package com.icbc.hsm.software.external;

import com.icbc.api.request.InvestmentFundoutsourceIncomestatementqueryRequestV1;
import com.icbc.bcprov.org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import com.icbc.bcprov.org.bouncycastle.crypto.CipherParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.params.KeyParameter;
import com.icbc.bcprov.org.bouncycastle.math.ec.ECPoint;
import com.icbc.bcprov.org.bouncycastle.math.ec.FixedPointCombMultiplier;
import com.icbc.hsm.json.bean.GenerateEnvelopeBean;
import com.icbc.hsm.software.apiLib.Cipher;
import com.icbc.hsm.software.basic.AsymmetricCipher;
import com.icbc.hsm.software.basic.Generator;
import com.icbc.hsm.software.basic.PBEkeyGenerate;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.exception.ParmErrorException;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.encoders.Hex;
import com.icbc.hsm.utils.encoders.UrlBase64;
import java.security.SecureRandom;
import java.util.HashMap;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/external/ClearKeyFunction.class */
public class ClearKeyFunction {
    private String algorithmType;

    /* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/external/ClearKeyFunction$KeyHolder.class */
    public class KeyHolder {
        private ClearKeyParameter internalKey;
        private String ExportedKey;

        KeyHolder(ClearKeyParameter clearKeyParameter, String str) {
            this.internalKey = null;
            this.ExportedKey = null;
            this.internalKey = clearKeyParameter;
            this.ExportedKey = str;
        }

        public ClearKeyParameter getHsmKeyParameter() {
            return this.internalKey;
        }

        public String getWappedExportedKey() {
            return this.ExportedKey;
        }

        public String backupKeyHolder() {
            String algorithm = this.internalKey.getAlgorithm();
            byte[] bArr = null;
            try {
                bArr = ((KeyParameter) this.internalKey.getBCkey()).getKey();
            } catch (Exception e) {
            }
            if (bArr == null || bArr.length == 0) {
                return null;
            }
            StringBuilder sb = new StringBuilder(1024);
            sb.append(algorithm).append(";").append(Hex.toHexString(bArr)).append(";").append(this.ExportedKey);
            return sb.toString();
        }
    }

    private ClearKeyFunction(String str) {
        this.algorithmType = str;
    }

    public static ClearKeyFunction getInstance(String str) {
        return new ClearKeyFunction(str);
    }

    public static ClearKeyParameter loadClear(String str, String str2) throws Exception {
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        ClearKeyParameter clearKeyParameter = null;
        if (AlgorithmConstants.DES.equalsIgnoreCase(str2) || AlgorithmConstants.DESede.equalsIgnoreCase(str2) || "AES".equalsIgnoreCase(str2) || "SM4".equalsIgnoreCase(str2)) {
            clearKeyParameter = ClearKeyParameter.getInstance(str2, false, Hex.decode(str));
        } else if ("SM2private".equalsIgnoreCase(str2)) {
            clearKeyParameter = ClearKeyParameter.getInstance("SM2", true, Hex.decode(str));
        } else if ("RSAprivate".equalsIgnoreCase(str2)) {
            clearKeyParameter = ClearKeyParameter.getInstance("RSA", true, Hex.decode(str));
        } else if ("SM2public".equalsIgnoreCase(str2)) {
            clearKeyParameter = ClearKeyParameter.getInstance("SM2", false, Hex.decode(str));
        } else if ("RSApublic".equalsIgnoreCase(str2)) {
            clearKeyParameter = ClearKeyParameter.getInstance("RSA", false, Hex.decode(str));
        }
        return clearKeyParameter;
    }

    public static HashMap<String, String> generateSM2KeyPair() throws Exception {
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        HashMap<String, String> hashMap = new HashMap<>();
        AsymmetricCipherKeyPair generateSM2KeyPair = Generator.generateSM2KeyPair();
        String format = String.format("%1$064x", ((ECPrivateKeyParameters) generateSM2KeyPair.getPrivate()).getD());
        ECPublicKeyParameters eCPublicKeyParameters = (ECPublicKeyParameters) generateSM2KeyPair.getPublic();
        String str = InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind + String.format("%1$064x", eCPublicKeyParameters.getQ().getAffineXCoord().toBigInteger()) + String.format("%1$064x", eCPublicKeyParameters.getQ().getAffineYCoord().toBigInteger());
        hashMap.put("privateKey", format);
        hashMap.put("publicKey", str);
        return hashMap;
    }

