package cfca.sadk.menckit.client.impl;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.menckit.client.SM2Cert;
import cfca.sadk.menckit.common.Debugger;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.helper.SM4DataHelper;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.Passwords;
import cfca.sadk.menckit.common.util.SessionLibs;
import cfca.sadk.menckit.common.util.Strings;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Cipher;
import cfca.sadk.org.bouncycastle.util.Arrays;
import cfca.sadk.org.bouncycastle.util.BigIntegers;
import cfca.sadk.system.SecureRandoms;

/* loaded from: input_file:cfca/sadk/menckit/client/impl/ClientRandom.class */
public class ClientRandom implements Cloneable {
    private final String hardcode;
    private final byte[] keyTag;
    private final byte[] clientRandomHidden;
    private final byte[] clientRandomSM2Cipher;
    private final String keyIdent;

    public ClientRandom(String str, byte[] bArr, SM2Cert sM2Cert) throws MenckitException {
        Args.lestLength(16, bArr, "agreementKey");
        Args.notNull(str, "shareKey");
        Args.notNull(sM2Cert, "sm2RecipientCert");
        String encodeBase64 = Strings.encodeBase64(SecureRandoms.getInstance().genBytes(24));
        try {
            byte[] encrypt = SessionLibs.INSTACE.session().encrypt(new Mechanism("SM2"), sM2Cert.getPublicKey(), bArr);
            try {
                ASN1SM2Cipher aSN1SM2Cipher = ASN1SM2Cipher.getInstance(encrypt);
                try {
                    String str2 = encodeBase64 + str;
                    byte[] encryptMessage = Passwords.INSTACEN.encryptMessage(str2, bArr);
                    if (!Arrays.areEqual(Passwords.INSTACEN.decryptMessage(str2, encryptMessage), bArr)) {
                        throw new MenckitException(Errcode.clientRandomBuildFailed, "agreementKeyHidden failed");
                    }
                    this.hardcode = encodeBase64;
                    this.keyTag = decodeKeyTag(aSN1SM2Cipher);
                    this.clientRandomHidden = encryptMessage;
                    this.clientRandomSM2Cipher = encrypt;
                    this.keyIdent = Strings.encodeBase64(this.keyTag);
                } catch (MenckitException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new MenckitException(Errcode.clientRandomBuildFailed, "agreementKeyHidden failed", e2);
                }
            } catch (Exception e3) {
                throw new MenckitException(Errcode.clientRandomBuildFailed, "AgreementKey decode failed", e3);
            }
        } catch (Exception e4) {
            throw new MenckitException(Errcode.clientRandomBuildFailed, "encryptAgreementKey failed", e4);
        }
    }

    public byte[] recoverKey(String str) throws MenckitException {
        Args.notNull(str, "shareKey");
        try {
            return Passwords.INSTACEN.decryptMessage(this.hardcode + str, this.clientRandomHidden);
        } catch (Exception e) {
            throw new MenckitException(Errcode.keyAgreementRecoverFailed, "clientRandomRecover failed", e);
        }
    }

    private byte[] decodeKeyTag(ASN1SM2Cipher aSN1SM2Cipher) {
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(32, aSN1SM2Cipher.getXCoordinate().getPositiveValue());
        byte[] asUnsignedByteArray2 = BigIntegers.asUnsignedByteArray(32, aSN1SM2Cipher.getYCoordinate().getPositiveValue());
        byte[] bArr = new byte[96];
        System.arraycopy(asUnsignedByteArray, 0, bArr, 0, 32);
        System.arraycopy(asUnsignedByteArray2, 0, bArr, 32, 32);
        System.arraycopy(aSN1SM2Cipher.getHashValue().getOctets(), 0, bArr, 64, 32);
        return bArr;
    }

    public byte[] getKeyTag() {
        return this.keyTag;
    }

    public String getKeyIdent() {
        return this.keyIdent;
    }

    public byte[] getClientRandomSM2Cipher() {
        return this.clientRandomSM2Cipher;
    }

    public boolean match(byte[] bArr) throws MenckitException {
        Args.notLength(96, bArr, "keyTag");
        return Arrays.areEqual(bArr, this.keyTag);
    }

    public String toString() {
        return String.format("[keyTag=%s, id=%s]", Debugger.dump(this.keyTag), this.keyIdent);
    }

    public static byte[] agreementKey(String str, String str2) throws MenckitException {
        if (str == null) {
            throw new MenckitException(Errcode.keyAgreementFailed, "clientRandomData==null");
        }
        byte[] decodeRandomData = decodeRandomData(str, "clientRandomData");
        if (decodeRandomData == null || decodeRandomData.length < 16) {
            throw new MenckitException(Errcode.keyAgreementFailed, "clientRandomData invalid: " + str);
        }
        byte[] decodeRandomData2 = decodeRandomData(str2, "serverRandomData");
        if (decodeRandomData2 != null && decodeRandomData2.length < 16) {
            throw new MenckitException(Errcode.keyAgreementFailed, "serverRandomData invalid: " + str2);
        }
        byte[] bArr = new byte[16];
        System.arraycopy(decodeRandomData, 0, bArr, 0, 16);
        if (decodeRandomData2 != null) {
            System.arraycopy(decodeRandomData2, 0, bArr, 8, 8);
        }
        return bArr;
    }

    private static byte[] decodeRandomData(String str, String str2) throws MenckitException {
        try {
            return Strings.decodeBase64(str);
        } catch (Exception e) {
            throw new MenckitException(Errcode.keyAgreementFailed, str2 + " invalid: " + str, e);
        }
    }

    public static byte[] decryptBySM4(byte[] bArr, byte[] bArr2, byte[] bArr3) throws MenckitException {
        return SM4DataHelper.decryptBySM4(bArr, bArr2, bArr3);
    }

    public static byte[] encryptBySM4(byte[] bArr, byte[] bArr2, byte[] bArr3) throws MenckitException {
        return SM4DataHelper.encryptBySM4(bArr, bArr2, bArr3);
    }
}
