package com.dean.ccbft.es.impl;

import com.dean.ccbft.es.entity.DCSSecException;
import com.dean.ccbft.es.entity.RetCipherKey;
import com.dean.ccbft.es.entity.RetValue;
import com.dean.ccbft.es.sm2.SM2Crypto;
import com.dean.ccbft.es.sm3.SMS3;
import com.dean.ccbft.es.sm4.SMS4;
import com.dean.ccbft.es.utils.ArrayUtil;
import com.dean.ccbft.es.utils.Base64;
import com.dean.ccbft.es.utils.DCSSecsUtil;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: classes2.dex */
public class DCSAPPClientAPIImpl {
    private static int MAX_CHECK_VALUE_LEN = 8;
    private static int API_VERSION = 0;

    private static RetValue _add_cipher_msg_head(byte[] bArr) {
        byte[] mergeByteArray = ArrayUtil.mergeByteArray(ArrayUtil.short2ByteLH(API_VERSION), bArr);
        byte[] _genRandomData = _genRandomData(16);
        return new RetValue(_genRandomData, ArrayUtil.mergeByteArray(mergeByteArray, _genRandomData));
    }

    private static RetValue _check_cipher_msg_head(byte[] bArr, byte[] bArr2) throws DCSSecException {
        if (!Arrays.equals(bArr, ArrayUtil.SubArray(bArr2, 2, MAX_CHECK_VALUE_LEN))) {
            throw new DCSSecException("_check_cipher_msg_head check key checkValue not match error.");
        }
        int i = 2 + MAX_CHECK_VALUE_LEN;
        byte[] SubArray = ArrayUtil.SubArray(bArr2, i, 16);
        int i2 = i + 16;
        return new RetValue(SubArray, ArrayUtil.SubArray(bArr2, i2, bArr2.length - i2));
    }

    private static boolean _check_data_checkValue(byte[] bArr, byte[] bArr2) {
        byte[] merage_sm3 = SMS3.merage_sm3(bArr);
        int length = bArr2.length;
        byte[] bArr3 = new byte[length];
        System.arraycopy(merage_sm3, 0, bArr3, 0, length);
        return Arrays.equals(bArr3, bArr2);
    }

    private static byte[] _genRandomData(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static byte[] _gen_data_checkValue(byte[] bArr, int i) {
        byte[] merage_sm3 = SMS3.merage_sm3(bArr);
        int i2 = i;
        if (i2 > 32) {
            i2 = 32;
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(merage_sm3, 0, bArr2, 0, i2);
        return bArr2;
    }

    private static byte[] _gen_wkKey_checkValue(byte[] bArr, int i) throws DCSSecException {
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 16, bArr2, 0, 16);
        byte[] bArr3 = new byte[i];
        System.arraycopy(SMS4.sm4_mac(new byte[8], bArr2, bArr), 16 - i, bArr3, 0, i);
        return bArr3;
    }

    private static RetValue _workKey_decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws DCSSecException {
        byte[] b64_decode = Base64.b64_decode(bArr3);
        if (!_check_data_checkValue(bArr2, ArrayUtil.SubArray(b64_decode, 0, MAX_CHECK_VALUE_LEN))) {
            throw new DCSSecException("_workKey_decrypt check pbe not match error.");
        }
        int i = 0 + MAX_CHECK_VALUE_LEN;
        byte[] SubArray = ArrayUtil.SubArray(b64_decode, i, MAX_CHECK_VALUE_LEN);
        int i2 = i + MAX_CHECK_VALUE_LEN;
        byte[] SubArray2 = ArrayUtil.SubArray(b64_decode, i2, b64_decode.length - i2);
        byte[] _gen_data_checkValue = _gen_data_checkValue(ArrayUtil.mergeByteArray(new byte[]{10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10}, bArr2), 32);
        byte[] SubArray3 = ArrayUtil.SubArray(SubArray2, 0, 16);
        byte[] SubArray4 = ArrayUtil.SubArray(SubArray2, 16, SubArray2.length - 16);
        try {
            SubArray4 = SMS4.sm4_cbc_dec(SubArray4, ArrayUtil.SubArray(_gen_data_checkValue, 16, _gen_data_checkValue.length - 16), _gen_data_checkValue);
        } catch (DCSSecException e) {
            e.printStackTrace();
        }
        byte[] bytesXorbytes = ArrayUtil.bytesXorbytes(SubArray4, SubArray3);
        if (Arrays.equals(SubArray, _gen_wkKey_checkValue(bytesXorbytes, MAX_CHECK_VALUE_LEN))) {
            return new RetValue(bytesXorbytes, SubArray);
        }
        throw new DCSSecException("_workKey_decrypt check key checkValue not match error.");
    }

