package com.citicbank.baselib.crypto.util;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.x509.certificate.X509Cert;
import com.citicbank.baselib.crypto.algorithm.SM2;
import com.citicbank.baselib.crypto.exception.CipherUtilException;
import com.citicbank.baselib.crypto.processor.CSMPCryptoProcessor;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Random;
import java.util.StringTokenizer;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.cert.ocsp.RespID;
import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;

/* loaded from: input_file:com/citicbank/baselib/crypto/util/CryptUtil.class */
public class CryptUtil {
    public static KeyPair generateKeyPair(String str, String str2, String str3) {
        KeyPair keyPair = null;
        try {
            if ("SM2".equalsIgnoreCase(str)) {
                keyPair = SM2.generateKeyPair();
            } else {
                KeyPairGenerator keyPairGenerator = str3 != null ? KeyPairGenerator.getInstance(str, str3) : KeyPairGenerator.getInstance(str);
                keyPairGenerator.initialize(Integer.valueOf(str2).intValue());
                keyPair = keyPairGenerator.generateKeyPair();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return keyPair;
    }

    public static SecretKey generateKey(String str, String str2, String str3) {
        Object obj = null;
        try {
            if (CSMPCryptoProcessor.ALG_SM4.equalsIgnoreCase(str)) {
                obj = new BCSoftLib().generateKey(new Mechanism(CSMPCryptoProcessor.ALG_SM4));
            } else {
                KeyGenerator keyGenerator = str3 != null ? KeyGenerator.getInstance(str, str3) : KeyGenerator.getInstance(str);
                keyGenerator.init(Integer.valueOf(str2).intValue());
                obj = keyGenerator.generateKey();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return (SecretKey) obj;
    }

    public static X509Certificate generateSelfSignedCertificate(KeyPair keyPair, String str, byte[] bArr, String str2, String str3, String str4) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.reset();
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(bArr));
        StringBuffer stringBuffer = new StringBuffer();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        if (stringTokenizer.hasMoreElements()) {
            stringBuffer.append(stringTokenizer.nextElement());
        }
        while (stringTokenizer.hasMoreElements()) {
            stringBuffer.insert(0, ",");
            stringBuffer.insert(0, stringTokenizer.nextElement());
        }
        x509V3CertificateGenerator.setIssuerDN(new X509Name(stringBuffer.toString()));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + (86400000 * Integer.valueOf(str3).intValue())));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(stringBuffer.toString()));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm(str2);
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic()));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(184));
        X509Certificate generate = str4 != null ? x509V3CertificateGenerator.generate(keyPair.getPrivate(), str4, new SecureRandom()) : x509V3CertificateGenerator.generate(keyPair.getPrivate(), new SecureRandom());
        generate.checkValidity(new Date());
        generate.verify(keyPair.getPublic());
        ((PKCS12BagAttributeCarrier) generate).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("CITIC"));
        return generateX509Certificate(generate.getEncoded());
    }

    public static PKCS10CertificationRequest generatePKCS10CertificateRequest(KeyPair keyPair, String str, String str2, String str3) throws Exception {
        return str3 != null ? new PKCS10CertificationRequest(str2, new X509Name(str), keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate(), str3) : new PKCS10CertificationRequest(str2, new X509Name(str), keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate());
    }

    public static PKCS10CertificationRequest generatePKCS10CertificateRequest(byte[] bArr) throws Exception {
        return new PKCS10CertificationRequest(bArr);
    }

