package cn.com.infosec.netsigninterface;

import cn.com.infosec.asn1.x509.X509Extensions;
import cn.com.infosec.crypto.digests.SHA1Digest;
import cn.com.infosec.jce.PKCS7EnvelopedData;
import cn.com.infosec.jce.PKCS7SignedData;
import cn.com.infosec.jce.exception.CertificateNotMatchException;
import cn.com.infosec.jce.exception.DecryptDataException;
import cn.com.infosec.jce.exception.DecryptKeyException;
import cn.com.infosec.jce.exception.EncryptAlgException;
import cn.com.infosec.jce.exception.EncryptDataException;
import cn.com.infosec.jce.exception.EncryptKeyException;
import cn.com.infosec.jce.exception.WriteEnvDataException;
import cn.com.infosec.jce.provider.InfosecProvider;
import cn.com.infosec.netsigninterface.exceptions.InvalidCertificateException;
import cn.com.infosec.netsigninterface.exceptions.RAWSignException;
import cn.com.infosec.netsigninterface.exceptions.ServerKeyStoreException;
import cn.com.infosec.netsigninterface.exceptions.VerifyPlainSignedMsgException;
import cn.com.infosec.netsigninterface.resource.NetSignRes;
import cn.com.infosec.netsigninterface.util.TrustCerts;
import cn.com.infosec.netsigninterface.util.TrustConfig;
import cn.com.infosec.util.Base64;
import com.infosec.NetSignServer;
import com.infosec.NetSignX509CRL;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;

/* loaded from: input_file:cn/com/infosec/netsigninterface/NetSignImpl.class */
public class NetSignImpl {
    private byte[] ContentData;
    private X509Certificate signingCert;
    private X509Certificate encCert;
    private String[] certinfo;
    private String[] enccertinfo;
    private PKCS7SignedData p7sd = null;
    private PKCS7EnvelopedData p7ed = null;

    static {
        Security.addProvider(new InfosecProvider());
    }

    public byte[] hash1Base64(byte[] bArr) throws IOException {
        return Base64.encode(sha1hash(bArr)).getBytes();
    }

    private static byte[] sha1hash(byte[] bArr) {
        SHA1Digest sHA1Digest = new SHA1Digest();
        byte[] bArr2 = new byte[sHA1Digest.getDigestSize()];
        sHA1Digest.update(bArr, 0, bArr.length);
        sHA1Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    private static String getOrg(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        String str2 = null;
        while (stringTokenizer.hasMoreElements()) {
            String str3 = (String) stringTokenizer.nextElement();
            int indexOf = str3.indexOf("o=");
            int i = indexOf;
            if (indexOf == -1) {
                int indexOf2 = str3.indexOf("O=");
                i = indexOf2;
                if (indexOf2 != -1) {
                }
            }
            str2 = str3.substring(i + 2, str3.length());
        }
        return str2;
    }

    private void getEncCert() {
        this.enccertinfo = new String[5];
        this.enccertinfo[0] = this.encCert.getSubjectDN().getName();
        this.enccertinfo[1] = this.encCert.getIssuerDN().getName();
        this.enccertinfo[2] = new Date(this.encCert.getNotBefore().getTime()).toString();
        this.enccertinfo[3] = new Date(this.encCert.getNotAfter().getTime()).toString();
        this.enccertinfo[4] = this.encCert.getSerialNumber().toString(16).toUpperCase();
    }

    private void getSignCert() {
        this.certinfo = new String[5];
        this.certinfo[0] = this.signingCert.getSubjectDN().getName();
        this.certinfo[1] = this.signingCert.getIssuerDN().getName();
        this.certinfo[2] = new Date(this.signingCert.getNotBefore().getTime()).toString();
        this.certinfo[3] = new Date(this.signingCert.getNotAfter().getTime()).toString();
        this.certinfo[4] = this.signingCert.getSerialNumber().toString(16).toUpperCase();
    }

    public String getCertExtensionValue(String str) {
        return CRLDPDEC.getExtern(this.signingCert.getExtensionValue(str));
    }

    public String getSignCertInfo(int i) {
        return this.certinfo[i - 1];
    }

    public String getEncCertInfo(int i) {
        return this.enccertinfo[i - 1];
    }

    public byte[] getContentData() {
        return this.ContentData;
    }

    public static String getVersion() {
        return NetSignRes.PRODUCT_VERSION;
    }

    public X509Certificate getSignCertEntity() {
        return this.signingCert;
    }

