package com.xdja.pki.gmssl.x509.utils;

import cn.hutool.crypto.symmetric.SM4;
import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.init.GMSSLHsmKeyStoreUtils;
import com.xdja.pki.gmssl.crypto.init.GMSSLPkiCryptoInit;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.sdf.SdfSymmetricCipher;
import com.xdja.pki.gmssl.crypto.sdf.SdfSymmetricKeyParameters;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2KeyUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.sdf.bean.SdfAlgIdSymmetric;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.crmf.EncryptedValue;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/gmssl-pki-utils-1.3.5-SNAPSHOT.jar:com/xdja/pki/gmssl/x509/utils/GMSSLCMPUtils.class */
public class GMSSLCMPUtils {
    private static Logger logger = LoggerFactory.getLogger(GMSSLCMPUtils.class.getName());

    public static EncryptedValue generateEncryptedValueByBC(X509Certificate x509Certificate) throws CertificateEncodingException, IOException, CryptoException, NoSuchPaddingException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sms4_cbc);
        byte[] generateSeed = new SecureRandom().generateSeed(16);
        return new EncryptedValue(null, algorithmIdentifier, new DERBitString(generateEncSymmKeyByBC((ECPublicKey) x509Certificate.getPublicKey(), generateSeed)), new AlgorithmIdentifier(GMObjectIdentifiers.sm2encrypt_with_sm3), null, new DERBitString(generateEncValueByBC(generateSeed, x509Certificate.getEncoded())));
    }

    public static byte[] generateEncSymmKeyByBC(ECPublicKey eCPublicKey, byte[] bArr) throws IOException, CryptoException {
        return GMSSLSM2EncryptUtils.encryptASN1ByBC(eCPublicKey, bArr);
    }

    public static byte[] generateEncValueByBC(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance("SM4/CBC/PKCS7Padding", "BC");
        cipher.init(1, new SecretKeySpec(bArr, SM4.ALGORITHM_NAME), new IvParameterSpec(new byte[16]));
        return cipher.doFinal(bArr2);
    }

    public static EncryptedValue generateEncryptedValueByYunhsm(X509Certificate x509Certificate) throws Exception {
        return GMSSLPkiCryptoInit.isHsmServer() ? generateEncryptedValueByBC(x509Certificate) : generateEncryptedValueBySdf(SdfCryptoType.YUNHSM, x509Certificate);
    }

    public static EncryptedValue generateEncryptedValueByPcie(X509Certificate x509Certificate) throws Exception {
        return generateEncryptedValueBySdf(SdfCryptoType.PCIE, x509Certificate);
    }

    public static EncryptedValue generateEncryptedValueBySdf(SdfCryptoType sdfCryptoType, X509Certificate x509Certificate) throws Exception {
        if (GMSSLPkiCryptoInit.isHsmServer()) {
            return generateEncryptedValueByBC(x509Certificate);
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sms4_cbc);
        byte[] encoded = x509Certificate.getEncoded();
        SdfSymmetricCipher sdfSymmetricCipher = new SdfSymmetricCipher(sdfCryptoType);
        sdfSymmetricCipher.init(true, new SdfSymmetricKeyParameters(SdfSymmetricKeyParameters.PaddingType.PKCS7Padding, SdfAlgIdSymmetric.SGD_SM4_CBC, (ECPublicKey) x509Certificate.getPublicKey()));
        byte[] doFinal = sdfSymmetricCipher.doFinal(encoded);
        sdfSymmetricCipher.release();
        return new EncryptedValue(null, algorithmIdentifier, new DERBitString(sdfSymmetricCipher.getKey()), new AlgorithmIdentifier(GMObjectIdentifiers.sm2encrypt_with_sm3), null, new DERBitString(doFinal));
    }

