package com.icbc.hsm.software.apiLib;

import com.icbc.bcprov.org.bouncycastle.util.Arrays;
import com.icbc.hsm.software.basic.AsymmetricCipher;
import com.icbc.hsm.software.basic.HsmKeyParameter;
import com.icbc.hsm.software.basic.PBEkeyGenerate;
import com.icbc.hsm.software.basic.Rules;
import com.icbc.hsm.software.basic.SymmetricCipher;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.exception.ParmErrorException;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.software.parms.icbc.IcbcAsymmetricKeyParameter;
import com.icbc.hsm.software.parms.icbc.TempKeyBuilder;
import com.icbc.hsm.utils.AlgorithmConstants;
import com.icbc.hsm.utils.Util;
import com.icbc.hsm.utils.encoders.Base64;
import com.icbc.hsm.utils.encoders.Hex;
import java.security.SecureRandom;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-0.0.3-SNAPSHOT.jar:com/icbc/hsm/software/apiLib/Pinblock.class */
public class Pinblock {
    private static final String apiName = "pin";
    private String pinAlgorithm;

    private Pinblock(String str) {
        this.pinAlgorithm = null;
        this.pinAlgorithm = str;
    }

    public static Pinblock getInstance(String str) {
        return new Pinblock(str);
    }

    String encipherPin(String str, String str2, String str3) throws Exception {
        byte[] buildCUPPinblock = buildCUPPinblock(str2, str3);
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[20];
        secureRandom.nextBytes(bArr);
        byte[] bArr2 = new byte[32];
        secureRandom.nextBytes(bArr2);
        byte[] generatePBEKey = PBEkeyGenerate.generatePBEKey("PBKDF2", AlgorithmConstants.SM3, null, 16, bArr, bArr2, 16);
        ClearKeyParameter LoadKey = IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey("SM4", false, generatePBEKey) : ClearKeyParameter.getInstance("SM4", false, generatePBEKey);
        byte[] encipher = AsymmetricCipher.encipher("SM2", true, IcbcEnvironment.isICBCEnvironment() ? TempKeyBuilder.LoadKey("SM2", false, Hex.decode(str)) : ClearKeyParameter.getInstance("SM2", false, Hex.decode(str)), generatePBEKey);
        Arrays.fill(generatePBEKey, (byte) 0);
        byte[] blockCipher = SymmetricCipher.blockCipher("SM4", "ECB", AlgorithmConstants.NoPadding, true, LoadKey, null, buildCUPPinblock);
        Arrays.fill(buildCUPPinblock, (byte) 0);
        StringBuilder sb = new StringBuilder();
        sb.append("SM2#");
        sb.append(Base64.toBase64String(Hex.decode(str))).append("#");
        sb.append(Base64.toBase64String(encipher)).append("#");
        sb.append(Hex.toHexString(blockCipher)).append("#");
        sb.append(str3);
        return sb.toString();
    }

    public String encipherPin(HsmKeyParameter hsmKeyParameter, String str, String str2) throws Exception {
        String str3 = null;
        if ("ISO".equalsIgnoreCase(this.pinAlgorithm)) {
            str3 = AlgorithmConstants.DES;
        } else if ("CUP".equalsIgnoreCase(this.pinAlgorithm)) {
            str3 = "SM4";
        } else if ("ICBC".equalsIgnoreCase(this.pinAlgorithm)) {
            str3 = "SM4";
        }
        if (IcbcEnvironment.isICBCEnvironment() && (hsmKeyParameter instanceof IcbcAsymmetricKeyParameter)) {
            IcbcAsymmetricKeyParameter icbcAsymmetricKeyParameter = (IcbcAsymmetricKeyParameter) hsmKeyParameter;
            if ("SM2public".equalsIgnoreCase(icbcAsymmetricKeyParameter.getKeyType())) {
                return encipherPin(icbcAsymmetricKeyParameter.getPublicKey(), str, str2);
            }
            throw new ParmErrorException("key type error!");
        }
        if (hsmKeyParameter instanceof ClearKeyParameter) {
            ClearKeyParameter clearKeyParameter = (ClearKeyParameter) hsmKeyParameter;
            if ("SM2public".equalsIgnoreCase(clearKeyParameter.getKeyType())) {
                return encipherPin(clearKeyParameter.getPublicKey(), str, str2);
            }
            throw new ParmErrorException("key type error!");
        }
        if (!Rules.parmCheck(str3, hsmKeyParameter, apiName)) {
            throw new ParmErrorException("key type error!");
        }
        String algorithm = hsmKeyParameter.getAlgorithm();
        byte[] bArr = null;
        if ("SM4".equalsIgnoreCase(algorithm)) {
            byte[] buildCUPPinblock = buildCUPPinblock(str, str2);
            bArr = SymmetricCipher.blockCipher("SM4", "ECB", AlgorithmConstants.NoPadding, true, hsmKeyParameter, null, buildCUPPinblock);
            Arrays.fill(buildCUPPinblock, (byte) 0);
        } else if (AlgorithmConstants.DESede.equalsIgnoreCase(algorithm)) {
            byte[] buildISOPinblock = buildISOPinblock(str, str2);
            bArr = SymmetricCipher.blockCipher(AlgorithmConstants.DESede, "ECB", AlgorithmConstants.NoPadding, true, hsmKeyParameter, null, buildISOPinblock);
            Arrays.fill(buildISOPinblock, (byte) 0);
        } else if (AlgorithmConstants.DES.equalsIgnoreCase(algorithm)) {
            byte[] buildISOPinblock2 = buildISOPinblock(str, str2);
            bArr = SymmetricCipher.blockCipher(AlgorithmConstants.DES, "ECB", AlgorithmConstants.NoPadding, true, hsmKeyParameter, null, buildISOPinblock2);
            Arrays.fill(buildISOPinblock2, (byte) 0);
        }
        return Base64.toBase64String(bArr);
    }

    private static byte[] buildCUPPinblock(String str, String str2) throws Exception {
        String str3;
        if (str == null || !str.matches("\\p{Digit}{4,12}")) {
            throw new Exception("pin error!");
        }
        if (str2 != null && !str2.matches("\\p{Digit}+")) {
            throw new Exception("pan error!");
        }
        String substring = ("0" + String.format("%1$01X", Integer.valueOf(str.length())) + str + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF").substring(0, 32);
        if (str2 == null) {
            str3 = "00000000000000000000000000000000";
        } else if (str2.length() == 12) {
            str3 = "00000000000000000000" + str2;
        } else {
            if (str2.length() <= 12) {
                throw new Exception("pan data error!");
            }
            str3 = "00000000000000000000" + str2.substring((str2.length() - 1) - 12, str2.length() - 1);
        }
        return Util.Xor(Hex.decode(substring), Hex.decode(str3));
    }

    private static byte[] buildISOPinblock(String str, String str2) throws Exception {
        if (str == null || !str.matches("\\p{Digit}{4,12}")) {
            throw new Exception("pin error!");
        }
        if (str2 == null || !str2.matches("\\p{Digit}{12,}")) {
            throw new Exception("pan error!");
        }
        String substring = ("0" + String.format("%1$01X", Integer.valueOf(str.length())) + str + "FFFFFFFFFF").substring(0, 16);
        String str3 = null;
        if (str2.length() == 12) {
            str3 = "0000" + str2;
        } else if (str2.length() > 12) {
            str3 = "0000" + str2.substring((str2.length() - 1) - 12, str2.length() - 1);
        }
        return Util.Xor(Hex.decode(substring), Hex.decode(str3));
    }
}
