package cn.org.bjca.signet.component.core.utils;

import android.content.Context;
import android.os.Handler;
import android.security.keystore.KeyGenParameterSpec;
import cn.org.bjca.mssp.clientalg.util.ASymUtil;
import cn.org.bjca.mssp.clientalg.util.CipherUtil;
import cn.org.bjca.mssp.clientalg.util.EncodeUtil;
import cn.org.bjca.mssp.clientalg.util.SEMSM2Util;
import cn.org.bjca.mssp.clientalg.util.SymKeyUtil;
import cn.org.bjca.mssp.msspjce.jce.provider.MSSPProvider;
import cn.org.bjca.signet.component.core.bean.params.CertParamRsa;
import cn.org.bjca.signet.component.core.bean.params.CertParamSm2;
import cn.org.bjca.signet.component.core.bean.params.CertPolicy;
import cn.org.bjca.signet.component.core.bean.params.RsaP10ParamBean;
import cn.org.bjca.signet.component.core.bean.params.SignDataInfos;
import cn.org.bjca.signet.component.core.bean.params.Sm2P10ParamBean;
import cn.org.bjca.signet.component.core.database.CoreDataBaseDao;
import cn.org.bjca.signet.component.core.database.DataBaseConsts;
import cn.org.bjca.signet.component.core.exceptions.SignetApiException;
import cn.org.bjca.signet.component.core.interfaces.CoreConstsInterface;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class CalculateUtil implements CoreConstsInterface.CertPolicyConst {
    public static final int RANDOM_LEN = 32;
    private static final int RANDOM_PIN_LENGTH = 16;
    public static final String SPLIT = "#";
    private static final String SYMALG = "SM4/CBC/PKCS5Padding";
    private static final String SYMKEYALG = "SM4";
    private static byte[] initSeed = null;
    private static byte[] initVector = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0};

    static {
        Security.addProvider(new MSSPProvider());
    }

    private static byte[] calcSecret(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[bArr.length + bArr2.length + bArr3.length];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr4, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr4, bArr.length + bArr2.length, bArr3.length);
        return str.contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) ? CipherUtil.hash(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1, bArr4) : SEMSM2Util.generateSM2PublicKeyPoint(CipherUtil.hash(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1, bArr4));
    }

    private static byte[] calcSecretFactor(String str, byte[] bArr) throws SignetApiException {
        try {
            return SymKeyUtil.encryptByOTP(str.getBytes(), bArr);
        } catch (Exception e) {
            throw new SignetApiException(e.getMessage());
        }
    }

    private static String clientSign(Context context, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws SignetApiException {
        byte[] combileRSASign;
        byte[] base64Decode = str5.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.DATA_TYPE_HASH) ? StringUtil.base64Decode(str6) : CipherUtil.hash(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1, StringUtil.base64Decode(str6));
        if (str4.contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
            try {
                combileRSASign = ASymUtil.combileRSASign(ASymUtil.semSign(str4, str3.getBytes(), StringUtil.base64Decode(str8), base64Decode), StringUtil.base64Decode(str7), StringUtil.base64Decode(str8));
            } catch (Exception e) {
                throw new SignetApiException(e.getMessage());
            }
        } else {
            String[] split = str7.split(";");
            combileRSASign = SEMSM2Util.clientSemSign(split[0].getBytes(), split[1].getBytes(), split[2].getBytes(), regainClientSecret(context, str, str3, str2), StringUtil.base64Decode(str8));
        }
        return StringUtil.base64Encode(combileRSASign);
    }

    public static void genP10withPolicy(Context context, String str, String str2, Map<String, String> map, CertPolicy certPolicy, Map<String, String> map2) throws SignetApiException {
        String info2 = CoreDataBaseDao.getDaoInstance(context).getInfo(str, DataBaseConsts._RANDOM_PIN);
        if (StringUtil.isEmpty(info2)) {
            info2 = generateRandom(16);
            CoreDataBaseDao.getDaoInstance(context).updateInfo(str, DataBaseConsts._RANDOM_PIN, info2);
        }
        String str3 = certPolicy.getUsePINPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_USE_PIN) ? str2 : info2;
        if (certPolicy.getAlgoPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
            RsaP10ParamBean rsaP10ParamBean = (RsaP10ParamBean) JsonUtil.json2Object(map.get(certPolicy.getId()), RsaP10ParamBean.class);
            map2.put(certPolicy.getId(), generateP10(rsaP10ParamBean.getRsaSignAlg(), rsaP10ParamBean.getRsaTBSCertReq(), clientSign(context, str, certPolicy.getSignType().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_SIGN_TYPE) ? DataBaseConsts._RSA_SIGN_RANDOM : DataBaseConsts._RSA_AUTH_RANDOM, str3, rsaP10ParamBean.getRsaSignAlg(), CoreConstsInterface.CertPolicyConst.DATA_TYPE_TEXT, rsaP10ParamBean.getRsaTBSCertReq(), rsaP10ParamBean.getRsaServerSign(), rsaP10ParamBean.getRsaPubKey())));
        } else if (certPolicy.getAlgoPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            Sm2P10ParamBean sm2P10ParamBean = (Sm2P10ParamBean) JsonUtil.json2Object(map.get(certPolicy.getId()), Sm2P10ParamBean.class);
            map2.put(certPolicy.getId(), generateP10(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2, sm2P10ParamBean.getSm2TBSCertReq(), clientSign(context, str, certPolicy.getSignType().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_SIGN_TYPE) ? DataBaseConsts._SM2_SIGN_RANDOM : DataBaseConsts._SM2_AUTH_RANDOM, str3, CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2, CoreConstsInterface.CertPolicyConst.DATA_TYPE_TEXT, sm2P10ParamBean.getSm2TBSCertReq(), sm2P10ParamBean.getSm2ServerSign(), sm2P10ParamBean.getSm2ServerPubKey())));
        }
    }