    public byte[] GenerateSingleSignedMsg(byte[] bArr, ServerKeyStore serverKeyStore, boolean z) throws ServerKeyStoreException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.PLAINDATA_IS_NULL);
        }
        this.p7sd = new PKCS7SignedData(serverKeyStore.getPrivateKey(), serverKeyStore.getCertChain(), "SHA1");
        this.p7sd.update(bArr, 0, bArr.length);
        return !z ? this.p7sd.getEncoded(bArr) : this.p7sd.getEncoded();
    }

    public void VerifySingleSignedMsg(byte[] bArr, byte[] bArr2, TrustCerts trustCerts, Map map) throws CRLException, CertificateException, InvalidCertificateException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        if (bArr2 == null || bArr2.length == 0) {
            throw new InvalidParameterException(NetSignRes.PLAINDATA_IS_NULL);
        }
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.P7DATA_IS_NULL);
        }
        try {
            this.p7sd = new PKCS7SignedData(bArr);
            this.signingCert = this.p7sd.getSigningCertificate();
            getSignCert();
            if (trustCerts == null) {
                throw new InvalidCertificateException("-10057");
            }
            verifyCert(this.signingCert, map, trustCerts);
            try {
                this.p7sd.update(bArr2, 0, bArr2.length);
                if (!this.p7sd.verify()) {
                    throw new SignatureException(NetSignRes.NETSIGN_VERIFY_ERROR);
                }
            } catch (SignatureException e) {
                throw e;
            }
        } catch (SecurityException e2) {
            throw e2;
        } catch (InvalidKeyException e3) {
            throw e3;
        } catch (NoSuchAlgorithmException e4) {
            throw e4;
        } catch (NoSuchProviderException e5) {
            throw e5;
        } catch (CRLException e6) {
            throw e6;
        } catch (CertificateException e7) {
            throw e7;
        }
    }

    private static boolean verify(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws VerifyPlainSignedMsgException {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA", "INFOSEC");
            if (signature == null) {
                throw new VerifyPlainSignedMsgException("Verify Error:Signature generator fail");
            }
            signature.initVerify(publicKey);
            signature.update(bArr, 0, bArr.length);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new VerifyPlainSignedMsgException(new StringBuffer("Verify  Error:").append(e.getMessage()).toString());
        }
    }

    public byte[] rawSign(PrivateKey privateKey, byte[] bArr) throws RAWSignException {
        try {
            Signature signature = Signature.getInstance("SHA1WithRSA", "INFOSEC");
            if (signature == null) {
                throw new RAWSignException("Sign Error:Signature generator fail");
            }
            signature.initSign(privateKey);
            signature.update(bArr, 0, bArr.length);
            return signature.sign();
        } catch (Exception e) {
            throw new RAWSignException(new StringBuffer("Sign Error:").append(e.getMessage()).toString());
        }
    }

    public void VerifySinglePlainSignedMsg(byte[] bArr, byte[] bArr2, TrustCerts trustCerts, Map map, X509Certificate x509Certificate) throws CRLException, InvalidCertificateException, VerifyPlainSignedMsgException {
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.P7DATA_IS_NULL);
        }
        this.signingCert = x509Certificate;
        this.ContentData = bArr2;
        getSignCert();
        if (trustCerts == null) {
            throw new InvalidCertificateException("-10057");
        }
        verifyCert(x509Certificate, map, trustCerts);
        if (!verify(x509Certificate.getPublicKey(), bArr2, bArr)) {
            throw new InvalidCertificateException("-10060");
        }
    }

    public byte[] VerifySingleSignedMsg(byte[] bArr, TrustCerts trustCerts, Map map) throws CRLException, CertificateException, InvalidCertificateException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.P7DATA_IS_NULL);
        }
        try {
            this.p7sd = new PKCS7SignedData(bArr);
            this.signingCert = this.p7sd.getSigningCertificate();
            getSignCert();
            byte[] contentData = this.p7sd.getContentData();
            if (trustCerts == null) {
                throw new InvalidCertificateException("-10057");
            }
            verifyCert(this.signingCert, map, trustCerts);
            try {
                this.p7sd.update(contentData, 0, contentData.length);
                if (!this.p7sd.verify()) {
                    throw new SignatureException(NetSignRes.NETSIGN_VERIFY_ERROR);
                }
                this.ContentData = this.p7sd.getContentData();
                return contentData;
            } catch (SignatureException e) {
                throw e;
            }
        } catch (SecurityException e2) {
            throw e2;
        } catch (InvalidKeyException e3) {
            throw e3;
        } catch (NoSuchAlgorithmException e4) {
            throw e4;
        } catch (NoSuchProviderException e5) {
            throw e5;
        } catch (CRLException e6) {
            throw e6;
        } catch (CertificateException e7) {
            throw e7;
        }
    }

