package com.citic.olp.sdk.security;

import com.citic.olp.sdk.SDKConfig;
import com.citic.olp.sdk.util.ByteUtil;
import com.citic.olp.sdk.util.PasswordUtil;
import com.lsy.baselib.crypto.algorithm.DESede;
import com.lsy.baselib.crypto.algorithm.RSA;
import com.lsy.baselib.crypto.protocol.PKCS7Signature;
import com.lsy.baselib.crypto.util.Base64;
import com.lsy.baselib.crypto.util.CryptUtil;
import com.lsy.baselib.crypto.util.FileUtil;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:com/citic/olp/sdk/security/SecurityService.class */
public class SecurityService {
    private X509Certificate myCert = null;
    private X509Certificate remoteCert = null;
    private PrivateKey myPrivateKey = null;

    public SecurityService() throws Exception {
        init(SDKConfig.getConfig().getMyCertPath(), SDKConfig.getConfig().getMyPrivateKeyPath(), SDKConfig.getConfig().getMyPrivateKeyPwd(), SDKConfig.getConfig().getRemoteCertPath());
    }

    public SecurityService(String str, String str2, String str3, String str4) throws Exception {
        init(str, str2, str3, str4);
    }

    private void init(String str, String str2, String str3, String str4) throws Exception {
        char[] charArray = new String(PasswordUtil.decodePassword(str3)).toCharArray();
        byte[] read4file = FileUtil.read4file(str);
        byte[] read4file2 = FileUtil.read4file(str2);
        byte[] read4file3 = FileUtil.read4file(str4);
        this.myCert = CryptUtil.generateX509Certificate(Base64.decode(read4file));
        this.remoteCert = CryptUtil.generateX509Certificate(Base64.decode(read4file3));
        this.myPrivateKey = CryptUtil.decryptPrivateKey(Base64.decode(read4file2), charArray);
    }

    public byte[] signAndEncryptMsg(byte[] bArr) throws Exception {
        byte[] linkByteArrays = ByteUtil.linkByteArrays(("<signature>" + new String(Base64.encode(PKCS7Signature.sign(bArr, this.myPrivateKey, this.myCert, (X509Certificate[]) null, false))) + "</signature>").getBytes(), bArr);
        byte[] createKey = DESede.createKey(DESede.DESEDE_KEY_168_BIT);
        return ByteUtil.linkByteArrays("<sessionkey>".getBytes(), Base64.encode(RSA.encrypt(createKey, this.remoteCert.getPublicKey().getEncoded())), "</sessionkey>".getBytes(), DESede.encrypt(linkByteArrays, createKey, new byte[8]));
    }

    public List<byte[]> encryptMsg(byte[] bArr) throws Exception {
        byte[] createKey = DESede.createKey(DESede.DESEDE_KEY_168_BIT);
        byte[] encode = Base64.encode(DESede.encrypt(bArr, createKey, new byte[8]));
        byte[] encode2 = Base64.encode(RSA.encrypt(createKey, this.remoteCert.getPublicKey().getEncoded()));
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(encode);
        arrayList.add(encode2);
        return arrayList;
    }

    public byte[] decryptMsg(byte[] bArr, byte[] bArr2) throws Exception {
        return DESede.decrypt(Base64.decode(bArr), RSA.decrypt(Base64.decode(bArr2), this.myPrivateKey.getEncoded()), new byte[8]);
    }

    public byte[] decryptAndVerifySign(byte[] bArr) throws Exception {
        int indexOf = ByteUtil.indexOf(bArr, "<sessionkey>".getBytes(), 0);
        if (indexOf == -1) {
            throw new Exception("can't search opentag");
        }
        int indexOf2 = ByteUtil.indexOf(bArr, "</sessionkey>".getBytes(), indexOf + "<sessionkey>".length());
        if (indexOf2 == -1) {
            throw new Exception("can't search closetag");
        }
        byte[] bArr2 = new byte[(indexOf2 - indexOf) - "<sessionkey>".length()];
        System.arraycopy(bArr, indexOf + "<sessionkey>".length(), bArr2, 0, (indexOf2 - indexOf) - "<sessionkey>".length());
        String str = new String(bArr2);
        byte[] bArr3 = new byte[(bArr.length - indexOf2) - "</sessionkey>".length()];
        System.arraycopy(bArr, indexOf2 + "</sessionkey>".length(), bArr3, 0, (bArr.length - indexOf2) - "</sessionkey>".length());
        byte[] decrypt = DESede.decrypt(bArr3, RSA.decrypt(Base64.decode(str.getBytes()), this.myPrivateKey.getEncoded()), new byte[8]);
        int indexOf3 = ByteUtil.indexOf(decrypt, "<signature>".getBytes(), 0);
        if (indexOf3 == -1) {
            throw new Exception("can't search opentag");
        }
        int indexOf4 = ByteUtil.indexOf(decrypt, "</signature>".getBytes(), indexOf3 + "<signature>".length());
        if (indexOf4 == -1) {
            throw new Exception("can't search closetag");
        }
        byte[] bArr4 = new byte[(indexOf4 - indexOf3) - "<signature>".length()];
        System.arraycopy(decrypt, indexOf3 + "<signature>".length(), bArr4, 0, (indexOf4 - indexOf3) - "<signature>".length());
        byte[] bArr5 = new byte[(decrypt.length - indexOf4) - "</signature>".length()];
        System.arraycopy(decrypt, indexOf4 + "</signature>".length(), bArr5, 0, (decrypt.length - indexOf4) - "</signature>".length());
        if (PKCS7Signature.verifyDetachedSignature(bArr5, Base64.decode(bArr4), this.remoteCert.getPublicKey())) {
            return bArr5;
        }
        throw new Exception("The signature verify failed.");
    }
}