    public static X509Certificate generateX509Certificate(String str, PKCS10CertificationRequest pKCS10CertificationRequest, X509Certificate x509Certificate, PrivateKey privateKey, String str2, int i, String str3) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.reset();
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(str2));
        StringBuffer stringBuffer = new StringBuffer();
        StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectDN().getName().toString(), ",");
        if (true == stringTokenizer.hasMoreElements()) {
            stringBuffer.append(stringTokenizer.nextElement());
        }
        while (true == stringTokenizer.hasMoreElements()) {
            stringBuffer.insert(0, ",");
            stringBuffer.insert(0, stringTokenizer.nextElement());
        }
        x509V3CertificateGenerator.setIssuerDN(new X509Name(stringBuffer.toString()));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + (86400000 * i)));
        if (str == null) {
            x509V3CertificateGenerator.setSubjectDN(new X509Name(pKCS10CertificationRequest.getCertificationRequestInfo().getSubject().toString()));
        } else {
            StringBuffer stringBuffer2 = new StringBuffer();
            StringTokenizer stringTokenizer2 = new StringTokenizer(str, ",");
            if (stringTokenizer2.hasMoreElements()) {
                stringBuffer2.append(stringTokenizer2.nextElement());
            }
            while (stringTokenizer2.hasMoreElements()) {
                stringBuffer2.insert(0, ",");
                stringBuffer2.insert(0, stringTokenizer2.nextElement());
            }
            x509V3CertificateGenerator.setSubjectDN(new X509Name(stringBuffer2.toString()));
        }
        x509V3CertificateGenerator.setPublicKey(pKCS10CertificationRequest.getPublicKey());
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        X509Certificate generate = str3 != null ? x509V3CertificateGenerator.generate(privateKey, str3, new SecureRandom()) : x509V3CertificateGenerator.generate(privateKey, new SecureRandom());
        generate.checkValidity(new Date());
        generate.verify(x509Certificate.getPublicKey());
        ((PKCS12BagAttributeCarrier) generate).setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("reserving ..."));
        return generateX509Certificate(generate.getEncoded());
    }

    public static PublicKey generatePublicKey(byte[] bArr, String str) throws Exception {
        return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static PrivateKey generatePrivateKey(byte[] bArr, String str) throws Exception {
        PrivateKey privateKey = null;
        if ("RSA".equalsIgnoreCase(str)) {
            privateKey = KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } else if ("SM2".equalsIgnoreCase(str)) {
            privateKey = SM2.generatePrivateKey(bArr);
        }
        return privateKey;
    }

    public static PrivateKey generatePrivateKey(InputStream inputStream, String str) throws Exception {
        PrivateKey privateKey = null;
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr = new byte[2048];
                while (inputStream.read(bArr) > 0) {
                    byteArrayOutputStream.write(bArr);
                }
                privateKey = generatePrivateKey(byteArrayOutputStream.toByteArray(), str);
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return privateKey;
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [java.security.cert.X509Certificate] */
    public static X509Certificate generateX509Certificate(byte[] bArr) throws Exception {
        com.citicbank.baselib.crypto.protocol.X509Certificate x509Certificate = null;
        if (bArr == null) {
            throw new Exception("generateX509Certificate parameter derX509Crt is null");
        }
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            X509Cert x509Cert = new X509Cert(bArr);
            String signatureAlgName = x509Cert.getSignatureAlgName();
            if (signatureAlgName.indexOf("RSA") > 0) {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            } else if (signatureAlgName.indexOf("SM2") > 0) {
                x509Certificate = new com.citicbank.baselib.crypto.protocol.X509Certificate(x509Cert);
            }
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e) {
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static X509Certificate generateX509Certificate(InputStream inputStream) throws Exception {
        X509Certificate x509Certificate = null;
        if (inputStream == null) {
            throw new Exception("generateX509Certificate parameter isX509Crt is null");
        }
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr = new byte[4096];
                while (inputStream.read(bArr) > 0) {
                    byteArrayOutputStream.write(bArr);
                }
                x509Certificate = generateX509Certificate(byteArrayOutputStream.toByteArray());
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e3) {
                    }
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (Exception e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static byte[] generatePKCS12(Certificate[] certificateArr, PrivateKey privateKey, String str, char[] cArr, char[] cArr2, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", str2);
        keyStore.load(null, null);
        if (privateKey == null) {
            keyStore.setCertificateEntry(str, certificateArr[0]);
        } else {
            keyStore.setKeyEntry(str, privateKey, cArr, certificateArr);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr2);
        return byteArrayOutputStream.toByteArray();
    }

    public static byte[] generateJKS(Certificate[] certificateArr, PrivateKey privateKey, String str, char[] cArr, char[] cArr2, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        if (privateKey == null) {
            keyStore.setCertificateEntry(str, certificateArr[0]);
        } else {
            for (int i = 0; i < certificateArr.length; i++) {
                System.out.println("chain[" + i + "] [" + ((X509Certificate) certificateArr[i]).getSubjectDN().getName() + "]");
            }
            keyStore.setKeyEntry(str, privateKey, cArr, certificateArr);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, cArr2);
        return byteArrayOutputStream.toByteArray();
    }

    public static KeyStore generatePKCS12(byte[] bArr, char[] cArr, String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", str2);
        keyStore.load(new ByteArrayInputStream(bArr), cArr);
        return keyStore;
    }

