package com.xdja.datamigration.fileapi;

import com.xdja.datamigration.fileapi.exception.SingleFileCryptoException;
import com.xdja.datamigration.fileapi.param.IParamSpecDecryptByBC;
import com.xdja.datamigration.fileapi.utils.CertUtils;
import com.xdja.datamigration.fileapi.utils.FileUtils;
import com.xdja.datamigration.fileapi.utils.Pkcs7PaddingUtils;
import com.xdja.datamigration.fileapi.utils.XdEnvelopedDataUtils;
import com.xdja.pki.gmssl.asn1.crypto.ASN1SM2Cipher;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4CBCEncryptUtils;
import com.xdja.pki.gmssl.sdf.SdfSDKException;
import com.xdja.pki.gmssl.sdf.bean.SdfAlgIdSymmetric;
import com.xdja.pki.gmssl.sdf.bean.SdfECCCipher;
import com.xdja.pki.gmssl.sdf.bean.SdfECCPublicKey;
import com.xdja.pki.gmssl.sdf.bean.SdfSymmetricKeyHandle;
import com.xdja.pki.gmssl.sdf.yunhsm.YunhsmSdfSDK;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Map;
import java.util.Random;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;

/* loaded from: input_file:com/xdja/datamigration/fileapi/SingleFileCryptoApi.class */
public class SingleFileCryptoApi {
    private static YunhsmSdfSDK sdfSDK;
    private SdfAlgIdSymmetric defaultEncryptKeySymmetricMode;
    private int defaultEncryptKeyIndex;
    private X509Certificate x509Certificate;
    private SdfECCPublicKey encPublicKey;

    public SingleFileCryptoApi(IXdjaCryptoParameter iXdjaCryptoParameter) throws SingleFileCryptoException, SdfSDKException {
        this();
        if (null == iXdjaCryptoParameter) {
            throw new SingleFileCryptoException("cryptoParameter is null");
        }
        if (iXdjaCryptoParameter.encryptKeyIndex() <= 0) {
            throw new SingleFileCryptoException("cryptoParameter's Key Index is incorrect");
        }
        if (null != iXdjaCryptoParameter.encryptKeySymmetricMode()) {
            this.defaultEncryptKeySymmetricMode = iXdjaCryptoParameter.encryptKeySymmetricMode();
        }
        if (null != iXdjaCryptoParameter.transEncryptCert()) {
            initEncPublicKey(iXdjaCryptoParameter.transEncryptCert());
        }
    }

    public SingleFileCryptoApi(X509Certificate x509Certificate) throws SdfSDKException, SingleFileCryptoException {
        this();
        initEncPublicKey(x509Certificate);
    }

    private void initEncPublicKey(X509Certificate x509Certificate) throws SdfSDKException, SingleFileCryptoException {
        if (x509Certificate == null) {
            throw new SingleFileCryptoException(" the param of certificate is null");
        }
        this.x509Certificate = x509Certificate;
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
            if (!CertUtils.isSm2(eCPublicKey) && this.encPublicKey == null) {
                throw new SingleFileCryptoException(" certificate is not sm2 type ");
            }
            this.encPublicKey = SdfECCPublicKey.getInstance(eCPublicKey);
            if (this.encPublicKey == null) {
                throw new SingleFileCryptoException(" certificate's can not be parsed public key ");
            }
        } catch (Exception e) {
            throw new SingleFileCryptoException("certificate parsed public key error");
        }
    }

    private SingleFileCryptoApi() throws SdfSDKException {
        this.defaultEncryptKeySymmetricMode = SdfAlgIdSymmetric.SGD_SM4_ECB;
        this.defaultEncryptKeyIndex = 3;
        sdfSDK = new YunhsmSdfSDK();
        sdfSDK.init();
    }

    public void encrypt2File(String str) throws Exception {
        validParam(str);
        FileUtils.write2File(encryptData(FileUtils.readFile2Byte(str)), str);
    }

