package cn.com.syan.jcee.cm.impl;

import cn.com.syan.jcee.cm.exception.InvalidPinException;
import cn.com.syan.jcee.cm.exception.JCEECMException;
import cn.com.syan.jcee.common.impl.InitializationFailedException;
import cn.com.syan.jcee.common.impl.SparkCipher;
import cn.com.syan.jcee.common.impl.SparkSignature;
import cn.com.syan.jcee.common.impl.asn1.SM2BCPrivateKey;
import cn.com.syan.jcee.common.impl.ecc.cipher.SM4SymmetricCipher;
import cn.com.syan.jcee.common.impl.key.PKCS5PBES2;
import cn.com.syan.jcee.common.impl.key.PublicKeyBuilder;
import cn.com.syan.jcee.common.impl.key.SM2BCPublicKey;
import cn.com.syan.jcee.common.impl.key.SparkECPrivateKey;
import cn.com.syan.jcee.common.impl.key.struct.EnvelopedRSAKeyBlob;
import cn.com.syan.jcee.common.impl.key.struct.EnvelopedSM2KeyBlob;
import cn.com.syan.jcee.common.impl.pkcs1.PKCS1Signature;
import cn.com.syan.jcee.common.impl.pkcs7.EnvelopedDataGenerator;
import cn.com.syan.jcee.common.impl.pkcs7.PKCS7Signature;
import cn.com.syan.jcee.common.impl.utils.PrivateKeyBuilder;
import cn.com.syan.jcee.utils.StringConverter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.List;
import java.util.Random;
import javax.crypto.Cipher;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.spongycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class PrivateKey implements IPrivateKey {
    private boolean isPinUpdate;
    private String keyID;
    private String lastUpdateTime;
    private String ppPrivateKey;
    private BCECPublicKey publicKey;
    private String publicKeyAlgorithm;
    private AlgorithmIdentifier sigAlgorithmIdentifier;
    private java.security.cert.X509Certificate x509Certificate;

    private PrivateKey() {
        this.ppPrivateKey = null;
        this.isPinUpdate = false;
        this.publicKeyAlgorithm = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKey(PublicKey publicKey, String str, String str2) {
        this.ppPrivateKey = null;
        this.isPinUpdate = false;
        this.publicKeyAlgorithm = null;
        this.ppPrivateKey = str;
        this.keyID = PublicKeyAliasUtil.getAlias(publicKey);
        this.lastUpdateTime = str2;
        if (publicKey.getAlgorithm().equals("RSA")) {
            this.publicKeyAlgorithm = "RSA";
            this.sigAlgorithmIdentifier = IPrivateKey.SHA1WITHRSA;
        } else {
            this.publicKeyAlgorithm = "SM2";
            this.sigAlgorithmIdentifier = IPrivateKey.SM3WITHSM2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKey(java.security.cert.X509Certificate x509Certificate, String str, String str2) {
        this(x509Certificate.getPublicKey(), str, str2);
        this.x509Certificate = x509Certificate;
    }

    private byte[] decryptEnvelopedPrivateKeyImpl(String str, Object obj, String str2) throws InvalidPinException, JCEECMException {
        byte[] decrypt;
        byte[] encryptedData;
        int symmAlgID;
        SM2BCPublicKey sM2BCPublicKey = null;
        try {
            if (str.equals("SM2")) {
                EnvelopedSM2KeyBlob envelopedSM2KeyBlob = EnvelopedSM2KeyBlob.getInstance(obj);
                decrypt = decrypt(envelopedSM2KeyBlob.getWrappedKey().getEncoded(), str2);
                encryptedData = envelopedSM2KeyBlob.getEncryptedPrivateKey();
                symmAlgID = envelopedSM2KeyBlob.getSymmAlgID();
                sM2BCPublicKey = envelopedSM2KeyBlob.getECPublicKey();
            } else {
                EnvelopedRSAKeyBlob envelopedRSAKeyBlob = EnvelopedRSAKeyBlob.getInstance(obj);
                decrypt = decrypt(envelopedRSAKeyBlob.getWrappedKey(), str2);
                encryptedData = envelopedRSAKeyBlob.getEncryptedData();
                symmAlgID = envelopedRSAKeyBlob.getSymmAlgID();
            }
            if (symmAlgID != 1025) {
                throw new NoSuchAlgorithmException("No such algorithm with id: " + symmAlgID);
            }
            SM4SymmetricCipher sM4SymmetricCipher = SM4SymmetricCipher.getInstance(SM4SymmetricCipher.ECB_MODE);
            sM4SymmetricCipher.init(0, decrypt);
            sM4SymmetricCipher.update(encryptedData);
            return str.equals("SM2") ? new SM2BCPrivateKey(PrivateKeyBuilder.buildBCECPrivateKey(sM4SymmetricCipher.doFinal()), PublicKeyBuilder.buildBCECPublicKey(sM2BCPublicKey)).getEncoded() : sM4SymmetricCipher.doFinal();
        } catch (InitializationFailedException e) {
            throw new JCEECMException("failed to decrypt " + str + " enveloped key blob, cause: " + e.getMessage());
        } catch (Exception e2) {
            throw new JCEECMException("fail to decrypt " + str + " enveloped key blob, cause: " + e2.getMessage());
        }
    }

