package cfca.sadk.cmbc.tools;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Object;
import cmbc.cfca.org.bouncycastle.asn1.x509.Extension;
import cmbc.cfca.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cmbc.cfca.org.bouncycastle.util.encoders.Hex;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.Debugger;
import cmbc.cfca.util.CertUtil;
import cmbc.cfca.util.EnvelopeUtil;
import cmbc.cfca.util.HashUtil;
import cmbc.cfca.util.SignatureUtil2;
import cmbc.cfca.util.cipher.lib.JCrypto;
import cmbc.cfca.util.cipher.lib.Session;
import cmbc.cfca.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.PrivateKey;
import java.util.Date;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:cfca/sadk/cmbc/tools/SecurityKitImpl.class */
public class SecurityKitImpl implements SecurityKit {
    boolean initialized = false;
    boolean smxFlag = true;
    PrivateKey privateKey = null;
    X509Cert signedCert = null;
    X509Cert cmbcCert = null;
    Session session = null;
    ConcurrentHashMap<String, X509Cert> trustCMBCCerts = new ConcurrentHashMap<>();
    private String sessionType = "JSOFT_LIB";
    private final Object locked = new Object();
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SecurityKitImpl.class);
    private static final Mechanism mechanism = new Mechanism("SHA1");

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final int setSessionType(String str) throws DecryptKitException {
        return "JNISOFT_LIB".equals(str) ? 0 : 0;
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final int Initialize(String str, String str2, String str3) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("Initialize>>>>>>Running\n myPrivateFile: " + Debugger.dump(str) + "\n myCMBCCertFile: " + Debugger.dump(str3));
        }
        try {
            if (this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_HAS_INITIALIZED);
            }
            try {
                JCrypto.getInstance().initialize(this.sessionType, null);
                Session openSession = JCrypto.getInstance().openSession(this.sessionType);
                X509Cert LoadBCMCCertFrom = LoadBCMCCertFrom(str3);
                if (LoadBCMCCertFrom == null) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_DECODED_FAILURE_CMBCCERT);
                }
                checkPeerValidate(LoadBCMCCertFrom);
                boolean isSM2Cert = CertUtil.isSM2Cert(LoadBCMCCertFrom);
                Signer sM2Signer = isSM2Cert ? new SM2Signer() : new RSASigner();
                if (!sM2Signer.load(str, str2)) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOTMATCH_LOAD_FAILURE);
                }
                checkLocalValidate(sM2Signer.signedCert);
                String buildTrustCertID = buildTrustCertID(LoadBCMCCertFrom);
                ConcurrentHashMap<String, X509Cert> concurrentHashMap = new ConcurrentHashMap<>();
                concurrentHashMap.put(buildTrustCertID, LoadBCMCCertFrom);
                synchronized (this.locked) {
                    this.session = openSession;
                    this.smxFlag = isSM2Cert;
                    this.privateKey = sM2Signer.privateKey;
                    this.signedCert = sM2Signer.signedCert;
                    this.cmbcCert = LoadBCMCCertFrom;
                    this.trustCMBCCerts = concurrentHashMap;
                    this.initialized = true;
                }
                return 0;
            } catch (PKIException e) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_INITIALIZED_SESSION_FAILURE, e);
            }
        } catch (DecryptKitException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize<<<<<<Failure\n myPrivateFile: " + Debugger.dump(str) + "\n myCMBCCertFile: " + Debugger.dump(str3), (Throwable) e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize<<<<<<Failure\n myPrivateFile: " + Debugger.dump(str) + "\n myCMBCCertFile: " + Debugger.dump(str3), (Throwable) e3);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e3);
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final int Initialize(String str) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("Initialize>>>>>>Running\n myConfigFile: " + Debugger.dump(str));
        }
        try {
            DecryptKitConfig decryptKitConfig = new DecryptKitConfig(str);
            return Initialize(decryptKitConfig.getPrivateFile(), decryptKitConfig.getPrivateFilePassword(), decryptKitConfig.getPeerCertFile());
        } catch (DecryptKitException e) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize<<<<<<Failure\n myConfigFile: " + Debugger.dump(str), (Throwable) e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize<<<<<<Failure\n myConfigFile: " + Debugger.dump(str), (Throwable) e2);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
        }
    }