    public static KeyStore generateJKS(byte[] bArr, char[] cArr, String str, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new ByteArrayInputStream(bArr), cArr);
        return keyStore;
    }

    public static OCSPReq generateOCSPRequest(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509CertificateHolder[] x509CertificateHolderArr, PrivateKey privateKey, String str, boolean z, String str2) throws Exception {
        OCSPReqBuilder oCSPReqBuilder = new OCSPReqBuilder();
        oCSPReqBuilder.addRequest(new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(x509Certificate2), x509Certificate.getSerialNumber()));
        if (str != null) {
            oCSPReqBuilder.setRequestorName(new GeneralName(4, new X500Name(str)));
        }
        if (z) {
            byte[] bArr = new byte[16];
            new Random().nextBytes(bArr);
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(bArr));
            oCSPReqBuilder.setRequestExtensions(extensionsGenerator.generate());
        }
        return privateKey != null ? oCSPReqBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509CertificateHolderArr) : oCSPReqBuilder.build();
    }

    public static OCSPReq generateOCSPRequest(byte[] bArr) throws Exception {
        return new OCSPReq(bArr);
    }

    public static OCSPResp generateOCSPResponse(int i, CertificateID certificateID, CertificateStatus certificateStatus, X509CertificateHolder[] x509CertificateHolderArr, PrivateKey privateKey, PublicKey publicKey, String str) throws Exception {
        JcaBasicOCSPRespBuilder jcaBasicOCSPRespBuilder = new JcaBasicOCSPRespBuilder(publicKey, new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(RespID.HASH_SHA1));
        jcaBasicOCSPRespBuilder.addResponse(certificateID, CertificateStatus.GOOD);
        return new OCSPRespBuilder().build(0, jcaBasicOCSPRespBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey), x509CertificateHolderArr, new Date()));
    }

    public static OCSPResp generateOCSPResponse(byte[] bArr) throws Exception {
        return new OCSPResp(bArr);
    }

    public static X509CRL generateX509CRL(byte[] bArr) throws CRLException {
        X509CRL x509crl = null;
        ByteArrayInputStream byteArrayInputStream = null;
        if (bArr != null) {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    byteArrayInputStream = new ByteArrayInputStream(bArr);
                    x509crl = (X509CRL) certificateFactory.generateCRL(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e2) {
                            throw th;
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                e3.printStackTrace();
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e4) {
                    }
                }
            }
        }
        return x509crl;
    }

    public static boolean checkValidity(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        boolean z = false;
        try {
            x509Certificate.checkValidity(new Date());
            x509Certificate.verify(x509Certificate2.getPublicKey());
            z = true;
        } catch (CertificateExpiredException e) {
            System.out.println("Expired");
        } catch (CertificateNotYetValidException e2) {
            System.out.println("Too early");
        } catch (Exception e3) {
            System.out.println("not valid");
        }
        return z;
    }

    public static byte[] digest(byte[] bArr, String str) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance(str, "BC");
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public static byte[] encryptPrivateKey(PrivateKey privateKey, char[] cArr) throws CipherUtilException {
        if (privateKey == null || cArr == null) {
            throw new CipherUtilException("encryptPrivateKey parameter is null");
        }
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                byte[] bArr = new byte[8];
                new Random().nextBytes(bArr);
                String str = cArr.length < 8 ? "PBEWithSHAAndTwofish-CBC" : "PBEWithMD5AndDES";
                SecretKey generateSecret = SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr));
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 1000);
                Cipher cipher = Cipher.getInstance(str);
                cipher.init(1, generateSecret, pBEParameterSpec);
                byte[] doFinal = cipher.doFinal("SM2".equalsIgnoreCase(privateKey.getAlgorithm()) ? ((SM2PrivateKey) privateKey).getDByBytesWithPublicKey() : privateKey.getEncoded());
                byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bytes = privateKey.getAlgorithm().getBytes();
                byteArrayOutputStream.write((byte) bytes.length);
                byteArrayOutputStream.write(bytes);
                byteArrayOutputStream.write(bArr);
                byteArrayOutputStream.write(doFinal);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Exception e) {
                    }
                }
                return byteArray;
            } catch (Exception e2) {
                throw new CipherUtilException("口令加密私钥失败", e2);
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (Exception e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static PrivateKey decryptPrivateKey(byte[] bArr, char[] cArr) throws CipherUtilException {
        return decryptPrivateKey(new ByteArrayInputStream(bArr), cArr);
    }

