package com.redshield.ebl;

import cn.com.syan.jce.exception.EblHsmException;
import cn.com.syan.sdfapi.DCUtil;
import cn.com.syan.utils.BCECUtil;
import cn.com.syan.utils.CertificateUtil;
import cn.com.syan.utils.EnvelopedData;
import cn.com.syan.utils.PKCS12Util;
import cn.com.syan.utils.PKCSObjectIdentifiers;
import cn.com.syan.utils.RSAsn1Utils;
import cn.com.syan.utils.SM2Signer;
import cn.com.syan.utils.SM2Util;
import cn.com.syan.utils.SM4Util;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.json.JSONObject;

/* loaded from: input_file:com/redshield/ebl/SSM.class */
public class SSM extends EblHsmEx {
    private static String storePath;

    @Override // com.redshield.ebl.EblHsmEx
    public String genLicenseCode(String str) {
        return null;
    }

    @Override // com.redshield.ebl.EblHsmEx
    public int writeLicenseCode(String str) {
        return 0;
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sealEnvelope(String str, String str2) {
        byte[] decode = Base64.getDecoder().decode(str);
        byte[] decode2 = Base64.getDecoder().decode(str2);
        Certificate certificate = Certificate.getInstance(decode);
        ASN1Integer aSN1Integer = new ASN1Integer(1L);
        byte[] bArr = new byte[0];
        try {
            byte[] generateKey = SM4Util.generateKey();
            return Base64.getEncoder().encodeToString(new ContentInfo(PKCSObjectIdentifiers.PKCS7_EnvelopedDATA, new EnvelopedData(aSN1Integer, createRecipientInfos(certificate, generateKey), createEncryptedContentInfo(decode2, generateKey, SM4Util.generateKey()))).toASN1Primitive().getEncoded("DER"));
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String generateCSR(String str, int i) {
        try {
            CertificationRequestInfo certificationRequestInfo = new CertificationRequestInfo(new X500Name(str), Certificate.getInstance(getCertificate(i).getEncoded()).getSubjectPublicKeyInfo(), (ASN1Set) null);
            return Base64.getEncoder().encodeToString(new PKCS10CertificationRequest(new CertificationRequest(certificationRequestInfo, new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.501")), new DERBitString(Base64.getDecoder().decode(sign(i, certificationRequestInfo.getEncoded()))))).getEncoded());
        } catch (IOException | CertificateEncodingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String openEnvelope(int i, String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        byte[] privateKey = getPrivateKey(i);
        EnvelopedData envelopedData = EnvelopedData.getInstance(ContentInfo.getInstance(ASN1Sequence.getInstance(decode)).getContent());
        byte[] octets = KeyTransRecipientInfo.getInstance(RecipientInfo.getInstance(envelopedData.getRecipientInfos().getObjectAt(0)).getInfo()).getEncryptedKey().getOctets();
        byte[] bArr = new byte[0];
        try {
            return Base64.getEncoder().encodeToString(SM4Util.decrypt_CBC_Padding(SM2Util.decrypt(BCECUtil.convertPKCS8ToECPrivateKey(privateKey), SM2Util.decodeDERSM2Cipher(octets)), envelopedData.getEncryptedContentInfo().getContentEncryptionAlgorithm().getParameters().getOctets(), envelopedData.getEncryptedContentInfo().getEncryptedContent().getOctets()));
        } catch (Exception e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] internalCipher(int i, int i2, String str, byte[] bArr, byte[] bArr2) {
        int i3 = 1;
        if (i == 1) {
            i3 = 2;
        }
        try {
            return generateCBCCipher(str, i3, getSymKey(i2), bArr).doFinal(bArr2);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    @Override // com.redshield.ebl.EblHsmEx
    public byte[][] internalBatchCipher(int i, int i2, String str, byte[][] bArr, byte[][] bArr2) {
        return new byte[0];
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] internalMAC(int i, String str, byte[] bArr) {
        return Base64.getDecoder().decode(hmac(getSymKey(i), str, bArr));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String hmac(byte[] bArr, String str, byte[] bArr2) {
        return Base64.getEncoder().encodeToString(hmacBytes(bArr, str, bArr2));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] hmacBytes(byte[] bArr, String str, byte[] bArr2) {
        if (!str.equalsIgnoreCase("HmacSM3")) {
            throw new EblHsmException("不支持的算法");
        }
        SM3Digest sM3Digest = new SM3Digest();
        HMac hMac = new HMac(sM3Digest);
        hMac.init(new KeyParameter(bArr));
        hMac.update(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[sM3Digest.getDigestSize()];
        hMac.doFinal(bArr3, 0);
        return bArr3;
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] generateRandom(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm3(byte[] bArr) {
        return Base64.getEncoder().encodeToString(sm3Bytes(bArr));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm3Bytes(byte[] bArr) {
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm3WithPubkey(byte[] bArr, PublicKey publicKey) {
        return Base64.getEncoder().encodeToString(sm3WithPubkeyBytes(bArr, publicKey));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm3WithPubkeyBytes(byte[] bArr, PublicKey publicKey) {
