package cfca.sadk.menckit.server.helper;

import cfca.sadk.menckit.common.AuthResult;
import cfca.sadk.menckit.common.Constants;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.asn1.PlatformInfo;
import cfca.sadk.menckit.common.asn1.SMObjectIdentifiers;
import cfca.sadk.menckit.common.fastasn1.ContentInfoPart;
import cfca.sadk.menckit.common.fastasn1.MessagePart;
import cfca.sadk.menckit.common.helper.Algorithms;
import cfca.sadk.menckit.common.helper.SM4FastHelper;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.DataHelper;
import cfca.sadk.menckit.common.util.HashHelper;
import cfca.sadk.menckit.common.util.Nonce;
import cfca.sadk.menckit.common.util.Strings;
import cfca.sadk.menckit.server.DataResult;
import cfca.sadk.menckit.server.ISM2Decryptor;
import cfca.sadk.menckit.server.MessageHelper;
import cfca.sadk.menckit.server.impl.Agreements;
import cfca.sadk.menckit.server.impl.ServerRandom;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.cms.GCMParameters;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.system.SecureRandoms;
import java.io.IOException;

/* loaded from: input_file:cfca/sadk/menckit/server/helper/FastMessageHelper.class */
public class FastMessageHelper implements MessageHelper, SMObjectIdentifiers {
    private boolean verifyServerRandom;

    public FastMessageHelper(boolean z) {
        this.verifyServerRandom = z;
    }

    @Override // cfca.sadk.menckit.server.MessageHelper
    public DataResult decrypt(String str, ISM2Decryptor iSM2Decryptor, String str2, byte[] bArr) throws MenckitException {
        byte[] decryptBySM4;
        Args.notNull(iSM2Decryptor, "callback");
        Args.notNull(bArr, "encryptData");
        long currentTimeMillis = System.currentTimeMillis();
        int length = bArr.length;
        Loggings.systemLogger.info("decryptBySM4: serverRandom={}, keyHandle={}, encryptLength={}", new Object[]{str2, str, Integer.valueOf(bArr.length)});
        if (length > 2147483647L) {
            Loggings.errorLogger.error("decryptBySM4: invalidLength=", Integer.valueOf(length));
            throw new MenckitException(Errcode.readFileFailed, "encryptLengthLimited=" + length);
        }
        byte[] readPart = DataHelper.readPart(bArr);
        try {
            MessagePart messagePart = new MessagePart(readPart);
            ContentInfoPart contentInfo = messagePart.contentInfo();
            if (!contentInfo.isEnveloped()) {
                Loggings.errorLogger.error("decryptBySM4: encodingInvalid(length={})NOT SM2", Integer.valueOf(length));
                throw new MenckitException(Errcode.msgDecodeFailed, "encodingInvalid: NOT SM2");
            }
            int dataLength = messagePart.getDataLength() + messagePart.getDataOffset();
            if (dataLength != length) {
                throw new MenckitException(Errcode.sm4DecryptFailed, String.format("decryptBySM4: lengthInvalid(expLength=%s,datLength=%s)", Integer.valueOf(dataLength), Integer.valueOf(length)));
            }
            boolean isServerRandomJoinin = messagePart.isServerRandomJoinin();
            int msgVersion = messagePart.getMsgVersion();
            PlatformInfo platformInfo = null;
            if (messagePart.getPlatformInfo() != null) {
                platformInfo = PlatformInfo.getInstance(messagePart.getPlatformInfo());
            }
            RecipientInfo recipientInfo = RecipientInfo.getInstance(ASN1Set.getInstance(contentInfo.getRecipients()).getObjectAt(0));
            AlgorithmIdentifier algorithmIdentifier = AlgorithmIdentifier.getInstance(contentInfo.getEciAlgorithm());
            boolean equals = sm4GCM.equals(Algorithms.checkOID(algorithmIdentifier.getAlgorithm()));
            ServerRandom agreementKey = Agreements.agreementKey(iSM2Decryptor, str, str2, recipientInfo, new AuthResult(messagePart.getNonce(), messagePart.getNonceHmac(), messagePart.getSourceHmac(), null), isServerRandomJoinin, this.verifyServerRandom, equals ? Constants.MODE_GCM : Constants.MODE_CBC, msgVersion, false);
            byte[] sessionKey = agreementKey.getSessionKey();
            if (equals) {
                GCMParameters gCMParameters = GCMParameters.getInstance(algorithmIdentifier.getParameters());
                decryptBySM4 = SM4FastHelper.decryptByGCM(sessionKey, gCMParameters.getNonce(), bArr, messagePart, 8 * gCMParameters.getIcvLen(), null);
            } else {
                decryptBySM4 = SM4FastHelper.decryptBySM4(sessionKey, ASN1OctetString.getInstance(algorithmIdentifier.getParameters()).getOctets(), bArr, messagePart);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (Loggings.systemLogger.isInfoEnabled()) {
                Loggings.systemLogger.info("decryptBySM4: sucessfully runtime={}, decryptLength={}, outputLength={}", new Object[]{Long.valueOf(currentTimeMillis2), Integer.valueOf(bArr.length), Integer.valueOf(decryptBySM4.length)});
            }
            return new DataResult(decryptBySM4, agreementKey.getkeyHandle(), platformInfo);
        } catch (Exception e) {
            Loggings.errorLogger.error("decryptBySM4: encodingInvalid(length={}, part={})", new Object[]{Integer.valueOf(length), Strings.encodeHex(readPart), e});
            throw new MenckitException(Errcode.msgDecodeFailed, "encodingInvalid", e);
        }
    }