    public static PrivateKey decryptPrivateKey(InputStream inputStream, char[] cArr) throws CipherUtilException {
        try {
            try {
                byte[] bArr = new byte[8];
                int available = inputStream.available();
                inputStream.read(bArr, 0, 1);
                int i = bArr[0];
                byte[] bArr2 = new byte[i];
                inputStream.read(bArr2, 0, i);
                inputStream.read(bArr, 0, 8);
                byte[] bArr3 = new byte[((available - 8) - 1) - i];
                inputStream.read(bArr3, 0, ((available - 8) - 1) - i);
                String str = cArr.length < 8 ? "PBEWithSHAAndTwofish-CBC" : "PBEWithMD5AndDES";
                SecretKey generateSecret = SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr));
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 1000);
                Cipher cipher = Cipher.getInstance(str);
                cipher.init(2, generateSecret, pBEParameterSpec);
                return generatePrivateKey(cipher.doFinal(bArr3), new String(bArr2));
            } catch (Exception e) {
                throw new CipherUtilException("使用基于口令的加密方法解密私钥失败", e);
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e2) {
                }
            }
        }
    }

    public static void encrypt(String str, String str2, PublicKey publicKey, String str3) throws Exception {
        if (str == null || str.equals("") || str2 == null || str2.equals("")) {
            return;
        }
        boolean z = false;
        if (str.equals(str2)) {
            str2 = "~.tmp";
            z = true;
        }
        FileInputStream fileInputStream = null;
        CipherOutputStream cipherOutputStream = null;
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(new FileOutputStream(str2));
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str3);
            cipher.init(1, publicKey);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("Rijndael", str3);
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            byte[] doFinal = cipher.doFinal(generateKey.getEncoded());
            dataOutputStream.writeInt(doFinal.length);
            dataOutputStream.write(doFinal);
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            dataOutputStream.write(bArr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            Cipher cipher2 = Cipher.getInstance("Rijndael/CBC/PKCS5Padding", str3);
            cipher2.init(1, generateKey, ivParameterSpec);
            cipherOutputStream = new CipherOutputStream(dataOutputStream, cipher2);
            fileInputStream = new FileInputStream(str);
            while (true) {
                int read = fileInputStream.read();
                if (read == -1) {
                    break;
                } else {
                    cipherOutputStream.write(read);
                }
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e) {
                    if (cipherOutputStream != null) {
                        try {
                            cipherOutputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (cipherOutputStream != null) {
                        try {
                            cipherOutputStream.close();
                        } catch (Exception e3) {
                            throw th;
                        }
                    }
                    throw th;
                }
            }
            if (cipherOutputStream != null) {
                try {
                    cipherOutputStream.close();
                } catch (Exception e4) {
                }
            }
            if (z) {
                new File(str).delete();
                new File(str2).renameTo(new File(str));
            }
        } catch (Throwable th2) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e5) {
                    if (cipherOutputStream != null) {
                        try {
                            cipherOutputStream.close();
                        } catch (Exception e6) {
                            throw th2;
                        }
                    }
                    throw th2;
                } catch (Throwable th3) {
                    if (cipherOutputStream != null) {
                        try {
                            cipherOutputStream.close();
                        } catch (Exception e7) {
                            throw th3;
                        }
                    }
                    throw th3;
                }
            }
            if (cipherOutputStream != null) {
                try {
                    cipherOutputStream.close();
                } catch (Exception e8) {
                    throw th2;
                }
            }
            throw th2;
        }
    }

