package com.alipay.mychain.sdk.crypto.envelope;

import com.alipay.mychain.sdk.crypto.AlgoIdEnum;
import com.alipay.mychain.sdk.crypto.cipher.SM4CbcPkeyCipherV1;
import com.alipay.mychain.sdk.crypto.hash.HashFactory;
import com.alipay.mychain.sdk.crypto.hash.HashTypeEnum;
import com.alipay.mychain.sdk.crypto.keypair.KeyTypeEnum;
import com.alipay.mychain.sdk.crypto.keypair.Keypair;
import com.alipay.mychain.sdk.crypto.pkeycipher.PkeyCipherBase;
import com.alipay.mychain.sdk.crypto.pkeycipher.SM2PkeyCipherV1;
import com.alipay.mychain.sdk.errorcode.ErrorCode;
import com.alipay.mychain.sdk.exception.MychainSdkException;
import java.io.ByteArrayOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:com/alipay/mychain/sdk/crypto/envelope/SM2EnvelopSGX.class */
public class SM2EnvelopSGX implements EnvelopeBase {
    private List<PkeyCipherBase> pubkeyList;
    private PkeyCipherBase privkey;

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public AlgoIdEnum getAlgo() {
        return AlgoIdEnum.ENVELOPE_SM2_LOCAL_SGX;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public boolean isEncryptor() {
        return this.pubkeyList != null && this.pubkeyList.size() > 0;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public boolean isDecryptor() {
        return this.privkey != null;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPkeyCipherList(List<PkeyCipherBase> list) {
        if (list == null || list.size() == 0) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "public keys should not empty");
        }
        this.pubkeyList = new ArrayList();
        for (PkeyCipherBase pkeyCipherBase : list) {
            if (pkeyCipherBase.getAlgo() != AlgoIdEnum.PKEY_CIPHER_SM2_LOCAL_V1) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
            }
            if (!pkeyCipherBase.isEncryptor()) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public key");
            }
            this.pubkeyList.add(pkeyCipherBase);
        }
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPubkeyList(List<Keypair> list) {
        if (list == null || list.size() == 0) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "public keys should not empty");
        }
        this.pubkeyList = new ArrayList();
        for (Keypair keypair : list) {
            if (keypair.getType() != KeyTypeEnum.KEY_SM2_PKCS8) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
            }
            if (!keypair.isPubkey()) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public key");
            }
            this.pubkeyList.add(new SM2PkeyCipherV1(keypair));
        }
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPrivkey(Keypair keypair) {
        if (keypair == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "keypair should not null");
        }
        if (keypair.getType() != KeyTypeEnum.KEY_SM2_PKCS8) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
        }
        if (!keypair.isPrivkey()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        this.privkey = new SM2PkeyCipherV1(keypair);
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public void setPrivkey(PkeyCipherBase pkeyCipherBase) {
        if (pkeyCipherBase == null) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "pkeyCipher should not null");
        }
        if (pkeyCipherBase.getAlgo() != AlgoIdEnum.PKEY_CIPHER_SM2_LOCAL_V1) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid keypair type!");
        }
        if (!pkeyCipherBase.isDecryptor()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PRIVATE_KEY, "no private key");
        }
        this.privkey = pkeyCipherBase;
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public byte[] envelopeSeal(byte[] bArr, byte[] bArr2) {
        if (!isEncryptor()) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PUBLIC_KEY, "no public keys");
        }
        byte[] bArr3 = new byte[16];
        if (bArr2 != null) {
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        }
        SM4CbcPkeyCipherV1 sM4CbcPkeyCipherV1 = new SM4CbcPkeyCipherV1(bArr3);
        byte[] hash = HashFactory.getHash(HashTypeEnum.SM3).hash(bArr3);
        byte[] bArr4 = new byte[16];
        System.arraycopy(hash, 0, bArr4, 0, 16);
        KeyParameter keyParameter = new KeyParameter(bArr4);
        HMac hMac = new HMac(new SM3Digest());
        hMac.init(keyParameter);
        hMac.update(bArr, 0, bArr.length);
        byte[] bArr5 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr5, 0);
        byte[] bArr6 = new byte[32 + bArr.length];
        System.arraycopy(bArr5, 0, bArr6, 0, 32);
        System.arraycopy(bArr, 0, bArr6, 32, bArr.length);
        byte[] encrypt = sM4CbcPkeyCipherV1.encrypt(bArr6);
        int size = this.pubkeyList.size();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write((byte) (size & 3));
        byteArrayOutputStream.write(32);
        Iterator<PkeyCipherBase> it = this.pubkeyList.iterator();
        while (it.hasNext()) {
            byte[] encrypt2 = it.next().encrypt(bArr3);
            byteArrayOutputStream.write(encrypt2, 6, encrypt2.length - 6);
        }
        byteArrayOutputStream.write(encrypt, 2, encrypt.length - 2);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.alipay.mychain.sdk.crypto.envelope.EnvelopeBase
    public byte[] envelopeOpen(byte[] bArr, byte[] bArr2) {
        int i = bArr[0] & 3;
        if (i != 1) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid ciphertext public key length");
        }
        if (bArr[1] != 32) {
            throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "invalid ciphertext");
        }
        int i2 = 2;
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 < i; i3++) {
            int i4 = bArr[i2 + 1] & 255;
            byte[] bArr3 = new byte[8 + i4];
            System.arraycopy(AlgoIdEnum.PKEY_CIPHER_SM2_LOCAL_V1.toBytes(), 0, bArr3, 0, 2);
            System.arraycopy(bArr, i2, bArr3, 6, 2 + i4);
            arrayList.add(bArr3);
            i2 += 2 + i4;
        }
        byte[] bArr4 = new byte[bArr.length - i2];
        System.arraycopy(bArr, i2, bArr4, 0, bArr.length - i2);
        byte[] bArr5 = new byte[bArr4.length + 2];
        System.arraycopy(AlgoIdEnum.CIPHER_SM4_CBC_LOCAL_V1.toBytes(), 0, bArr5, 0, 2);
        System.arraycopy(bArr4, 0, bArr5, 2, bArr4.length);
        if (bArr2 != null) {
            byte[] bArr6 = new byte[16];
            if (bArr2 != null) {
                System.arraycopy(bArr2, 0, bArr6, 0, bArr2.length);
            }
            return valid(bArr6, bArr5);
        }
        byte[] bArr7 = null;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            bArr7 = this.privkey.decrypt((byte[]) it.next());
        }
        return valid(bArr7, bArr5);
    }

