package cfca.sadk.menckit.server.impl;

import cfca.sadk.menckit.common.AuthResult;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.util.HashHelper;
import cfca.sadk.menckit.common.util.Strings;
import cfca.sadk.menckit.server.ISM2Decryptor;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Cipher;
import cfca.sadk.org.bouncycastle.util.Arrays;
import cfca.sadk.org.bouncycastle.util.BigIntegers;

/* loaded from: input_file:cfca/sadk/menckit/server/impl/Agreements.class */
public final class Agreements {
    public static ServerRandom agreementKey(ISM2Decryptor iSM2Decryptor, String str, String str2, RecipientInfo recipientInfo, AuthResult authResult, boolean z, boolean z2, int i, int i2, boolean z3) throws MenckitException {
        ServerRandom decryptKeyBySM2;
        boolean checkAuthResult;
        boolean z4;
        if (z3 || str == null) {
            decryptKeyBySM2 = decryptKeyBySM2(iSM2Decryptor, str2, recipientInfo, false, i, i2, z3);
            checkAuthResult = checkAuthResult(authResult, decryptKeyBySM2.getSessionKey());
        } else {
            ServerRandom serverRandom = new ServerRandom(str);
            if (str2 == null) {
                str2 = Strings.encodeBase64(serverRandom.getServerRandom());
                z4 = true;
            } else {
                z4 = z && z2 && str2 != null;
                if (z4 && !serverRandom.matchServerRandom(decodeServerRandom(str2))) {
                    throw new MenckitException(Errcode.serverRandomInvalid, "decryptMessageBySM2 failed: serverRandom not match");
                }
            }
            byte[] sessionKey = serverRandom.getSessionKey();
            checkAuthResult = checkAuthResult(authResult, serverRandom.getSessionKey());
            if (checkAuthResult) {
                decryptKeyBySM2 = updateC1C3BySM2(serverRandom, recipientInfo);
            } else {
                decryptKeyBySM2 = decryptKeyBySM2(iSM2Decryptor, str2, recipientInfo, z, i, i2, false);
                if (z4 && !decryptKeyBySM2.checkRandom(sessionKey)) {
                    Loggings.errorLogger.error("decryptMessageBySM2 failed: serverRandom/sm4key not match");
                    throw new MenckitException(Errcode.serverRandomInvalid, "serverRandom/sm4key not match");
                }
                checkAuthResult = checkAuthResult(authResult, decryptKeyBySM2.getSessionKey());
            }
        }
        if (checkAuthResult) {
            return decryptKeyBySM2;
        }
        Loggings.errorLogger.error("decryptMessageBySM2 failed: nonceAuth not match");
        throw new MenckitException(Errcode.nonceInvalid, "onceAuth not match");
    }

    private static boolean checkAuthResult(AuthResult authResult, byte[] bArr) {
        return Arrays.areEqual(HashHelper.auth(authResult.getNonce(), bArr), authResult.getNonceAuth());
    }

    private static ServerRandom decryptKeyBySM2(ISM2Decryptor iSM2Decryptor, String str, RecipientInfo recipientInfo, boolean z, int i, int i2, boolean z2) throws MenckitException {
        byte[] decodeServerRandom = decodeServerRandom(str);
        KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo);
        byte[] octets = keyTransRecipientInfo.getEncryptedKey().getOctets();
        ASN1SM2Cipher aSN1SM2Cipher = ASN1SM2Cipher.getInstance(octets);
        byte[] partC3 = partC3(aSN1SM2Cipher);
        byte[] partC1 = partC1(aSN1SM2Cipher);
        String buildRecipientId = buildRecipientId(keyTransRecipientInfo);
        long currentTimeMillis = System.currentTimeMillis();
        byte[] decryptBySM2 = iSM2Decryptor.decryptBySM2(buildRecipientId, octets);
        Loggings.systemLoggerx.info("decryptKeyBySM2: successfully runtime={},serverRandom={}", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
        return new ServerRandom(Arrays.concatenate(partC1, partC3), decryptBySM2, decodeServerRandom, z, i, i2, z2);
    }

    private static ServerRandom updateC1C3BySM2(ServerRandom serverRandom, RecipientInfo recipientInfo) throws MenckitException {
        ASN1SM2Cipher aSN1SM2Cipher = ASN1SM2Cipher.getInstance(KeyTransRecipientInfo.getInstance(recipientInfo).getEncryptedKey().getOctets());
        byte[] concatenate = Arrays.concatenate(partC1(aSN1SM2Cipher), partC3(aSN1SM2Cipher));
        if (!serverRandom.matchKeyTag(concatenate)) {
            serverRandom.setKeyTag(concatenate);
        }
        return serverRandom;
    }

    private static String buildRecipientId(KeyTransRecipientInfo keyTransRecipientInfo) throws MenckitException {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        if (recipientIdentifier.isTagged()) {
            return Strings.encodeHex(recipientIdentifier.getId().getOctets());
        }
        Loggings.errorLogger.error("decryptMessageBySM2 failed: NOT SubjectKeyIdentifier");
        throw new MenckitException(Errcode.msgFormatInvalid, "NOT SubjectKeyIdentifier");
    }

    private static byte[] partC3(ASN1SM2Cipher aSN1SM2Cipher) {
        return aSN1SM2Cipher.getHashValue().getOctets();
    }

    private static byte[] partC1(ASN1SM2Cipher aSN1SM2Cipher) {
        return Arrays.concatenate(BigIntegers.asUnsignedByteArray(32, aSN1SM2Cipher.getXCoordinate().getPositiveValue()), BigIntegers.asUnsignedByteArray(32, aSN1SM2Cipher.getYCoordinate().getPositiveValue()));
    }

    private static byte[] decodeServerRandom(String str) throws MenckitException {
        if (str == null) {
            return null;
        }
        try {
            return Strings.decodeBase64(str);
        } catch (Exception e) {
            Loggings.errorLogger.error("decodeServerRandom failed: serverRandom invlaid");
            throw new MenckitException(Errcode.serverRandomRecoveryFailed, "serverRandomBase64Invalid", e);
        }
    }
}
