package com.xdja.cryptoappkit.device.svs;

import com.xdja.SafeKey.JNIAPI;
import com.xdja.cryptoappkit.device.soft.SoftOperatorUtil;
import com.xdja.cryptoappkit.device.svs.pool.SvsConnection;
import com.xdja.cryptoappkit.device.svs.pool.SvsConnectionProviderImpl;
import com.xdja.cryptoappkit.domain.exception.CryptOperatorException;
import com.xdja.svs.api.bean.AlgId;
import com.xdja.svs.api.bean.XvfAttr;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/cryptoappkit/device/svs/SvsUtil.class */
public class SvsUtil {
    private static final Logger logger = LoggerFactory.getLogger(SvsUtil.class);
    private static final String PROVIDER_STR = "BC";
    private static final int SDR_OK = 0;
    private static String SDK_CONF_PATH;
    private static final String SIGN_USER_ID = "1234567812345678";
    private static final int CERT_NORMAL = 0;

    public static byte[] sm2Sign(int i, byte[] bArr, byte[] bArr2) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            logger.info("svs签名 signKeyIndex:{},session:{}", Integer.valueOf(i), Long.valueOf(connection.getSes()[0]));
            byte[] bArr3 = new byte[128];
            int[] iArr = {72};
            int signData = connection.getXvfApi().signData(connection.getSes()[0], AlgId.SGD_SM3_SM2, i, bArr, bArr.length, bArr2, bArr2.length, bArr3, iArr);
            logger.info("signatureLen:{}", Integer.valueOf(iArr[0]));
            if (signData != 0) {
                throw new CryptOperatorException(Integer.valueOf(signData), "SM2签名失败,ret：" + signData);
            }
            byte[] bArr4 = new byte[iArr[0]];
            System.arraycopy(bArr3, 0, bArr4, 0, bArr4.length);
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            return bArr4;
        } catch (Throwable th) {
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            throw th;
        }
    }

    public static byte[] sm2Sign(byte[] bArr, int i, byte[] bArr2, FileInputStream fileInputStream) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            try {
                try {
                    byte[] bArr3 = new byte[JNIAPI.MAX_RSA_MODULUS_BITS];
                    int[] iArr = {JNIAPI.MAX_RSA_MODULUS_BITS};
                    int exportAppCertByUsage = connection.getXvfApi().exportAppCertByUsage(connection.getSes()[0], bArr, bArr.length, 0, bArr3, iArr);
                    if (exportAppCertByUsage != 0) {
                        throw new CryptOperatorException(Integer.valueOf(exportAppCertByUsage), "SM2签名失败,获取证书失败ret：" + exportAppCertByUsage);
                    }
                    byte[] bArr4 = new byte[iArr[0]];
                    System.arraycopy(bArr3, 0, bArr4, 0, bArr4.length);
                    try {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr4);
                        try {
                            byte[] encoded = ((X509Certificate) CertificateFactory.getInstance("X.509", PROVIDER_STR).generateCertificate(byteArrayInputStream)).getPublicKey().getEncoded();
                            byteArrayInputStream.close();
                            byte[] bArr5 = new byte[4096];
                            while (true) {
                                int read = fileInputStream.read(bArr5);
                                if (read == -1) {
                                    byte[] bArr6 = new byte[128];
                                    int[] iArr2 = {72};
                                    int signDataFinal = connection.getXvfApi().signDataFinal(connection.getSes()[0], AlgId.SGD_SM3_SM2, i, bArr2, bArr2.length, bArr6, iArr2);
                                    if (signDataFinal != 0) {
                                        throw new CryptOperatorException(Integer.valueOf(signDataFinal), "SM2签名失败,ret：" + signDataFinal);
                                    }
                                    byte[] bArr7 = new byte[iArr2[0]];
                                    System.arraycopy(bArr6, 0, bArr7, 0, bArr7.length);
                                    if (fileInputStream != null) {
                                        fileInputStream.close();
                                    }
                                    SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                                    return bArr7;
                                }
                                int signDataInit = connection.getXvfApi().signDataInit(connection.getSes()[0], AlgId.SGD_SM3_SM2, encoded, encoded.length, SIGN_USER_ID.getBytes(), SIGN_USER_ID.getBytes().length, bArr5, read);
                                if (signDataInit != 0) {
                                    throw new CryptOperatorException(Integer.valueOf(signDataInit), "SM2签名失败,ret：" + signDataInit);
                                }
                                connection.getXvfApi().signDataUpdate(connection.getSes()[0], AlgId.SGD_SM3_SM2, bArr5, read);
                            }
                        } catch (Throwable th) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } catch (Exception e) {
                        logger.error("证书解析失败:{}", e.getMessage());
                        throw new CryptOperatorException("证书解析失败");
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (IOException e2) {
                throw new CryptOperatorException(500, "SM2签名失败,ret：" + e2.getMessage());
            }
        } catch (Throwable th5) {
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            throw th5;
        }
    }