        try {
            CipherParameters parametersWithRandom = new ParametersWithRandom(BCECUtil.convertPublicKeyToParameters(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded())), new SecureRandom());
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(true, false, parametersWithRandom);
            sM2Signer.update(bArr);
            return sM2Signer.digestDoFinal();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm3WithCert(byte[] bArr, String str) {
        try {
            return sm3WithPubkey(bArr, CertificateUtil.buildX509Certificate(str).getPublicKey());
        } catch (CertificateException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm3WithCertBytes(byte[] bArr, String str) {
        try {
            return sm3WithPubkeyBytes(bArr, CertificateUtil.buildX509Certificate(str).getPublicKey());
        } catch (CertificateException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm3WithPubkey(byte[] bArr, String str) {
        return sm3WithCert(bArr, str);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm3WithPubkeyBytes(byte[] bArr, String str) {
        return sm3WithCertBytes(bArr, str);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm4EcbEncrypt(byte[] bArr, byte[] bArr2) {
        try {
            return Base64.getEncoder().encodeToString(SM4Util.encrypt_ECB_Padding(bArr, bArr2));
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4EcbEncryptBytes(byte[] bArr, byte[] bArr2) {
        try {
            return SM4Util.encrypt_ECB_Padding(bArr, bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4EcbDecrypt(byte[] bArr, String str) {
        return sm4EcbDecrypt(bArr, Base64.getDecoder().decode(str));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4EcbDecrypt(byte[] bArr, byte[] bArr2) {
        try {
            return SM4Util.decrypt_ECB_Padding(bArr, bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sm4CbcEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            return Base64.getEncoder().encodeToString(SM4Util.encrypt_CBC_Padding(bArr, bArr2, bArr3));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4CbcEncryptBytes(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            return SM4Util.encrypt_CBC_Padding(bArr, bArr2, bArr3);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4CbcDecrypt(byte[] bArr, byte[] bArr2, String str) {
        return sm4CbcDecrypt(bArr, bArr2, Base64.getDecoder().decode(str));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] sm4CbcDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            return SM4Util.decrypt_CBC_Padding(bArr, bArr2, bArr3);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] cipher(String str, int i, int i2, int i3, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return new byte[0];
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String signDigest(int i, String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        try {
            CipherParameters parametersWithRandom = new ParametersWithRandom(BCECUtil.convertPrivateKeyToParameters(BCECUtil.convertPKCS8ToECPrivateKey(getPrivateKey(i))), new SecureRandom());
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(true, true, parametersWithRandom);
            sM2Signer.update(decode);
            return Base64.getEncoder().encodeToString(sM2Signer.generateSignature());
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | CryptoException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signDigest(int i, byte[] bArr) {
        try {
            CipherParameters parametersWithRandom = new ParametersWithRandom(BCECUtil.convertPrivateKeyToParameters(BCECUtil.convertPKCS8ToECPrivateKey(getPrivateKey(i))), new SecureRandom());
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(true, true, parametersWithRandom);
            sM2Signer.update(bArr);
            return sM2Signer.generateSignature();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | CryptoException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signDigestWithoutCheckPin(int i, byte[] bArr) {
        return signDigestRS(i, bArr);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String signDigestRS(int i, String str) {
        return Base64.getEncoder().encodeToString(RSAsn1Utils.rsAsn1ToPlainByteArray(Base64.getDecoder().decode(signDigest(i, str))));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signDigestRS(int i, byte[] bArr) {
        return RSAsn1Utils.rsAsn1ToPlainByteArray(signDigest(i, bArr));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String signDigestAsn1(int i, String str) {
        return signDigest(i, str);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signDigestAsn1(int i, byte[] bArr) {
        return signDigest(i, bArr);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String sign(int i, byte[] bArr) {
        return Base64.getEncoder().encodeToString(signBytes(i, bArr));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signBytes(int i, byte[] bArr) {
        try {
            CipherParameters parametersWithRandom = new ParametersWithRandom(BCECUtil.convertPrivateKeyToParameters(BCECUtil.convertPKCS8ToECPrivateKey(getPrivateKey(i))), new SecureRandom());
