package com.koalii.kgsp.core.pkcs;

import com.koalii.kgsp.bc.asn1.ASN1EncodableVector;
import com.koalii.kgsp.bc.asn1.ASN1Integer;
import com.koalii.kgsp.bc.asn1.ASN1OctetString;
import com.koalii.kgsp.bc.asn1.ASN1Set;
import com.koalii.kgsp.bc.asn1.ASN1UTCTime;
import com.koalii.kgsp.bc.asn1.BERSequence;
import com.koalii.kgsp.bc.asn1.BERSet;
import com.koalii.kgsp.bc.asn1.DEROctetString;
import com.koalii.kgsp.bc.asn1.cms.Attribute;
import com.koalii.kgsp.bc.asn1.cms.Attributes;
import com.koalii.kgsp.bc.asn1.cms.IssuerAndSerialNumber;
import com.koalii.kgsp.bc.asn1.cms.SignerIdentifier;
import com.koalii.kgsp.bc.asn1.cms.SignerInfo;
import com.koalii.kgsp.bc.asn1.oiw.OIWObjectIdentifiers;
import com.koalii.kgsp.bc.asn1.pkcs.PKCSObjectIdentifiers;
import com.koalii.kgsp.bc.cert.X509CertificateHolder;
import com.koalii.kgsp.bc.crypto.Digest;
import com.koalii.kgsp.bc.operator.DefaultAlgorithmNameFinder;
import com.koalii.kgsp.bc.util.Arrays;
import com.koalii.kgsp.core.cert.KcCertStore;
import com.koalii.kgsp.core.cert.KcKeyStore;
import com.koalii.kgsp.core.crypto.KcDigestUtil;
import com.koalii.kgsp.core.crypto.KcSigner;
import com.koalii.kgsp.core.crypto.KcSignerFactory;
import com.koalii.kgsp.core.exception.KcErrors;
import com.koalii.kgsp.core.exception.KcException;
import com.koalii.kgsp.core.pkcs.Pkcs7SignParser;
import com.koalii.kgsp.core.util.StringUtil;
import java.io.IOException;
import java.util.Date;
import java.util.List;

/* loaded from: input_file:com/koalii/kgsp/core/pkcs/Pkcs7Sign.class */
public class Pkcs7Sign {
    private KcCertStore certStore;
    private KcSigner signer;
    private Pkcs7SignBuilder builder;

    public Pkcs7Sign() {
    }

    public Pkcs7Sign(KcCertStore kcCertStore) {
        this.certStore = kcCertStore;
    }

    public Pkcs7Sign(KcKeyStore kcKeyStore) {
        this.certStore = kcKeyStore;
    }

    public KcCertStore getCertStore() {
        return this.certStore;
    }

    public void setCertStore(KcCertStore kcCertStore) {
        this.certStore = kcCertStore;
    }

    public KcSigner getSigner() {
        return this.signer;
    }

    public void setSigner(KcSigner kcSigner) {
        this.signer = kcSigner;
    }

    public Pkcs7SignBuilder getBuilder() {
        return this.builder;
    }

    public void setBuilder(Pkcs7SignBuilder pkcs7SignBuilder) {
        this.builder = pkcs7SignBuilder;
    }

    public byte[] sign(byte[] bArr, boolean z, String str) throws KcException {
        if (!(this.certStore instanceof KcKeyStore)) {
            throw new KcException(KcErrors.ERROR_CORE_PKCS7_SIGN_NO_KEY, "p7 sign: no key");
        }
        KcKeyStore kcKeyStore = (KcKeyStore) this.certStore;
        if (null == this.builder) {
            this.builder = Pkcs7SignBuilderFactory.createBuilderByPrivateKey(kcKeyStore.getPrivateKey());
        }
        if (null == this.signer) {
            this.signer = KcSignerFactory.createSignerByPrivateKey(kcKeyStore.getPrivateKey());
        }
        if (null != str) {
            this.signer.setDigestAlg(str);
        }
        byte[] sign = this.signer.sign(bArr);
        return z ? this.builder.buildDetach(bArr, sign, this.certStore.getCert(), this.signer) : this.builder.buildAttach(bArr, sign, this.certStore.getCert(), this.signer);
    }

