package com.xdja.pki.common.util;

import com.xdja.pki.common.asn1.EncryptedContentInfo;
import com.xdja.pki.common.asn1.SignedAndEnvelopedData;
import com.xdja.pki.common.asn1.Sm2Cipher;
import com.xdja.pki.common.enums.AlgTypeEnum;
import com.xdja.pki.common.enums.SignAlgEnum;
import com.xdja.pki.common.vhsm.so.XdVhsmRsaCipher;
import com.xdja.pki.common.vhsm.so.XdVhsmSm2Cipher;
import com.xdja.pki.common.vhsm.so.XdVhsmSm4Cipher;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;

/* loaded from: input_file:WEB-INF/lib/scms-core-1.0-SNAPSHOT.jar:com/xdja/pki/common/util/Asn1Util.class */
public class Asn1Util {
    public static SignedAndEnvelopedData generateSignedAndEnvelopedData(Integer num, PublicKey publicKey, PrivateKey privateKey, String str, String str2) throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128, new SecureRandom());
        SecretKey generateKey = keyGenerator.generateKey();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X500Name(RFC4519Style.INSTANCE, str), new BigInteger(str2, 16));
        ASN1Integer aSN1Integer = new ASN1Integer(1L);
        DERSet dERSet = new DERSet(generateRecipientInfo(num, publicKey, generateKey, issuerAndSerialNumber));
        DERSet dERSet2 = new DERSet(new AlgorithmIdentifier(num.intValue() == AlgTypeEnum.RSA.alg ? X509ObjectIdentifiers.id_SHA1 : GMObjectIdentifiers.sm3));
        EncryptedContentInfo generateEncryptedContentInfo = generateEncryptedContentInfo(num, privateKey, generateKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(aSN1Integer.getEncoded());
        byteArrayOutputStream.write(dERSet.getEncoded());
        byteArrayOutputStream.write(dERSet2.getEncoded());
        byteArrayOutputStream.write(generateEncryptedContentInfo.getEncoded());
        return new SignedAndEnvelopedData(aSN1Integer, dERSet, dERSet2, generateEncryptedContentInfo, new DERSet(generateSignerInfo(num, privateKey, issuerAndSerialNumber, byteArrayOutputStream.toByteArray())));
    }

    public static SignerInfo generateSignerInfo(Integer num, PrivateKey privateKey, IssuerAndSerialNumber issuerAndSerialNumber, byte[] bArr) throws Exception {
        SignerIdentifier signerIdentifier = new SignerIdentifier(issuerAndSerialNumber);
        AlgorithmIdentifier algorithmIdentifier = null;
        AlgorithmIdentifier algorithmIdentifier2 = null;
        DEROctetString dEROctetString = null;
        if (num.intValue() == AlgTypeEnum.RSA.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1);
            algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
            dEROctetString = new DEROctetString(SignatureUtil.sign(bArr, privateKey, SignAlgEnum.SHA1_WITH_RSA));
        } else if (num.intValue() == AlgTypeEnum.SM2.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sm3);
            algorithmIdentifier2 = new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign);
            dEROctetString = new DEROctetString(XdVhsmSm2Cipher.sm2SignAndReturnByte(privateKey, bArr));
        }
        return new SignerInfo(signerIdentifier, algorithmIdentifier, (ASN1Set) null, algorithmIdentifier2, dEROctetString, (ASN1Set) null);
    }

    public static EncryptedContentInfo generateEncryptedContentInfo(Integer num, PrivateKey privateKey, SecretKey secretKey) throws Exception {
        AlgorithmIdentifier algorithmIdentifier = null;
        DEROctetString dEROctetString = null;
        if (num.intValue() == AlgTypeEnum.RSA.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(Sm4Util.sm4);
            dEROctetString = new DEROctetString(XdVhsmSm4Cipher.sm4EcbEncryptWithPKCS5Padding(secretKey.getEncoded(), PrivateKeyInfo.getInstance(privateKey.getEncoded()).parsePrivateKey().toASN1Primitive().getEncoded()));
        } else if (num.intValue() == AlgTypeEnum.SM2.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(Sm4Util.sm4);
            byte[] byteArray = ((BCECPrivateKey) privateKey).getS().toByteArray();
            byte[] bArr = new byte[32];
            if (byteArray.length == 32) {
                System.arraycopy(byteArray, 0, bArr, 0, byteArray.length);
            } else if (byteArray.length < 32) {
                System.arraycopy(byteArray, 0, bArr, 0, byteArray.length);
                for (int i = 0; i < 32 - byteArray.length; i++) {
                    bArr[byteArray.length + i] = 0;
                }
            } else if (byteArray.length > 32) {
                for (int i2 = 0; i2 < 32; i2++) {
                    bArr[31 - i2] = byteArray[(byteArray.length - i2) - 1];
                }
            }
            byte[] bArr2 = new byte[64];
            for (int i3 = 0; i3 < 32; i3++) {
                bArr2[i3] = 0;
            }
            System.arraycopy(bArr, 0, bArr2, 32, 32);
            dEROctetString = new DEROctetString(XdVhsmSm4Cipher.sm4EcbEncryptWithNoPadding(secretKey.getEncoded(), bArr2));
        }
        return new EncryptedContentInfo(SignedAndEnvelopedData.OID, algorithmIdentifier, dEROctetString);
    }

    public static KeyTransRecipientInfo generateRecipientInfo(Integer num, PublicKey publicKey, SecretKey secretKey, IssuerAndSerialNumber issuerAndSerialNumber) throws IOException, InvalidCipherTextException {
        RecipientIdentifier recipientIdentifier = new RecipientIdentifier(issuerAndSerialNumber);
        AlgorithmIdentifier algorithmIdentifier = null;
        DEROctetString dEROctetString = null;
        AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        if (num.intValue() == AlgTypeEnum.RSA.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption);
            dEROctetString = new DEROctetString(XdVhsmRsaCipher.rsaEncrypt(secretKey.getEncoded(), publicKey));
        } else if (num.intValue() == AlgTypeEnum.SM2.alg) {
            algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sm2encrypt);
            dEROctetString = new DEROctetString(new Sm2Cipher((ECKeyParameters) createKey, XdVhsmSm2Cipher.sm2Encrypt(secretKey.getEncoded(), publicKey), secretKey.getEncoded().length).getEncoded());
        }
        return new KeyTransRecipientInfo(recipientIdentifier, algorithmIdentifier, dEROctetString);
    }
}
