package com.icbc.hsm.software.apiLib;

import com.icbc.bcprov.org.bouncycastle.crypto.BlockCipher;
import com.icbc.bcprov.org.bouncycastle.crypto.CipherParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.engines.AESEngine;
import com.icbc.bcprov.org.bouncycastle.crypto.engines.DESEngine;
import com.icbc.bcprov.org.bouncycastle.crypto.engines.DESedeEngine;
import com.icbc.bcprov.org.bouncycastle.crypto.engines.SM4Engine;
import com.icbc.hsm.json.bean.EncipherHashBean;
import com.icbc.hsm.json.bean.SealHashBean;
import com.icbc.hsm.software.apiLib.internal.KeyManager;
import com.icbc.hsm.software.basic.AsymmetricCipher;
import com.icbc.hsm.software.basic.HsmKeyParameter;
import com.icbc.hsm.software.basic.PBEkeyGenerate;
import com.icbc.hsm.software.basic.Rules;
import com.icbc.hsm.software.basic.SymmetricCipher;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.exception.ParmErrorException;
import com.icbc.hsm.software.external.ClearKeyFunction;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.software.parms.icbc.TempKeyBuilder;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.encoders.Hex;
import com.icbc.hsm.utils.encoders.UrlBase64;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/apiLib/Cipher.class */
public class Cipher {
    private static final String apiName = "cipher";
    private String algorithm;
    private String chainMode;
    private String padMode;
    private byte[] iv;

    /* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/apiLib/Cipher$SealedPackage.class */
    public class SealedPackage {
        private byte[] encryptedKey;
        private byte[] encryptedData;
        private String cipherParameters;

        SealedPackage(byte[] bArr, byte[] bArr2, String str) {
            this.encryptedKey = null;
            this.encryptedData = null;
            this.cipherParameters = null;
            this.encryptedKey = bArr;
            this.encryptedData = bArr2;
            this.cipherParameters = str;
        }

        public byte[] getEncryptedKey() {
            return this.encryptedKey;
        }

        public byte[] getEncryptedData() {
            return this.encryptedData;
        }

        public String getCipherParameters() {
            return this.cipherParameters;
        }
    }

    private Cipher(String str, String str2, String str3, byte[] bArr) {
        this.algorithm = null;
        this.chainMode = null;
        this.padMode = null;
        this.iv = null;
        this.algorithm = str;
        this.chainMode = str2;
        this.padMode = str3;
        if (bArr != null) {
            this.iv = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.iv, 0, bArr.length);
        }
    }

    public static Cipher getInstance(String str) {
        return ("SM2".equalsIgnoreCase(str) || "RSA".equalsIgnoreCase(str) || "RSA-OAEP".equalsIgnoreCase(str)) ? new Cipher(str, null, null, (byte[]) null) : getInstance(str, "CBC", "PKCS5PADDING", null);
    }

    public static Cipher getInstance(String str, String str2, String str3) {
        return getInstance(str, str2, str3, null);
    }

    public static Cipher getInstance(String str, String str2, String str3, byte[] bArr) {
        return new Cipher(str, str2, str3, bArr);
    }

    public byte[] encipher(HsmKeyParameter hsmKeyParameter, byte[] bArr) throws Exception {
        return cipher(hsmKeyParameter, bArr, true);
    }

    public long encipher(HsmKeyParameter hsmKeyParameter, InputStream inputStream, OutputStream outputStream) throws Exception {
        return cipher(hsmKeyParameter, inputStream, outputStream, true);
    }

    public byte[] decipher(HsmKeyParameter hsmKeyParameter, byte[] bArr) throws Exception {
        return cipher(hsmKeyParameter, bArr, false);
    }

    public long decipher(HsmKeyParameter hsmKeyParameter, InputStream inputStream, OutputStream outputStream) throws Exception {
        return cipher(hsmKeyParameter, inputStream, outputStream, false);
    }

    private byte[] cipher(HsmKeyParameter hsmKeyParameter, byte[] bArr, boolean z) throws Exception {
        if (Rules.parmCheck(this.algorithm, hsmKeyParameter, apiName)) {
            return SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, z, hsmKeyParameter, this.iv, bArr);
        }
        throw new ParmErrorException("key type error!");
    }