    public static boolean sm2SignVerity(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            byte[] bArr4 = new byte[JNIAPI.MAX_RSA_MODULUS_BITS];
            int[] iArr = {JNIAPI.MAX_RSA_MODULUS_BITS};
            int exportAppCertByUsage = connection.getXvfApi().exportAppCertByUsage(connection.getSes()[0], bArr, bArr.length, 0, bArr4, iArr);
            if (exportAppCertByUsage != 0) {
                throw new CryptOperatorException(Integer.valueOf(exportAppCertByUsage), "SM2验签失败,获取证书失败ret：" + exportAppCertByUsage);
            }
            int verifySignedData = connection.getXvfApi().verifySignedData(connection.getSes()[0], 1, bArr4, iArr[0], (byte[]) null, 0, bArr3, bArr3.length, bArr2, bArr2.length, XvfAttr.XVF_VERIFY_CERT_OFF);
            if (verifySignedData != 0) {
                throw new CryptOperatorException(Integer.valueOf(verifySignedData), "SM2验签失败,ret：" + verifySignedData);
            }
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            return true;
        } catch (Throwable th) {
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            throw th;
        }
    }

    public static boolean sm2SignVerity(byte[] bArr, byte[] bArr2, FileInputStream fileInputStream) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            try {
                byte[] bArr3 = new byte[JNIAPI.MAX_RSA_MODULUS_BITS];
                int[] iArr = {JNIAPI.MAX_RSA_MODULUS_BITS};
                int exportAppCertByUsage = connection.getXvfApi().exportAppCertByUsage(connection.getSes()[0], bArr, bArr.length, 0, bArr3, iArr);
                if (exportAppCertByUsage != 0) {
                    throw new CryptOperatorException(Integer.valueOf(exportAppCertByUsage), "SM2验签失败,获取证书失败ret：" + exportAppCertByUsage);
                }
                byte[] bArr4 = new byte[iArr[0]];
                System.arraycopy(bArr3, 0, bArr4, 0, bArr4.length);
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr4);
                    try {
                        byte[] encoded = ((X509Certificate) CertificateFactory.getInstance("X.509", PROVIDER_STR).generateCertificate(byteArrayInputStream)).getPublicKey().getEncoded();
                        byteArrayInputStream.close();
                        byte[] bArr5 = new byte[4096];
                        while (true) {
                            int read = fileInputStream.read(bArr5);
                            if (read == -1) {
                                int verifySignedDataFinal = connection.getXvfApi().verifySignedDataFinal(connection.getSes()[0], AlgId.SGD_SM3_SM2, 1, bArr3, iArr[0], (byte[]) null, 0, bArr2, bArr2.length, XvfAttr.XVF_VERIFY_CERT_OFF);
                                if (verifySignedDataFinal != 0) {
                                    throw new CryptOperatorException(Integer.valueOf(verifySignedDataFinal), "SM2验签失败,ret：" + verifySignedDataFinal);
                                }
                                SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                                return true;
                            }
                            int verifySignedDataInit = connection.getXvfApi().verifySignedDataInit(connection.getSes()[0], AlgId.SGD_SM3_SM2, encoded, encoded.length, SIGN_USER_ID.getBytes(), SIGN_USER_ID.getBytes().length, bArr5, read);
                            if (verifySignedDataInit != 0) {
                                throw new CryptOperatorException(Integer.valueOf(verifySignedDataInit), "SM2验签失败,ret：" + verifySignedDataInit);
                            }
                            connection.getXvfApi().verifySignedDataUpdate(connection.getSes()[0], AlgId.SGD_SM3_SM2, bArr5, read);
                        }
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    logger.error("证书解析失败：{}", e.getMessage());
                    throw new CryptOperatorException("从证书中解析公钥失败");
                }
            } catch (Throwable th3) {
                SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                throw th3;
            }
        } catch (IOException e2) {
            throw new CryptOperatorException(500, "SM2验签失败,ret：" + e2.getMessage());
        }
    }

