package cn.com.infosec.isfj.cryptoutil;

import cn.com.infosec.asn1.ASN1Sequence;
import cn.com.infosec.asn1.cms.CMSObjectIdentifiers;
import cn.com.infosec.asn1.gm.GMObjectIdentifiers;
import cn.com.infosec.asn1.x9.X962NamedCurves;
import cn.com.infosec.asn1.x9.X9ECParameters;
import cn.com.infosec.cert.X509CertificateHolder;
import cn.com.infosec.cert.jcajce.JcaCertStore;
import cn.com.infosec.cms.CMSEnvelopedData;
import cn.com.infosec.cms.CMSEnvelopedDataGenerator;
import cn.com.infosec.cms.CMSProcessableByteArray;
import cn.com.infosec.cms.CMSSignedData;
import cn.com.infosec.cms.CMSSignedDataGenerator;
import cn.com.infosec.cms.RecipientInformation;
import cn.com.infosec.cms.SignerInformation;
import cn.com.infosec.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import cn.com.infosec.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import cn.com.infosec.cms.jcajce.JceCMSContentEncryptorBuilder;
import cn.com.infosec.cms.jcajce.JceKeyTransEnvelopedRecipient;
import cn.com.infosec.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import cn.com.infosec.crypto.AsymmetricCipherKeyPair;
import cn.com.infosec.crypto.agreement.SM2KeyExchange;
import cn.com.infosec.crypto.params.ECDomainParameters;
import cn.com.infosec.crypto.params.ECPrivateKeyParameters;
import cn.com.infosec.crypto.params.ECPublicKeyParameters;
import cn.com.infosec.crypto.params.ParametersWithID;
import cn.com.infosec.crypto.params.SM2KeyExchangePrivateParameters;
import cn.com.infosec.crypto.params.SM2KeyExchangePublicParameters;
import cn.com.infosec.isfj.Config;
import cn.com.infosec.isfj.certutil.X509CertificateParser;
import cn.com.infosec.isfj.formatutil.EncodeUtil;
import cn.com.infosec.jcajce.provider.asymmetric.sm2.SM2PrivateKey;
import cn.com.infosec.jcajce.provider.asymmetric.sm2.SM2PublicKey;
import cn.com.infosec.jcajce.provider.asymmetric.util.SM2Util;
import cn.com.infosec.jce.provider.INFOSECProvider;
import cn.com.infosec.jce.spec.ECNamedCurveSpec;
import cn.com.infosec.math.ec.ECConstants;
import cn.com.infosec.math.ec.FixedPointCombMultiplier;
import cn.com.infosec.math.ec.WNafUtil;
import cn.com.infosec.operator.jcajce.JcaContentSignerBuilder;
import cn.com.infosec.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import cn.com.infosec.util.BigIntegerUtil;
import cn.com.infosec.util.Store;
import cn.com.infosec.util.Strings;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;

/* loaded from: input_file:cn/com/infosec/isfj/cryptoutil/SM2AlgoUtil.class */
public class SM2AlgoUtil {
    static X9ECParameters param = X962NamedCurves.getByName("prime256v1_sm2");
    static ECDomainParameters domainParams = new ECDomainParameters(param.getCurve(), param.getG(), param.getN());
    private static String SM2 = "SM2";
    private static String SM3WITHSM2 = "SM3withSM2";
    private static String PROVIDER = Config.getProviderName();

    public static String[] genSM2KeyPairWithFactor(String str, boolean z) {
        BigInteger positiveInteger;
        BigInteger n = param.getN();
        int bitLength = n.bitLength() >>> 2;
        while (true) {
            positiveInteger = BigIntegerUtil.toPositiveInteger(KDFUtil.KDF(str.getBytes(), 32));
            if (positiveInteger.compareTo(ECConstants.ONE) >= 0 && positiveInteger.compareTo(n) < 0) {
                if (WNafUtil.getNafWeight(positiveInteger) >= bitLength) {
                    break;
                }
                str = str + "AA";
            } else {
                str = str + "AA";
            }
        }
        AsymmetricCipherKeyPair asymmetricCipherKeyPair = new AsymmetricCipherKeyPair(new ECPublicKeyParameters(new FixedPointCombMultiplier().multiply(domainParams.getG(), positiveInteger), domainParams), new ECPrivateKeyParameters(positiveInteger, domainParams));
        ECPublicKeyParameters eCPublicKeyParameters = asymmetricCipherKeyPair.getPublic();
        ECPrivateKeyParameters eCPrivateKeyParameters = asymmetricCipherKeyPair.getPrivate();
        ECParameterSpec eCNamedCurveSpec = new ECNamedCurveSpec("prime256v1_sm2", param.getCurve(), param.getG(), param.getN(), param.getH(), (byte[]) null);
        SM2PublicKey sM2PublicKey = new SM2PublicKey("SM2", eCPublicKeyParameters, eCNamedCurveSpec, INFOSECProvider.CONFIGURATION);
        KeyPair keyPair = new KeyPair(sM2PublicKey, new SM2PrivateKey("SM2", eCPrivateKeyParameters, sM2PublicKey, eCNamedCurveSpec, INFOSECProvider.CONFIGURATION));
        SM2PrivateKey sM2PrivateKey = keyPair.getPrivate();
        SM2PublicKey sM2PublicKey2 = keyPair.getPublic();
        if (z) {
            sM2PrivateKey.getEncoded();
            sM2PublicKey2.getEncoded();
            return new String[]{EncodeUtil.base64Encode(sM2PrivateKey.getEncoded()), EncodeUtil.base64Encode(sM2PublicKey2.getEncoded())};
        }
        byte[] byteArray = sM2PrivateKey.getD().toByteArray();
        byte[] bArr = new byte[32];
        if (byteArray.length > 32) {
            System.arraycopy(byteArray, byteArray.length - 32, bArr, 0, 32);
        } else {
            System.arraycopy(byteArray, 0, bArr, bArr.length - byteArray.length, byteArray.length);
        }
        return new String[]{EncodeUtil.base64Encode(bArr), EncodeUtil.base64Encode(sM2PublicKey2.getQ().getEncoded(false))};
    }