    private byte[] encrypt(byte[] bArr, byte[] bArr2, long[] jArr) throws Exception {
        if (null == bArr || bArr.length <= 0) {
            throw new SingleFileCryptoException("encrypt data is null or data is empty");
        }
        byte[] bArr3 = new byte[16];
        System.arraycopy(bArr2, 0, bArr3, 0, 16);
        byte[] wrapPadding = Pkcs7PaddingUtils.wrapPadding(bArr);
        int length = wrapPadding.length;
        if (length <= 4096) {
            byte[] encrypt = sdfSDK.encrypt(jArr, SdfAlgIdSymmetric.SGD_SM4_CBC, bArr3, wrapPadding);
            sdfSDK.destroyKey(jArr);
            return encrypt;
        }
        int i = length / 4096;
        int i2 = length % 4096;
        byte[] bArr4 = new byte[wrapPadding.length];
        for (int i3 = 0; i3 < i; i3++) {
            byte[] bArr5 = new byte[4096];
            System.arraycopy(bArr, i3 * 4096, bArr5, 0, 4096);
            copyCipherData(jArr, bArr3, 4096, bArr4, i3, bArr5);
        }
        if (i2 != 0) {
            byte[] bArr6 = new byte[i2];
            System.arraycopy(wrapPadding, length - i2, bArr6, 0, i2);
            copyCipherData(jArr, bArr3, 4096, bArr4, i, bArr6);
        }
        sdfSDK.destroyKey(jArr);
        return bArr4;
    }

    private void copyCipherData(long[] jArr, byte[] bArr, int i, byte[] bArr2, int i2, byte[] bArr3) throws SdfSDKException {
        byte[] encrypt = sdfSDK.encrypt(jArr, SdfAlgIdSymmetric.SGD_SM4_CBC, bArr, bArr3);
        System.arraycopy(encrypt, 0, bArr2, i2 * i, encrypt.length);
        if (encrypt.length > 0) {
            System.arraycopy(encrypt, encrypt.length - 16, bArr, 0, 16);
        }
    }

    public byte[] encryptData(byte[] bArr) throws Exception {
        byte[] generateEncryptedKey = generateEncryptedKey();
        byte[] generateRandom = generateRandom();
        return XdEnvelopedDataUtils.buildEnvelopedData(encrypt(bArr, generateRandom, generateEncryptedKeyHandle(generateEncryptedKey)), generateEncryptedKey, generateRandom, this.defaultEncryptKeyIndex + "").getEncoded();
    }

    public void decrypt2File(String str) throws Exception {
        validParam(str);
        FileUtils.write2File(decryptData(FileUtils.readFile2Byte(str)), str);
    }

    public byte[] decryptFile2Bytes(File file) throws Exception {
        if (file == null) {
            throw new SingleFileCryptoException("encrypt2File is null");
        }
        if (!file.exists()) {
            throw new SingleFileCryptoException("encrypt2File is not exist");
        }
        if (file.isFile()) {
            return decryptData(FileUtils.readFile2Byte(file));
        }
        throw new SingleFileCryptoException("encrypt2File is not a file");
    }

    public byte[] decryptData(byte[] bArr) throws Exception {
        byte[] decrypt;
        if (bArr == null || bArr.length <= 0) {
            throw new SingleFileCryptoException("encrypt data or file's content is null");
        }
        Map<String, byte[]> parseXdEnvelopedData = XdEnvelopedDataUtils.parseXdEnvelopedData(bArr);
        byte[] bArr2 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_CONTENT_IV);
        byte[] bArr3 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_KEY);
        byte[] bArr4 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_CONTENT);
        long[] importEncryptedKey = importEncryptedKey(bArr3);
        byte[] bArr5 = new byte[16];
        System.arraycopy(bArr2, 0, bArr5, 0, 16);
        if (bArr4.length > 4096) {
            int length = bArr4.length;
            int i = length % 4096;
            int i2 = length / 4096;
            decrypt = new byte[length];
            for (int i3 = 0; i3 < i2; i3++) {
                byte[] bArr6 = new byte[4096];
                System.arraycopy(bArr4, i3 * 4096, bArr6, 0, 4096);
                byte[] decrypt2 = sdfSDK.decrypt(importEncryptedKey, SdfAlgIdSymmetric.SGD_SM4_CBC, bArr5, bArr6);
                System.arraycopy(decrypt2, 0, decrypt, i3 * 4096, decrypt2.length);
                System.arraycopy(bArr6, bArr6.length - 16, bArr5, 0, 16);
            }
            if (i != 0) {
                byte[] bArr7 = new byte[i];
                System.arraycopy(bArr4, i2 * 4096, bArr7, 0, i);
                byte[] decrypt3 = sdfSDK.decrypt(importEncryptedKey, SdfAlgIdSymmetric.SGD_SM4_CBC, bArr5, bArr7);
                System.arraycopy(decrypt3, 0, decrypt, i2 * 4096, decrypt3.length);
            }
        } else {
            decrypt = sdfSDK.decrypt(importEncryptedKey, SdfAlgIdSymmetric.SGD_SM4_CBC, bArr2, bArr4);
        }
        byte[] unwrapPadding = Pkcs7PaddingUtils.unwrapPadding(decrypt);
        sdfSDK.destroyKey(importEncryptedKey);
        return unwrapPadding;
    }

