package cn.com.infosec.netsign.base.processors;

import cn.com.infosec.crypto.params.KeyParameter;
import cn.com.infosec.isfw2.sfw.Request;
import cn.com.infosec.isfw2.sfw.Response;
import cn.com.infosec.netsign.base.ErrorInfoRes;
import cn.com.infosec.netsign.base.NSMessage;
import cn.com.infosec.netsign.base.NSMessageOpt;
import cn.com.infosec.netsign.base.channels.ServerChannel;
import cn.com.infosec.netsign.base.processors.util.ProcessUtil;
import cn.com.infosec.netsign.base.util.NetSignImpl;
import cn.com.infosec.netsign.base.util.ServerKeyStore;
import cn.com.infosec.netsign.base.util.TrustConfig;
import cn.com.infosec.netsign.cavium.jce.DESedeEngine;
import cn.com.infosec.netsign.crypto.util.CryptoUtil;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.netsign.isfwimpl.NetSignProcessor;
import cn.com.infosec.netsign.isfwimpl.NetSignRequest;
import cn.com.infosec.netsign.isfwimpl.NetSignResponse;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.pkcs.FX509Certificate;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;

/* loaded from: input_file:cn/com/infosec/netsign/base/processors/DecryptZTCMessageProcessor.class */
public class DecryptZTCMessageProcessor implements NetSignProcessor {
    private ServerChannel channel;
    private String failedMsg;

    public DecryptZTCMessageProcessor() {
    }

    public DecryptZTCMessageProcessor(ServerChannel serverChannel) {
        this.channel = serverChannel;
    }

    @Override // cn.com.infosec.netsign.isfwimpl.NetSignProcessor
    public void setChannel(ServerChannel serverChannel) {
        if (this.channel != serverChannel) {
            this.channel = serverChannel;
        }
    }

    public Response process(Request request) {
        NetSignRequest netSignRequest = (NetSignRequest) request;
        NSMessage nSMessage = netSignRequest.getNSMessage();
        this.failedMsg = new StringBuffer(String.valueOf(this.channel.getId())).append(" ").append(nSMessage.getAddress()).append(" DecryptZTCMessageProcessor failed:").toString();
        NSMessageOpt createNSMessageOpt = ProcessUtil.createNSMessageOpt(nSMessage);
        if (createNSMessageOpt.getResult() < 0) {
            ProcessUtil.log(this.channel.getDebugLogger(), this.channel.getId(), nSMessage, createNSMessageOpt);
            ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(this.failedMsg)).append(createNSMessageOpt.getResult()).toString(), this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        }
        decryptAndVerifyZTCMessage(nSMessage.getCryptoText(), nSMessage, createNSMessageOpt);
        if (createNSMessageOpt.getResult() >= 0) {
            ProcessUtil.accessLog(this.channel.getAccessLogger(), "DecryptZTCMessageProcessor successed", this.channel.getLogLevel());
            return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
        }
        ProcessUtil.log(this.channel.getDebugLogger(), this.channel.getId(), nSMessage, createNSMessageOpt);
        ProcessUtil.accessLog(this.channel.getAccessLogger(), new StringBuffer(String.valueOf(this.failedMsg)).append(createNSMessageOpt.getResult()).toString(), this.channel.getLogLevel());
        return NetSignResponse.createNetSignResponse(createNSMessageOpt, netSignRequest.getProtocol());
    }

    private void decryptAndVerifyZTCMessage(byte[] bArr, NSMessage nSMessage, NSMessageOpt nSMessageOpt) {
        byte[] bArr2 = new byte[128];
        System.arraycopy(bArr, 0, bArr2, 0, 128);
        ServerKeyStore signKeyStore = this.channel.getSignKeyStore(nSMessage.getEncCertDN());
        if (signKeyStore == null) {
            handleError(ErrorInfoRes.CANNOT_FOUND_ENC_CERT_BY_DN, nSMessageOpt);
            return;
        }
        byte[] deSessionKey = deSessionKey(bArr2, signKeyStore.getPrivateKey(), nSMessageOpt);
        if (deSessionKey == null) {
            handleError(ErrorInfoRes.DECRYPT_KEY_ERROR, nSMessageOpt);
            return;
        }
        byte[] bArr3 = new byte[(bArr.length - 128) - 4];
        System.arraycopy(bArr, 132, bArr3, 0, bArr3.length);
        byte[] deE2 = deE2(bArr3, deSessionKey);
        CryptoUtil.debug("e2", deE2);
        if (deE2 == null) {
            handleError(ErrorInfoRes.DECRYPT_DATA_EXCEPTION_ERROR, nSMessageOpt);
            return;
        }
        byte[] bArr4 = new byte[8];
        System.arraycopy(deE2, 0, bArr4, 0, 8);
        nSMessageOpt.setCryptoText(bArr4);
        byte[] sha1Radom = sha1Radom(bArr4);
        byte[] bArr5 = new byte[128];
        System.arraycopy(deE2, 8, bArr5, 0, 128);
        byte[] bArr6 = new byte[4];
        System.arraycopy(deE2, 136, bArr6, 0, 4);
        int bytes2Int = CryptoUtil.bytes2Int(bArr6, true);
        if (bytes2Int < 0 || bytes2Int > deE2.length - 140) {
            handleError(ErrorInfoRes.DECRYPT_DATA_EXCEPTION_ERROR, nSMessageOpt);
            return;
        }
        byte[] bArr7 = new byte[bytes2Int];
        System.arraycopy(deE2, 140, bArr7, 0, bytes2Int);
        X509Certificate genCert = genCert(bArr7, nSMessageOpt);
        if (genCert == null) {
            handleError(ErrorInfoRes.NULL_CERTIFICATE_ERROR, nSMessageOpt);
            return;
        }
        int verifyCert = verifyCert(genCert, bArr7, nSMessageOpt);
        if (verifyCert != 0) {
            handleError(verifyCert, nSMessageOpt);
            return;
        }
        byte[] deSha1Radom = deSha1Radom((RSAPublicKey) genCert.getPublicKey(), bArr5);
        if (deSha1Radom == null) {
            handleError(ErrorInfoRes.VERIFY_SIGNATURE_ERROR, nSMessageOpt);
        } else {
            if (CryptoUtil.compereBytes(sha1Radom, deSha1Radom)) {
                return;
            }
            handleError(ErrorInfoRes.VERIFY_SIGNATURE_ERROR, nSMessageOpt);
        }
    }

