package code.ponfee.commons.jce.security;

import code.ponfee.commons.io.Closeables;
import code.ponfee.commons.jce.Providers;
import code.ponfee.commons.jce.RSACipherPaddings;
import code.ponfee.commons.jce.RSASignAlgorithms;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;

/* loaded from: input_file:code/ponfee/commons/jce/security/RSACryptor.class */
public final class RSACryptor {
    static final String ALG_RSA = "RSA";

    /* loaded from: input_file:code/ponfee/commons/jce/security/RSACryptor$RSAKeyPair.class */
    public static final class RSAKeyPair implements Serializable {
        private static final long serialVersionUID = -1592700389671199076L;
        private final RSAPrivateKey privateKey;
        private final RSAPublicKey publicKey;

        private RSAKeyPair(RSAPrivateKey rSAPrivateKey, RSAPublicKey rSAPublicKey) {
            this.privateKey = rSAPrivateKey;
            this.publicKey = rSAPublicKey;
        }

        public RSAPrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public RSAPublicKey getPublicKey() {
            return this.publicKey;
        }

        public String toPkcs8PrivateKey() {
            return RSAPrivateKeys.toPkcs8(this.privateKey);
        }

        public String toPkcs1PrivateKey() {
            return RSAPrivateKeys.toPkcs1(this.privateKey);
        }

        public String toPkcs8PublicKey() {
            return RSAPublicKeys.toPkcs8(this.publicKey);
        }

        public String toPkcs1PublicKey() {
            return RSAPublicKeys.toPkcs1(this.publicKey);
        }
    }

    private RSACryptor() {
    }

    public static RSAKeyPair generateKeyPair() {
        return generateKeyPair(1024);
    }

    public static RSAKeyPair generateKeyPair(int i) {
        KeyPairGenerator keyPairGenerator = Providers.getKeyPairGenerator(ALG_RSA);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new RSAKeyPair((RSAPrivateKey) generateKeyPair.getPrivate(), (RSAPublicKey) generateKeyPair.getPublic());
    }

    public static byte[] signMd5(byte[] bArr, RSAPrivateKey rSAPrivateKey) {
        return sign(bArr, rSAPrivateKey, RSASignAlgorithms.MD5withRSA);
    }

    public static byte[] signSha1(byte[] bArr, RSAPrivateKey rSAPrivateKey) {
        return sign(bArr, rSAPrivateKey, RSASignAlgorithms.SHA1withRSA);
    }

    public static byte[] signSha256(byte[] bArr, RSAPrivateKey rSAPrivateKey) {
        return sign(bArr, rSAPrivateKey, RSASignAlgorithms.SHA256withRSA);
    }

    public static boolean verifyMd5(byte[] bArr, RSAPublicKey rSAPublicKey, byte[] bArr2) {
        return verify(bArr, rSAPublicKey, bArr2, RSASignAlgorithms.MD5withRSA);
    }

    public static boolean verifySha1(byte[] bArr, RSAPublicKey rSAPublicKey, byte[] bArr2) {
        return verify(bArr, rSAPublicKey, bArr2, RSASignAlgorithms.SHA1withRSA);
    }

    public static boolean verifySha256(byte[] bArr, RSAPublicKey rSAPublicKey, byte[] bArr2) {
        return verify(bArr, rSAPublicKey, bArr2, RSASignAlgorithms.SHA256withRSA);
    }

    public static <T extends Key & RSAKey> byte[] encrypt(byte[] bArr, T t) {
        return docrypt(bArr, t, 1, true);
    }

    public static <T extends Key & RSAKey> byte[] encryptNoPadding(byte[] bArr, T t) {
        return docrypt(bArr, t, 1, false);
    }

    public static <T extends Key & RSAKey> void encrypt(InputStream inputStream, T t, OutputStream outputStream) {
        docrypt(inputStream, t, outputStream, 1, true);
    }

    public static <T extends Key & RSAKey> void encryptNoPadding(InputStream inputStream, T t, OutputStream outputStream) {
        docrypt(inputStream, t, outputStream, 1, false);
    }

    public static <T extends Key & RSAKey> byte[] decrypt(byte[] bArr, T t) {
        return docrypt(bArr, t, 2, true);
    }

    public static <T extends Key & RSAKey> byte[] decryptNoPadding(byte[] bArr, T t) {
        return docrypt(bArr, t, 2, false);
    }

    public static <T extends Key & RSAKey> void decrypt(InputStream inputStream, T t, OutputStream outputStream) {
        docrypt(inputStream, t, outputStream, 2, true);
    }

    public static <T extends Key & RSAKey> void decryptNoPadding(InputStream inputStream, T t, OutputStream outputStream) {
        docrypt(inputStream, t, outputStream, 2, false);
    }

    private static <T extends Key & RSAKey> int getBlockSize(int i, T t) {
        return i == 1 ? (t.getModulus().bitLength() / 8) - 11 : t.getModulus().bitLength() / 8;
    }

    private static <T extends Key & RSAKey> void docrypt(InputStream inputStream, T t, OutputStream outputStream, int i, boolean z) {
        Cipher cipher = Providers.getCipher(t.getAlgorithm() + (z ? RSACipherPaddings.ECB_PKCS1PADDING.transform() : RSACipherPaddings.NONE_NOPADDING.transform()));
        try {
            try {
                cipher.init(i, t);
                byte[] bArr = new byte[getBlockSize(i, t)];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        outputStream.flush();
                        Closeables.console(inputStream);
                        return;
                    }
                    outputStream.write(cipher.doFinal(bArr, 0, read));
                }
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        } catch (Throwable th) {
            Closeables.console(inputStream);
            throw th;
        }
    }

    private static <T extends Key & RSAKey> byte[] docrypt(byte[] bArr, T t, int i, boolean z) {
        int blockSize = getBlockSize(i, t);
        Cipher cipher = Providers.getCipher(t.getAlgorithm() + (z ? RSACipherPaddings.ECB_PKCS1PADDING.transform() : RSACipherPaddings.NONE_NOPADDING.transform()));
        try {
            cipher.init(i, t);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
            int length = bArr.length;
            for (int i2 = 0; i2 < length; i2 += blockSize) {
                byte[] doFinal = cipher.doFinal(bArr, i2, Math.min(blockSize, length - i2));
                byteArrayOutputStream.write(doFinal, 0, doFinal.length);
            }
            byteArrayOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static byte[] sign(byte[] bArr, RSAPrivateKey rSAPrivateKey, RSASignAlgorithms rSASignAlgorithms) {
        Signature signature = Providers.getSignature(rSASignAlgorithms.name());
        try {
            signature.initSign(rSAPrivateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | SignatureException e) {
            throw new SecurityException(e);
        }
    }

    private static boolean verify(byte[] bArr, RSAPublicKey rSAPublicKey, byte[] bArr2, RSASignAlgorithms rSASignAlgorithms) {
        Signature signature = Providers.getSignature(rSASignAlgorithms.name());
        try {
            signature.initVerify(rSAPublicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | SignatureException e) {
            throw new SecurityException(e);
        }
    }
}