    private long cipher(HsmKeyParameter hsmKeyParameter, InputStream inputStream, OutputStream outputStream, boolean z) throws Exception {
        if (Rules.parmCheck(this.algorithm, hsmKeyParameter, apiName)) {
            return SymmetricCipher.streamCipher(this.algorithm, this.chainMode, this.padMode, z, hsmKeyParameter, this.iv, inputStream, outputStream).longValue();
        }
        throw new ParmErrorException("key type error!");
    }

    public SealedPackage seal(HsmKeyParameter hsmKeyParameter, byte[] bArr, String str) throws Exception {
        int i = 0;
        if (AlgorithmConstants.DES.equalsIgnoreCase(this.algorithm)) {
            i = 8;
        } else if (AlgorithmConstants.DESede.equalsIgnoreCase(this.algorithm)) {
            i = 24;
        } else if ("AES".equalsIgnoreCase(this.algorithm)) {
            i = 32;
        } else if ("SM4".equalsIgnoreCase(this.algorithm)) {
            i = 16;
        }
        byte[] generateRandom = generateRandom(i);
        byte[] bArr2 = null;
        if ("RSA".equalsIgnoreCase(hsmKeyParameter.getAlgorithm())) {
            if (str == null) {
                str = "PKCS1PADDING";
            }
            bArr2 = AsymmetricCipher.encipher(str, true, hsmKeyParameter, generateRandom);
        }
        if ("SM2".equalsIgnoreCase(hsmKeyParameter.getAlgorithm())) {
            if (str == null) {
                str = "SM2";
            }
            bArr2 = AsymmetricCipher.encipher(str, true, hsmKeyParameter, generateRandom);
        }
        return new SealedPackage(bArr2, SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, true, IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey(this.algorithm, false, generateRandom) : ClearKeyParameter.getInstance(this.algorithm, false, generateRandom), this.iv, bArr), str + ";" + this.algorithm + "/" + this.chainMode + "/" + this.padMode);
    }

    public byte[] unseal(HsmKeyParameter hsmKeyParameter, byte[] bArr, byte[] bArr2, String str) throws Exception {
        byte[] encipher = AsymmetricCipher.encipher(str, false, hsmKeyParameter, bArr);
        return cipher(IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey(this.algorithm, false, encipher) : ClearKeyParameter.getInstance(this.algorithm, false, encipher), bArr2, false);
    }

    public long unseal(HsmKeyParameter hsmKeyParameter, byte[] bArr, String str, InputStream inputStream, OutputStream outputStream) throws Exception {
        byte[] encipher = AsymmetricCipher.encipher(str, false, hsmKeyParameter, bArr);
        return cipher(IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey(this.algorithm, false, encipher) : ClearKeyParameter.getInstance(this.algorithm, false, encipher), inputStream, outputStream, false);
    }