    public static void genParamsWithPolicy(Context context, String str, String str2, String str3, Map<String, String> map, CertPolicy certPolicy) throws SignetApiException {
        String info2 = CoreDataBaseDao.getDaoInstance(context).getInfo(str3, DataBaseConsts._RANDOM_PIN);
        if (StringUtil.isEmpty(info2)) {
            info2 = generateRandom(16);
            CoreDataBaseDao.getDaoInstance(context).updateInfo(str3, DataBaseConsts._RANDOM_PIN, info2);
        }
        if (!certPolicy.getUsePINPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_USE_PIN)) {
            str2 = info2;
        }
        if (certPolicy.getAlgoPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
            CertParamRsa certParamRsa = new CertParamRsa();
            certParamRsa.setEncPin(generateClientKey(context, str3, certPolicy.getSignType().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._RSA_AUTH_RANDOM : DataBaseConsts._RSA_SIGN_RANDOM, str, str2));
            map.put(certPolicy.getId(), StringUtil.base64Encode(JsonUtil.object2Json(certParamRsa).getBytes()));
        } else if (certPolicy.getAlgoPolicy().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            CertParamSm2 certParamSm2 = new CertParamSm2();
            String str4 = certPolicy.getSignType().equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._SM2_AUTH_RANDOM : DataBaseConsts._SM2_SIGN_RANDOM;
            certParamSm2.setSm2Parame(StringUtil.base64Encode(SEMSM2Util.calckG(StringUtil.base64Decode(generateRandom(32)))));
            certParamSm2.setSm2PubKey(generateClientKey(context, str3, str4, str, str2));
            map.put(certPolicy.getId(), StringUtil.base64Encode(JsonUtil.object2Json(certParamSm2).getBytes()));
        }
    }

    private static String generateClientKey(Context context, String str, String str2, String str3, String str4) throws SignetApiException {
        String deviceId = DeviceInfoUtil.getDeviceId(context);
        if (!StringUtil.isEmpty(ShareStoreUtil.getOldInfo(context, CoreConstsInterface.OldKeyConsts.OLD_KEY_SEED_RANDOM))) {
            deviceId = deviceId + "YWQ_SDK";
        }
        byte[] bytes = deviceId.getBytes();
        byte[] base64Decode = StringUtil.base64Decode(generateRandom(32));
        byte[] bytes2 = str4.getBytes();
        CoreDataBaseDao.getDaoInstance(context).updateInfo(str, str2, StringUtil.base64Encode(base64Decode));
        byte[] calcSecret = calcSecret(str2, bytes, base64Decode, bytes2);
        byte[] calcSecretFactor = str2.contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) ? calcSecretFactor(str3, calcSecret) : null;
        if (str2.contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            calcSecretFactor = calcSecretFactor(str3, SEMSM2Util.generateSM2PublicKeyPoint(calcSecret));
        }
        return StringUtil.base64Encode(calcSecretFactor);
    }

    public static void generateKey(Handler handler, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyStore.load(null);
            KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder("mytestkey" + str, 3);
            builder.setUserAuthenticationRequired(false);
            builder.setBlockModes("CBC");
            builder.setEncryptionPaddings("PKCS7Padding");
            keyGenerator.init(builder.build());
            keyGenerator.generateKey();
        } catch (Exception e) {
            AndroidUtil.handleException(new SignetApiException(e.getMessage()), handler);
        }
    }