    public byte[] transEncrypt(String str, boolean z) throws Exception {
        System.out.println("----------------execute trans encrypt");
        if (this.encPublicKey == null) {
            throw new SingleFileCryptoException("encPublicKey is null,ensure the certificate has been set");
        }
        byte[] readFile2Byte = FileUtils.readFile2Byte(str);
        byte[] decryptData = z ? decryptData(readFile2Byte) : readFile2Byte;
        SdfSymmetricKeyHandle generateSymAlgWithEPK = generateSymAlgWithEPK();
        byte[] sdfECCCipher2Byte = sdfECCCipher2Byte(generateSymAlgWithEPK.getCipherKey());
        byte[] generateRandom = generateRandom();
        return XdEnvelopedDataUtils.buildEnvelopedData(encrypt(decryptData, generateRandom, generateSymAlgWithEPK.getHandle()), sdfECCCipher2Byte, generateRandom, this.x509Certificate).getEncoded();
    }

    private boolean isEncrypted(byte[] bArr) {
        try {
            Map<String, byte[]> parseXdEnvelopedData = XdEnvelopedDataUtils.parseXdEnvelopedData(bArr);
            if (parseXdEnvelopedData.isEmpty()) {
                return false;
            }
            return parseXdEnvelopedData.size() > 0;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isEncrypted(String str) throws Exception {
        validParam(str);
        return isEncrypted(FileUtils.readFile2Byte(str));
    }

    private void validParam(String str) throws SingleFileCryptoException {
        if (null == str || "".equals(str)) {
            throw new SingleFileCryptoException("param is null or incorrect");
        }
    }

    public void release() throws Exception {
        if (sdfSDK != null) {
            sdfSDK.release();
        }
    }

    public static byte[] decryptDataByBC(byte[] bArr, IParamSpecDecryptByBC iParamSpecDecryptByBC) throws Exception {
        return dispatchEnvelopedDataDecrypt(bArr, iParamSpecDecryptByBC);
    }

    public static boolean decryptFileByBC(File file, IParamSpecDecryptByBC iParamSpecDecryptByBC) throws Exception {
        return FileUtils.write2File(dispatchEnvelopedDataDecrypt(FileUtils.readFile2Byte(file), iParamSpecDecryptByBC), file);
    }

    public static byte[] decryptFilePathByBC(String str, IParamSpecDecryptByBC iParamSpecDecryptByBC) throws Exception {
        return dispatchEnvelopedDataDecrypt(FileUtils.readFile2Byte(str), iParamSpecDecryptByBC);
    }

