package cn.com.infosec.isfj.cryptoutil;

import cn.com.infosec.asn1.ASN1ObjectIdentifier;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.cert.X509CertificateHolder;
import cn.com.infosec.cert.jcajce.JcaCertStore;
import cn.com.infosec.cms.CMSAlgorithm;
import cn.com.infosec.cms.CMSEnvelopedData;
import cn.com.infosec.cms.CMSEnvelopedDataGenerator;
import cn.com.infosec.cms.CMSProcessableByteArray;
import cn.com.infosec.cms.CMSSignedData;
import cn.com.infosec.cms.CMSSignedDataGenerator;
import cn.com.infosec.cms.RecipientInformation;
import cn.com.infosec.cms.SignerInformation;
import cn.com.infosec.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import cn.com.infosec.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import cn.com.infosec.cms.jcajce.JceCMSContentEncryptorBuilder;
import cn.com.infosec.cms.jcajce.JceKeyTransEnvelopedRecipient;
import cn.com.infosec.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import cn.com.infosec.isfj.Config;
import cn.com.infosec.isfj.certutil.X509CertificateParser;
import cn.com.infosec.isfj.enums.BlockCipherModeEnum;
import cn.com.infosec.isfj.enums.HashAlgorithm;
import cn.com.infosec.isfj.enums.PaddingMethodEnum;
import cn.com.infosec.isfj.enums.SymmetricAlgorithm;
import cn.com.infosec.isfj.formatutil.EncodeUtil;
import cn.com.infosec.operator.jcajce.JcaContentSignerBuilder;
import cn.com.infosec.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import cn.com.infosec.util.Store;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Cipher;

/* loaded from: input_file:cn/com/infosec/isfj/cryptoutil/RSAAlgoUtil.class */
public class RSAAlgoUtil {
    protected static final Map CIPHER_ALG_NAMES = new HashMap();
    private static String RSA;
    private static String PROVIDER;

    public static String[] genRSAKeyPair(int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA, PROVIDER);
            keyPairGenerator.initialize(i);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            return new String[]{EncodeUtil.base64Encode(genKeyPair.getPrivate().getEncoded()), EncodeUtil.base64Encode(genKeyPair.getPublic().getEncoded())};
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public static String rsaEncrypt(String str, String str2, PaddingMethodEnum paddingMethodEnum) throws Exception {
        if (!paddingMethodEnum.getValue().equalsIgnoreCase(PaddingMethodEnum.NoPadding.getValue()) && !paddingMethodEnum.getValue().equalsIgnoreCase(PaddingMethodEnum.PKCS1Padding.getValue())) {
            throw new RuntimeException(paddingMethodEnum + " not support");
        }
        String str3 = RSA + "/" + BlockCipherModeEnum.ECB + "/" + paddingMethodEnum.getValue();
        PublicKey formatPublicKey = formatPublicKey(EncodeUtil.base64Decode(str));
        Cipher cipher = Cipher.getInstance(str3, PROVIDER);
        cipher.init(1, formatPublicKey);
        return EncodeUtil.base64Encode(cipher.doFinal(EncodeUtil.base64Decode(str2)));
    }

    public static String rsaDecrypt(String str, String str2, PaddingMethodEnum paddingMethodEnum) throws Exception {
        if (!paddingMethodEnum.getValue().equalsIgnoreCase(PaddingMethodEnum.NoPadding.getValue()) && !paddingMethodEnum.getValue().equalsIgnoreCase(PaddingMethodEnum.PKCS1Padding.getValue())) {
            throw new RuntimeException(paddingMethodEnum + " not support");
        }
        String str3 = RSA + "/" + BlockCipherModeEnum.ECB + "/" + paddingMethodEnum.getValue();
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        Cipher cipher = Cipher.getInstance(str3, PROVIDER);
        cipher.init(2, formatPrivateKey);
        return EncodeUtil.base64Encode(cipher.doFinal(EncodeUtil.base64Decode(str2)));
    }

    public static String rsaRawSign(String str, String str2, HashAlgorithm hashAlgorithm) throws Exception {
        if (!hashAlgorithm.getValue().startsWith("SHA")) {
            throw new RuntimeException(hashAlgorithm.getValue() + " not support");
        }
        String str3 = hashAlgorithm.getValue() + "with" + RSA;
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        Signature signature = Signature.getInstance(str3, PROVIDER);
        signature.initSign(formatPrivateKey);
        signature.update(EncodeUtil.base64Decode(str2));
        return EncodeUtil.base64Encode(signature.sign());
    }

