package com.lsy.baselib.crypto.protocol;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.system.global.SM2ContextConfig;
import cfca.sadk.util.Signature;
import cfca.sadk.x509.certificate.X509Cert;
import com.lsy.baselib.crypto.exception.PKCS7SignatureException;
import com.lsy.baselib.crypto.util.Base64;
import com.lsy.baselib.crypto.util.CryptUtil;
import com.lsy.baselib.crypto.util.SM2CrtUtil;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSSignedDataParser;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class PKCS7Signature {
    private static Session session;
    private PrivateKey privateKey = null;
    private X509Cert certificate = null;

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        session = null;
        if (0 == 0) {
            session = new BCSoftLib();
        }
    }

    public static java.security.cert.X509Certificate getCertification(byte[] bArr) throws PKCS7SignatureException {
        try {
            X509Cert x509Cert = new X509Cert(getSignerCrt(bArr));
            if ("SM3withSM2".equalsIgnoreCase(x509Cert.getSignatureAlgName())) {
                return null;
            }
            return CryptUtil.generateX509Certificate(x509Cert.getEncoded());
        } catch (Exception e) {
            throw new PKCS7SignatureException("从消息签名中获取证书失败", e);
        }
    }

    public static byte[] getSignerCrt(byte[] bArr) throws PKCS7SignatureException {
        try {
            PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
            pKCS7SignedData.loadBase64(bArr);
            return pKCS7SignedData.getSignerX509Cert().getEncoded();
        } catch (Exception e) {
            throw new PKCS7SignatureException("从PKCS#7消息签名中获取证书失败:\nsignedMessage:" + new String(bArr) + "\n", e);
        }
    }

    public static java.security.cert.X509Certificate getSingerCertificate(byte[] bArr) throws PKCS7SignatureException {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", "BC");
            Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                Iterator<? extends Certificate> it2 = certificatesAndCRLs.getCertificates(((SignerInformation) it.next()).getSID()).iterator();
                if (it2.hasNext()) {
                    return (java.security.cert.X509Certificate) it2.next();
                }
            }
            return null;
        } catch (Exception e) {
            throw new PKCS7SignatureException("从消息签名中获取证书失败", e);
        }
    }

    public static byte[] getSourceMessage(byte[] bArr) throws PKCS7SignatureException {
        try {
            PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
            pKCS7SignedData.loadBase64(bArr);
            return pKCS7SignedData.getSourceData();
        } catch (Exception e) {
            throw new PKCS7SignatureException("从SM2消息签名中获取消息原文失败:\nsignedMessage:" + new String(bArr) + "\n", e);
        }
    }

    public static byte[] sign(byte[] bArr, PrivateKey privateKey, java.security.cert.X509Certificate x509Certificate, java.security.cert.X509Certificate[] x509CertificateArr, boolean z) throws PKCS7SignatureException {
        byte[] bArr2 = (byte[]) null;
        if (x509Certificate == null) {
            throw new PKCS7SignatureException("F<sign> parameter signerCertificate is null");
        }
        if (privateKey == null) {
            throw new PKCS7SignatureException("F<sign> parameter signerPrivatekey is null");
        }
        try {
            String sigAlgName = x509Certificate.getSigAlgName();
            if (sigAlgName.indexOf("RSA") > 0) {
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addSigner(privateKey, x509Certificate, CMSSignedDataGenerator.DIGEST_SHA1);
                ArrayList arrayList = new ArrayList();
                if (x509CertificateArr != null) {
                    for (java.security.cert.X509Certificate x509Certificate2 : x509CertificateArr) {
                        arrayList.add(x509Certificate2);
                    }
                }
                cMSSignedDataGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC"));
                return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), z, "BC").getEncoded();
            }
            if (sigAlgName.indexOf("SM2") <= 0) {
                return bArr2;
            }
            X509Cert[] x509CertArr = new X509Cert[1];
            if (!(x509Certificate instanceof X509Certificate)) {
                throw new PKCS7SignatureException("F<sign> parameter signerCertificate is not a valid certificate");
            }
            x509CertArr[0] = ((X509Certificate) x509Certificate).getX509Certificate();
            return new PKCS7SignedData(session).packageSM2SignedData(z, (String) null, bArr, session.sign(new Mechanism("sm3WithSM2Encryption"), privateKey, bArr), x509CertArr);
        } catch (Exception e) {
            StringBuilder sb = new StringBuilder(String.valueOf(String.valueOf("null消息签名失败\n") + "message:" + bArr + "\n"));
            sb.append("signerPrivatekey:");
            sb.append(new String(Base64.encode(privateKey.getEncoded())));
            sb.append("\n");
            throw new PKCS7SignatureException(String.valueOf(sb.toString()) + "attach:" + z + "\n", e);
        }
    }