    public String encipherHash(HsmKeyParameter hsmKeyParameter, byte[] bArr) throws Exception {
        BlockCipher aESEngine;
        EncipherHashBean encipherHashBean = new EncipherHashBean();
        EncipherHashBean encipherHashBean2 = new EncipherHashBean(null);
        encipherHashBean.setVer("E0");
        encipherHashBean2.setVer("E0");
        if (!Rules.parmCheck(this.algorithm, hsmKeyParameter, apiName)) {
            throw new ParmErrorException("encipherHash:key&algorithm&apiName inconformity!");
        }
        if (bArr == null || bArr.length <= 0) {
            throw new ParmErrorException("encipherHash:encipher data is empty！");
        }
        if ("SM4".equalsIgnoreCase(this.algorithm)) {
            aESEngine = new SM4Engine();
        } else if (AlgorithmConstants.DES.equalsIgnoreCase(this.algorithm)) {
            aESEngine = new DESEngine();
        } else if (AlgorithmConstants.DESede.equalsIgnoreCase(this.algorithm)) {
            aESEngine = new DESedeEngine();
        } else {
            if (!"AES".equalsIgnoreCase(this.algorithm)) {
                throw new ParmErrorException("encipherHash:symmetrical key Algorithm Name error:" + this.algorithm);
            }
            aESEngine = new AESEngine();
        }
        encipherHashBean.setEncAlg(this.algorithm + "/" + this.chainMode + "/" + this.padMode);
        encipherHashBean2.setEncAlg(this.algorithm + "/" + this.chainMode + "/" + this.padMode);
        if (this.iv == null) {
            this.iv = new byte[aESEngine.getBlockSize()];
            new SecureRandom().nextBytes(this.iv);
        }
        encipherHashBean.setIv(UrlBase64.toBase64String(this.iv));
        encipherHashBean2.setIv(UrlBase64.toBase64String(this.iv));
        try {
            encipherHashBean2.setEncData(UrlBase64.toBase64String(SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, true, hsmKeyParameter, this.iv, bArr)));
            byte[] checkValue = SymmetricCipher.getCheckValue(this.algorithm, hsmKeyParameter);
            encipherHashBean.setKid(UrlBase64.toBase64String(checkValue));
            encipherHashBean2.setKid(UrlBase64.toBase64String(checkValue));
            Hash hash = Hash.getInstance("SM3");
            try {
                encipherHashBean.setEncData(UrlBase64.toBase64String(hash.GenerateHash(bArr)));
                try {
                    encipherHashBean2.setMac(UrlBase64.toBase64String(hash.GenerateHash(encipherHashBean.mapToString().getBytes("UTF-8"))));
                    return UrlBase64.toBase64String(encipherHashBean2.mapToString().getBytes("UTF-8"));
                } catch (Exception e) {
                    throw new ParmErrorException("encipherHash:second Hash fail!" + e.getMessage());
                }
            } catch (Exception e2) {
                throw new ParmErrorException("encipherHash:first Hash fail!" + e2.getMessage());
            }
        } catch (Exception e3) {
            throw new ParmErrorException("encipherHash:encipher fail!" + e3.getMessage());
        }
    }

    public byte[] decipherHash(HsmKeyParameter hsmKeyParameter, String str) throws Exception {
        EncipherHashBean encipherHashBean = new EncipherHashBean(null);
        if (!Rules.parmCheck(this.algorithm, hsmKeyParameter, apiName)) {
            throw new ParmErrorException("decipherHash:key&algorithm&apiName inconformity!");
        }
        if (str == null && str.length() <= 0) {
            throw new ParmErrorException("decipherHash:encipher data is empty！");
        }
        try {
            try {
                encipherHashBean.stringToMap(new String(UrlBase64.decode(str)));
                String mac = encipherHashBean.getMac();
                try {
                    byte[] decode = UrlBase64.decode(encipherHashBean.getEncData());
                    this.iv = UrlBase64.decode(encipherHashBean.getIv());
                    byte[] blockCipher = SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, false, hsmKeyParameter, this.iv, decode);
                    Hash hash = Hash.getInstance("SM3");
                    try {
                        byte[] GenerateHash = hash.GenerateHash(blockCipher);
                        try {
                            encipherHashBean.removeKey("mac");
                            encipherHashBean.setEncData(UrlBase64.toBase64String(GenerateHash));
                            try {
                                if (mac.equalsIgnoreCase(UrlBase64.toBase64String(hash.GenerateHash(encipherHashBean.mapToString().getBytes("UTF-8"))))) {
                                    return blockCipher;
                                }
                                throw new ParmErrorException("decipherHash:hash verify fail！");
                            } catch (Exception e) {
                                throw new ParmErrorException("decipherHash:second Hash fail! maybe the hashData is error" + e.getMessage());
                            }
                        } catch (Exception e2) {
                            throw new ParmErrorException("decipherHash:modify hash data fail!" + e2.getMessage());
                        }
                    } catch (Exception e3) {
                        throw new ParmErrorException("decipherHash:first Hash fail!" + e3.getMessage());
                    }
                } catch (Exception e4) {
                    throw new ParmErrorException("decipherHash:decipher fail!" + e4.getMessage());
                }
            } catch (Exception e5) {
                throw new ParmErrorException("decipherHash:stringToMap fail!" + e5.getMessage());
            }
        } catch (Exception e6) {
            throw new ParmErrorException("decipherHash:data from Base64String to JsonString fail!" + e6.getMessage());
        }
    }