    private byte[] deSha1Radom(RSAPublicKey rSAPublicKey, byte[] bArr) {
        byte[] bArr2 = (byte[]) null;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ExtendedConfig.getDecryptProvider());
            cipher.init(2, rSAPublicKey);
            bArr2 = cipher.doFinal(bArr);
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        return bArr2;
    }

    private int verifyCert(X509Certificate x509Certificate, byte[] bArr, NSMessageOpt nSMessageOpt) {
        TrustConfig trustConfig = (TrustConfig) this.channel.getTrustConfigs().get(x509Certificate.getIssuerDN().getName());
        if (trustConfig == null) {
            return ErrorInfoRes.CERT_NOT_TRUST_ERROR;
        }
        try {
            trustConfig.VerifyCert(x509Certificate, FX509Certificate.getTbsCertificate(bArr), this.channel.getService().isCheckValidity(), ExtendedConfig.getDecryptProvider(), x509Certificate.getNotBefore().getTime(), x509Certificate.getNotAfter().getTime());
            if (trustConfig.isOCSPEnabled()) {
                trustConfig.VerifyOCSP(x509Certificate);
                return 0;
            }
            if (!trustConfig.isCrlEnabled()) {
                return 0;
            }
            trustConfig.VerifyCRL(x509Certificate);
            return 0;
        } catch (Exception e) {
            ProcessUtil.throwDetailException(e, nSMessageOpt);
            return nSMessageOpt.getResult();
        }
    }

    private X509Certificate genCert(byte[] bArr, NSMessageOpt nSMessageOpt) {
        nSMessageOpt.setPlainText(bArr);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", NetSignImpl.PROVIDER_INFOSEC).generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        return x509Certificate;
    }

    private byte[] sha1Radom(byte[] bArr) {
        byte[] bArr2 = (byte[]) null;
        try {
            bArr2 = MessageDigest.getInstance(NetSignImpl.SHA1, NetSignImpl.PROVIDER_INFOSEC).digest(bArr);
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        return bArr2;
    }

    private byte[] deE2(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = (byte[]) null;
        try {
            Cipher cipher = Cipher.getInstance("DESede/ECB/NoPadding", NetSignImpl.PROVIDER_INFOSEC);
            cipher.init(2, SecretKeyFactory.getInstance("DESede", NetSignImpl.PROVIDER_INFOSEC).generateSecret(new DESedeKeySpec(bArr2)));
            bArr3 = cipher.doFinal(bArr);
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        return bArr3;
    }

    private byte[] deE2bak(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = (byte[]) null;
        try {
            DESedeEngine dESedeEngine = new DESedeEngine();
            dESedeEngine.init(false, new KeyParameter(SecretKeyFactory.getInstance("DESede", NetSignImpl.PROVIDER_INFOSEC).generateSecret(new DESedeKeySpec(bArr2)).getEncoded()));
            byte[] bArr4 = new byte[bArr.length];
            dESedeEngine.processBlock(bArr, 0, bArr4, 0);
            return bArr4;
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            return bArr3;
        }
    }

    private byte[] deSessionKey(byte[] bArr, PrivateKey privateKey, NSMessageOpt nSMessageOpt) {
        byte[] bArr2 = (byte[]) null;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", ExtendedConfig.getDecryptProvider());
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(bArr);
            nSMessageOpt.setEncKey(doFinal);
            byte[] bArr3 = new byte[24];
            System.arraycopy(doFinal, 0, bArr3, 0, 16);
            System.arraycopy(doFinal, 0, bArr3, 16, 8);
            bArr2 = bArr3;
        } catch (Exception e) {
            ConsoleLogger.logException(e);
        }
        return bArr2;
    }

    private void handleError(int i, NSMessageOpt nSMessageOpt) {
        nSMessageOpt.setResult(i);
        nSMessageOpt.setErrMsg(ErrorInfoRes.getErrorInfo(i));
    }
}
