package nbcb.cfca.sadk.asn1.pkcs;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.MechanismKit;
import nbcb.cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.algorithm.sm2.SM2PrivateKey;
import nbcb.cfca.sadk.algorithm.sm2.SM2PublicKey;
import nbcb.cfca.sadk.algorithm.sm2.SM3Digest;
import nbcb.cfca.sadk.algorithm.sm2.SM4Engine;
import nbcb.cfca.sadk.asn1.parser.ASN1Parser;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Encodable;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Primitive;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import nbcb.cfca.sadk.org.bouncycastle.asn1.BERSequence;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import nbcb.cfca.sadk.org.bouncycastle.asn1.DERSequence;
import nbcb.cfca.sadk.org.bouncycastle.crypto.DataLengthException;
import nbcb.cfca.sadk.org.bouncycastle.crypto.InvalidCipherTextException;
import nbcb.cfca.sadk.org.bouncycastle.crypto.modes.CBCBlockCipher;
import nbcb.cfca.sadk.org.bouncycastle.crypto.paddings.PKCS7Padding;
import nbcb.cfca.sadk.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import nbcb.cfca.sadk.org.bouncycastle.crypto.params.KeyParameter;
import nbcb.cfca.sadk.org.bouncycastle.crypto.params.ParametersWithIV;
import nbcb.cfca.sadk.org.bouncycastle.util.Strings;
import nbcb.cfca.sadk.system.FileHelper;
import nbcb.cfca.sadk.system.global.SM2ContextConfig;
import nbcb.cfca.sadk.util.Base64;
import nbcb.cfca.sadk.x509.certificate.X509Cert;

/* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/asn1/pkcs/PKCS12_SM2.class */
public class PKCS12_SM2 implements ASN1Encodable, PKCSObjectIdentifiers {
    private ASN1Sequence privateInfo = null;
    private ASN1Sequence publicInfo = null;
    private SM2PrivateKey SM2PrivateKey;
    private X509Cert[] certs;

    public static PKCS12_SM2 getInstance(Object obj) throws PKIException {
        if (obj instanceof PKCS12_SM2) {
            return (PKCS12_SM2) obj;
        }
        if (obj instanceof byte[]) {
            return new PKCS12_SM2((byte[]) obj);
        }
        if (obj != null) {
            return new PKCS12_SM2(ASN1Sequence.getInstance(obj));
        }
        return null;
    }

    public PKCS12_SM2() {
    }

    public PKCS12_SM2(byte[] bArr) throws PKIException {
        if (bArr == null) {
            throw new PKIException("SM2File encoding should not be null");
        }
        load(bArr);
    }

    public PKCS12_SM2(ASN1Sequence aSN1Sequence) throws PKIException {
        parseSM2(aSN1Sequence);
    }

    public PKCS12_SM2(ASN1Sequence aSN1Sequence, ASN1Sequence aSN1Sequence2) throws PKIException {
        if (aSN1Sequence == null) {
            throw new PKIException("SM2File publicInfo should not be null");
        }
        if (aSN1Sequence2 == null) {
            throw new PKIException("SM2File privateInfo should not be null");
        }
        parseSM2Certs(aSN1Sequence2, aSN1Sequence);
    }

    public void load(byte[] bArr) throws PKIException {
        try {
            parseSM2(ASN1Parser.getDERSequenceFrom(bArr));
        } catch (Exception e) {
            throw new PKIException("SM2File Decoding failure", e);
        }
    }

    public void parseSM2(ASN1Sequence aSN1Sequence) throws PKIException {
        if (aSN1Sequence == null || aSN1Sequence.size() != 3) {
            throw new PKIException("invalid SM2File encoding");
        }
        parseSM2Certs((ASN1Sequence) aSN1Sequence.getObjectAt(1), (ASN1Sequence) aSN1Sequence.getObjectAt(2));
    }

    private void parseSM2Certs(ASN1Sequence aSN1Sequence, ASN1Sequence aSN1Sequence2) throws PKIException {
        if (aSN1Sequence.size() != 3) {
            throw new PKIException("the sm2 file is not right format,can not get the private part");
        }
        if (aSN1Sequence2.size() != 2) {
            throw new PKIException("the sm2 file is not right format.can not get the public part");
        }
        this.privateInfo = aSN1Sequence;
        this.publicInfo = aSN1Sequence2;
        this.certs = new X509Cert[]{new X509Cert(((ASN1OctetString) aSN1Sequence2.getObjectAt(1)).getOctets())};
    }

    private static byte[] KDF(byte[] bArr) {
        byte[] bArr2 = {0, 0, 0, 1};
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        sM3Digest.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[32];
        sM3Digest.doFinal(bArr3, 0);
        return bArr3;
    }

    public PrivateKey getPrivateKey() throws PKIException {
        if (this.SM2PrivateKey == null) {
            throw new PKIException(PKIException.DECRYPT_P12_ERR, PKIException.DECRYPT_P12_ERR_DES);
        }
        return this.SM2PrivateKey;
    }