    public static X509Certificate decodeEncryptedValueByBC(PrivateKey privateKey, byte[] bArr) throws CertificateException, NoSuchPaddingException, BadPaddingException, NoSuchAlgorithmException, IOException, InvalidCipherTextException, IllegalBlockSizeException, NoSuchProviderException, InvalidKeyException, InvalidAlgorithmParameterException {
        EncryptedValue.getInstance(bArr);
        EncryptedValue encryptedValue = EncryptedValue.getInstance(bArr);
        AlgorithmIdentifier symmAlg = encryptedValue.getSymmAlg();
        if (!symmAlg.getAlgorithm().getId().equals(GMObjectIdentifiers.sms4_cbc.getId())) {
            throw new IOException("unSupport algorithm identifier " + symmAlg.getAlgorithm());
        }
        AlgorithmIdentifier keyAlg = encryptedValue.getKeyAlg();
        if (keyAlg.getAlgorithm().getId().equals(GMObjectIdentifiers.sm2encrypt_with_sm3.getId())) {
            return GMSSLX509Utils.readCertificateFromCerByte(decodeEncValueByBC(privateKey, encryptedValue.getEncSymmKey().getOctets(), encryptedValue.getEncValue().getOctets()));
        }
        throw new IOException("unSupport algorithm identifier " + keyAlg.getAlgorithm());
    }

    public static byte[] decodeEncValueByBC(PrivateKey privateKey, byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, InvalidCipherTextException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        Cipher cipher = Cipher.getInstance("SM4/CBC/PKCS7Padding", "BC");
        cipher.init(2, new SecretKeySpec(GMSSLSM2EncryptUtils.decryptASN1ByBC(privateKey, bArr), SM4.ALGORITHM_NAME), new IvParameterSpec(new byte[16]));
        return cipher.doFinal(bArr2);
    }

    public static X509Certificate decodeEncryptedValueByYunhsm(int i, String str, byte[] bArr) throws Exception {
        return decodeEncryptedValue(SdfCryptoType.YUNHSM, i, str, bArr);
    }

    public static X509Certificate decodeEncryptedValueByPcie(int i, String str, byte[] bArr) throws Exception {
        return decodeEncryptedValue(SdfCryptoType.PCIE, i, str, bArr);
    }

    public static X509Certificate decodeEncryptedValue(SdfCryptoType sdfCryptoType, int i, String str, byte[] bArr) throws Exception {
        EncryptedValue encryptedValue = EncryptedValue.getInstance(bArr);
        AlgorithmIdentifier symmAlg = encryptedValue.getSymmAlg();
        if (!symmAlg.getAlgorithm().getId().equals(GMObjectIdentifiers.sms4_cbc.getId())) {
            throw new SdfSDKException("unSupport algorithm identifier " + symmAlg.getAlgorithm());
        }
        AlgorithmIdentifier keyAlg = encryptedValue.getKeyAlg();
        if (!keyAlg.getAlgorithm().getId().equals(GMObjectIdentifiers.sm2encrypt_with_sm3.getId())) {
            throw new SdfSDKException("unSupport algorithm identifier " + keyAlg.getAlgorithm());
        }
        return GMSSLX509Utils.readCertificateFromCerByte(decodeEncValueBySdf(sdfCryptoType, GMSSLSM2KeyUtils.genSdfPrivateKey(i, str), encryptedValue.getEncSymmKey().getOctets(), encryptedValue.getEncValue().getOctets()));
    }

    public static byte[] decodeEncValueBySdf(SdfCryptoType sdfCryptoType, SdfPrivateKey sdfPrivateKey, byte[] bArr, byte[] bArr2) throws Exception {
        if (GMSSLPkiCryptoInit.isHsmServer()) {
            return decodeEncValueByBC(GMSSLHsmKeyStoreUtils.getAsymKey(Integer.valueOf(sdfPrivateKey.getIndex()), true).getPrivateKey(), bArr, bArr2);
        }
        SdfSymmetricCipher sdfSymmetricCipher = new SdfSymmetricCipher(sdfCryptoType);
        sdfSymmetricCipher.init(false, new SdfSymmetricKeyParameters(SdfSymmetricKeyParameters.KeyCipherType.ECC_CIPHER, SdfSymmetricKeyParameters.PaddingType.PKCS7Padding, SdfAlgIdSymmetric.SGD_SM4_CBC, sdfPrivateKey, bArr));
        byte[] doFinal = sdfSymmetricCipher.doFinal(bArr2);
        sdfSymmetricCipher.release();
        return doFinal;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