    private static String generateP10(String str, String str2, String str3) throws SignetApiException {
        try {
            return StringUtil.base64Encode(str.contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) ? ASymUtil.packCertReq(StringUtil.base64Decode(str2), StringUtil.base64Decode(str3)) : SEMSM2Util.packCertReq(StringUtil.base64Decode(str2), StringUtil.base64Decode(str3)));
        } catch (Exception e) {
            throw new SignetApiException("Client Cipher Error");
        }
    }

    public static String generateRandom(int i) {
        return StringUtil.base64Encode(SymKeyUtil.GenRandomKey(i));
    }

    private static void initEncKeySeed(Context context) {
        String info2 = ShareStoreUtil.getInfo(context, ShareStoreUtil.SEED_RANDOM);
        String deviceId = DeviceInfoUtil.getDeviceId(context);
        if (!StringUtil.isEmpty(ShareStoreUtil.getOldInfo(context, CoreConstsInterface.OldKeyConsts.OLD_KEY_SEED_RANDOM))) {
            deviceId = deviceId + "YWQ_SDK";
        }
        byte[] hash = CipherUtil.hash(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1, (deviceId + SPLIT + info2).getBytes());
        initSeed = new byte[16];
        System.arraycopy(hash, 0, initSeed, 0, 16);
    }

    private static byte[] regainClientSecret(Context context, String str, String str2, String str3) throws SignetApiException {
        String info2 = CoreDataBaseDao.getDaoInstance(context).getInfo(str, str3);
        String deviceId = DeviceInfoUtil.getDeviceId(context);
        if (!StringUtil.isEmpty(ShareStoreUtil.getOldInfo(context, CoreConstsInterface.OldKeyConsts.OLD_KEY_SEED_RANDOM))) {
            deviceId = deviceId + "YWQ_SDK";
        }
        return calcSecret(str3, deviceId.getBytes(), StringUtil.base64Decode(info2), str2.getBytes());
    }

    public static List<SignDataInfos> signDataFinish(Context context, List<SignDataInfos> list, String str, String str2, String str3, String str4, String str5) throws SignetApiException {
        String str6;
        String str7;
        byte[] base64Decode;
        if (!str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) && !str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (!str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1) && !str.toUpperCase().trim().contains("SHA256") && !str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SM3)) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (!str.toUpperCase().trim().contains("WITH")) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (str.toUpperCase().trim().startsWith(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) || str.toUpperCase().trim().startsWith(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            String[] split = str.toUpperCase().trim().split("WITH");
            str = split[1] + "WITH" + split[0];
        }
        try {
            if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
                String str8 = str2.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._RSA_AUTH_CERT : DataBaseConsts._RSA_SIGN_CERT;
                str6 = str2.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._RSA_AUTH_RANDOM : DataBaseConsts._RSA_SIGN_RANDOM;
                str7 = str8;
            } else if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
                String str9 = str2.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._SM2_AUTH_CERT : DataBaseConsts._SM2_SIGN_CERT;
                str6 = str2.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.CP_AUTH_TYPE) ? DataBaseConsts._SM2_AUTH_RANDOM : DataBaseConsts._SM2_SIGN_RANDOM;
                str7 = str9;
            } else {
                str6 = "";
                str7 = "";
            }
            String info2 = CoreDataBaseDao.getDaoInstance(context).getInfo(str4, str7);
            for (int i = 0; i < list.size(); i++) {
                SignDataInfos signDataInfos = list.get(i);
                byte[] GenRandomKey = SymKeyUtil.GenRandomKey(32);
                if (str3.equalsIgnoreCase(CoreConstsInterface.CertPolicyConst.DATA_TYPE_CLEAR_DATA)) {
                    base64Decode = null;
                    GenRandomKey = SymKeyUtil.GenRandomKey(32);
                    if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
                        base64Decode = CipherUtil.hash(str.toUpperCase().trim().replace("WITH", "").replace(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA, "").trim(), StringUtil.base64Decode(signDataInfos.getData()));
                    } else if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
                        base64Decode = SEMSM2Util.sm3ForSM2(CertificateFactory.getInstance("X509", MSSPProvider.PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(StringUtil.base64Decode(info2))).getPublicKey(), StringUtil.base64Decode(signDataInfos.getData()));
                    }
                } else {
                    base64Decode = StringUtil.base64Decode(signDataInfos.getData());
                }
                if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA)) {
                    PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509", MSSPProvider.PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(EncodeUtil.base64Decode(info2)))).getPublicKey();
                    byte[] regainClientSecret = regainClientSecret(context, str4, str5, str6);
                    byte[] bArr = null;
                    if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1)) {
                        bArr = new byte[20];
                        if (base64Decode == null) {
                            throw new SignetApiException(CoreConstsInterface.ErrCodeConsts.ERR_CODE_EXCEPTION, "hash calculate error");
                        }
                        System.arraycopy(base64Decode, base64Decode.length - 20, bArr, 0, 20);
                    } else if (str.toUpperCase().trim().contains("SHA256")) {
                        bArr = new byte[32];
                        if (base64Decode == null) {
                            throw new SignetApiException(CoreConstsInterface.ErrCodeConsts.ERR_CODE_EXCEPTION, "hash calculate error");
                        }
                        System.arraycopy(base64Decode, base64Decode.length - 32, bArr, 0, 32);
                    }
                    signDataInfos.setSignature(EncodeUtil.base64Encode(ASymUtil.semSign(str.toLowerCase().trim(), regainClientSecret, publicKey.getEncoded(), bArr)));
                } else {
                    SEMSM2Util.calckG(GenRandomKey);
                    byte[] regainClientSecret2 = regainClientSecret(context, str4, str5, str6);
                    byte[][] semsign2 = SEMSM2Util.semsign2(EncodeUtil.base64Decode(signDataInfos.getSignParame()), regainClientSecret2, base64Decode);
                    EncodeUtil.base64Encode(regainClientSecret2);
                    signDataInfos.setSignature(EncodeUtil.base64Encode(semsign2[0]) + ";" + EncodeUtil.base64Encode(semsign2[1]) + ";" + EncodeUtil.base64Encode(semsign2[2]));
                }
            }
            return list;
        } catch (Exception e) {
            throw new SignetApiException(e.getMessage());
        }
    }

