package com.wangyin.aks.security.api;

import com.wangyin.aks.pdf.util.PKCS12Keystore;
import com.wangyin.aks.security.api.model.AlgEnum;
import com.wangyin.aks.security.api.model.DigestAlgEnum;
import com.wangyin.aks.security.api.model.ModeEnum;
import com.wangyin.aks.security.api.model.PaddingEnum;
import com.wangyin.aks.security.api.util.AsymmetricCryptoUtil;
import com.wangyin.aks.security.api.util.BCECUtil;
import com.wangyin.aks.security.api.util.Base64;
import com.wangyin.aks.security.api.util.ByteUtil;
import com.wangyin.aks.security.api.util.RSAUtil;
import com.wangyin.aks.security.api.util.SM2EnvelopUtil2;
import com.wangyin.aks.security.api.util.Sm2Util;
import com.wangyin.aks.security.api.util.SymmetricCryptoUtil;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

/* loaded from: input_file:com/wangyin/aks/security/api/CryptoClientServiceImpl.class */
public class CryptoClientServiceImpl implements CryptoClientService {
    @Override // com.wangyin.aks.security.api.CryptoClientService
    public byte[] encrypt(byte[] bArr, byte[] bArr2, AlgEnum algEnum, ModeEnum modeEnum, PaddingEnum paddingEnum, byte[] bArr3) throws Exception {
        return SymmetricCryptoUtil.encrypt(bArr, bArr2, algEnum, modeEnum, paddingEnum, bArr3);
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public byte[] decrypt(byte[] bArr, byte[] bArr2, AlgEnum algEnum, ModeEnum modeEnum, PaddingEnum paddingEnum, byte[] bArr3) throws Exception {
        return SymmetricCryptoUtil.decrypt(bArr, bArr2, algEnum, modeEnum, paddingEnum, bArr3);
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public byte[] publicCertEncrypt(String str, byte[] bArr) throws Exception {
        return AsymmetricCryptoUtil.encryptByCert(bArr, str);
    }

