package cn.signit.pkcs.p7;

import cn.signit.pkcs.cert.X509CertSigner;
import cn.signit.pkcs.x509.keystore.KeyStoreUtil;
import cn.signit.pkcs.x509.tools.SignVerify;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: classes.dex */
public class BcPkcs7Factory {
    private static final int SIGNER = 1;
    private static final int VERIFIER = 2;
    private static String signAlgorithm = SignVerify.SIGNATURE_ALGORITHM;
    private ContentSigner contentSigner;
    private byte[] data;
    private int mode;
    private byte[] signedData;
    private X509Certificate[] certificatesChain = null;
    private PrivateKey signPrivateKey = null;

    private BcPkcs7Factory(int i) {
        this.mode = 0;
        this.mode = i;
    }

    private X509Certificate certificateHolderToCert(X509CertificateHolder x509CertificateHolder) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
    }

    private static KeyStore getKeyStore(InputStream inputStream, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStoreUtil.KEY_STORE_TYPE_PFX);
        try {
            try {
                keyStore.load(inputStream, str.toCharArray());
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Exception e) {
                keyStore = KeyStore.getInstance("JKS");
                keyStore.load(inputStream, str.toCharArray());
                if (inputStream != null) {
                    inputStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    private static KeyStore getKeyStore(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        KeyStore keyStore = (str.toLowerCase().endsWith(".pfx") || str.toLowerCase().endsWith(".p12")) ? KeyStore.getInstance(KeyStoreUtil.KEY_STORE_TYPE_PFX) : KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(str);
            try {
                keyStore.load(fileInputStream2, str2.toCharArray());
                if (fileInputStream2 != null) {
                    fileInputStream2.close();
                }
                return keyStore;
            } catch (Throwable th) {
                th = th;
                fileInputStream = fileInputStream2;
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static BcPkcs7Factory getSignFac(KeyStore keyStore, String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        Enumeration<String> aliases = keyStore.aliases();
        String str2 = null;
        if (aliases != null) {
            while (aliases.hasMoreElements()) {
                str2 = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                if (certificateChain != null && certificateChain.length != 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                    if (matchUsage(x509Certificate.getKeyUsage(), 1)) {
                        try {
                            x509Certificate.checkValidity();
                            break;
                        } catch (CertificateException e) {
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        if (str2 == null) {
            throw new GeneralSecurityException("None certificate for sign in this keystore");
        }
        X509Certificate[] x509CertificateArr = null;
        if (keyStore.isKeyEntry(str2)) {
            Certificate[] certificateChain2 = keyStore.getCertificateChain(str2);
            for (int i = 0; i < certificateChain2.length; i++) {
                if (!(certificateChain2[i] instanceof X509Certificate)) {
                    throw new GeneralSecurityException("Certificate[" + i + "] in chain '" + str2 + "' is not a X509Certificate.");
                }
            }
            x509CertificateArr = new X509Certificate[certificateChain2.length];
            for (int i2 = 0; i2 < certificateChain2.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateChain2[i2];
            }
        } else {
            if (!keyStore.isCertificateEntry(str2)) {
                throw new GeneralSecurityException(str2 + " is unknown to this keystore");
            }
            Certificate certificate = keyStore.getCertificate(str2);
            if (certificate instanceof X509Certificate) {
                x509CertificateArr = new X509Certificate[]{(X509Certificate) certificate};
            }
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, str.toCharArray());
        if (privateKey == null) {
            throw new GeneralSecurityException(str2 + " could not be accessed");
        }
        ContentSigner build = new JcaContentSignerBuilder(signAlgorithm).setProvider("BC").build(privateKey);
        BcPkcs7Factory bcPkcs7Factory = new BcPkcs7Factory(1);
        bcPkcs7Factory.contentSigner = build;
        bcPkcs7Factory.certificatesChain = x509CertificateArr;
        bcPkcs7Factory.signPrivateKey = privateKey;
        return bcPkcs7Factory;
    }

    public static BcPkcs7Factory initSigner(X509CertSigner x509CertSigner) {
        BcPkcs7Factory bcPkcs7Factory = new BcPkcs7Factory(1);
        bcPkcs7Factory.certificatesChain = x509CertSigner.getCertificatesChain();
        bcPkcs7Factory.contentSigner = x509CertSigner.getSigner();
        return bcPkcs7Factory;
    }

    public static BcPkcs7Factory initSigner(InputStream inputStream, String str, String str2) throws GeneralSecurityException, IOException, Exception {
        return getSignFac(getKeyStore(inputStream, str), str2);
    }

    public static BcPkcs7Factory initSigner(String str, String str2, String str3) throws GeneralSecurityException, IOException, OperatorCreationException {
        return getSignFac(getKeyStore(str, str2, str3), str3);
    }

    public static BcPkcs7Factory initVerifer(byte[] bArr, byte[] bArr2) throws Exception {
        BcPkcs7Factory bcPkcs7Factory = new BcPkcs7Factory(2);
        bcPkcs7Factory.data = bArr;
        bcPkcs7Factory.signedData = bArr2;
        return bcPkcs7Factory;
    }

    public static BcPkcs7Factory initVeriferBase64(byte[] bArr, String str) throws Exception {
        return initVerifer(bArr, new BASE64Decoder().decodeBuffer(str));
    }

    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2++) {
            if (((1 << i2) & i) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    public X509Certificate[] getSignCert() {
        return this.certificatesChain;
    }

    public BcPkcs7Factory setSignAlgorithm(String str) {
        signAlgorithm = str;
        return this;
    }

    public byte[] sign(byte[] bArr) throws Exception {
        new ArrayList();
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        JcaCertStore jcaCertStore = new JcaCertStore(Arrays.asList(this.certificatesChain));
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(this.contentSigner, this.certificatesChain[0]));
        cMSSignedDataGenerator.addCertificates(jcaCertStore);
        return cMSSignedDataGenerator.generate(cMSProcessableByteArray, false).getEncoded();
    }

    public String signToBase64(byte[] bArr) throws Exception {
        return new BASE64Encoder().encode(sign(bArr));
    }

    public boolean verify() {
        boolean z = true;
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(this.data), this.signedData);
            Security.addProvider(new BouncyCastleProvider());
            Store certificates = cMSSignedData.getCertificates();
            ArrayList arrayList = new ArrayList();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                arrayList.add(certificateHolderToCert(x509CertificateHolder));
                z = signerInformation.verify(new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(x509CertificateHolder));
            }
            this.certificatesChain = new X509Certificate[arrayList.size()];
            arrayList.toArray(this.certificatesChain);
            return z;
        } catch (Exception e) {
            System.out.println("验证数字签名失败");
            return false;
        }
    }
}
