package kl.certdevice.util;

import android.util.Base64;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import kl.certdevice.exception.DeviceException;
import kl.security.asn1.i;
import kl.security.asn1.k;
import kl.security.asn1.l;
import kl.security.asn1.v;
import kl.security.asn1.w;
import kl.security.asn1.x;
import kl.security.b.f.e;
import kl.security.b.f.o;
import kl.security.b.i.c;
import kl.security.b.l.b;
import kl.security.b.l.d;
import kl.security.pki.pkcs7.f;
import kl.security.pki.pkcs7.g;
import kl.security.pki.pkcs7.j;
import kl.security.pki.pkcs7.p;
import kl.security.pki.pkcs7.s;
import kl.security.pki.pkcs7.u;
import kl.security.pki.pkcs7.y;
import kl.security.pki.pkcs7.z;
import kl.security.pki.x509.C0563l;
import kl.security.pki.x509.C0565n;
import kl.security.pki.x509.Name;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes.dex */
public class PKCS7Utils {
    public static final int PKCS7_CERT_INFO = 0;
    public static final int PKCS7_ENCRYPT_DIGEST_DATA = 1;
    public static final int PKCS7_PLAIN_TEXT = 2;

    public static byte[] createP7S(C0563l c0563l, byte[] bArr, z zVar, byte[] bArr2) {
        g b2;
        w wVar;
        i a2;
        f fVar = new f();
        if (c0563l.g() instanceof RSAPublicKey) {
            b2 = fVar.b();
            wVar = u.f11927c;
        } else {
            b2 = fVar.b();
            wVar = kl.security.a.a.ia;
        }
        b2.copy(wVar);
        y yVar = new y();
        s sVar = new s();
        if (c0563l != null) {
            sVar.c().copy(c0563l);
        }
        sVar.a(sVar.c());
        yVar.a().addComponent(sVar);
        yVar.e().setValue(BigInteger.valueOf(1L));
        j jVar = new j();
        jVar.getAlgorithm().copy(zVar.b().getAlgorithm());
        jVar.addComponent(new v());
        yVar.c().a(jVar);
        yVar.b().b().copy(u.f11926b);
        yVar.b().a().a(new x());
        if (bArr != null) {
            a2 = yVar.b().a();
        } else {
            a2 = yVar.b().a();
            bArr = null;
        }
        a2.setValue(bArr);
        zVar.d().setValue(bArr2);
        yVar.d().addComponent(zVar);
        fVar.a().a(yVar);
        return fVar.encode();
    }

    public static z createSignerInfo(C0563l c0563l, byte[] bArr, String str) {
        l kVar;
        C0565n b2;
        Args.notNull(bArr, "digestedData");
        Args.notNull(str, "signAlgoName");
        String digestAlgorithm = SignAlgorithmUtil.getDigestAlgorithm(str);
        String encryptAlgorithm = SignAlgorithmUtil.getEncryptAlgorithm(str);
        z zVar = new z();
        zVar.g().setValue(BigInteger.valueOf(2L));
        kl.security.pki.pkcs7.v vVar = new kl.security.pki.pkcs7.v();
        if (c0563l != null) {
            vVar.a().copy(c0563l.e());
            b2 = vVar.b();
            kVar = c0563l.h();
        } else {
            Name name = new Name();
            name.addRDN("C", "CN");
            vVar.a().copy(name);
            kVar = new k();
            kVar.setValue(BigInteger.valueOf(1234567890L));
            b2 = vVar.b();
        }
        b2.copy(kVar);
        zVar.e().copy(vVar);
        zVar.b().getAlgorithm().copy(DigestAlgorithmUtil.getDigestAlgorithmOID(digestAlgorithm));
        zVar.b().addComponent(new v());
        zVar.c().getAlgorithm().copy(AsymmAlgorithmUtil.getAsymEncryptionOIdByName(encryptAlgorithm));
        zVar.c().addComponent(new v());
        b bVar = new b();
        bVar.a().copy(kl.security.b.j.f.f11842f);
        x xVar = new x();
        xVar.setValue(bArr);
        d dVar = new d();
        dVar.a(xVar);
        bVar.b().addComponent(dVar);
        zVar.a().addComponent(bVar);
        return zVar;
    }