    public static boolean rsaRawVerify(String str, String str2, String str3, HashAlgorithm hashAlgorithm) throws Exception {
        if (!hashAlgorithm.getValue().startsWith("SHA")) {
            throw new RuntimeException(hashAlgorithm.getValue() + " not support");
        }
        String str4 = hashAlgorithm.getValue() + "with" + RSA;
        PublicKey formatPublicKey = formatPublicKey(EncodeUtil.base64Decode(str));
        Signature signature = Signature.getInstance(str4, PROVIDER);
        signature.initVerify(formatPublicKey);
        signature.update(EncodeUtil.base64Decode(str2));
        return signature.verify(EncodeUtil.base64Decode(str3));
    }

    public static String rsaSignMessage(String str, String str2, String str3, HashAlgorithm hashAlgorithm, boolean z) throws Exception {
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbsign can not be null");
        }
        if (!hashAlgorithm.getValue().startsWith("SHA")) {
            throw new RuntimeException(hashAlgorithm.getValue() + " not support");
        }
        String str4 = hashAlgorithm.getValue() + "with" + RSA;
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(EncodeUtil.base64Decode(str2));
        X509Certificate certParser = X509CertificateParser.certParser(str3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(certParser);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(PROVIDER).build()).build(new JcaContentSignerBuilder(str4).setProvider(PROVIDER).build(formatPrivateKey), certParser));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return EncodeUtil.base64Encode(cMSSignedDataGenerator.generate(cMSProcessableByteArray, z).getEncoded());
    }

    public static boolean rsaVerifyMessage(String str, String str2, boolean z) throws Exception {
        boolean z2 = true;
        try {
            CMSSignedData cMSSignedData = z ? new CMSSignedData(EncodeUtil.base64Decode(str)) : new CMSSignedData(new CMSProcessableByteArray(EncodeUtil.base64Decode(str2)), EncodeUtil.base64Decode(str));
            Store certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                z2 = signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(PROVIDER).build((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next()));
            }
            return z2;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static String rsaEnvelopeMessage(String str, String str2, SymmetricAlgorithm symmetricAlgorithm) throws Exception {
        X509Certificate certParser = X509CertificateParser.certParser(str2);
        String algorithm = certParser.getPublicKey().getAlgorithm();
        if (!algorithm.equalsIgnoreCase("RSA")) {
            throw new RuntimeException("the algorithm" + algorithm + "not support");
        }
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(EncodeUtil.base64Decode(str));
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(certParser).setProvider(PROVIDER));
        return EncodeUtil.base64Encode(cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, new JceCMSContentEncryptorBuilder((ASN1ObjectIdentifier) CIPHER_ALG_NAMES.get(symmetricAlgorithm.getValue())).setProvider(PROVIDER).build()).getEncoded());
    }

    public static String rsaOpenEnvelope(String str, String str2) throws Exception {
        Iterator it = new CMSEnvelopedData(EncodeUtil.base64Decode(str)).getRecipientInfos().getRecipients().iterator();
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str2));
        byte[] bArr = null;
        if (it.hasNext()) {
            bArr = ((RecipientInformation) it.next()).getContent(new JceKeyTransEnvelopedRecipient(formatPrivateKey).setProvider(PROVIDER));
        }
        return EncodeUtil.base64Encode(bArr);
    }

    public static PrivateKey formatPrivateKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance(RSA, PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PublicKey formatPublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance(RSA, PROVIDER).generatePublic(new X509EncodedKeySpec(bArr));
    }

    static {
        CIPHER_ALG_NAMES.put("SM4", CMSAlgorithm.SM4_CBC);
        CIPHER_ALG_NAMES.put("DES", CMSAlgorithm.DES_CBC);
        CIPHER_ALG_NAMES.put("DESEDE", CMSAlgorithm.DES_EDE3_CBC);
        CIPHER_ALG_NAMES.put("AES", CMSAlgorithm.AES128_CBC);
        CIPHER_ALG_NAMES.put("RC4", PKCSObjectIdentifiers.rc4);
        RSA = "RSA";
        PROVIDER = Config.getProviderName();
    }
}