    public static String[] genSM2KeyPair(boolean z) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("SM2", PROVIDER);
            keyPairGenerator.initialize(256);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            SM2PrivateKey sM2PrivateKey = genKeyPair.getPrivate();
            SM2PublicKey sM2PublicKey = genKeyPair.getPublic();
            if (z) {
                sM2PrivateKey.getEncoded();
                sM2PublicKey.getEncoded();
                return new String[]{EncodeUtil.base64Encode(sM2PrivateKey.getEncoded()), EncodeUtil.base64Encode(sM2PublicKey.getEncoded())};
            }
            byte[] byteArray = sM2PrivateKey.getD().toByteArray();
            byte[] bArr = new byte[32];
            if (byteArray.length > 32) {
                System.arraycopy(byteArray, byteArray.length - 32, bArr, 0, 32);
            } else {
                System.arraycopy(byteArray, 0, bArr, bArr.length - byteArray.length, byteArray.length);
            }
            return new String[]{EncodeUtil.base64Encode(bArr), EncodeUtil.base64Encode(sM2PublicKey.getQ().getEncoded(false))};
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    public static String sm2Encrypt(String str, String str2) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("pubKey can not be null");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbEnc can not be null");
        }
        PublicKey formatPublicKey = formatPublicKey(EncodeUtil.base64Decode(str));
        Cipher cipher = Cipher.getInstance("SM2", PROVIDER);
        cipher.init(1, formatPublicKey);
        return EncodeUtil.base64Encode(cipher.doFinal(EncodeUtil.base64Decode(str2)));
    }

    public static String sm2Decrypt(String str, String str2) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("priKey can not be null");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbDec can not be null");
        }
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        Cipher cipher = Cipher.getInstance("SM2", PROVIDER);
        cipher.init(2, formatPrivateKey);
        return EncodeUtil.base64Encode(cipher.doFinal(EncodeUtil.base64Decode(str2)));
    }

    public static String sm2RawSign(String str, String str2) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("priKey can not be null");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbsign can not be null");
        }
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        Signature signature = Signature.getInstance(SM2, PROVIDER);
        signature.initSign(formatPrivateKey);
        signature.update(EncodeUtil.base64Decode(str2));
        return EncodeUtil.base64Encode(signature.sign());
    }

    public static boolean sm2RawVerify(String str, String str2, String str3) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new RuntimeException("pubKey can not be null");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbs can not be null");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new RuntimeException("signature can not be null");
        }
        PublicKey formatPublicKey = formatPublicKey(EncodeUtil.base64Decode(str));
        Signature signature = Signature.getInstance(SM2, PROVIDER);
        signature.initVerify(formatPublicKey);
        signature.update(EncodeUtil.base64Decode(str2));
        return signature.verify(EncodeUtil.base64Decode(str3));
    }

    public static String sm2SignMessage(String str, String str2, String str3, boolean z) throws Exception {
        if (str2 == null || str2.isEmpty()) {
            throw new RuntimeException("tbsign can not be null");
        }
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str));
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(CMSObjectIdentifiers.gm_data, EncodeUtil.base64Decode(str2));
        X509Certificate certParser = X509CertificateParser.certParser(str3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(certParser);
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(PROVIDER).build()).build(new JcaContentSignerBuilder(SM3WITHSM2).setProvider(PROVIDER).build(formatPrivateKey), certParser));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return EncodeUtil.base64Encode(cMSSignedDataGenerator.generate(cMSProcessableByteArray, z).getEncoded());
    }