    public byte[] sign(byte[] bArr, boolean z) throws KcException {
        return sign(bArr, z, null);
    }

    public byte[] sign(byte[] bArr, String str) throws KcException {
        return sign(bArr, false, str);
    }

    public byte[] sign(byte[] bArr) throws KcException {
        return sign(bArr, false);
    }

    public byte[] detachSign(byte[] bArr) throws KcException {
        return sign(bArr, true);
    }

    public byte[] detachSign(byte[] bArr, String str) throws KcException {
        return sign(bArr, true, str);
    }

    public boolean verify(byte[] bArr) throws KcException {
        return verify(null, bArr);
    }

    public boolean verify(byte[] bArr, byte[] bArr2) throws KcException {
        byte[] authAttrMessageDigest;
        Pkcs7SignParser pkcs7SignParser = new Pkcs7SignParser();
        pkcs7SignParser.parse(bArr2);
        byte[] oriData = pkcs7SignParser.getOriData();
        if (null == oriData) {
            oriData = bArr;
        }
        if (null == oriData) {
            throw new KcException(KcErrors.ERROR_CORE_PKCS7_VERIFY_ORIDATA_EMPTY, "verify p7 sign: ori data empty");
        }
        if (StringUtil.isNotEmpty(bArr) && StringUtil.isNotEmpty(pkcs7SignParser.getOriData()) && !Arrays.areEqual(pkcs7SignParser.getOriData(), bArr)) {
            throw new KcException(KcErrors.ERROR_CORE_PKCS7_VERIFY_ORIDATA_UNMATCHED, "verify p7 sign: ori data unmatched");
        }
        List<Pkcs7SignParser.Pkcs7SignInfo> signInfos = pkcs7SignParser.getSignInfos();
        int size = signInfos.size();
        KcSigner kcSigner = this.signer;
        for (int i = 0; i < size; i++) {
            Pkcs7SignParser.Pkcs7SignInfo pkcs7SignInfo = signInfos.get(i);
            if (null == kcSigner) {
                kcSigner = KcSignerFactory.createSignerByCert(pkcs7SignInfo.signCert);
            }
            if (null != pkcs7SignInfo.digestAid) {
                kcSigner.setDigestAlgId(pkcs7SignInfo.digestAid);
            }
            if (!StringUtil.isEmpty(pkcs7SignInfo.authAttrData)) {
                byte[] authAttrData = pkcs7SignInfo.getAuthAttrData();
                authAttrData[0] = 49;
                if (!kcSigner.verify(authAttrData, pkcs7SignInfo.signData) || null == (authAttrMessageDigest = getAuthAttrMessageDigest(authAttrData))) {
                    return false;
                }
                Digest findDigest = KcDigestUtil.findDigest(new DefaultAlgorithmNameFinder().getAlgorithmName(pkcs7SignInfo.digestAid));
                findDigest.update(bArr, 0, bArr.length);
                byte[] bArr3 = new byte[findDigest.getDigestSize()];
                findDigest.doFinal(bArr3, 0);
                if (!Arrays.areEqual(authAttrMessageDigest, bArr3)) {
                    return false;
                }
            } else if (!kcSigner.verify(oriData, pkcs7SignInfo.signData)) {
                return false;
            }
        }
        return true;
    }

    public static void dump(byte[] bArr) throws KcException {
        new Pkcs7SignParser().parse(bArr);
    }

    public byte[] signAttrs(byte[] bArr, boolean z, String str) throws KcException {
        if (null == str) {
            throw new KcException(KcErrors.ERROR_CORE_PKCS7_SIGN_NO_KEY, "p7 sign: no key");
        }
        Digest findDigest = KcDigestUtil.findDigest(str);
        findDigest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[findDigest.getDigestSize()];
        findDigest.doFinal(bArr2, 0);
        return signAttrs(bArr, z, str, createSignedAttrs(bArr2));
    }