    private static RetValue _workKey_encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws DCSSecException {
        byte[] _gen_data_checkValue = _gen_data_checkValue(ArrayUtil.mergeByteArray(new byte[]{10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10}, bArr2), 32);
        byte[] _genRandomData = _genRandomData(16);
        byte[] bytesXorbytes = ArrayUtil.bytesXorbytes(bArr3, _genRandomData);
        byte[] mergeByteArray = ArrayUtil.mergeByteArray(_genRandomData, bytesXorbytes);
        byte[] bArr4 = new byte[16];
        System.arraycopy(_gen_data_checkValue, 16, bArr4, 0, 16);
        return new RetValue(mergeByteArray, ArrayUtil.mergeByteArray(_genRandomData, SMS4.sm4_cbc_enc(bytesXorbytes, bArr4, _gen_data_checkValue)));
    }

    public static byte[] data_decrypt_cpa(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws DCSSecException {
        DCSSecsUtil.checkByteParamIsEmpty_and_rangeLen("data_decrypt_cpa", "pbe", bArr2, 4, 32);
        DCSSecsUtil.checkByteParamIsEmpty_and_length("data_decrypt_cpa", "keyCipher", bArr3, 108);
        DCSSecsUtil.checkByteParamIsEmpty_and_minLen("data_decrypt_cpa", "cipher", bArr4, 100);
        RetValue _workKey_decrypt = _workKey_decrypt(null, bArr2, bArr3);
        RetValue _check_cipher_msg_head = _check_cipher_msg_head(_workKey_decrypt.getData(), Base64.b64_decode(bArr4));
        byte[] bytesXorbytes = ArrayUtil.bytesXorbytes(_workKey_decrypt.getKey(), _check_cipher_msg_head.getKey());
        byte[] SubArray = ArrayUtil.SubArray(bytesXorbytes, 16, bytesXorbytes.length - 16);
        byte[] SubArray2 = ArrayUtil.SubArray(_check_cipher_msg_head.getData(), 0, 32);
        byte[] sm4_ecb_dec = SMS4.sm4_ecb_dec(ArrayUtil.SubArray(_check_cipher_msg_head.getData(), 32, _check_cipher_msg_head.getData().length - 32), bytesXorbytes);
        int ByteLHToInt = ArrayUtil.ByteLHToInt(sm4_ecb_dec, 0);
        if (ByteLHToInt + 4 != sm4_ecb_dec.length) {
            throw new DCSSecException("data_decrypt_cpa decrypt out data length[" + ByteLHToInt + "] != [" + (sm4_ecb_dec.length - 4) + "] error.");
        }
        byte[] SubArray3 = ArrayUtil.SubArray(sm4_ecb_dec, 4, ByteLHToInt);
        if (Arrays.equals(SubArray2, SMS3.merage_sm3_hmac(SubArray3, SubArray))) {
            return SubArray3;
        }
        throw new DCSSecException("data_decrypt_cpa check data mac not match error.");
    }

    public static byte[] data_encrypt_cpa(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws DCSSecException {
        DCSSecsUtil.checkByteParamIsEmpty_and_rangeLen("data_encrypt_cpa", "pbe", bArr2, 4, 32);
        DCSSecsUtil.checkByteParamIsEmpty_and_length("data_encrypt_cpa", "keyCipher", bArr3, 108);
        DCSSecsUtil.checkByteParamIsEmpty_and_minLen("data_encrypt_cpa", "plain", bArr4, 1);
        RetValue _workKey_decrypt = _workKey_decrypt(null, bArr2, bArr3);
        RetValue _add_cipher_msg_head = _add_cipher_msg_head(_workKey_decrypt.getData());
        byte[] bytesXorbytes = ArrayUtil.bytesXorbytes(_workKey_decrypt.getKey(), _add_cipher_msg_head.getKey());
        return Base64.b64_encode(ArrayUtil.mergeByteArray(_add_cipher_msg_head.getData(), SMS3.merage_sm3_hmac(bArr4, ArrayUtil.SubArray(bytesXorbytes, 16, bytesXorbytes.length - 16)), SMS4.sm4_ecb_enc(ArrayUtil.mergeByteArray(ArrayUtil.Int2ByteLH(bArr4.length), bArr4), bytesXorbytes)));
    }

