package com.koalii.util.pkcs7;

import com.itextpdf.text.error_messages.MessageLocalization;
import com.koalii.asn1.ASN1EncodableVector;
import com.koalii.asn1.ASN1InputStream;
import com.koalii.asn1.ASN1OctetString;
import com.koalii.asn1.ASN1Set;
import com.koalii.asn1.DERObjectIdentifier;
import com.koalii.asn1.DEROctetString;
import com.koalii.asn1.DERSet;
import com.koalii.asn1.cms.Attribute;
import com.koalii.asn1.cms.AttributeTable;
import com.koalii.asn1.cms.CMSObjectIdentifiers;
import com.koalii.asn1.cms.ContentInfo;
import com.koalii.asn1.cms.IssuerAndSerialNumber;
import com.koalii.asn1.cms.SignedData;
import com.koalii.asn1.cms.SignerIdentifier;
import com.koalii.asn1.cms.SignerInfo;
import com.koalii.asn1.nist.NISTObjectIdentifiers;
import com.koalii.asn1.oiw.OIWObjectIdentifiers;
import com.koalii.asn1.pkcs.PKCSObjectIdentifiers;
import com.koalii.asn1.x509.AlgorithmIdentifier;
import com.koalii.asn1.x509.X509CertificateStructure;
import com.koalii.cert.SecretStore;
import com.koalii.cert.X509CertParser;
import com.koalii.cert.X509NameUtil;
import com.koalii.crypto.SignUtil;
import com.koalii.svs.SvsBase;
import com.koalii.util.AlgorithmUtil;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: input_file:com/koalii/util/pkcs7/PKCS7SignUtil.class */
public class PKCS7SignUtil {
    private SecretStore signerStore;

    public PKCS7SignUtil(SecretStore secretStore) {
        this.signerStore = secretStore;
    }

    public byte[] createSign(byte[] bArr) throws PKCS7Exception {
        String str;
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        if (this.signerStore == null || this.signerStore.getCert() == null) {
            throw new PKCS7Exception("Not find signer store");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new AlgorithmIdentifier("1.3.14.3.2.26"));
        String algorithm = this.signerStore.getAlgorithm();
        if (algorithm.equals(SvsBase.RSA)) {
            str = AlgorithmUtil.ID_RSA;
        } else {
            if (!algorithm.equals(SvsBase.DSA)) {
                throw new PKCS7Exception("Unknown Key Algorithm " + algorithm);
            }
            str = AlgorithmUtil.ID_DSA;
        }
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        try {
            aSN1EncodableVector2.add(new ASN1InputStream(this.signerStore.getCert().getEncoded()).readObject());
        } catch (IOException e) {
        } catch (CertificateEncodingException e2) {
        }
        try {
            byte[] signData = this.signerStore.signData(bArr);
            ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.data, new DEROctetString(bArr));
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(X509NameUtil.toX509Name(this.signerStore.getCert().getIssuerDN()), this.signerStore.getCert().getSerialNumber())), new AlgorithmIdentifier("1.3.14.3.2.26"), null, new AlgorithmIdentifier(str), new DEROctetString(signData), null);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(signerInfo);
            return new ContentInfo(CMSObjectIdentifiers.signedData, new SignedData(new DERSet(aSN1EncodableVector), contentInfo, new DERSet(aSN1EncodableVector2), null, new DERSet(aSN1EncodableVector3))).getDEREncoded();
        } catch (Exception e3) {
            throw new PKCS7Exception(e3);
        }
    }

    public static byte[] createSign(SecretStore secretStore, byte[] bArr) throws PKCS7Exception {
        return new PKCS7SignUtil(secretStore).createSign(bArr);
    }

