArr, bArr2, iArr);
                if (hash != 0) {
                    throw new SignatureException("Signature SM3 HASH error code:" + hash);
                }
                boolean eccSignVerify = jceServiceImpl.eccSignVerify(DCUtil.byteSub(bArr2, 0, iArr[0]), publicKey, Base64.getDecoder().decode(str));
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return eccSignVerify;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static byte[] internalCMAC(int i, String str, byte[] bArr, byte[] bArr2) {
        int i2;
        byte[] addPkcs5Padding;
        String[] split = str.split("/");
        if (split.length != 3) {
            throw new ServiceException(-1, "不支持的算法");
        }
        String str2 = split[0];
        String str3 = split[2];
        long[] jArr = new long[1];
        if (str2.equalsIgnoreCase("SM1")) {
            i2 = 272;
        } else {
            if (!str2.equalsIgnoreCase(SM4Util.ALGORITHM_NAME)) {
                throw new EblHsmException("不支持的算法");
            }
            i2 = 1040;
        }
        int i3 = 0;
        if (str3.equalsIgnoreCase("PKCS5Padding")) {
            i3 = 1;
        } else if (str3.equalsIgnoreCase("CUSTOMPadding")) {
            i3 = 2;
        }
        JceService jceService = null;
        try {
            try {
                JceServiceImpl jceServiceImpl = new JceServiceImpl();
                if (i3 == 1 || i3 == 2) {
                    addPkcs5Padding = addPkcs5Padding(bArr2, i3);
                    if (addPkcs5Padding == null) {
                        throw new SignatureException("padding error");
                    }
                } else {
                    addPkcs5Padding = bArr2;
                }
                byte[] bArr3 = new byte[16];
                int exportKEKHandle = jceServiceImpl.exportKEKHandle(i, jArr);
                if (exportKEKHandle != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(exportKEKHandle)));
                }
                int calculateMac = jceServiceImpl.calculateMac(jArr[0], i2, bArr, addPkcs5Padding, bArr3);
                if (calculateMac != 0) {
                    throw new SignatureException("error code " + String.format("0x%2X", Integer.valueOf(calculateMac)));
                }
                byte[] byteSub = DCUtil.byteSub(bArr3, 0, 16);
                if (jArr[0] != 0) {
                    jceServiceImpl.destroyKey(jArr);
                }
                if (jceServiceImpl != null) {
                    jceServiceImpl.closeSession();
                }
                return byteSub;
            } catch (Exception e) {
                throw new EblHsmException(e.getMessage());
            }
        } catch (Throwable th) {
            if (jArr[0] != 0) {
                jceService.destroyKey(jArr);
            }
            if (0 != 0) {
                jceService.closeSession();
            }
            throw th;
        }
    }

    public static List<Map<String, String>> batchEncrypt(int i, String str, byte[] bArr, List<Map<String, String>> list) {
        return internalCipher(0, i, str, bArr, list);
    }

    public static List<Map<String, String>> batchDecrypt(int i, String str, byte[] bArr, List<Map<String, String>> list) {
        return internalCipher(1, i, str, bArr, list);
    }

    private static List<Map<String, String>> internalCipher(int i, int i2, String str, byte[] bArr, List<Map<String, String>> list) {
        if (list == null || list.isEmpty()) {
            throw new EblHsmException("数据不存在");
        }
        ArrayList arrayList = new ArrayList();
        for (Map<String, String> map : list) {
            if (map.get("key") == null || map.get("key").isEmpty()) {
                throw new EblHsmException("数据格式错误");
            }
            HashMap hashMap = new HashMap();
            hashMap.put("key", map.get("key"));
            if (i == 0) {
                if (map.get("data") == null || map.get("data").isEmpty()) {
                    throw new EblHsmException("数据格式错误");
                }
                byte[] internalCipher = internalCipher(i, i2, str, (byte[]) bArr.clone(), Base64.getDecoder().decode(map.get("data")));
                byte[] internalCMAC = internalCMAC(i2, str, (byte[]) bArr.clone(), Base64.getDecoder().decode(map.get("data")));
                hashMap.put("data", map.get("data"));
                hashMap.put("cipher", Base64.getEncoder().encodeToString(internalCipher));
                hashMap.put("cmac", Base64.getEncoder().encodeToString(internalCMAC));
            } else if (i != 1) {
                continue;
            } else {
                if (map.get("cipher") == null || map.get("cipher").isEmpty()) {
                    throw new EblHsmException("数据格式错误");
                }
                byte[] internalCipher2 = internalCipher(i, i2, str, (byte[]) bArr.clone(), Base64.getDecoder().decode(map.get("cipher")));
                byte[] internalCMAC2 = internalCMAC(i2, str, (byte[]) bArr.clone(), internalCipher2);
                hashMap.put("data", Base64.getEncoder().encodeToString(internalCipher2));
                hashMap.put("cipher", map.get("cipher"));
                hashMap.put("cmac", Base64.getEncoder().encodeToString(internalCMAC2));
            }
            arrayList.add(hashMap);
        }
        return arrayList;
    }

