package cn.signit.pkcs.p7;

import cn.signit.pkcs.x509.keystore.KeyStoreUtil;
import cn.signit.pkcs.x509.tools.CertificateCoder;
import cn.signit.pkcs.x509.tools.SignVerify;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.Array;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;

/* loaded from: classes.dex */
public class SelfPKCS7Tool {
    private static final int SIGNER = 1;
    private static final int VERIFIER = 2;
    private int mode;
    private static char jvm = 0;
    private static Class<?> algorithmId = null;
    private static Class<?> derValue = null;
    private static Class<?> objectIdentifier = null;
    private static Class<?> x500Name = null;
    private static boolean debug = false;
    private String digestAlgorithm = SecurityConstants.SHA1;
    private String signingAlgorithm = SignVerify.SIGNATURE_ALGORITHM;
    private X509Certificate[] certificates = null;
    private PrivateKey privateKey = null;
    private Certificate rootCertificate = null;

    private SelfPKCS7Tool(int i) {
        this.mode = 0;
        this.mode = i;
    }

    public static SelfPKCS7Tool getSigner(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream;
        init();
        KeyStore keyStore = (str.toLowerCase().endsWith(".pfx") || str.toLowerCase().endsWith(".p12")) ? KeyStore.getInstance(KeyStoreUtil.KEY_STORE_TYPE_PFX) : KeyStore.getInstance("JKS");
        FileInputStream fileInputStream2 = null;
        try {
            fileInputStream = new FileInputStream(str);
        } catch (Throwable th) {
            th = th;
        }
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            Enumeration<String> aliases = keyStore.aliases();
            String str4 = null;
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    str4 = aliases.nextElement();
                    Certificate[] certificateChain = keyStore.getCertificateChain(str4);
                    if (certificateChain != null && certificateChain.length != 0) {
                        X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                        if (matchUsage(x509Certificate.getKeyUsage(), 1)) {
                            try {
                                x509Certificate.checkValidity();
                                break;
                            } catch (CertificateException e) {
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            if (str4 == null) {
                throw new GeneralSecurityException("None certificate for sign in this keystore");
            }
            if (debug) {
                System.out.println(str4);
            }
            X509Certificate[] x509CertificateArr = null;
            if (keyStore.isKeyEntry(str4)) {
                Certificate[] certificateChain2 = keyStore.getCertificateChain(str4);
                for (int i = 0; i < certificateChain2.length; i++) {
                    if (!(certificateChain2[i] instanceof X509Certificate)) {
                        throw new GeneralSecurityException("Certificate[" + i + "] in chain '" + str4 + "' is not a X509Certificate.");
                    }
                }
                x509CertificateArr = new X509Certificate[certificateChain2.length];
                for (int i2 = 0; i2 < certificateChain2.length; i2++) {
                    x509CertificateArr[i2] = (X509Certificate) certificateChain2[i2];
                }
            } else {
                if (!keyStore.isCertificateEntry(str4)) {
                    throw new GeneralSecurityException(str4 + " is unknown to this keystore");
                }
                Certificate certificate = keyStore.getCertificate(str4);
                if (certificate instanceof X509Certificate) {
                    x509CertificateArr = new X509Certificate[]{(X509Certificate) certificate};
                }
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str4, str3.toCharArray());
            if (privateKey == null) {
                throw new GeneralSecurityException(str4 + " could not be accessed");
            }
            SelfPKCS7Tool selfPKCS7Tool = new SelfPKCS7Tool(1);
            selfPKCS7Tool.certificates = x509CertificateArr;
            selfPKCS7Tool.privateKey = privateKey;
            return selfPKCS7Tool;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                fileInputStream2.close();
            }
            throw th;
        }
    }

    public static SelfPKCS7Tool getVerifier(String str) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream;
        Certificate generateCertificate;
        init();
        FileInputStream fileInputStream2 = null;
        try {
            fileInputStream = new FileInputStream(str);
        } catch (Throwable th) {
            th = th;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CertificateCoder.X509);
            try {
                generateCertificate = certificateFactory.generateCertificate(fileInputStream);
            } catch (Exception e) {
                generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(new BASE64Decoder().decodeBuffer(fileInputStream)));
            }
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            SelfPKCS7Tool selfPKCS7Tool = new SelfPKCS7Tool(2);
            selfPKCS7Tool.rootCertificate = generateCertificate;
            return selfPKCS7Tool;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                fileInputStream2.close();
            }
            throw th;
        }
    }

