package com.xdja.pki.itsca.oer.app;

import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA256DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4ECBEncryptUtils;
import com.xdja.pki.itsca.oer.app.bean.PKRecipientInfoType;
import com.xdja.pki.itsca.oer.app.data.KekBuilder;
import com.xdja.pki.itsca.oer.asn1.Certificate;
import com.xdja.pki.itsca.oer.asn1.CipherText;
import com.xdja.pki.itsca.oer.asn1.EciesEncryptedKey;
import com.xdja.pki.itsca.oer.asn1.EncryptedData;
import com.xdja.pki.itsca.oer.asn1.HashAlgorithm;
import com.xdja.pki.itsca.oer.asn1.HashedId8;
import com.xdja.pki.itsca.oer.asn1.HeaderInfo;
import com.xdja.pki.itsca.oer.asn1.ItsAidInt;
import com.xdja.pki.itsca.oer.asn1.PKRecipientInfo;
import com.xdja.pki.itsca.oer.asn1.Payload;
import com.xdja.pki.itsca.oer.asn1.RecipientInfo;
import com.xdja.pki.itsca.oer.asn1.SecuredMessage;
import com.xdja.pki.itsca.oer.asn1.SequenceOfCertificate;
import com.xdja.pki.itsca.oer.asn1.SequenceOfRecipientInfo;
import com.xdja.pki.itsca.oer.asn1.Signature;
import com.xdja.pki.itsca.oer.asn1.SignedData;
import com.xdja.pki.itsca.oer.asn1.SignerInfo;
import com.xdja.pki.itsca.oer.asn1.SymmetricCipherText;
import com.xdja.pki.itsca.oer.asn1.TBSData;
import com.xdja.pki.itsca.oer.asn1.Time64;
import com.xdja.pki.itsca.oer.asn1.base.Null;
import com.xdja.pki.itsca.oer.utils.ByteArrayUtils;
import com.xdja.pki.itsca.oer.utils.OERUtils;
import com.xdja.pki.itsca.oer.utils.TimeUtils;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:com/xdja/pki/itsca/oer/app/SecureMessageUtils.class */
public class SecureMessageUtils {
    public static byte[] resolveSignSecuredMessage(PublicKey publicKey, byte[] bArr, Certificate certificate) throws Exception {
        try {
            SecuredMessage securedMessage = SecuredMessage.getInstance(bArr);
            SignedData signedData = securedMessage.getPayload().getSignedData();
            if (!((null == certificate || null != publicKey) ? OERUtils.verifySecuredMessageSignatureBySelf(publicKey, securedMessage) : OERUtils.verifySecuredMessageSignatureByCert(certificate, securedMessage))) {
            }
            return signedData.getTbs().getData().getString();
        } catch (Exception e) {
            throw new Exception("解析签名消息体失败，", e);
        }
    }

    public static byte[] resolveEncSecuredMessage(int i, String str, byte[] bArr) throws Exception {
        EncryptedData encData = SecuredMessage.getInstance(bArr).getPayload().getEncData();
        PKRecipientInfo certRecipInfo = encData.getRecipients().getRecipientInfos().get(0).getCertRecipInfo();
        if (null == certRecipInfo) {
            certRecipInfo = encData.getRecipients().getRecipientInfos().get(0).getSignedDataRecipInfo();
        }
        byte[] plain = KekResolveUtils.getPlain(certRecipInfo.getKek(), new SdfPrivateKey(i, str.getBytes()));
        SymmetricCipherText cipherText = encData.getCipherText();
        return Base64.decode(null == cipherText.getSm4Ecb() ? GMSSLSM4ECBEncryptUtils.decryptByYumhsmWithPKCS7Padding(Base64.toBase64String(plain), Base64.toBase64String(cipherText.getSm4Ecb().getString())) : GMSSLSM4ECBEncryptUtils.decryptByYumhsmWithPKCS7Padding(Base64.toBase64String(plain), Base64.toBase64String(cipherText.getSm4Ecb().getString())));
    }

