package cn.com.infosec.netsign.agent.impl;

import cn.com.infosec.jcajce.jce.oscca.SM2;
import cn.com.infosec.netsign.agent.GenericCertificate;
import cn.com.infosec.netsign.agent.NetSignAgentUtil;
import cn.com.infosec.netsign.agent.exception.NetSignAgentException;
import cn.com.infosec.netsign.agent.impl.base.AgentBasic;
import cn.com.infosec.netsign.agent.impl.project.util.KeyPairCreator;
import cn.com.infosec.netsign.agent.newcommunitor.CommunicatorManager;
import cn.com.infosec.netsign.agent.resource.AgentErrorRes;
import cn.com.infosec.netsign.base.ErrorInfoRes;
import cn.com.infosec.netsign.base.NSMessage;
import cn.com.infosec.netsign.base.NSMessageOpt;
import cn.com.infosec.netsign.base.TransUtil;
import cn.com.infosec.netsign.constant.AlgorithmConst;
import cn.com.infosec.netsign.crypto.util.Base64;
import cn.com.infosec.netsign.der.util.DERSegment;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.netsign.util.DataUtils;
import cn.com.infosec.oscca.encryption.SM4ECB;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.cert.X509Certificate;

/* loaded from: input_file:cn/com/infosec/netsign/agent/impl/EnvelopeAgentImpl.class */
public class EnvelopeAgentImpl extends AgentBasic {
    private static final String MODE = "/ECB/PKCS7Padding";

    public EnvelopeAgentImpl(CommunicatorManager communicatorManager) {
        super(communicatorManager);
    }

    public byte[] makeEnvelope(byte[] bArr, String str, String str2) throws NetSignAgentException {
        return makeEnvelopeV1(bArr, null, str, str2);
    }

    public byte[] makeEnvelope(byte[] bArr, X509Certificate x509Certificate, String str) throws NetSignAgentException {
        return makeEnvelopeV1(bArr, x509Certificate, null, str);
    }

    public byte[] makeEnvelopeV2(byte[] bArr, X509Certificate x509Certificate, String str, String str2) throws NetSignAgentException {
        return makeEnvelope(bArr, x509Certificate, str, str2, TransUtil.MAKE_ENVELOPE_V2);
    }

    public byte[] makeEnvelopeV1(byte[] bArr, X509Certificate x509Certificate, String str, String str2) throws NetSignAgentException {
        return makeEnvelope(bArr, x509Certificate, str, str2, TransUtil.MAKE_ENVELOPE);
    }

    public byte[] makeEnvelope(byte[] bArr, X509Certificate x509Certificate, String str, String str2, String str3) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(str3);
        createMessage.setPlainText(bArr);
        createMessage.setTransCert(true);
        try {
            createMessage.setCert(NetSignAgentUtil.transcertificate(x509Certificate));
        } catch (NetSignAgentException e) {
            createMessage.setCert(x509Certificate);
        }
        createMessage.setEncCertDN(str);
        createMessage.setSymmetricalAlg(str2);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("makeEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("makeEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        return sendMsg.getCryptoText();
    }

    public String makeEnvelope(X509Certificate x509Certificate, String str, byte[] bArr) throws NetSignAgentException {
        return Base64.encode(makeEnvelope(bArr, x509Certificate, str));
    }

    public String makeMSEnvelope(String str, X509Certificate x509Certificate, String str2, String str3, byte[] bArr) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.MAKE_MS_ENVELOPE);
        createMessage.setPlainText(bArr);
        createMessage.setTransCert(true);
        try {
            createMessage.setCert(NetSignAgentUtil.transcertificate(x509Certificate));
        } catch (NetSignAgentException e) {
            createMessage.setCert(x509Certificate);
        }
        createMessage.setSignCertDN(str);
        createMessage.setSymmetricalAlg(str3);
        createMessage.setDigestAlg(str2);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("makeMSEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("makeMSEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        return Base64.encode(sendMsg.getCryptoText());
    }

    public Object[] decryptEnvelope(String str, String str2) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.DECRYPT_ENVELOPE);
        createMessage.setCryptoText(Base64.decode(str));
        createMessage.setEncCertDN(str2);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("decryptEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("decryptEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        GenericCertificate genericCertificate = new GenericCertificate();
        genericCertificate.setSubject(sendMsg.getEncSubject());
        genericCertificate.setSer_number(sendMsg.getEncSerNumber());
        genericCertificate.setIssuer_subject(sendMsg.getEncIssuerSubject());
        genericCertificate.setStart_time(sendMsg.getEncStartTime());
        genericCertificate.setEnd_time(sendMsg.getEncEndtime());
        return new Object[]{Base64.encode(sendMsg.getPlainText()), genericCertificate};
    }

