package com.ipps.common.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Array;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;

/* loaded from: input_file:com/ipps/common/security/PKCSTool.class */
public class PKCSTool {
    private static final int SIGNER = 1;
    private static final int VERIFIER = 2;
    private int mode;
    private String digestAlgorithm = "SHA1";
    private String signingAlgorithm = "SHA1withRSA";
    private Certificate[] certificates = null;
    private PrivateKey privateKey = null;
    private Certificate rootCertificate = null;
    private static char jvm = 0;
    private static Class algorithmId = null;
    private static Class derValue = null;
    private static Class objectIdentifier = null;
    private static Class x500Name = null;
    private static boolean debug = false;

    private PKCSTool(int i) {
        this.mode = 0;
        this.mode = i;
    }

    private static void init() {
        if (jvm != 0) {
            return;
        }
        String property = System.getProperty("java.vm.vendor");
        if (property == null) {
            property = "";
        }
        String upperCase = property.toUpperCase();
        try {
            if (upperCase.indexOf("IBM") >= 0) {
                jvm = 'I';
                algorithmId = Class.forName("com.ibm.security.x509.AlgorithmId");
                derValue = Class.forName("com.ibm.security.util.DerValue");
                objectIdentifier = Class.forName("com.ibm.security.util.ObjectIdentifier");
                x500Name = Class.forName("com.ibm.security.x509.X500Name");
                return;
            }
            if (upperCase.indexOf("ORACLE CORPORATION") >= 0) {
                jvm = 'S';
                algorithmId = Class.forName("sun.security.x509.AlgorithmId");
                derValue = Class.forName("sun.security.util.DerValue");
                objectIdentifier = Class.forName("sun.security.util.ObjectIdentifier");
                x500Name = Class.forName("sun.security.x509.X500Name");
                return;
            }
            jvm = 'S';
            algorithmId = Class.forName("sun.security.x509.AlgorithmId");
            derValue = Class.forName("sun.security.util.DerValue");
            objectIdentifier = Class.forName("sun.security.util.ObjectIdentifier");
            x500Name = Class.forName("sun.security.x509.X500Name");
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            System.out.println("Not support JRE: " + property);
            throw new RuntimeException(e);
        }
    }

    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2 += SIGNER) {
            if ((i & (SIGNER << i2)) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    public static PKCSTool getSigner(String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        init();
        FileInputStream fileInputStream = null;
        try {
            try {
                r10 = str.toLowerCase().endsWith(".pfx") ? KeyStore.getInstance("PKCS12") : null;
                fileInputStream = new FileInputStream(str);
                r10.load(fileInputStream, str2.toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (FileNotFoundException e) {
                e.printStackTrace();
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            }
            Enumeration<String> aliases = r10.aliases();
            String str5 = null;
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    str5 = aliases.nextElement();
                    Certificate[] certificateChain = r10.getCertificateChain(str5);
                    if (certificateChain != null && certificateChain.length != 0) {
                        X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                        if (matchUsage(x509Certificate.getKeyUsage(), SIGNER)) {
                            try {
                                x509Certificate.checkValidity();
                                break;
                            } catch (CertificateException e2) {
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            if (str5 == null) {
                throw new GeneralSecurityException("None certificate for sign in this keystore");
            }
            PKCSTool pKCSTool = new PKCSTool(SIGNER);
            PrivateKey privateKey = (PrivateKey) r10.getKey(str5, str3.toCharArray());
            if (privateKey == null) {
                throw new GeneralSecurityException(String.valueOf(str5) + " could not be accessed");
            }
            pKCSTool.privateKey = privateKey;
            if ("PKCS7".equals(str4)) {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) null;
                if (r10.isKeyEntry(str5)) {
                    Certificate[] certificateChain2 = r10.getCertificateChain(str5);
                    for (int i = 0; i < certificateChain2.length; i += SIGNER) {
                        if (!(certificateChain2[i] instanceof X509Certificate)) {
                            throw new GeneralSecurityException("Certificate[" + i + "] in chain '" + str5 + "' is not a X509Certificate.");
                        }
                    }
                    x509CertificateArr = new X509Certificate[certificateChain2.length];
                    for (int i2 = 0; i2 < certificateChain2.length; i2 += SIGNER) {
                        x509CertificateArr[i2] = (X509Certificate) certificateChain2[i2];
                    }
                } else {
                    if (!r10.isCertificateEntry(str5)) {
                        throw new GeneralSecurityException(String.valueOf(str5) + " is unknown to this keystore");
                    }
                    Certificate certificate = r10.getCertificate(str5);
                    if (certificate instanceof X509Certificate) {
                        x509CertificateArr = new X509Certificate[]{(X509Certificate) certificate};
                    }
                }
                pKCSTool.certificates = x509CertificateArr;
            }
            return pKCSTool;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public String p1Sign(byte[] bArr) throws Exception {
        if (this.mode != SIGNER) {
            throw new IllegalStateException("call a PKCS1Tool instance not for signature.");
        }
        Signature signature = Signature.getInstance(this.signingAlgorithm);
        signature.initSign(this.privateKey);
        signature.update(bArr, 0, bArr.length);
        return new BASE64Encoder().encode(signature.sign());
    }