    public static byte[] signWithSM2Crt(byte[] bArr, PrivateKey privateKey, byte[] bArr2, boolean z) throws PKCS7SignatureException {
        try {
            if (privateKey == null) {
                throw new PKCS7SignatureException("入参签名私钥signerPrivatekey不能为空");
            }
            if (bArr2 == null) {
                throw new PKCS7SignatureException("base64EncodedSignerCertificate");
            }
            X509Cert[] x509CertArr = {new X509Cert(Base64.decode(bArr2))};
            SM2ContextConfig.setUseZValue(true);
            return Base64.encode(new PKCS7SignedData(session).packageSM2SignedData(z, (String) null, bArr, session.sign(new Mechanism("sm3WithSM2Encryption"), privateKey, bArr), x509CertArr));
        } catch (Exception e) {
            StringBuilder sb = new StringBuilder(String.valueOf("SM2签名失败:\nmessage:" + bArr + "\n"));
            sb.append("signerPrivatekey:");
            sb.append(new String(Base64.encode(privateKey.getEncoded())));
            sb.append("\n");
            throw new PKCS7SignatureException(String.valueOf(String.valueOf(sb.toString()) + "signerCertificate:" + new String(bArr2) + "\n") + "attach:" + z + "\n", e);
        }
    }

    public static boolean verifyAttachedSM2Signature(byte[] bArr, byte[] bArr2) throws PKCS7SignatureException {
        if (bArr == null) {
            throw new PKCS7SignatureException("消息签名不能为空");
        }
        try {
            Signature signature = new Signature();
            boolean p7VerifyMessageAttach = signature.p7VerifyMessageAttach(bArr, session);
            if (!p7VerifyMessageAttach) {
                throw new PKCS7SignatureException("调用p7VerifyMessageAttach接口返回FALSE.");
            }
            if (bArr2 != null && !Arrays.equals(new X509Cert(Base64.decode(bArr2)).getEncoded(), signature.getSignerCert().getEncoded())) {
                throw new PKCS7SignatureException("签名证书不匹配");
            }
            return p7VerifyMessageAttach;
        } catch (Exception e) {
            throw new PKCS7SignatureException(String.valueOf("验证带原文的SM2消息签名失败:\nsignedMessage:" + new String(bArr) + "\n") + "signerCertificate:" + new String(bArr2) + "\n", e);
        }
    }

    public static void verifyAttachedSignature(byte[] bArr, PublicKey publicKey) throws PKCS7SignatureException {
        if (bArr == null) {
            throw new PKCS7SignatureException("消息签名不能为空");
        }
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", "BC");
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                String encryptionAlgOID = signerInformation.getEncryptionAlgOID();
                if ("1.2.840.113549.1.1.1".equals(encryptionAlgOID)) {
                    if (publicKey == null) {
                        Iterator<? extends Certificate> it = certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator();
                        if (!it.hasNext()) {
                            throw new PKCS7SignatureException("消息签名中没有包含签名证书！");
                        }
                        if (!signerInformation.verify(((java.security.cert.X509Certificate) it.next()).getPublicKey(), "BC")) {
                            throw new PKCS7SignatureException("使用消息签名中自带的证书链进行验签失败！");
                        }
                    } else if (!signerInformation.verify(publicKey, "BC")) {
                        throw new PKCS7SignatureException("使用传入的公钥验签失败");
                    }
                } else if ("1.2.156.10197.1.301.1".equals(encryptionAlgOID)) {
                    Signature signature = new Signature();
                    if (!signature.p7VerifyMessageAttach(bArr, session)) {
                        throw new PKCS7SignatureException("调用p7VerifyMessageAttach接口返回FALSE.");
                    }
                    if (publicKey != null && !Arrays.equals(publicKey.getEncoded(), signature.getSignerCert().getPublicKey().getEncoded())) {
                        throw new PKCS7SignatureException("SM2验签失败，入参公钥和签名中的证书公钥签名证书不匹配");
                    }
                } else {
                    continue;
                }
            }
        } catch (Exception e) {
            StringBuilder sb = new StringBuilder(String.valueOf("验证带原文的消息签名失败:\nsignedMessage:" + new String(Base64.encode(bArr)) + "\n"));
            sb.append("signerCertificate:");
            sb.append(publicKey == null ? null : new String(Base64.encode(publicKey.getEncoded())));
            sb.append("\n");
            throw new PKCS7SignatureException(sb.toString(), e);
        }
    }

