package com.akai.cert.util;

import com.akai.guomi.provider.MySM3WITHSM2CMSSignatureEncryptionAlgorithmFinder;
import com.akai.guomi.provider.MySM3WITHSM2ContentSigner;
import com.akai.guomi.provider.MySM3WITHSM2DigestProvider;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class PKCS7Signer {
    private String PATH_TO_KEYSTORE = "/path/to/keyStore";
    private String KEY_ALIAS_IN_KEYSTORE = "My_Private_Key";
    private String KEYSTORE_PASSWORD = "MyPassword";

    private KeyStore loadKeyStore() {
        KeyStore keyStore = (this.PATH_TO_KEYSTORE.toLowerCase().endsWith(".pfx") || this.PATH_TO_KEYSTORE.toLowerCase().endsWith(".p12")) ? KeyStore.getInstance("PKCS12", new BouncyCastleProvider()) : KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = null;
        r1 = null;
        String str = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(this.PATH_TO_KEYSTORE);
            try {
                keyStore.load(fileInputStream2, this.KEYSTORE_PASSWORD.toCharArray());
                fileInputStream2.close();
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases != null) {
                    while (aliases.hasMoreElements()) {
                        str = aliases.nextElement();
                        Certificate[] certificateChain = keyStore.getCertificateChain(str);
                        if (certificateChain != null && certificateChain.length != 0) {
                            X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                            if (matchUsage(x509Certificate.getKeyUsage(), 1)) {
                                try {
                                    x509Certificate.checkValidity();
                                    break;
                                } catch (CertificateException unused) {
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                }
                if (str == null) {
                    throw new GeneralSecurityException("None certificate for sign in this keystore");
                }
                this.KEY_ALIAS_IN_KEYSTORE = str;
                System.out.println(str);
                return keyStore;
            } catch (Throwable th) {
                th = th;
                fileInputStream = fileInputStream2;
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static boolean matchUsage(boolean[] zArr, int i2) {
        if (i2 == 0 || zArr == null) {
            return true;
        }
        for (int i3 = 0; i3 < Math.min(zArr.length, 32); i3++) {
            if (((1 << i3) & i2) != 0 && !zArr[i3]) {
                return false;
            }
        }
        return true;
    }

    private CMSSignedDataGenerator setUpProvider(KeyStore keyStore) {
        Security.addProvider(new BouncyCastleProvider());
        Certificate[] certificateChain = keyStore.getCertificateChain(this.KEY_ALIAS_IN_KEYSTORE);
        ArrayList arrayList = new ArrayList();
        int length = certificateChain == null ? 0 : certificateChain.length;
        for (int i2 = 0; i2 < length; i2++) {
            arrayList.add(certificateChain[i2]);
        }
        JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
        X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
        System.out.println(x509Certificate.getSigAlgOID());
        System.out.println(x509Certificate.getIssuerDN());
        System.out.println(x509Certificate.getSubjectDN());
        String upperCase = x509Certificate.getSigAlgName().toUpperCase();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(this.KEY_ALIAS_IN_KEYSTORE, this.KEYSTORE_PASSWORD.toCharArray());
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        if (upperCase.equals("1.2.156.10197.1.501")) {
            cMSSignedDataGenerator.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new MySM3WITHSM2DigestProvider((ECPublicKeyParameters) PublicKeyFactory.createKey(x509Certificate.getPublicKey().getEncoded())), new MySM3WITHSM2CMSSignatureEncryptionAlgorithmFinder()).build(MySM3WITHSM2ContentSigner.getInstance((ECPrivateKeyParameters) PrivateKeyFactory.createKey(privateKey.getEncoded())), new X509CertificateHolder(x509Certificate.getEncoded())));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
        } else {
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()).build(new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build((PrivateKey) keyStore.getKey(this.KEY_ALIAS_IN_KEYSTORE, this.KEYSTORE_PASSWORD.toCharArray())), x509Certificate));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
        }
        System.out.println("signer完成");
        return cMSSignedDataGenerator;
    }

    public static String signPkcs7(String str, String str2, String str3) {
        return new String(Base64.encode(signPkcs7(str, str2, str3.getBytes())));
    }

    public static byte[] signPkcs7(String str, String str2, byte[] bArr) {
        PKCS7Signer pKCS7Signer = new PKCS7Signer();
        pKCS7Signer.PATH_TO_KEYSTORE = str;
        pKCS7Signer.KEYSTORE_PASSWORD = str2;
        return pKCS7Signer.signPkcs7(bArr, pKCS7Signer.setUpProvider(pKCS7Signer.loadKeyStore()));
    }

    private byte[] signPkcs7(byte[] bArr, CMSSignedDataGenerator cMSSignedDataGenerator) {
        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
    }
}
