package com.bocnet.common.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Array;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;

/* loaded from: input_file:com/bocnet/common/security/PKCS7Tool.class */
public class PKCS7Tool {
    private static final int SIGNER = 1;
    private static final int VERIFIER = 2;
    private int mode;
    private X509Certificate[] certificates = null;
    private PrivateKey privateKey = null;
    private Certificate[] rootCertificates = null;
    static Class class$0;
    static Class class$1;
    static Class class$2;
    static Class class$3;
    static Class class$4;
    static Class class$5;
    static Class class$6;
    static Class class$7;
    private static String digestAlgorithm = "SHA1";
    private static String signingAlgorithm = "SHA1withRSA";
    private static char jvm = 0;
    private static Class algorithmId = null;
    private static Class derValue = null;
    private static Class objectIdentifier = null;
    private static Class x500Name = null;
    private static boolean debug = false;

    private PKCS7Tool(int i) {
        this.mode = 0;
        this.mode = i;
    }

    public static PKCS7Tool getSigner(String str, String str2, String str3) throws GeneralSecurityException, IOException {
        String str4;
        if (str.toLowerCase().endsWith(".pfx")) {
            str4 = "PKCS12";
        } else {
            if (!str.toLowerCase().endsWith(".jks")) {
                throw new IllegalStateException("Unknown keystore type.");
            }
            str4 = "JKS";
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            PKCS7Tool signer = getSigner(fileInputStream, str4, str2, str3);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return signer;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static PKCS7Tool getSigner(byte[] bArr, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        return getSigner(new ByteArrayInputStream(bArr), str, str2, str3);
    }

    public static PKCS7Tool getSigner(InputStream inputStream, String str, String str2, String str3) throws GeneralSecurityException, IOException {
        init();
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(inputStream, str2.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        String str4 = null;
        if (aliases != null) {
            while (aliases.hasMoreElements()) {
                str4 = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(str4);
                if (certificateChain != null && certificateChain.length != 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                    if (matchUsage(x509Certificate.getKeyUsage(), SIGNER)) {
                        try {
                            x509Certificate.checkValidity();
                            break;
                        } catch (CertificateException e) {
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        if (str4 == null) {
            throw new GeneralSecurityException("None certificate for sign in this keystore");
        }
        if (debug) {
            System.out.println(str4);
            System.out.println(new StringBuffer("SIGNER =\n").append(new BASE64Encoder().encode(keyStore.getCertificate(str4).getEncoded())).toString());
        }
        if (!keyStore.isKeyEntry(str4) && !keyStore.isCertificateEntry(str4)) {
            throw new GeneralSecurityException(new StringBuffer(String.valueOf(str4)).append(" is unknown to this keystore").toString());
        }
        X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(str4);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str4, str3.toCharArray());
        if (privateKey == null) {
            throw new GeneralSecurityException(new StringBuffer(String.valueOf(str4)).append(" could not be accessed").toString());
        }
        PKCS7Tool pKCS7Tool = new PKCS7Tool(SIGNER);
        pKCS7Tool.certificates = new X509Certificate[]{x509Certificate2};
        pKCS7Tool.privateKey = privateKey;
        return pKCS7Tool;
    }

    public static PKCS7Tool getVerifier(String str) throws GeneralSecurityException, IOException {
        String str2;
        if (str.toLowerCase().endsWith(".p7b")) {
            str2 = "PKCS7";
        } else {
            if (!str.toLowerCase().endsWith(".cer")) {
                throw new IllegalStateException("Unknown rootstore type.");
            }
            str2 = "DER";
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            PKCS7Tool verifier = getVerifier(fileInputStream, str2);
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return verifier;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    public static PKCS7Tool getVerifier(byte[] bArr, String str) throws GeneralSecurityException, IOException {
        return getVerifier(new ByteArrayInputStream(bArr), str);
    }

