package com.bes.enterprise.cipher.gmssl.crypto.impl.jcajce;

import com.bes.enterprise.cipher.crypto.engines.SM2Engine;
import com.bes.enterprise.cipher.gmssl.Certificate;
import com.bes.enterprise.cipher.gmssl.DefaultTlsCredentialedSigner;
import com.bes.enterprise.cipher.gmssl.SignatureAndHashAlgorithm;
import com.bes.enterprise.cipher.gmssl.TlsCredentialedDecryptor;
import com.bes.enterprise.cipher.gmssl.TlsUtils;
import com.bes.enterprise.cipher.gmssl.crypto.TlsCryptoParameters;
import com.bes.enterprise.cipher.gmssl.crypto.TlsSecret;
import com.bes.enterprise.cipher.gmssl.crypto.TlsSigner;
import com.bes.enterprise.cipher.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import com.bes.enterprise.cipher.jcajce.provider.asymmetric.util.ECUtil;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;

/* loaded from: input_file:com/bes/enterprise/cipher/gmssl/crypto/impl/jcajce/GMSSLSignerAndDecryptor.class */
public class GMSSLSignerAndDecryptor extends DefaultTlsCredentialedSigner implements TlsCredentialedDecryptor {
    protected JcaTlsCrypto crypto;
    protected PrivateKey privateKey;

    private static TlsSigner makeSigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey) {
        if ((privateKey instanceof ECPrivateKey) || "EC".equals(privateKey.getAlgorithm())) {
            return new JcaGMSSLSigner(jcaTlsCrypto, privateKey);
        }
        throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
    }

    public GMSSLSignerAndDecryptor(TlsCryptoParameters tlsCryptoParameters, JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey, Certificate certificate, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        super(tlsCryptoParameters, makeSigner(jcaTlsCrypto, privateKey), certificate, signatureAndHashAlgorithm);
        if (jcaTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("'certificate' cannot be null");
        }
        if (certificate.isEmpty()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        if (!(privateKey instanceof BCECPrivateKey) && !"EC".equals(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("'privateKey' type not supported: " + privateKey.getClass().getName());
        }
        this.crypto = jcaTlsCrypto;
        this.privateKey = privateKey;
    }

    @Override // com.bes.enterprise.cipher.gmssl.DefaultTlsCredentialedSigner, com.bes.enterprise.cipher.gmssl.TlsCredentials
    public Certificate getCertificate() {
        return this.certificate;
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        return safeDecryptPreMasterSecret(tlsCryptoParameters, this.privateKey, bArr);
    }

    protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters tlsCryptoParameters, PrivateKey privateKey, byte[] bArr) {
        byte[] bArr2 = null;
        try {
            byte[] parseSm2CipherTextDer = TlsUtils.parseSm2CipherTextDer(bArr);
            SM2Engine sM2Engine = new SM2Engine();
            sM2Engine.init(false, ECUtil.generatePrivateKeyParameter(privateKey));
            bArr2 = sM2Engine.processBlock(parseSm2CipherTextDer, 0, parseSm2CipherTextDer.length);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return this.crypto.createSecret(bArr2);
    }
}