    public static boolean verifyDetachedSM2Signature(byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKCS7SignatureException {
        if (bArr2 == null) {
            throw new PKCS7SignatureException("消息签名不能为空");
        }
        try {
            Signature signature = new Signature();
            boolean p7VerifyMessageDetach = signature.p7VerifyMessageDetach(bArr, bArr2, session);
            if (!p7VerifyMessageDetach) {
                throw new PKCS7SignatureException("调用p7VerifyMessageDetach接口返回FALSE");
            }
            if (bArr3 != null && !Arrays.equals(new X509Cert(bArr3).getEncoded(), signature.getSignerCert().getEncoded())) {
                throw new PKCS7SignatureException("签名证书不匹配");
            }
            return p7VerifyMessageDetach;
        } catch (Exception e) {
            StringBuilder sb = new StringBuilder(String.valueOf("验证带不带原文的SM2消息签名失败:\nsourceMessage:" + new String(bArr) + "\n"));
            sb.append("signedMessage:");
            sb.append(new String(bArr2));
            sb.append("\n");
            throw new PKCS7SignatureException(String.valueOf(sb.toString()) + "signerCertificate:" + new String(bArr3) + "\n", e);
        }
    }

    public static boolean verifyDetachedSignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws PKCS7SignatureException {
        if (bArr == null || bArr2 == null) {
            return false;
        }
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(bArr)), bArr2);
            cMSSignedDataParser.getSignedContent().drain();
            CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", "BC");
            for (SignerInformation signerInformation : cMSSignedDataParser.getSignerInfos().getSigners()) {
                String encryptionAlgOID = signerInformation.getEncryptionAlgOID();
                if ("1.2.840.113549.1.1.1".equals(encryptionAlgOID)) {
                    if (publicKey == null) {
                        Iterator<? extends Certificate> it = certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator();
                        if (!it.hasNext()) {
                            throw new PKCS7SignatureException("使用消息签名中自带的证书链进行验签失败");
                        }
                        if (!signerInformation.verify(((java.security.cert.X509Certificate) it.next()).getPublicKey(), "BC")) {
                            throw new PKCS7SignatureException("使用消息签名中自带的证书链进行验签失败");
                        }
                    } else if (!signerInformation.verify(publicKey, "BC")) {
                        throw new PKCS7SignatureException("使用传入的公钥验签失败");
                    }
                } else if ("1.2.156.10197.1.301.1".equals(encryptionAlgOID)) {
                    Signature signature = new Signature();
                    if (!signature.p7VerifyMessageDetach(bArr, bArr2, session)) {
                        throw new PKCS7SignatureException("调用p7VerifyMessageDetach接口返回FALSE");
                    }
                    if (publicKey != null && !Arrays.equals(publicKey.getEncoded(), signature.getSignerCert().getPublicKey().getEncoded())) {
                        throw new PKCS7SignatureException("SM2验签失败，入参公钥和签名中的证书公钥签名证书不匹配");
                    }
                } else {
                    continue;
                }
            }
            return true;
        } catch (Exception e) {
            StringBuilder sb = new StringBuilder(String.valueOf("验证带不带原文的消息签名失败:\nsourceMessage:" + new String(bArr) + "\n"));
            sb.append("signedMessage:");
            sb.append(new String(Base64.encode(bArr2)));
            sb.append("\n");
            throw new PKCS7SignatureException(String.valueOf(sb.toString()) + "signerCertificate:" + new String(Base64.encode(publicKey.getEncoded())) + "\n", e);
        }
    }

    public static boolean verifyDetachedSignature(byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKCS7SignatureException {
        PublicKey publicKey;
        if (bArr3 != null) {
            try {
                publicKey = CryptUtil.generateX509Certificate(Base64.decode(bArr3)).getPublicKey();
            } catch (Exception e) {
                e.printStackTrace();
            }
            return verifyDetachedSignature(bArr, Base64.decode(bArr2), publicKey);
        }
        publicKey = null;
        return verifyDetachedSignature(bArr, Base64.decode(bArr2), publicKey);
    }

    public void setCertificate(String str) {
        try {
            this.certificate = new X509Cert(Base64.decode(str.getBytes()));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void setPrivateKey(String str, String str2) {
        try {
            this.privateKey = SM2CrtUtil.decryptedSM2PrivateKey(str, str2);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public byte[] signWithSM2Crt(byte[] bArr, boolean z) throws PKCS7SignatureException {
        try {
            X509Cert[] x509CertArr = {this.certificate};
            SM2ContextConfig.setUseZValue(true);
            return Base64.encode(new PKCS7SignedData(session).packageSM2SignedData(z, (String) null, bArr, session.sign(new Mechanism("sm3WithSM2Encryption"), this.privateKey, bArr), x509CertArr));
        } catch (Exception e) {
            throw new PKCS7SignatureException(String.valueOf("SM2签名失败:\nmessage:" + bArr + "\n") + "attach:" + z + "\n", e);
        }
    }
}