    final int upgrade(String str, String str2) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("upgrade>>>>>>Running\n myPrivateFile: " + Debugger.dump(str));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            Signer sM2Signer = this.smxFlag ? new SM2Signer() : new RSASigner();
            if (!sM2Signer.load(str, str2)) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOTMATCH_LOAD_FAILURE);
            }
            checkLocalValidate(sM2Signer.signedCert);
            synchronized (this.locked) {
                this.privateKey = sM2Signer.privateKey;
                this.signedCert = sM2Signer.signedCert;
            }
            return 0;
        } catch (DecryptKitException e) {
            if (logger.isErrorEnabled()) {
                logger.error("upgrade<<<<<<Failure\n myPrivateFile: " + Debugger.dump(str));
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isErrorEnabled()) {
                logger.error("upgrade<<<<<<Failure\n myPrivateFile: " + Debugger.dump(str));
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
        }
    }

    final int upgrade(String str) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("upgrade>>>>>>Running\n myCMBCCertFile: " + Debugger.dump(str));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            X509Cert LoadBCMCCertFrom = LoadBCMCCertFrom(str);
            if (LoadBCMCCertFrom == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_DECODED_FAILURE_CMBCCERT);
            }
            checkPeerValidate(LoadBCMCCertFrom);
            if (CertUtil.isSM2Cert(LoadBCMCCertFrom) != this.smxFlag) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOTMATCH);
            }
            String buildTrustCertID = buildTrustCertID(LoadBCMCCertFrom);
            if (this.trustCMBCCerts.size() > 1000) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, "trustCMBCCerts more than 1000");
            }
            this.trustCMBCCerts.put(buildTrustCertID, LoadBCMCCertFrom);
            synchronized (this.locked) {
                this.cmbcCert = LoadBCMCCertFrom;
            }
            return 0;
        } catch (DecryptKitException e) {
            if (logger.isErrorEnabled()) {
                logger.error("upgrade<<<<<<Failure\n myCMBCCertFile: " + Debugger.dump(str), (Throwable) e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isErrorEnabled()) {
                logger.error("upgrade<<<<<<Failure\n myCMBCCertFile: " + Debugger.dump(str), (Throwable) e2);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
        }
    }

    final X509Cert LoadBCMCCertFrom(String str) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("LoadBCMCCertFrom>>>>>>Running\n myCMBCCertFile: " + Debugger.dump(str));
        }
        try {
            if (str == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS_CMBCCERT);
            }
            File file = new File(str);
            if (!file.exists()) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_FILE_NOT_FOUND_CMBCCERT);
            }
            if (!"cer".equals(Signer.getExtensionFilename(file.getName()))) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_FILE_EXTENSION_INVALID_CMBCCERT);
            }
            FileInputStream fileInputStream = null;
            try {
                try {
                    FileInputStream fileInputStream2 = new FileInputStream(file);
                    X509Cert x509Cert = new X509Cert(fileInputStream2);
                    if (fileInputStream2 != null) {
                        try {
                            fileInputStream2.close();
                        } catch (Exception e) {
                        }
                    }
                    if (logger.isInfoEnabled()) {
                        logger.info("LoadBCMCCertFrom<<<<<<Finished\n myCMBCCert: " + Debugger.dump(x509Cert));
                    }
                    return x509Cert;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                    throw th;
                }
            } catch (PKIException e3) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_DECODED_FAILURE_CMBCCERT, e3);
            } catch (FileNotFoundException e4) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_FILE_NOT_FOUND_CMBCCERT, e4);
            }
        } catch (DecryptKitException e5) {
            if (logger.isErrorEnabled()) {
                logger.error("LoadBCMCCertFrom<<<<<<Failure\n myCMBCCertFile: " + Debugger.dump(str), (Throwable) e5);
            }
            throw e5;
        } catch (Exception e6) {
            if (logger.isErrorEnabled()) {
                logger.error("LoadBCMCCertFrom<<<<<<Failure\n myCMBCCertFile: " + Debugger.dump(str), (Throwable) e6);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void checkPeerSignedCert(X509Cert x509Cert) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("checkPeerSignedCert>>>>>>Running\n X509Cert: " + Debugger.dump(x509Cert));
        }
        try {
            if (x509Cert == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_SIGNEDCERT_MNISSING, "missing cert");
            }
            Date date = new Date();
            if (x509Cert.getNotAfter().before(date)) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_SIGNEDCERT_HAS_EXPIRED, validTime(x509Cert));
            }
            if (date.before(x509Cert.getNotBefore())) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_SIGNEDCERT_NOT_YET_VALID, validTime(x509Cert));
            }
            if (!this.trustCMBCCerts.containsKey(buildTrustCertID(x509Cert))) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_SIGNEDCERT_NOT_MATCH, validTime(x509Cert));
            }
        } catch (DecryptKitException e) {
            if (logger.isErrorEnabled()) {
                logger.error("checkPeerSignedCert<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isErrorEnabled()) {
                logger.error("checkPeerSignedCert<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e2);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
        }
    }

