package cfca.sadk.extend.session;

import cfca.sadk.algorithm.common.GenKeyAttribute;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.extend.session.bridge.ICryptoBridge;
import cfca.sadk.extend.session.bridge.impl.CryptoBridgeImpl;
import cfca.sadk.extend.session.bridge.impl.ecc.ECCCard;
import cfca.sadk.extend.session.bridge.impl.ecc.ECCCardDummy;
import cfca.sadk.extend.session.bridge.impl.rsa.RSACard;
import cfca.sadk.extend.session.bridge.impl.rsa.RSACardDummy;
import cfca.sadk.extend.session.bridge.impl.sm2.SM2Card;
import cfca.sadk.extend.session.bridge.impl.sm2.SM2CardDummy;
import cfca.sadk.extend.session.util.DataHelper;
import cfca.sadk.lib.crypto.DeviceInfo;
import cfca.sadk.lib.crypto.JCrypto;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.StreamEncryptChecker;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Cipher;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.GMTKey;
import cfca.sadk.org.bouncycastle.util.BigIntegers;
import cfca.sadk.system.CompatibleAlgorithm;
import cfca.sadk.system.CompatibleConfig;
import cfca.sadk.system.FileHelper;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.logging.LoggerManager;
import cfca.sadk.util.HashUtil;
import cryptokit.jni.JNIInit;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* loaded from: input_file:cfca/sadk/extend/session/ExtendLib.class */
public class ExtendLib implements Session {
    private static final int SM2_MAX_PLAIN_LENGTH = 4096;
    private static final int SM2_MAX_CIPHER_LENGTH = 8320;
    private static final int SM2_MIN_CIPHER_LENGTH = 96;
    private static final int SM2_SIGN_RAW_LENGTH = 64;
    private static final int SM3_HASH_LENGTH = 32;
    private final ICryptoBridge cryptoAPI;
    private final IExtendSM2 sm2Card;
    private final IExtendRSA rsaCard;
    private final IExtendECC eccCard;
    private final Session softLib;
    private final long warningTimeThreshold;
    private static volatile ExtendLib SINGLETON = null;

    public static Session getSingleton(String str) throws PKIException {
        try {
            JNIInit.initOpenSSL();
            return getSingleton(CryptoInfoFactory.buildWithConfigFile(str));
        } catch (CryptoException e) {
            LoggerManager.exceptionLogger.error("ExtendLib build session instance failure: {}", str, e);
            throw new PKIException("ExtendLib build session instance failure", e);
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("ExtendLib build session instance failure: {}", str, th);
            throw new PKIException("ExtendLib build session instance failure", th);
        }
    }

    private static Session getSingleton(CryptoInfo cryptoInfo) throws PKIException {
        if (SINGLETON == null) {
            synchronized (ExtendLib.class) {
                if (SINGLETON == null) {
                    SADKDebugger.setDebugger();
                    ExtendLib extendLib = new ExtendLib(cryptoInfo);
                    LoggerManager.systemLogger.info("ExtendLib build session instance {}", extendLib);
                    SINGLETON = extendLib;
                }
            }
        }
        return SINGLETON;
    }