    public SM2PrivateKey getPrivateKey(String str) throws PKIException {
        return decrypt(str);
    }

    public SM2PrivateKey decrypt(String str) throws PKIException {
        if (this.SM2PrivateKey == null) {
            if (str == null) {
                throw new PKIException("SM2File password should not be null");
            }
            if (this.privateInfo == null) {
                throw new PKIException("SM2File invalid : privateInfo=null");
            }
            try {
                byte[] SM4DecryptDBytes = SM4DecryptDBytes(str, ((ASN1OctetString) this.privateInfo.getObjectAt(2)).getOctets());
                SM2PublicKey sM2PublicKey = (SM2PublicKey) getPublicCert()[0].getPublicKey();
                this.SM2PrivateKey = new SM2PrivateKey(SM4DecryptDBytes, sM2PublicKey.getPubXByBytes(), sM2PublicKey.getPubYByBytes());
            } catch (Exception e) {
                throw new PKIException("SM2File decoding failure", e);
            }
        }
        return this.SM2PrivateKey;
    }

    private byte[] SM4DecryptDBytes(String str, byte[] bArr) throws PKIException {
        byte[] bArr2;
        byte[] bArr3;
        if (str == null || str.length() == 0) {
            throw new PKIException("SM2File password should not be null");
        }
        try {
            byte[] bytes = str.getBytes("UTF8");
            if (bArr == null || bArr.length == 0) {
                throw new PKIException("SM2File encryptedData should not be null");
            }
            if (bArr.length < 32 || bArr.length > 64) {
                throw new PKIException("SM2File EncryptedData required length in [32-64] ");
            }
            if (bArr.length == 32 || bArr.length == 48) {
                bArr2 = bArr;
            } else {
                try {
                    bArr2 = Base64.decode(bArr);
                } catch (Exception e) {
                    throw new PKIException("SM2File EncryptedData required base64 ");
                }
            }
            try {
                byte[] KDF = KDF(bytes);
                byte[] bArr4 = new byte[16];
                System.arraycopy(KDF, 0, bArr4, 0, 16);
                byte[] bArr5 = new byte[16];
                System.arraycopy(KDF, 16, bArr5, 0, 16);
                try {
                    PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SM4Engine()), new PKCS7Padding());
                    paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr5), bArr4));
                    int outputSize = paddedBufferedBlockCipher.getOutputSize(bArr2.length);
                    byte[] bArr6 = new byte[outputSize];
                    int processBytes = paddedBufferedBlockCipher.processBytes(bArr2, 0, bArr2.length, bArr6, 0);
                    int doFinal = processBytes + paddedBufferedBlockCipher.doFinal(bArr6, processBytes);
                    if (doFinal < outputSize) {
                        bArr3 = new byte[doFinal];
                        System.arraycopy(bArr6, 0, bArr3, 0, doFinal);
                    } else {
                        bArr3 = bArr6;
                    }
                    return bArr3;
                } catch (IllegalArgumentException e2) {
                    throw new PKIException("SM2File SM2PrivateKey decrypt failure with IllegalArgument", e2);
                } catch (IllegalStateException e3) {
                    throw new PKIException("SM2File SM2PrivateKey decrypt failure with IllegalState", e3);
                } catch (DataLengthException e4) {
                    throw new PKIException("SM2File SM2PrivateKey decrypt failure with IllegalDataLength", e4);
                } catch (InvalidCipherTextException e5) {
                    throw new PKIException("SM2File SM2PrivateKey decrypt failure with InvalidCipherText", e5);
                } catch (Exception e6) {
                    throw new PKIException("SM2File SM2PrivateKey decrypt failure", e6);
                }
            } catch (Exception e7) {
                throw new PKIException("SM2File KDF failure", e7);
            }
        } catch (UnsupportedEncodingException e8) {
            throw new PKIException("SM2File password decoding failure", e8);
        }
    }

    private static byte[] SM4EncryptDBytes(String str, byte[] bArr) throws PKIException {
        byte[] bArr2;
        if (str == null || str.length() == 0) {
            throw new PKIException("SM2File password should not be null");
        }
        try {
            byte[] bytes = str.getBytes("UTF8");
            if (bArr == null || bArr.length == 0) {
                throw new PKIException("SM2File EncryptedData should not be null");
            }
            try {
                byte[] KDF = KDF(bytes);
                byte[] bArr3 = new byte[16];
                System.arraycopy(KDF, 0, bArr3, 0, 16);
                byte[] bArr4 = new byte[16];
                System.arraycopy(KDF, 16, bArr4, 0, 16);
                try {
                    PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new SM4Engine()), new PKCS7Padding());
                    paddedBufferedBlockCipher.init(true, new ParametersWithIV(new KeyParameter(bArr4), bArr3));
                    int outputSize = paddedBufferedBlockCipher.getOutputSize(bArr.length);
                    byte[] bArr5 = new byte[outputSize];
                    int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr5, 0);
                    int doFinal = processBytes + paddedBufferedBlockCipher.doFinal(bArr5, processBytes);
                    if (doFinal < outputSize) {
                        bArr2 = new byte[doFinal];
                        System.arraycopy(bArr5, 0, bArr2, 0, doFinal);
                    } else {
                        bArr2 = bArr5;
                    }
                    return bArr2;
                } catch (IllegalArgumentException e) {
                    throw new PKIException("SM2File SM2PrivateKey encrypt failure with IllegalArgument", e);
                } catch (IllegalStateException e2) {
                    throw new PKIException("SM2File SM2PrivateKey encrypt failure with IllegalState", e2);
                } catch (DataLengthException e3) {
                    throw new PKIException("SM2File SM2PrivateKey encrypt failure with IllegalDataLength", e3);
                } catch (InvalidCipherTextException e4) {
                    throw new PKIException("SM2File SM2PrivateKey encrypt failure with InvalidCipherText", e4);
                } catch (Exception e5) {
                    throw new PKIException("SM2File SM2PrivateKey encrypt failure", e5);
                }
            } catch (Exception e6) {
                throw new PKIException("SM2File KDF failure", e6);
            }
        } catch (UnsupportedEncodingException e7) {
            throw new PKIException("SM2File password decoding failure", e7);
        }
    }