    public String p7Sign(byte[] bArr) throws Exception {
        if (this.mode != SIGNER) {
            throw new IllegalStateException("call a PKCS7Tool instance not for signature.");
        }
        Signature signature = Signature.getInstance(this.signingAlgorithm);
        signature.initSign(this.privateKey);
        signature.update(bArr, 0, bArr.length);
        byte[] sign = signature.sign();
        Object obj = ContentInfo.class.getField("DATA_OID").get(null);
        Constructor constructor = ContentInfo.class.getConstructor(obj.getClass(), derValue);
        Object[] objArr = new Object[VERIFIER];
        objArr[0] = obj;
        ContentInfo contentInfo = (ContentInfo) constructor.newInstance(objArr);
        X509Certificate x509Certificate = (X509Certificate) this.certificates[this.certificates.length - SIGNER];
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        Object newInstance = x500Name.getConstructor(String.class).newInstance(x509Certificate.getIssuerDN().getName());
        Object invoke = algorithmId.getMethod("get", String.class).invoke(null, this.digestAlgorithm);
        Object newInstance2 = algorithmId.getConstructor(objectIdentifier).newInstance(algorithmId.getField("RSAEncryption_oid").get(null));
        Constructor constructor2 = SignerInfo.class.getConstructor(x500Name, BigInteger.class, algorithmId, PKCS9Attributes.class, algorithmId, byte[].class, PKCS9Attributes.class);
        Object[] objArr2 = new Object[7];
        objArr2[0] = newInstance;
        objArr2[SIGNER] = serialNumber;
        objArr2[VERIFIER] = invoke;
        objArr2[4] = newInstance2;
        objArr2[5] = sign;
        SignerInfo[] signerInfoArr = {(SignerInfo) constructor2.newInstance(objArr2)};
        Object newInstance3 = Array.newInstance((Class<?>) algorithmId, SIGNER);
        Array.set(newInstance3, 0, invoke);
        PKCS7 pkcs7 = (PKCS7) PKCS7.class.getConstructor(newInstance3.getClass(), ContentInfo.class, X509Certificate[].class, signerInfoArr.getClass()).newInstance(newInstance3, contentInfo, this.certificates, signerInfoArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        pkcs7.encodeSignedData(byteArrayOutputStream);
        return new BASE64Encoder().encode(byteArrayOutputStream.toByteArray());
    }

    public static PKCSTool getVerifier(InputStream inputStream, InputStream inputStream2) throws GeneralSecurityException, IOException {
        init();
        Certificate[] certificateArr = (Certificate[]) null;
        Certificate[] certificateArr2 = (Certificate[]) null;
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (inputStream2 != null) {
            try {
                certificateArr2 = new Certificate[]{certificateFactory.generateCertificate(inputStream2)};
            } catch (Exception e) {
                if (debug) {
                    e.printStackTrace();
                }
                if (inputStream != null) {
                    certificateArr = new Certificate[]{certificateFactory.generateCertificate(new ByteArrayInputStream(new BASE64Decoder().decodeBuffer(inputStream)))};
                }
                if (inputStream2 != null) {
                    certificateArr2 = new Certificate[]{certificateFactory.generateCertificate(new ByteArrayInputStream(new BASE64Decoder().decodeBuffer(inputStream2)))};
                }
            }
        }
        if (inputStream != null) {
            certificateArr = new Certificate[]{certificateFactory.generateCertificate(inputStream)};
        }
        PKCSTool pKCSTool = new PKCSTool(VERIFIER);
        if (inputStream != null) {
            pKCSTool.rootCertificate = certificateArr[0];
        }
        pKCSTool.certificates = certificateArr2;
        return pKCSTool;
    }

    public void p1Verify(String str, byte[] bArr) throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateException, NoSuchProviderException {
        if (this.mode != VERIFIER) {
            throw new IllegalStateException("call a PKCS1Tool instance not for verify.");
        }
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(str);
        Signature signature = Signature.getInstance(this.signingAlgorithm);
        signature.initVerify(this.certificates[0]);
        signature.update(bArr);
        if (!signature.verify(decodeBuffer, 0, decodeBuffer.length)) {
            throw new SignatureException("Verify fail.");
        }
        X509Certificate x509Certificate = (X509Certificate) this.certificates[0];
        x509Certificate.checkValidity();
        if (x509Certificate.equals(this.rootCertificate)) {
            x509Certificate.verify(this.rootCertificate.getPublicKey());
        }
    }

    public void p7Verify(String str, byte[] bArr) throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateException, NoSuchProviderException {
        if (this.mode != VERIFIER) {
            throw new IllegalStateException("call a PKCS7Tool instance not for verify.");
        }
        PKCS7 pkcs7 = new PKCS7(new BASE64Decoder().decodeBuffer(str));
        X509Certificate[] certificates = pkcs7.getCertificates();
        if (debug) {
            for (int i = 0; i < certificates.length; i += SIGNER) {
                X509Certificate x509Certificate = certificates[i];
                System.out.println("SIGNER " + i + "=\n" + x509Certificate);
                System.out.println("SIGNER " + i + "=\n" + new BASE64Encoder().encode(x509Certificate.getEncoded()));
            }
        }
        SignerInfo[] verify = pkcs7.verify(bArr);
        if (verify == null) {
            throw new SignatureException("Signature failed verification, data has been tampered");
        }
        for (int i2 = 0; i2 < verify.length; i2 += SIGNER) {
            X509Certificate certificate = verify[i2].getCertificate(pkcs7);
            certificate.checkValidity();
            if (!certificate.equals(this.rootCertificate)) {
                certificate.verify(this.rootCertificate.getPublicKey());
            }
        }
    }
}