    private ExtendLib(CryptoInfo cryptoInfo) throws PKIException {
        LoggerManager.systemLogger.info("ExtendLib beginning: {}", cryptoInfo);
        CryptoInfo buildDefaultCryptoInfo = cryptoInfo == null ? CryptoInfoFactory.buildDefaultCryptoInfo() : cryptoInfo;
        try {
            this.cryptoAPI = buildDefaultCryptoInfo.isEnableCard() ? new CryptoBridgeImpl(buildDefaultCryptoInfo) : null;
            this.sm2Card = buildDefaultCryptoInfo.isEnableSM2Card() ? new SM2Card(this.cryptoAPI) : SM2CardDummy.Dummy.INSTANCE;
            this.rsaCard = buildDefaultCryptoInfo.isEnableRSACard() ? new RSACard(this.cryptoAPI) : RSACardDummy.Dummy.INSTANCE;
            this.eccCard = buildDefaultCryptoInfo.isEnableECCCard() ? new ECCCard(this.cryptoAPI) : ECCCardDummy.Dummy.INSTANCE;
            this.warningTimeThreshold = buildDefaultCryptoInfo.getWarningLongTimeThreshold();
            this.softLib = JNISoftLib.INSTANCE();
        } catch (CryptoException e) {
            LoggerManager.exceptionLogger.error("ExtendLib build failure: {}", buildDefaultCryptoInfo, e);
            throw new PKIException("ExtendLib build failure", e);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Key generateKey(Mechanism mechanism) throws PKIException {
        return this.softLib.generateKey(mechanism);
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Key generateKey(Mechanism mechanism, byte[] bArr) throws PKIException {
        return this.softLib.generateKey(mechanism, bArr);
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final KeyPair generateKeyPair(Mechanism mechanism, int i) throws PKIException {
        boolean z;
        int i2;
        int i3;
        KeyPair generateKeyPair;
        ECCCurveId findECCCurveId;
        long currentTimeMillis = System.currentTimeMillis();
        LoggerManager.systemLogger.info("generateKeyPair beginning: mechanism={},keyLength={}", mechanism, Integer.valueOf(i));
        Object param = mechanism.getParam();
        if (param == null) {
            z = true;
            i2 = -1;
            i3 = 0;
        } else if (param instanceof GenKeyAttribute) {
            GenKeyAttribute genKeyAttribute = (GenKeyAttribute) param;
            z = genKeyAttribute.isExport;
            i2 = genKeyAttribute.keyNum;
            i3 = genKeyAttribute.keyUsage;
        } else {
            z = true;
            i2 = -1;
            i3 = 0;
        }
        try {
            if (ExtendLibHelper.isSM2Type(mechanism)) {
                generateKeyPair = this.sm2Card.generateKeyPair(z, i2, i3);
            } else if (ExtendLibHelper.isECCType(mechanism)) {
                String curveName = mechanism.getCurveName();
                if (curveName == null) {
                    findECCCurveId = ECCCurveId.NIST_P256;
                } else {
                    findECCCurveId = ECCCurveId.findECCCurveId(curveName);
                    if (!ECCCurveId.isCardSupport(findECCCurveId)) {
                        throw new PKIException("ExtendLib do not support: curveName->" + curveName);
                    }
                }
                generateKeyPair = z ? this.eccCard.generateKeyPair(z, i2, i3, findECCCurveId.getCurveId()) : this.eccCard.generateKeyPair(z, i2, i3, findECCCurveId.getCurveId());
            } else {
                if (!ExtendLibHelper.isRSAType(mechanism)) {
                    throw new PKIException("generateKeyPair failure: invalid mechanism=" + mechanism);
                }
                generateKeyPair = this.rsaCard.generateKeyPair(z, i, i2, i3);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("generateKeyPair finished, costTime={}", Long.valueOf(currentTimeMillis2));
            } else {
                LoggerManager.systemLogger.info("generateKeyPair accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return generateKeyPair;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("generateKeyPair mechanism={},isExport={},keyLength={},keyIndex={},keyUsage={}", new Object[]{mechanism, Boolean.valueOf(z), Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(i3), th});
            throw new PKIException("generateKeyPair failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] signByHash(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("signByHash beginning: mechanism={},hashValue={}", mechanism, DataHelper.dump4KPartData(bArr));
        }
        try {
            HashUtil.checkHashLength(mechanism, bArr);
            byte[] confirmSM2SignValueLength = ExtendLibHelper.isSM2SignType(mechanism) ? confirmSM2SignValueLength(this.sm2Card.signByHash(privateKey, confirmSM3HashValueLength(bArr))) : ExtendLibHelper.isECCSignType(mechanism) ? this.eccCard.signByHash(privateKey, bArr) : this.rsaCard.signByHash(privateKey, this.rsaCard.buildDigestInfo(mechanism, bArr));
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("signByHash finished,mechanism={},hashValue={}, costTime={}", new Object[]{mechanism, DataHelper.dump4KPartData(bArr), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("signByHash accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return confirmSM2SignValueLength;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("signByHash failure: mechanism={},hashValue={}", mechanism, DataHelper.dump4KPartData(bArr));
            throw new PKIException("signByHash failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verifyByHash(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("verifyByHash beginning: mechanism={},hashValue={}", mechanism, DataHelper.dump4KPartData(bArr));
        }
        try {
            HashUtil.checkHashLength(mechanism, bArr);
            boolean verifyByHash = ExtendLibHelper.isSM2SignType(mechanism) ? this.sm2Card.verifyByHash(publicKey, confirmSM3HashValueLength(bArr), confirmSM2SignWithRawRS(bArr2)) : ExtendLibHelper.isECCSignType(mechanism) ? this.eccCard.verifyByHash(publicKey, bArr, bArr2) : this.rsaCard.verifyByHash(publicKey, this.rsaCard.buildDigestInfo(mechanism, bArr), bArr2);
            if (!verifyByHash) {
                LoggerManager.timeoutLogger.error("verifyByHash failure,mechanism={},hashValue={},signData={},verifyResult={} ", new Object[]{mechanism, DataHelper.dump4KPartData(bArr), DataHelper.dump4KPartData(bArr2), Boolean.valueOf(verifyByHash)});
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("verifyByHash finished,mechanism={},hashValue={},signData={}, costTime={}", new Object[]{mechanism, DataHelper.dump4KPartData(bArr), DataHelper.dump4KPartData(bArr2), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("verifyByHash accomplished, costTime={},verifyResult={}", Long.valueOf(currentTimeMillis2), Boolean.valueOf(verifyByHash));
            }
            return verifyByHash;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verifyByHash failure: mechanism={},hashValue={},signData={}", new Object[]{mechanism, DataHelper.dump4KPartData(bArr), DataHelper.dump4KPartData(bArr2)});
            throw new PKIException("verifyByHash failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException {
        byte[] signByHash;
        int dataLength = DataHelper.dataLength(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("signMessage beginning: mechanism={},sourceDataLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2SignType(mechanism)) {
                GMTKey buildSM2PrivateKey = buildSM2PrivateKey(privateKey);
                signByHash = confirmSM2SignValueLength(this.sm2Card.signByHash((PrivateKey) buildSM2PrivateKey, confirmSM3HashValueLength(this.sm2Card.sm3(buildSM2PrivateKey, bArr))));
            } else {
                signByHash = ExtendLibHelper.isRSASignType(mechanism) ? this.rsaCard.signByHash(privateKey, this.rsaCard.hashDigestInfo(mechanism, bArr)) : this.eccCard.signByHash(privateKey, this.eccCard.hash(mechanism, bArr));
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("signMessage finished,mechanism={},sourceDataLength={}, costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("signMessage accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return signByHash;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("signMessage failure: mechanism={},sourceDataLength={}", mechanism, Integer.valueOf(dataLength));
            throw new PKIException("sign failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] sign(Mechanism mechanism, PrivateKey privateKey, InputStream inputStream) throws PKIException {
        byte[] signByHash;
