package cn.com.jit.ida.util.pki.pkcs;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.ASN1Set;
import cn.com.jit.ida.util.pki.asn1.DERGeneralizedTime;
import cn.com.jit.ida.util.pki.asn1.DERObject;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.DERUTCTime;
import cn.com.jit.ida.util.pki.asn1.cms.Attribute;
import cn.com.jit.ida.util.pki.asn1.cms.CMSAttributes;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.SignedData;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.SignerInfo;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.param.P7Param;
import cn.com.jit.ida.util.pki.cipher.param.p7signInfo;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.SimpleTimeZone;

/* loaded from: classes.dex */
public class AndPKCS7 {
    ContentInfo cntInfo;
    SimpleDateFormat dateF;
    PKCS7 p7;
    private byte[] p7data;
    private Session session;

    public AndPKCS7() {
        this.session = null;
        this.p7data = null;
        this.p7 = null;
        this.cntInfo = null;
    }

    public AndPKCS7(byte[] bArr, Session session) {
        this.session = null;
        this.p7data = null;
        this.p7 = null;
        this.cntInfo = null;
        this.session = session;
        this.p7data = bArr;
    }

    public P7Param GetP7Cnt() throws PKIException {
        if (this.p7data == null || this.session == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, need session or p7 data.");
        }
        PKCS7 pkcs7 = new PKCS7(this.session);
        pkcs7.load(this.p7data);
        if (pkcs7.GetType() == 2) {
            return pkcs7.GetP7Cnt();
        }
        throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, p7 is not signData.");
    }

    public byte[] genP7_Sign(byte[] bArr, Session session, P7Param[] p7ParamArr) throws PKIException {
        return Parser.writeDERObj2Bytes(genP7_SignObj(bArr, session, p7ParamArr));
    }

    public byte[] genP7_Sign(P7Param[] p7ParamArr) throws PKIException {
        return Parser.writeDERObj2Bytes(genP7_SignObj(p7ParamArr));
    }

    public DERObject genP7_SignObj(byte[] bArr, Session session, P7Param[] p7ParamArr) throws PKIException {
        this.session = session;
        this.p7data = bArr;
        return genP7_SignObj(p7ParamArr);
    }

    public DERObject genP7_SignObj(P7Param[] p7ParamArr) throws PKIException {
        if (this.p7data == null || this.session == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, need session or p7 data.");
        }
        PKCS7 pkcs7 = new PKCS7(this.session);
        this.p7 = pkcs7;
        pkcs7.load(this.p7data);
        ContentInfo cntInfo = this.p7.getCntInfo();
        this.cntInfo = cntInfo;
        if (cntInfo == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, load p7 data error.");
        }
        int i = 2;
        if (this.p7.GetType() != 2) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, p7 is not signData.");
        }
        SignedData signedData = SignedData.getInstance(this.cntInfo.getContent().getDERObject());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1Set certificates = signedData.getCertificates();
        int i2 = 0;
        while (i2 < certificates.size()) {
            aSN1EncodableVector.add(certificates.getObjectAt(i2));
            i2++;
            i = 2;
        }
        int i3 = 0;
        while (i3 < p7ParamArr.length) {
            X509Cert[] GetSignCerts = p7ParamArr[i3].GetSignCerts();
            for (int i4 = 0; GetSignCerts != null && i4 < GetSignCerts.length; i4++) {
                aSN1EncodableVector.add(GetSignCerts[i4].getCertStructure());
            }
            i3++;
            i = 2;
        }
        DERSet dERSet = aSN1EncodableVector.size() != 0 ? new DERSet(aSN1EncodableVector) : null;
        ASN1Set signerInfos = signedData.getSignerInfos();
        SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(0));
        if (signerInfo == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, SignerInfo error.");
        }
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Attribute signTimeAttr = getSignTimeAttr(getUTCSignTime(null));
        int i5 = 0;
        while (i5 < p7ParamArr.length) {
            if (p7ParamArr[i5].GetPrvKey() == null || p7ParamArr[i5].GetSignMech() == null) {
                throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整");
            }
            DERObject[] dERObjectArr = {getCntTypeAttr(p7ParamArr[i5].GetSignMech()).getDERObject(), signTimeAttr.getDERObject(), new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(this.session.digest(Mechanism.signMech2DigMech(p7ParamArr[i5].GetSignMech()), signerInfo.getEncryptedDigest().getOctets())))).getDERObject()};
            p7ParamArr[i5].setAuthData(dERObjectArr);
            new AlgorithmIdentifier(this.p7.Sign2DigOid(p7ParamArr[i5].GetSignMech()));
            byte[] sign = this.session.sign(p7ParamArr[i5].GetSignMech(), p7ParamArr[i5].GetPrvKey(), this.p7.AuthData2bytes(dERObjectArr));
            if (sign == null) {
                throw new PKIException(PKIException.P7_GENERATE_ERR, PKIException.P7_GENERATE_ERR_DES);
            }
            aSN1EncodableVector2.add(this.p7.GetSignerInfo(p7ParamArr[i5], sign));
            i5++;
            i = 2;
        }
        DERSet dERSet2 = new DERSet(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(PKCSObjectIdentifiers.pkcs9_at_counterSignature);
        aSN1EncodableVector3.add(dERSet2);
        ASN1Set aSN1Set = ASN1Set.getInstance(signerInfo.getUnauthenticatedAttributes());
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        if (aSN1Set != null) {
            for (int i6 = 0; i6 < aSN1Set.size(); i6++) {
                aSN1EncodableVector4.add(aSN1Set.getObjectAt(i6));
            }
        }
        aSN1EncodableVector4.add(new DERSequence(aSN1EncodableVector3));
        SignerInfo signerInfo2 = new SignerInfo(signerInfo.getVersion(), signerInfo.getIssuerAndSerialNumber(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(aSN1EncodableVector4));
        ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
        aSN1EncodableVector5.add(signerInfo2);
        for (int i7 = 1; i7 < signerInfos.size(); i7++) {
            aSN1EncodableVector5.add(signerInfos.getObjectAt(i7));
        }
        return new ContentInfo(this.p7.GetTypeOid(i), new SignedData(signedData.getVersion(), signedData.getDigestAlgorithms(), signedData.getContentInfo(), dERSet, signedData.getCRLs(), new DERSet(aSN1EncodableVector5))).getDERObject();
    }

