package org.bouncycastle.tls.crypto.impl.bc;

import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.sdf.SdfECEngine;
import com.xdja.pki.gmssl.crypto.sdf.SdfECKeyParameters;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import java.io.IOException;
import java.security.PrivateKey;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.DefaultTlsCredentialedSigner;
import org.bouncycastle.tls.GMSSLUtils;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.TlsSigner;
import org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedECCSM2.class */
public class BcDefaultTlsCredentialedECCSM2 extends DefaultTlsCredentialedSigner implements TlsCredentialedDecryptor {
    private Logger logger;
    protected AbstractTlsCrypto crypto;
    protected PrivateKey signaturePrivateKey;
    protected PrivateKey encryptionPrivateKey;
    protected Certificate gmsslCertificate;

    private static TlsSigner makeSigner(AbstractTlsCrypto abstractTlsCrypto, PrivateKey privateKey) {
        if (!(abstractTlsCrypto instanceof BcTlsCrypto)) {
            if (!(abstractTlsCrypto instanceof BcTlsCryptoSdf)) {
                throw new IllegalArgumentException("un supported: " + abstractTlsCrypto.getClass().getName());
            }
            if (privateKey instanceof SdfPrivateKey) {
                return new BcTlsSM2SignerSdf((BcTlsCryptoSdf) abstractTlsCrypto, new SdfECKeyParameters((SdfPrivateKey) privateKey));
            }
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        }
        PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(privateKey.getEncoded());
        if (privateKeyInfo == null) {
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        }
        try {
            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(privateKeyInfo);
            if (createKey instanceof ECPrivateKeyParameters) {
                return new BcTlsSM2Signer((BcTlsCrypto) abstractTlsCrypto, createKey);
            }
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        } catch (IOException e) {
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        }
    }

    private static Certificate makeSignerCertificate(Certificate certificate) {
        return new Certificate(new TlsCertificate[]{GMSSLUtils.getSignatureCertificate(certificate)});
    }

    public BcDefaultTlsCredentialedECCSM2(TlsCryptoParameters tlsCryptoParameters, AbstractTlsCrypto abstractTlsCrypto, Certificate certificate, PrivateKey privateKey, PrivateKey privateKey2, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        super(tlsCryptoParameters, makeSigner(abstractTlsCrypto, privateKey), makeSignerCertificate(certificate), signatureAndHashAlgorithm);
        this.logger = LoggerFactory.getLogger(getClass());
        this.gmsslCertificate = certificate;
        this.signaturePrivateKey = privateKey;
        this.encryptionPrivateKey = privateKey2;
        this.crypto = abstractTlsCrypto;
    }

    @Override // org.bouncycastle.tls.DefaultTlsCredentialedSigner, org.bouncycastle.tls.TlsCredentials
    public Certificate getCertificate() {
        return this.gmsslCertificate;
    }

    @Override // org.bouncycastle.tls.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        if (!(this.crypto instanceof BcTlsCrypto)) {
            if (this.crypto instanceof BcTlsCryptoSdf) {
                return safeDecryptPreMasterSecretSdf((BcTlsCryptoSdf) this.crypto, bArr);
            }
            throw new IllegalArgumentException("'crypto' type not supported: " + this.crypto.getClass().getName());
        }
        PrivateKeyInfo privateKeyInfo = PrivateKeyInfo.getInstance(this.encryptionPrivateKey.getEncoded());
        if (privateKeyInfo == null) {
            throw new IllegalArgumentException("'privateKey' type not supported: " + this.encryptionPrivateKey.getClass().getName());
        }
        return safeDecryptPreMasterSecret((ECKeyParameters) PrivateKeyFactory.createKey(privateKeyInfo), bArr);
    }

    protected TlsSecret safeDecryptPreMasterSecret(ECKeyParameters eCKeyParameters, byte[] bArr) throws TlsFatalAlert {
        try {
            return this.crypto.createSecret(GMSSLSM2EncryptUtils.decryptASN1ByBC(eCKeyParameters, bArr));
        } catch (Exception e) {
            GMSSLByteArrayUtils.printHexBinary(this.logger, "ecServerPrivateKey s: ", eCKeyParameters.getParameters().getH().toByteArray());
            GMSSLByteArrayUtils.printHexBinary(this.logger, "encryptedPreMasterSecret", bArr);
            throw new TlsFatalAlert((short) 51, e);
        }
    }

    protected TlsSecret safeDecryptPreMasterSecretSdf(BcTlsCryptoSdf bcTlsCryptoSdf, byte[] bArr) throws TlsFatalAlert {
        SdfPrivateKey sdfPrivateKey = this.signaturePrivateKey;
        try {
            SdfECKeyParameters sdfECKeyParameters = new SdfECKeyParameters(sdfPrivateKey);
            SdfECEngine sdfECEngine = new SdfECEngine(bcTlsCryptoSdf.getSdfCryptoType());
            sdfECEngine.init(false, sdfECKeyParameters);
            byte[] decryptASN1 = sdfECEngine.decryptASN1(bArr);
            sdfECEngine.release();
            return bcTlsCryptoSdf.createSecret(decryptASN1);
        } catch (Exception e) {
            this.logger.debug("private key index: {}", Integer.valueOf(sdfPrivateKey.getIndex()));
            this.logger.debug("private key password: {}", sdfPrivateKey.getPassword());
            GMSSLByteArrayUtils.printHexBinary(this.logger, "encryptedPreMasterSecret", bArr);
            throw new TlsFatalAlert((short) 51, e);
        }
    }

    public TlsCertificate getSignatureCertificate() {
        return GMSSLUtils.getSignatureCertificate(this.gmsslCertificate);
    }

    public TlsCertificate getEncryptionCertificate() {
        return GMSSLUtils.getEncryptionCertificate(this.gmsslCertificate);
    }
}
