package cn.org.bjca.gaia.assemb.util;

import cn.org.bjca.gaia.asn1.ASN1Encodable;
import cn.org.bjca.gaia.asn1.ASN1EncodableVector;
import cn.org.bjca.gaia.asn1.ASN1ObjectIdentifier;
import cn.org.bjca.gaia.asn1.ASN1Sequence;
import cn.org.bjca.gaia.asn1.ASN1Set;
import cn.org.bjca.gaia.asn1.DEROctetString;
import cn.org.bjca.gaia.asn1.DERSet;
import cn.org.bjca.gaia.asn1.cms.CMSAttributes;
import cn.org.bjca.gaia.asn1.cms.ContentInfo;
import cn.org.bjca.gaia.asn1.cms.SignedData;
import cn.org.bjca.gaia.asn1.cms.Time;
import cn.org.bjca.gaia.asn1.pkcs.Attribute;
import cn.org.bjca.gaia.asn1.pkcs.SignerInfo;
import cn.org.bjca.gaia.asn1.x509.Certificate;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.cert.BjcaCert;
import cn.org.bjca.gaia.assemb.constant.AlgConstant;
import cn.org.bjca.gaia.assemb.constant.AttributeEnum;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.generator.Pkcs7Generator;
import cn.org.bjca.gaia.assemb.param.AlgPolicy;
import cn.org.bjca.gaia.assemb.param.BjcaKey;
import cn.org.bjca.gaia.assemb.param.SM3Param;
import cn.org.bjca.gaia.assemb.structure.BjcaPkcs7Sign;
import cn.org.bjca.gaia.util.encoders.Base64;
import java.io.IOException;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class Pkcs7Util {
    private GaiaProvider provider;

    public Pkcs7Util(GaiaProvider gaiaProvider) {
        this.provider = null;
        this.provider = gaiaProvider;
    }

    private ASN1EncodableVector getAttrV(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Attribute[] attributeArr = {new Attribute(CMSAttributes.contentType, new DERSet(aSN1ObjectIdentifier)), new Attribute(CMSAttributes.signingTime, new DERSet(new Time(new Date()))), new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(bArr)))};
        aSN1EncodableVector.add(attributeArr[0]);
        aSN1EncodableVector.add(attributeArr[1]);
        aSN1EncodableVector.add(attributeArr[2]);
        return aSN1EncodableVector;
    }

    private ASN1EncodableVector getAttrVFromAssembPlainText(byte[] bArr) {
        ASN1Set aSN1Set = (ASN1Set) new DERSet(ASN1Util.checkAndGetASN1Object(bArr).toASN1Primitive()).getObjectAt(0);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(aSN1Set.getObjectAt(0));
        aSN1EncodableVector.add(aSN1Set.getObjectAt(1));
        aSN1EncodableVector.add(aSN1Set.getObjectAt(2));
        return aSN1EncodableVector;
    }

    private AlgPolicy getHashPolicy(String str, byte[] bArr) {
        String convertSignAlgToHashAlg = AlgConstant.convertSignAlgToHashAlg(str);
        return "SM3".equals(convertSignAlgToHashAlg) ? new AlgPolicy(convertSignAlgToHashAlg, new SM3Param(new BjcaCert(bArr).getPublicKeyData())) : new AlgPolicy(convertSignAlgToHashAlg);
    }