    public byte[] signAttrs(byte[] bArr, boolean z, String str, Attributes attributes) throws KcException {
        if (!(this.certStore instanceof KcKeyStore)) {
            throw new KcException(KcErrors.ERROR_CORE_PKCS7_SIGN_NO_KEY, "p7 sign: no key");
        }
        KcKeyStore kcKeyStore = (KcKeyStore) this.certStore;
        if (null == this.builder) {
            this.builder = Pkcs7SignBuilderFactory.createBuilderByPrivateKey(kcKeyStore.getPrivateKey());
        }
        if (null == this.signer) {
            this.signer = KcSignerFactory.createSignerByPrivateKey(kcKeyStore.getPrivateKey());
        }
        if (null != str) {
            this.signer.setDigestAlg(str);
        }
        try {
            byte[] sign = this.signer.sign(ASN1Set.getInstance(attributes).getEncoded());
            X509CertificateHolder cert = this.certStore.getCert();
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(cert.getIssuer(), cert.getSerialNumber())), this.signer.getDigestAlgId(), attributes, this.signer.getEncryptAlgId(), new DEROctetString(sign), (Attributes) null);
            return z ? this.builder.build(bArr, this.certStore.getCert(), this.signer, signerInfo, true) : this.builder.build(bArr, this.certStore.getCert(), this.signer, signerInfo, false);
        } catch (IOException e) {
            throw new KcException(KcErrors.ERROR_CORE_IO_CLOSE, "p7 sign: encoded error");
        }
    }

    private byte[] getAuthAttrMessageDigest(byte[] bArr) {
        ASN1Set aSN1Set = ASN1Set.getInstance(bArr);
        if (null == aSN1Set) {
            return null;
        }
        int size = aSN1Set.size();
        for (int i = 0; i < size; i++) {
            Attribute attribute = Attribute.getInstance(aSN1Set.getObjectAt(i));
            if (PKCSObjectIdentifiers.pkcs_9_at_messageDigest.equals(attribute.getAttrType())) {
                return ASN1OctetString.getInstance(attribute.getAttributeValues()[0]).getOctets();
            }
        }
        return null;
    }

    private Attributes createSignedAttrs(byte[] bArr) {
        Attribute attribute = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_contentType, new BERSet(PKCSObjectIdentifiers.data));
        Attribute attribute2 = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new BERSet(new ASN1UTCTime(new Date())));
        Attribute attribute3 = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_messageDigest, new BERSet(new DEROctetString(bArr)));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        BERSequence bERSequence = new BERSequence(PKCSObjectIdentifiers.des_EDE3_CBC);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(PKCSObjectIdentifiers.RC2_CBC);
        aSN1EncodableVector2.add(new ASN1Integer(128L));
        BERSequence bERSequence2 = new BERSequence(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(PKCSObjectIdentifiers.RC2_CBC);
        aSN1EncodableVector3.add(new ASN1Integer(64L));
        BERSequence bERSequence3 = new BERSequence(aSN1EncodableVector3);
        BERSequence bERSequence4 = new BERSequence(OIWObjectIdentifiers.desCBC);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        aSN1EncodableVector4.add(PKCSObjectIdentifiers.RC2_CBC);
        aSN1EncodableVector4.add(new ASN1Integer(40L));
        BERSequence bERSequence5 = new BERSequence(aSN1EncodableVector4);
        aSN1EncodableVector.add(bERSequence);
        aSN1EncodableVector.add(bERSequence2);
        aSN1EncodableVector.add(bERSequence3);
        aSN1EncodableVector.add(bERSequence4);
        aSN1EncodableVector.add(bERSequence5);
        Attribute attribute4 = new Attribute(PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities, new BERSet(new BERSequence(aSN1EncodableVector)));
        ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
        aSN1EncodableVector5.add(attribute);
        aSN1EncodableVector5.add(attribute2);
        aSN1EncodableVector5.add(attribute3);
        aSN1EncodableVector5.add(attribute4);
        return new Attributes(aSN1EncodableVector5);
    }

    public static void main(String[] strArr) throws KcException {
    }
}