    public static C0563l getCertificate(kl.security.b.f.i iVar, char[] cArr) {
        o oVar;
        kl.security.b.f.a b2 = iVar.b();
        int i = 0;
        for (int i2 = 0; i2 < b2.getComponentCount(); i2++) {
            f fVar = (f) b2.getComponent(i2);
            if (fVar.b().equals(u.f11931g)) {
                kl.security.pki.pkcs7.o a2 = ((p) fVar.a().a()).a();
                kl.security.pki.pkcs7.d a3 = a2.a();
                kl.security.b.f.l lVar = (kl.security.b.f.l) a3.a().a();
                byte[] bArr = (byte[]) lVar.getSalt().getValue();
                int a4 = lVar.a().a();
                String wVar = a3.getAlgorithm().toString();
                byte[] bArr2 = (byte[]) a2.b().getValue();
                SecretKey generateSecret = SecretKeyFactory.getInstance(wVar).generateSecret(new PBEKeySpec(cArr));
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, a4);
                Cipher cipher = Cipher.getInstance(wVar);
                cipher.init(2, generateSecret, pBEParameterSpec);
                byte[] doFinal = cipher.doFinal(bArr2);
                kl.security.b.f.p pVar = new kl.security.b.f.p("safeContents");
                pVar.decode(doFinal);
                while (true) {
                    if (i >= pVar.getComponentCount()) {
                        oVar = null;
                        break;
                    }
                    oVar = (o) pVar.getComponent(i);
                    if (oVar.a().equals(kl.security.b.f.f.n)) {
                        break;
                    }
                    i++;
                }
                if (oVar == null) {
                    throw new Exception("获取PFX中证书时，不存在certBag");
                }
                e eVar = (e) oVar.b().a();
                if (eVar.a().equals(kl.security.b.f.f.r)) {
                    x xVar = (x) eVar.b().a();
                    C0563l c0563l = new C0563l();
                    c0563l.decode((byte[]) xVar.getValue());
                    return c0563l;
                }
                throw new Exception("PFX中不存在证书：" + eVar.a());
            }
        }
        return null;
    }

    public static PrivateKey getPrivateKey(kl.security.b.f.i iVar, char[] cArr) {
        o oVar;
        kl.security.b.f.a b2 = iVar.b();
        int i = 0;
        for (int i2 = 0; i2 < b2.getComponentCount(); i2++) {
            f fVar = (f) b2.getComponent(i2);
            if (fVar.b().equals(u.f11926b)) {
                byte[] bArr = (byte[]) fVar.a().a().getValue();
                kl.security.b.f.p pVar = new kl.security.b.f.p("safeContents");
                pVar.decode(bArr);
                while (true) {
                    if (i >= pVar.getComponentCount()) {
                        oVar = null;
                        break;
                    }
                    oVar = (o) pVar.getComponent(i);
                    if (oVar.a().equals(kl.security.b.f.f.m)) {
                        break;
                    }
                    i++;
                }
                if (oVar == null) {
                    throw new Exception("获取PFX中私钥时，不存在pkcs8ShroudedKeyBag");
                }
                c cVar = (c) oVar.b().a();
                w algorithm = cVar.b().getAlgorithm();
                kl.security.b.f.l lVar = (kl.security.b.f.l) cVar.b().a().a();
                byte[] bArr2 = (byte[]) cVar.a().getValue();
                byte[] bArr3 = (byte[]) lVar.getSalt().getValue();
                int a2 = lVar.a().a();
                SecretKey generateSecret = SecretKeyFactory.getInstance(algorithm.toString()).generateSecret(new PBEKeySpec(cArr));
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr3, a2);
                Cipher cipher = Cipher.getInstance(algorithm.toString());
                cipher.init(2, generateSecret, pBEParameterSpec);
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(cipher.doFinal(bArr2)));
            }
        }
        return null;
    }