    public byte[] assembPkcs7Sign(AlgPolicy algPolicy, byte[] bArr, String str, byte[] bArr2, boolean z) {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            Certificate[] certificateArr = {Certificate.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str)))};
            Pkcs7Generator pkcs7Generator = new Pkcs7Generator();
            return z ? pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, bArr2, null, null) : pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, null, null, null);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] assembPkcs7Sign(AlgPolicy algPolicy, byte[] bArr, String str, byte[] bArr2, boolean z, AttributeEnum attributeEnum, byte[] bArr3) {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            Certificate[] certificateArr = {Certificate.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str)))};
            Pkcs7Generator pkcs7Generator = new Pkcs7Generator();
            return z ? pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, bArr2, attributeEnum, bArr3) : pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, null, attributeEnum, bArr3);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] assembPkcs7SignDigest(AlgPolicy algPolicy, String str, byte[] bArr, byte[] bArr2, boolean z) {
        Certificate[] certificateArr;
        Pkcs7Generator pkcs7Generator;
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            certificateArr = new Certificate[]{Certificate.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str)))};
            pkcs7Generator = new Pkcs7Generator();
        } catch (Exception e) {
            e = e;
        }
        try {
            return z ? pkcs7Generator.getAttributeEncoded(algPolicy, certificateArr, null, bArr, getAttrVFromAssembPlainText(bArr2), null, null) : pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, null, null, null);
        } catch (Exception e2) {
            e = e2;
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] assembPkcs7SignDigest(AlgPolicy algPolicy, String str, byte[] bArr, byte[] bArr2, boolean z, AttributeEnum attributeEnum, byte[] bArr3) {
        Certificate[] certificateArr;
        Pkcs7Generator pkcs7Generator;
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            certificateArr = new Certificate[]{Certificate.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str)))};
            pkcs7Generator = new Pkcs7Generator();
        } catch (Exception e) {
            e = e;
        }
        try {
            return z ? pkcs7Generator.getAttributeEncoded(algPolicy, certificateArr, null, bArr, getAttrVFromAssembPlainText(bArr2), attributeEnum, bArr3) : pkcs7Generator.getEncoded(algPolicy, certificateArr, null, bArr, null, attributeEnum, bArr3);
        } catch (Exception e2) {
            e = e2;
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] assembPlainText(AlgPolicy algPolicy, byte[] bArr) {
        try {
            return new DERSet(getAttrV(AlgConstant.convertAlgToPkcs7DataOid(algPolicy.getPolicyType()), bArr)).getEncoded();
        } catch (IOException e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_ASSEMB_PLAIN_TEXT, "构造p7属性签名原文失败 ", e);
        }
    }

    public byte[] assembSm2Pkcs7Sign(AlgPolicy algPolicy, byte[] bArr, String str, byte[] bArr2, boolean z, AttributeEnum attributeEnum, byte[] bArr3) {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            Certificate[] certificateArr = {Certificate.getInstance(ASN1Util.checkAndGetASN1Object(Base64.decode(str)))};
            Pkcs7Generator pkcs7Generator = new Pkcs7Generator();
            return z ? pkcs7Generator.getSm2Pkcs7Encoded(algPolicy, certificateArr, null, bArr, bArr2, attributeEnum, bArr3) : pkcs7Generator.getSm2Pkcs7Encoded(algPolicy, certificateArr, null, bArr, null, attributeEnum, bArr3);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public BjcaPkcs7Sign parseP7Structure(byte[] bArr) {
        return new BjcaPkcs7Sign(bArr);
    }

    public byte[] pkcs7Sign(AlgPolicy algPolicy, BjcaKey bjcaKey, String str, byte[] bArr, boolean z) {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            byte[] decode = Base64.decode(str);
            Certificate[] certificateArr = {Certificate.getInstance(ASN1Util.checkAndGetASN1Object(decode))};
            byte[] signHashedData = this.provider.signHashedData(algPolicy, this.provider.hash(getHashPolicy(policyType, decode), bArr), bjcaKey);
            Pkcs7Generator pkcs7Generator = new Pkcs7Generator();
            return z ? pkcs7Generator.getEncoded(algPolicy, certificateArr, null, signHashedData, bArr, null, null) : pkcs7Generator.getEncoded(algPolicy, certificateArr, null, signHashedData, null, null, null);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] pkcs7SignDigest(AlgPolicy algPolicy, BjcaKey bjcaKey, String str, byte[] bArr, boolean z) {
        String policyType = algPolicy.getPolicyType();
        if (!policyType.equals("SM3WithSM2") && !policyType.equals("SHA256WithRSA") && !policyType.equals("SHA1WithRSA")) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 模块不支持此种操作 " + policyType);
        }
        try {
            byte[] decode = Base64.decode(str);
            Certificate[] certificateArr = {Certificate.getInstance(ASN1Util.checkAndGetASN1Object(decode))};
            Pkcs7Generator pkcs7Generator = new Pkcs7Generator();
            if (!z) {
                return pkcs7Generator.getEncoded(algPolicy, certificateArr, null, this.provider.signHashedData(algPolicy, bArr, bjcaKey), null, null, null);
            }
            ASN1EncodableVector attrV = getAttrV(AlgConstant.convertAlgToPkcs7DataOid(policyType), bArr);
            return pkcs7Generator.getAttributeEncoded(algPolicy, certificateArr, null, this.provider.signHashedData(algPolicy, this.provider.hash(getHashPolicy(policyType, decode), new DERSet(attrV).getEncoded()), bjcaKey), attrV, null, null);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_SIGN, "pkcs7签名失败 ", e);
        }
    }

