package cfca.sadk.envelope.sm2;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7EnvelopedData;
import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM4Engine;
import cfca.sadk.algorithm.util.BigFileCipherUtil;
import cfca.sadk.algorithm.util.SM2AndItsCloseSymAlgUtil;
import cfca.sadk.asn1.parser.ASN1Node;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.asn1.parser.EnvelopFileParser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.BEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.OriginatorInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/sadk/envelope/sm2/SM2EnvelopeUtil.class */
public class SM2EnvelopeUtil {
    private static byte[] IV_16 = {50, 51, 52, 53, 54, 55, 56, 57, 56, 55, 54, 53, 52, 51, 50, 49};

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws Exception {
        envelopeFile_Session(str, str2, str3, x509CertArr, null);
    }

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws Exception {
        envelopeFile_Session(str, str2, str3, x509CertArr, session);
    }

    private static final void envelopeFile_Session(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws Exception {
        Mechanism mechanism;
        byte[] generateSecretKey = SM2AndItsCloseSymAlgUtil.generateSecretKey();
        IV_16 = SM2AndItsCloseSymAlgUtil.generateIV();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey, session));
        }
        if (str3.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(IV_16);
            mechanism = new Mechanism(str3, cBCParam);
        } else {
            mechanism = new Mechanism(str3);
        }
        AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(mechanism, (ASN1ObjectIdentifier) PKCS7EnvelopedData.MECH_OID.get(str3));
        boolean z = false;
        if (session != null && (session instanceof JNISoftLib)) {
            z = true;
        }
        ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.sm2EnvelopedData, new SM2EnvelopedData(null, new DERSet(aSN1EncodableVector), new SM2EncryptedContentInfo(PKCSObjectIdentifiers.sm2Data, algorithmIdentifier, new SM2EncryptedInputStream(z, new File(str), generateSecretKey, mechanism)), null));
        File file = new File(str2);
        if (!file.exists()) {
            file.createNewFile();
        }
        DEROutputStream dEROutputStream = new DEROutputStream(new FileOutputStream(file));
        dEROutputStream.writeObject(contentInfo);
        dEROutputStream.close();
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert) throws Exception {
        EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
        envelopFileParser.parser();
        openEnvelopFile_ASN1Node(envelopFileParser.getReceiver_node(), envelopFileParser.getEncrypted_node(), privateKey, x509Cert, str2);
    }

    private static boolean hasRecipent_file(KeyTransRecipientInfo keyTransRecipientInfo, byte[] bArr, X500Name x500Name, BigInteger bigInteger) {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        return recipientIdentifier.getId().toASN1Primitive().asn1Equals(new DEROctetString(bArr)) || recipientIdentifier.getId().toASN1Primitive().asn1Equals(new IssuerAndSerialNumber(x500Name, bigInteger).toASN1Primitive());
    }