    public byte[] createDetachSign(byte[] bArr) throws PKCS7Exception {
        String str;
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        if (this.signerStore == null || this.signerStore.getCert() == null) {
            throw new PKCS7Exception("Not find signer store");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new AlgorithmIdentifier("1.3.14.3.2.26"));
        String algorithm = this.signerStore.getAlgorithm();
        if (algorithm.equals(SvsBase.RSA)) {
            str = AlgorithmUtil.ID_RSA;
        } else {
            if (!algorithm.equals(SvsBase.DSA)) {
                throw new PKCS7Exception("Unknown Key Algorithm " + algorithm);
            }
            str = AlgorithmUtil.ID_DSA;
        }
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        try {
            aSN1EncodableVector2.add(new ASN1InputStream(this.signerStore.getCert().getEncoded()).readObject());
        } catch (IOException e) {
        } catch (CertificateEncodingException e2) {
        }
        try {
            byte[] signData = this.signerStore.signData(bArr);
            ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.data, null);
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(X509NameUtil.toX509Name(this.signerStore.getCert().getIssuerDN()), this.signerStore.getCert().getSerialNumber())), new AlgorithmIdentifier("1.3.14.3.2.26"), null, new AlgorithmIdentifier(str), new DEROctetString(signData), null);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(signerInfo);
            return new ContentInfo(CMSObjectIdentifiers.signedData, new SignedData(new DERSet(aSN1EncodableVector), contentInfo, new DERSet(aSN1EncodableVector2), null, new DERSet(aSN1EncodableVector3))).getDEREncoded();
        } catch (Exception e3) {
            throw new PKCS7Exception(e3);
        }
    }

    public static byte[] createDetachSign(SecretStore secretStore, byte[] bArr) throws PKCS7Exception {
        return new PKCS7SignUtil(secretStore).createDetachSign(bArr);
    }

    public static boolean verifySign(byte[] bArr, byte[] bArr2) throws PKCS7Exception {
        byte[] octets;
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(new ASN1InputStream(bArr).readObject());
            if (!contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) {
                throw new PKCS7Exception("illegal content type " + contentInfo.getContentType().getId());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            if (signedData == null) {
                throw new PKCS7Exception("parse signeddata error");
            }
            ContentInfo encapContentInfo = signedData.getEncapContentInfo();
            if (!encapContentInfo.getContentType().equals(CMSObjectIdentifiers.data)) {
                throw new PKCS7Exception("illegal encapture content type " + encapContentInfo.getContentType().getId());
            }
            ASN1OctetString aSN1OctetString = ASN1OctetString.getInstance(encapContentInfo.getContent());
            if (aSN1OctetString == null) {
                if (bArr2 == null) {
                    throw new IllegalArgumentException("no oridata");
                }
                octets = bArr2;
            } else if (bArr2 != null) {
                octets = aSN1OctetString.getOctets();
                if (octets.length != bArr2.length) {
                    return false;
                }
                for (int i = 0; i < octets.length; i++) {
                    if (octets[i] != bArr2[i]) {
                        return false;
                    }
                }
            } else {
                octets = aSN1OctetString.getOctets();
            }
            SignerInfo signerInfo = SignerInfo.getInstance(signedData.getSignerInfos().getObjectAt(0));
            if (signedData.getCertificates() == null || signedData.getCertificates().size() <= 0) {
                throw new PKCS7Exception("not find sign cert");
            }
            try {
                return SignUtil.sha1WithRsaVerify(octets, signerInfo.getEncryptedDigest().getOctets(), X509CertParser.parseDerCert(signedData.getCertificates().getObjectAt(0).getDERObject().getDEREncoded())[0].getPublicKey());
            } catch (Exception e) {
                throw new PKCS7Exception(e);
            }
        } catch (Exception e2) {
            throw new PKCS7Exception(e2);
        }
    }

    public static X509Certificate[] getSignCerts(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject()).getContent());
            if (signedData == null) {
                throw new PKCS7Exception("parse signeddata error");
            }
            return X509CertParser.parseDerCert(signedData.getCertificates().getObjectAt(0).getDERObject().getDEREncoded());
        } catch (Exception e) {
            throw new PKCS7Exception(e);
        }
    }

    public static byte[] getOriData(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject()).getContent());
            if (signedData == null) {
                throw new PKCS7Exception("parse signeddata error");
            }
            ContentInfo encapContentInfo = signedData.getEncapContentInfo();
            if (encapContentInfo.getContentType().equals(CMSObjectIdentifiers.data)) {
                return ASN1OctetString.getInstance(encapContentInfo.getContent()).getOctets();
            }
            throw new PKCS7Exception("illegal encapture content type " + encapContentInfo.getContentType().getId());
        } catch (Exception e) {
            throw new PKCS7Exception(e);
        }
    }

    public static SignerInfo getSignerInfo(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject()).getContent());
            if (signedData == null) {
                throw new PKCS7Exception("parse signeddata error");
            }
            if (signedData.getSignerInfos().size() != 1) {
                throw new IllegalArgumentException(MessageLocalization.getComposedMessage("this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time", new Object[0]));
            }
            return SignerInfo.getInstance(signedData.getSignerInfos().getObjectAt(0));
        } catch (IOException e) {
            throw new PKCS7Exception(e);
        }
    }

