package cfca.sadk.menckit.common.helper;

import cfca.sadk.lib.crypto.Session;
import cfca.sadk.menckit.client.impl.ClientRandom;
import cfca.sadk.menckit.common.AuthResult;
import cfca.sadk.menckit.common.Constants;
import cfca.sadk.menckit.common.Debugger;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.asn1.SMObjectIdentifiers;
import cfca.sadk.menckit.common.bean.SM2Result;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.HashHelper;
import cfca.sadk.menckit.common.util.Nonce;
import cfca.sadk.menckit.common.util.SessionLibs;
import cfca.sadk.menckit.server.ISM2Decryptor;
import cfca.sadk.menckit.server.impl.Agreements;
import cfca.sadk.menckit.server.impl.ServerRandom;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.BEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.GCMParameters;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.OriginatorInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.util.Arrays;
import cfca.sadk.system.SecureRandoms;

/* loaded from: input_file:cfca/sadk/menckit/common/helper/SM2EnvelopeHelper.class */
public class SM2EnvelopeHelper implements SMObjectIdentifiers {
    private SM2EnvelopeHelper() {
    }

    public static SM2Result decryptMessageBySM2(ISM2Decryptor iSM2Decryptor, String str, String str2, AuthResult authResult, byte[] bArr, boolean z, boolean z2, int i, boolean z3) throws MenckitException {
        byte[] decryptBySM4;
        Args.notNull(iSM2Decryptor, "callback");
        Args.notNull(authResult, "authResult");
        Args.notNull(authResult.getNonce(), "authResult->nonce");
        Args.notNull(authResult.getNonceAuth(), "authResult->nonceAuth");
        Args.notNull(authResult.getEncryptData(), "authResult->encryptData");
        if (iSM2Decryptor == null) {
            throw new IllegalStateException("callback==null");
        }
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(authResult.getEncryptData());
            if (!sm2EnvelopedData.equals(contentInfo.getContentType())) {
                Loggings.errorLogger.error("decryptMessageBySM2 failed: encryptType not for sm2EnvelopedData->" + contentInfo.getContentType());
                throw new MenckitException(Errcode.msgFormatInvalid, "encryptType not for sm2EnvelopedData");
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(contentInfo.getContent());
            AlgorithmIdentifier contentEncryptionAlgorithm = envelopedData.getEncryptedContentInfo().getContentEncryptionAlgorithm();
            RecipientInfo recipientInfo = RecipientInfo.getInstance(envelopedData.getRecipientInfos().getObjectAt(0));
            boolean equals = sm4GCM.equals(Algorithms.checkOID(contentEncryptionAlgorithm.getAlgorithm()));
            int i2 = equals ? Constants.MODE_GCM : Constants.MODE_CBC;
            ServerRandom agreementKey = Agreements.agreementKey(iSM2Decryptor, str, str2, recipientInfo, authResult, z, z2, i2, i, z3);
            byte[] sessionKey = agreementKey.getSessionKey();
            byte[] octets = envelopedData.getEncryptedContentInfo().getEncryptedContent().getOctets();
            if (equals) {
                GCMParameters gCMParameters = GCMParameters.getInstance(contentEncryptionAlgorithm.getParameters());
                decryptBySM4 = SM4DataHelper.decryptByGCM(sessionKey, gCMParameters.getNonce(), octets, 8 * gCMParameters.getIcvLen(), null);
            } else {
                decryptBySM4 = SM4DataHelper.decryptBySM4(sessionKey, ASN1OctetString.getInstance(contentEncryptionAlgorithm.getParameters()).getOctets(), octets);
            }
            if (equals) {
                byte[] bArr2 = new byte[32];
            } else {
                byte[] hmac = HashHelper.hmac(decryptBySM4, sessionKey, i2, i);
                if (!Arrays.areEqual(hmac, bArr)) {
                    Loggings.errorLogger.error("decryptMessageBySM2 failed: sourceHmacAct not match->sourceHmacAct={}, encryptData={}", Debugger.dump(hmac), Debugger.dump(authResult.getEncryptData()));
                    throw new MenckitException(Errcode.hashNotMatch, "sourceHmacAct not match");
                }
            }
            return new SM2Result(agreementKey, decryptBySM4);
        } catch (Exception e) {
            Loggings.errorLogger.error("decryptMessageBySM2 failed: CMSEnvelopedData failed");
            throw new MenckitException(Errcode.msgDecodeFailed, "decryptMessageBySM2", e);
        }
    }