    final void checkLocalValidate(X509Cert x509Cert) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("checkLocalValidate>>>>>>Running\n X509Cert: " + Debugger.dump(x509Cert));
        }
        if (x509Cert != null) {
            try {
                Date date = new Date();
                if (x509Cert.getNotAfter().before(date)) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_LOCALCERT_HAS_EXPIRED, validTime(x509Cert));
                }
                if (date.before(x509Cert.getNotBefore())) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_LOCALCERT_NOT_YET_VALID, validTime(x509Cert));
                }
            } catch (DecryptKitException e) {
                if (logger.isErrorEnabled()) {
                    logger.error("checkLocalValidate<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e);
                }
                throw e;
            } catch (Exception e2) {
                if (logger.isErrorEnabled()) {
                    logger.error("checkLocalValidate<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e2);
                }
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
            }
        }
    }

    final void checkPeerValidate(X509Cert x509Cert) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("checkPeerValidate>>>>>>Running\n X509Cert: " + Debugger.dump(x509Cert));
        }
        if (x509Cert != null) {
            try {
                Date date = new Date();
                if (x509Cert.getNotAfter().before(date)) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_PEERCERT_HAS_EXPIRED, validTime(x509Cert));
                }
                if (date.before(x509Cert.getNotBefore())) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_PEERCERT_NOT_YET_VALID, validTime(x509Cert));
                }
            } catch (DecryptKitException e) {
                if (logger.isErrorEnabled()) {
                    logger.error("checkPeerValidate<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e);
                }
                throw e;
            } catch (Exception e2) {
                if (logger.isErrorEnabled()) {
                    logger.error("checkPeerValidate<<<<<<Failure\n X509Cert: " + Debugger.dump(x509Cert), (Throwable) e2);
                }
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
            }
        }
    }

    final String validTime(X509Cert x509Cert) {
        return String.format("<<%1$tY-%1$tm-%1$te %1$tT -- %2$tY-%2$tm-%2$te %2$tT>>", x509Cert.getNotBefore(), x509Cert.getNotAfter());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void deleteFile(String str) {
        if (str != null) {
            try {
                File file = new File(str);
                if (file.exists()) {
                    file.delete();
                }
            } catch (Exception e) {
            }
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final byte[] EnvelopeEncryptMessage(byte[] bArr) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("EnvelopeEncryptMessage>>>>>>Running\n binaryPlainMessage: " + Debugger.dump(bArr));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            String str = this.smxFlag ? "SM4/CBC/PKCS7Padding" : "DESede/CBC/PKCS7Padding";
            if (logger.isInfoEnabled()) {
                logger.info("EnvelopeEncryptMessage<<<<<<smxFlag: " + this.smxFlag);
            }
            try {
                byte[] envelopeMessage = EnvelopeUtil.envelopeMessage(bArr, str, new X509Cert[]{this.cmbcCert}, this.session);
                if (logger.isInfoEnabled()) {
                    logger.info("EnvelopeEncryptMessage<<<<<<Finished: base64EnvelopedData: " + Debugger.dumpBase64(envelopeMessage));
                }
                return envelopeMessage;
            } catch (Exception e) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_ENCODED_FAILURE_MAKEENVELOPE, e);
            }
        } catch (DecryptKitException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("EnvelopeEncryptMessage<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("EnvelopeEncryptMessage<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e3);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e3);
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final byte[] EnvelopeDecryptMessage(byte[] bArr) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("EnvelopeDecryptMessage>>>>>>Running\n base64EnvelopeMessage: " + Debugger.dumpBase64(bArr));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            try {
                byte[] openEvelopedMessage = EnvelopeUtil.openEvelopedMessage(bArr, this.privateKey, this.signedCert, this.session);
                if (logger.isInfoEnabled()) {
                    logger.info("EnvelopeDecryptMessage<<<<<<binaryPlainMessage: " + Debugger.dump(openEvelopedMessage));
                }
                return openEvelopedMessage;
            } catch (Exception e) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_DECODED_FAILURE_OPENENVELOPE, e);
            }
        } catch (DecryptKitException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("EnvelopeDecryptMessage<<<<<<Failure\n base64EnvelopeMessage: " + Debugger.dumpBase64(bArr), (Throwable) e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("EnvelopeDecryptMessage<<<<<<Failure\n base64EnvelopeMessage: " + Debugger.dumpBase64(bArr), (Throwable) e3);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e3);
        }
    }

