package cn.unitid.easypki.pkcs7;

import cn.unitid.a.a.a.a.aj;
import cn.unitid.a.a.a.a.ap;
import cn.unitid.a.a.a.a.bc;
import cn.unitid.a.a.a.a.bf;
import cn.unitid.a.a.a.a.bl;
import cn.unitid.a.a.a.a.d.ad;
import cn.unitid.a.a.a.a.d.ae;
import cn.unitid.a.a.a.a.d.af;
import cn.unitid.a.a.a.a.d.f;
import cn.unitid.a.a.a.a.d.m;
import cn.unitid.a.a.a.a.g;
import cn.unitid.a.a.a.a.q;
import cn.unitid.a.a.a.a.q.j;
import cn.unitid.a.a.a.a.w;
import cn.unitid.a.a.a.a.w.a;
import cn.unitid.a.a.a.b.a.b;
import cn.unitid.a.a.a.b.e;
import cn.unitid.a.a.a.c.ab;
import cn.unitid.a.a.a.c.bh;
import cn.unitid.a.a.a.c.l;
import cn.unitid.a.a.a.c.n;
import cn.unitid.a.a.a.c.u;
import cn.unitid.easypki.cms.SignerInformation;
import cn.unitid.easypki.provider.identifier.EPAlgorithmIdentifier;
import cn.unitid.easypki.security.SM2Signature;
import cn.unitid.easypki.util.CertificateConverter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class SM2Q7Signature {
    private List<X509Certificate> certChain;
    private PrivateKey privateKey;
    private X509Certificate signCert;
    private byte[] tobeSignedData;
    private boolean useQ7Mode;

    public SM2Q7Signature() {
        this.useQ7Mode = true;
        this.certChain = new ArrayList();
    }

    public SM2Q7Signature(boolean z) {
        this();
        this.useQ7Mode = z;
    }

    private q buildContentType() {
        return this.useQ7Mode ? new q(EPAlgorithmIdentifier.PKCS7_SM2_SIGNED_DATA_OID) : new q(EPAlgorithmIdentifier.PKCS7_SIGNED_DATA_OID);
    }

    private q buildDataType() {
        return this.useQ7Mode ? new q(EPAlgorithmIdentifier.PKCS7_SM2_DATA_OID) : new q(EPAlgorithmIdentifier.PKCS7_DATA_OID);
    }

    private af buildSignerInfo() throws SignatureException {
        try {
            ae aeVar = new ae(new m(new b(this.signCert).b()));
            a aVar = new a(new q(EPAlgorithmIdentifier.SM3_ALGORITHM_OID), bc.a);
            bl blVar = new bl(AuthenticatedAttributesBuilder.buildAuthenticatedAttributes(this.tobeSignedData, aVar));
            a aVar2 = new a(new q("1.2.156.10197.1.301.1"), bc.a);
            SM2Signature sM2Signature = new SM2Signature();
            sM2Signature.initSign((cn.unitid.a.a.a.e.b.a.a.a) this.privateKey, (cn.unitid.a.a.a.f.a.b) this.signCert.getPublicKey());
            sM2Signature.update(blVar.getEncoded());
            return new af(aeVar, aVar, blVar, aVar2, new bf(sM2Signature.sign()), null);
        } catch (Exception e) {
            throw new SignatureException("failed to build signer info", e);
        }
    }

    public void addCertificates(List<X509Certificate> list) {
        if (list != null) {
            this.certChain.addAll(list);
        }
    }

    public void addSigner(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("signCert must not be null.");
        }
        if ("RSA".equals(x509Certificate.getPublicKey().getAlgorithm())) {
            throw new IllegalArgumentException("不支持RSA算法证书");
        }
        this.signCert = x509Certificate;
        this.certChain.add(x509Certificate);
    }

    public u buildCMSSignedData(af afVar) throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(afVar, true);
    }

    public u buildCMSSignedData(af afVar, boolean z) throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(z ? this.tobeSignedData : null, afVar, this.certChain);
    }

    public u buildCMSSignedData(byte[] bArr, af afVar, List<X509Certificate> list) throws SignatureException, CertificateEncodingException {
        ap apVar;
        g gVar = new g();
        g gVar2 = new g();
        f fVar = new f(buildDataType(), bArr == null ? null : new aj(bArr));
        gVar.a(afVar.d());
        gVar2.a(afVar);
        try {
            if (list.size() != 0) {
                g gVar3 = new g();
                try {
                    Iterator<X509Certificate> it = list.iterator();
                    while (it.hasNext()) {
                        gVar3.a(w.c(it.next().getEncoded()));
                    }
                    apVar = new ap(gVar3);
                } catch (IOException e) {
                    e.printStackTrace();
                }
                return new u(new n(bArr), new f(buildContentType(), new ad(new bl(gVar), fVar, apVar, null, new bl(gVar2))));
            }
            return new u(new n(bArr), new f(buildContentType(), new ad(new bl(gVar), fVar, apVar, null, new bl(gVar2))));
        } catch (l e2) {
            throw new SignatureException("pkcs7 sign failed", e2);
        }
        apVar = null;
    }

