package cn.com.jit.ida.util.pki.scep;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1Ext.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1Ext.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1Ext.ASN1Set;
import cn.com.jit.ida.util.pki.asn1Ext.BERConstructedOctetString;
import cn.com.jit.ida.util.pki.asn1Ext.DERNull;
import cn.com.jit.ida.util.pki.asn1Ext.DERObject;
import cn.com.jit.ida.util.pki.asn1Ext.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1Ext.DEROctetString;
import cn.com.jit.ida.util.pki.asn1Ext.DERSet;
import cn.com.jit.ida.util.pki.asn1Ext.cms.AttributeTable;
import cn.com.jit.ida.util.pki.asn1Ext.cms.CMSAttributes;
import cn.com.jit.ida.util.pki.asn1Ext.cms.CMSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1Ext.cms.ContentInfo;
import cn.com.jit.ida.util.pki.asn1Ext.cms.IssuerAndSerialNumber;
import cn.com.jit.ida.util.pki.asn1Ext.cms.SignedData;
import cn.com.jit.ida.util.pki.asn1Ext.cms.SignerIdentifier;
import cn.com.jit.ida.util.pki.asn1Ext.cms.SignerInfo;
import cn.com.jit.ida.util.pki.asn1Ext.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1Ext.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1Ext.x509.TBSCertificateStructure;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cmsExt.CMSAttributeTableGenerator;
import cn.com.jit.ida.util.pki.cmsExt.CMSException;
import cn.com.jit.ida.util.pki.cmsExt.CMSProcessable;
import cn.com.jit.ida.util.pki.cmsExt.CMSProcessableByteArray;
import cn.com.jit.ida.util.pki.cmsExt.CMSSignedData;
import cn.com.jit.ida.util.pki.cmsExt.DefaultSignedAttributeTableGenerator;
import cn.com.jit.ida.util.pki.cmsExt.SignerInformation;
import cn.com.jit.ida.util.pki.cmsExt.SignerInformationStore;
import cn.com.jit.ida.util.pki.cmsExt.SimpleAttributeTableGenerator;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class CMSSignedDataGenerator extends CMSSignedGenerator {
    List signerInfs;

    /* loaded from: classes.dex */
    static class DigOutputStream extends OutputStream {
        MessageDigest dig;

        public DigOutputStream(MessageDigest messageDigest) {
            this.dig = messageDigest;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this.dig.update((byte) i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this.dig.update(bArr, i, i2);
        }
    }

    /* loaded from: classes.dex */
    static class SigOutputStream extends OutputStream {
        Signature sig;

        public SigOutputStream(Signature signature) {
            this.sig = signature;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.sig.update((byte) i);
            } catch (SignatureException e) {
                throw new IOException("signature problem: " + e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.sig.update(bArr, i, i2);
            } catch (SignatureException e) {
                throw new IOException("signature problem: " + e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class SignerInf {
        AttributeTable baseSignedTable;
        X509Certificate cert;
        String digestOID;
        String encOID;
        JKey jKey;
        PrivateKey key;
        CMSAttributeTableGenerator sAttr;
        Session session;
        CMSAttributeTableGenerator unsAttr;

        SignerInf(PrivateKey privateKey, X509Certificate x509Certificate, String str, String str2, JKey jKey, Session session) {
            this.key = privateKey;
            this.cert = x509Certificate;
            this.digestOID = str;
            this.encOID = str2;
            this.jKey = jKey;
            this.session = session;
        }

        SignerInf(PrivateKey privateKey, X509Certificate x509Certificate, String str, String str2, CMSAttributeTableGenerator cMSAttributeTableGenerator, CMSAttributeTableGenerator cMSAttributeTableGenerator2, AttributeTable attributeTable, JKey jKey, Session session) {
            this.key = privateKey;
            this.cert = x509Certificate;
            this.digestOID = str;
            this.encOID = str2;
            this.sAttr = cMSAttributeTableGenerator;
            this.unsAttr = cMSAttributeTableGenerator2;
            this.baseSignedTable = attributeTable;
            this.jKey = jKey;
            this.session = session;
        }

        X509Certificate getCertificate() {
            return this.cert;
        }

        String getDigestAlgOID() {
            return this.digestOID;
        }

        byte[] getDigestAlgParams() {
            return null;
        }

        String getEncryptionAlgOID() {
            return this.encOID;
        }

        JKey getJKey() {
            return this.jKey;
        }

        PrivateKey getKey() {
            return this.key;
        }

        CMSAttributeTableGenerator getSignedAttributes() {
            return this.sAttr;
        }