    public static boolean init(byte[] bArr) throws DCSSecException {
        DCSSecsUtil.checkByteParamIsEmpty("init", "userId", bArr);
        return true;
    }

    public static RetCipherKey workkey_nego_and_data_encrypt_cpa(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws DCSSecException {
        DCSSecsUtil.checkByteParamIsEmpty_and_rangeLen("workkey_nego_and_data_encrypt_cpa", "pbe", bArr2, 4, 32);
        DCSSecsUtil.checkByteParamIsEmpty_and_length("workkey_nego_and_data_encrypt_cpa", "pubkey", bArr3, 88);
        DCSSecsUtil.checkByteParamIsEmpty_and_minLen("workkey_nego_and_data_encrypt_cpa", "plain", bArr4, 1);
        byte[] b64_decode = Base64.b64_decode(bArr3);
        byte[] _genRandomData = _genRandomData(32);
        byte[] _gen_data_checkValue = _gen_data_checkValue(bArr2, MAX_CHECK_VALUE_LEN);
        byte[] _gen_wkKey_checkValue = _gen_wkKey_checkValue(_genRandomData, MAX_CHECK_VALUE_LEN);
        byte[] short2ByteLH = ArrayUtil.short2ByteLH(API_VERSION);
        byte[] mergeByteArray = ArrayUtil.mergeByteArray(ArrayUtil.mergeByteArray(_gen_data_checkValue), _gen_wkKey_checkValue);
        byte[] mergeByteArray2 = ArrayUtil.mergeByteArray(short2ByteLH, _gen_wkKey_checkValue);
        RetValue _workKey_encrypt = _workKey_encrypt(null, bArr2, _genRandomData);
        byte[] b64_encode = Base64.b64_encode(ArrayUtil.mergeByteArray(mergeByteArray, _workKey_encrypt.getData()));
        byte[] doSM2Encrypt_C1C3C2 = SM2Crypto.doSM2Encrypt_C1C3C2(b64_decode, _workKey_encrypt.getKey());
        return new RetCipherKey(b64_encode, Base64.b64_encode(ArrayUtil.mergeByteArray(ArrayUtil.mergeByteArray(ArrayUtil.mergeByteArray(ArrayUtil.mergeByteArray(mergeByteArray2, ArrayUtil.short2ByteLH(doSM2Encrypt_C1C3C2.length)), doSM2Encrypt_C1C3C2), SMS3.merage_sm3_hmac(bArr4, ArrayUtil.SubArray(_genRandomData, 16, 16))), SMS4.sm4_ecb_enc(ArrayUtil.mergeByteArray(ArrayUtil.Int2ByteLH(bArr4.length), bArr4), _genRandomData))));
    }

    public static RetCipherKey workkey_nego_cpa(byte[] bArr, byte[] bArr2, byte[] bArr3) throws DCSSecException {
        DCSSecsUtil.checkByteParamIsEmpty_and_rangeLen("workkey_nego_cpa", "pbe", bArr2, 4, 32);
        DCSSecsUtil.checkByteParamIsEmpty_and_length("workkey_nego_cpa", "pubkey", bArr3, 88);
        byte[] b64_decode = Base64.b64_decode(bArr3);
        byte[] _genRandomData = _genRandomData(32);
        byte[] _gen_data_checkValue = _gen_data_checkValue(bArr2, MAX_CHECK_VALUE_LEN);
        byte[] _gen_wkKey_checkValue = _gen_wkKey_checkValue(_genRandomData, MAX_CHECK_VALUE_LEN);
        byte[] short2ByteLH = ArrayUtil.short2ByteLH(API_VERSION);
        byte[] mergeByteArray = ArrayUtil.mergeByteArray(ArrayUtil.mergeByteArray(_gen_data_checkValue), _gen_wkKey_checkValue);
        byte[] mergeByteArray2 = ArrayUtil.mergeByteArray(short2ByteLH, _gen_wkKey_checkValue);
        RetValue _workKey_encrypt = _workKey_encrypt(null, bArr2, _genRandomData);
        return new RetCipherKey(Base64.b64_encode(ArrayUtil.mergeByteArray(mergeByteArray, _workKey_encrypt.getData())), Base64.b64_encode(ArrayUtil.mergeByteArray(mergeByteArray2, SM2Crypto.doSM2Encrypt_C1C3C2(b64_decode, _workKey_encrypt.getKey()))));
    }
}
