package com.xdja.pki.ca.core.km;

import com.sun.xml.internal.ws.util.ByteArrayBuffer;
import com.xdja.cssp.sm2cipher.sm2.cipher.ServiceException;
import com.xdja.pki.ca.certmanager.service.kms.ca.AlgorithmConstants;
import com.xdja.pki.ca.certmanager.service.racert.OpenApiCMPServiceImpl;
import com.xdja.pki.ca.core.Constants;
import com.xdja.pki.ca.core.ca.util.gm.cert.CertUtil;
import com.xdja.pki.ca.core.ca.util.gm.cert.SM2X509CertMaker;
import com.xdja.pki.ca.core.pkcs7.Sm4;
import com.xdja.pki.ca.core.util.DnUtil;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ca-core-0.0.1-SNAPSHOT.jar:com/xdja/pki/ca/core/km/KmSoft.class */
public class KmSoft {
    static final String pkcs_7 = "1.2.840.113549.1.7";
    private static Logger logger = LoggerFactory.getLogger((Class<?>) KmSoft.class);
    static final ASN1ObjectIdentifier smAlgorithm = new ASN1ObjectIdentifier("1.2.156.10197.1");
    static final ASN1ObjectIdentifier sm4 = smAlgorithm.branch("104");
    static final ASN1ObjectIdentifier sm2256 = smAlgorithm.branch("301");
    static final ASN1ObjectIdentifier sm2256_sign = sm2256.branch("1");
    static final ASN1ObjectIdentifier sm2256_encrypt = sm2256.branch(ServiceException.CODE_DB_EXIST_SUB_CA);
    static final ASN1ObjectIdentifier sm3 = smAlgorithm.branch("401");
    static final ASN1ObjectIdentifier sm2SignWithSm3 = smAlgorithm.branch("501");
    static final ASN1ObjectIdentifier sm2Envolpe = new ASN1ObjectIdentifier("1.2.156.10197.6.1.4.2");
    static final ASN1ObjectIdentifier sm2Envolpe_data = sm2Envolpe.branch("1");
    static final ASN1ObjectIdentifier AES128_EBC = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.1.1");
    static final ASN1ObjectIdentifier rsa = new ASN1ObjectIdentifier(OpenApiCMPServiceImpl.RSA_OID);
    static final ASN1ObjectIdentifier sha1 = new ASN1ObjectIdentifier(AlgorithmConstants.DIGEST_SHA1_OID);
    static final ASN1ObjectIdentifier SHA1WithRSA = new ASN1ObjectIdentifier("1.2.840.113549.1.1.5");
    static final ASN1ObjectIdentifier pkcs_7_data = new ASN1ObjectIdentifier("1.2.840.113549.1.7.1");

    public RetKeyRespond applyKey(Integer num, int i, String str, BigInteger bigInteger, PublicKey publicKey) throws Exception {
        KeyPairGenerator keyPairGenerator;
        try {
            Security.addProvider(new BouncyCastleProvider());
            SecureRandom secureRandom = new SecureRandom();
            if (Constants.RSA_ALG.intValue() == num.intValue()) {
                keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
                keyPairGenerator.initialize(i, secureRandom);
            } else {
                keyPairGenerator = KeyPairGenerator.getInstance(CertUtil.SM2_BC_NAME, "BC");
                keyPairGenerator.initialize(new ECGenParameterSpec("sm2p256v1"), secureRandom);
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey2 = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(128, secureRandom);
            SecretKey generateKey = keyGenerator.generateKey();
            logger.info("session>>>>>>>>>>>>>>>>" + Base64.toBase64String(generateKey.getEncoded()));
            printBytes(generateKey.getEncoded());
            ASN1Integer aSN1Integer = new ASN1Integer(1L);
            ASN1Set makeRecipientInfos = makeRecipientInfos(num, str, bigInteger, publicKey, generateKey.getEncoded());
            DERSet dERSet = 1 == num.intValue() ? new DERSet(new AlgorithmIdentifier(sha1)) : new DERSet(new AlgorithmIdentifier(sm3));
            EncryptedContentInfo makeEncryptedContentInfo = makeEncryptedContentInfo(num, generateKey, privateKey, i);
            ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
            byteArrayBuffer.write(aSN1Integer.getEncoded());
            byteArrayBuffer.write(makeRecipientInfos.getEncoded());
            byteArrayBuffer.write(dERSet.getEncoded());
            byteArrayBuffer.write(makeEncryptedContentInfo.getEncoded());
            SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(aSN1Integer, makeRecipientInfos, dERSet, makeEncryptedContentInfo, null, null, makeSignerInfos(str, bigInteger, privateKey, byteArrayBuffer.toByteArray()));
            byte[] encoded = signedAndEnvelopedData.toASN1Primitive().getEncoded();
            logger.info(Base64.toBase64String(encoded));
            logger.info(Hex.toHexString(encoded));
            RetKeyRespond retKeyRespond = new RetKeyRespond();
            retKeyRespond.setPublicKey(publicKey2);
            retKeyRespond.setEncryptedPrivateKey(signedAndEnvelopedData);
            return retKeyRespond;
        } catch (Exception e) {
            e.printStackTrace();
            throw new Exception("申请私钥对异常：" + e.getMessage());
        }
    }

