package com.webank.weid.suite.crypto;

import com.webank.weid.constant.ErrorCode;
import com.webank.weid.exception.EncodeSuiteException;
import com.webank.weid.suite.api.crypto.inf.CryptoService;
import com.webank.weid.suite.api.crypto.params.CryptoType;
import com.webank.weid.util.DataToolUtils;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/webank/weid/suite/crypto/RsaCryptoService.class */
public class RsaCryptoService implements CryptoService {
    private static final Logger logger = LoggerFactory.getLogger(RsaCryptoService.class);
    private static final String KEY_ALGORITHM = CryptoType.RSA.name();

    @Override // com.webank.weid.suite.api.crypto.inf.CryptoService
    public String encrypt(String str, String str2) throws EncodeSuiteException {
        logger.info("begin encrypt by RSA");
        checkForEncrypt(str, str2);
        try {
            PublicKey generatePublic = KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(str2)));
            Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
            cipher.init(1, generatePublic);
            return Base64.encodeBase64String(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            logger.error("RSA encrypt error, please check the log.", e);
            throw new EncodeSuiteException();
        }
    }

    private void checkForEncrypt(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input content is null.");
        }
        if (!Charset.forName(StandardCharsets.UTF_8.toString()).newEncoder().canEncode(str)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input content is not utf-8.");
        }
        if (StringUtils.isEmpty(str2)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input publicKey is null.");
        }
        if (!DataToolUtils.isValidBase64String(str2)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input publicKey is not a valid Base64 string.");
        }
    }

    @Override // com.webank.weid.suite.api.crypto.inf.CryptoService
    public String decrypt(String str, String str2) throws EncodeSuiteException {
        logger.info("begin decrypt by RSA");
        checkForDecrypt(str, str2);
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            PrivateKey generatePrivate = KeyFactory.getInstance(KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str2)));
            Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
            cipher.init(2, generatePrivate);
            return new String(cipher.doFinal(decodeBase64), StandardCharsets.UTF_8);
        } catch (Exception e) {
            logger.error("RAS decrypt error, please check the log.", e);
            throw new EncodeSuiteException();
        }
    }

    private void checkForDecrypt(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input content is null.");
        }
        if (!DataToolUtils.isValidBase64String(str)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input content is not a valid Base64 string.");
        }
        if (StringUtils.isEmpty(str2)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input privateKey is null.");
        }
        if (!DataToolUtils.isValidBase64String(str2)) {
            throw new EncodeSuiteException(ErrorCode.ILLEGAL_INPUT, "input privateKey is not a valid Base64 string.");
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