        int dataLength = DataHelper.dataLength(inputStream);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("signStream beginning: mechanism={},sourceStreamLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2SignType(mechanism)) {
                GMTKey buildSM2PrivateKey = buildSM2PrivateKey(privateKey);
                signByHash = confirmSM2SignValueLength(this.sm2Card.signByHash((PrivateKey) buildSM2PrivateKey, confirmSM3HashValueLength(this.sm2Card.sm3(buildSM2PrivateKey, inputStream))));
            } else {
                signByHash = ExtendLibHelper.isRSASignType(mechanism) ? this.rsaCard.signByHash(privateKey, this.rsaCard.hashDigestInfo(mechanism, inputStream)) : this.eccCard.signByHash(privateKey, this.eccCard.hash(mechanism, inputStream));
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("signStream finished,mechanism={},sourceStreamLength={}, costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("signStream accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return signByHash;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("signStream failure: mechanism={},sourceStreamLength={}", mechanism, Integer.valueOf(dataLength));
            throw new PKIException("signStream failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verify(Mechanism mechanism, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws PKIException {
        boolean verifyByHash;
        int dataLength = DataHelper.dataLength(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("verifyMessage beginning: mechanism={},sourceDataLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2SignType(mechanism)) {
                GMTKey buildSM2PublicKey = buildSM2PublicKey(publicKey);
                byte[] confirmSM2SignWithRawRS = confirmSM2SignWithRawRS(bArr2);
                verifyByHash = this.sm2Card.verifyByHash((PublicKey) buildSM2PublicKey, confirmSM3HashValueLength(this.sm2Card.sm3(buildSM2PublicKey, bArr)), confirmSM2SignWithRawRS);
                if (CompatibleAlgorithm.isCompatibleSM2WithoutZ() && !verifyByHash) {
                    verifyByHash = this.sm2Card.verifyByHash(publicKey, confirmSM3HashValueLength(this.sm2Card.sm3((GMTKey) null, bArr)), confirmSM2SignWithRawRS);
                }
            } else {
                verifyByHash = ExtendLibHelper.isECCSignType(mechanism) ? this.eccCard.verifyByHash(publicKey, this.eccCard.hash(mechanism, bArr), bArr2) : this.rsaCard.verifyByHash(publicKey, this.rsaCard.hashDigestInfo(mechanism, bArr), bArr2);
            }
            if (!verifyByHash) {
                LoggerManager.timeoutLogger.error("verifyMessage failure,mechanism={},sourceDataLength={},signData={},verifyResult={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr2), Boolean.valueOf(verifyByHash)});
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("verifyMessage finished,mechanism={},sourceDataLength={},signData={}, costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr2), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("verifyMessage accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return verifyByHash;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verifyMessage failure: mechanism={},sourceDataLength={},signData={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr2)});
            throw new PKIException("verifyMessage failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean verify(Mechanism mechanism, PublicKey publicKey, InputStream inputStream, byte[] bArr) throws PKIException {
        boolean verifyByHash;
        int dataLength = DataHelper.dataLength(inputStream);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("verifyStream beginning: mechanism={},sourceStreamLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2SignType(mechanism)) {
                GMTKey buildSM2PublicKey = buildSM2PublicKey(publicKey);
                byte[] confirmSM2SignWithRawRS = confirmSM2SignWithRawRS(bArr);
                verifyByHash = this.sm2Card.verifyByHash((PublicKey) buildSM2PublicKey, confirmSM3HashValueLength(this.sm2Card.sm3(buildSM2PublicKey, inputStream)), confirmSM2SignWithRawRS);
                if (CompatibleAlgorithm.isCompatibleSM2WithoutZ() && !verifyByHash) {
                    verifyByHash = this.sm2Card.verifyByHash(publicKey, confirmSM3HashValueLength(this.sm2Card.sm3((GMTKey) null, inputStream)), confirmSM2SignWithRawRS);
                }
            } else {
                verifyByHash = ExtendLibHelper.isECCSignType(mechanism) ? this.eccCard.verifyByHash(publicKey, this.eccCard.hash(mechanism, inputStream), bArr) : this.rsaCard.verifyByHash(publicKey, this.rsaCard.hashDigestInfo(mechanism, inputStream), bArr);
            }
            if (!verifyByHash) {
                LoggerManager.timeoutLogger.error("verifyStream failure,mechanism={},sourceStreamLength={},signData={},verifyResult={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr), Boolean.valueOf(verifyByHash)});
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("verifyStream finished,mechanism={},sourceStreamLength={},signData={}, costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("verifyStream accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return verifyByHash;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verifyStream failure: mechanism={},sourceStreamLength={},signData={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr)});
            throw new PKIException("verifyStream failure", th);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v8, types: [cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.GMTKey] */
    private GMTKey buildSM2PrivateKey(PrivateKey privateKey) throws CryptoException {
        SM2PrivateKey sM2PrivateKey;
        if (privateKey == null) {
            throw new CryptoException("buildSM2PrivateKey failed: priKey is null");
        }
        if (privateKey instanceof GMTKey) {
            sM2PrivateKey = (GMTKey) privateKey;
        } else {
            try {
                sM2PrivateKey = new SM2PrivateKey(privateKey.getEncoded());
            } catch (Exception e) {
                throw new CryptoException("buildSM2PrivateKey failed: encoding is invalid SM2PrivateKey", e);
            }
        }
        return sM2PrivateKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v8, types: [cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.GMTKey] */
    private GMTKey buildSM2PublicKey(PublicKey publicKey) throws CryptoException {
        SM2PublicKey sM2PublicKey;
        if (publicKey == null) {
            throw new CryptoException("buildSM2PublicKey failed with pubKey is null");
        }
        if (publicKey instanceof GMTKey) {
            sM2PublicKey = (GMTKey) publicKey;
        } else {
            try {
                sM2PublicKey = new SM2PublicKey(publicKey.getEncoded());
            } catch (Exception e) {
                throw new CryptoException("buildSM2PublicKey failed: encoding is invalid SM2PublicKey", e);
            }
        }
        return sM2PublicKey;
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] encrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] encrypt;
        int dataLength = DataHelper.dataLength(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("encryptMessage beginning: mechanism={},sourceDataLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2EncryptType(mechanism)) {
                if (!(key instanceof PublicKey)) {
                    throw new PKIException("encryptMessage failure: required PublicKey");
                }
                encrypt = confirmSM2EncryptDataLength(this.sm2Card.encrypt((PublicKey) key, bArr), bArr);
            } else if (ExtendLibHelper.isRSAEncryptType(mechanism)) {
                if (!(key instanceof RSAPublicKey)) {
                    throw new PKIException("encryptMessage failure: required RSAPublicKey");
                }
                encrypt = this.rsaCard.encrypt((RSAPublicKey) key, bArr);
            } else {
                if (ExtendLibHelper.isECCEncryptType(mechanism)) {
                    throw new PKIException("encryptMessage failure: do not support ECC");
                }
                encrypt = this.softLib.encrypt(mechanism, key, bArr);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("encryptMessage finished,mechanism={},sourceDataLength={},sourceData={},costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("encryptMessage accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return encrypt;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("encryptMessage failure: mechanism={},sourceDataLength={},sourceData={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr)});