    public Object[] decryptEnvelope(byte[] bArr) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.DECRYPT_ENVELOPE);
        createMessage.setCryptoText(bArr);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("decryptEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("decryptEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        GenericCertificate genericCertificate = new GenericCertificate();
        try {
            genericCertificate.setCert(sendMsg.getCert());
        } catch (Exception e) {
        }
        genericCertificate.setSubject(sendMsg.getEncSubject());
        genericCertificate.setSer_number(sendMsg.getEncSerNumber());
        genericCertificate.setIssuer_subject(sendMsg.getEncIssuerSubject());
        genericCertificate.setStart_time(sendMsg.getEncStartTime());
        genericCertificate.setEnd_time(sendMsg.getEncEndtime());
        return new Object[]{sendMsg.getPlainText(), genericCertificate};
    }

    public Object[] decryptMSEnvelope(String str, String str2, String str3) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.DECRYPT_MS_ENVELOPE);
        createMessage.setCryptoText(Base64.decode(str));
        createMessage.setEncCertDN(str2);
        createMessage.setDigestAlg(str3);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("decryptEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("decryptEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        GenericCertificate genericCertificate = new GenericCertificate();
        genericCertificate.setSubject(sendMsg.getEncSubject());
        genericCertificate.setSer_number(sendMsg.getEncSerNumber());
        genericCertificate.setIssuer_subject(sendMsg.getEncIssuerSubject());
        genericCertificate.setStart_time(sendMsg.getEncStartTime());
        genericCertificate.setEnd_time(sendMsg.getEncEndtime());
        GenericCertificate genericCertificate2 = new GenericCertificate();
        genericCertificate2.setSubject(sendMsg.getSignSubject());
        genericCertificate2.setSer_number(sendMsg.getSignSerNumber());
        genericCertificate2.setIssuer_subject(sendMsg.getSignIssuerSubject());
        genericCertificate2.setStart_time(sendMsg.getSignStartTime());
        genericCertificate2.setEnd_time(sendMsg.getSignEndtime());
        return new Object[]{Base64.encode(sendMsg.getPlainText()), genericCertificate, genericCertificate2};
    }

    private NSMessage requestServiceAlg(String str, X509Certificate x509Certificate, String str2) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.SERVICE_INFO);
        createMessage.setEncCertDN(str);
        createMessage.setCert(x509Certificate);
        createMessage.setSymmetricalAlg(str2);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("requestServiceAlg{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("requestServiceAlg{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        return sendMsg;
    }

    public void makeEnvelope(InputStream inputStream, OutputStream outputStream, String str, X509Certificate x509Certificate, String str2) throws NetSignAgentException {
        String symmetricalAlg = requestServiceAlg(str, x509Certificate, str2).getSymmetricalAlg();
        if ("3DES".equals(symmetricalAlg.toUpperCase())) {
            symmetricalAlg = "DESEde";
        }
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.MAKE_EMPTY_ENVELOPE);
        try {
            createMessage.setPlainText(calSymmAlgCryptoLen(symmetricalAlg, inputStream.available()).getBytes());
            createMessage.setCert(NetSignAgentUtil.transcertificate(x509Certificate));
        } catch (Exception e) {
            createMessage.setCert(x509Certificate);
        }
        KeyPair keyPair = KeyPairCreator.getKeyPair();
        createMessage.setEncKey(keyPair.getPublic().getEncoded());
        createMessage.setEncCertDN(str);
        createMessage.setSymmetricalAlg(symmetricalAlg);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("makeMSEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("makeMSEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        try {
            byte[][] decryptKeyIv = decryptKeyIv(sendMsg.getEncKey(), keyPair.getPrivate().getD(), Integer.parseInt(sendMsg.getDigestAlg()));
            byte[] bArr = decryptKeyIv[0];
            byte[] bArr2 = decryptKeyIv[1];
            outputStream.write(sendMsg.getCryptoText());
            encryptStream(DataUtils.modeHandle(symmetricalAlg), inputStream, outputStream, bArr2, bArr);
        } catch (Exception e2) {
            throw new NetSignAgentException(AgentErrorRes.WRITE_FILE_FAILED, errMsg);
        }
    }

    private String calSymmAlgCryptoLen(String str, int i) {
        int intValue = AlgorithmConst.getAlgGroupSize(str).intValue();
        return intValue == 0 ? i + "" : ((i + intValue) - (i % intValue)) + "";
    }

