package com.xdja.pki.oer.gbt.asn1.data;

import com.xdja.pki.gmssl.core.utils.GMSSLBCAeadUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.sdf.SdfPrivateKey;
import com.xdja.pki.gmssl.crypto.sdf.SdfSymmetricKeyParameters;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRandomUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSHA256DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM3DigestUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4ECBEncryptUtils;
import com.xdja.pki.oer.base.Null;
import com.xdja.pki.oer.core.TimeUtils;
import com.xdja.pki.oer.core.calculate.CalculateFactory;
import com.xdja.pki.oer.core.calculate.CalculateService;
import com.xdja.pki.oer.gbt.asn1.AesCcmCipherText;
import com.xdja.pki.oer.gbt.asn1.Certificate;
import com.xdja.pki.oer.gbt.asn1.CipherText;
import com.xdja.pki.oer.gbt.asn1.EccPoint;
import com.xdja.pki.oer.gbt.asn1.EncryptedData;
import com.xdja.pki.oer.gbt.asn1.HashAlgorithm;
import com.xdja.pki.oer.gbt.asn1.HashedId8;
import com.xdja.pki.oer.gbt.asn1.HeaderInfo;
import com.xdja.pki.oer.gbt.asn1.ItsAidInt;
import com.xdja.pki.oer.gbt.asn1.PKRecipientInfo;
import com.xdja.pki.oer.gbt.asn1.Payload;
import com.xdja.pki.oer.gbt.asn1.PreSharedKeyRecipientInfo;
import com.xdja.pki.oer.gbt.asn1.PublicVerifyKey;
import com.xdja.pki.oer.gbt.asn1.RecipientInfo;
import com.xdja.pki.oer.gbt.asn1.SecuredMessage;
import com.xdja.pki.oer.gbt.asn1.SequenceOfCertificate;
import com.xdja.pki.oer.gbt.asn1.SequenceOfRecipientInfo;
import com.xdja.pki.oer.gbt.asn1.Signature;
import com.xdja.pki.oer.gbt.asn1.SignedData;
import com.xdja.pki.oer.gbt.asn1.SignerInfo;
import com.xdja.pki.oer.gbt.asn1.SymmetricCipherText;
import com.xdja.pki.oer.gbt.asn1.TBSData;
import com.xdja.pki.oer.gbt.asn1.Time64;
import com.xdja.pki.oer.gbt.asn1.bean.PKRecipientInfoType;
import com.xdja.pki.oer.gbt.asn1.utils.EccPointHolder;
import com.xdja.pki.oer.gbt.asn1.utils.KekBuilder;
import com.xdja.pki.oer.gbt.asn1.utils.KekResolveUtils;
import com.xdja.pki.oer.gbt.asn1.utils.SignatureBuilder;
import com.xdja.pki.oer.gbt.asn1.utils.enums.EccCurveTypeEnum;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.math.ec.custom.gm.SM2P256V1Curve;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pki/oer/gbt/asn1/data/SecuredMessageBuilder.class */
public class SecuredMessageBuilder {
    private static Logger logger = LoggerFactory.getLogger(SecuredMessageBuilder.class);
    private static CalculateService calculateService = CalculateFactory.getInstance();