    public static boolean sm2SignVerityByExternalCert(String str, byte[] bArr, byte[] bArr2, boolean z) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            try {
                byte[] encoded = SoftOperatorUtil.getCertFromStr(str).getEncoded();
                byte[] realSign = getRealSign(bArr2, z);
                int verifySignedData = connection.getXvfApi().verifySignedData(connection.getSes()[0], 1, encoded, encoded.length, (byte[]) null, 0, bArr, bArr.length, realSign, realSign.length, 0);
                if (verifySignedData != 0) {
                    throw new CryptOperatorException(Integer.valueOf(verifySignedData), "SM2验签失败,ret：" + verifySignedData);
                }
                SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                return true;
            } catch (IOException | CertificateEncodingException e) {
                throw new CryptOperatorException(500, "SM2验签失败,ret：" + e.getMessage());
            }
        } catch (Throwable th) {
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            throw th;
        }
    }

    private static byte[] getRealSign(byte[] bArr, boolean z) throws IOException {
        byte[] derSignatureEncode;
        if (z) {
            derSignatureEncode = bArr;
        } else {
            byte[] bArr2 = new byte[32];
            System.arraycopy(bArr, 0, bArr2, 0, 32);
            byte[] bArr3 = new byte[32];
            System.arraycopy(bArr, bArr.length - 32, bArr3, 0, 32);
            derSignatureEncode = SoftOperatorUtil.derSignatureEncode(bArr2, bArr3);
        }
        return derSignatureEncode;
    }

    public static void setSdkConfPath(String str) {
        SDK_CONF_PATH = str;
    }

    public static String getSdkConfPath() {
        return SDK_CONF_PATH;
    }

    public static boolean validateCert(String str, int i) {
        SvsConnection connection = SvsConnectionProviderImpl.getInstance().getConnection();
        try {
            try {
                byte[] encoded = SoftOperatorUtil.getCertFromStr(str).getEncoded();
                int[] iArr = {10};
                int validateCert = connection.getXvfApi().validateCert(connection.getSes()[0], encoded, encoded.length, i, iArr);
                if (validateCert != 0) {
                    throw new CryptOperatorException(Integer.valueOf(validateCert), "验证证书失败,ret：" + validateCert);
                }
                if (i != 0) {
                    SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                    return true;
                }
                boolean z = iArr[0] == 0;
                SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
                return z;
            } catch (CertificateEncodingException e) {
                throw new CryptOperatorException(500, "验证证书失败,ret：" + e.getMessage());
            }
        } catch (Throwable th) {
            SvsConnectionProviderImpl.getInstance().releaseConnection(connection);
            throw th;
        }
    }

    static {
        SvsConnectionProviderImpl.getInstance();
        if (Security.getProvider(PROVIDER_STR) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
