package net.netca.pki.encoding.asn1.pki.cms;

import java.util.ArrayList;
import java.util.Arrays;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.PublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.SymEncrypter;
import net.netca.pki.encoding.asn1.pki.X509CRL;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.u;
import org.apache.fontbox.ttf.GlyfDescript;
import org.bouncycastle.crypto.signers.PSSSigner;

/* loaded from: classes.dex */
public class SignedAndEnvelopedDataBuilder {
    public static final int AES_128 = 2;
    public static final int AES_192 = 3;
    public static final int AES_256 = 4;
    public static final int SM1 = 5;
    public static final int SM4 = 7;
    public static final int SSF33 = 6;
    public static final int TDES = 1;
    private PublicKeyEncrypter publicKeyEncrypter;
    private SecureRandomGenerator randGenerator;
    private Signer signer;
    private SymEncrypter symEncrypter;
    private ArrayList<X509Certificate> encCerts = new ArrayList<>();
    private int symEncAlgo = 2;
    private boolean isQ7 = false;
    private ArrayList<X509Certificate> otherCerts = new ArrayList<>();
    private ArrayList<X509CRL> crls = new ArrayList<>();
    private boolean includeSignCert = true;

    private AlgorithmIdentifier genContentEncryptionAlgorithm() {
        if (this.symEncAlgo == 1) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.DESEDE3CBC_OID, new OctetString(this.randGenerator.generate(8)));
        }
        if (this.symEncAlgo == 2) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES128CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 3) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES192CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 4) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.AES256CBCPAD_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 5) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SM1CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 6) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.SSF33CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        if (this.symEncAlgo == 7) {
            return new AlgorithmIdentifier(AlgorithmIdentifier.GM_SM4CBC_OID, new OctetString(this.randGenerator.generate(16)));
        }
        throw new u("unknown algo");
    }

    private byte[] genKey() {
        byte[] generate = this.randGenerator.generate(getKeyLength());
        if (this.symEncAlgo == 1) {
            normdeskey(generate);
        }
        return generate;
    }

    private AlgorithmIdentifiers getDigestAlgorithmIdentifiers(SignerInfo signerInfo) {
        AlgorithmIdentifiers algorithmIdentifiers = new AlgorithmIdentifiers();
        algorithmIdentifiers.add(signerInfo.getDigestAlgorithm());
        return algorithmIdentifiers;
    }

    private EncryptedContentInfo getEncryptedContentInfo(byte[] bArr, byte[] bArr2, int i, int i2) {
        AlgorithmIdentifier genContentEncryptionAlgorithm = genContentEncryptionAlgorithm();
        return new EncryptedContentInfo(this.isQ7 ? "1.2.156.10197.6.1.4.2.1" : ContentInfo.DATA_OID, genContentEncryptionAlgorithm, this.symEncrypter.cipher(true, bArr, genContentEncryptionAlgorithm, bArr2, i, i2));
    }

    public static SignedAndEnvelopedDataBuilder getInstance() {
        return new SignedAndEnvelopedDataBuilder();
    }

    private int getKeyLength() {
        int i = this.symEncAlgo;
        if (i == 7) {
            return 16;
        }
        switch (i) {
            case 1:
            case 3:
                return 24;
            case 2:
            case 5:
                return 16;
            case 4:
                return 32;
            default:
                throw new u("unknown algo");
        }
    }

    private RecipientInfo getRecipientInfo(X509Certificate x509Certificate, byte[] bArr) {
        return this.isQ7 ? new RecipientInfo(new KeyTransRecipientInfo(1, 1, x509Certificate, bArr, this.publicKeyEncrypter).getASN1Object()) : new RecipientInfo(new KeyTransRecipientInfo(1, x509Certificate, bArr, this.publicKeyEncrypter).getASN1Object());
    }

    private RecipientInfos getRecipientInfos(byte[] bArr) {
        int size = this.encCerts.size();
        RecipientInfos recipientInfos = new RecipientInfos();
        for (int i = 0; i < size; i++) {
            recipientInfos.add(getRecipientInfo(this.encCerts.get(i), bArr));
        }
        return recipientInfos;
    }

    private boolean isEncCert(X509Certificate x509Certificate) {
        Extensions extensions;
        Extension extension;
        try {
            extensions = x509Certificate.getExtensions();
        } catch (u unused) {
        }
        if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
            return true;
        }
        return ((NamedBitStringExtension) extension.getExtensionObject()).isSet(2);
    }

    private void normdeskey(byte[] bArr) {
        byte[] bArr2 = {1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, GlyfDescript.Y_DUAL, GlyfDescript.Y_DUAL, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 110, 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, Byte.MAX_VALUE, Byte.MAX_VALUE, Byte.MIN_VALUE, Byte.MIN_VALUE, -125, -125, -123, -123, -122, -122, -119, -119, -118, -118, -116, -116, -113, -113, -111, -111, -110, -110, -108, -108, -105, -105, -104, -104, -101, -101, -99, -99, -98, -98, -95, -95, -94, -94, -91, -91, -89, -89, -88, -88, -85, -85, -83, -83, -82, -82, -80, -80, -77, -77, -75, -75, -74, -74, -71, -71, -70, -70, PSSSigner.TRAILER_IMPLICIT, PSSSigner.TRAILER_IMPLICIT, -65, -65, -63, -63, -62, -62, -60, -60, -57, -57, -56, -56, -53, -53, -51, -51, -50, -50, -48, -48, -45, -45, -43, -43, -42, -42, -39, -39, -38, -38, -36, -36, -33, -33, -32, -32, -29, -29, -27, -27, -26, -26, -23, -23, -22, -22, -20, -20, -17, -17, -15, -15, -14, -14, -12, -12, -9, -9, -8, -8, -5, -5, -3, -3, -2, -2};
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] > 0) {
                bArr[i] = bArr2[bArr[i]];
            } else {
                bArr[i] = bArr2[bArr[i] + 256];
            }
        }
    }