    public static SecuredMessage buildSignedDataSecuredMessage(ItsAidInt itsAidInt, PrivateKey privateKey, Certificate certificate, byte[] bArr) throws Exception {
        Signature build;
        SecuredMessage securedMessage = new SecuredMessage();
        SignedData signedData = new SignedData();
        SequenceOfCertificate sequenceOfCertificate = new SequenceOfCertificate();
        sequenceOfCertificate.addCertificate(certificate);
        signedData.setSignerInfo(new SignerInfo(sequenceOfCertificate));
        TBSData tBSData = new TBSData();
        HeaderInfo headerInfo = new HeaderInfo();
        headerInfo.setItsAid(itsAidInt);
        tBSData.setHeaderInfo(headerInfo);
        tBSData.setData(bArr);
        signedData.setTbs(tBSData);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] encode = certificate.getEncode();
        byte[] encode2 = tBSData.getEncode();
        PublicVerifyKey verifyKey = certificate.getTbsCert().getSubjectAttribute().getVerifyKey();
        if (EccPointHolder.build(verifyKey.getEccPoint().getEncode(), verifyKey.getEccCurve()).getPublicKey().getParameters().getCurve() instanceof SM2P256V1Curve) {
            byte[] sm3Hash = calculateService.sm3Hash(encode);
            byteArrayOutputStream.write(calculateService.sm3Hash(encode2));
            byteArrayOutputStream.write(sm3Hash);
            build = SignatureBuilder.build(privateKey, byteArrayOutputStream.toByteArray(), EccCurveTypeEnum.SGD_SM2);
        } else {
            byte[] sha256Hash = calculateService.sha256Hash(encode);
            byteArrayOutputStream.write(calculateService.sha256Hash(encode2));
            byteArrayOutputStream.write(sha256Hash);
            build = SignatureBuilder.build(privateKey, byteArrayOutputStream.toByteArray(), EccCurveTypeEnum.NIST_P_256);
        }
        signedData.setSign(build);
        securedMessage.setPayload(new Payload(signedData));
        return securedMessage;
    }

    public static SecuredMessage buildSelfSignedDataSecuredMessage(ItsAidInt itsAidInt, PrivateKey privateKey, byte[] bArr, EccCurveTypeEnum eccCurveTypeEnum) throws Exception {
        SecuredMessage securedMessage = new SecuredMessage();
        SignedData signedData = new SignedData();
        SignerInfo signerInfo = new SignerInfo(new Null());
        TBSData tBSData = new TBSData();
        HeaderInfo headerInfo = new HeaderInfo();
        headerInfo.setItsAid(itsAidInt);
        headerInfo.setGenTime(new Time64(TimeUtils.getNowTime() * 1000));
        tBSData.setHeaderInfo(headerInfo);
        tBSData.setData(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] encode = tBSData.getEncode();
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        if (privateKey instanceof SdfPrivateKey) {
            if (eccCurveTypeEnum == EccCurveTypeEnum.SGD_SM2) {
                bArr2 = GMSSLSM3DigestUtils.digestByYunhsm("".getBytes());
                bArr3 = GMSSLSM3DigestUtils.digestByYunhsm(encode);
            } else if (eccCurveTypeEnum == EccCurveTypeEnum.NIST_P_256) {
                bArr2 = GMSSLSHA256DigestUtils.digestByBC("".getBytes());
                bArr3 = GMSSLSHA256DigestUtils.digestByBC(encode);
            }
        } else if (((BCECPrivateKey) privateKey).getParameters().getCurve() instanceof SM2P256V1Curve) {
            bArr2 = GMSSLSM3DigestUtils.digestByYunhsm("".getBytes());
            bArr3 = GMSSLSM3DigestUtils.digestByYunhsm(encode);
        } else {
            bArr2 = GMSSLSHA256DigestUtils.digestByBC("".getBytes());
            bArr3 = GMSSLSHA256DigestUtils.digestByBC(encode);
        }
        byteArrayOutputStream.write(bArr3);
        byteArrayOutputStream.write(bArr2);
        Signature build = SignatureBuilder.build(privateKey, byteArrayOutputStream.toByteArray(), eccCurveTypeEnum);
        signedData.setSignerInfo(signerInfo);
        signedData.setTbs(tBSData);
        signedData.setSign(build);
        securedMessage.setPayload(new Payload(signedData));
        return securedMessage;
    }

    public static SecuredMessage buildEncryptedDataSecuredMessage(Certificate certificate, byte[] bArr) throws Exception {
        return buildEncryptedDataSecuredMessage(certificate, bArr, EccCurveTypeEnum.SGD_SM2);
    }