    public Attribute getCntTypeAttr(Mechanism mechanism) {
        DERObjectIdentifier dERObjectIdentifier = mechanism.getMechanismType() == "SM3withSM2Encryption" ? PKCSObjectIdentifiers.gm_PKCS7_data : PKCSObjectIdentifiers.data;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERObjectIdentifier);
        return new Attribute(PKCSObjectIdentifiers.pkcs9_at_contentType, new DERSet(aSN1EncodableVector));
    }

    public p7signInfo[] getConterSignInfos(DERSequence dERSequence) throws PKIException {
        return new PKCS7().parserSignInfos((DERSet) ASN1Set.getInstance(dERSequence.getObjectAt(1)));
    }

    public SimpleDateFormat getDateF() {
        return this.dateF;
    }

    public DERGeneralizedTime getSignTime(Date date) {
        SimpleDateFormat simpleDateFormat = this.dateF;
        if (simpleDateFormat == null) {
            simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss.SSSS'Z'");
        }
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
        return new DERGeneralizedTime(date == null ? simpleDateFormat.format(new Date()) : simpleDateFormat.format(date));
    }

    public Attribute getSignTimeAttr(DERUTCTime dERUTCTime) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERUTCTime);
        return new Attribute(PKCSObjectIdentifiers.pkcs9_at_signingTime, new DERSet(aSN1EncodableVector));
    }

    public DERUTCTime getUTCSignTime(Date date) {
        SimpleDateFormat simpleDateFormat = this.dateF;
        if (simpleDateFormat == null) {
            simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss.SSSS'Z'");
        }
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
        return new DERUTCTime(date == null ? simpleDateFormat.format(new Date()) : simpleDateFormat.format(date));
    }

    public void setData(byte[] bArr) {
        this.p7data = bArr;
    }

    public void setDateF(SimpleDateFormat simpleDateFormat) {
        this.dateF = simpleDateFormat;
    }

    public void setSession(Session session) {
        this.session = session;
    }

    public boolean verifyP7Sign(byte[] bArr, X509Cert[] x509CertArr) throws PKIException {
        if (this.p7data == null || this.session == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, need session or p7 data.");
        }
        PKCS7 pkcs7 = new PKCS7(this.session);
        this.p7 = pkcs7;
        pkcs7.load(this.p7data);
        if (this.p7.GetType() != 2) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, p7 is not signData.");
        }
        X509Cert[] x509CertArr2 = x509CertArr;
        boolean verifyP7Sign = this.p7.verifyP7Sign(bArr, x509CertArr2);
        if (!verifyP7Sign) {
            return verifyP7Sign;
        }
        P7Param GetP7Cnt = this.p7.GetP7Cnt();
        char c2 = 0;
        DERObject[] unauths = GetP7Cnt.GetSignInfos()[0].getUnauths();
        if (unauths == null) {
            throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, parse unauth data.");
        }
        for (DERObject dERObject : unauths) {
            DERSequence dERSequence = (DERSequence) ASN1Sequence.getInstance(dERObject);
            if (dERSequence == null) {
                throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, parse unauth data.");
            }
            p7signInfo[] conterSignInfos = getConterSignInfos(dERSequence);
            DERObject[] auths = conterSignInfos[c2].getAuths();
            byte[] signature = conterSignInfos[c2].getSignature();
            if (GetP7Cnt.GetSignCerts() == null && x509CertArr2 == null) {
                throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整, no certs to verify");
            }
            if (GetP7Cnt.GetSignCerts() != null) {
                x509CertArr2 = GetP7Cnt.GetSignCerts();
            }
            int i = 0;
            while (i < conterSignInfos.length) {
                Mechanism mechanism = new Mechanism(conterSignInfos[i].getSignMech());
                String sn = conterSignInfos[i].getSn();
                int i2 = 0;
                while (i2 < x509CertArr2.length && !sn.equals(x509CertArr2[i2].getSerialNumber().toString(16))) {
                    i2++;
                }
                if (i2 >= x509CertArr2.length) {
                    throw new PKIException(PKIException.P7_PARAM_ERR, "参数不完整,no cert to verify.");
                }
                verifyP7Sign = this.session.verifySign(mechanism, x509CertArr2[i2].getPublicKey(), this.p7.AuthData2bytes(auths), signature);
                if (!verifyP7Sign) {
                    return verifyP7Sign;
                }
                i++;
                c2 = 0;
            }
        }
        return verifyP7Sign;
    }
}