    private java.security.PrivateKey derivePrivateKey(String str) throws UnrecoverableKeyException, InvalidKeySpecException {
        try {
            byte[] decrypt = new PKCS5PBES2().decrypt(StringConverter.toBinary(this.ppPrivateKey), str.toCharArray());
            if (this.publicKeyAlgorithm.equals("RSA")) {
                return PrivateKeyBuilder.buildPrivateKey(decrypt, BouncyCastleProvider.PROVIDER_NAME);
            }
            SparkECPrivateKey buildSparkECPrivateKey = PrivateKeyBuilder.buildSparkECPrivateKey(decrypt);
            this.publicKey = buildSparkECPrivateKey.getECPublicKey();
            return buildSparkECPrivateKey.getECPrivateKey();
        } catch (Exception e) {
            throw new UnrecoverableKeyException(e.getMessage());
        }
    }

    private byte[] encrypt(byte[] bArr, String str) throws InvalidPinException, SignatureException, JCEECMException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            Cipher cipher = Cipher.getInstance(PKCS1Signature.RSA_CIPHER);
            cipher.init(1, derivePrivateKey);
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new InvalidPinException("failed to sign data", e);
        } catch (UnrecoverableKeyException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (InvalidKeySpecException e3) {
            throw new InvalidPinException("wrong pin code", e3);
        } catch (Exception e4) {
            throw new JCEECMException(e4);
        }
    }