    private static byte[] dispatchEnvelopedDataDecrypt(byte[] bArr, IParamSpecDecryptByBC iParamSpecDecryptByBC) throws Exception {
        System.out.println("----------------execute bc decrypt");
        if (null == bArr || bArr.length <= 0) {
            throw new SingleFileCryptoException("envelopedData is null or data is empty");
        }
        byte[] encoded = XdEnvelopedDataUtils.parseEnvelopedData(bArr).getContent().toASN1Primitive().getEncoded();
        Map<String, byte[]> parseXdEnvelopedData = XdEnvelopedDataUtils.parseXdEnvelopedData(encoded);
        if (null == parseXdEnvelopedData || parseXdEnvelopedData.size() <= 0) {
            throw new SingleFileCryptoException("dispatchEnvelopedDataDecrypt: parseXdEnvelopedData error");
        }
        byte[] bArr2 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_KEY);
        byte[] bArr3 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_KEY_ALG);
        byte[] bArr4 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_CONTENT);
        if (null == bArr3 || bArr3.length <= 0) {
            throw new SingleFileCryptoException("sm2EnvelopedDataDecrypt: encryptKeyAlg is null");
        }
        if (GMObjectIdentifiers.sm2encrypt.getId().equals(new String(bArr3))) {
            if (iParamSpecDecryptByBC == null) {
                throw new SingleFileCryptoException("sm2EnvelopedDataDecrypt: envelopDataDecryptParam is null");
            }
            PrivateKey privateKey = iParamSpecDecryptByBC.privateKey();
            X509Certificate encryptCertificate = iParamSpecDecryptByBC.encryptCertificate();
            if (null == privateKey || null == encryptCertificate) {
                throw new SingleFileCryptoException("sm2EnvelopedDataDecrypt: encryptContent's alg is sm2, privateKey or certificate is null");
            }
            Map<String, byte[]> parseRecipientInfo = XdEnvelopedDataUtils.parseRecipientInfo(encoded);
            byte[] bArr5 = parseRecipientInfo.get(XdEnvelopedDataUtils.ENCRYPTED_CERT_SN);
            byte[] bArr6 = parseRecipientInfo.get(XdEnvelopedDataUtils.ENCRYPTED_CERT_DN);
            if (null == bArr5 || null == bArr6) {
                throw new SingleFileCryptoException("envelopedDataDecrypt:originCertSn or originCertDn is null");
            }
            BigInteger serialNumber = encryptCertificate.getSerialNumber();
            Principal issuerDN = encryptCertificate.getIssuerDN();
            if (serialNumber == null || issuerDN == null) {
                throw new SingleFileCryptoException("envelopedDataDecrypt:serialNum or issuerName is incorrect");
            }
            String bigInteger = serialNumber.toString();
            String name = issuerDN.getName();
            if (!bigInteger.equals(new String(bArr5)) || !name.equals(new String(bArr6))) {
                throw new SingleFileCryptoException("envelopedDataDecrypt:cert is incorrect");
            }
            try {
                bArr2 = GMSSLSM2EncryptUtils.decryptAsn1Cipher(privateKey, ASN1SM2Cipher.getInstance(bArr2).getEncoded());
            } catch (Exception e) {
                throw new SingleFileCryptoException("encryptedKet can not parse by private key");
            }
        }
        byte[] bArr7 = parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_CONTENT_IV);
        if (GMObjectIdentifiers.sms4_cbc.getId().equals(new String(parseXdEnvelopedData.get(XdEnvelopedDataUtils.ENCRYPTED_CONTENT_ALG)))) {
            return GMSSLSM4CBCEncryptUtils.decryptByBCWithPKCS7Padding(bArr2, bArr4, bArr7);
        }
        throw new SingleFileCryptoException("dispatchEnvelopedDataDecrypt:decrypt content alg is unsupported ");
    }

    private byte[] sdfECCCipher2Byte(SdfECCCipher sdfECCCipher) throws IOException {
        return new ASN1SM2Cipher(sdfECCCipher.getX(), sdfECCCipher.getY(), sdfECCCipher.getM(), sdfECCCipher.getC()).toASN1Primitive().getEncoded();
    }

    private byte[] generateRandom() {
        Random random = new Random();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 32; i++) {
            sb.append(random.nextInt(10));
        }
        return GMSSLByteArrayUtils.hexDecode(sb.toString());
    }

    private long[] generateEncryptedKeyHandle(byte[] bArr) throws Exception {
        return sdfSDK.importKeyWithKek(this.defaultEncryptKeySymmetricMode, this.defaultEncryptKeyIndex, bArr);
    }

    private byte[] generateEncryptedKey() throws SdfSDKException {
        return sdfSDK.generateKeyWithKek(this.defaultEncryptKeySymmetricMode.getId(), this.defaultEncryptKeyIndex);
    }

    private long[] importEncryptedKey(byte[] bArr) throws SdfSDKException {
        return sdfSDK.importKeyWithKek(this.defaultEncryptKeySymmetricMode, this.defaultEncryptKeyIndex, bArr);
    }

    private SdfSymmetricKeyHandle generateSymAlgWithEPK() throws SdfSDKException {
        return sdfSDK.generateKeyWithEpkEccKeyHandle(this.encPublicKey);
    }
}