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(true, false, parametersWithRandom);
            sM2Signer.update(bArr);
            return sM2Signer.generateSignature();
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | CryptoException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String signAsn1(int i, byte[] bArr) {
        return sign(i, bArr);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signAsn1Bytes(int i, byte[] bArr) {
        return signBytes(i, bArr);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String signRS(int i, byte[] bArr) {
        return Base64.getEncoder().encodeToString(signRSBytes(i, bArr));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] signRSBytes(int i, byte[] bArr) {
        return RSAsn1Utils.rsAsn1ToPlainByteArray(Base64.getDecoder().decode(sign(i, bArr)));
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySignDigest(String str, String str2, String str3) {
        try {
            return verifySignDigest(CertificateUtil.buildX509Certificate(str).getPublicKey(), str2, str3);
        } catch (CertificateException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySignDigest(PublicKey publicKey, String str, String str2) {
        byte[] decode = Base64.getDecoder().decode(str2);
        byte[] decode2 = Base64.getDecoder().decode(str);
        if (decode2.length == 128) {
            decode2 = RSAsn1Utils.rsPlainByteArrayToAsn1(decode2);
        }
        try {
            CipherParameters convertPublicKeyToParameters = BCECUtil.convertPublicKeyToParameters(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded()));
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(false, true, convertPublicKeyToParameters);
            sM2Signer.update(decode);
            return sM2Signer.verifySignature(decode2);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySignDigest(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        if (bArr.length == 128) {
            bArr = RSAsn1Utils.rsPlainByteArrayToAsn1(bArr);
        }
        try {
            CipherParameters convertPublicKeyToParameters = BCECUtil.convertPublicKeyToParameters(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded()));
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(false, true, convertPublicKeyToParameters);
            sM2Signer.update(bArr2);
            return sM2Signer.verifySignature(bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySign(String str, String str2, byte[] bArr) {
        try {
            return verifySign(CertificateUtil.buildX509Certificate(str).getPublicKey(), str2, bArr);
        } catch (CertificateException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySign(String str, byte[] bArr, byte[] bArr2) {
        try {
            return verifySign(CertificateUtil.buildX509Certificate(str).getPublicKey(), bArr, bArr2);
        } catch (CertificateException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySign(PublicKey publicKey, String str, byte[] bArr) {
        return verifySign(publicKey, Base64.getDecoder().decode(str), bArr);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public boolean verifySign(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        if (bArr.length == 128) {
            bArr = RSAsn1Utils.rsPlainByteArrayToAsn1(bArr);
        }
        try {
            CipherParameters convertPublicKeyToParameters = BCECUtil.convertPublicKeyToParameters(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded()));
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(false, false, convertPublicKeyToParameters);
            sM2Signer.update(bArr2);
            return sM2Signer.verifySignature(bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String encryptEcc(PublicKey publicKey, String str) {
        try {
            return Base64.getEncoder().encodeToString(SM2Util.encrypt(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded()), Base64.getDecoder().decode(str)));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidCipherTextException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] encryptEcc(PublicKey publicKey, byte[] bArr) {
        try {
            return SM2Util.encrypt(BCECUtil.convertX509ToECPublicKey(publicKey.getEncoded()), bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidCipherTextException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public String decryptEcc(int i, String str) {
        try {
            return Base64.getEncoder().encodeToString(SM2Util.decrypt(BCECUtil.convertPKCS8ToECPrivateKey(getPrivateKey(i)), Base64.getDecoder().decode(str)));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | CryptoException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] decryptEcc(int i, byte[] bArr) {
        try {
            return SM2Util.decrypt(BCECUtil.convertPKCS8ToECPrivateKey(getPrivateKey(i)), bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | CryptoException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public PublicKey exportPublicKey(int i, boolean z) {
        return getCertificate(i).getPublicKey();
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] internalCMAC(int i, String str, byte[] bArr, byte[] bArr2) {
        return CMAC(getSymKey(i), str, bArr, bArr2);
    }