    private boolean validate(java.security.PrivateKey privateKey, PublicKey publicKey) {
        try {
            SparkCipher sparkCipher = SparkCipher.getInstance("RSA/None/PKCS1Padding");
            sparkCipher.init(1, privateKey);
            byte[] bArr = new byte[8];
            new Random(System.currentTimeMillis()).nextBytes(bArr);
            sparkCipher.update(bArr);
            byte[] doFinal = sparkCipher.doFinal();
            SparkSignature sparkSignature = SparkSignature.getInstance("SHA1withRSA");
            sparkSignature.initVerify(publicKey);
            return sparkSignature.verify(doFinal);
        } catch (Exception e) {
            return false;
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] decrypt(byte[] bArr, String str) throws InvalidPinException, JCEECMException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            SparkCipher sparkCipher = this.publicKeyAlgorithm.equalsIgnoreCase("SM2") ? SparkCipher.getInstance("SM2") : SparkCipher.getInstance("RSA/None/PKCS1Padding");
            sparkCipher.init(2, derivePrivateKey);
            sparkCipher.update(bArr);
            return sparkCipher.doFinal();
        } catch (UnrecoverableKeyException e) {
            throw new InvalidPinException("wrong pin code", e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (Exception e3) {
            throw new JCEECMException("解密数据失败，错误原因：" + e3.getMessage(), e3);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] decryptEnvelopedPrivateKey(String str, ASN1Sequence aSN1Sequence, String str2) throws InvalidPinException, JCEECMException {
        return decryptEnvelopedPrivateKeyImpl(str, aSN1Sequence, str2);
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] decryptEnvelopedPrivateKey(String str, byte[] bArr, String str2) throws InvalidPinException, JCEECMException {
        try {
            return decryptEnvelopedPrivateKeyImpl(str, ASN1Sequence.getInstance(bArr), str2);
        } catch (Exception e) {
            return decryptEnvelopedPrivateKeyImpl(str, bArr, str2);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] digestSign(byte[] bArr, String str, String str2) throws InvalidPinException, JCEECMException, SignatureException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str2);
            if (this.publicKeyAlgorithm.equals("RSA")) {
                throw new Exception("ras digest sign not support now");
            }
            SparkSignature sparkSignature = SparkSignature.getInstance("ECDSASM2withSM3");
            sparkSignature.initSign(derivePrivateKey);
            sparkSignature.update(bArr);
            return sparkSignature.digestSign();
        } catch (InvalidKeyException e) {
            throw new InvalidPinException("failed to sign data", e);
        } catch (UnrecoverableKeyException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (InvalidKeySpecException e3) {
            throw new InvalidPinException("wrong pin code", e3);
        } catch (Exception e4) {
            throw new JCEECMException(e4);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] encrypt(byte[] bArr, String str, String str2) throws InvalidPinException, JCEECMException {
        SparkCipher sparkCipher;
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            if (this.publicKeyAlgorithm.equalsIgnoreCase("SM2")) {
                sparkCipher = SparkCipher.getInstance("SM2");
            } else {
                if (str2 == null) {
                    str2 = "RSA/None/PKCS1Padding";
                }
                sparkCipher = SparkCipher.getInstance(str2);
            }
            sparkCipher.init(1, derivePrivateKey);
            sparkCipher.update(bArr);
            return sparkCipher.doFinal();
        } catch (UnrecoverableKeyException e) {
            throw new InvalidPinException("wrong pin code", e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (Exception e3) {
            throw new JCEECMException("加密数据失败，错误原因：" + e3.getMessage(), e3);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] envelopeOpen(byte[] bArr, String str) throws InvalidPinException, JCEECMException {
        try {
            return new EnvelopedDataGenerator().envelopeOpen(bArr, derivePrivateKey(str));
        } catch (UnrecoverableKeyException e) {
            throw new InvalidPinException("wrong pin code", e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (Exception e3) {
            throw new JCEECMException("解密数据失败，错误原因：" + e3.getMessage(), e3);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public String getAlgorithm() {
        return this.publicKeyAlgorithm;
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public AlgorithmIdentifier getAlgorithmIdentifier() {
        return this.sigAlgorithmIdentifier;
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public String getKeyID() {
        return this.keyID;
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public String getLastUpdateTime() {
        return this.lastUpdateTime;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPrivateKey() {
        return this.ppPrivateKey;
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public boolean hasPinUpdated() {
        return this.isPinUpdate;
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] pkcs7Sign(byte[] bArr, boolean z, String str, java.security.cert.X509Certificate x509Certificate, List<java.security.cert.X509Certificate> list) throws InvalidPinException, JCEECMException, SignatureException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            PKCS7Signature pKCS7Signature = new PKCS7Signature();
            pKCS7Signature.initSign(derivePrivateKey);
            pKCS7Signature.addSigner(x509Certificate);
            pKCS7Signature.addCertificates(list);
            pKCS7Signature.update(bArr);
            return pKCS7Signature.sign();
        } catch (Exception e) {
            throw new SignatureException("failed to sign pkcs7, cause:" + e.getMessage());
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public byte[] sign(byte[] bArr, String str) throws InvalidPinException, SignatureException, JCEECMException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            if (this.publicKeyAlgorithm.equals("RSA")) {
                SparkSignature sparkSignature = SparkSignature.getInstance("SHA1withRSA");
                sparkSignature.initSign(derivePrivateKey);
                sparkSignature.update(bArr);
                return sparkSignature.sign();
            }
            SparkSignature sparkSignature2 = SparkSignature.getInstance("ECDSASM2withSM3");
            sparkSignature2.initSign(derivePrivateKey);
            sparkSignature2.update(bArr);
            return sparkSignature2.sign(this.publicKey);
        } catch (InvalidKeyException e) {
            throw new InvalidPinException("failed to sign data", e);
        } catch (UnrecoverableKeyException e2) {
            throw new InvalidPinException("wrong pin code", e2);
        } catch (InvalidKeySpecException e3) {
            throw new InvalidPinException("wrong pin code", e3);
        } catch (Exception e4) {
            throw new JCEECMException(e4);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public void updatePin(String str, String str2) throws InvalidPinException, JCEECMException {
        try {
            java.security.PrivateKey derivePrivateKey = derivePrivateKey(str);
            PKCS5PBES2 pkcs5pbes2 = new PKCS5PBES2();
            this.isPinUpdate = true;
            if (getAlgorithm().equals("SM2")) {
                this.ppPrivateKey = StringConverter.toHexadecimal(pkcs5pbes2.encrypt(new SM2BCPrivateKey((BCECPrivateKey) derivePrivateKey, this.publicKey).getEncoded(), str2.toCharArray()));
            } else {
                this.ppPrivateKey = StringConverter.toHexadecimal(pkcs5pbes2.encrypt(derivePrivateKey.getEncoded(), str2.toCharArray()));
            }
            this.lastUpdateTime = DateFormatUtil.format(new Date());
        } catch (UnrecoverableKeyException e) {
            throw new InvalidPinException("wrong pin code:" + str, e);
        } catch (InvalidKeySpecException e2) {
            throw new InvalidPinException("wrong pin code:" + str, e2);
        } catch (Exception e3) {
            throw new JCEECMException("failed to update pin", e3);
        }
    }

    @Override // cn.com.syan.jcee.cm.impl.IPrivateKey
    public boolean verifyPin(String str) {
        try {
            derivePrivateKey(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
