package com.mzl.flower.pay;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.jcajce.spec.SM2ParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;

public class SmUtil {
	static{
        Security.addProvider(new BouncyCastleProvider());
    }
	/**算法常量:SM3withSM2*/
	public static final String ALGORITHM_SM3SM2_BCPROV = "SM3withSM2";
	private final static int SM3withSM2_RS_LEN=32;

	public static void main(String[] args) throws Exception {
		/**商户平台分配的appid,也是签名的certid**/
		String appid = "00000156";
		/**商户sm2私钥,用于向通联发起请求前进行签名**/
		String cusPrivateKey = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgjj4Rk+b0YjwO+UwXofnHf4bK+kaaY5Btkd8nMP2VimmgCgYIKoEcz1UBgi2hRANCAAQqlALW4qGC3bP1x3wo5QsKxaCMEZJ2ODTTwOQ+d8UGU7GoK/y/WMBQWf5upMnFU06p5FxGooXYYoBtldgm03hq";
		/**商户sm2公钥，需要配置到通联商户平台**/
		String cusPubKey = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEKpQC1uKhgt2z9cd8KOULCsWgjBGSdjg008DkPnfFBlOxqCv8v1jAUFn+bqTJxVNOqeRcRqKF2GKAbZXYJtN4ag==";
		
		/**通联平台sm2公钥，用于请求返回或者通联通知的验签**/
		String tlPubKey = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE/BnA8BawehBtH0ksPyayo4pmzL/u1FQ2sZcqwOp6bjVqQX4tjo930QAvHZPJ2eez8sCz/RYghcqv4LvMq+kloQ==";
		
		String blankStr = "请求待签名数据";
		PrivateKey privkey = privKeySM2FromBase64Str(cusPrivateKey);
		String sign = signSM3SM2RetBase64(privkey, appid, blankStr.getBytes("UTF-8"));//签名
		System.out.println(sign);
		
		String rspBlankStr = "返回待验签数据";//通联返回的明文
		String rspSign = "AovBKQGUe0xuJ0ox7FgIIX+yB3DzbudgUsnNvJmDV0IdHZtU2Y8vdeUY1pd2vmPUf08hNgdkoz+4WP/D/ktOcA==";//通联返回的签名
		PublicKey publicKey = pubKeySM2FromBase64Str(tlPubKey);
		boolean isOk = verifySM3SM2(publicKey, "Allinpay", Base64.decodeBase64(rspSign), rspBlankStr.getBytes("UTF-8"));
		System.out.println("验签结果:"+isOk);
		

	}
	
	/**签名并BASE64编码-SM3WithSM2 */
	public static String signSM3SM2RetBase64(final PrivateKey privateKey,String certid,final byte[] data) throws Exception{
		return Base64.encodeBase64String(signSM3SM2(privateKey, certid, data));
	}
	
	/**签名-SM3WithSM2 */
	public static byte[] signSM3SM2(final PrivateKey privateKey,String certid,final byte[] data) throws Exception{
		SM2ParameterSpec parameterSpec = new SM2ParameterSpec(certid.getBytes());
		Signature signer = Signature.getInstance(ALGORITHM_SM3SM2_BCPROV, "BC");
		signer.setParameter(parameterSpec);
		signer.initSign(privateKey, new SecureRandom());
		signer.update(data);
		return byteAsn12BytePlain(signer.sign());
	}
	
	/** 验证签名-SM3WithSM2*/
	public static boolean verifySM3SM2(final PublicKey publicKey,String certid,final byte[] signData, final byte[] srcData) throws Exception {
        SM2ParameterSpec parameterSpec = new SM2ParameterSpec(certid.getBytes());
        Signature verifier = Signature.getInstance(ALGORITHM_SM3SM2_BCPROV, "BC");
        verifier.setParameter(parameterSpec);
        verifier.initVerify(publicKey);
        verifier.update(srcData);
        return verifier.verify(bytePlain2ByteAsn1(signData));
	}
	
	/**从字符串读取私钥-目前支持PKCS8(keystr为BASE64格式)*/
	public static PrivateKey privKeySM2FromBase64Str(String keystr) throws Exception {
		KeyFactory keyFactory = KeyFactory.getInstance("EC");
		return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(keystr)));
	}
	
	/**从字符串读取RSA公钥(keystr为BASE64格式)*/
	public static PublicKey pubKeySM2FromBase64Str(String keystr) throws Exception {
		KeyFactory keyFactory = KeyFactory.getInstance("EC");
		return keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64(keystr)));
	}
	
	/**
	 * 将普通字节数组转换为ASN1字节数组 适用于SM3withSM2验签时验签明文转换
	 */
	private static byte[] bytePlain2ByteAsn1(byte[] data) {
		if (data.length != SM3withSM2_RS_LEN * 2) throw new RuntimeException("err data. ");
		BigInteger r = new BigInteger(1, Arrays.copyOfRange(data, 0, SM3withSM2_RS_LEN));
		BigInteger s = new BigInteger(1, Arrays.copyOfRange(data, SM3withSM2_RS_LEN, SM3withSM2_RS_LEN * 2));
		ASN1EncodableVector v = new ASN1EncodableVector();
		v.add(new ASN1Integer(r));
		v.add(new ASN1Integer(s));
		try {
			return new DERSequence(v).getEncoded("DER");
		} catch (IOException e) {
			throw new RuntimeException(e);
		}
	}
	/**
	 * 将ASN1字节数组转换为普通字节数组 适用于SM3withSM2签名时签名结果转换
	 */
	private static byte[] byteAsn12BytePlain(byte[] dataAsn1) {
		ASN1Sequence seq = ASN1Sequence.getInstance(dataAsn1);
		byte[] r = bigIntToFixexLengthBytes(ASN1Integer.getInstance(seq.getObjectAt(0)).getValue());
		byte[] s = bigIntToFixexLengthBytes(ASN1Integer.getInstance(seq.getObjectAt(1)).getValue());
		byte[] result = new byte[SM3withSM2_RS_LEN * 2];
		System.arraycopy(r, 0, result, 0, r.length);
		System.arraycopy(s, 0, result, SM3withSM2_RS_LEN, s.length);
		return result;
	}
	
	private static byte[] bigIntToFixexLengthBytes(BigInteger rOrS) {
		byte[] rs = rOrS.toByteArray();
		if (rs.length == SM3withSM2_RS_LEN) return rs;
		else if (rs.length == SM3withSM2_RS_LEN + 1 && rs[0] == 0)
			return Arrays.copyOfRange(rs, 1, SM3withSM2_RS_LEN + 1);
		else if (rs.length < SM3withSM2_RS_LEN) {
			byte[] result = new byte[SM3withSM2_RS_LEN];
			Arrays.fill(result, (byte) 0);
			System.arraycopy(rs, 0, result, SM3withSM2_RS_LEN - rs.length, rs.length);
			return result;
		} else {
			throw new RuntimeException("err rs: " + Hex.toHexString(rs));
		}
	}

}