package com.chinapay.secss.sm;

import com.chinapay.secss.CertHolder;
import com.chinapay.secss.CertLoader;
import com.chinapay.secss.LogUtil;
import com.chinapay.secss.SecssConstants;
import com.chinapay.secss.SecssUtil;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jcajce.spec.SM2ParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;

/* loaded from: input_file:com/chinapay/secss/sm/SM2Util.class */
public class SM2Util {
    public static final String SM3WITHSM2 = "SM3WithSM2";
    public static final String SM2 = "SM2";
    private static final String PKCS12 = "PKCS12";
    private static final String EC = "EC";
    private static final String X_509 = "X.509";
    public static final byte[] USER_ID = "1234567812345678".getBytes();
    public static final SM2ParameterSpec SM2_PARAM_SPEC = new SM2ParameterSpec(USER_ID);
    public static final String CURVE_NAME = "sm2p256v1";
    private static final X9ECParameters x9ECParameters = GMNamedCurves.getByName(CURVE_NAME);
    private static final ECDomainParameters ecDomainParameters = new ECDomainParameters(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
    private static ECParameterSpec ecParameterSpec = new ECParameterSpec(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());

    static {
        System.setProperty("org.bouncycastle.asn1.allow_unsafe_integer", "true");
    }

    public static CertHolder loadPrivateKey(String str, String str2) throws IOException, CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        ASN1InputStream aSN1InputStream = null;
        try {
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(Base64.decodeBase64(SMUtil.loadToBytes(str)));
            ASN1Sequence readObject = aSN1InputStream2.readObject();
            if (readObject == null || readObject.size() != 3) {
                throw new RuntimeException("invalid SM2File encoding");
            }
            ASN1Sequence objectAt = readObject.getObjectAt(1);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(X_509, SMUtil.PROVIDER_BC).generateCertificate(new ByteArrayInputStream(readObject.getObjectAt(2).getObjectAt(1).getOctets()));
            if (x509Certificate != null) {
                x509Certificate.getPublicKey();
            }
            CertHolder buildCertHolder = CertLoader.buildCertHolder(x509Certificate, getPrivatekeyFromD(new BigInteger(1, decryptDBytes(objectAt.getObjectAt(2).getOctets(), str2))));
            buildCertHolder.setAlg(SecssConstants.ALG_SM2);
            if (aSN1InputStream2 != null) {
                try {
                    aSN1InputStream2.close();
                } catch (IOException e) {
                }
            }
            return buildCertHolder;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    aSN1InputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    private static byte[] decryptDBytes(byte[] bArr, String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        byte[] KDF = KDF(str.getBytes(SMUtil.ENCODING));
        byte[] bArr2 = new byte[16];
        System.arraycopy(KDF, 0, bArr2, 0, 16);
        byte[] bArr3 = new byte[16];
        System.arraycopy(KDF, 16, bArr3, 0, 16);
        return SM4Util.decryptSM4CBC(bArr, bArr3, bArr2);
    }

    private static byte[] KDF(byte[] bArr) {
        byte[] bArr2 = new byte[4];
        bArr2[3] = 1;
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        sM3Digest.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[32];
        sM3Digest.doFinal(bArr3, 0);
        return bArr3;
    }

    private static BCECPrivateKey getPrivatekeyFromD(BigInteger bigInteger) {
        return new BCECPrivateKey(EC, new ECPrivateKeySpec(bigInteger, ecParameterSpec), BouncyCastleProvider.CONFIGURATION);
    }

    public static PrivateKey loadPrivateKeyForPKCS12(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        FileInputStream fileInputStream = null;
        try {
            LogUtil.writeLog(String.format("signFile=%s", str));
            KeyStore keyStore = KeyStore.getInstance(PKCS12, SMUtil.PROVIDER_BC);
            fileInputStream = new FileInputStream(str);
            char[] charArray = SecssUtil.isEmpty(str2) ? null : str2.toCharArray();
            keyStore.load(fileInputStream, charArray);
            PrivateKey iteratePriKey = iteratePriKey(keyStore, charArray);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return iteratePriKey;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private static PrivateKey iteratePriKey(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        PrivateKey privateKey = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            LogUtil.writeLog(String.format("keyAlias=%s", nextElement));
            privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
            if (privateKey != null) {
                break;
            }
        }
        return privateKey;
    }

