package com.aliyun.encdb.common.cipher;

import com.aliyun.encdb.common.common.Utils;
import com.aliyun.encdb.common.crypto.AsymCrypto;
import com.aliyun.encdb.common.crypto.AsymmAlgo;
import com.aliyun.encdb.common.crypto.CipherSuite;
import com.aliyun.encdb.common.crypto.SymCrypto;
import com.aliyun.encdb.mysql.jdbc.external.com.google.common.primitives.Bytes;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.List;
import java.util.zip.DataFormatException;
import org.bouncycastle.crypto.CryptoException;

/* loaded from: input_file:com/aliyun/encdb/common/cipher/Envelope.class */
public class Envelope {
    byte[] encryptedKey;
    byte[] data;
    CipherSuite cipherSuite;
    static final /* synthetic */ boolean $assertionsDisabled;

    public Envelope(byte[] bArr) {
        this.data = bArr;
    }

    public byte[] getBytes() throws DataFormatException {
        ByteBuffer order = ByteBuffer.allocate(2 + this.encryptedKey.length + this.data.length).order(ByteOrder.LITTLE_ENDIAN);
        order.putShort((short) this.encryptedKey.length);
        order.put(this.encryptedKey);
        order.put(this.data);
        return order.array();
    }

    public static Envelope fromBytes(byte[] bArr) throws DataFormatException {
        try {
            ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN);
            Envelope envelope = new Envelope(null);
            envelope.encryptedKey = new byte[order.getShort()];
            order.get(envelope.encryptedKey);
            envelope.data = new byte[order.remaining()];
            order.get(envelope.data);
            return envelope;
        } catch (BufferUnderflowException e) {
            throw new DataFormatException("Wrong encdb envelope bytes");
        }
    }

    public Envelope seal(String str, boolean z) throws CryptoException, IOException {
        SecureRandom secureRandom = new SecureRandom();
        ArrayList arrayList = new ArrayList();
        if (!$assertionsDisabled && this.cipherSuite == null) {
            throw new AssertionError();
        }
        if (this.cipherSuite.getAsymmAlgo() == AsymmAlgo.SM2 && this.cipherSuite.getSymmAlgo().name().startsWith("SM4")) {
            byte[] bArr = new byte[16];
            switch (this.cipherSuite.getSymmAlgo()) {
                case SM4_128_CBC:
                    byte[] bArr2 = new byte[16];
                    secureRandom.nextBytes(bArr);
                    secureRandom.nextBytes(bArr2);
                    arrayList.addAll(Bytes.asList(bArr2));
                    arrayList.addAll(Bytes.asList(SymCrypto.sm4CBCEncrypt(bArr, this.data, bArr2)));
                    break;
                case SM4_128_GCM:
                    byte[] bArr3 = new byte[12];
                    secureRandom.nextBytes(bArr);
                    secureRandom.nextBytes(bArr3);
                    arrayList.addAll(Bytes.asList(bArr3));
                    byte[] sm4GcmEncrypt = SymCrypto.sm4GcmEncrypt(bArr, this.data, bArr3);
                    arrayList.addAll(Utils.swapBytesByPivot(sm4GcmEncrypt, sm4GcmEncrypt.length - 16));
                    break;
                default:
                    throw new CryptoException("invalid algorithm " + this.cipherSuite.getSymmAlgo().name());
            }
            this.data = Bytes.toArray(arrayList);
            this.encryptedKey = z ? AsymCrypto.sm2EncryptPem(str, bArr) : AsymCrypto.sm2EncryptRaw(str, bArr);
        } else {
            if (this.cipherSuite.getAsymmAlgo() != AsymmAlgo.RSA || !this.cipherSuite.getSymmAlgo().name().startsWith("AES")) {
                throw new CryptoException("Not supported seal algorithm");
            }
            byte[] bArr4 = new byte[16];
            switch (this.cipherSuite.getSymmAlgo()) {
                case AES_128_CBC:
                    byte[] bArr5 = new byte[16];
                    secureRandom.nextBytes(bArr4);
                    secureRandom.nextBytes(bArr5);
                    arrayList.addAll(Bytes.asList(bArr5));
                    arrayList.addAll(Bytes.asList(SymCrypto.aesCBCEncrypt(bArr4, this.data, bArr5)));
                    break;
                case AES_128_GCM:
                    byte[] bArr6 = new byte[12];
                    secureRandom.nextBytes(bArr4);
                    secureRandom.nextBytes(bArr6);
                    arrayList.addAll(Bytes.asList(bArr6));
                    byte[] aesGcmEncrypt = SymCrypto.aesGcmEncrypt(bArr4, this.data, bArr6);
                    arrayList.addAll(Utils.swapBytesByPivot(aesGcmEncrypt, aesGcmEncrypt.length - 16));
                    break;
                default:
                    throw new CryptoException("invalid algorithm " + this.cipherSuite.getSymmAlgo().name());
            }
            this.data = Bytes.toArray(arrayList);
            this.encryptedKey = AsymCrypto.rsaPKCS1EncryptPem(str, bArr4);
        }
        return this;
    }

    public Envelope seal(String str) throws CryptoException, IOException {
        return seal(str, str.startsWith("-----BEGIN"));
    }

    public byte[] open(String str) throws CryptoException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return open(str, str.startsWith("-----BEGIN"));
    }

    public byte[] open(String str, boolean z) throws CryptoException, NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        byte[] aesCBCDecrypt;
        List<Byte> asList = Bytes.asList(this.data);
        byte[] array = Bytes.toArray(asList.subList(0, 0 + 16));
        byte[] array2 = Bytes.toArray(asList.subList(16, asList.size()));
        if (!$assertionsDisabled && this.cipherSuite == null) {
            throw new AssertionError();
        }
        if (this.cipherSuite.getAsymmAlgo() == AsymmAlgo.SM2 && this.cipherSuite.getSymmAlgo().name().startsWith("SM4")) {
            aesCBCDecrypt = SymCrypto.sm4CBCDecrypt(z ? AsymCrypto.sm2DecryptPem(str, this.encryptedKey) : AsymCrypto.sm2DecryptRaw(str, this.encryptedKey), array2, array);
        } else {
            if (this.cipherSuite.getAsymmAlgo() != AsymmAlgo.RSA || !this.cipherSuite.getSymmAlgo().name().startsWith("AES")) {
                throw new CryptoException("Not supported seal algorithm");
            }
            aesCBCDecrypt = SymCrypto.aesCBCDecrypt(AsymCrypto.rsaPKCS1DecryptPem(str, this.encryptedKey), array2, array);
        }
        return aesCBCDecrypt;
    }

    public Envelope setCiperSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
        return this;
    }

    static {
        $assertionsDisabled = !Envelope.class.desiredAssertionStatus();
    }
}
