package org.opoo.ootp.codec.encryption;

import cn.hutool.crypto.CryptoException;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.asymmetric.SM2;
import com.emc.codec.util.CodecUtil;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.AbstractMap;
import java.util.Base64;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jce.interfaces.ECPrivateKey;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.opoo.ootp.codec.encryption.sm4.SM4EncryptionConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opoo/ootp/codec/encryption/EncryptionUtils.class */
public class EncryptionUtils {
    private static final Logger log = LoggerFactory.getLogger(EncryptionUtils.class);
    public static final Provider SECURITY_PROVIDER = new BouncyCastleProvider();
    public static final String SECURE_RANDOM_INSTANCE = "DEFAULT";

    public static String getKeyFingerprint(PublicKey publicKey) {
        if (publicKey instanceof ECPublicKey) {
            return getKeyFingerprint((ECPublicKey) publicKey);
        }
        throw new IllegalArgumentException("不是 ECPublicKey: " + publicKey);
    }

    public static String getKeyFingerprint(ECPublicKey eCPublicKey) {
        return ECUtil.generateKeyFingerprint(eCPublicKey.getQ(), eCPublicKey.getParameters());
    }

    public static String getKeyFingerprint(PrivateKey privateKey) {
        if (privateKey instanceof ECPrivateKey) {
            return getKeyFingerprint((ECPrivateKey) privateKey);
        }
        throw new IllegalArgumentException("不是 ECPrivateKey: " + privateKey);
    }

    public static String getKeyFingerprint(ECPrivateKey eCPrivateKey) {
        BigInteger d = eCPrivateKey.getD();
        ECParameterSpec parameters = eCPrivateKey.getParameters();
        return ECUtil.generateKeyFingerprint(new FixedPointCombMultiplier().multiply(parameters.getG(), d).normalize(), parameters);
    }

    public static String getKeyHash(Key key) {
        return SmUtil.sm3().digestHex(key.getEncoded());
    }

    public static KeyPair buildSM2KeyPairFromBase64(String str, String str2) throws GeneralSecurityException {
        Optional ofNullable = Optional.ofNullable(str);
        Base64.Decoder decoder = Base64.getDecoder();
        Objects.requireNonNull(decoder);
        byte[] bArr = (byte[]) ofNullable.map(decoder::decode).orElse(null);
        Optional ofNullable2 = Optional.ofNullable(str2);
        Base64.Decoder decoder2 = Base64.getDecoder();
        Objects.requireNonNull(decoder2);
        return buildSM2KeyPair(bArr, (byte[]) ofNullable2.map(decoder2::decode).orElse(null));
    }

    public static byte[] decodeHex(String str) {
        try {
            return Hex.decodeHex(str);
        } catch (DecoderException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static KeyPair buildSM2KeyPairFromHex(String str, String str2) throws GeneralSecurityException {
        return buildSM2KeyPair((byte[]) Optional.ofNullable(str).map(EncryptionUtils::decodeHex).orElse(null), (byte[]) Optional.ofNullable(str2).map(EncryptionUtils::decodeHex).orElse(null));
    }

    public static KeyPair buildSM2KeyPair(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        KeyFactory keyFactory = KeyFactory.getInstance("EC", SECURITY_PROVIDER);
        return new KeyPair(bArr == null ? null : keyFactory.generatePublic(new X509EncodedKeySpec(bArr)), bArr2 == null ? null : keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2)));
    }

    public static PublicKey buildSM2PublicKey(byte[] bArr) throws GeneralSecurityException {
        return buildSM2KeyPair(bArr, null).getPublic();
    }

    public static PrivateKey buildSM2PrivateKey(byte[] bArr) throws GeneralSecurityException {
        return buildSM2KeyPair(null, bArr).getPrivate();
    }

    public static PublicKey buildSM2PublicKeyFromBase64(String str) throws GeneralSecurityException {
        return buildSM2PublicKey(Base64.getDecoder().decode(str));
    }

    public static PrivateKey buildSM2PrivateKeyFromBase64(String str) throws GeneralSecurityException {
        return buildSM2PrivateKey(Base64.getDecoder().decode(str));
    }