            throw new PKIException("encryptMessage failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final byte[] decrypt(Mechanism mechanism, Key key, byte[] bArr) throws PKIException {
        byte[] decrypt;
        int dataLength = DataHelper.dataLength(bArr);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("decryptMessage beginning: mechanism={},encryptDataLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            if (ExtendLibHelper.isSM2EncryptType(mechanism)) {
                if (!(key instanceof PrivateKey)) {
                    throw new PKIException("decryptMessage failure: required PrivateKey");
                }
                decrypt = trySM2Decrypt(mechanism, (PrivateKey) key, bArr);
            } else if (ExtendLibHelper.isRSAEncryptType(mechanism)) {
                if (!(key instanceof RSAPrivateKey)) {
                    throw new PKIException("decryptMessage failure: required RSAPrivateKey");
                }
                decrypt = this.rsaCard.decrypt((RSAPrivateKey) key, bArr);
            } else {
                if (ExtendLibHelper.isECCEncryptType(mechanism)) {
                    throw new PKIException("decryptMessage failure: do not support ECC");
                }
                decrypt = this.softLib.decrypt(mechanism, key, bArr);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("decryptMessage finished,mechanism={},encryptDataLength={},encryptData={},costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("decryptMessage accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return decrypt;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("decryptMessage failure: mechanism={},encryptDataLength={},encryptData={}", new Object[]{mechanism, Integer.valueOf(dataLength), DataHelper.dump4KPartData(bArr)});
            throw new PKIException("decryptMessage failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final void encrypt(Mechanism mechanism, Key key, InputStream inputStream, OutputStream outputStream) throws PKIException {
        int dataLength = DataHelper.dataLength(inputStream);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("encryptStream beginning: mechanism={},sourceStreamLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            StreamEncryptChecker.checkAllowedKeyType(key);
            if (ExtendLibHelper.isSM2EncryptType(mechanism)) {
                byte[] readSM2PlainData = readSM2PlainData(inputStream);
                byte[] confirmSM2EncryptDataLength = confirmSM2EncryptDataLength(this.sm2Card.encrypt((PublicKey) key, readSM2PlainData), readSM2PlainData);
                try {
                    outputStream.write(confirmSM2EncryptDataLength, 0, confirmSM2EncryptDataLength.length);
                } catch (Exception e) {
                    throw new PKIException("encryptStream stream failure: file write error", e);
                }
            } else if (ExtendLibHelper.isRSAEncryptType(mechanism)) {
                if (!(key instanceof RSAPublicKey)) {
                    throw new PKIException("encryptStream failure: required RSAPublicKey");
                }
                byte[] encrypt = this.rsaCard.encrypt((RSAPublicKey) key, FileHelper.read(inputStream));
                outputStream.write(encrypt, 0, encrypt.length);
            } else {
                if (ExtendLibHelper.isECCEncryptType(mechanism)) {
                    throw new PKIException("encryptStream failure: do not support ECC");
                }
                this.softLib.encrypt(mechanism, key, inputStream, outputStream);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("encryptStream finished,mechanism={},sourceStreamLength={},costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("encryptStream accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("encryptStream failure: mechanism={},sourceStreamLength={}", mechanism, Integer.valueOf(dataLength));
            throw new PKIException("encryptStream failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final void decrypt(Mechanism mechanism, Key key, InputStream inputStream, OutputStream outputStream) throws PKIException {
        int dataLength = DataHelper.dataLength(inputStream);
        long currentTimeMillis = System.currentTimeMillis();
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("decryptStream beginning: mechanism={},encryptStreamLength={}", mechanism, Integer.valueOf(dataLength));
        }
        try {
            StreamEncryptChecker.checkAllowedKeyType(key);
            if (ExtendLibHelper.isSM2EncryptType(mechanism)) {
                byte[] trySM2Decrypt = trySM2Decrypt(mechanism, (PrivateKey) key, readSM2CipherData(inputStream));
                try {
                    outputStream.write(trySM2Decrypt, 0, trySM2Decrypt.length);
                } catch (Exception e) {
                    throw new PKIException("decryptStream stream failure: file write error", e);
                }
            } else if (ExtendLibHelper.isRSAEncryptType(mechanism)) {
                if (!(key instanceof RSAPrivateKey)) {
                    throw new PKIException("decryptStream failure: required RSAPrivateKey");
                }
                byte[] decrypt = this.rsaCard.decrypt((RSAPrivateKey) key, FileHelper.read(inputStream));
                outputStream.write(decrypt, 0, decrypt.length);
            } else {
                if (ExtendLibHelper.isECCEncryptType(mechanism)) {
                    throw new PKIException("decryptStream failure: do not support ECC");
                }
                this.softLib.decrypt(mechanism, key, inputStream, outputStream);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("decryptStream finished,mechanism={},encryptStreamLength={},costTime={}", new Object[]{mechanism, Integer.valueOf(dataLength), Long.valueOf(currentTimeMillis2)});
            } else {
                LoggerManager.systemLogger.info("decryptStream accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("decryptStream failure: mechanism={},encryptStreamLength={}", mechanism, Integer.valueOf(dataLength));
            throw new PKIException("decryptStream failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final PublicKey exportEncPublicKey() throws PKIException {
        long currentTimeMillis = System.currentTimeMillis();
        LoggerManager.systemLogger.info("exportEncPublicKey beginning");
        try {
            PublicKey exportSM2ProtectKey = this.sm2Card.exportSM2ProtectKey();
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (currentTimeMillis2 > this.warningTimeThreshold) {
                LoggerManager.timeoutLogger.warn("exportEncPublicKey finished,costTime={}", Long.valueOf(currentTimeMillis2));
            } else {
                LoggerManager.systemLogger.info("exportEncPublicKey accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
            }
            return exportSM2ProtectKey;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("exportEncPublicKey failure", th);
            throw new PKIException("exportEncPublicKey failure", th);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean importSM2KeyPair(byte[] bArr, int i) throws PKIException {
        long currentTimeMillis = System.currentTimeMillis();
        LoggerManager.systemLogger.info("importSM2KeyPair beginning");
        if (bArr != null) {
            try {
                if (bArr.length == 192) {
                    boolean importSM2EncryptKeyPair = this.sm2Card.importSM2EncryptKeyPair(i, bArr);
                    long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                    if (currentTimeMillis2 > this.warningTimeThreshold) {
                        LoggerManager.timeoutLogger.warn("importSM2KeyPair finished,costTime={}", Long.valueOf(currentTimeMillis2));
                    } else {
                        LoggerManager.systemLogger.info("importSM2KeyPair accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
                    }
                    return importSM2EncryptKeyPair;
                }
            } catch (Throwable th) {
                LoggerManager.exceptionLogger.error("importSM2KeyPair failure", th);
                throw new PKIException("importSM2KeyPair failure", th);
            }
        }
        throw new PKIException("importSM2KeyPair failure encryptKeyData is not 192 bytes!");
    }