    public byte[] VerifySingleSignedMsgWithoutCRL(byte[] bArr, TrustCerts trustCerts) throws CRLException, CertificateException, InvalidCertificateException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.P7DATA_IS_NULL);
        }
        try {
            this.p7sd = new PKCS7SignedData(bArr);
            this.signingCert = this.p7sd.getSigningCertificate();
            getSignCert();
            byte[] contentData = this.p7sd.getContentData();
            if (trustCerts == null) {
                throw new InvalidCertificateException("-10057");
            }
            verifyCert(this.signingCert, null, trustCerts);
            try {
                this.p7sd.update(contentData, 0, contentData.length);
                if (!this.p7sd.verify()) {
                    throw new SignatureException(NetSignRes.NETSIGN_VERIFY_ERROR);
                }
                this.ContentData = this.p7sd.getContentData();
                return contentData;
            } catch (SignatureException e) {
                throw e;
            }
        } catch (SecurityException e2) {
            throw e2;
        } catch (InvalidKeyException e3) {
            throw e3;
        } catch (NoSuchAlgorithmException e4) {
            throw e4;
        } catch (NoSuchProviderException e5) {
            throw e5;
        } catch (CRLException e6) {
            throw e6;
        } catch (CertificateException e7) {
            throw e7;
        }
    }

    public byte[] MSEnvelopedandSigned(byte[] bArr, ServerKeyStore serverKeyStore, X509Certificate x509Certificate) throws ServerKeyStoreException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, WriteEnvDataException, EncryptKeyException, EncryptDataException, EncryptAlgException, CertificateException, InvalidCertificateException {
        return composeSingleEnvelopedMsg(GenerateSingleSignedMsg(bArr, serverKeyStore, false), x509Certificate);
    }

    public byte[] MSDecrypedandVerify(byte[] bArr, ServerKeyStore serverKeyStore, TrustCerts trustCerts, Map map) throws CRLException, CertificateException, InvalidCertificateException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidCertificateException, ServerKeyStoreException, DecryptKeyException, DecryptDataException, CertificateException, CertificateNotMatchException {
        return VerifySingleSignedMsg(decomposeSingleEnvelopedMsg(bArr, serverKeyStore), trustCerts, map);
    }

    public String Base64Encode(byte[] bArr) throws IOException {
        return Base64.encode(bArr);
    }

    public byte[] Base64Deccode(String str) throws IOException {
        return Base64.decode(str);
    }

    private boolean isCertRevoked(TrustCerts trustCerts, X509Certificate x509Certificate, Map map) {
        String str = null;
        TrustConfig trustConfig = (TrustConfig) trustCerts.getCerts().get(x509Certificate.getIssuerDN().getName());
        String iscrldp = trustConfig.iscrldp();
        HashMap hashMap = (HashMap) map.get(trustConfig.getcrldir());
        boolean z = false;
        if (!iscrldp.equals("0")) {
            return verifyallcrls(x509Certificate, hashMap);
        }
        try {
            str = CRLDPDEC.getcrldp(x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()));
        } catch (Exception e) {
        }
        if (str == null) {
            return verifyallcrls(x509Certificate, hashMap);
        }
        NetSignServer.lastCRLPortal = new StringBuffer(String.valueOf(str)).append(".crl").toString();
        NetSignX509CRL netSignX509CRL = (NetSignX509CRL) hashMap.get(new StringBuffer(String.valueOf(str)).append(".crl").toString());
        if (netSignX509CRL == null) {
            return false;
        }
        if (netSignX509CRL.isRevoked(x509Certificate)) {
            z = true;
        }
        return z;
    }

    private boolean isCertRevokedforyongyou(TrustConfig trustConfig, X509Certificate x509Certificate, Map map) {
        String str = null;
        String iscrldp = trustConfig.iscrldp();
        HashMap hashMap = (HashMap) map.get(trustConfig.getcrldir());
        boolean z = false;
        if (!iscrldp.equals("0")) {
            return verifyallcrls(x509Certificate, hashMap);
        }
        try {
            str = CRLDPDEC.getcrldp(x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId()));
        } catch (Exception e) {
        }
        if (str == null) {
            return verifyallcrls(x509Certificate, hashMap);
        }
        NetSignServer.lastCRLPortal = new StringBuffer(String.valueOf(str)).append(".crl").toString();
        NetSignX509CRL netSignX509CRL = (NetSignX509CRL) hashMap.get(new StringBuffer(String.valueOf(str)).append(".crl").toString());
        if (netSignX509CRL == null) {
            return false;
        }
        if (netSignX509CRL.isRevoked(x509Certificate)) {
            z = true;
        }
        return z;
    }