    public static KeyPair generateSM2KeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", SECURITY_PROVIDER);
            keyPairGenerator.initialize(new ECGenParameterSpec("sm2p256v1"), getSecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            log.debug("Generated SM2 key pair: {}", generateKeyPair);
            return generateKeyPair;
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("无法生成 SM2 的公钥私钥对", e);
        }
    }

    public static SecretKey decryptKey(String str, String str2, PrivateKey privateKey) {
        byte[] decrypt;
        byte[] urlSafeDecodeBase64 = urlSafeDecodeBase64(str);
        SM2 sm2 = SmUtil.sm2(privateKey, (PublicKey) null);
        try {
            decrypt = sm2.decrypt(urlSafeDecodeBase64);
        } catch (CryptoException e) {
            if (!(e.getCause() instanceof InvalidCipherTextException)) {
                throw e;
            }
            log.debug("默认拼接方式解密失败，尝试使用 C1C2C3 的拼接方式重新尝试解密");
            decrypt = sm2.setMode(SM2Engine.Mode.C1C2C3).decrypt(urlSafeDecodeBase64);
        }
        return new SecretKeySpec(decrypt, str2);
    }

    public static String encryptKey(SecretKey secretKey, PublicKey publicKey) {
        return urlSafeEncodeBase64(SmUtil.sm2((PrivateKey) null, publicKey).encrypt(secretKey.getEncoded()));
    }

    public static String urlSafeEncodeBase64(byte[] bArr) {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    public static byte[] urlSafeDecodeBase64(String str) {
        return Base64.getUrlDecoder().decode(str);
    }

    public static String signMetadata(Map<String, String> map, PrivateKey privateKey, String str) {
        String str2 = (String) map.entrySet().stream().map(entry -> {
            return new AbstractMap.SimpleEntry(((String) entry.getKey()).toLowerCase(), (String) entry.getValue());
        }).filter(simpleEntry -> {
            return ((String) simpleEntry.getKey()).startsWith(str);
        }).sorted(Map.Entry.comparingByKey()).map(simpleEntry2 -> {
            return ((String) simpleEntry2.getKey()) + ":" + ((String) simpleEntry2.getValue()) + "\n";
        }).collect(Collectors.joining(""));
        log.debug("Canonical string: ''{}''", str2);
        return urlSafeEncodeBase64(SmUtil.sm2(privateKey, (PublicKey) null).sign(str2.getBytes(StandardCharsets.UTF_8)));
    }

    public static String getCipherSpec(String str) {
        return CodecUtil.getEncodeAlgorithm(str);
    }

    public static String getBaseAlgorithm(String str) {
        return str.split("/")[0];
    }

    public static SecureRandom getSecureRandom() {
        try {
            return SecureRandom.getInstance(SECURE_RANDOM_INSTANCE, SECURITY_PROVIDER);
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("Could not get secure random instance for DEFAULT", e);
        }
    }

    public static SecretKey generateKey(String str) {
        String baseAlgorithm = getBaseAlgorithm(str);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(baseAlgorithm, SECURITY_PROVIDER);
            keyGenerator.init(getSecureRandom());
            return keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("Could not generate key for algorithm " + baseAlgorithm, e);
        }
    }

    public static Cipher initEncryptCipher(String str, KeyAndSpec keyAndSpec) {
        return initCipher(str, 1, keyAndSpec.getKey(), keyAndSpec.getSpec());
    }

    public static Cipher initDecryptCipher(String str, KeyAndSpec keyAndSpec) {
        return initCipher(str, 2, keyAndSpec.getKey(), keyAndSpec.getSpec());
    }

    public static Cipher initCipher(String str, int i, Key key, AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            Cipher cipher = Cipher.getInstance(str, SECURITY_PROVIDER);
            if (algorithmParameterSpec != null) {
                cipher.init(i, key, algorithmParameterSpec, getSecureRandom());
            } else {
                cipher.init(i, key, getSecureRandom());
            }
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Error initializing cipher", e);
        }
    }

    public static KeyAndSpec buildSM4Key(byte[] bArr, byte[] bArr2) {
        return new KeyAndSpec(new SecretKeySpec(bArr, SM4EncryptionConstants.ENCRYPTION_TYPE), bArr2 != null ? new IvParameterSpec(bArr2) : null);
    }
}