    public static CertHolder loadPublicKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509, SMUtil.PROVIDER_BC);
            fileInputStream = new FileInputStream(str);
            CertHolder buildCertHolder = CertLoader.buildCertHolder((X509Certificate) certificateFactory.generateCertificate(fileInputStream));
            buildCertHolder.setAlg(SecssConstants.ALG_SM2);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            return buildCertHolder;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(CURVE_NAME);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(EC, SMUtil.PROVIDER_BC);
        keyPairGenerator.initialize(eCGenParameterSpec);
        keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static DERSequence extendedKeyUsage() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        return new DERSequence(aSN1EncodableVector);
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), SMUtil.PROVIDER_BC);
        try {
            signature.setParameter(SM2_PARAM_SPEC);
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidAlgorithmParameterException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static byte[] signForJMJ(byte[] bArr, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(((BCECPrivateKey) privateKey).getD(), ecDomainParameters);
        SM2Signer sM2Signer = new SM2Signer(new EpccDSAEncoding());
        sM2Signer.init(true, new ParametersWithID(eCPrivateKeyParameters, USER_ID));
        sM2Signer.update(bArr, 0, bArr.length);
        try {
            return sM2Signer.generateSignature();
        } catch (CryptoException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static boolean verifySign(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), SMUtil.PROVIDER_BC);
        try {
            signature.setParameter(SM2_PARAM_SPEC);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidAlgorithmParameterException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static boolean verifySignForJMJ(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        ECPublicKeyParameters eCPublicKeyParameters = new ECPublicKeyParameters(((BCECPublicKey) publicKey).getQ(), ecDomainParameters);
        SM2Signer sM2Signer = new SM2Signer(new EpccDSAEncoding());
        sM2Signer.init(false, new ParametersWithID(eCPublicKeyParameters, USER_ID));
        sM2Signer.update(bArr, 0, bArr.length);
        return sM2Signer.verifySignature(bArr2);
    }

    public static byte[] convertPk(PublicKey publicKey) {
        if (publicKey instanceof BCECPublicKey) {
            return ((BCECPublicKey) publicKey).getQ().getEncoded(false);
        }
        return null;
    }

    public static byte[] encryptForJMJ(byte[] bArr, PublicKey publicKey) throws InvalidCipherTextException {
        byte[] encrypt = encrypt(bArr, publicKey);
        byte[] bArr2 = new byte[encrypt.length - 1];
        System.arraycopy(encrypt, 1, bArr2, 0, bArr2.length);
        return bArr2;
    }

    public static byte[] decryptForJMJ(byte[] bArr, PrivateKey privateKey) throws InvalidCipherTextException {
        byte[] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = 4;
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return decrypt(bArr2, privateKey);
    }

    public static byte[] encrypt(byte[] bArr, PublicKey publicKey) throws InvalidCipherTextException {
        ECPublicKeyParameters eCPublicKeyParameters = new ECPublicKeyParameters(((BCECPublicKey) publicKey).getQ(), ecDomainParameters);
        SM2Engine sM2Engine = new SM2Engine(SM2Engine.Mode.C1C2C3);
        sM2Engine.init(true, new ParametersWithRandom(eCPublicKeyParameters, new SecureRandom()));
        try {
            return sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (InvalidCipherTextException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static byte[] decrypt(byte[] bArr, PrivateKey privateKey) {
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(((BCECPrivateKey) privateKey).getD(), ecDomainParameters);
        SM2Engine sM2Engine = new SM2Engine(SM2Engine.Mode.C1C2C3);
        sM2Engine.init(false, eCPrivateKeyParameters);
        try {
            return sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (InvalidCipherTextException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static String getKeyId(PrivateKey privateKey) {
        BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) privateKey;
        return ECUtil.generateKeyFingerprint(new FixedPointCombMultiplier().multiply(bCECPrivateKey.getParameters().getG(), bCECPrivateKey.getD()).normalize(), bCECPrivateKey.getParameters()).replace(":", "");
    }

    public static String getKeyId(PublicKey publicKey) {
        BCECPublicKey bCECPublicKey = (BCECPublicKey) publicKey;
        return ECUtil.generateKeyFingerprint(bCECPublicKey.getQ(), bCECPublicKey.getParameters()).replace(":", "");
    }
}