        CMSAttributeTableGenerator getUnsignedAttributes() {
            return this.unsAttr;
        }

        SignerInfo toSignerInfo(DERObjectIdentifier dERObjectIdentifier, CMSProcessable cMSProcessable, SecureRandom secureRandom, String str, boolean z, boolean z2) throws IOException, SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, CertificateEncodingException, CMSException {
            AttributeTable attributeTable;
            byte[] byteArray;
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(getDigestAlgOID()), new DERNull());
            AlgorithmIdentifier encAlgorithmIdentifier = CMSSignedDataGenerator.this.getEncAlgorithmIdentifier(getEncryptionAlgOID());
            String str2 = String.valueOf(CMSSignedHelper.INSTANCE.getDigestAlgName(this.digestOID)) + "with" + CMSSignedHelper.INSTANCE.getEncryptionAlgName(this.encOID);
            byte[] bArr = null;
            if (cMSProcessable != null) {
                try {
                    bArr = this.session.digest(Mechanism.GetOid2Mech(new cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier(this.digestOID)), (byte[]) cMSProcessable.getContent());
                } catch (PKIException e) {
                    throw new CMSException("get digest mech erorr(" + this.digestOID + ").", e);
                }
            }
            if (z) {
                attributeTable = this.sAttr != null ? this.sAttr.getAttributes(Collections.unmodifiableMap(CMSSignedDataGenerator.this.getBaseParameters(dERObjectIdentifier, algorithmIdentifier, bArr))) : null;
            } else {
                attributeTable = this.baseSignedTable;
            }
            if (z2) {
                Hashtable hashtable = attributeTable.toHashtable();
                hashtable.remove(CMSAttributes.contentType);
                attributeTable = new AttributeTable(hashtable);
            }
            ASN1Set attributeSet = CMSSignedDataGenerator.this.getAttributeSet(attributeTable);
            if (attributeSet != null) {
                byteArray = attributeSet.getEncoded("DER");
            } else {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                cMSProcessable.write(byteArrayOutputStream);
                byteArray = byteArrayOutputStream.toByteArray();
            }
            try {
                DEROctetString dEROctetString = new DEROctetString(this.session.sign(new Mechanism(str2.endsWith("withRSA") ? String.valueOf(str2.substring(0, str2.length() - 3)) + "RSAEncryption" : "SM3withSM2Encryption"), this.jKey, byteArray));
                Map baseParameters = CMSSignedDataGenerator.this.getBaseParameters(dERObjectIdentifier, algorithmIdentifier, bArr);
                baseParameters.put("encryptedDigest", dEROctetString.getOctets().clone());
                ASN1Set attributeSet2 = CMSSignedDataGenerator.this.getAttributeSet(this.unsAttr != null ? this.unsAttr.getAttributes(Collections.unmodifiableMap(baseParameters)) : null);
                TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(getCertificate().getTBSCertificate())).readObject());
                return new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), algorithmIdentifier, attributeSet, encAlgorithmIdentifier, dEROctetString, attributeSet2);
            } catch (Exception e2) {
                throw new SignatureException(e2);
            }
        }
    }

    public CMSSignedDataGenerator() {
        this.signerInfs = new ArrayList();
    }

    public CMSSignedDataGenerator(SecureRandom secureRandom) {
        super(secureRandom);
        this.signerInfs = new ArrayList();
    }

    private AlgorithmIdentifier makeAlgId(String str, byte[] bArr) throws IOException {
        return bArr != null ? new AlgorithmIdentifier(new DERObjectIdentifier(str), makeObj(bArr)) : new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull());
    }

    private DERObject makeObj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    public void addSigner(Mechanism mechanism, AttributeTable attributeTable, AttributeTable attributeTable2, JKey jKey, X509Cert x509Cert, Session session) throws IllegalArgumentException {
        if (jKey == null || session == null || x509Cert == null) {
            throw new IllegalArgumentException("JKey or Session couldn't be null.");
        }
        try {
            this.signerInfs.add(new SignerInf(null, Parser.convertX509Cert2JavaCert(x509Cert), Mechanism.Sign2DigOid(mechanism).getId(), Mechanism.Sign2EncOid(mechanism).getId(), new DefaultSignedAttributeTableGenerator(attributeTable), new DefaultSignedAttributeTableGenerator(attributeTable2), null, jKey, session));
        } catch (PKIException e) {
            throw new IllegalArgumentException("signmech convert digest mech or enc mech error.");
        }
    }

