package com.alipay.api.kms.aliyun;

import com.alipay.api.internal.util.codec.Base64;
import com.alipay.api.kms.aliyun.models.AsymmetricSignRequest;
import com.alipay.api.kms.aliyun.models.AsymmetricSignResponse;
import com.alipay.api.kms.aliyun.models.GetPublicKeyRequest;
import com.alipay.api.kms.aliyun.models.GetPublicKeyResponse;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECFieldElement;

/* loaded from: classes2.dex */
public class AliyunKMSClient extends AliyunRpcClient {
    private static final Map<String, String> digestAlgs;
    private static final Map<String, String> namedCurves;
    private PublicKey publicKey;

    static {
        HashMap hashMap = new HashMap();
        digestAlgs = hashMap;
        HashMap hashMap2 = new HashMap();
        namedCurves = hashMap2;
        hashMap.put("RSA_PKCS1_SHA_256", "SHA-256");
        hashMap.put("RSA_PSS_SHA_256", "SHA-256");
        hashMap.put("ECDSA_SHA_256", "SHA-256");
        hashMap2.put("SM2DSA", "sm2p256v1");
    }

    public AliyunKMSClient(String str, String str2) {
        super(str, str2);
        this.publicKey = null;
    }

    public AliyunKMSClient(String str, String str2, String str3) {
        super(str, str2, str3);
        this.publicKey = null;
    }

    public AliyunKMSClient(String str, String str2, String str3, String str4) {
        super(str, str2, str3, str4);
        this.publicKey = null;
    }

    public AliyunKMSClient(String str, String str2, String str3, String str4, String str5) {
        super(str, str2, str3, str4, str5);
        this.publicKey = null;
    }

    public AliyunKMSClient(String str, String str2, String str3, String str4, String str5, String str6) {
        super(str, str2, str3, str4, str5, str6);
        this.publicKey = null;
    }

    private void addFieldElement(Digest digest, ECFieldElement eCFieldElement) {
        byte[] encoded = eCFieldElement.getEncoded();
        digest.update(encoded, 0, encoded.length);
    }

    private void addUserID(Digest digest, byte[] bArr) {
        int length = bArr.length * 8;
        digest.update((byte) ((length >> 8) & 255));
        digest.update((byte) (length & 255));
        digest.update(bArr, 0, bArr.length);
    }

    private String asymmetricSign(String str, String str2, String str3, byte[] bArr) throws Exception {
        byte[] digest;
        if (str3.equals("SM2DSA")) {
            if (this.publicKey == null) {
                this.publicKey = getPublicKey(str, str2);
            }
            digest = calcSM3Digest(this.publicKey, bArr, str3);
        } else {
            digest = MessageDigest.getInstance(digestAlgs.get(str3)).digest(bArr);
        }
        AsymmetricSignRequest asymmetricSignRequest = new AsymmetricSignRequest();
        asymmetricSignRequest.setKeyId(str);
        asymmetricSignRequest.setKeyVersionId(str2);
        asymmetricSignRequest.setAlgorithm(str3);
        asymmetricSignRequest.setDigest(Base64.encodeBase64String(digest));
        return ((AsymmetricSignResponse) getAcsResponse(asymmetricSignRequest)).getValue();
    }

    private byte[] calcSM3Digest(PublicKey publicKey, byte[] bArr, String str) {
        X9ECParameters byName = GMNamedCurves.getByName(namedCurves.get(str));
        ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN());
        byte[] z10 = getZ(new ECPublicKeyParameters(((BCECPublicKey) publicKey).getQ(), eCDomainParameters), eCDomainParameters);
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(z10, 0, z10.length);
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    private PublicKey getPublicKey(String str, String str2) throws Exception {
        GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
        getPublicKeyRequest.setKeyId(str);
        getPublicKeyRequest.setKeyVersionId(str2);
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64String(String.valueOf(((GetPublicKeyResponse) getAcsResponse(getPublicKeyRequest)).getPublicKey()).replaceFirst("-----BEGIN PUBLIC KEY-----", "").replaceFirst("-----END PUBLIC KEY-----", "").replaceAll("\\s", "")));
        Security.addProvider(new BouncyCastleProvider());
        return KeyFactory.getInstance("EC", "BC").generatePublic(x509EncodedKeySpec);
    }

    private byte[] getZ(ECPublicKeyParameters eCPublicKeyParameters, ECDomainParameters eCDomainParameters) {
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.reset();
        addUserID(sM3Digest, "1234567812345678".getBytes());
        addFieldElement(sM3Digest, eCDomainParameters.getCurve().getA());
        addFieldElement(sM3Digest, eCDomainParameters.getCurve().getB());
        addFieldElement(sM3Digest, eCDomainParameters.getG().getAffineXCoord());
        addFieldElement(sM3Digest, eCDomainParameters.getG().getAffineYCoord());
        addFieldElement(sM3Digest, eCPublicKeyParameters.getQ().getAffineXCoord());
        addFieldElement(sM3Digest, eCPublicKeyParameters.getQ().getAffineYCoord());
        byte[] bArr = new byte[sM3Digest.getDigestSize()];
        sM3Digest.doFinal(bArr, 0);
        return bArr;
    }

    public String sign(String str, String str2, String str3, byte[] bArr) throws Exception {
        return asymmetricSign(str, str2, str3, bArr);
    }
}
