package com.lsy.baselib.crypto.protocol;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import com.lsy.baselib.crypto.exception.PKCS7SignatureException;
import com.lsy.baselib.crypto.exception.TimeStampException;
import com.lsy.baselib.crypto.util.BytesUtil;
import com.lsy.baselib.crypto.util.CryptUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class TimeStamp {
    private static long INTERVAL_TIME = 600000;
    private static Session session;

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        session = null;
        if (0 == 0) {
            session = new BCSoftLib();
        }
    }

    public static byte[] makeTimeStamp(byte[] bArr, String str, String str2) throws TimeStampException {
        return makeTimeStamp(bArr, str, str2, INTERVAL_TIME);
    }

    public static byte[] makeTimeStamp(byte[] bArr, String str, String str2, long j) throws TimeStampException {
        try {
            java.security.cert.X509Certificate generateX509Certificate = CryptUtil.generateX509Certificate(Base64.decode(str.getBytes()));
            String sigAlgName = generateX509Certificate.getSigAlgName();
            return makeTimeStamp(bArr, generateX509Certificate, sigAlgName.indexOf("RSA") > 0 ? CryptUtil.generatePrivateKey(Base64.decode(str2.getBytes()), "RSA") : sigAlgName.indexOf("SM2") > 0 ? CryptUtil.generatePrivateKey(Base64.decode(str2.getBytes()), "SM2") : null, j);
        } catch (Exception e) {
            throw new TimeStampException("无效数字证书", e);
        }
    }

    public static byte[] makeTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey) throws TimeStampException {
        return makeTimeStamp(bArr, x509Certificate, privateKey, INTERVAL_TIME);
    }

    public static byte[] makeTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey, long j) throws TimeStampException {
        ByteArrayOutputStream byteArrayOutputStream;
        ByteArrayOutputStream byteArrayOutputStream2 = null;
        byte[] bArr2 = (byte[]) null;
        if (privateKey == null) {
            throw new TimeStampException("无效签名私钥");
        }
        if (bArr == null) {
            bArr = "".getBytes();
        }
        try {
            try {
                byteArrayOutputStream = new ByteArrayOutputStream();
            } catch (Exception e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            String valueOf = String.valueOf(new Date().getTime());
            String valueOf2 = String.valueOf(new Date().getTime() + j);
            byteArrayOutputStream.write(BytesUtil.intToBytes(bArr.length));
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(BytesUtil.intToBytes(valueOf.length()));
            byteArrayOutputStream.write(valueOf.getBytes());
            byteArrayOutputStream.write(BytesUtil.intToBytes(valueOf2.length()));
            byteArrayOutputStream.write(valueOf2.getBytes());
            String sigAlgName = x509Certificate.getSigAlgName();
            if (sigAlgName.indexOf("RSA") > 0) {
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addSigner(privateKey, x509Certificate, CMSSignedDataGenerator.DIGEST_SHA1);
                cMSSignedDataGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(new ArrayList()), "BC"));
                bArr2 = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(byteArrayOutputStream.toByteArray()), true, "BC").getEncoded();
            } else if (sigAlgName.indexOf("SM2") > 0) {
                X509Cert[] x509CertArr = new X509Cert[1];
                if (!(x509Certificate instanceof X509Certificate)) {
                    throw new PKCS7SignatureException("F<sign> parameter signerCertificate is not a valid certificate");
                }
                x509CertArr[0] = ((X509Certificate) x509Certificate).getX509Certificate();
                bArr2 = new PKCS7SignedData(session).packageSM2SignedData(true, (String) null, byteArrayOutputStream.toByteArray(), session.sign(new Mechanism("sm3WithSM2Encryption"), privateKey, byteArrayOutputStream.toByteArray()), x509CertArr);
            }
            try {
                byteArrayOutputStream.close();
            } catch (Exception unused) {
            }
            return bArr2;
        } catch (Exception e2) {
            e = e2;
            byteArrayOutputStream2 = byteArrayOutputStream;
            throw new TimeStampException("签名失败", e);
        } catch (Throwable th2) {
            th = th2;
            byteArrayOutputStream2 = byteArrayOutputStream;
            if (byteArrayOutputStream2 != null) {
                try {
                    byteArrayOutputStream2.close();
                } catch (Exception unused2) {
                }
            }
            throw th;
        }
    }