    @Override // cfca.sadk.lib.crypto.Session
    public boolean checkIdleTest() throws PKIException {
        long currentTimeMillis = System.currentTimeMillis();
        LoggerManager.systemLogger.info("checkIdleTest beginning");
        int i = 0;
        try {
            if (this.sm2Card != null && !this.sm2Card.idleTest()) {
                LoggerManager.exceptionLogger.error("checkIdleTest[sm2Card] failure");
                i = 0 + 1;
            }
            try {
                if (this.rsaCard != null && !this.rsaCard.idleTest()) {
                    LoggerManager.exceptionLogger.error("checkIdleTest[rsaCard] failure");
                    i++;
                }
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                if (currentTimeMillis2 > this.warningTimeThreshold) {
                    LoggerManager.timeoutLogger.warn("checkIdleTest finished,costTime={}", Long.valueOf(currentTimeMillis2));
                } else {
                    LoggerManager.systemLogger.info("checkIdleTest accomplished, costTime={}", Long.valueOf(currentTimeMillis2));
                }
                return i == 0;
            } catch (Throwable th) {
                LoggerManager.exceptionLogger.error("checkIdleTest[rsaCard] failure", th);
                throw new PKIException("checkIdleTest[rsaCard] failure", th);
            }
        } catch (Throwable th2) {
            LoggerManager.exceptionLogger.error("checkIdleTest[sm2Card] failure", th2);
            throw new PKIException("checkIdleTest[sm2Card] failure", th2);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final Provider getProvider() {
        return this.softLib.getProvider();
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final String getProviderName() {
        return this.softLib.getProviderName();
    }

