package cfca.sadk.menckit.common.helper;

import cfca.sadk.menckit.common.AuthResult;
import cfca.sadk.menckit.common.Constants;
import cfca.sadk.menckit.common.Debugger;
import cfca.sadk.menckit.common.Errcode;
import cfca.sadk.menckit.common.Loggings;
import cfca.sadk.menckit.common.MenckitException;
import cfca.sadk.menckit.common.asn1.SM4Cipher;
import cfca.sadk.menckit.common.asn1.SMObjectIdentifiers;
import cfca.sadk.menckit.common.util.Args;
import cfca.sadk.menckit.common.util.HashHelper;
import cfca.sadk.menckit.common.util.Nonce;
import cfca.sadk.org.bouncycastle.asn1.ASN1Encodable;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedData;
import cfca.sadk.org.bouncycastle.asn1.cms.GCMParameters;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.util.Arrays;
import cfca.sadk.system.SecureRandoms;

/* loaded from: input_file:cfca/sadk/menckit/common/helper/SM4EncryptedHelper.class */
public class SM4EncryptedHelper implements SMObjectIdentifiers {
    private SM4EncryptedHelper() {
    }

    public static AuthResult encryptMessage(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, int i, int i2) throws Exception {
        byte[] encryptBySM4;
        AlgorithmIdentifier algorithmIdentifier;
        Args.notNull(bArr, "sm4key");
        Args.notNull(bArr3, "sourceData");
        if (i2 == 0) {
            Args.notNull(bArr2, "keyTag");
        }
        byte[] nonce = Nonce.INSTANCE.nonce(i2);
        byte[] auth = HashHelper.auth(nonce, bArr);
        if (Loggings.systemLoggerx.isInfoEnabled()) {
            Loggings.systemLoggerx.info("encryptMessage: keyTag={}, sessionkey={}", Debugger.dump(bArr2), str);
        }
        byte[] hmac = HashHelper.hmac(bArr3, bArr, i, i2);
        if (i == Constants.MODE_GCM) {
            byte[] genBytes = SecureRandoms.getInstance().genBytes(12);
            int i3 = Constants.GCM_ICVLENGTH;
            encryptBySM4 = SM4DataHelper.encryptByGCM(bArr, genBytes, bArr3, i3, null);
            algorithmIdentifier = new AlgorithmIdentifier(sm4GCM.getId(), new GCMParameters(genBytes, i3 / 8));
        } else {
            byte[] genBytes2 = SecureRandoms.getInstance().genBytes(16);
            encryptBySM4 = SM4DataHelper.encryptBySM4(bArr, genBytes2, bArr3);
            algorithmIdentifier = new AlgorithmIdentifier(sm4Encrypt.getId(), new DEROctetString(genBytes2));
        }
        SM4Cipher sM4Cipher = new SM4Cipher(bArr2, encryptBySM4);
        if (i2 == 0) {
            encryptBySM4 = sM4Cipher.getEncoded();
        }
        return new AuthResult(nonce, auth, hmac, new ContentInfo(sm2EncryptedData.getId(), new EncryptedData(new EncryptedContentInfo(sm2Data.getId(), algorithmIdentifier, new DEROctetString(encryptBySM4)))).getEncoded("DER"));
    }

    public static byte[] decryptMessage(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws MenckitException, Exception {
        byte[] decryptBySM4;
        Args.lestLength(16, bArr, "sm4key");
        Args.notNull(bArr2, "cmsEncryptedData");
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(bArr2);
            if (!sm2EncryptedData.equals(contentInfo.getContentType())) {
                throw new MenckitException(Errcode.msgFormatInvalid, "decryptMessage failed: contentType not for sm4EncryptedData->" + contentInfo.getContentType());
            }
            EncryptedContentInfo encryptedContentInfo = EncryptedData.getInstance(contentInfo.getContent()).getEncryptedContentInfo();
            if (!sm2Data.equals(encryptedContentInfo.getContentType())) {
                throw new MenckitException(Errcode.msgFormatInvalid, "decryptMessage failed: contentType not for sm4EncryptedContentInfo->" + encryptedContentInfo.getContentType());
            }
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            ASN1ObjectIdentifier checkOID = Algorithms.checkOID(contentEncryptionAlgorithm.getAlgorithm());
            ASN1Encodable parameters = contentEncryptionAlgorithm.getParameters();
            if (parameters == null) {
                throw new MenckitException(Errcode.msgFormatInvalid, "decryptMessage failed: algorithmParameters ==null");
            }
            if (encryptedContentInfo.getEncryptedContent() == null) {
                throw new MenckitException(Errcode.msgFormatInvalid, "decryptMessage failed: encryptedContent ==null");
            }
            byte[] octets = encryptedContentInfo.getEncryptedContent().getOctets();
            byte[] bArr4 = null;
            if (i == 0) {
                SM4Cipher sM4Cipher = SM4Cipher.getInstance(octets);
                octets = sM4Cipher.getEncryptDataC4();
                bArr4 = sM4Cipher.getKeyTag();
            }
            if (Loggings.systemLoggerx.isInfoEnabled()) {
                Loggings.systemLoggerx.info("decryptMessage: keyTag={}", Debugger.dump(bArr4));
            }
            boolean equals = sm4GCM.equals(checkOID);
            int i2 = equals ? Constants.MODE_GCM : Constants.MODE_CBC;
            if (equals) {
                GCMParameters gCMParameters = GCMParameters.getInstance(parameters);
                decryptBySM4 = SM4DataHelper.decryptByGCM(bArr, gCMParameters.getNonce(), octets, 8 * gCMParameters.getIcvLen(), null);
            } else {
                decryptBySM4 = SM4DataHelper.decryptBySM4(bArr, ASN1OctetString.getInstance(parameters).getOctets(), octets);
                if (!Arrays.areEqual(HashHelper.hmac(decryptBySM4, bArr, i2, i), bArr3)) {
                    throw new MenckitException(Errcode.hashNotMatch, "decryptMessage failed: hash not match");
                }
            }
            return decryptBySM4;
        } catch (Exception e) {
            throw new MenckitException(Errcode.msgDecodeFailed, "decryptMessage failed: CMSEnvelopedData failed", e);
        }
    }
}