    public static String getSM2PublicKey(ClearKeyParameter clearKeyParameter) {
        String str = null;
        if ("SM2private".equalsIgnoreCase(clearKeyParameter.getKeyType())) {
            CipherParameters cipherParameters = null;
            try {
                cipherParameters = clearKeyParameter.getBCkey();
            } catch (Exception e) {
            }
            if (cipherParameters instanceof ECPrivateKeyParameters) {
                ECPrivateKeyParameters eCPrivateKeyParameters = (ECPrivateKeyParameters) cipherParameters;
                ECPoint normalize = new FixedPointCombMultiplier().multiply(eCPrivateKeyParameters.getParameters().getG(), eCPrivateKeyParameters.getD()).normalize();
                str = InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind + String.format("%1$064x", normalize.getAffineXCoord().toBigInteger()) + String.format("%1$064x", normalize.getAffineYCoord().toBigInteger());
            }
        } else if ("SM2public".equalsIgnoreCase(clearKeyParameter.getKeyType())) {
            str = InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind + clearKeyParameter.getPublicKey().toUpperCase();
        }
        return str;
    }

    public KeyHolder generateKey(ClearKeyParameter clearKeyParameter, int i) throws Exception {
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        byte[] generateRandom = generateRandom(i);
        byte[] bArr = null;
        ClearKeyParameter clearKeyParameter2 = null;
        if ("RSA".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            if ("SM4".equalsIgnoreCase(this.algorithmType)) {
                throw new Exception("generating SymmetricKey type error! allow type: DES/DESede/AES");
            }
            bArr = AsymmetricCipher.encipher("PKCS1PADDING", true, clearKeyParameter, generateRandom);
            clearKeyParameter2 = loadClear(Hex.toHexString(generateRandom), this.algorithmType);
        }
        if ("SM2".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            if (!"SM4".equalsIgnoreCase(this.algorithmType)) {
                throw new Exception("generating SymmetricKey type error! allow type: SM4");
            }
            bArr = AsymmetricCipher.encipher("SM2", true, clearKeyParameter, generateRandom);
            clearKeyParameter2 = loadClear(Hex.toHexString(generateRandom), this.algorithmType);
        }
        return new KeyHolder(clearKeyParameter2, Hex.toHexString(bArr).toUpperCase());
    }

    public ClearKeyParameter importKey(ClearKeyParameter clearKeyParameter, String str) throws Exception {
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        byte[] decode = Hex.decode(str);
        byte[] bArr = null;
        if ("RSA".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            if ("SM4".equalsIgnoreCase(this.algorithmType)) {
                throw new Exception("generating SymmetricKey type error! allow type: DES/DESede/AES");
            }
            bArr = AsymmetricCipher.encipher("PKCS1PADDING", false, clearKeyParameter, decode);
        }
        if ("SM2".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            if (!"SM4".equalsIgnoreCase(this.algorithmType)) {
                throw new Exception("generating SymmetricKey type error! allow type: SM4");
            }
            bArr = AsymmetricCipher.encipher("SM2", false, clearKeyParameter, decode);
        }
        return loadClear(Hex.toHexString(bArr), this.algorithmType);
    }

    private byte[] generateRandom(int i) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[20];
        secureRandom.nextBytes(bArr);
        byte[] bArr2 = new byte[32];
        secureRandom.nextBytes(bArr2);
        return PBEkeyGenerate.generatePBEKey("PBKDF2", "SM3", null, i, bArr, bArr2, 16);
    }

    public static String getCheckValue(ClearKeyParameter clearKeyParameter) {
        String str = null;
        byte[] bArr = null;
        Cipher cipher = Cipher.getInstance(clearKeyParameter.getAlgorithm(), "ECB", "NOPADDING");
        if (AlgorithmConstants.DES.equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            bArr = new byte[8];
        }
        if (AlgorithmConstants.DESede.equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            bArr = new byte[8];
        }
        if ("AES".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            bArr = new byte[16];
        }
        if ("SM4".equalsIgnoreCase(clearKeyParameter.getAlgorithm())) {
            bArr = new byte[16];
        }
        try {
            str = Hex.toHexString(cipher.encipher(clearKeyParameter, bArr));
        } catch (Exception e) {
        }
        return str;
    }