    public X509Cert[] getPublicCert() throws PKIException {
        if (this.certs == null) {
            throw new PKIException("SM2File invalid : certs=null");
        }
        return this.certs;
    }

    @Override // nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Encodable
    public ASN1Primitive toASN1Primitive() {
        if (this.privateInfo == null) {
            throw new IllegalArgumentException("SM2File privateInfo should not be null");
        }
        if (this.publicInfo == null) {
            throw new IllegalArgumentException("SM2File publicInfo should not be null");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(1L));
        aSN1EncodableVector.add(this.privateInfo);
        aSN1EncodableVector.add(this.publicInfo);
        return new BERSequence(aSN1EncodableVector);
    }

    private static PKCS12_SM2 generateSM2(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        if (str == null || str.length() == 0) {
            throw new PKIException("SM2File password should not be null");
        }
        if (privateKey == null) {
            throw new PKIException("SM2File privateKey should not be null");
        }
        if (x509Cert == null) {
            throw new PKIException("SM2File x509Cert should not be null");
        }
        if (!(privateKey instanceof SM2PrivateKey)) {
            throw new PKIException("SM2File privateKey must SM2PrivateKey");
        }
        SM2PrivateKey sM2PrivateKey = (SM2PrivateKey) privateKey;
        Session INSTANCE = BCSoftLib.INSTANCE();
        Mechanism mechanism = new Mechanism(MechanismKit.SM3_SM2);
        byte[] byteArray = Strings.toByteArray("TESTING");
        try {
            if (!INSTANCE.verify(mechanism, x509Cert.getPublicKey(), byteArray, INSTANCE.sign(mechanism, sM2PrivateKey, byteArray))) {
                throw new PKIException("SM2File x509Cert/privateKey not match");
            }
            byte[] dByBytes = sM2PrivateKey.getDByBytes();
            if (dByBytes == null || dByBytes.length != 32) {
                throw new PKIException("SM2File SM2PrivateKey format invalid");
            }
            byte[] SM4EncryptDBytes = SM4EncryptDBytes(str, sM2PrivateKey.getDByBytes());
            try {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(PKCSObjectIdentifiers.sm2Data);
                aSN1EncodableVector.add(new DEROctetString(x509Cert.getEncoding()));
                DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(PKCSObjectIdentifiers.sm2Data);
                aSN1EncodableVector2.add(PKCSObjectIdentifiers.SM4_CBC);
                aSN1EncodableVector2.add(new DEROctetString(SM4EncryptDBytes));
                return new PKCS12_SM2(dERSequence, new DERSequence(aSN1EncodableVector2));
            } catch (Exception e) {
                throw new PKIException("SM2File Generated failure", e);
            }
        } catch (Exception e2) {
            throw new PKIException("SM2File x509Cert/privateKey try signing failure", e2);
        }
    }

    public static String generateSM2File(X509Cert x509Cert, PrivateKey privateKey, String str, String str2) throws PKIException {
        if (str2 == null) {
            throw new PKIException("SM2File fileName should not be null");
        }
        try {
            FileHelper.write(str2, generateSM2Data(x509Cert, privateKey, str));
            return str2;
        } catch (IOException e) {
            throw new PKIException("Writing SM2File failure with IOException", e);
        }
    }

    public static byte[] generateSM2Data(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        byte[] CombineSM2Data = CombineSM2Data(x509Cert, privateKey, str);
        if (SM2ContextConfig.getBase64State()) {
            CombineSM2Data = Base64.encode(CombineSM2Data);
        }
        return CombineSM2Data;
    }

    public static byte[] CombineSM2Data(X509Cert x509Cert, PrivateKey privateKey, String str) throws PKIException {
        PKCS12_SM2 generateSM2 = generateSM2(x509Cert, privateKey, str);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(generateSM2);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new PKIException("Encoding SM2File failure with IOException", e);
        }
    }
}