    public byte[] getPrimaryContent() {
        return this.tobeSignedData;
    }

    public X509Certificate getSignerCert() {
        return this.signCert;
    }

    public void initSign(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public u pkcs7Sign() throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(buildSignerInfo(), true);
    }

    /* JADX WARN: Removed duplicated region for block: B:29:0x008e A[Catch: Exception -> 0x008a, TRY_LEAVE, TryCatch #2 {Exception -> 0x008a, blocks: (B:36:0x0086, B:29:0x008e), top: B:35:0x0086 }] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0086 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public cn.unitid.a.a.a.c.u pkcs7Sign(cn.unitid.a.a.a.h.d r10, boolean r11) throws java.security.SignatureException, java.security.cert.CertificateEncodingException {
        /*
            r9 = this;
            r0 = 0
            cn.unitid.a.a.a.a.d.ae r2 = new cn.unitid.a.a.a.a.d.ae     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.d.m r1 = new cn.unitid.a.a.a.a.d.m     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.b.a.b r3 = new cn.unitid.a.a.a.b.a.b     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            java.security.cert.X509Certificate r4 = r9.signCert     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.w.h r3 = r3.b()     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r1.<init>(r3)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r2.<init>(r1)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.w.a r3 = new cn.unitid.a.a.a.a.w.a     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.q r1 = new cn.unitid.a.a.a.a.q     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            java.lang.String r4 = "1.2.156.10197.1.401"
            r1.<init>(r4)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.bc r4 = cn.unitid.a.a.a.a.bc.a     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r3.<init>(r1, r4)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.bl r4 = new cn.unitid.a.a.a.a.bl     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            byte[] r1 = r9.tobeSignedData     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.g r1 = cn.unitid.easypki.pkcs7.AuthenticatedAttributesBuilder.buildAuthenticatedAttributes(r1, r3)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r4.<init>(r1)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.w.a r5 = new cn.unitid.a.a.a.a.w.a     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.q r1 = new cn.unitid.a.a.a.a.q     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            java.lang.String r6 = "1.2.156.10197.1.301.1"
            r1.<init>(r6)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.bc r6 = cn.unitid.a.a.a.a.bc.a     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            r5.<init>(r1, r6)     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            java.io.OutputStream r8 = r10.getOutputStream()     // Catch: java.lang.Throwable -> L76 java.lang.Exception -> L79
            cn.unitid.a.a.a.a.t r0 = cn.unitid.a.a.a.a.t.a(r8)     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            r0.a(r4)     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            byte[] r10 = r10.getSignature()     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            cn.unitid.a.a.a.a.bf r6 = new cn.unitid.a.a.a.a.bf     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            r6.<init>(r10)     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            r7 = 0
            cn.unitid.a.a.a.a.d.af r10 = new cn.unitid.a.a.a.a.d.af     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            r1 = r10
            r1.<init>(r2, r3, r4, r5, r6, r7)     // Catch: java.lang.Throwable -> L6e java.lang.Exception -> L72
            if (r8 == 0) goto L60
            r8.close()     // Catch: java.lang.Exception -> L5e
            goto L60
        L5e:
            r0 = move-exception
            goto L66
        L60:
            if (r0 == 0) goto L69
            r0.a()     // Catch: java.lang.Exception -> L5e
            goto L69
        L66:
            r0.printStackTrace()
        L69:
            cn.unitid.a.a.a.c.u r10 = r9.buildCMSSignedData(r10, r11)
            return r10
        L6e:
            r10 = move-exception
            r11 = r0
            r0 = r8
            goto L84
        L72:
            r10 = move-exception
            r11 = r0
            r0 = r8
            goto L7b
        L76:
            r10 = move-exception
            r11 = r0
            goto L84
        L79:
            r10 = move-exception
            r11 = r0
        L7b:
            java.security.SignatureException r1 = new java.security.SignatureException     // Catch: java.lang.Throwable -> L83
            java.lang.String r2 = "failed to build signer info"
            r1.<init>(r2, r10)     // Catch: java.lang.Throwable -> L83
            throw r1     // Catch: java.lang.Throwable -> L83
        L83:
            r10 = move-exception
        L84:
            if (r0 == 0) goto L8c
            r0.close()     // Catch: java.lang.Exception -> L8a
            goto L8c
        L8a:
            r11 = move-exception
            goto L92
        L8c:
            if (r11 == 0) goto L95
            r11.a()     // Catch: java.lang.Exception -> L8a
            goto L95
        L92:
            r11.printStackTrace()
        L95:
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.unitid.easypki.pkcs7.SM2Q7Signature.pkcs7Sign(cn.unitid.a.a.a.h.d, boolean):cn.unitid.a.a.a.c.u");
    }

