package cn.unitid.easypki.pkcs7;

import cn.unitid.a.a.a.a.bf;
import cn.unitid.a.a.a.a.d.b;
import cn.unitid.a.a.a.a.d.e;
import cn.unitid.a.a.a.a.q;
import cn.unitid.a.a.a.a.q.j;
import cn.unitid.a.a.a.c.ab;
import cn.unitid.a.a.a.c.bh;
import cn.unitid.a.a.a.c.n;
import cn.unitid.a.a.a.c.u;
import cn.unitid.a.a.a.l.a.a;
import cn.unitid.a.a.a.l.l;
import cn.unitid.easypki.cms.SignerInformation;
import cn.unitid.easypki.provider.identifier.EPAlgorithmIdentifier;
import cn.unitid.easypki.security.SM2Signature;
import cn.unitid.easypki.security.sm3.SM3Digest;
import cn.unitid.easypki.util.CertificateConverter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;

/* loaded from: classes2.dex */
public class EPPKCS7Signature {
    private byte[] plainData;
    private X509Certificate signCert;

    private byte[] digestToBinary(byte[] bArr, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = str != null ? MessageDigest.getInstance(str) : MessageDigest.getInstance("MD5");
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    private String getRSASignatureAlgorithm(String str) {
        return EPAlgorithmIdentifier.SHA256_ALGORITHM_OID.equals(str) ? EPAlgorithmIdentifier.SHA256_WITH_RSA : EPAlgorithmIdentifier.SHA1_ALGORITHM_OID.equals(str) ? EPAlgorithmIdentifier.SHA1_WITH_RSA : str;
    }

    private byte[] makeDigest(byte[] bArr, String str) {
        if (str.equals(EPAlgorithmIdentifier.SHA1_ALGORITHM_OID) || str.equals(EPAlgorithmIdentifier.SHA256_ALGORITHM_OID)) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(str);
                messageDigest.update(bArr);
                return messageDigest.digest();
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return null;
            }
        }
        if (str.equals(EPAlgorithmIdentifier.SM3_ALGORITHM_OID)) {
            return makeSM3DigestWithoutPublicKey(bArr);
        }
        throw new InvalidParameterException("invalid digest algorithm: " + str);
    }