    private static void openEnvelopFile_ASN1Node(ASN1Node aSN1Node, ASN1Node aSN1Node2, PrivateKey privateKey, X509Cert x509Cert, String str) throws Exception {
        FileOutputStream fileOutputStream = null;
        try {
            X500Name issuerX500Name = x509Cert.getIssuerX500Name();
            BigInteger serialNumber = x509Cert.getSerialNumber();
            byte[] keyIdentifier = x509Cert.getSubjectKeyIdentifier().getKeyIdentifier();
            ASN1Set aSN1Set = ASN1Set.getInstance(aSN1Node.getData());
            int size = aSN1Set.size();
            ASN1OctetString aSN1OctetString = null;
            AlgorithmIdentifier algorithmIdentifier = null;
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
                if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                    KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                    if (hasRecipent_file(keyTransRecipientInfo, keyIdentifier, issuerX500Name, serialNumber)) {
                        aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                        algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                        break;
                    }
                }
                i++;
            }
            if (aSN1OctetString == null || algorithmIdentifier == null) {
                throw new Exception("can not find the receiver!!!");
            }
            byte[] sm2Encrypt = SM2AndItsCloseSymAlgUtil.sm2Encrypt(false, privateKey, aSN1OctetString.getOctets());
            AlgorithmIdentifier algorithmIdentifier2 = AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) aSN1Node2.childNodes.get(1)).getData()));
            String str2 = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier2.getAlgorithm());
            Mechanism mechanism = null;
            if (str2.indexOf("CBC") != -1) {
                DEROctetString dEROctetString = (DEROctetString) algorithmIdentifier2.getParameters();
                CBCParam cBCParam = new CBCParam();
                cBCParam.setIv(dEROctetString.getOctets());
                if (str2.equals(Mechanism.SM4_CBC)) {
                    mechanism = new Mechanism(Mechanism.SM4_CBC, cBCParam);
                }
            } else {
                if (str2.indexOf("ECB") == -1) {
                    throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, new StringBuffer().append(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES).append("Algorithm is:").append(str2).toString());
                }
                mechanism = new Mechanism(Mechanism.SM4_ECB);
            }
            File file = new File(str);
            if (!file.exists()) {
                file.createNewFile();
            }
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            ASN1Node aSN1Node3 = (ASN1Node) aSN1Node2.childNodes.get(2);
            if (aSN1Node3.childNodes.size() == 1) {
                aSN1Node3 = (ASN1Node) aSN1Node3.childNodes.get(0);
            }
            BigFileCipherUtil.bigFileBlockDecrypt(sm2Encrypt, new SM4Engine(), (CBCParam) mechanism.getParam(), aSN1Node3, fileOutputStream2);
            if (fileOutputStream2 != null) {
                fileOutputStream2.close();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws Exception {
        return Base64.encode(envelopMessage_None64(bArr, str, x509CertArr, null));
    }

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws Exception {
        return Base64.encode(envelopMessage_None64(bArr, str, x509CertArr, session));
    }

    private static byte[] envelopMessage_None64(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws Exception {
        Mechanism mechanism;
        byte[] generateSecretKey = SM2AndItsCloseSymAlgUtil.generateSecretKey();
        IV_16 = SM2AndItsCloseSymAlgUtil.generateIV();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey, session));
        }
        if (str.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(IV_16);
            mechanism = new Mechanism(str, cBCParam);
        } else {
            mechanism = new Mechanism(str);
        }
        boolean z = false;
        if (session != null && (session instanceof JNISoftLib)) {
            z = true;
        }
        return ASN1Parser.parseDERObj2Bytes(new CMSEnvelopedData(new ContentInfo(PKCSObjectIdentifiers.sm2EnvelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.sm2Data, getAlgorithmIdentifier(mechanism, (ASN1ObjectIdentifier) PKCS7EnvelopedData.MECH_OID.get(str)), new BEROctetString(SM2AndItsCloseSymAlgUtil.crypto(z, true, generateSecretKey, bArr, mechanism))), ASN1Set.getInstance(null)))).toASN1Structure());
    }

    private static AlgorithmIdentifier getAlgorithmIdentifier(Mechanism mechanism, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier, new DERNull());
        if (mechanism.getMechanismType().toUpperCase().indexOf("CBC") == -1) {
            return algorithmIdentifier;
        }
        if (mechanism.getParam() == null) {
            throw new PKIException(PKIException.NULL_P7_ENVELOP_CBC_ERR, PKIException.NULL_P7_ENVELOP_CBC_ERR_DES);
        }
        return new AlgorithmIdentifier(aSN1ObjectIdentifier, new DEROctetString(((CBCParam) mechanism.getParam()).getIv()));
    }

    private static RecipientInfo toRecipientInfo(X509Cert x509Cert, byte[] bArr, Session session) throws Exception {
        DEROctetString dEROctetString = new DEROctetString((session == null || !(session instanceof JNISoftLib)) ? SM2AndItsCloseSymAlgUtil.sm2Encrypt(true, x509Cert.getPublicKey(), bArr) : SM2AndItsCloseSymAlgUtil.sm2EncryptByJNI(true, x509Cert.getPublicKey(), bArr));
        SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
        if (subjectKeyIdentifier == null) {
            throw new Exception("the cert has no extension data with SubjectKeyIdentifier,can not create envelope data");
        }
        return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier((ASN1OctetString) new DEROctetString(subjectKeyIdentifier.getKeyIdentifier())), new AlgorithmIdentifier(PKCSObjectIdentifiers.SM2_pubKey_encrypt, new DERNull()), dEROctetString));
    }
}