    final byte[] P7AttachMessageSign(byte[] bArr) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("P7AttachMessageSign>>>>>>Running\n binaryPlainMessage: " + Debugger.dump(bArr));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            SignatureUtil2 signatureUtil2 = new SignatureUtil2();
            String str = this.smxFlag ? "SM3withSM2" : "SHA256withRSAEncryption";
            if (logger.isInfoEnabled()) {
                logger.info("P7AttachMessageSign<<<<<<smxFlag: " + this.smxFlag);
            }
            try {
                byte[] p7SignMessageAttach = signatureUtil2.p7SignMessageAttach(str, bArr, this.privateKey, this.signedCert, this.session);
                if (logger.isInfoEnabled()) {
                    logger.info("P7AttachMessageSign<<<<<<base64SignedMessage: " + Debugger.dumpBase64(p7SignMessageAttach));
                }
                return p7SignMessageAttach;
            } catch (Exception e) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_ENCODED_FAILURE_SIGN, e);
            }
        } catch (DecryptKitException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("P7AttachMessageSign<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("P7AttachMessageSign<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e3);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e3);
        }
    }

    final byte[] P7AttachMessageVerify(byte[] bArr) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("P7AttachMessageVerify>>>>>>Running\n base64SignedMessage: " + Debugger.dumpBase64(bArr));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            try {
                SignatureUtil2 signatureUtil2 = new SignatureUtil2();
                if (!signatureUtil2.p7VerifyMessageAttach(bArr, this.session)) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_INVALID_SIGNATURE);
                }
                checkPeerSignedCert(signatureUtil2.getSignerCert());
                byte[] sourceData = signatureUtil2.getSourceData();
                if (logger.isInfoEnabled()) {
                    logger.info("P7AttachMessageVerify<<<<<<Finished: binaryPlainMessage=" + Debugger.dump(sourceData));
                }
                return sourceData;
            } catch (DecryptKitException e) {
                throw e;
            } catch (Exception e2) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_DECODED_FAILURE_VERIFY, e2);
            }
        } catch (DecryptKitException e3) {
            if (logger.isErrorEnabled()) {
                logger.error("P7AttachMessageVerify<<<<<<Failure\n base64SignedMessage: " + Debugger.dumpBase64(bArr), (Throwable) e3);
            }
            throw e3;
        } catch (Exception e4) {
            if (logger.isErrorEnabled()) {
                logger.error("P7AttachMessageVerify<<<<<<Failure\n base64SignedMessage: " + Debugger.dumpBase64(bArr), (Throwable) e4);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e4);
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final byte[] P7DetachMessageSign(byte[] bArr) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("P7DetachMessageSign>>>>>>Running\n binaryPlainMessage: " + Debugger.dump(bArr));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            SignatureUtil2 signatureUtil2 = new SignatureUtil2();
            String str = this.smxFlag ? "SM3withSM2" : "SHA256withRSAEncryption";
            if (logger.isInfoEnabled()) {
                logger.info("P7DetachMessageSign<<<<<<smxFlag: " + this.smxFlag);
            }
            try {
                byte[] p7SignMessageDetach = signatureUtil2.p7SignMessageDetach(str, bArr, this.privateKey, this.signedCert, this.session);
                if (logger.isInfoEnabled()) {
                    logger.info("P7DetachMessageSign<<<<<<base64SignedMessage: " + Debugger.dumpBase64(p7SignMessageDetach));
                }
                return p7SignMessageDetach;
            } catch (Exception e) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_ENCODED_FAILURE_SIGN, e);
            }
        } catch (DecryptKitException e2) {
            if (logger.isErrorEnabled()) {