    public static boolean sm2VerifyMessage(String str, String str2, boolean z) throws Exception {
        boolean z2 = true;
        try {
            CMSSignedData cMSSignedData = z ? new CMSSignedData(EncodeUtil.base64Decode(str)) : new CMSSignedData(new CMSProcessableByteArray(EncodeUtil.base64Decode(str2)), EncodeUtil.base64Decode(str));
            Store certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                z2 = signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(PROVIDER).build((X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next()));
            }
            return z2;
        } catch (Exception e) {
            throw e;
        }
    }

    public static String sm2EnvelopeMessage(String str, String str2) throws Exception {
        X509Certificate certParser = X509CertificateParser.certParser(str2);
        String algorithm = certParser.getPublicKey().getAlgorithm();
        if (!algorithm.equalsIgnoreCase("EC") && !algorithm.equalsIgnoreCase("SM2")) {
            throw new RuntimeException("the algorithm" + algorithm + "not support");
        }
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(CMSObjectIdentifiers.gm_data, EncodeUtil.base64Decode(str));
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(certParser).setProvider(PROVIDER));
        return EncodeUtil.base64Encode(cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, new JceCMSContentEncryptorBuilder(GMObjectIdentifiers.sms4_cbc).setProvider(PROVIDER).build()).getEncoded());
    }

    public static String sm2OpenEnvelope(String str, String str2) throws Exception {
        Iterator it = new CMSEnvelopedData(EncodeUtil.base64Decode(str)).getRecipientInfos().getRecipients().iterator();
        PrivateKey formatPrivateKey = formatPrivateKey(EncodeUtil.base64Decode(str2));
        byte[] bArr = null;
        if (it.hasNext()) {
            bArr = ((RecipientInformation) it.next()).getContent(new JceKeyTransEnvelopedRecipient(formatPrivateKey).setProvider(PROVIDER));
        }
        return EncodeUtil.base64Encode(bArr);
    }

    public static String keyExchange(String str, String str2, String str3, String str4, String str5, String str6, boolean z) throws Exception {
        SM2KeyExchange sM2KeyExchange = new SM2KeyExchange();
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(new BigInteger(1, EncodeUtil.base64Decode(str)), domainParams);
        ECPrivateKeyParameters eCPrivateKeyParameters2 = new ECPrivateKeyParameters(new BigInteger(1, EncodeUtil.base64Decode(str2)), domainParams);
        ECPublicKeyParameters eCPublicKeyParameters = new ECPublicKeyParameters(SM2Util.pack2Point(EncodeUtil.base64Decode(str3)), domainParams);
        ECPublicKeyParameters eCPublicKeyParameters2 = new ECPublicKeyParameters(SM2Util.pack2Point(EncodeUtil.base64Decode(str4)), domainParams);
        sM2KeyExchange.init(new ParametersWithID(new SM2KeyExchangePrivateParameters(z, eCPrivateKeyParameters, eCPrivateKeyParameters2), Strings.toByteArray(str5)));
        return EncodeUtil.base64Encode(sM2KeyExchange.calculateKey(128, new ParametersWithID(new SM2KeyExchangePublicParameters(eCPublicKeyParameters, eCPublicKeyParameters2), Strings.toByteArray(str6))));
    }

    public static PrivateKey formatPrivateKey(byte[] bArr) throws Exception {
        PrivateKey pack2PrivateKey;
        if (bArr == null || bArr.length < 32) {
            throw new RuntimeException("priKey length error");
        }
        if (bArr.length == 32 || bArr.length == 33) {
            pack2PrivateKey = SM2Util.pack2PrivateKey(new BigInteger(1, bArr));
        } else {
            if (bArr[0] != 48) {
                throw new RuntimeException("PrivateKey format not supported");
            }
            try {
                pack2PrivateKey = KeyFactory.getInstance(SM2, PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
            } catch (InvalidKeySpecException e) {
                pack2PrivateKey = SM2Util.pack2PrivateKey(BigIntegerUtil.toPositiveInteger(ASN1Sequence.getInstance(bArr).getObjectAt(1).getOctets()));
            }
        }
        return pack2PrivateKey;
    }

    public static PublicKey formatPublicKey(byte[] bArr) throws Exception {
        PublicKey generatePublic;
        if (bArr == null || bArr.length < 64) {
            throw new RuntimeException("pubkey length error");
        }
        if (bArr.length == 64) {
            byte[] bArr2 = new byte[65];
            bArr2[0] = 4;
            System.arraycopy(bArr, 0, bArr2, 1, 64);
            generatePublic = SM2Util.pack2PublicKey(SM2Util.pack2Point(bArr2));
        } else if (bArr.length == 65 && bArr[0] == 4) {
            generatePublic = SM2Util.pack2PublicKey(SM2Util.pack2Point(bArr));
        } else {
            if (bArr.length <= 65 || bArr[0] != 48) {
                throw new RuntimeException("PublicKey format not supported");
            }
            generatePublic = KeyFactory.getInstance(SM2, PROVIDER).generatePublic(new X509EncodedKeySpec(bArr));
        }
        return generatePublic;
    }
}