    public static byte[] getAuthenticatedAttrs(byte[] bArr) throws PKCS7Exception {
        return getAuthenticatedAttrs(getSignerInfo(bArr));
    }

    public static byte[] getAuthenticatedAttrs(SignerInfo signerInfo) throws PKCS7Exception {
        if (signerInfo == null) {
            throw new IllegalArgumentException("signerInfo null");
        }
        ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
        if (authenticatedAttributes == null) {
            return null;
        }
        return authenticatedAttributes.getDEREncoded();
    }

    public static byte[] getMessageDigestAttrInAuthenticatedAttris(byte[] bArr) throws PKCS7Exception {
        return getMessageDigestAttrInAuthenticatedAttris(getSignerInfo(bArr));
    }

    public static byte[] getMessageDigestAttrInAuthenticatedAttris(SignerInfo signerInfo) throws PKCS7Exception {
        if (signerInfo == null) {
            throw new IllegalArgumentException("signerInfo null");
        }
        ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
        if (authenticatedAttributes == null) {
            throw new PKCS7Exception("authenticatedAttributes not exist");
        }
        Attribute attribute = new AttributeTable(authenticatedAttributes).get(new DERObjectIdentifier("1.2.840.113549.1.9.4"));
        if (attribute == null) {
            throw new PKCS7Exception("messageDigest attribute no exist in authenticatedAttrbutes");
        }
        return ((ASN1OctetString) attribute.getAttrValues().getObjectAt(0)).getOctets();
    }

    public static byte[] getEncryptedDigest(byte[] bArr) throws PKCS7Exception {
        return getEncryptedDigest(getSignerInfo(bArr));
    }

    public static byte[] getEncryptedDigest(SignerInfo signerInfo) throws PKCS7Exception {
        if (signerInfo == null) {
            throw new IllegalArgumentException("signerInfo null");
        }
        return signerInfo.getEncryptedDigest().getOctets();
    }

    public static String getSignerCertDN(byte[] bArr) throws PKCS7Exception {
        byte[] signerCertificate = getSignerCertificate(bArr);
        if (signerCertificate == null) {
            return null;
        }
        try {
            return X509CertificateStructure.getInstance(new ASN1InputStream(signerCertificate).readObject()).getSubject().toString();
        } catch (IOException e) {
            throw new PKCS7Exception(e);
        }
    }

    public static byte[] getSignerCertificate(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(new ASN1InputStream(bArr).readObject()).getContent());
            if (signedData == null) {
                throw new PKCS7Exception("parse signeddata error");
            }
            Enumeration objects = signedData.getCertificates().getObjects();
            if (signedData.getSignerInfos().size() != 1) {
                throw new IllegalArgumentException(MessageLocalization.getComposedMessage("this.pkcs.7.object.has.multiple.signerinfos.only.one.is.supported.at.this.time", new Object[0]));
            }
            IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(SignerInfo.getInstance(signedData.getSignerInfos().getObjectAt(0).getDERObject()).getSID().getDERObject());
            while (objects.hasMoreElements()) {
                X509CertificateStructure x509CertificateStructure = X509CertificateStructure.getInstance(objects.nextElement());
                if (x509CertificateStructure.getIssuer().equals(issuerAndSerialNumber.getName()) && x509CertificateStructure.getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber())) {
                    return x509CertificateStructure.getDEREncoded();
                }
            }
            return null;
        } catch (Exception e) {
            throw new PKCS7Exception(e);
        }
    }

    public static int getDigestAlgorithm(byte[] bArr) throws PKCS7Exception {
        return getDigestAlgorithm(getSignerInfo(bArr));
    }

    public static int getDigestAlgorithm(SignerInfo signerInfo) throws PKCS7Exception {
        int i = -1;
        if (signerInfo == null) {
            throw new IllegalArgumentException("signerInfo null");
        }
        DERObjectIdentifier objectId = signerInfo.getDigestAlgorithm().getObjectId();
        if (objectId.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) || objectId.equals(OIWObjectIdentifiers.idSHA1)) {
            i = 2;
        } else if (objectId.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) || objectId.equals(NISTObjectIdentifiers.id_sha256)) {
            i = 3;
        } else if (objectId.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            i = 1;
        }
        return i;
    }
}
