package cfca.sadk.envelope;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.util.SymmetricHelper;
import cfca.sadk.algorithm.util.SymmetricParams;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.BEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.OriginatorInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.org.bouncycastle.gmt.GMTObjectIdentifiers;
import cfca.sadk.org.bouncycastle.gmt.GMTPKCSObjectIdentifiers;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileOutputStream;

/* loaded from: input_file:cfca/sadk/envelope/EnvelopeEncryptHelper.class */
public final class EnvelopeEncryptHelper {
    public static final int MAX_ENVELOPE_SOURCE_FILE_LENGTH = 2097152000;
    private static final int policy = 0;
    private final ASN1ObjectIdentifier oid_data;
    private final ASN1ObjectIdentifier oid_envelopedData;
    private final ASN1ObjectIdentifier oid_publicKeyEncrypt;
    private final boolean isSM2Envelope;

    public EnvelopeEncryptHelper(boolean z) {
        if (z) {
            this.oid_publicKeyEncrypt = GMTPKCSObjectIdentifiers.SM2_pubKey_encrypt;
            this.oid_data = GMTObjectIdentifiers.sm2Data;
            this.oid_envelopedData = GMTObjectIdentifiers.sm2EnvelopedData;
        } else {
            this.oid_publicKeyEncrypt = PKCSObjectIdentifiers.rsaEncryption;
            this.oid_data = PKCSObjectIdentifiers.data;
            this.oid_envelopedData = PKCSObjectIdentifiers.envelopedData;
        }
        this.isSM2Envelope = z;
    }

    byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws Exception {
        return envelopeMessage(bArr, str, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws Exception {
        return envelopeMessage(bArr, str, x509CertArr, session, 0);
    }

    public byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session, int i) throws Exception {
        if (x509CertArr == null) {
            throw new PKIException("missing receiverCerts!");
        }
        if (x509CertArr.length > 1) {
            throw new PKIException("receiverCerts more than one cert!");
        }
        checkAlgorithm(str, x509CertArr);
        SymmetricParams generateSecretKey = SymmetricParams.generateSecretKey(str);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey.symmetricKey, session, i));
        }
        return Base64.encode(ASN1Parser.parseDERObj2Bytes(new CMSEnvelopedData(new ContentInfo(this.oid_envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(this.oid_data, generateSecretKey.algorithmId, new BEROctetString(SymmetricHelper.dataEncrypt(session != null && session.useJniNativeOperation(), generateSecretKey, bArr))), ASN1Set.getInstance(null)))).toASN1Structure()));
    }

    final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws Exception {
        envelopeFile(str, str2, str3, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws Exception {
        envelopeFile(str, str2, str3, x509CertArr, session, 0);
    }

    public void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session, int i) throws Exception {
        if (str == null) {
            throw new PKIException("sourceFilePath is null");
        }
        if (x509CertArr == null) {
            throw new PKIException("missing receiverCerts!");
        }
        if (x509CertArr.length > 1) {
            throw new PKIException("receiverCerts more than one cert!");
        }
        checkAlgorithm(str3, x509CertArr);
        AutoCloseable autoCloseable = null;
        try {
            try {
                File file = new File(str);
                if (!file.exists()) {
                    throw new PKIException("sourceFile is not exists");
                }
                if (!file.isFile()) {
                    throw new PKIException("sourceFile is not file");
                }
                if (file.length() > 2097152000) {
                    throw new PKIException("MEncryptedInputStream@sourceFileLength more than 2097152000");
                }
                SymmetricParams generateSecretKey = SymmetricParams.generateSecretKey(str3);
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                for (X509Cert x509Cert : x509CertArr) {
                    aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey.symmetricKey, session, i));
                }
                ContentInfo contentInfo = new ContentInfo(this.oid_envelopedData, new FileEnvelopedData(null, new DERSet(aSN1EncodableVector), new FileEncryptedContentInfo(this.oid_data, generateSecretKey.algorithmId, new FileEncryptedInputStream(session != null && session.useJniNativeOperation(), file, generateSecretKey.symmetricKey, generateSecretKey.mechanism)), null));
                File file2 = new File(str2);
                if (!file2.exists()) {
                    file2.createNewFile();
                }
                DEROutputStream dEROutputStream = new DEROutputStream(new FileOutputStream(file2));
                dEROutputStream.writeObject(contentInfo);
                if (dEROutputStream != null) {
                    try {
                        dEROutputStream.close();
                    } catch (Exception e) {
                        throw new Exception("envelopeFile failed:", e);
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        autoCloseable.close();
                    } catch (Exception e2) {
                        throw new Exception("envelopeFile failed:", e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new Exception("envelopeFile failed:", e3);
        }
    }

    private RecipientInfo toRecipientInfo(X509Cert x509Cert, byte[] bArr, Session session, int i) throws Exception {
        Mechanism mechanism;
        AlgorithmIdentifier algorithmIdentifier;
        if (x509Cert.isSM2Cert()) {
            mechanism = new Mechanism(MechanismKit.SM2);
            algorithmIdentifier = new AlgorithmIdentifier(this.oid_publicKeyEncrypt, DERNull.INSTANCE);
        } else {
            mechanism = new Mechanism(MechanismKit.RSA_PKCS);
            algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(x509Cert.getPublicKeyAlgorithmOID()), DERNull.INSTANCE);
        }
        return new RecipientInfo(new KeyTransRecipientInfo(x509Cert.generateRecipientIdentifier(i), algorithmIdentifier, new DEROctetString(session != null && session.useJniNativeOperation() ? session.encrypt(mechanism, x509Cert.getPublicKey(), bArr) : BCSoftLib.INSTANCE().encrypt(mechanism, x509Cert.getPublicKey(), bArr))));
    }

    private boolean checkAlgorithm(String str, X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr == null || x509CertArr.length < 1) {
            throw new PKIException("receiverCerts is null!");
        }
        boolean isSM2Cert = x509CertArr[0].isSM2Cert();
        if (this.isSM2Envelope && !isSM2Cert) {
            throw new PKIException("receiverCerts[0] required SM2!");
        }
        if (!this.isSM2Envelope && isSM2Cert) {
            throw new PKIException("receiverCerts[0] required RSA!");
        }
        String str2 = isSM2Cert ? MechanismKit.SM2 : MechanismKit.RSA;
        for (int i = 1; i < x509CertArr.length; i++) {
            if (x509CertArr[i] != null && isSM2Cert != x509CertArr[i].isSM2Cert()) {
                throw new PKIException("receiverCerts[" + i + "] required " + str2);
            }
        }
        return checkSymmetricAlgorithm(str, isSM2Cert);
    }

    private boolean checkSymmetricAlgorithm(String str, boolean z) throws PKIException {
        if (str == null) {
            throw new PKIException("symmetricAlgorithm is null!");
        }
        boolean z2 = str.toUpperCase().indexOf(MechanismKit.SM4_KEY) >= 0;
        if (z && !z2) {
            throw new PKIException("symmetricAlgorithm required SM4!");
        }
        if (z || !z2) {
            return true;
        }
        throw new PKIException("symmetricAlgorithm required not SM4!");
    }
}