                logger.error("P7DetachMessageSign<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("P7DetachMessageSign<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr), (Throwable) e3);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e3);
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public boolean P7DetachMessageVerify(byte[] bArr, byte[] bArr2) throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("P7DetachMessageVerify>>>>>>Running\n binaryPlainMessage: " + Debugger.dump(bArr) + "\n base64SignedMessage: " + Debugger.dumpBase64(bArr2));
        }
        try {
            if (!this.initialized) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_NOT_INITIALIZED);
            }
            if (bArr == null) {
                throw new DecryptKitException(1879117826);
            }
            if (bArr2 == null) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_MISSING_PARAMETERS);
            }
            try {
                SignatureUtil2 signatureUtil2 = new SignatureUtil2();
                boolean p7VerifyMessageDetach = signatureUtil2.p7VerifyMessageDetach(bArr, bArr2, this.session);
                if (!p7VerifyMessageDetach) {
                    throw new DecryptKitException(DecryptKitErrcode.ERRCODE_INVALID_SIGNATURE);
                }
                checkPeerSignedCert(signatureUtil2.getSignerCert());
                if (logger.isInfoEnabled()) {
                    logger.info("p7VerifyMessageDetach<<<<<<Finished: verifyResult=" + p7VerifyMessageDetach);
                }
                return p7VerifyMessageDetach;
            } catch (DecryptKitException e) {
                throw e;
            } catch (Exception e2) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_ENVELOPE_DECODED_FAILURE_VERIFY, e2);
            }
        } catch (DecryptKitException e3) {
            if (logger.isErrorEnabled()) {
                logger.error("p7VerifyMessageDetach<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr) + "\n base64SignedMessage: " + Debugger.dumpBase64(bArr2), (Throwable) e3);
            }
            throw e3;
        } catch (Exception e4) {
            if (logger.isErrorEnabled()) {
                logger.error("p7VerifyMessageDetach<<<<<<Failure\n binaryPlainMessage: " + Debugger.dump(bArr) + "\n base64SignedMessage: " + Debugger.dumpBase64(bArr2), (Throwable) e4);
            }
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e4);
        }
    }

    @Override // cfca.sadk.cmbc.tools.SecurityKit
    public final int Uninitialize() throws DecryptKitException {
        if (logger.isInfoEnabled()) {
            logger.info("Uninitialize>>>>>>Running");
        }
        synchronized (this.locked) {
            this.initialized = false;
            this.smxFlag = true;
            this.privateKey = null;
            this.signedCert = null;
            this.cmbcCert = null;
            this.trustCMBCCerts.clear();
        }
        if (!logger.isInfoEnabled()) {
            return 0;
        }
        logger.info("Uninitialize<<<<<<Finished");
        return 0;
    }

    private final String buildTrustCertID(X509Cert x509Cert) throws DecryptKitException {
        if (x509Cert == null) {
            throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, "missing cert");
        }
        byte[] bArr = null;
        try {
            ASN1Object extensionData = x509Cert.getExtensionData(Extension.subjectKeyIdentifier);
            if (extensionData != null) {
                bArr = SubjectKeyIdentifier.getInstance(extensionData).getKeyIdentifier();
            }
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.debug("buildCertID::<<<<<<Failure", (Throwable) e);
            }
            bArr = null;
        }
        if (bArr == null) {
            try {
                bArr = HashUtil.rsaHashMessage(x509Cert.getPublicKeyData(), mechanism);
            } catch (PKIException e2) {
                throw new DecryptKitException(DecryptKitErrcode.ERRCODE_UNKNOWN, e2);
            }
        }
        return new String(Hex.encode(bArr)).toLowerCase();
    }
}