    public static PKCS7Tool getVerifier(InputStream inputStream, String str) throws GeneralSecurityException, IOException {
        Certificate[] certificateArr;
        PKCS7 pkcs7;
        init();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if ("DER".equals(str)) {
            try {
                certificateArr = new Certificate[]{certificateFactory.generateCertificate(inputStream)};
            } catch (Exception e) {
                if (debug) {
                    e.printStackTrace();
                }
                certificateArr = new Certificate[]{certificateFactory.generateCertificate(new ByteArrayInputStream(new BASE64Decoder().decodeBuffer(inputStream)))};
            }
        } else {
            if (!"PKCS7".equals(str)) {
                throw new IllegalStateException("Unknown root certificate(s) type.");
            }
            byte[] readData = readData(inputStream);
            try {
                pkcs7 = new PKCS7(readData);
            } catch (Exception e2) {
                pkcs7 = new PKCS7(new BASE64Decoder().decodeBuffer(new String(readData)));
            }
            certificateArr = pkcs7.getCertificates();
        }
        PKCS7Tool pKCS7Tool = new PKCS7Tool(VERIFIER);
        pKCS7Tool.rootCertificates = certificateArr;
        return pKCS7Tool;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.lang.Throwable, java.lang.Class] */
    /* JADX WARN: Type inference failed for: r0v38, types: [java.lang.Throwable, java.lang.Class] */
    /* JADX WARN: Type inference failed for: r1v13, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v44, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v50, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v53, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v56, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v59, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v6, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v68, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v74, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v77, types: [java.lang.Throwable] */
    public String sign(byte[] bArr) throws Exception {
        if (this.mode != SIGNER) {
            throw new IllegalStateException("call a PKCS7Tool instance not for signature.");
        }
        Signature signature = Signature.getInstance(signingAlgorithm);
        signature.initSign(this.privateKey);
        signature.update(bArr, 0, bArr.length);
        byte[] sign = signature.sign();
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("sun.security.pkcs.ContentInfo");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        Object obj = cls.getField("DATA_OID").get(null);
        Class<?> cls2 = class$0;
        if (cls2 == null) {
            try {
                cls2 = Class.forName("sun.security.pkcs.ContentInfo");
                class$0 = cls2;
            } catch (ClassNotFoundException unused2) {
                throw new NoClassDefFoundError(cls2.getMessage());
            }
        }
        Constructor<?> constructor = cls2.getConstructor(obj.getClass(), derValue);
        Object[] objArr = new Object[VERIFIER];
        objArr[0] = obj;
        ContentInfo contentInfo = (ContentInfo) constructor.newInstance(objArr);
        X509Certificate x509Certificate = this.certificates[this.certificates.length - SIGNER];
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        ?? r0 = x500Name;
        Class[] clsArr = new Class[SIGNER];
        Class<?> cls3 = class$1;
        if (cls3 == null) {
            try {
                cls3 = Class.forName("java.lang.String");
                class$1 = cls3;
            } catch (ClassNotFoundException unused3) {
                throw new NoClassDefFoundError(r0.getMessage());
            }
        }
        clsArr[0] = cls3;
        Object newInstance = r0.getConstructor(clsArr).newInstance(x509Certificate.getIssuerDN().getName());
        ?? r02 = algorithmId;
        Class[] clsArr2 = new Class[SIGNER];
        Class<?> cls4 = class$1;
        if (cls4 == null) {
            try {
                cls4 = Class.forName("java.lang.String");
                class$1 = cls4;
            } catch (ClassNotFoundException unused4) {
                throw new NoClassDefFoundError(r02.getMessage());
            }
        }
        clsArr2[0] = cls4;
        Object invoke = r02.getMethod("get", clsArr2).invoke(null, digestAlgorithm);
        Object newInstance2 = algorithmId.getConstructor(objectIdentifier).newInstance(algorithmId.getField("RSAEncryption_oid").get(null));
        Class<?> cls5 = class$2;
        if (cls5 == null) {
            try {
                cls5 = Class.forName("sun.security.pkcs.SignerInfo");
                class$2 = cls5;
            } catch (ClassNotFoundException unused5) {
                throw new NoClassDefFoundError(cls5.getMessage());
            }
        }
        Class<?>[] clsArr3 = new Class[7];
        clsArr3[0] = x500Name;
        Class<?> cls6 = class$3;
        if (cls6 == null) {
            try {
                cls6 = Class.forName("java.math.BigInteger");
                class$3 = cls6;
            } catch (ClassNotFoundException unused6) {
                throw new NoClassDefFoundError(cls5.getMessage());
            }
        }
        clsArr3[SIGNER] = cls6;
        clsArr3[VERIFIER] = algorithmId;
        Class<?> cls7 = class$4;
        if (cls7 == null) {
            try {
                cls7 = Class.forName("sun.security.pkcs.PKCS9Attributes");
                class$4 = cls7;
            } catch (ClassNotFoundException unused7) {
                throw new NoClassDefFoundError(cls5.getMessage());
            }
        }
        clsArr3[3] = cls7;
        clsArr3[4] = algorithmId;
        Class<?> cls8 = class$5;
        if (cls8 == null) {
            try {
                cls8 = Class.forName("[B");
                class$5 = cls8;
            } catch (ClassNotFoundException unused8) {
                throw new NoClassDefFoundError(cls5.getMessage());
            }
        }
        clsArr3[5] = cls8;
        Class<?> cls9 = class$4;
        if (cls9 == null) {
            try {
                cls9 = Class.forName("sun.security.pkcs.PKCS9Attributes");
                class$4 = cls9;
            } catch (ClassNotFoundException unused9) {
                throw new NoClassDefFoundError(cls5.getMessage());
            }
        }
        clsArr3[6] = cls9;
        Constructor<?> constructor2 = cls5.getConstructor(clsArr3);
        Object[] objArr2 = new Object[7];
        objArr2[0] = newInstance;
        objArr2[SIGNER] = serialNumber;
        objArr2[VERIFIER] = invoke;
        objArr2[4] = newInstance2;
        objArr2[5] = sign;
        SignerInfo[] signerInfoArr = {(SignerInfo) constructor2.newInstance(objArr2)};
        Object newInstance3 = Array.newInstance((Class<?>) algorithmId, SIGNER);
        Array.set(newInstance3, 0, invoke);
        Class<?> cls10 = class$6;
        if (cls10 == null) {
            try {
                cls10 = Class.forName("sun.security.pkcs.PKCS7");
                class$6 = cls10;
            } catch (ClassNotFoundException unused10) {
                throw new NoClassDefFoundError(cls10.getMessage());
            }
        }
        Class<?>[] clsArr4 = new Class[4];
        clsArr4[0] = newInstance3.getClass();
        Class<?> cls11 = class$0;
        if (cls11 == null) {
            try {
                cls11 = Class.forName("sun.security.pkcs.ContentInfo");
                class$0 = cls11;
            } catch (ClassNotFoundException unused11) {
                throw new NoClassDefFoundError(cls10.getMessage());
            }
        }
        clsArr4[SIGNER] = cls11;
        Class<?> cls12 = class$7;
        if (cls12 == null) {
            try {
                cls12 = Class.forName("[Ljava.security.cert.X509Certificate;");
                class$7 = cls12;
            } catch (ClassNotFoundException unused12) {
                throw new NoClassDefFoundError(cls10.getMessage());
            }
        }
        clsArr4[VERIFIER] = cls12;
        clsArr4[3] = signerInfoArr.getClass();
        PKCS7 pkcs7 = (PKCS7) cls10.getConstructor(clsArr4).newInstance(newInstance3, contentInfo, this.certificates, signerInfoArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        pkcs7.encodeSignedData(byteArrayOutputStream);
        return new BASE64Encoder().encode(byteArrayOutputStream.toByteArray());
    }