    public String sealHash(String str, byte[] bArr) throws Exception {
        SealHashBean sealHashBean = new SealHashBean();
        SealHashBean sealHashBean2 = new SealHashBean(null);
        if (str == null || str.length() <= 0 || bArr == null || bArr.length <= 0) {
            throw new ParmErrorException("sealHash:key is empty !");
        }
        if (!this.algorithm.equals("SM4") && !this.algorithm.equals(AlgorithmConstants.DESede) && !this.algorithm.equals(AlgorithmConstants.DES) && !this.algorithm.equals("AES")) {
            throw new ParmErrorException("sealHash:algorithm is error!");
        }
        try {
            String[] generateEnvelope = IcbcEnvironment.isICBCEnvironment() ? KeyManager.getInstance(this.algorithm).generateEnvelope(str) : ClearKeyFunction.getInstance(this.algorithm).generateEnvelope(str);
            String str2 = generateEnvelope[0];
            String str3 = generateEnvelope[1];
            try {
                CipherParameters hsmKeyParameter = IcbcEnvironment.isICBCEnvironment() ? KeyManager.restoreKeyHolder(str2).getHsmKeyParameter() : ClearKeyFunction.restoreKeyHolder(str2).getHsmKeyParameter();
                sealHashBean.setVer("E0");
                sealHashBean2.setVer("E0");
                BlockCipher blockCipher = null;
                if ("SM4".equalsIgnoreCase(this.algorithm)) {
                    blockCipher = new SM4Engine();
                } else if (AlgorithmConstants.DES.equalsIgnoreCase(this.algorithm)) {
                    blockCipher = new DESEngine();
                } else if (AlgorithmConstants.DESede.equalsIgnoreCase(this.algorithm)) {
                    blockCipher = new DESedeEngine();
                } else if ("AES".equalsIgnoreCase(this.algorithm)) {
                    blockCipher = new AESEngine();
                }
                sealHashBean.setEncAlg(this.algorithm + "/" + this.chainMode + "/" + this.padMode);
                sealHashBean2.setEncAlg(this.algorithm + "/" + this.chainMode + "/" + this.padMode);
                if (this.iv == null) {
                    this.iv = new byte[blockCipher.getBlockSize()];
                    new SecureRandom().nextBytes(this.iv);
                }
                sealHashBean.setIv(UrlBase64.toBase64String(this.iv));
                sealHashBean2.setIv(UrlBase64.toBase64String(this.iv));
                try {
                    sealHashBean2.setEncData(UrlBase64.toBase64String(SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, true, hsmKeyParameter, this.iv, bArr)));
                    sealHashBean.setCEK(str3);
                    sealHashBean2.setCEK(str3);
                    Hash hash = Hash.getInstance("SM3");
                    try {
                        sealHashBean.setEncData(UrlBase64.toBase64String(hash.GenerateHash(bArr)));
                        try {
                            sealHashBean2.setMac(UrlBase64.toBase64String(hash.GenerateHash(sealHashBean.mapToString().getBytes("UTF-8"))));
                            return UrlBase64.toBase64String(sealHashBean2.mapToString().getBytes("UTF-8"));
                        } catch (Exception e) {
                            throw new ParmErrorException("sealHash:second Hash fail!" + e.getMessage());
                        }
                    } catch (Exception e2) {
                        throw new ParmErrorException("sealHash:first Hash fail!" + e2.getMessage());
                    }
                } catch (Exception e3) {
                    throw new ParmErrorException("sealHash:encipher fail!" + e3.getMessage());
                }
            } catch (Exception e4) {
                throw new ParmErrorException("sealHash:Get symmetric key object fail!" + e4.getMessage());
            }
        } catch (Exception e5) {
            throw new ParmErrorException("sealHash:generateEnvelope to get random symmetric key fail!" + e5.getMessage());
        }
    }