    @Override // cfca.sadk.menckit.server.MessageHelper
    public byte[] encrypt(String str, String str2, byte[] bArr) throws MenckitException {
        int i;
        byte[] genBytes;
        AlgorithmIdentifier algorithmIdentifier;
        byte[] encryptByGCM;
        Args.notNull(str, "keyHandle");
        Args.notNull(bArr, "sourceData");
        long currentTimeMillis = System.currentTimeMillis();
        int length = bArr.length;
        Loggings.systemLogger.info("encryptBySM2: serverRandom={}, keyHandle={}, sourceLength={}", new Object[]{str2, str, Integer.valueOf(bArr.length)});
        ServerRandom serverRandom = new ServerRandom(str);
        if (!serverRandom.matchServerRandom(str2)) {
            serverRandom.clear();
            Loggings.errorLogger.error("encryptBySM2Failed: serverRandom not match->keyHandle={}, serverRandom={}", str, str2);
            throw new MenckitException(Errcode.serverRandomInvalid, "serverRandom not match");
        }
        int msgVersion = serverRandom.getMsgVersion();
        if (msgVersion == 0) {
            throw new MenckitException(Errcode.argumentInvalid, "V1DoNotSupport");
        }
        if (length > 2147479551) {
            Loggings.errorLogger.error("sourceLengthInvalid: length=", Integer.valueOf(length));
            throw new MenckitException(Errcode.readFileFailed, "sourceLengthLimited=" + length);
        }
        byte[] keyTag = serverRandom.getKeyTag();
        byte[] sessionKey = serverRandom.getSessionKey();
        int encryptMode = serverRandom.getEncryptMode();
        byte[] nonce = Nonce.INSTANCE.nonce(msgVersion);
        byte[] auth = HashHelper.auth(nonce, sessionKey);
        int i2 = Constants.GCM_ICVLENGTH;
        int i3 = i2 / 8;
        if (encryptMode == Constants.MODE_GCM) {
            i = length + i3;
            genBytes = SecureRandoms.getInstance().genBytes(i3);
            algorithmIdentifier = new AlgorithmIdentifier(sm4GCM.getId(), new GCMParameters(genBytes, i3));
        } else {
            i = 16 + ((length >> 4) << 4);
            genBytes = SecureRandoms.getInstance().genBytes(16);
            algorithmIdentifier = new AlgorithmIdentifier(sm4Encrypt.getId(), new DEROctetString(genBytes));
        }
        try {
            byte[] encoded = algorithmIdentifier.getEncoded();
            boolean z = encryptMode != Constants.MODE_GCM;
            MessagePart messagePart = new MessagePart(null, serverRandom.serverRandomJoinin(), false, z, i);
            messagePart.setKeyTag(keyTag);
            messagePart.setNonce(nonce);
            messagePart.setNonceHmac(auth);
            messagePart.contentInfo().setEciAlgorithm(encoded);
            if (z) {
                encryptByGCM = SM4FastHelper.encryptBySM4(sessionKey, genBytes, bArr, messagePart);
            } else {
                messagePart.setSourceHmac(new byte[32]);
                encryptByGCM = SM4FastHelper.encryptByGCM(sessionKey, genBytes, bArr, messagePart, i2, null);
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            if (Loggings.systemLogger.isInfoEnabled()) {
                Loggings.systemLogger.info("encryptBySM2: sucessfully runtime={}, encryptLength={}, outputLength={}", new Object[]{Long.valueOf(currentTimeMillis2), Integer.valueOf(bArr.length), Integer.valueOf(encryptByGCM.length)});
            }
            return encryptByGCM;
        } catch (IOException e) {
            throw new MenckitException(Errcode.argumentInvalid, "algorithmInvalid", e);
        }
    }
}