    public X509Certificate decryptEnvelope(InputStream inputStream, OutputStream outputStream) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.DECRYPT_EMPTY_ENVELOPE);
        try {
            byte[] bArr = new byte[Math.min(inputStream.available(), 1024)];
            inputStream.read(bArr);
            KeyPair keyPair = KeyPairCreator.getKeyPair();
            createMessage.setCryptoText(bArr);
            createMessage.setEncKey(keyPair.getPublic().getEncoded());
            NSMessageOpt sendMsg = sendMsg(createMessage);
            if (sendMsg == null) {
                logString("makeMSEnvelope{connect to server failed}");
                throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
            }
            int result = sendMsg.getResult();
            String errMsg = sendMsg.getErrMsg();
            logString("makeMSEnvelope{returnCode:" + result + "}");
            if (result != 1) {
                throw new NetSignAgentException(result, errMsg);
            }
            try {
                byte[][] decryptKeyIv = decryptKeyIv(sendMsg.getEncKey(), keyPair.getPrivate().getD(), Integer.parseInt(sendMsg.getDigestAlg()));
                byte[] bArr2 = decryptKeyIv[0];
                byte[] bArr3 = decryptKeyIv[1];
                String symmetricalAlg = sendMsg.getSymmetricalAlg();
                if ("3DES".equals(symmetricalAlg.toUpperCase())) {
                    symmetricalAlg = "DESEde";
                }
                inputStream.skip((r0 - Integer.parseInt(new String(sendMsg.getPlainText()))) - bArr.length);
                try {
                    decryptStream(symmetricalAlg, inputStream, outputStream, bArr3, bArr2);
                    return sendMsg.getCert();
                } catch (Exception e) {
                    ConsoleLogger.logException(e);
                    e.printStackTrace();
                    throw new NetSignAgentException(AgentErrorRes.DECRYPT_MSG_ERROR, e.getMessage());
                }
            } catch (Exception e2) {
                throw new NetSignAgentException(AgentErrorRes.DECRYPT_MSG_ERROR, errMsg);
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new NetSignAgentException(AgentErrorRes.INIT_PARA_NULL, "read crypto failed");
        }
    }

    private static boolean noAlgParam(byte[] bArr) {
        if (bArr.length == 0) {
            return true;
        }
        return bArr[0] == 5 && bArr[1] == 0;
    }

    private static void encryptStream(String str, InputStream inputStream, OutputStream outputStream, byte[] bArr, byte[] bArr2) throws Exception {
        if (str.toUpperCase().equals("SM4")) {
            NetSignAgentUtil.symmCipherSM4(inputStream, outputStream, bArr, bArr2, SM4ECB.ENC_MOD);
            return;
        }
        String str2 = MODE;
        if (bArr2 != null) {
            str2 = "/CBC/PKCS7Padding";
        }
        if (!AlgorithmConst.isGroup(str)) {
            str2 = null;
        }
        NetSignAgentUtil.symmCipher(inputStream, outputStream, bArr, bArr2, str, str2, 1);
    }

    private static void decryptStream(String str, InputStream inputStream, OutputStream outputStream, byte[] bArr, byte[] bArr2) throws Exception {
        if (str.toUpperCase().equals("SM4")) {
            NetSignAgentUtil.symmCipherSM4(inputStream, outputStream, bArr, bArr2, SM4ECB.DEC_MOD);
            return;
        }
        String str2 = MODE;
        if (bArr2 != null) {
            str2 = "/CBC/PKCS7Padding";
        }
        if (!AlgorithmConst.isGroup(str)) {
            str2 = null;
        }
        NetSignAgentUtil.symmCipher(inputStream, outputStream, bArr, bArr2, str, str2, 2);
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    private static byte[][] decryptKeyIv(byte[] bArr, byte[] bArr2, int i) throws NetSignAgentException {
        DERSegment dERSegment = new DERSegment(bArr);
        byte[] innerData = dERSegment.getInnerData();
        dERSegment.setIndex(innerData.length + dERSegment.getDERHead().getLengthOfHead());
        byte[] innerData2 = dERSegment.nextDERSegment().getInnerData();
        byte[] bArr3 = new byte[i];
        if (SM2.decrypt(innerData2, bArr2, bArr3)) {
            return new byte[]{innerData, bArr3};
        }
        throw new NetSignAgentException(ErrorInfoRes.DECRYPT_KEY_EXCEPTION_ERROR, "decrypt session key error");
    }

    public byte[] tobaccoMakeEnvelope(byte[] bArr, String str, X509Certificate x509Certificate, byte[] bArr2, String str2) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.MAKE_ENVELOPE_V2);
        createMessage.setPlainText(bArr);
        createMessage.setCert(x509Certificate);
        createMessage.setEncCertDN(str);
        createMessage.setKeyHash(bArr2);
        createMessage.setSymmetricalAlg(str2 == null ? null : str2.length() == 0 ? null : str2.toUpperCase());
        if (x509Certificate != null) {
            createMessage.setTransCert(true);
        }
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("tobaccoMakeEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("tobaccoMakeEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        return sendMsg.getCryptoText();
    }

    public byte[] tobaccoDecryptEnvelope(byte[] bArr, byte[] bArr2) throws NetSignAgentException {
        NSMessage createMessage = NetSignAgentUtil.createMessage(TransUtil.DECRYPT_ENVELOPE_V2);
        createMessage.setCryptoText(bArr);
        createMessage.setKeyHash(bArr2);
        NSMessageOpt sendMsg = sendMsg(createMessage);
        if (sendMsg == null) {
            logString("tobaccoDecryptEnvelope{connect to server failed}");
            throw new NetSignAgentException(AgentErrorRes.RECV_MSG_ERROR, "receive response failed");
        }
        int result = sendMsg.getResult();
        String errMsg = sendMsg.getErrMsg();
        logString("tobaccoDecryptEnvelope{returnCode:" + result + "}");
        if (result != 1) {
            throw new NetSignAgentException(result, errMsg);
        }
        return sendMsg.getPlainText();
    }
}