    private byte[] makeSM3DigestWithoutPublicKey(byte[] bArr) {
        if (bArr == null) {
            throw new InvalidParameterException("data to be verified must be set first");
        }
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[32];
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    private boolean verify(String str, boolean z) throws SignatureException {
        byte[] bArr;
        byte[] bArr2;
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                if (!z) {
                    try {
                        if (this.plainData == null) {
                            throw new SignatureException("非Attach模式下,必须先update待验证数据");
                        }
                    } catch (Exception e) {
                        e = e;
                        byteArrayOutputStream = byteArrayOutputStream2;
                        throw new SignatureException("验证PKCS7签名异常. cause: " + e.getMessage(), e);
                    } catch (Throwable th) {
                        th = th;
                        byteArrayOutputStream = byteArrayOutputStream2;
                        if (byteArrayOutputStream != null) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (IOException e2) {
                                e2.printStackTrace();
                            }
                        }
                        throw th;
                    }
                }
                byte[] a = a.a(str);
                String c = new u(a).c();
                u uVar = c.equals(e.a.b()) ? z ? new u(a) : new u(new n(j.Q, this.plainData), a) : z ? new u(a) : new u(new n(new q(EPAlgorithmIdentifier.PKCS7_SM2_DATA_OID), this.plainData), a);
                ab d = uVar.d();
                if (z) {
                    if (d == null) {
                        throw new IOException("PKCS7签名中没有包含签名数据");
                    }
                    d.a(byteArrayOutputStream2);
                    this.plainData = byteArrayOutputStream2.toByteArray();
                }
                l<cn.unitid.a.a.a.b.e> b = uVar.b();
                Collection<bh> a2 = uVar.a().a();
                Iterator<bh> it = a2.iterator();
                int i = 0;
                while (it.hasNext()) {
                    SignerInformation signerInformation = SignerInformation.getInstance(it.next(), d);
                    cn.unitid.a.a.a.b.e next = b.a(signerInformation.getSID()).iterator().next();
                    if (c.equals(e.a.b())) {
                        this.signCert = CertificateConverter.fromBinary(next.getEncoded());
                        byte[] signature = signerInformation.getSignature();
                        b signedAttributes = signerInformation.getSignedAttributes();
                        if (signedAttributes != null) {
                            bArr = signerInformation.getEncodedSignedAttributes();
                            byte[] e3 = ((bf) signedAttributes.a(j.aa).b().a(0)).e();
                            String b2 = signerInformation.getDigestAlgorithmID().a().b();
                            if (!EPAlgorithmIdentifier.SHA1_ALGORITHM_OID.equals(b2) && !EPAlgorithmIdentifier.SHA256_ALGORITHM_OID.equals(b2)) {
                                throw new SignatureException("unsupported digest algorithm:" + signerInformation.getDigestAlgorithmID().a().b() + " in RSA P7");
                            }
                            if (!Arrays.equals(e3, makeDigest((byte[]) d.a(), signerInformation.getDigestAlgorithmID().a().b()))) {
                                try {
                                    byteArrayOutputStream2.close();
                                } catch (IOException e4) {
                                    e4.printStackTrace();
                                }
                                return false;
                            }
                        } else {
                            bArr = this.plainData;
                        }
                        if (verifyRSASignature(getRSASignatureAlgorithm(signerInformation.getDigestAlgOID()), signature, bArr, this.signCert)) {
                            i++;
                        }
                    } else {
                        this.signCert = CertificateConverter.fromBinary(next.b().getEncoded());
                        byte[] signature2 = signerInformation.getSignature();
                        b signedAttributes2 = signerInformation.getSignedAttributes();
                        if (signedAttributes2 != null) {
                            bArr2 = signerInformation.getEncodedSignedAttributes();
                            byte[] e5 = ((bf) signedAttributes2.a(j.aa).b().a(0)).e();
                            if (!EPAlgorithmIdentifier.SM3_ALGORITHM_OID.equals(signerInformation.getDigestAlgorithmID().a().b())) {
                                throw new SignatureException("invalid digest algorithm:" + signerInformation.getDigestAlgorithmID().a().b() + " in SM2 Q7");
                            }
                            if (!Arrays.equals(e5, makeSM3DigestWithoutPublicKey((byte[]) d.a()))) {
                                try {
                                    byteArrayOutputStream2.close();
                                } catch (IOException e6) {
                                    e6.printStackTrace();
                                }
                                return false;
                            }
                        } else {
                            bArr2 = this.plainData;
                        }
                        SM2Signature sM2Signature = new SM2Signature();
                        sM2Signature.initVerify(this.signCert);
                        sM2Signature.update(bArr2);
                        if (sM2Signature.verify(signature2)) {
                            i++;
                        }
                    }
                }
                boolean z2 = i == a2.size();
                try {
                    byteArrayOutputStream2.close();
                } catch (IOException e7) {
                    e7.printStackTrace();
                }
                return z2;
            } catch (Exception e8) {
                e = e8;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private boolean verifyRSASignature(String str, byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws SignatureException {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(x509Certificate);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (Exception e) {
            throw new SignatureException(e.getMessage(), e);
        }
    }

    public byte[] getPrimaryContent() {
        return this.plainData;
    }

    public X509Certificate getSignerCert() {
        return this.signCert;
    }

    public boolean verify(String str) throws SignatureException {
        return verify(str, true);
    }

    public boolean verify(String str, byte[] bArr) throws SignatureException {
        if (bArr == null) {
            return verify(str, true);
        }
        this.plainData = bArr;
        return verify(str, false);
    }
}