    public static SecuredMessage buildEncryptedDataSecuredMessage(Certificate certificate, byte[] bArr, EccCurveTypeEnum eccCurveTypeEnum) throws Exception {
        SecuredMessage securedMessage = new SecuredMessage();
        byte[] base64Decode = GMSSLByteArrayUtils.base64Decode(GMSSLRandomUtils.generateRandomByYunhsm(16));
        EncryptedData encryptedData = new EncryptedData();
        SequenceOfRecipientInfo sequenceOfRecipientInfo = new SequenceOfRecipientInfo();
        PKRecipientInfo pKRecipientInfo = new PKRecipientInfo();
        EccPoint publicKey = certificate.getTbsCert().getSubjectAttribute().getEncryptionKey().getPublicKey();
        sequenceOfRecipientInfo.addRecipientInfo(new RecipientInfo(pKRecipientInfo, PKRecipientInfoType.CERT_RECIPINFO));
        encryptedData.setRecipients(sequenceOfRecipientInfo);
        SymmetricCipherText symmetricCipherText = null;
        byte[] bArr2 = null;
        if (eccCurveTypeEnum == EccCurveTypeEnum.SGD_SM2) {
            bArr2 = GMSSLSM3DigestUtils.digestByYunhsm(certificate.getEncode());
            pKRecipientInfo.setKek(KekBuilder.build(publicKey, base64Decode, EccCurveTypeEnum.SGD_SM2));
            pKRecipientInfo.setHashAlg(new HashAlgorithm(HashAlgorithm.SGD_SM3));
            CipherText cipherText = new CipherText();
            cipherText.setString(GMSSLSM4ECBEncryptUtils.sm4SymmetricWithPaddingByYunHsm(true, SdfSymmetricKeyParameters.PaddingType.PKCS7Padding, base64Decode, bArr));
            symmetricCipherText = new SymmetricCipherText(cipherText);
        } else if (eccCurveTypeEnum == EccCurveTypeEnum.NIST_P_256) {
            bArr2 = GMSSLSHA256DigestUtils.digestByYunHsm(certificate.getEncode());
            pKRecipientInfo.setKek(KekBuilder.build(publicKey, base64Decode, EccCurveTypeEnum.NIST_P_256));
            pKRecipientInfo.setHashAlg(new HashAlgorithm(HashAlgorithm.SHA_256));
            AesCcmCipherText aesCcmCipherText = new AesCcmCipherText();
            byte[] generateRandom = com.xdja.pki.gmssl.core.utils.GMSSLRandomUtils.generateRandom(12);
            aesCcmCipherText.setNonce(generateRandom);
            byte[] encryptAESCCM = GMSSLBCAeadUtils.encryptAESCCM(base64Decode, 16, generateRandom, (byte[]) null, bArr);
            CipherText cipherText2 = new CipherText();
            cipherText2.setString(encryptAESCCM);
            aesCcmCipherText.setCipher(cipherText2);
            symmetricCipherText = new SymmetricCipherText(aesCcmCipherText);
        }
        byte[] bArr3 = new byte[8];
        System.arraycopy(bArr2, bArr2.length - bArr3.length, bArr3, 0, bArr3.length);
        pKRecipientInfo.setRecipientId(new HashedId8(bArr3));
        encryptedData.setCipherText(symmetricCipherText);
        securedMessage.setPayload(new Payload(encryptedData));
        logger.info("encrypt data secured message have finished");
        return securedMessage;
    }