    public byte[] verifyPkcs7Sign(byte[] bArr, byte[] bArr2) {
        AlgPolicy algPolicy;
        BjcaKey bjcaKey;
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(ASN1Util.checkAndGetASN1Object(bArr)).getContent());
            Certificate certificate = Certificate.getInstance((ASN1Sequence) signedData.getCertificates().getObjects().nextElement());
            BjcaCert bjcaCert = new BjcaCert(certificate);
            SignerInfo signerInfo = SignerInfo.getInstance((ASN1Sequence) signedData.getSignerInfos().getObjects().nextElement());
            String convertOidToAlgName = AlgConstant.convertOidToAlgName(signerInfo.getDigestAlgorithm().getAlgorithm());
            if (convertOidToAlgName.equals("HMac-SM3")) {
                convertOidToAlgName = "SM3";
            }
            String convertHashAlgToSignAlg = AlgConstant.convertHashAlgToSignAlg(convertOidToAlgName);
            byte[] publicKeyData = bjcaCert.getPublicKeyData();
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            ASN1Encodable content = signedData.getEncapContentInfo().getContent();
            if (content != null) {
                bArr2 = ((DEROctetString) content).getOctets();
            } else if (bArr2 == null) {
                throw new PkiException(ErrorCode.Pkcs7.PKCS7_VERIFY, "pkcs7验证签名失败 缺少操作参数错误 p7detachSign need content！");
            }
            AlgPolicy algPolicy2 = new AlgPolicy(convertHashAlgToSignAlg);
            if ("SM3".equals(convertOidToAlgName)) {
                algPolicy = new AlgPolicy(convertOidToAlgName, new SM3Param(publicKeyData));
                bjcaKey = new BjcaKey(BjcaKey.SM2_PUB_KEY, publicKeyData);
            } else {
                algPolicy = new AlgPolicy(convertOidToAlgName);
                bjcaKey = new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            }
            if (this.provider.verifySignHashedData(algPolicy2, this.provider.hash(algPolicy, bArr2), octets, bjcaKey)) {
                return certificate.getEncoded();
            }
            return null;
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_VERIFY, "pkcs7验证签名失败 ", e);
        }
    }

    public byte[] verifyPkcs7SignDigest(byte[] bArr, byte[] bArr2) {
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(ASN1Util.checkAndGetASN1Object(bArr)).getContent());
            Certificate certificate = Certificate.getInstance((ASN1Sequence) signedData.getCertificates().getObjects().nextElement());
            BjcaCert bjcaCert = new BjcaCert(certificate);
            SignerInfo signerInfo = SignerInfo.getInstance((ASN1Sequence) signedData.getSignerInfos().getObjects().nextElement());
            String convertOidToAlgName = AlgConstant.convertOidToAlgName(signerInfo.getDigestAlgorithm().getAlgorithm());
            if (convertOidToAlgName.equals("HMac-SM3")) {
                convertOidToAlgName = "SM3";
            }
            String convertHashAlgToSignAlg = AlgConstant.convertHashAlgToSignAlg(convertOidToAlgName);
            byte[] publicKeyData = bjcaCert.getPublicKeyData();
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            AlgPolicy algPolicy = new AlgPolicy(convertHashAlgToSignAlg);
            BjcaKey bjcaKey = "SM3".equals(convertOidToAlgName) ? new BjcaKey(BjcaKey.SM2_PUB_KEY, publicKeyData) : new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
            if (authenticatedAttributes != null) {
                Enumeration objects = authenticatedAttributes.getObjects();
                byte[] bArr3 = null;
                while (objects.hasMoreElements()) {
                    Attribute attribute = Attribute.getInstance((ASN1Sequence) objects.nextElement());
                    if (attribute.getAttrType().getId().equals(CMSAttributes.messageDigest.getId())) {
                        bArr3 = ((DEROctetString) attribute.getAttrValues().getObjects().nextElement()).getOctets();
                    }
                }
                if (!Arrays.equals(bArr2, bArr3)) {
                    return null;
                }
                bArr2 = this.provider.hash("SM3".equals(convertOidToAlgName) ? new AlgPolicy(convertOidToAlgName, new SM3Param(publicKeyData)) : new AlgPolicy(convertOidToAlgName), authenticatedAttributes.getEncoded());
            }
            if (octets != null) {
                int length = octets.length;
            }
            if (this.provider.verifySignHashedData(algPolicy, bArr2, octets, bjcaKey)) {
                return certificate.getEncoded();
            }
            return null;
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Pkcs7.PKCS7_VERIFY, "pkcs7验证签名失败 ", e);
        }
    }
}