    public static byte[] signDocuFinish(Context context, String str, String str2, String str3, String str4) throws SignetApiException {
        if (!str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) && !str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (!str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1) && !str.toUpperCase().trim().contains("SHA256") && !str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SM3)) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (!str.toUpperCase().trim().contains("WITH")) {
            throw new SignetApiException("参数异常 :  :" + str);
        }
        if (str.toUpperCase().trim().startsWith(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) || str.toUpperCase().trim().startsWith(CoreConstsInterface.CertPolicyConst.CP_ALGO_SM2)) {
            String[] split = str.toUpperCase().trim().split("WITH");
            str = split[1] + "WITH" + split[0];
        }
        String info2 = CoreDataBaseDao.getDaoInstance(context).getInfo(str4, str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) ? DataBaseConsts._RSA_SIGN_CERT : DataBaseConsts._SM2_SIGN_CERT);
        String str5 = str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.CP_ALGO_RSA) ? DataBaseConsts._RSA_SIGN_RANDOM : DataBaseConsts._SM2_SIGN_RANDOM;
        byte[] base64Decode = StringUtil.base64Decode(str2);
        try {
            PublicKey publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(EncodeUtil.base64Decode(info2)))).getPublicKey();
            byte[] regainClientSecret = regainClientSecret(context, str4, str3, str5);
            byte[] bArr = null;
            if (str.toUpperCase().trim().contains(CoreConstsInterface.CertPolicyConst.HASH_ALGO_SHA1)) {
                bArr = new byte[20];
                System.arraycopy(base64Decode, base64Decode.length - 20, bArr, 0, 20);
            } else if (str.toUpperCase().trim().contains("SHA256")) {
                bArr = new byte[32];
                System.arraycopy(base64Decode, base64Decode.length - 32, bArr, 0, 32);
            }
            return ASymUtil.semSign(str.toLowerCase().trim(), regainClientSecret, publicKey.getEncoded(), bArr);
        } catch (Exception e) {
            throw new SignetApiException(e.getMessage());
        }
    }

    public static String signetDecrypt(Context context, String str) throws SignetApiException {
        if (initSeed == null) {
            initEncKeySeed(context);
        }
        if (StringUtil.isEmpty(str)) {
            return "";
        }
        try {
            Cipher cipher = Cipher.getInstance(SYMALG, MSSPProvider.PROVIDER_NAME);
            cipher.init(2, new SecretKeySpec(initSeed, SYMKEYALG), new IvParameterSpec(initVector));
            return new String(cipher.doFinal(StringUtil.base64Decode(str)));
        } catch (Exception e) {
            throw new SignetApiException(e.getMessage());
        }
    }

    public static String signetEncrypt(Context context, String str) throws SignetApiException {
        if (initSeed == null) {
            initEncKeySeed(context);
        }
        if (StringUtil.isEmpty(str)) {
            return "";
        }
        try {
            Cipher cipher = Cipher.getInstance(SYMALG, MSSPProvider.PROVIDER_NAME);
            cipher.init(1, new SecretKeySpec(initSeed, SYMKEYALG), new IvParameterSpec(initVector));
            return StringUtil.base64Encode(cipher.doFinal(str.getBytes()));
        } catch (Exception e) {
            throw new SignetApiException(e.getMessage());
        }
    }
}