    public void verify(String str, byte[] bArr, String str2) throws IOException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateException, NoSuchProviderException {
        if (this.mode != VERIFIER) {
            throw new IllegalStateException("call a PKCS7Tool instance not for verify.");
        }
        PKCS7 pkcs7 = new PKCS7(new BASE64Decoder().decodeBuffer(str));
        X509Certificate[] certificates = pkcs7.getCertificates();
        if (debug) {
            for (int i = 0; i < certificates.length; i += SIGNER) {
                X509Certificate x509Certificate = certificates[i];
                System.out.println(new StringBuffer("SIGNER ").append(i).append("=\n").append(x509Certificate).toString());
                System.out.println(new StringBuffer("SIGNER ").append(i).append("=\n").append(new BASE64Encoder().encode(x509Certificate.getEncoded())).toString());
            }
        }
        SignerInfo[] verify = pkcs7.verify(bArr);
        if (verify == null) {
            throw new SignatureException("Signature failed verification, data has been tampered");
        }
        for (int i2 = 0; i2 < verify.length; i2 += SIGNER) {
            X509Certificate certificate = verify[i2].getCertificate(pkcs7);
            certificate.checkValidity();
            boolean z = false;
            int length = this.rootCertificates.length - SIGNER;
            while (true) {
                if (length < 0) {
                    break;
                }
                if (certificate.equals(this.rootCertificates[length])) {
                    z = SIGNER;
                    break;
                }
                try {
                    certificate.verify(this.rootCertificates[length].getPublicKey());
                    z = SIGNER;
                    break;
                } catch (Exception e) {
                    length--;
                }
            }
            if (!z) {
                throw new SignatureException("Signature certificate's issuer is untrusty.");
            }
            if (i2 == 0 && str2 != null) {
                X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
                if (!str2.equals(subjectX500Principal.getName("RFC1779")) && !new X500Principal(str2).equals(subjectX500Principal)) {
                    throw new SignatureException(new StringBuffer("Signer dn '").append(subjectX500Principal.getName("RFC1779")).append("' does not matchs '").append(str2).append("'").toString());
                }
            }
        }
    }