    private static void init() {
        if (jvm != 0) {
            return;
        }
        String property = System.getProperty("java.vm.vendor");
        if (property == null) {
            property = "";
        }
        String upperCase = property.toUpperCase();
        try {
            if (upperCase.indexOf("SUN") >= 0 || upperCase.indexOf("ORACLE") >= 0) {
                jvm = 'S';
                algorithmId = Class.forName("sun.security.x509.AlgorithmId");
                derValue = Class.forName("sun.security.util.DerValue");
                objectIdentifier = Class.forName("sun.security.util.ObjectIdentifier");
                x500Name = Class.forName("sun.security.x509.X500Name");
            } else if (upperCase.indexOf("IBM") >= 0) {
                jvm = 'I';
                algorithmId = Class.forName("com.ibm.security.x509.AlgorithmId");
                derValue = Class.forName("com.ibm.security.util.DerValue");
                objectIdentifier = Class.forName("com.ibm.security.util.ObjectIdentifier");
                x500Name = Class.forName("com.ibm.security.x509.X500Name");
            } else {
                System.out.println("Not support JRE: " + property);
                System.exit(-1);
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            System.exit(-1);
        }
    }

    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2++) {
            if (((1 << i2) & i) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    public static void setDebug(boolean z) {
        debug = z;
    }

    public final String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public final String getSigningAlgorithm() {
        return this.signingAlgorithm;
    }

    public final void setDigestAlgorithm(String str) {
        this.digestAlgorithm = str;
    }

    public final void setSigningAlgorithm(String str) {
        this.signingAlgorithm = str;
    }

    public String sign(byte[] bArr) throws Exception {
        if (this.mode != 1) {
            throw new IllegalStateException("call a PKCS7Tool instance not for signature.");
        }
        Signature signature = Signature.getInstance(this.signingAlgorithm);
        signature.initSign(this.privateKey);
        signature.update(bArr, 0, bArr.length);
        byte[] sign = signature.sign();
        Object obj = ContentInfo.class.getField("DATA_OID").get(null);
        ContentInfo contentInfo = (ContentInfo) ContentInfo.class.getConstructor(obj.getClass(), derValue).newInstance(obj, null);
        X509Certificate x509Certificate = this.certificates[this.certificates.length - 1];
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        Object newInstance = x500Name.getConstructor(String.class).newInstance(x509Certificate.getIssuerDN().getName());
        Object invoke = algorithmId.getMethod("get", String.class).invoke(null, this.digestAlgorithm);
        SignerInfo[] signerInfoArr = {(SignerInfo) SignerInfo.class.getConstructor(x500Name, BigInteger.class, algorithmId, PKCS9Attributes.class, algorithmId, byte[].class, PKCS9Attributes.class).newInstance(newInstance, serialNumber, invoke, null, algorithmId.getConstructor(objectIdentifier).newInstance(algorithmId.getField("RSAEncryption_oid").get(null)), sign, null)};
        Object newInstance2 = Array.newInstance(algorithmId, 1);
        Array.set(newInstance2, 0, invoke);
        PKCS7 pkcs7 = (PKCS7) PKCS7.class.getConstructor(newInstance2.getClass(), ContentInfo.class, X509Certificate[].class, signerInfoArr.getClass()).newInstance(newInstance2, contentInfo, this.certificates, signerInfoArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        pkcs7.encodeSignedData(byteArrayOutputStream);
        return new BASE64Encoder().encode(byteArrayOutputStream.toByteArray());
    }

    public void verify(String str, byte[] bArr, String str2) throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateException, NoSuchProviderException {
        if (this.mode != 2) {
            throw new IllegalStateException("call a PKCS7Tool instance not for verify.");
        }
        PKCS7 pkcs7 = new PKCS7(new BASE64Decoder().decodeBuffer(str));
        X509Certificate[] certificates = pkcs7.getCertificates();
        if (debug) {
            for (int i = 0; i < certificates.length; i++) {
                X509Certificate x509Certificate = certificates[i];
                System.out.println("SIGNER " + i + "=\n" + x509Certificate);
                System.out.println("SIGNER " + i + "=\n" + new BASE64Encoder().encode(x509Certificate.getEncoded()));
            }
        }
        SignerInfo[] verify = pkcs7.verify(bArr);
        if (verify == null) {
            throw new SignatureException("Signature failed verification, data has been tampered");
        }
        for (int i2 = 0; i2 < verify.length; i2++) {
            X509Certificate certificate = verify[i2].getCertificate(pkcs7);
            certificate.checkValidity();
            if (!certificate.equals(this.rootCertificate)) {
                certificate.verify(this.rootCertificate.getPublicKey());
            }
            if (i2 == 0 && str2 != null) {
                X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
                if (!str2.equals(subjectX500Principal.getName("RFC1779")) && !new X500Principal(str2).equals(subjectX500Principal)) {
                    throw new SignatureException("Signer dn '" + subjectX500Principal.getName("RFC1779") + "' does not matchs '" + str2 + "'");
                }
            }
        }
    }
}