    private static void checkPin(JceService jceService, int i) throws SignatureException {
        if (SDFKeyStoreSpi.PIN == null || SDFKeyStoreSpi.PIN.isEmpty()) {
            SDFKeyStoreSpi.PIN = "12345678";
        }
        int accessPrivateKey = jceService.accessPrivateKey(null, i, SDFKeyStoreSpi.PIN.getBytes(), SDFKeyStoreSpi.PIN.length());
        if (accessPrivateKey != 0) {
            throw new SignatureException("Error code " + String.format("0x%2X", Integer.valueOf(accessPrivateKey)));
        }
    }

    public static String fromP1ToP7a(String str, String str2, String str3, String str4) {
        return fromP1ToP7(str, str2, str3, str4);
    }

    public static String fromP1ToP7d(String str, String str2, String str3) {
        return fromP1ToP7(str, null, str2, str3);
    }

    public static String fromP1ToP7(String str, String str2, String str3, String str4) {
        Certificate certificate = Certificate.getInstance(Base64.getDecoder().decode(str4));
        Certificate certificate2 = null;
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (str3 != null && !str3.isEmpty()) {
            certificate2 = Certificate.getInstance(Base64.getDecoder().decode(str3));
        }
        if (str != null && !str.isEmpty()) {
            bArr = Base64.getDecoder().decode(str);
        }
        if (str2 != null && !str2.isEmpty()) {
            bArr2 = Base64.getDecoder().decode(str2);
        }
        try {
            return Base64.getEncoder().encodeToString(makeSignedData(certificate, certificate2, bArr, bArr2));
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    private static byte[] addPkcs5Padding(byte[] bArr, int i) {
        if (bArr == null) {
            return null;
        }
        int length = 16 - (bArr.length % 16);
        if (i == 2 && length % 16 == 0 && bArr.length != 0) {
            return bArr;
        }
        byte[] bArr2 = new byte[length];
        Arrays.fill(bArr2, (byte) length);
        return DCUtil.addBytes(bArr, bArr2);
    }

    private static boolean isLastPkg(byte[] bArr) {
        byte b;
        if (bArr == null || (b = bArr[bArr.length - 1]) > 16 || b <= 0) {
            return false;
        }
        for (int length = bArr.length - 1; length > (bArr.length - b) - 1; length--) {
            if (bArr[length] != b) {
                return false;
            }
        }
        return true;
    }

    private static byte[] removePkcs5Padding(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        byte b = bArr[bArr.length - 1];
        if (b == 0 || b > 16) {
            throw new InputBlockSizeException("PKCS5Padding格式错误，尾部数值为：" + ((int) b));
        }
        for (int length = bArr.length - 1; length > (bArr.length - b) - 1; length--) {
            if (bArr[length] != b) {
                throw new InputBlockSizeException("PKCS5Padding格式错误，尾部填充数值不为：" + ((int) b));
            }
        }
        return DCUtil.byteSub(bArr, 0, bArr.length - b);
    }

    private static byte[] makeSignedData(Certificate certificate, Certificate certificate2, byte[] bArr, byte[] bArr2) throws Exception {
        ASN1Integer aSN1Integer = new ASN1Integer(1L);
        DERSet dERSet = new DERSet(new AlgorithmIdentifier(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.SM3_ALGORITHM_OID), (ASN1Encodable) null));
        ContentInfo contentInfo = new ContentInfo(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.PKCS7_SM2_DATA_OID), bArr2 == null ? null : new BEROctetString(bArr2));
        DERSet dERSet2 = new DERSet(getSignerInfo(certificate, bArr));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate);
        if (certificate2 != null) {
            aSN1EncodableVector.add(certificate2);
        }
        return new ContentInfo(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.PKCS7_SM2_SIGNED_DATA_OID), new SignedData(aSN1Integer, dERSet, contentInfo, new DERSet(aSN1EncodableVector), (ASN1Set) null, dERSet2)).toASN1Primitive().getEncoded("DER");
    }

    private static SignerInfo getSignerInfo(Certificate certificate, byte[] bArr) throws Exception {
        try {
            return new SignerInfo(new ASN1Integer(1L), new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue()), new AlgorithmIdentifier(new ASN1ObjectIdentifier(JCEAlgorithmIdentifier.SM3_ALGORITHM_OID), (ASN1Encodable) null), (ASN1Set) null, new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.301.1")), new DEROctetString(bArr), (ASN1Set) null);
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }
}