    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2 += SIGNER) {
            if ((i & (SIGNER << i2)) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    private static void init() {
        if (jvm != 0) {
            return;
        }
        String property = System.getProperty("java.vm.vendor");
        if (property == null) {
            property = "";
        }
        try {
            if (property.toUpperCase().indexOf("IBM") >= 0) {
                jvm = 'I';
                algorithmId = Class.forName("com.ibm.security.x509.AlgorithmId");
                derValue = Class.forName("com.ibm.security.util.DerValue");
                objectIdentifier = Class.forName("com.ibm.security.util.ObjectIdentifier");
                x500Name = Class.forName("com.ibm.security.x509.X500Name");
                return;
            }
            jvm = 'S';
            algorithmId = Class.forName("sun.security.x509.AlgorithmId");
            derValue = Class.forName("sun.security.util.DerValue");
            objectIdentifier = Class.forName("sun.security.util.ObjectIdentifier");
            x500Name = Class.forName("sun.security.x509.X500Name");
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            System.out.println(new StringBuffer("Not support JRE: ").append(property).toString());
            throw new RuntimeException(e);
        }
    }

    public static final String getDigestAlgorithm() {
        return digestAlgorithm;
    }

    public static final void setDigestAlgorithm(String str) {
        digestAlgorithm = str;
    }

    public static final String getSigningAlgorithm() {
        return signingAlgorithm;
    }

    public static final void setSigningAlgorithm(String str) {
        signingAlgorithm = str;
    }

    public static void setDebug(boolean z) {
        debug = z;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public X509Certificate[] getCertificates() {
        return this.certificates;
    }

    public Certificate[] getRootCertificates() {
        return this.rootCertificates;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] readData(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[256];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= 0) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
