package cfca.sadk.algorithm.common;

import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.algorithm.util.BigIntegerUtil;
import cfca.sadk.asn1.parser.ASN1Node;
import cfca.sadk.asn1.parser.PKCS7SignFileParser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.BERSet;
import cfca.sadk.org.bouncycastle.asn1.DERInteger;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.DERTaggedObject;
import cfca.sadk.org.bouncycastle.asn1.pkcs.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import cfca.sadk.org.bouncycastle.asn1.pkcs.SignedData;
import cfca.sadk.org.bouncycastle.asn1.pkcs.SignerInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Certificate;
import cfca.sadk.signature.rsa.RSASignUtil;
import cfca.sadk.signature.sm2.SM2HashUtil;
import cfca.sadk.signature.sm2.SM2PackageUtil;
import cfca.sadk.signature.sm2.SM2SignerInfo;
import cfca.sadk.system.global.SM2ContextConfig;
import cfca.sadk.util.CertUtil;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Enumeration;

/* loaded from: input_file:cfca/sadk/algorithm/common/PKCS7SignedFile.class */
public class PKCS7SignedFile {
    private String digestAlgorithm;
    private byte[] signature;
    private byte[] sourceData;
    private X509Cert signerCert;
    private Session session;

    public PKCS7SignedFile(Session session) {
        this.session = null;
        this.session = session;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public byte[] getSourceData() {
        return this.sourceData;
    }

    public X509Cert getSignerX509Cert() {
        return this.signerCert;
    }

    private X509Cert getSignerCert(X509Cert[] x509CertArr, IssuerAndSerialNumber issuerAndSerialNumber) throws PKIException {
        String x500Name = issuerAndSerialNumber.getName().toString();
        BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
        for (int i = 0; i < x509CertArr.length; i++) {
            X500Name issuerX500Name = x509CertArr[i].getIssuerX500Name();
            BigInteger serialNumber = x509CertArr[i].getSerialNumber();
            if (issuerX500Name.toString().equals(x500Name) && serialNumber.compareTo(value) == 0) {
                return x509CertArr[i];
            }
        }
        return null;
    }

    public boolean verifyP7SignedFile(String str, String str2) throws Exception {
        PKCS7SignFileParser pKCS7SignFileParser = new PKCS7SignFileParser(new File(str));
        pKCS7SignFileParser.parser();
        return CertUtil.isSM2Cert(new X509Cert(Certificate.getInstance(ASN1Set.getInstance(DERTaggedObject.getInstance(pKCS7SignFileParser.getCertificate_node().getData()), false).getObjectAt(0)))) ? verifySM2P7SignedFile(str, str2, true, null, pKCS7SignFileParser) : verifyRSAP7SignedFile(str, str2, pKCS7SignFileParser);
    }