    /* JADX WARN: Type inference failed for: r0v40, types: [byte[], byte[][]] */
    @Override // com.wangyin.aks.security.api.CryptoClientService
    public byte[] privateDecrypt(PKCS12Keystore pKCS12Keystore, byte[] bArr) throws Exception {
        if (!pKCS12Keystore.isSM()) {
            Cipher cipher = Cipher.getInstance(RSAUtil.KEY_ALGORITHM);
            cipher.init(2, pKCS12Keystore.getPrivateKey());
            return RSAUtil.doCipher(cipher, bArr, false);
        }
        ECPrivateKeyParameters convertPrivateKeyToParameters = BCECUtil.convertPrivateKeyToParameters(pKCS12Keystore.getPrivateKey());
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        ASN1Integer objectAt = aSN1Sequence.getObjectAt(0);
        ASN1Integer objectAt2 = aSN1Sequence.getObjectAt(1);
        DEROctetString objectAt3 = aSN1Sequence.getObjectAt(3);
        DEROctetString objectAt4 = aSN1Sequence.getObjectAt(2);
        byte[] byteArray = objectAt.getValue().toByteArray();
        byte[] byteArray2 = objectAt2.getValue().toByteArray();
        byte[] octets = objectAt3.getOctets();
        byte[] octets2 = objectAt4.getOctets();
        if (byteArray.length == 33) {
            byteArray = Arrays.copyOfRange(byteArray, 1, byteArray.length);
        }
        if (byteArray2.length == 33) {
            byteArray2 = Arrays.copyOfRange(byteArray2, 1, byteArray2.length);
        }
        byte[] joinBytes = ByteUtil.joinBytes(new byte[]{new byte[]{4}, byteArray, byteArray2, octets, octets2});
        SM2Engine sM2Engine = new SM2Engine();
        sM2Engine.init(false, convertPrivateKeyToParameters);
        return sM2Engine.processBlock(joinBytes, 0, joinBytes.length);
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public byte[] p1Sign(PKCS12Keystore pKCS12Keystore, byte[] bArr) throws Exception {
        if (pKCS12Keystore.isSM()) {
            return Sm2Util.sign(BCECUtil.convertPrivateKeyToParameters(pKCS12Keystore.getPrivateKey()), bArr);
        }
        Signature signature = Signature.getInstance(RSAUtil.SIGNATURE_ALGORITHM);
        signature.initSign(pKCS12Keystore.getPrivateKey());
        signature.update(bArr);
        return signature.sign();
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public boolean p1Verify(String str, byte[] bArr, byte[] bArr2) throws Exception {
        return AsymmetricCryptoUtil.p1_verify(bArr, str, Base64.encode(bArr2));
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public String p7Sign(PKCS12Keystore pKCS12Keystore, boolean z, byte[] bArr) throws Exception {
        if (bArr == null) {
            throw new NullPointerException("Signed text cannot be NULL");
        }
        if (pKCS12Keystore.isSM()) {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            JcaCertStore jcaCertStore = new JcaCertStore(Collections.singletonList(pKCS12Keystore.getCert()));
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).setDirectSignature(true).build(new JcaContentSignerBuilder("SM3WITHSM2").setProvider("BC").build(pKCS12Keystore.getPrivateKey()), pKCS12Keystore.getCert()));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            ContentInfo aSN1Structure = cMSSignedDataGenerator.generate(cMSProcessableByteArray, z).toASN1Structure();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Structure);
            return Base64.encode(byteArrayOutputStream.toByteArray());
        }
        CMSProcessableByteArray cMSProcessableByteArray2 = new CMSProcessableByteArray(bArr);
        JcaCertStore jcaCertStore2 = new JcaCertStore(Collections.singletonList(pKCS12Keystore.getCert()));
        CMSSignedDataGenerator cMSSignedDataGenerator2 = new CMSSignedDataGenerator();
        cMSSignedDataGenerator2.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder(RSAUtil.SIGNATURE_ALGORITHM).setProvider("BC").build(pKCS12Keystore.getPrivateKey()), pKCS12Keystore.getCert()));
        cMSSignedDataGenerator2.addCertificates(jcaCertStore2);
        ContentInfo aSN1Structure2 = cMSSignedDataGenerator2.generate(cMSProcessableByteArray2, z).toASN1Structure();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream2).writeObject(aSN1Structure2);
        return Base64.encode(byteArrayOutputStream2.toByteArray());
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public List<String> p7Verify(boolean z, String str, byte[] bArr) throws Exception {
        CMSSignedData cMSSignedData = z ? new CMSSignedData(Base64.decode(str)) : new CMSSignedData(new CMSProcessableByteArray(bArr), Base64.decode(str));
        Store certificates = cMSSignedData.getCertificates();
        Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
        String[] strArr = new String[signers.size() + 1];
        int i = 0;
        for (SignerInformation signerInformation : signers) {
            i++;
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
            strArr[i] = Base64.encode(x509CertificateHolder.getEncoded());
            if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder))) {
                if (z) {
                    strArr[0] = Base64.encode((byte[]) cMSSignedData.getSignedContent().getContent());
                } else {
                    strArr[0] = "";
                }
            }
        }
        if (strArr[0] == null) {
            return null;
        }
        return Arrays.asList(strArr);
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public String encryptEnvelop(String str, byte[] bArr) throws Exception {
        X509Certificate x509Certificate = BCECUtil.getX509Certificate(Base64.decode(str));
        if (GMObjectIdentifiers.sm2sign_with_sm3.toString().equals(x509Certificate.getSigAlgOID())) {
            return SM2EnvelopUtil2.encryptEnvelop(bArr, x509Certificate);
        }
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate).setProvider("BC"));
        ContentInfo aSN1Structure = cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build()).toASN1Structure();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Structure);
        return Base64.encode(byteArrayOutputStream.toByteArray());
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public String decryptEnvelop(PKCS12Keystore pKCS12Keystore, String str) throws Exception {
        if (pKCS12Keystore.isSM()) {
            return Base64.encode(SM2EnvelopUtil2.decryptEnvelop(str, pKCS12Keystore.getPrivateKey()));
        }
        byte[] bArr = null;
        try {
            RecipientInformationStore recipientInfos = new CMSEnvelopedData(Base64.decode(str)).getRecipientInfos();
            PrivateKey privateKey = pKCS12Keystore.getPrivateKey();
            if (recipientInfos != null) {
                Iterator it = recipientInfos.getRecipients().iterator();
                while (it.hasNext()) {
                    bArr = ((RecipientInformation) it.next()).getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider("BC"));
                }
            }
            return Base64.encode(bArr);
        } catch (CMSException e) {
            e.printStackTrace();
            throw e;
        }
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public String signEnvelop(PKCS12Keystore pKCS12Keystore, String str, byte[] bArr) throws Exception {
        return encryptEnvelop(str, Base64.decode(p7Sign(pKCS12Keystore, true, bArr)));
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public List<String> verifyEnvelop(PKCS12Keystore pKCS12Keystore, String str) throws Exception {
        return p7Verify(true, decryptEnvelop(pKCS12Keystore, str), null);
    }

    @Override // com.wangyin.aks.security.api.CryptoClientService
    public String digest(DigestAlgEnum digestAlgEnum, byte[] bArr) throws Exception {
        if (!DigestAlgEnum.ALG_SM3.equals(digestAlgEnum)) {
            return ByteUtil.bytesToHexString(MessageDigest.getInstance(digestAlgEnum.getCode()).digest(bArr));
        }
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr2, 0);
        return ByteUtil.bytesToHexString(bArr2);
    }
}