    public static byte[] p7Sign(C0563l c0563l, PrivateKey privateKey, byte[] bArr) {
        z createSignerInfo = createSignerInfo(c0563l, MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr), "SHA1WITHRSA");
        Signature signature = Signature.getInstance("SHA1WITHRSA");
        signature.initSign(privateKey);
        signature.update(createSignerInfo.f());
        return createP7S(c0563l, bArr, createSignerInfo, signature.sign());
    }

    public static byte[] p7Sign(byte[] bArr, String str, String str2) {
        File file = new File(str);
        if (!file.exists()) {
            throw new Exception("参数指定的PFX文件不存在：" + str);
        }
        byte[] bArr2 = new byte[(int) file.length()];
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            fileInputStream.read(bArr2);
            fileInputStream.close();
            kl.security.b.f.i iVar = new kl.security.b.f.i();
            try {
                iVar.decode(bArr2);
                C0563l certificate = getCertificate(iVar, str2.toCharArray());
                if (certificate == null) {
                    throw new Exception("PFX中获取证书失败");
                }
                PrivateKey privateKey = getPrivateKey(iVar, str2.toCharArray());
                if (privateKey != null) {
                    return p7Sign(certificate, privateKey, bArr);
                }
                throw new Exception("PFX中或去私钥失败");
            } catch (Exception e2) {
                throw new Exception("解析PFX文件失败：", e2);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static byte[] p7Sign(byte[] bArr, kl.security.b.f.i iVar, String str, int i) {
        C0563l certificate = getCertificate(iVar, str.toCharArray());
        if (certificate == null) {
            throw new Exception("PFX中获取证书失败");
        }
        PrivateKey privateKey = getPrivateKey(iVar, str.toCharArray());
        if (privateKey == null) {
            throw new Exception("PFX中或去私钥失败");
        }
        z createSignerInfo = createSignerInfo(certificate, MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(bArr), "SHA1WITHRSA");
        Signature signature = Signature.getInstance("SHA1WITHRSA");
        signature.initSign(privateKey);
        signature.update(createSignerInfo.f());
        byte[] sign = signature.sign();
        if (i == 0) {
            return createP7S(certificate, bArr, createSignerInfo, sign);
        }
        if (i == 1) {
            return createP7S(certificate, null, createSignerInfo, sign);
        }
        return null;
    }

    public static String parserP7SignData(String str, int i) {
        try {
            new y();
            byte[] decode = Base64.decode(str, 0);
            f fVar = new f();
            fVar.decode(decode);
            if (!Arrays.equals((long[]) fVar.b().getValue(), (long[]) u.f11927c.getValue())) {
                throw new DeviceException(1, "不正常的P7 SignData格式");
            }
            y yVar = (y) fVar.a().a();
            if (i == 0) {
                C0563l b2 = yVar.a().a(0).b();
                if (b2 == null) {
                    return null;
                }
                return Base64.encodeToString(b2.getEncoded(), 0);
            }
            if (i == 1) {
                byte[] bArr = (byte[]) yVar.a(0).d().getValue();
                if (bArr == null) {
                    return null;
                }
                return Base64.encodeToString(bArr, 0);
            }
            if (i != 2) {
                throw new DeviceException(1, "不支持的解析项");
            }
            byte[] bArr2 = (byte[]) yVar.b().a().a().getValue();
            if (bArr2 == null) {
                return null;
            }
            return Base64.encodeToString(bArr2, 0);
        } catch (Exception e2) {
            Log.e("SKF-JNI", "pkcs7 parser error " + e2.toString());
            boolean z = e2 instanceof DeviceException;
            Throwable th = e2;
            if (z) {
                th = e2.getCause();
            }
            new DeviceException(1, th);
            return null;
        }
    }