    private boolean verifySM2P7SignedFile(String str, String str2, boolean z, byte[] bArr, PKCS7SignFileParser pKCS7SignFileParser) throws Exception {
        try {
            ASN1Node aSN1Node = (ASN1Node) ((ASN1Node) pKCS7SignFileParser.getSourceData_node().childNodes.get(1)).childNodes.get(0);
            if (aSN1Node.childNodes.size() == 1) {
                aSN1Node = (ASN1Node) aSN1Node.childNodes.get(0);
            }
            ASN1Node certificate_node = pKCS7SignFileParser.getCertificate_node();
            ASN1Set aSN1Set = ASN1Set.getInstance(pKCS7SignFileParser.getSingerinfo_node().getData());
            ASN1Set aSN1Set2 = ASN1Set.getInstance(DERTaggedObject.getInstance(certificate_node.getData()), false);
            X509Cert[] x509CertArr = new X509Cert[aSN1Set2.size()];
            for (int i = 0; i < aSN1Set2.size(); i++) {
                x509CertArr[i] = new X509Cert(Certificate.getInstance(aSN1Set2.getObjectAt(i)));
            }
            Enumeration objects = aSN1Set.getObjects();
            if (!objects.hasMoreElements()) {
                return false;
            }
            SM2SignerInfo sM2SignerInfo = SM2SignerInfo.getInstance(objects.nextElement());
            X509Cert signerCert = getSignerCert(x509CertArr, sM2SignerInfo.getIssuerAndSerialNumber());
            this.signerCert = signerCert;
            if (signerCert == null) {
                throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
            }
            PublicKey publicKey = signerCert.getPublicKey();
            byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo.getEncryptedDigestR().getPositiveValue());
            byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo.getEncryptedDigestS().getPositiveValue());
            byte[] bArr2 = new byte[64];
            System.arraycopy(asUnsigned32ByteArray, 0, bArr2, 0, 32);
            System.arraycopy(asUnsigned32ByteArray2, 0, bArr2, 32, 32);
            this.digestAlgorithm = Mechanism.SM3;
            this.signature = bArr2;
            this.sourceData = "source file is too big, will not display,please see the sourceFilePath attribute".getBytes("UTF8");
            long j = aSN1Node.valueStartPos;
            long j2 = aSN1Node.valueLength;
            byte[] hashFile = z ? SM2HashUtil.hashFile(true, bArr, aSN1Node.f.getAbsolutePath(), j, j2, publicKey, str2, this.session) : SM2HashUtil.hashFile(false, null, aSN1Node.f.getAbsolutePath(), j, j2, null, str2, this.session);
            if (!(this.session instanceof JNISoftLib)) {
                return SM2PackageUtil.verifyByBC(hashFile, bArr2, publicKey);
            }
            SM2PublicKey sM2PublicKey = (SM2PublicKey) publicKey;
            return SM2PackageUtil.verifyByJNI(hashFile, bArr2, sM2PublicKey.getPubXByBytes(), sM2PublicKey.getPubYByBytes());
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    private boolean verifyRSAP7SignedFile(String str, String str2, PKCS7SignFileParser pKCS7SignFileParser) throws Exception {
        String str3;
        try {
            ASN1Node aSN1Node = (ASN1Node) ((ASN1Node) pKCS7SignFileParser.getSourceData_node().childNodes.get(1)).childNodes.get(0);
            if (aSN1Node.childNodes.size() == 1) {
                aSN1Node = (ASN1Node) aSN1Node.childNodes.get(0);
            }
            ASN1Node certificate_node = pKCS7SignFileParser.getCertificate_node();
            ASN1Set aSN1Set = ASN1Set.getInstance(pKCS7SignFileParser.getSingerinfo_node().getData());
            ASN1Set aSN1Set2 = ASN1Set.getInstance(DERTaggedObject.getInstance(certificate_node.getData()), false);
            X509Cert[] x509CertArr = new X509Cert[aSN1Set2.size()];
            for (int i = 0; i < aSN1Set2.size(); i++) {
                x509CertArr[i] = new X509Cert(Certificate.getInstance(aSN1Set2.getObjectAt(i)));
            }
            Enumeration objects = aSN1Set.getObjects();
            if (!objects.hasMoreElements()) {
                return false;
            }
            SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
            X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
            if (signerCert == null) {
                throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
            }
            this.signerCert = signerCert;
            ASN1ObjectIdentifier algorithm = signerInfo.getDigestEncryptionAlgorithm().getAlgorithm();
            if (!algorithm.equals(PKCSObjectIdentifiers.rsaEncryption) && !algorithm.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            ASN1ObjectIdentifier algorithm2 = signerInfo.getDigestAlgorithm().getAlgorithm();
            if (algorithm2.equals(PKCSObjectIdentifiers.md5)) {
                str3 = Mechanism.MD5;
            } else if (algorithm2.equals(PKCSObjectIdentifiers.sha1)) {
                str3 = Mechanism.SHA1;
            } else if (algorithm2.equals(PKCSObjectIdentifiers.sha256)) {
                str3 = Mechanism.SHA256;
            } else {
                if (!algorithm2.equals(PKCSObjectIdentifiers.sha512)) {
                    throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
                }
                str3 = Mechanism.SHA512;
            }
            this.digestAlgorithm = str3;
            PublicKey publicKey = signerCert.getPublicKey();
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            this.signature = octets;
            this.sourceData = "source file is too big, will not display".getBytes("UTF8");
            return RSASignUtil.verifySignFile(str3, publicKey, aSN1Node.f.getAbsolutePath(), aSN1Node.valueStartPos, aSN1Node.valueLength, octets, str2);
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void packageRSASignedFile(String str, String str2, String str3, byte[] bArr, Mechanism mechanism, X509Cert[] x509CertArr) throws PKIException {
        try {
            if (x509CertArr == null) {
                throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
            }
            DEROctetString dEROctetString = new DEROctetString(bArr);