    public ASN1Set makeRecipientInfos(Integer num, String str, BigInteger bigInteger, PublicKey publicKey, byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidCipherTextException {
        AlgorithmIdentifier algorithmIdentifier;
        DEROctetString dEROctetString;
        RecipientIdentifier recipientIdentifier = new RecipientIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str), bigInteger));
        if (Constants.RSA_ALG.intValue() == num.intValue()) {
            algorithmIdentifier = new AlgorithmIdentifier(rsa);
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
            pKCS1Encoding.init(true, new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            dEROctetString = new DEROctetString(pKCS1Encoding.processBlock(bArr, 0, bArr.length));
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm2256_encrypt);
            try {
                dEROctetString = new DEROctetString(GMSSLByteArrayUtils.base64Decode(GMSSLSM2EncryptUtils.encryptASN1ByBC(publicKey, GMSSLByteArrayUtils.base64Encode(bArr))));
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException("使用公钥加密会话密钥异常");
            }
        }
        return new DERSet(new KeyTransRecipientInfo(recipientIdentifier, algorithmIdentifier, dEROctetString));
    }

    public EncryptedContentInfo makeEncryptedContentInfo(Integer num, SecretKey secretKey, PrivateKey privateKey, int i) {
        AlgorithmIdentifier algorithmIdentifier;
        DEROctetString dEROctetString;
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier("1.2.156.10197.6.1.4.2.104");
        if (Constants.RSA_ALG.intValue() == num.intValue()) {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            try {
                byte[] encoded = PrivateKeyInfo.getInstance(((RSAPrivateKey) privateKey).getEncoded()).parsePrivateKey().toASN1Primitive().getEncoded();
                logger.info("privateKeyPKCS1>>>>>>>>>>>>>" + Base64.toBase64String(encoded));
                printBytes(encoded);
                dEROctetString = new DEROctetString(Sm4.sm4_encrypt_ecb(secretKey.getEncoded(), encoded));
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException("加密异常：" + e.toString());
            }
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
            byte[] byteArray = eCPrivateKey.getS().toByteArray();
            byte[] bArr = new byte[32];
            for (int i2 = 0; i2 < 32; i2++) {
                if (byteArray.length >= i2) {
                    bArr[31 - i2] = byteArray[(byteArray.length - 1) - i2];
                }
            }
            logger.info("原私钥bsRequestS：");
            logger.info(new String(Base64.encode(eCPrivateKey.getS().toByteArray())));
            printBytes(byteArray);
            dEROctetString = new DEROctetString(Sm4.sm4_encrypt_ecb_padbefore32byte(secretKey.getEncoded(), bArr));
        }
        return new EncryptedContentInfo(dERObjectIdentifier, algorithmIdentifier, dEROctetString);
    }

    public EncryptedContentInfo makeEncryptedContentInfo(Integer num, SecretKey secretKey, X509Certificate x509Certificate) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        DEROctetString dEROctetString;
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier("1.2.156.10197.6.1.4.2.104");
        if (Constants.RSA_ALG.intValue() == num.intValue()) {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            try {
                dEROctetString = new DEROctetString(Sm4.sm4_encrypt_ecb(secretKey.getEncoded(), CertUtil.writeObjectToByteArray(x509Certificate)));
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException("加密异常：" + e.toString());
            }
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            dEROctetString = new DEROctetString(Sm4.sm4_encrypt_ecb(secretKey.getEncoded(), CertUtil.writeObjectToByteArray(x509Certificate)));
        }
        return new EncryptedContentInfo(dERObjectIdentifier, algorithmIdentifier, dEROctetString);
    }