    final byte[] trySM2Decrypt(Mechanism mechanism, PrivateKey privateKey, byte[] bArr) throws PKIException, CryptoException {
        byte[] SM2CardDecrypt;
        if (bArr == null || bArr.length < 96) {
            throw new PKIException("SM2Decrypt Failure with encryptData shortage");
        }
        if (ASN1SM2Cipher.isASN1EncryptType(bArr)) {
            LoggerManager.systemLogger.info("SM2Decrypt::::::::ASN1(C1C3C2): Running");
            SM2CardDecrypt = SM2CardDecrypt(privateKey, new ASN1SM2Cipher(bArr, 1).getEncryptedBytes(4));
            LoggerManager.systemLogger.info("SM2Decrypt::::::::ASN1(C1C3C2): Finished");
        } else {
            try {
                LoggerManager.systemLogger.info("SM2Decrypt:::::::: RAW(C1C3C2): Running");
                SM2CardDecrypt = SM2CardDecrypt(privateKey, bArr);
                LoggerManager.systemLogger.info("SM2Decrypt:::::::: RAW(C1C3C2): Finished");
            } catch (Exception e) {
                LoggerManager.systemLogger.info("SM2Decrypt:::::::: RAW(C1C2C3): Running");
                SM2CardDecrypt = SM2CardDecrypt(privateKey, new ASN1SM2Cipher(bArr, 16).getEncryptedBytes(4));
                LoggerManager.systemLogger.info("SM2Decrypt:::::::: RAW(C1C2C3): Finished");
            }
        }
        return SM2CardDecrypt;
    }

