package com.kingdee.fintech.core.crypto;

import com.kingdee.fintech.core.common.Assert;
import com.kingdee.fintech.core.common.KdCryptoException;
import com.kingdee.fintech.core.common.SMConstant;
import com.kingdee.fintech.core.util.KeyUtil;
import com.kingdee.fintech.core.util.StrUtil;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.DSAEncoding;
import org.bouncycastle.crypto.signers.PlainDSAEncoding;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.crypto.signers.StandardDSAEncoding;

/* loaded from: input_file:com/kingdee/fintech/core/crypto/SM2.class */
public class SM2 {
    protected String algorithm;
    protected SM2Engine engine;
    protected SM2Signer signer;
    private DSAEncoding encoding;
    private Digest digest;
    private SM2Engine.Mode mode;
    private ECPrivateKeyParameters privateKeyParams;
    private ECPublicKeyParameters publicKeyParams;
    protected final Lock lock;

    public SM2() {
        this(null, null);
    }

    public SM2(ECPrivateKeyParameters eCPrivateKeyParameters, ECPublicKeyParameters eCPublicKeyParameters) {
        this.lock = new ReentrantLock();
        init();
    }

    public SM2 init() {
        this.algorithm = SMConstant.ALGORITHM_SM2;
        this.encoding = StandardDSAEncoding.INSTANCE;
        this.digest = new SM3Digest();
        this.mode = SM2Engine.Mode.C1C3C2;
        return this;
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws KdCryptoException {
        this.lock.lock();
        SM2Engine engine = getEngine();
        try {
            try {
                engine.init(true, new ParametersWithRandom(decodePublicKeyParams(bArr2)));
                byte[] processBlock = engine.processBlock(bArr, 0, bArr.length);
                this.lock.unlock();
                return processBlock;
            } catch (InvalidCipherTextException e) {
                throw new KdCryptoException((Throwable) e);
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    public String encrypt(String str, String str2) throws KdCryptoException {
        return Base64.getEncoder().encodeToString(encrypt(StrUtil.utf8Bytes(str), Base64.getDecoder().decode(str2)));
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws KdCryptoException {
        this.lock.lock();
        SM2Engine engine = getEngine();
        try {
            try {
                engine.init(false, decodePrivateKeyParams(bArr2));
                byte[] processBlock = engine.processBlock(bArr, 0, bArr.length);
                this.lock.unlock();
                return processBlock;
            } catch (InvalidCipherTextException e) {
                throw new KdCryptoException((Throwable) e);
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    public String decrypt(String str, String str2) throws KdCryptoException {
        return StrUtil.utf8Str(decrypt(Base64.getDecoder().decode(str), Base64.getDecoder().decode(str2)));
    }

    public String signBase64(String str, String str2) {
        return signBase64(str, str2, null);
    }

    public String signBase64(String str, String str2, String str3) {
        return Base64.getEncoder().encodeToString(sign(Base64.getDecoder().decode(str), Base64.getDecoder().decode(str2), str3 == null ? null : Base64.getDecoder().decode(str3)));
    }

    public byte[] sign(byte[] bArr, byte[] bArr2) {
        return sign(bArr, bArr2, null);
    }

    public String sign(String str, String str2) {
        return Base64.getEncoder().encodeToString(sign(StrUtil.utf8Bytes(str), Base64.getDecoder().decode(str2)));
    }

    public byte[] sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        Assert.notNull(bArr, "data must be not null !", new Object[0]);
        Assert.notNull(bArr2, "privateKey must be not null !", new Object[0]);
        this.lock.lock();
        SM2Signer signer = getSigner();
        try {
            try {
                CipherParameters parametersWithRandom = new ParametersWithRandom(decodePrivateKeyParams(bArr2));
                if (bArr3 != null) {
                    parametersWithRandom = new ParametersWithID(parametersWithRandom, bArr3);
                }
                signer.init(true, parametersWithRandom);
                signer.update(bArr, 0, bArr.length);
                byte[] generateSignature = signer.generateSignature();
                this.lock.unlock();
                return generateSignature;
            } catch (CryptoException e) {
                throw new KdCryptoException((Throwable) e);
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    public boolean verifyBase64(String str, String str2, String str3) {
        return verifyBase64(str, str2, str3, null);
    }

    public boolean verifyBase64(String str, String str2, String str3, String str4) {
        Assert.notNull(str, "data must be not null !", str);
        Assert.notNull(str2, "sign must be not null !", str2);
        Assert.notNull(str3, "publicKey must be not null !", str3);
        return verify(Base64.getDecoder().decode(str), Base64.getDecoder().decode(str2), Base64.getDecoder().decode(str3), str4 == null ? null : Base64.getDecoder().decode(str4));
    }

    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return verify(bArr, bArr2, bArr3, null);
    }

    public boolean verify(String str, String str2, String str3) {
        return verify(StrUtil.utf8Bytes(str), Base64.getDecoder().decode(str2), Base64.getDecoder().decode(str3));
    }

    public boolean verify(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        Assert.notNull(bArr, "data must be not null !", new Object[0]);
        Assert.notNull(bArr2, "sign must be not null !", new Object[0]);
        Assert.notNull(bArr3, "publicKey must be not null !", new Object[0]);
        this.lock.lock();
        SM2Signer signer = getSigner();
        try {
            CipherParameters decodePublicKeyParams = decodePublicKeyParams(bArr3);
            if (bArr4 != null) {
                decodePublicKeyParams = new ParametersWithID(decodePublicKeyParams, bArr4);
            }
            signer.init(false, decodePublicKeyParams);
            signer.update(bArr, 0, bArr.length);
            boolean verifySignature = signer.verifySignature(bArr2);
            this.lock.unlock();
            return verifySignature;
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    public ECPrivateKeyParameters decodePrivateKeyParams(byte[] bArr) {
        return KeyUtil.decodePrivateKeyParams(bArr);
    }

    public ECPublicKeyParameters decodePublicKeyParams(byte[] bArr) {
        return KeyUtil.decodePublicKeyParams(bArr);
    }

    public SM2 usePlainEncoding() {
        return setEncoding(PlainDSAEncoding.INSTANCE);
    }

    public SM2 setEncoding(DSAEncoding dSAEncoding) {
        this.encoding = dSAEncoding;
        this.signer = null;
        return this;
    }

    public SM2 setDigest(Digest digest) {
        this.digest = digest;
        this.engine = null;
        this.signer = null;
        return this;
    }

    public SM2 setMode(SM2Engine.Mode mode) {
        this.mode = mode;
        this.engine = null;
        return this;
    }

    private SM2Engine getEngine() {
        if (null == this.engine) {
            Assert.notNull(this.digest, "digest must be not null !", new Object[0]);
            this.engine = new SM2Engine(this.digest, this.mode);
        }
        this.digest.reset();
        return this.engine;
    }

    private SM2Signer getSigner() {
        if (null == this.signer) {
            Assert.notNull(this.digest, "digest must be not null !", new Object[0]);
            this.signer = new SM2Signer(this.encoding, this.digest);
        }
        this.digest.reset();
        return this.signer;
    }
}