    public static boolean verifyTimeStamp(byte[] bArr, String str) throws TimeStampException {
        try {
            return verifyTimeStamp(bArr, CryptUtil.generateX509Certificate(Base64.decode(str.getBytes())));
        } catch (Exception e) {
            throw new TimeStampException("无效数字证书", e);
        }
    }

    public static boolean verifyTimeStamp(byte[] bArr, String str, String str2) throws TimeStampException {
        return verifyTimeStamp(bArr, str);
    }

    public static boolean verifyTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate) throws TimeStampException {
        ByteArrayInputStream byteArrayInputStream;
        if (x509Certificate == null) {
            throw new TimeStampException("无效签名数字证书");
        }
        ByteArrayInputStream byteArrayInputStream2 = null;
        try {
            try {
                CMSSignedData cMSSignedData = new CMSSignedData(bArr);
                for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                    String encryptionAlgOID = signerInformation.getEncryptionAlgOID();
                    if ("1.2.840.113549.1.1.1".equals(encryptionAlgOID)) {
                        if (!signerInformation.verify(x509Certificate.getPublicKey(), "BC")) {
                            throw new TimeStampException("时间戳签名无效!");
                        }
                    } else if ("1.2.156.10197.1.301.1".equals(encryptionAlgOID)) {
                        Signature signature = new Signature();
                        if (!signature.p7VerifyMessageAttach(bArr, session)) {
                            throw new PKCS7SignatureException("调用p7VerifyMessageAttach接口返回FALSE.");
                        }
                        if (!Arrays.equals(x509Certificate.getPublicKey().getEncoded(), signature.getSignerCert().getPublicKey().getEncoded())) {
                            throw new PKCS7SignatureException("SM2验签失败，入参公钥和签名中的证书公钥签名证书不匹配");
                        }
                    } else {
                        continue;
                    }
                }
                byteArrayInputStream = new ByteArrayInputStream((byte[]) cMSSignedData.getSignedContent().getContent());
            } catch (Throwable th) {
                th = th;
            }
        } catch (TimeStampException e) {
            throw e;
        } catch (Exception e2) {
            e = e2;
        }
        try {
            byte[] bArr2 = new byte[4];
            byteArrayInputStream.read(bArr2);
            byteArrayInputStream.read(new byte[BytesUtil.bytesToInt(bArr2)]);
            byteArrayInputStream.read(bArr2);
            byteArrayInputStream.read(new byte[BytesUtil.bytesToInt(bArr2)]);
            byteArrayInputStream.read(bArr2);
            byte[] bArr3 = new byte[BytesUtil.bytesToInt(bArr2)];
            byteArrayInputStream.read(bArr3);
            if (new Date().getTime() > Long.parseLong(new String(bArr3))) {
                throw new TimeStampException("时间戳已经过期!");
            }
            try {
                byteArrayInputStream.close();
            } catch (Exception unused) {
            }
            return true;
        } catch (TimeStampException e3) {
            throw e3;
        } catch (Exception e4) {
            e = e4;
            throw new TimeStampException("无效的时间戳!", e);
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream2 = byteArrayInputStream;
            if (byteArrayInputStream2 != null) {
                try {
                    byteArrayInputStream2.close();
                } catch (Exception unused2) {
                }
            }
            throw th;
        }
    }

    public static boolean verifyTimeStamp(byte[] bArr, java.security.cert.X509Certificate x509Certificate, PrivateKey privateKey) throws TimeStampException {
        return verifyTimeStamp(bArr, x509Certificate);
    }
}