    public static void printBytes(byte[] bArr) {
        if (bArr == null) {
            logger.info("bs is null =======================\n");
            return;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (i % 20 == 0) {
                System.out.printf("%4s:  ", Integer.valueOf(i));
            }
            System.out.print(toHex(bArr[i]));
            if (i % 10 == 9) {
                System.out.print("  ");
            }
            if (i % 20 == 19) {
                System.out.print("\n");
            } else {
                System.out.print(" ");
            }
        }
        System.out.println("\n");
    }

    public static final String toHex(byte b) {
        return "" + "0123456789ABCDEF".charAt(15 & (b >> 4)) + "0123456789ABCDEF".charAt(b & 15);
    }

    public static ASN1Set makeSignerInfos(String str, BigInteger bigInteger, PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, SignatureException, InvalidKeyException {
        AlgorithmIdentifier algorithmIdentifier;
        AlgorithmIdentifier algorithmIdentifier2;
        DEROctetString dEROctetString;
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str), bigInteger));
        if (privateKey instanceof RSAPrivateKey) {
            algorithmIdentifier = new AlgorithmIdentifier(sha1);
            algorithmIdentifier2 = new AlgorithmIdentifier(rsa);
            Signature signature = Signature.getInstance("SHA1WithRSAEncryption", "BC");
            signature.initSign(privateKey);
            signature.update(bArr);
            dEROctetString = new DEROctetString(signature.sign());
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm3);
            algorithmIdentifier2 = new AlgorithmIdentifier(sm2256_sign);
            Signature signature2 = Signature.getInstance(SM2X509CertMaker.SIGN_ALGO_SM3WITHSM2, "BC");
            signature2.initSign(privateKey);
            signature2.update(bArr);
            dEROctetString = new DEROctetString(signature2.sign());
        }
        return new DERSet(new SignerInfo(signerIdentifier, algorithmIdentifier, (ASN1Set) null, algorithmIdentifier2, ASN1OctetString.getInstance(dEROctetString), (ASN1Set) null));
    }

    public RetKeyRespond restoreKey(Integer num, int i, String str, BigInteger bigInteger, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        try {
            Security.addProvider(new BouncyCastleProvider());
            SecureRandom secureRandom = new SecureRandom();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(128, secureRandom);
            SecretKey generateKey = keyGenerator.generateKey();
            ASN1Integer aSN1Integer = new ASN1Integer(1L);
            ASN1Set makeRecipientInfos = makeRecipientInfos(num, str, bigInteger, publicKey, generateKey.getEncoded());
            DERSet dERSet = "1".equals(num) ? new DERSet(new AlgorithmIdentifier(sha1)) : new DERSet(new AlgorithmIdentifier(sm3));
            EncryptedContentInfo makeEncryptedContentInfo = makeEncryptedContentInfo(num, generateKey, privateKey, i);
            ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
            byteArrayBuffer.write(aSN1Integer.getEncoded());
            byteArrayBuffer.write(makeRecipientInfos.getEncoded());
            byteArrayBuffer.write(dERSet.getEncoded());
            byteArrayBuffer.write(makeEncryptedContentInfo.getEncoded());
            SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData(aSN1Integer, makeRecipientInfos, dERSet, makeEncryptedContentInfo, null, null, makeSignerInfos(str, bigInteger, privateKey, byteArrayBuffer.toByteArray()));
            byte[] encoded = signedAndEnvelopedData.toASN1Primitive().getEncoded();
            System.out.println(Base64.toBase64String(encoded));
            System.out.println(Hex.toHexString(encoded));
            RetKeyRespond retKeyRespond = new RetKeyRespond();
            retKeyRespond.setEncryptedPrivateKey(signedAndEnvelopedData);
            retKeyRespond.setPrivateKey(privateKey);
            return retKeyRespond;
        } catch (Exception e) {
            e.printStackTrace();
            throw new Exception("申请私钥对异常：" + e.getMessage());
        }
    }

    public static void main(String[] strArr) throws Exception {
        KmSoft kmSoft = new KmSoft();
        Security.addProvider(new BouncyCastleProvider());
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, secureRandom);
        System.out.println(new String(Base64.decode(kmSoft.applyKey(1, 1024, "CN=sushi", new BigInteger("1"), keyPairGenerator.generateKeyPair().getPublic()).getEncryptedPrivateKey().getDEREncoded())));
        System.out.println("ddd");
    }
}