    private byte[] valid(byte[] bArr, byte[] bArr2) {
        byte[] decrypt = new SM4CbcPkeyCipherV1(bArr).decrypt(bArr2);
        byte[] bArr3 = new byte[decrypt.length - 32];
        System.arraycopy(decrypt, 32, bArr3, 0, bArr3.length);
        byte[] bArr4 = new byte[16];
        System.arraycopy(HashFactory.getHash(HashTypeEnum.SM3).hash(bArr), 0, bArr4, 0, 16);
        KeyParameter keyParameter = new KeyParameter(bArr4);
        HMac hMac = new HMac(new SM3Digest());
        hMac.init(keyParameter);
        hMac.update(bArr3, 0, bArr3.length);
        byte[] bArr5 = new byte[hMac.getMacSize()];
        hMac.doFinal(bArr5, 0);
        for (int i = 0; i < 32; i++) {
            if (bArr5[i] != decrypt[i]) {
                throw new MychainSdkException(ErrorCode.SDK_INVALID_PARAMETER, "mac not matched");
            }
        }
        return bArr3;
    }

    public static void main(String[] strArr) {
        SM2PkeyCipherV1 sM2PkeyCipherV1 = new SM2PkeyCipherV1(new Keypair(Hex.decode("000304eb30c7f3b9f5040f4b312808243a3701e0aacca8e8edc47cbbccaac2bb74f18f95db638f00161f7f599c10baa06086305fa5505d386816f18d20e79bc72a579a"), Hex.decode("0003d63953535f94f45a31411d58e2f5e1acd5b7dc9fa0bed291722e8d534de0b45c")));
        ArrayList arrayList = new ArrayList();
        arrayList.add(sM2PkeyCipherV1);
        SM2EnvelopSGX sM2EnvelopSGX = new SM2EnvelopSGX();
        sM2EnvelopSGX.setPkeyCipherList(arrayList);
        sM2EnvelopSGX.setPrivkey(sM2PkeyCipherV1);
        System.out.println(Hex.toHexString(sM2EnvelopSGX.envelopeOpen(sM2EnvelopSGX.envelopeSeal(Hex.decode("7f15db08b8f9c3d8d6601091dfaa986285e52faa2a88f9a27f7ec44f5012e11868656c6c6f20776f726c64"), Hex.decode("aafb784a6e1eae15f789d510c5fb743a")), null)));
    }
}