    public static boolean verify(PublicKey publicKey, String str, String str2) {
        f fVar = new f();
        fVar.decode(h.a.a.a.a.a.e(str2.getBytes()));
        y yVar = (y) fVar.a().a();
        byte[] bArr = (byte[]) ((x) yVar.b().a().a()).getValue();
        if (bArr == null) {
            bArr = str.getBytes();
        }
        z a2 = yVar.a(0);
        byte[] bArr2 = null;
        int i = 0;
        while (true) {
            if (i >= a2.a().getComponentCount()) {
                break;
            }
            b bVar = (b) a2.a().getComponent(i);
            if (bVar.a().equals(kl.security.b.j.f.f11842f)) {
                bArr2 = (byte[]) ((x) bVar.a(0)).getValue();
                break;
            }
            i++;
        }
        MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1);
        messageDigest.update(bArr);
        if (!Arrays.equals(bArr2, messageDigest.digest())) {
            throw new Exception("原文被串改");
        }
        byte[] f2 = a2.f();
        byte[] bArr3 = (byte[]) a2.d().getValue();
        Signature signature = Signature.getInstance("SHA1WITHRSA");
        signature.initVerify(publicKey);
        signature.update(f2);
        return signature.verify(bArr3);
    }

    public static boolean verify(PublicKey publicKey, String str, byte[] bArr) {
        f fVar = new f();
        fVar.decode(bArr);
        y yVar = (y) fVar.a().a();
        byte[] bArr2 = (byte[]) ((x) yVar.b().a().a()).getValue();
        if (bArr2 == null) {
            bArr2 = str.getBytes();
        }
        z a2 = yVar.a(0);
        byte[] bArr3 = null;
        int i = 0;
        while (true) {
            if (i >= a2.a().getComponentCount()) {
                break;
            }
            b bVar = (b) a2.a().getComponent(i);
            if (bVar.a().equals(kl.security.b.j.f.f11842f)) {
                bArr3 = (byte[]) ((x) bVar.a(0)).getValue();
                break;
            }
            i++;
        }
        MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1);
        messageDigest.update(bArr2);
        if (!Arrays.equals(bArr3, messageDigest.digest())) {
            throw new Exception("原文被串改");
        }
        byte[] f2 = a2.f();
        byte[] bArr4 = (byte[]) a2.d().getValue();
        System.out.println(new String(h.a.a.a.a.c.a(f2)));
        Signature signature = Signature.getInstance("SHA1WITHRSA");
        signature.initVerify(publicKey);
        signature.update(f2);
        return signature.verify(bArr4);
    }

    public static boolean verify(PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        f fVar = new f();
        fVar.decode(bArr2);
        y yVar = (y) fVar.a().a();
        byte[] bArr3 = (byte[]) ((x) yVar.b().a().a()).getValue();
        if (bArr3 != null) {
            bArr = bArr3;
        }
        z a2 = yVar.a(0);
        byte[] bArr4 = null;
        int i = 0;
        while (true) {
            if (i >= a2.a().getComponentCount()) {
                break;
            }
            b bVar = (b) a2.a().getComponent(i);
            if (bVar.a().equals(kl.security.b.j.f.f11842f)) {
                bArr4 = (byte[]) ((x) bVar.a(0)).getValue();
                break;
            }
            i++;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        if (!Arrays.equals(bArr4, messageDigest.digest())) {
            throw new Exception("原文被串改");
        }
        byte[] f2 = a2.f();
        byte[] bArr5 = (byte[]) a2.d().getValue();
        Signature signature = Signature.getInstance("SHA256WITHRSA");
        signature.initVerify(publicKey);
        signature.update(f2);
        return signature.verify(bArr5);
    }

    public static boolean verify(y yVar, PublicKey publicKey, byte[] bArr) {
        try {
            byte[] f2 = yVar.d().a(0).f();
            byte[] bArr2 = (byte[]) yVar.a(0).d().getValue();
            Signature signature = Signature.getInstance("SHA1WithRSA");
            signature.initVerify(publicKey);
            signature.update(f2);
            return signature.verify(bArr2);
        } catch (Exception e2) {
            throw e2;
        }
    }

    public static boolean verify(byte[] bArr, PublicKey publicKey, byte[] bArr2) {
        try {
            f fVar = new f();
            fVar.decode(bArr);
            return verify((y) fVar.a().a(), publicKey, bArr2);
        } catch (Exception e2) {
            throw e2;
        }
    }
}