    private CertificateSet toCerts() {
        int size = this.otherCerts.size();
        if (size == 0) {
            return null;
        }
        CertificateSet certificateSet = new CertificateSet();
        for (int i = 0; i < size; i++) {
            certificateSet.add(new CertificateChoices(this.otherCerts.get(i)));
        }
        return certificateSet;
    }

    private RevocationInfoChoices toCrls() {
        int size = this.crls.size();
        if (size == 0) {
            return null;
        }
        RevocationInfoChoices revocationInfoChoices = new RevocationInfoChoices();
        for (int i = 0; i < size; i++) {
            revocationInfoChoices.add(new RevocationInfoChoice(this.crls.get(i)));
        }
        return revocationInfoChoices;
    }

    public SignedAndEnvelopedDataBuilder addCRL(X509CRL x509crl) {
        this.crls.add(x509crl);
        return this;
    }

    public SignedAndEnvelopedDataBuilder addEncCert(X509Certificate x509Certificate) {
        if (!x509Certificate.isInValidity()) {
            throw new u("cert is not in validity");
        }
        if (!isEncCert(x509Certificate)) {
            throw new u("not encrypt certificate");
        }
        this.encCerts.add(x509Certificate);
        return this;
    }

    public SignedAndEnvelopedDataBuilder addX509PublicKeyCertificate(X509Certificate x509Certificate) {
        this.otherCerts.add(x509Certificate);
        return this;
    }

    public SignedAndEnvelopedDataBuilder setEncryptAlgorithm(int i) {
        if (i == 1 || i == 2 || i == 3 || i == 4 || i == 5 || i == 6 || i == 7) {
            this.symEncAlgo = i;
            return this;
        }
        throw new u("bad encrypt algothm " + i);
    }

    public SignedAndEnvelopedDataBuilder setIncludeSignCert(boolean z) {
        this.includeSignCert = z;
        return this;
    }

    public SignedAndEnvelopedDataBuilder setPublicKeyEncrypter(PublicKeyEncrypter publicKeyEncrypter) {
        this.publicKeyEncrypter = publicKeyEncrypter;
        return this;
    }

    public SignedAndEnvelopedDataBuilder setSM2Q7(boolean z) {
        this.isQ7 = z;
        return this;
    }

    public SignedAndEnvelopedDataBuilder setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
        return this;
    }

    public SignedAndEnvelopedDataBuilder setSigner(Signer signer) {
        if (signer.hasSignedAttribute(ContentInfo.DATA_OID)) {
            throw new u("has authenticatedAttributes");
        }
        if (signer.hasUnsignedAttributes()) {
            throw new u("has unauthenticatedAttributes");
        }
        this.signer = signer;
        return this;
    }

    public SignedAndEnvelopedDataBuilder setSymEncrypter(SymEncrypter symEncrypter) {
        this.symEncrypter = symEncrypter;
        return this;
    }

    public SignedAndEnvelopedData signAndEncrypt(byte[] bArr) {
        return signAndEncrypt(bArr, 0, bArr.length);
    }

    public SignedAndEnvelopedData signAndEncrypt(byte[] bArr, int i, int i2) {
        if (this.randGenerator == null) {
            this.randGenerator = JCESecureRandomGenerator.getInstance();
        }
        if (this.symEncrypter == null) {
            throw new u("no symEncrypter");
        }
        if (this.publicKeyEncrypter == null) {
            throw new u("no publicKeyEncrypter");
        }
        if (this.encCerts.size() == 0) {
            throw new u("no enc cert");
        }
        if (this.signer == null || this.signer.getSignable() == null) {
            throw new u("no signer");
        }
        byte[] genKey = genKey();
        try {
            RecipientInfos recipientInfos = getRecipientInfos(genKey);
            EncryptedContentInfo encryptedContentInfo = getEncryptedContentInfo(genKey, bArr, i, i2);
            byte[] sign = this.signer.getSignable().sign(this.signer.getTrueSignAlgo(), bArr, 0, bArr.length);
            SignerInfo signatureValue = this.signer.setSignatureValue(this.isQ7, this.symEncrypter.cipher(true, genKey, encryptedContentInfo.getContentEncryptionAlgorithm(), sign, 0, sign.length));
            SignerInfos signerInfos = new SignerInfos();
            signerInfos.add(signatureValue);
            AlgorithmIdentifiers digestAlgorithmIdentifiers = getDigestAlgorithmIdentifiers(signatureValue);
            if (this.includeSignCert) {
                addX509PublicKeyCertificate(this.signer.getCert());
            }
            return new SignedAndEnvelopedData(1, recipientInfos, digestAlgorithmIdentifiers, encryptedContentInfo, toCerts(), toCrls(), signerInfos, this.isQ7);
        } finally {
            Arrays.fill(genKey, (byte) 0);
        }
    }
}
