package cfca.sadk.menckit.server.impl;

import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.DataHelper;
import cfca.sadk.menckit.common.util.JVMArgs;
import cfca.sadk.menckit.common.util.Passwords;
import cfca.sadk.menckit.common.util.Strings;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.system.SecureRandoms;
import cfca.sadk.util.CertUtil;
import cfca.sadk.util.KeyUtil;
import cfca.sadk.x509.certificate.X509Cert;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/menckit/server/impl/SM2Cert.class */
public final class SM2Cert {
    private final String hardcode;
    private String sm2KeyId;
    private String certSN;
    private final byte[] seckey;
    private X509Cert cert;
    String detail = null;

    public SM2Cert(String str, String str2, String str3) throws MenckitException {
        Args.notNull(str, "shareKey");
        Args.notNull(str2, "sm2FileData");
        Args.notNull(str3, "sm2FilePass");
        try {
            X509Cert certFromSM2 = CertUtil.getCertFromSM2(Strings.toUTF8ByteArray(str2));
            if (!JVMArgs.INSTACE.checkCFCAIdent(new cfca.sadk.menckit.client.SM2Cert(certFromSM2.getEncoding()))) {
                throw new MenckitException(Errcode.certLimited, "CERT NOT FROM CFCA CA:" + certFromSM2.getIssuer());
            }
            this.certSN = certFromSM2.getStringSerialNumber();
            this.hardcode = Strings.encodeBase64(SecureRandoms.getInstance().genBytesWithoutZero(24));
            this.sm2KeyId = buildKeyIdentifier(certFromSM2, str2);
            this.seckey = buildSeckeyFrom(str2, str3, this.hardcode, str);
            this.cert = certFromSM2;
        } catch (Exception e) {
            throw new MenckitException(Errcode.certInvalid, "GetCertFromSM2 failed: " + str2, e);
        }
    }

    public byte[] recoverKey(String str) throws MenckitException {
        Args.notNull(str, "shareKey");
        try {
            return Passwords.INSTACEN.decryptMessage(this.hardcode + str, this.seckey);
        } catch (Exception e) {
            throw new MenckitException(Errcode.sm2KeyDecodedFailed, "recoverKey failed", e);
        }
    }

    public byte[] decryptBySM2(String str, byte[] bArr) throws MenckitException {
        Args.notNull(str, "shareKey");
        Args.notNull(bArr, "encryptData");
        byte[] recoverKey = recoverKey(str);
        try {
            try {
                byte[] decrypt = new SM2Crypto().decrypt(recoverKey, bArr);
                DataHelper.clear(recoverKey);
                return decrypt;
            } catch (Exception e) {
                throw new MenckitException(Errcode.sm2DecryptFailed, "SM2Decrypt failed", e);
            }
        } catch (Throwable th) {
            DataHelper.clear(recoverKey);
            throw th;
        }
    }

    private static String buildKeyIdentifier(X509Cert x509Cert, String str) throws MenckitException {
        try {
            SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
            if (subjectKeyIdentifier == null) {
                throw new MenckitException(Errcode.certInvalid, "GetSubjectKeyIdentifier==null");
            }
            return Strings.encodeHex(subjectKeyIdentifier.getKeyIdentifier());
        } catch (Exception e) {
            throw new MenckitException(Errcode.certInvalid, "GetSubjectKeyIdentifier failed: " + str, e);
        }
    }

    private static byte[] buildSeckeyFrom(String str, String str2, String str3, String str4) throws MenckitException {
        try {
            return Passwords.INSTACEN.encryptMessage(str3 + str4, KeyUtil.getPrivateKeyFromSM2(Strings.toUTF8ByteArray(str), Passwords.INSTACEN.restorePassword(str2, "sm2FilePass")).getDByBytes());
        } catch (Exception e) {
            throw new MenckitException(Errcode.sm2KeyEncodedFailed, "buildSeckeyFrom failed: " + str, e);
        }
    }

    public void validate() {
        Date date = new Date();
        if (date.before(this.cert.getNotBefore()) || date.after(this.cert.getNotAfter())) {
            Loggings.runtimeLogger.error("certDateInvalid: {}", detail());
        }
    }

    public String getSm2KeyId() {
        return this.sm2KeyId;
    }

    public void setSm2KeyId(String str) {
        this.sm2KeyId = str;
    }

    public String getCertSN() {
        return this.certSN;
    }

    public void setCertSN(String str) {
        this.certSN = str;
    }

    public String toString() {
        return String.format("SM2Cert[id=%s, sn=%s]", this.sm2KeyId, this.certSN);
    }

    public String detail() {
        if (this.detail == null) {
            this.detail = String.format("SM2Cert[id=%s, sn=%s; dn=%s; ca=%s; validate=%tF&%tF]", this.sm2KeyId, this.cert.getStringSerialNumber(), this.cert.getSubject(), this.cert.getIssuer(), this.cert.getNotBefore(), this.cert.getNotAfter());
        }
        return this.detail;
    }
}