    @Override // com.redshield.ebl.EblHsmEx
    public byte[] CMAC(byte[] bArr, String str, byte[] bArr2, byte[] bArr3) {
        try {
            byte[] doFinal = generateCBCCipher(str, 1, bArr, bArr2).doFinal(bArr3);
            byte[] bArr4 = new byte[16];
            System.arraycopy(doFinal, doFinal.length - 16, bArr4, 0, 16);
            return bArr4;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    @Override // com.redshield.ebl.EblHsmEx
    public void free() {
    }

    private X509Certificate getCertificate(int i) {
        try {
            X509Certificate x509Certificate = new PKCS12Util(Files.readAllBytes(Paths.get(storePath, i + ".p12")), "").getX509Certificate();
            if (x509Certificate == null) {
                throw new EblHsmException("解析p12错误");
            }
            return x509Certificate;
        } catch (IOException e) {
            throw new EblHsmException("p12文件路径错误");
        } catch (CertificateException | PKCSException e2) {
            throw new EblHsmException("解析p12错误");
        }
    }

    private byte[] getPrivateKey(int i) {
        try {
            return new PKCS12Util(Files.readAllBytes(Paths.get(storePath, i + ".p12")), "").getPrivateKey();
        } catch (IOException | CertificateException | PKCSException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    private byte[] getSymKey(int i) {
        try {
            byte[] hexStr2Bytes = DCUtil.hexStr2Bytes(new String(Files.readAllBytes(Paths.get(storePath, i + ".key"))));
            if (hexStr2Bytes.length == 0) {
                throw new EblHsmException("对称密钥不存在");
            }
            return hexStr2Bytes;
        } catch (IOException e) {
            throw new EblHsmException(e.getMessage());
        }
    }

    private Cipher generateCBCCipher(String str, int i, byte[] bArr, byte[] bArr2) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance(str, "BC");
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, SM4Util.ALGORITHM_NAME);
        if (bArr2 != null) {
            cipher.init(i, secretKeySpec, new IvParameterSpec(bArr2));
        } else {
            cipher.init(i, secretKeySpec);
        }
        return cipher;
    }

    private static ASN1Set createRecipientInfos(Certificate certificate, byte[] bArr) throws Exception {
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getValue());
        return new DERSet(new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), new AlgorithmIdentifier(PKCSObjectIdentifiers.SM2_3PublicKeyEncryption, (ASN1Encodable) null), new DEROctetString(SM2Util.encodeSM2CipherToDER(SM2Util.encrypt(BCECUtil.convertX509ToECPublicKey(((X509Certificate) new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(certificate.getEncoded()))).getPublicKey().getEncoded()), bArr))))));
    }

    private static EncryptedContentInfo createEncryptedContentInfo(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        try {
            return new EncryptedContentInfo(PKCSObjectIdentifiers.PKCS7DATA, new AlgorithmIdentifier(PKCSObjectIdentifiers.SM4_CBC, new DEROctetString(bArr3)), new DEROctetString(SM4Util.encrypt_CBC_Padding(bArr2, bArr3, bArr)));
        } catch (SecurityException e) {
            throw new Exception("Create RecipientInfos error!", e);
        }
    }

    static {
        storePath = null;
        Security.addProvider(new BouncyCastleProvider());
        String str = System.getenv("SSMCLI_CONF_PATH");
        if (str == null || str.isEmpty()) {
            storePath = Paths.get(System.getProperty("user.home"), "myStore").toString();
            return;
        }
        try {
            String str2 = new String(Files.readAllBytes(Paths.get(str, new String[0])));
            if (!str2.isEmpty()) {
                storePath = new JSONObject(str2).getString("storePath");
                if (storePath == null || storePath.isEmpty()) {
                    throw new EblHsmException("获取软件实现库失败");
                }
            }
        } catch (IOException e) {
            throw new EblHsmException("获取软件实现库失败");
        }
    }
}