    public static byte[] encrypt(byte[] bArr, PublicKey publicKey, String str) throws Exception {
        CipherOutputStream cipherOutputStream = null;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str);
            cipher.init(1, publicKey);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("Rijndael", str);
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            byte[] doFinal = cipher.doFinal(generateKey.getEncoded());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeInt(doFinal.length);
            dataOutputStream.write(doFinal);
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            dataOutputStream.write(bArr2);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            Cipher cipher2 = Cipher.getInstance("Rijndael/CBC/PKCS5Padding", str);
            cipher2.init(1, generateKey, ivParameterSpec);
            cipherOutputStream = new CipherOutputStream(dataOutputStream, cipher2);
            cipherOutputStream.write(bArr);
            if (cipherOutputStream != null) {
                try {
                    cipherOutputStream.close();
                } catch (Exception e) {
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            if (cipherOutputStream != null) {
                try {
                    cipherOutputStream.close();
                } catch (Exception e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static void decrypt(String str, String str2, PrivateKey privateKey, String str3) throws Exception {
        if (str == null || str.equals("") || str2 == null || str2.equals("")) {
            return;
        }
        boolean z = false;
        if (str.equals(str2)) {
            str2 = "~.tmp";
            z = true;
        }
        CipherInputStream cipherInputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str3);
            cipher.init(2, privateKey);
            DataInputStream dataInputStream = new DataInputStream(new FileInputStream(str));
            byte[] bArr = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(bArr), "Rijndael");
            byte[] bArr2 = new byte[16];
            dataInputStream.read(bArr2);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            Cipher cipher2 = Cipher.getInstance("Rijndael/CBC/PKCS5Padding", str3);
            cipher2.init(2, secretKeySpec, ivParameterSpec);
            cipherInputStream = new CipherInputStream(dataInputStream, cipher2);
            fileOutputStream = new FileOutputStream(str2);
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                } else {
                    fileOutputStream.write(read);
                }
            }
            if (cipherInputStream != null) {
                try {
                    cipherInputStream.close();
                } catch (Exception e) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e3) {
                            throw th;
                        }
                    }
                    throw th;
                }
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e4) {
                }
            }
            if (z) {
                new File(str).delete();
                new File(str2).renameTo(new File(str));
            }
        } catch (Throwable th2) {
            if (cipherInputStream != null) {
                try {
                    cipherInputStream.close();
                } catch (Exception e5) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e6) {
                            throw th2;
                        }
                    }
                    throw th2;
                } catch (Throwable th3) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e7) {
                            throw th3;
                        }
                    }
                    throw th3;
                }
            }
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e8) {
                    throw th2;
                }
            }
            throw th2;
        }
    }

    public static byte[] decrypt(byte[] bArr, PrivateKey privateKey, String str) throws Exception {
        CipherInputStream cipherInputStream = null;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str);
            cipher.init(2, privateKey);
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(bArr2), "Rijndael");
            byte[] bArr3 = new byte[16];
            dataInputStream.read(bArr3);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            Cipher cipher2 = Cipher.getInstance("Rijndael/CBC/PKCS5Padding", str);
            cipher2.init(2, secretKeySpec, ivParameterSpec);
            cipherInputStream = new CipherInputStream(dataInputStream, cipher2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = cipherInputStream.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
            }
            if (cipherInputStream != null) {
                try {
                    cipherInputStream.close();
                } catch (Exception e) {
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            if (cipherInputStream != null) {
                try {
                    cipherInputStream.close();
                } catch (Exception e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static byte[] digest(byte[] bArr, String str, String str2) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance(str, str2);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey, String str, boolean z, String str2) throws Exception {
        Signature signature = Signature.getInstance(str, str2);
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        if (!z) {
            return sign;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeInt(str.length());
        dataOutputStream.write(str.getBytes());
        dataOutputStream.writeInt(sign.length);
        dataOutputStream.write(sign);
        dataOutputStream.writeInt(bArr.length);
        dataOutputStream.write(bArr);
        dataOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static boolean verify(byte[] bArr, PublicKey publicKey, String str) throws Exception {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        byte[] bArr2 = new byte[dataInputStream.readInt()];
        dataInputStream.readFully(bArr2);
        byte[] bArr3 = new byte[dataInputStream.readInt()];
        dataInputStream.readFully(bArr3);
        byte[] bArr4 = new byte[dataInputStream.readInt()];
        dataInputStream.readFully(bArr4);
        return verify(bArr4, bArr3, publicKey, new String(bArr2), str);
    }

    public static boolean verify(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str, String str2) throws Exception {
        Signature signature = Signature.getInstance(str, str2);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public static byte[] getCertFromRSAPfx(byte[] bArr, char[] cArr) throws Exception {
        KeyStore loadFromStore = StoreUtil.loadFromStore(bArr, cArr, "PKCS12", "BC");
        String str = null;
        Enumeration<String> aliases = loadFromStore.aliases();
        if (aliases.hasMoreElements()) {
            str = aliases.nextElement();
        }
        return loadFromStore.getCertificate(str).getEncoded();
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