    private boolean verifyallcrls(X509Certificate x509Certificate, HashMap hashMap) {
        boolean z = false;
        Object[] array = hashMap.values().toArray();
        NetSignServer.lastCRLPortal = null;
        int i = 0;
        while (true) {
            if (i >= array.length) {
                break;
            }
            if (((NetSignX509CRL) array[i]).isRevoked(x509Certificate)) {
                System.out.println("is revoked");
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private void verifyCert(X509Certificate x509Certificate, Map map, TrustCerts trustCerts) throws InvalidCertificateException {
        String principal = x509Certificate.getIssuerDN().toString();
        TrustConfig trustConfig = (TrustConfig) trustCerts.getCerts().get(principal);
        if (trustConfig == null) {
            StringTokenizer stringTokenizer = new StringTokenizer(principal, ",");
            String[] strArr = new String[stringTokenizer.countTokens()];
            int i = 0;
            while (stringTokenizer.hasMoreElements()) {
                strArr[i] = stringTokenizer.nextToken();
                i++;
            }
            StringBuffer stringBuffer = new StringBuffer();
            for (int length = strArr.length - 1; length > 0; length--) {
                stringBuffer.append(strArr[length].trim());
                stringBuffer.append(",");
            }
            stringBuffer.append(strArr[0]);
            String stringBuffer2 = stringBuffer.toString();
            trustConfig = (TrustConfig) trustCerts.getCerts().get(stringBuffer2);
            if (trustConfig == null) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringBuffer2, ",");
                String[] strArr2 = new String[stringTokenizer2.countTokens()];
                int i2 = 0;
                while (stringTokenizer2.hasMoreElements()) {
                    strArr2[i2] = stringTokenizer2.nextToken();
                    i2++;
                }
                StringBuffer stringBuffer3 = new StringBuffer();
                for (int length2 = strArr2.length - 1; length2 > 0; length2--) {
                    stringBuffer3.append(strArr2[length2]);
                    stringBuffer3.append(",");
                }
                stringBuffer3.append(strArr2[0]);
                trustConfig = (TrustConfig) trustCerts.getCerts().get(stringBuffer3.toString());
            }
        }
        if (trustConfig == null) {
            throw new InvalidCertificateException("-10054");
        }
        PublicKey publicKey = trustConfig.getrootcert().getPublicKey();
        if (publicKey != null) {
            try {
                x509Certificate.verify(publicKey);
                x509Certificate.checkValidity();
                if (map != null && isCertRevokedforyongyou(trustConfig, x509Certificate, map)) {
                    throw new InvalidCertificateException("-10056");
                }
            } catch (Exception e) {
                throw new InvalidCertificateException("-10055");
            }
        }
    }

    public byte[] composeSingleEnvelopedMsg(byte[] bArr, X509Certificate x509Certificate) throws InvalidCertificateException, NoSuchProviderException, CertificateException, EncryptAlgException, EncryptDataException, EncryptKeyException, WriteEnvDataException {
        PKCS7EnvelopedData pKCS7EnvelopedData = new PKCS7EnvelopedData();
        if (x509Certificate == null) {
            throw new InvalidCertificateException(NetSignRes.CERTIFICATE_ERROR);
        }
        return pKCS7EnvelopedData.encrypt(bArr, x509Certificate, 4);
    }

    public byte[] decomposeSingleEnvelopedMsg(byte[] bArr, ServerKeyStore serverKeyStore) throws CertificateException, InvalidCertificateException, InvalidKeyException, CertificateNotMatchException, DecryptKeyException, DecryptDataException, CRLException, ServerKeyStoreException, NoSuchAlgorithmException, NoSuchProviderException {
        if (bArr == null || bArr.length == 0) {
            throw new InvalidParameterException(NetSignRes.P7ENVDATA_IS_NULL);
        }
        X509Certificate x509Certificate = serverKeyStore.getCertChain()[0];
        this.encCert = x509Certificate;
        getEncCert();
        PrivateKey privateKey = serverKeyStore.getPrivateKey();
        this.p7ed = new PKCS7EnvelopedData();
        byte[] decrypt = this.p7ed.decrypt(bArr, x509Certificate, privateKey);
        this.ContentData = decrypt;
        return decrypt;
    }
}