    public void addSigner(PrivateKey privateKey, X509Certificate x509Certificate, String str, AttributeTable attributeTable, AttributeTable attributeTable2, JKey jKey, Session session) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(privateKey, x509Certificate, str, privateKey != null ? getEncOID(privateKey, str) : getEncOID(jKey, str), new DefaultSignedAttributeTableGenerator(attributeTable), new SimpleAttributeTableGenerator(attributeTable2), attributeTable, jKey, session));
    }

    public void addSigner(PrivateKey privateKey, X509Certificate x509Certificate, String str, JKey jKey, Session session) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(privateKey, x509Certificate, str, privateKey != null ? getEncOID(privateKey, str) : getEncOID(jKey, str), new DefaultSignedAttributeTableGenerator(), null, null, jKey, session));
    }

    public void addSigner(PrivateKey privateKey, X509Certificate x509Certificate, String str, CMSAttributeTableGenerator cMSAttributeTableGenerator, CMSAttributeTableGenerator cMSAttributeTableGenerator2, JKey jKey, Session session) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(privateKey, x509Certificate, str, privateKey != null ? getEncOID(privateKey, str) : getEncOID(jKey, str), cMSAttributeTableGenerator, cMSAttributeTableGenerator2, null, jKey, session));
    }

    public CMSSignedData generate(CMSProcessable cMSProcessable, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return generate(cMSProcessable, false, str);
    }

    public CMSSignedData generate(CMSProcessable cMSProcessable, boolean z, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return generate(DATA, cMSProcessable, z, str);
    }

    public CMSSignedData generate(String str, CMSProcessable cMSProcessable, boolean z, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return generate(str, cMSProcessable, z, str2, true);
    }

    public CMSSignedData generate(String str, CMSProcessable cMSProcessable, boolean z, String str2, boolean z2) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        DERObjectIdentifier dERObjectIdentifier;
        boolean z3;
        ContentInfo contentInfo;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        this._digests.clear();
        for (SignerInformation signerInformation : this._signers) {
            try {
                aSN1EncodableVector.add(makeAlgId(signerInformation.getDigestAlgOID(), signerInformation.getDigestAlgParams()));
                aSN1EncodableVector2.add(signerInformation.toSignerInfo());
            } catch (IOException e) {
                throw new CMSException("encoding error.", e);
            }
        }
        if (str != null) {
            dERObjectIdentifier = new DERObjectIdentifier(str);
            z3 = false;
        } else {
            dERObjectIdentifier = CMSObjectIdentifiers.data;
            z3 = true;
        }
        for (SignerInf signerInf : this.signerInfs) {
            try {
                aSN1EncodableVector.add(makeAlgId(signerInf.getDigestAlgOID(), signerInf.getDigestAlgParams()));
                aSN1EncodableVector2.add(signerInf.toSignerInfo(dERObjectIdentifier, cMSProcessable, this.rand, str2, z2, z3));
            } catch (IOException e2) {
                throw new CMSException("encoding error.", e2);
            } catch (InvalidKeyException e3) {
                throw new CMSException("key inappropriate for signature.", e3);
            } catch (SignatureException e4) {
                throw new CMSException("error creating signature.", e4);
            } catch (CertificateEncodingException e5) {
                throw new CMSException("error creating sid.", e5);
            }
        }
        ASN1Set createBerSetFromList = this._certs.size() != 0 ? CMSUtils.createBerSetFromList(this._certs) : null;
        ASN1Set createBerSetFromList2 = this._crls.size() != 0 ? CMSUtils.createBerSetFromList(this._crls) : null;
        if (z) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (cMSProcessable != null) {
                try {
                    cMSProcessable.write(byteArrayOutputStream);
                } catch (IOException e6) {
                    throw new CMSException("encapsulation error.", e6);
                }
            }
            contentInfo = new ContentInfo(dERObjectIdentifier, new BERConstructedOctetString(byteArrayOutputStream.toByteArray()));
        } else {
            contentInfo = new ContentInfo(dERObjectIdentifier, null);
        }
        return new CMSSignedData(cMSProcessable, new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new DERSet(aSN1EncodableVector), contentInfo, createBerSetFromList, createBerSetFromList2, new DERSet(aSN1EncodableVector2))));
    }

    public SignerInformationStore generateCounterSigners(SignerInformation signerInformation, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return generate(null, new CMSProcessableByteArray(signerInformation.getSignature()), false, str).getSignerInfos();
    }
}