    public u pkcs7Sign(boolean z) throws SignatureException {
        try {
            return new u(sign(z));
        } catch (l e) {
            throw new SignatureException(e);
        }
    }

    public byte[] sign() throws SignatureException {
        return sign(true);
    }

    public byte[] sign(boolean z) throws SignatureException {
        if (this.signCert == null || this.privateKey == null) {
            throw new NullPointerException("signer cert or private key is null");
        }
        try {
            return buildCMSSignedData(buildSignerInfo(), z).getEncoded();
        } catch (Exception e) {
            throw new SignatureException("sign pkcs7 failed. cause: " + e.getMessage(), e);
        }
    }

    public void update(byte[] bArr) {
        this.tobeSignedData = bArr;
    }

    public boolean verify(String str) throws SignatureException {
        return verify(str, true);
    }

    public boolean verify(String str, boolean z) throws SignatureException {
        byte[] bArr;
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                if (!z) {
                    try {
                        if (this.tobeSignedData == null) {
                            throw new SignatureException("非Attach模式下,必须先update待验证数据");
                        }
                    } catch (Exception e) {
                        e = e;
                        byteArrayOutputStream = byteArrayOutputStream2;
                        throw new SignatureException("验证PKCS7签名异常. cause: " + e.getMessage(), e);
                    } catch (Throwable th) {
                        th = th;
                        byteArrayOutputStream = byteArrayOutputStream2;
                        if (byteArrayOutputStream != null) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (IOException e2) {
                                e2.printStackTrace();
                            }
                        }
                        throw th;
                    }
                }
                new u(cn.unitid.a.a.a.l.a.a.a(str)).c();
                u uVar = z ? new u(cn.unitid.a.a.a.l.a.a.a(str)) : new u(new n(new q(EPAlgorithmIdentifier.PKCS7_SM2_DATA_OID), this.tobeSignedData), cn.unitid.a.a.a.l.a.a.a(str));
                ab d = uVar.d();
                if (z) {
                    if (d == null) {
                        throw new IOException("PKCS7签名中没有包含签名数据");
                    }
                    d.a(byteArrayOutputStream2);
                    this.tobeSignedData = byteArrayOutputStream2.toByteArray();
                }
                cn.unitid.a.a.a.l.l<e> b = uVar.b();
                Collection<bh> a = uVar.a().a();
                Iterator<bh> it = a.iterator();
                int i = 0;
                while (it.hasNext()) {
                    SignerInformation signerInformation = SignerInformation.getInstance(it.next(), d);
                    this.signCert = CertificateConverter.fromBinary(b.a(signerInformation.getSID()).iterator().next().b().getEncoded());
                    byte[] signature = signerInformation.getSignature();
                    cn.unitid.a.a.a.a.d.b signedAttributes = signerInformation.getSignedAttributes();
                    if (signedAttributes != null) {
                        bArr = signerInformation.getEncodedSignedAttributes();
                        byte[] e3 = ((bf) signedAttributes.a(j.aa).b().a(0)).e();
                        if (!EPAlgorithmIdentifier.SM3_ALGORITHM_OID.equals(signerInformation.getDigestAlgorithmID().a().b())) {
                            throw new SignatureException("invalid digest algorithm:" + signerInformation.getDigestAlgorithmID().a().b() + " in SM2 Q7");
                        }
                        if (!Arrays.equals(e3, AuthenticatedAttributesBuilder.makeSM3DigestWithoutPublicKey((byte[]) d.a()))) {
                            try {
                                byteArrayOutputStream2.close();
                            } catch (IOException e4) {
                                e4.printStackTrace();
                            }
                            return false;
                        }
                    } else {
                        bArr = this.tobeSignedData;
                    }
                    SM2Signature sM2Signature = new SM2Signature();
                    sM2Signature.initVerify(this.signCert);
                    sM2Signature.update(bArr);
                    if (sM2Signature.verify(signature)) {
                        i++;
                    }
                }
                boolean z2 = i == a.size();
                try {
                    byteArrayOutputStream2.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
                return z2;
            } catch (Exception e6) {
                e = e6;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