    final byte[] SM2CardDecrypt(PrivateKey privateKey, byte[] bArr) throws PKIException, CryptoException {
        if (bArr == null || bArr.length < 96) {
            throw new PKIException("SM2Decrypt Failure with sm2EncryptData shortage");
        }
        return this.sm2Card.decrypt(privateKey, bArr);
    }

    private final byte[] confirmSM3HashValueLength(byte[] bArr) throws CryptoException {
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("Missing SM3HashValue");
        }
        if (bArr.length != 32) {
            throw new CryptoException("Require SM3HashValueLength=32");
        }
        return bArr;
    }

    private final byte[] confirmSM2SignWithRawRS(byte[] bArr) throws CryptoException {
        byte[] bArr2;
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("SM2SignValue missing");
        }
        if (bArr.length < 64) {
            throw new CryptoException("SM2SignValue less than 64");
        }
        if (bArr != null && bArr.length == 64) {
            bArr2 = bArr;
        } else {
            if (!ASN1SM2Signature.isASN1SignType(bArr)) {
                throw new CryptoException("SM2Signature data is null or neither asn1 nor 64 bytes!");
            }
            ASN1SM2Signature aSN1SM2Signature = new ASN1SM2Signature(bArr);
            bArr2 = new byte[64];
            System.arraycopy(BigIntegers.asUnsignedByteArray(32, aSN1SM2Signature.getR().getPositiveValue()), 0, bArr2, 0, 32);
            System.arraycopy(BigIntegers.asUnsignedByteArray(32, aSN1SM2Signature.getS().getPositiveValue()), 0, bArr2, 32, 32);
        }
        return bArr2;
    }