    public static AuthResult encryptMessageBySM2(String str, ClientRandom clientRandom, RecipientIdentifier recipientIdentifier, byte[] bArr, int i, int i2) throws Exception {
        return encryptMessageBySM2(str, clientRandom, null, null, recipientIdentifier, bArr, i, i2);
    }

    public static AuthResult encryptMessageBySM2(String str, ClientRandom clientRandom, String str2, String str3, RecipientIdentifier recipientIdentifier, byte[] bArr, int i, int i2) throws Exception {
        byte[] genBytes;
        AlgorithmIdentifier algorithmIdentifier;
        Args.notNull(str, "sharkPin");
        Args.notNull(clientRandom, "clientRandom");
        Args.notNull(recipientIdentifier, "recipientIdentifier");
        Args.notNull(bArr, "sourceData");
        byte[] clientRandomSM2Cipher = clientRandom.getClientRandomSM2Cipher();
        if (i == Constants.MODE_GCM) {
            genBytes = SecureRandoms.getInstance().genBytes(12);
            algorithmIdentifier = new AlgorithmIdentifier(sm4GCM.getId(), new GCMParameters(genBytes, Constants.GCM_ICVLENGTH / 8));
        } else {
            genBytes = SecureRandoms.getInstance().genBytes(16);
            algorithmIdentifier = new AlgorithmIdentifier(sm4Encrypt.getId(), new DEROctetString(genBytes));
        }
        AuthResult encryptBySM4 = encryptBySM4(str, clientRandom, str2, str3, genBytes, bArr, i, i2);
        Session session = SessionLibs.INSTACE.session();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(buildRecipientInfo(recipientIdentifier, clientRandomSM2Cipher, session));
        encryptBySM4.setEncryptData(new ContentInfo(sm2EnvelopedData.getId(), new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(sm2Data.getId(), algorithmIdentifier, new BEROctetString(encryptBySM4.getEncryptData())), ASN1Set.getInstance((Object) null))).getEncoded("DER"));
        return encryptBySM4;
    }

    private static RecipientInfo buildRecipientInfo(RecipientIdentifier recipientIdentifier, byte[] bArr, Session session) throws MenckitException {
        try {
            return new RecipientInfo(new KeyTransRecipientInfo(recipientIdentifier, new AlgorithmIdentifier(sm2Encrypt.getId(), DERNull.INSTANCE), new DEROctetString(bArr)));
        } catch (Exception e) {
            throw new MenckitException(Errcode.msgEncodeFailed, "buildRecipientInfo failed", e);
        }
    }

    private static AuthResult encryptBySM4(String str, ClientRandom clientRandom, String str2, String str3, byte[] bArr, byte[] bArr2, int i, int i2) throws Exception {
        byte[] recoverKey = clientRandom.recoverKey(str);
        byte[] nonce = Nonce.INSTANCE.nonce(i2);
        byte[] auth = HashHelper.auth(nonce, recoverKey);
        if (Loggings.systemLoggerx.isInfoEnabled()) {
            Loggings.systemLoggerx.info("encryptMessage: keyTag={}", Debugger.dump(clientRandom.getKeyTag()));
        }
        return new AuthResult(nonce, auth, HashHelper.hmac(bArr2, recoverKey, i, i2), i == Constants.MODE_GCM ? SM4DataHelper.encryptByGCM(recoverKey, bArr, bArr2, Constants.GCM_ICVLENGTH, null) : SM4DataHelper.encryptBySM4(recoverKey, bArr, bArr2));
    }
}