    public byte[] unSealHash(HsmKeyParameter hsmKeyParameter, String str) throws Exception {
        byte[] bArr = null;
        SealHashBean sealHashBean = new SealHashBean(null);
        if (str != null && str.length() > 0) {
            try {
                try {
                    sealHashBean.stringToMap(new String(UrlBase64.decode(str)));
                    String mac = sealHashBean.getMac();
                    String cek = sealHashBean.getCEK();
                    String encData = sealHashBean.getEncData();
                    if (cek == null || cek.length() <= 0 || encData == null || encData.length() <= 0) {
                        throw new ParmErrorException("unSealHash:from SealHashBean map to get data is empty!");
                    }
                    if (!this.algorithm.equals("SM4") && !this.algorithm.equals(AlgorithmConstants.DESede) && !this.algorithm.equals(AlgorithmConstants.DES) && !this.algorithm.equals("AES")) {
                        throw new ParmErrorException("unSealHash:algorithm is error!");
                    }
                    try {
                        CipherParameters decryptEnvelope = IcbcEnvironment.isICBCEnvironment() ? KeyManager.getInstance(this.algorithm).decryptEnvelope(hsmKeyParameter, cek) : ClearKeyFunction.getInstance(this.algorithm).decryptEnvelope((ClearKeyParameter) hsmKeyParameter, cek);
                        try {
                            this.iv = UrlBase64.decode(sealHashBean.getIv());
                            byte[] blockCipher = SymmetricCipher.blockCipher(this.algorithm, this.chainMode, this.padMode, false, decryptEnvelope, this.iv, UrlBase64.decode(encData));
                            Hash hash = Hash.getInstance("SM3");
                            try {
                                byte[] GenerateHash = hash.GenerateHash(blockCipher);
                                try {
                                    sealHashBean.removeKey("mac");
                                    sealHashBean.setEncData(UrlBase64.toBase64String(GenerateHash));
                                    try {
                                        if (!mac.equalsIgnoreCase(UrlBase64.toBase64String(hash.GenerateHash(sealHashBean.mapToString().getBytes("UTF-8"))))) {
                                            throw new ParmErrorException("unSealHash:hash verify fail！");
                                        }
                                        bArr = blockCipher;
                                    } catch (Exception e) {
                                        throw new ParmErrorException("unSealHash:second Hash fail! maybe the hashData is error" + e.getMessage());
                                    }
                                } catch (Exception e2) {
                                    throw new ParmErrorException("unSealHash:modify hash data fail!" + e2.getMessage());
                                }
                            } catch (Exception e3) {
                                throw new ParmErrorException("unSealHash:first Hash fail!" + e3.getMessage());
                            }
                        } catch (Exception e4) {
                            throw new ParmErrorException("unSealHash:decipher business ciphertext fail!" + e4.getMessage());
                        }
                    } catch (Exception e5) {
                        throw new ParmErrorException("unSealHash:decryptEnvelope to get random symmetric key fail!" + e5.getMessage());
                    }
                } catch (Exception e6) {
                    throw new ParmErrorException("unSealHash:stringToMap fail!");
                }
            } catch (Exception e7) {
                throw new ParmErrorException("unSealHash:data from UrlBase64String to JsonString fail!" + e7.getMessage());
            }
        }
        return bArr;
    }

    private byte[] generateRandom(int i) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[20];
        secureRandom.nextBytes(bArr);
        byte[] bArr2 = new byte[32];
        secureRandom.nextBytes(bArr2);
        return PBEkeyGenerate.generatePBEKey("PBKDF2", "SM3", null, i, bArr, bArr2, 16);
    }

    public String getParameter() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("algorithm: ").append(this.algorithm).append("; ");
        stringBuffer.append("chainMode: ").append(this.chainMode).append("; ");
        stringBuffer.append("padMode: ").append(this.padMode).append("; ");
        stringBuffer.append("iv: ").append(this.iv == null ? "null" : Hex.toHexString(this.iv));
        return stringBuffer.toString();
    }

    public String[] rsaDigitalEnvelope(HsmKeyParameter hsmKeyParameter, byte[] bArr) throws Exception {
        if (hsmKeyParameter == null || bArr == null) {
            throw new Exception("Rsa public key or data is null. Please check.");
        }
        SealedPackage seal = seal(hsmKeyParameter, bArr, "OAEPWITHSHA-256ANDMGF1PADDING");
        byte[] encryptedData = seal.getEncryptedData();
        return new String[]{Hex.toHexString(seal.getEncryptedKey()), Hex.toHexString(encryptedData, encryptedData.length - 16, 16), Hex.toHexString(encryptedData, 0, encryptedData.length - 16)};
    }

    public byte[] getIV() {
        return this.iv;
    }

    public void setIV(byte[] bArr) {
        this.iv = bArr;
    }
}