    public static SecuredMessage buildEncPskpiSecuredMessage(byte[] bArr, byte[] bArr2, EccCurveTypeEnum eccCurveTypeEnum) throws Exception {
        SecuredMessage securedMessage = new SecuredMessage();
        EncryptedData encryptedData = new EncryptedData();
        SequenceOfRecipientInfo sequenceOfRecipientInfo = new SequenceOfRecipientInfo();
        PreSharedKeyRecipientInfo preSharedKeyRecipientInfo = new PreSharedKeyRecipientInfo();
        sequenceOfRecipientInfo.addRecipientInfo(new RecipientInfo(preSharedKeyRecipientInfo));
        SymmetricCipherText symmetricCipherText = null;
        if (eccCurveTypeEnum == EccCurveTypeEnum.SGD_SM2) {
            byte[] digestByBC = GMSSLSM3DigestUtils.digestByBC(bArr);
            byte[] bArr3 = new byte[8];
            System.arraycopy(digestByBC, digestByBC.length - 8, bArr3, 0, bArr3.length);
            preSharedKeyRecipientInfo.setSmyKeyHash(new HashedId8(bArr3));
            preSharedKeyRecipientInfo.setHashAlg(new HashAlgorithm(HashAlgorithm.SGD_SM3));
            String encryptByYumhsmWithPKCS7Padding = GMSSLSM4ECBEncryptUtils.encryptByYumhsmWithPKCS7Padding(Base64.toBase64String(bArr), Base64.toBase64String(bArr2));
            CipherText cipherText = new CipherText();
            cipherText.setString(Base64.decode(encryptByYumhsmWithPKCS7Padding));
            symmetricCipherText = new SymmetricCipherText(cipherText);
        } else if (eccCurveTypeEnum == EccCurveTypeEnum.NIST_P_256) {
            byte[] digestByYunHsm = GMSSLSHA256DigestUtils.digestByYunHsm(bArr);
            byte[] bArr4 = new byte[8];
            System.arraycopy(digestByYunHsm, digestByYunHsm.length - 8, bArr4, 0, bArr4.length);
            preSharedKeyRecipientInfo.setSmyKeyHash(new HashedId8(bArr4));
            preSharedKeyRecipientInfo.setHashAlg(new HashAlgorithm(HashAlgorithm.SHA_256));
            AesCcmCipherText aesCcmCipherText = new AesCcmCipherText();
            byte[] generateRandom = com.xdja.pki.gmssl.core.utils.GMSSLRandomUtils.generateRandom(12);
            aesCcmCipherText.setNonce(generateRandom);
            byte[] encryptAESCCM = GMSSLBCAeadUtils.encryptAESCCM(bArr, 16, generateRandom, (byte[]) null, bArr2);
            CipherText cipherText2 = new CipherText();
            cipherText2.setString(encryptAESCCM);
            aesCcmCipherText.setCipher(cipherText2);
            symmetricCipherText = new SymmetricCipherText(aesCcmCipherText);
        }
        encryptedData.setCipherText(symmetricCipherText);
        encryptedData.setRecipients(sequenceOfRecipientInfo);
        securedMessage.setPayload(new Payload(encryptedData));
        return securedMessage;
    }

    public static byte[] resolveEncSecuredMessage(int i, String str, byte[] bArr) throws Exception {
        EncryptedData encData = SecuredMessage.getInstance(bArr).getPayload().getEncData();
        PKRecipientInfo certRecipInfo = encData.getRecipients().getRecipientInfos().get(0).getCertRecipInfo();
        if (null == certRecipInfo) {
            certRecipInfo = encData.getRecipients().getRecipientInfos().get(0).getSignedDataRecipInfo();
        }
        byte[] plain = KekResolveUtils.getPlain(certRecipInfo.getKek(), new SdfPrivateKey(i, str.getBytes()));
        SymmetricCipherText cipherText = encData.getCipherText();
        return null != cipherText.getSm4Ecb() ? Base64.decode(GMSSLSM4ECBEncryptUtils.decryptByYumhsmWithPKCS7Padding(Base64.toBase64String(plain), Base64.toBase64String(cipherText.getSm4Ecb().getString()))) : GMSSLBCAeadUtils.decryptAESCCM(plain, 16, cipherText.getAesCcm().getNonce().getString(), (byte[]) null, cipherText.getAesCcm().getCipher().getString());
    }
}