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertArr[0].getIssuerX500Name(), x509CertArr[0].getSerialNumber());
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
            AlgorithmIdentifier algorithmIdentifier2 = null;
            String mechanismType = mechanism.getMechanismType();
            if (mechanismType.equals(Mechanism.MD5_RSA)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
            } else if (mechanismType.equals(Mechanism.SHA1_RSA)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            } else if (mechanismType.equals(Mechanism.SHA256_RSA)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
            } else if (mechanismType.equals(Mechanism.SHA512_RSA)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha512, new DERNull());
            }
            SignerInfo signerInfo = new SignerInfo(new ASN1Integer(1L), issuerAndSerialNumber, algorithmIdentifier2, null, algorithmIdentifier, dEROctetString, null);
            PKCS7AttachSourceFile pKCS7AttachSourceFile = new PKCS7AttachSourceFile(new File(str2));
            ContentInfo contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.data, pKCS7AttachSourceFile) : new ContentInfo(new ASN1ObjectIdentifier(str), pKCS7AttachSourceFile);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(algorithmIdentifier2);
            BERSet bERSet = new BERSet(aSN1EncodableVector);
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(signerInfo);
            DERSet dERSet = new DERSet(aSN1EncodableVector2);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            for (X509Cert x509Cert : x509CertArr) {
                aSN1EncodableVector3.add(x509Cert.getCertStructure());
            }
            ContentInfo contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new ASN1Integer(1L), bERSet, contentInfo, new BERSet(aSN1EncodableVector3), null, dERSet));
            File file = new File(str3);
            if (!file.exists()) {
                file.createNewFile();
            }
            DEROutputStream dEROutputStream = new DEROutputStream(new FileOutputStream(str3));
            dEROutputStream.writeObject(contentInfo2);
            dEROutputStream.close();
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public void packageSM2SignedFile(String str, String str2, String str3, byte[] bArr, X509Cert[] x509CertArr) throws PKIException {
        byte[] bArr2;
        byte[] bArr3;
        try {
            if (x509CertArr == null) {
                throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
            }
            if ((bArr[0] & 128) != 0) {
                bArr2 = new byte[33];
                bArr2[0] = 0;
                System.arraycopy(bArr, 0, bArr2, 1, 32);
            } else {
                bArr2 = new byte[32];
                System.arraycopy(bArr, 0, bArr2, 0, 32);
            }
            if ((bArr[32] & 128) != 0) {
                bArr3 = new byte[33];
                bArr3[0] = 0;
                System.arraycopy(bArr, 32, bArr3, 1, 32);
            } else {
                bArr3 = new byte[32];
                System.arraycopy(bArr, 32, bArr3, 0, 32);
            }
            DERInteger dERInteger = new DERInteger(bArr2);
            DERInteger dERInteger2 = new DERInteger(bArr3);
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertArr[0].getIssuerX500Name(), x509CertArr[0].getSerialNumber());
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
            SM2SignerInfo sM2SignerInfo = SM2ContextConfig.getSignFormat() == 3 ? new SM2SignerInfo(new ASN1Integer(1L), issuerAndSerialNumber, algorithmIdentifier, null, new AlgorithmIdentifier(PKCSObjectIdentifiers.SM2_sign, new DERNull()), ASN1Integer.getInstance(dERInteger), ASN1Integer.getInstance(dERInteger2), null) : SM2ContextConfig.getSignFormat() == 2 ? new SM2SignerInfo(new ASN1Integer(1L), issuerAndSerialNumber, algorithmIdentifier, null, new AlgorithmIdentifier(PKCSObjectIdentifiers.sm2Encryption, new DERNull()), ASN1Integer.getInstance(dERInteger), ASN1Integer.getInstance(dERInteger2), null) : new SM2SignerInfo(new ASN1Integer(1L), issuerAndSerialNumber, algorithmIdentifier, null, new AlgorithmIdentifier(PKCSObjectIdentifiers.sm2Encryption, new DERNull()), ASN1Integer.getInstance(dERInteger), ASN1Integer.getInstance(dERInteger2), null);
            PKCS7AttachSourceFile pKCS7AttachSourceFile = new PKCS7AttachSourceFile(new File(str2));
            ContentInfo contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.sm2Data, pKCS7AttachSourceFile) : new ContentInfo(new ASN1ObjectIdentifier(str), pKCS7AttachSourceFile);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(algorithmIdentifier);
            DERSet dERSet = new DERSet(aSN1EncodableVector);
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(sM2SignerInfo);
            DERSet dERSet2 = new DERSet(aSN1EncodableVector2);
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            for (X509Cert x509Cert : x509CertArr) {
                aSN1EncodableVector3.add(x509Cert.getCertStructure());
            }
            ContentInfo contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.sm2SignedData, new SignedData(new ASN1Integer(1L), dERSet, contentInfo, new BERSet(aSN1EncodableVector3), null, dERSet2));
            File file = new File(str3);
            if (!file.exists()) {
                file.createNewFile();
            }
            DEROutputStream dEROutputStream = new DEROutputStream(new FileOutputStream(str3));
            dEROutputStream.writeObject(contentInfo2);
            dEROutputStream.close();
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public void packageSignedFile(String str, String str2, String str3, byte[] bArr, Mechanism mechanism, X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        if (CertUtil.isSM2Cert(x509CertArr[0])) {
            packageSM2SignedFile(str, str2, str3, bArr, x509CertArr);
        } else {
            packageRSASignedFile(str, str2, str3, bArr, mechanism, x509CertArr);
        }
    }
}