    public static SecuredMessage buildSignSecuredMessage(Certificate certificate, HashAlgorithm hashAlgorithm, ItsAidInt itsAidInt, int i, String str, byte[] bArr) throws Exception {
        SignerInfo signerInfo;
        SecuredMessage securedMessage = new SecuredMessage();
        SignedData signedData = new SignedData();
        if (null == certificate) {
            signerInfo = new SignerInfo(new Null());
        } else {
            SequenceOfCertificate sequenceOfCertificate = new SequenceOfCertificate();
            sequenceOfCertificate.addCertificate(certificate);
            signerInfo = new SignerInfo(sequenceOfCertificate);
        }
        TBSData tBSData = new TBSData();
        HeaderInfo headerInfo = new HeaderInfo();
        headerInfo.setItsAid(itsAidInt);
        headerInfo.setGenTime(new Time64(TimeUtils.getNowTime() * 1000));
        headerInfo.setHashAlg(hashAlgorithm);
        tBSData.setHeaderInfo(headerInfo);
        tBSData.setData(bArr);
        Signature build = SignatureBuild.build((PrivateKey) new SdfPrivateKey(i, str.getBytes()), null == certificate ? buildSignData(tBSData.getEncode(), null, hashAlgorithm) : buildSignData(tBSData.getEncode(), certificate, hashAlgorithm));
        signedData.setSignerInfo(signerInfo);
        signedData.setTbs(tBSData);
        signedData.setSign(build);
        securedMessage.setPayload(new Payload(signedData));
        return securedMessage;
    }

    public static SecuredMessage buildEncSecuredMessage(PublicKey publicKey, byte[] bArr, HashedId8 hashedId8, HashAlgorithm hashAlgorithm, PKRecipientInfoType pKRecipientInfoType) throws Exception {
        SecuredMessage securedMessage = new SecuredMessage();
        EncryptedData encryptedData = new EncryptedData();
        SequenceOfRecipientInfo sequenceOfRecipientInfo = new SequenceOfRecipientInfo();
        PKRecipientInfo pKRecipientInfo = new PKRecipientInfo();
        String generateRandomByYunhsm = GMSSLRandomUtils.generateRandomByYunhsm(16);
        EciesEncryptedKey build = KekBuilder.build(publicKey, Base64.decode(generateRandomByYunhsm));
        pKRecipientInfo.setRecipientId(hashedId8);
        pKRecipientInfo.setHashAlg(hashAlgorithm);
        pKRecipientInfo.setKek(build);
        sequenceOfRecipientInfo.addRecipientInfo(new RecipientInfo(pKRecipientInfo, pKRecipientInfoType));
        if (BigIntegers.fromUnsignedByteArray(hashAlgorithm.getEncode(), 0, 1).intValue() == HashAlgorithm.SGD_SM3.getIndex()) {
            String encryptByYumhsmWithPKCS7Padding = GMSSLSM4ECBEncryptUtils.encryptByYumhsmWithPKCS7Padding(generateRandomByYunhsm, Base64.toBase64String(bArr));
            CipherText cipherText = new CipherText();
            cipherText.setString(Base64.decode(encryptByYumhsmWithPKCS7Padding));
            encryptedData.setCipherText(new SymmetricCipherText(cipherText));
        }
        encryptedData.setRecipients(sequenceOfRecipientInfo);
        securedMessage.setPayload(new Payload(encryptedData));
        return securedMessage;
    }

    private static byte[] buildSignData(byte[] bArr, Certificate certificate, HashAlgorithm hashAlgorithm) throws Exception {
        byte[] digestByYunhsm = GMSSLSM3DigestUtils.digestByYunhsm(bArr);
        return BigIntegers.fromUnsignedByteArray(hashAlgorithm.getEncode(), 0, 1).intValue() == HashAlgorithm.SGD_SM3.getIndex() ? null == certificate ? ByteArrayUtils.buildUpByte(digestByYunhsm, GMSSLSM3DigestUtils.digestByYunhsm("".getBytes())) : ByteArrayUtils.buildUpByte(digestByYunhsm, GMSSLSM3DigestUtils.digestByYunhsm(certificate.getEncode())) : null == certificate ? ByteArrayUtils.buildUpByte(digestByYunhsm, GMSSLSHA256DigestUtils.digestByYunHsm("".getBytes())) : ByteArrayUtils.buildUpByte(digestByYunhsm, GMSSLSHA256DigestUtils.digestByYunHsm(certificate.getEncode()));
    }
}