    private final byte[] confirmSM2SignValueLength(byte[] bArr) throws CryptoException {
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("SM2SignValue missing");
        }
        if (bArr.length != 64) {
            throw new CryptoException("SM2SignValue not equal with 64");
        }
        return bArr;
    }

    private final byte[] confirmSM2EncryptDataLength(byte[] bArr, byte[] bArr2) throws CryptoException {
        if (bArr2 == null || bArr2.length == 0) {
            throw new CryptoException("Missing sourceData");
        }
        if (bArr == null || bArr.length == 0) {
            throw new CryptoException("Missing encryptData");
        }
        if (bArr.length - bArr2.length != 96) {
            throw new CryptoException("Require encryptDataLength-sourceDatalength=96<<<<<<" + bArr.length + "," + bArr2.length + ">>>>>>");
        }
        return new ASN1SM2Cipher(bArr, 4).getEncryptedBytes(CompatibleConfig.SM2OutputFormatEncryptedBytes);
    }

    private final byte[] readSM2PlainData(InputStream inputStream) throws PKIException {
        if (inputStream == null) {
            throw new PKIException("SM2EncryptStream stream failure: sourceStream is null");
        }
        try {
            byte[] bArr = new byte[4224];
            int read = inputStream.read(bArr);
            if (read > 4096) {
                throw new PKIException("SM2EncryptStream stream failure: stream more than 4096");
            }
            byte[] bArr2 = new byte[read];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            return bArr2;
        } catch (Exception e) {
            throw new PKIException("SM2EncryptStream stream failure: stream read error", e);
        }
    }

    private final byte[] readSM2CipherData(InputStream inputStream) throws PKIException {
        if (inputStream == null) {
            throw new PKIException("SM2DecryptStream stream failure: encryptStream is null");
        }
        try {
            byte[] bArr = new byte[8448];
            int read = inputStream.read(bArr);
            if (read > SM2_MAX_CIPHER_LENGTH) {
                throw new PKIException("SM2DecryptStream stream failure: message more than 8320");
            }
            byte[] bArr2 = new byte[read];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            return bArr2;
        } catch (Exception e) {
            throw new PKIException("SM2DecryptStream stream failure: file read error", e);
        }
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final String getDeviceName() {
        return JCrypto.JCARD_LIB;
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final int getDeviceType() {
        return 3;
    }

    @Override // cfca.sadk.lib.crypto.Session
    public final boolean useJniNativeOperation() throws PKIException {
        return true;
    }

    @Override // cfca.sadk.lib.crypto.Session
    public DeviceInfo[] getDeviceInfos() throws PKIException {
        String str;
        if (LoggerManager.systemLogger.isInfoEnabled()) {
            LoggerManager.systemLogger.info("ExtendLib getDeviceInfos running");
        }
        try {
            DeviceInfo[] deviceInfos = this.cryptoAPI == null ? null : this.cryptoAPI.getDeviceInfos();
            if (LoggerManager.systemLogger.isInfoEnabled()) {
                if (deviceInfos != null) {
                    StringBuilder sb = new StringBuilder();
                    for (DeviceInfo deviceInfo : deviceInfos) {
                        sb.append("\n").append(deviceInfo);
                    }
                    sb.append("\n");
                    str = sb.toString();
                } else {
                    str = "none";
                }
                LoggerManager.systemLogger.info("ExtendLib getDeviceInfos values: {}", str);
            }
            return deviceInfos;
        } catch (CryptoException e) {
            LoggerManager.exceptionLogger.error("ExtendLib getDeviceInfos failure", e);
            throw new PKIException("ExtendLib getDeviceInfos failure", e);
        }
    }
}