    public static KeyHolder restoreKeyHolder(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        String[] split = str.split(";");
        if (split.length != 3) {
            return null;
        }
        try {
            ClearKeyParameter loadClear = loadClear(split[1], split[0]);
            ClearKeyFunction clearKeyFunction = getInstance(split[0]);
            clearKeyFunction.getClass();
            return new KeyHolder(loadClear, split[2]);
        } catch (Exception e) {
            return null;
        }
    }

    public String[] generateEnvelope(String str) throws Exception {
        int i;
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        String[] strArr = new String[2];
        GenerateEnvelopeBean generateEnvelopeBean = new GenerateEnvelopeBean();
        if (str == null || str.length() <= 0) {
            throw new ParmErrorException("generateEnvelope:key is empty !");
        }
        if (!str.matches("(\\p{XDigit}{130})") || !str.substring(0, 2).equals(InvestmentFundoutsourceIncomestatementqueryRequestV1.InvestmentFundoutsourceIncomestatementqueryRequestV1InRecord.reportKind)) {
            throw new ParmErrorException("generateEnvelope:PublicKey plaintext is error !" + str);
        }
        generateEnvelopeBean.setKid(str);
        if (this.algorithmType.equals("SM4")) {
            i = 16;
        } else if (this.algorithmType.equals(AlgorithmConstants.DES)) {
            i = 8;
        } else if (this.algorithmType.equals(AlgorithmConstants.DESede)) {
            i = 24;
        } else {
            if (!this.algorithmType.equals("AES")) {
                throw new ParmErrorException("generateEnvelope:Symmetric key algorithmType is error !" + this.algorithmType);
            }
            i = 32;
        }
        try {
            KeyHolder generateKey = generateKey(loadClear(str, "SM2PUBLIC"), i);
            try {
                String backupKeyHolder = generateKey.backupKeyHolder();
                String wappedExportedKey = generateKey.getWappedExportedKey();
                strArr[0] = backupKeyHolder;
                String base64String = UrlBase64.toBase64String(Hex.decode(wappedExportedKey));
                generateEnvelopeBean.setVer("K0");
                generateEnvelopeBean.setKwAlg("SM2/ANS1");
                generateEnvelopeBean.setEncKey(base64String);
                strArr[1] = UrlBase64.toBase64String(generateEnvelopeBean.mapToString().getBytes("UTF-8"));
                return strArr;
            } catch (Exception e) {
                throw new ParmErrorException("generateEnvelope:From KeyHolder object to get key fail!" + e.getMessage());
            }
        } catch (Exception e2) {
            throw new ParmErrorException("generateEnvelope:generateKey fail!" + e2.getMessage());
        }
    }

    public ClearKeyParameter decryptEnvelope(ClearKeyParameter clearKeyParameter, String str) throws Exception {
        if (IcbcEnvironment.isICBCEnvironment()) {
            throw new Exception("ClearKeyFunction not permit");
        }
        GenerateEnvelopeBean generateEnvelopeBean = new GenerateEnvelopeBean();
        if (str == null || str.length() <= 0) {
            throw new ParmErrorException("decryptEnvelope:Decipher data is empty！" + str);
        }
        try {
            try {
                generateEnvelopeBean.stringToMap(new String(UrlBase64.decode(str)));
                String encKey = generateEnvelopeBean.getEncKey();
                if (encKey == null || encKey.length() <= 0) {
                    throw new ParmErrorException("decryptEnvelope:Key cryptograph is empty!" + encKey);
                }
                try {
                    return importKey(clearKeyParameter, Hex.toHexString(UrlBase64.decode(encKey)));
                } catch (Exception e) {
                    throw new ParmErrorException("decryptEnvelope:Decipher key cryptograph fail!" + e.getMessage());
                }
            } catch (Exception e2) {
                throw new ParmErrorException("decryptEnvelope:StringToMap fail!" + e2.getMessage());
            }
        } catch (Exception e3) {
            throw new ParmErrorException("decryptEnvelope:Data from UrlBase64String to JsonString fail!" + e3.getMessage());
        }
    }
}
