package com.alipay.mychain.sdk.tools.keypair;

import com.alipay.mychain.sdk.exceptions.MychainSdkException;
import com.alipay.mychain.sdk.exceptions.errorcode.MychainSdkErrorCodeEnum;
import com.alipay.mychain.sdk.tools.hash.SHA256HashTool;
import com.alipay.mychain.sdk.tools.log.LoggerFactory;
import java.security.KeyFactory;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:BOOT-INF/lib/mychainx-sdk-1.0.5.2.jar:com/alipay/mychain/sdk/tools/keypair/RSAKeypair.class */
public class RSAKeypair {
    protected static final int SGX_IV_LEN = 12;
    protected static final int SGX_AUTHTAG_LEN = 16;
    protected static final String ALGORITHM = "RSA";

    public static byte[] openSGX(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            if (bArr2 == null || bArr2.length < 2) {
                LoggerFactory.getLogger().error("invalid cipher text");
                return null;
            }
            int i = (bArr2[0] << 8) + bArr2[1];
            int i2 = 2 + (i * 256);
            int length = (bArr2.length - i2) - 28;
            if (i == 0 || length <= 0) {
                LoggerFactory.getLogger().error("invalid cipher text, need at least " + (i2 + 29) + "bytes");
                return null;
            }
            byte[] copyOfRange = Arrays.copyOfRange(bArr2, i2, i2 + 12);
            byte[] bArr4 = new byte[length + 16];
            System.arraycopy(bArr2, i2 + 28, bArr4, 0, length);
            System.arraycopy(bArr2, i2 + 12, bArr4, length, 16);
            if (bArr3 == null) {
                for (int i3 = 0; i3 < i; i3++) {
                    try {
                        byte[] copyOfRange2 = Arrays.copyOfRange(bArr2, 2 + (i3 * 256), 2 + (i3 * 256) + 256);
                        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance(ALGORITHM, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(bArr));
                        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", BouncyCastleProvider.PROVIDER_NAME);
                        cipher.init(2, rSAPrivateKey);
                        bArr3 = cipher.doFinal(copyOfRange2);
                        break;
                    } catch (Exception e) {
                        if (i3 == i - 1) {
                            LoggerFactory.getLogger().error("no matching encrypted skey");
                            return null;
                        }
                    }
                }
            }
            if (bArr3 == null || bArr3.length != 16) {
                LoggerFactory.getLogger().error("no matching encrypted skey");
                return null;
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, "AES");
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding", BouncyCastleProvider.PROVIDER_NAME);
            cipher2.init(2, secretKeySpec, new GCMParameterSpec(128, copyOfRange));
            return cipher2.doFinal(bArr4);
        } catch (Exception e2) {
            LoggerFactory.getLogger().error(e2.getMessage(), e2);
            return null;
        }
    }

    public static byte[] sealSGXWithPassword(List<byte[]> list, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return sealSGX(list, bArr, generatePassword(bArr2, bArr3));
    }

    public static byte[] generatePassword(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length == 0 || bArr2 == null || bArr2.length == 0) {
            throw new MychainSdkException(MychainSdkErrorCodeEnum.SDK_INVALID_PARAMETER, "secretKey should not be null.");
        }
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        byte[] hash = SHA256HashTool.getInstance().hash(bArr3);
        byte[] bArr4 = new byte[16];
        System.arraycopy(hash, 0, bArr4, 0, bArr4.length);
        return bArr4;
    }

    public static byte[] openSGXWithPassword(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return openSGX(null, bArr, generatePassword(bArr2, bArr3));
    }

    public static byte[] sealSGX(List<byte[]> list, byte[] bArr, byte[] bArr2) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            Random random = new Random();
            int size = list.size();
            if (size > 65535) {
                LoggerFactory.getLogger().error("too many public keys");
                return null;
            }
            if (bArr2 == null) {
                bArr2 = new byte[16];
                random.nextBytes(bArr2);
            } else if (bArr2.length != 16) {
                LoggerFactory.getLogger().error("invalid secret_key");
                return null;
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", BouncyCastleProvider.PROVIDER_NAME);
            byte[] bArr3 = new byte[12];
            random.nextBytes(bArr3);
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr3));
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] copyOfRange = Arrays.copyOfRange(doFinal, 0, doFinal.length - 16);
            byte[] copyOfRange2 = Arrays.copyOfRange(doFinal, copyOfRange.length, doFinal.length);
            byte[] bArr4 = new byte[2 + (size * 256) + bArr3.length + copyOfRange2.length + copyOfRange.length];
            KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
            int i = 0;
            Iterator<byte[]> it = list.iterator();
            while (it.hasNext()) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(it.next()));
                Cipher cipher2 = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", BouncyCastleProvider.PROVIDER_NAME);
                cipher2.init(1, rSAPublicKey);
                System.arraycopy(cipher2.doFinal(bArr2), 0, bArr4, 2 + (i * 256), 256);
                i++;
            }
            bArr4[0] = (byte) ((size >> 8) & 255);
            bArr4[1] = (byte) (size & 255);
            System.arraycopy(bArr3, 0, bArr4, 2 + (size * 256), bArr3.length);
            System.arraycopy(copyOfRange2, 0, bArr4, 2 + (size * 256) + bArr3.length, copyOfRange2.length);
            System.arraycopy(copyOfRange, 0, bArr4, 2 + (size * 256) + bArr3.length + copyOfRange2.length, copyOfRange.length);
            return bArr4;
        } catch (Exception e) {
            LoggerFactory.getLogger().error(e.getMessage(), e);
            return null;
        }
    }

    public static byte[] decryptOutput(byte[] bArr, byte[] bArr2) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        byte[] bArr3 = new byte[bArr2.length];
        System.arraycopy(bArr2, bArr2.length - 28, bArr3, 0, 12);
        System.arraycopy(bArr2, 0, bArr3, 12, bArr2.length - 28);
        System.arraycopy(bArr2, bArr2.length - 16, bArr3, bArr2.length - 16, 16);
        cipher.init(2, new SecretKeySpec(bArr, "AES"), new GCMParameterSpec(128, bArr3, 0, 12));
        return cipher.doFinal(bArr3, 12, bArr3.length - 12);
    }
}
