package com.icbc.hsm.software.parms;

import com.icbc.bcprov.org.bouncycastle.crypto.CipherParameters;
import com.icbc.bcprov.org.bouncycastle.crypto.digests.SM3Digest;
import com.icbc.bcprov.org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import com.icbc.bcprov.org.bouncycastle.crypto.params.KeyParameter;
import com.icbc.hsm.software.basic.HsmKeyParameter;
import com.icbc.hsm.software.basic.MessageDigest;
import com.icbc.hsm.software.config.IcbcEnvironment;
import com.icbc.hsm.software.utils.CallerCheck;
import com.icbc.hsm.software.utils.Helper;
import com.icbc.hsm.utils.encoders.Hex;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/parms/ClearKeyParameter.class */
public class ClearKeyParameter implements HsmKeyParameter {
    private transient String algorithmType;
    private transient Long keyLengthInBit;
    private transient boolean isPrivate;
    private transient byte[] key;
    private transient byte[] password;
    private transient byte[] salt;
    private byte[] id;

    @Override // com.icbc.hsm.software.basic.HsmKeyParameter
    public String getAlgorithm() {
        return this.algorithmType;
    }

    public int getKeySize() {
        return this.keyLengthInBit.intValue();
    }

    public CipherParameters getBCkey() throws Exception {
        byte[] password = getPassword(this.password, this.key.length * 8);
        byte[] bArr = this.key;
        byte[] copyOfRange = (("SM2".equalsIgnoreCase(this.algorithmType) || "RSA".equalsIgnoreCase(this.algorithmType)) && !this.isPrivate) ? Arrays.copyOfRange(bArr, 0, bArr.length) : unwapKey(bArr, password);
        return ("SM2".equalsIgnoreCase(this.algorithmType) || "RSA".equalsIgnoreCase(this.algorithmType)) ? Helper.toAsymmetricKey(copyOfRange, getKeyType()) : new KeyParameter(copyOfRange);
    }

    public static ClearKeyParameter getInstance(String str, byte[] bArr) throws Exception {
        return getInstance(str, false, bArr);
    }

    public static ClearKeyParameter getInstance(String str, boolean z, byte[] bArr) throws Exception {
        if (!IcbcEnvironment.isICBCEnvironment() || CallerCheck.check(ClearKeyParameter.class.getName())) {
            return new ClearKeyParameter(str, z, bArr);
        }
        throw new Exception("clear key function not permit");
    }

    protected ClearKeyParameter() {
        this.salt = null;
    }

    protected ClearKeyParameter(String str, byte[] bArr) {
        this(str, false, bArr);
    }

    protected ClearKeyParameter(String str, boolean z, byte[] bArr) {
        this.salt = null;
        this.algorithmType = str;
        this.keyLengthInBit = Long.valueOf(bArr.length * 8);
        this.isPrivate = z;
        try {
            this.password = MessageDigest.digest("SM3", bArr);
        } catch (Exception e) {
            this.password = new byte[0];
        }
        if (("SM2".equalsIgnoreCase(str) || "RSA".equalsIgnoreCase(str)) && !z) {
            this.key = Arrays.copyOf(bArr, bArr.length);
        } else {
            this.key = wapKey(bArr, getPassword(this.password, bArr.length * 8));
        }
    }

    public void setId(byte[] bArr) {
        if (bArr == null) {
            this.id = null;
        } else {
            this.id = Arrays.copyOf(bArr, bArr.length);
        }
    }

    public byte[] getId() {
        if (this.id == null) {
            return null;
        }
        return Arrays.copyOf(this.id, this.id.length);
    }

    public String toString() {
        return null;
    }

    public String getPublicKey() {
        if (this.isPrivate) {
            return null;
        }
        return Hex.toHexString(this.key);
    }

    private byte[] getPassword(byte[] bArr, int i) {
        if (this.salt == null) {
            SecureRandom secureRandom = new SecureRandom();
            this.salt = new byte[32];
            secureRandom.nextBytes(this.salt);
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SM3Digest());
        pKCS5S2ParametersGenerator.init(bArr, this.salt, 16);
        return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters(i)).getKey();
    }

    private byte[] wapKey(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr3.length; i++) {
            bArr3[i] = (byte) ((bArr[i] ^ bArr2[i]) & 255);
        }
        return bArr3;
    }

    private byte[] unwapKey(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[this.key.length];
        for (int i = 0; i < bArr3.length; i++) {
            bArr3[i] = (byte) ((this.key[i] ^ bArr2[i]) & 255);
        }
        return bArr3;
    }

    public String getKeyType() {
        if ("SM2".equalsIgnoreCase(this.algorithmType)) {
            return this.isPrivate ? "SM2private" : "SM2public";
        }
        if ("RSA".equalsIgnoreCase(this.algorithmType)) {
            return this.isPrivate ? "RSAprivate" : "RSApublic";
        }
        return null;
    }
}
