package com.sansec.pkcs7;

import com.sansec.cms.CMSEnvelopedData;
import com.sansec.cms.CMSEnvelopedDataGenerator;
import com.sansec.cms.CMSException;
import com.sansec.cms.CMSProcessableByteArray;
import com.sansec.cms.CMSSignedAndEnvelopedData;
import com.sansec.cms.CMSSignedAndEnvelopedDataGenerator;
import com.sansec.cms.CMSSignedData;
import com.sansec.cms.CMSSignedDataGenerator;
import com.sansec.cms.RecipientInformation;
import com.sansec.cms.SignerInformation;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: input_file:com/sansec/pkcs7/PKCS7.class */
public class PKCS7 {
    public static final String DIGEST_SM3 = "SM3";
    public static final String DIGEST_SM3_WITH_KEY = "SM3WITHKEY";
    public static final String DIGEST_SM3_WITHOUT_KEY = "SM3WITHOUTKEY";
    public static final String DIGEST_SHA1 = "SHA1";
    public static final String DIGEST_SHA256 = "SHA256";
    public static final String ENCRYPT_SM1 = "SM1";
    public static final String ENCRYPT_SM4 = "SM4";
    public static final String ENCRYPT_3DES = "3DES";
    public static final String ENCRYPT_DESEDE = "DESEDE";
    public static final String ENCRYPT_AES128 = "AES128";
    public static final String ENCRYPT_AES192 = "AES192";
    public static final String ENCRYPT_AES256 = "AES256";
    public static final String PROVIDER = "SwxaJCE";

    public static byte[] genAttachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, String str, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        return genAttachedSignedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, str, bArr);
    }

    public static byte[] genAttachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, String str, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return genAttachedSignedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, str, bArr);
    }

    public static byte[] genAttachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, ArrayList<X509Certificate> arrayList, String str, byte[] bArr) throws PKCS7Exception {
        return genSignedData(x509Certificate, privateKey, arrayList, str, bArr, true);
    }

    public static byte[] genDetachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, String str, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        return genDetachedSignedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, str, bArr);
    }

    public static byte[] genDetachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, String str, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return genDetachedSignedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, str, bArr);
    }

    public static byte[] genDetachedSignedData(X509Certificate x509Certificate, PrivateKey privateKey, ArrayList<X509Certificate> arrayList, String str, byte[] bArr) throws PKCS7Exception {
        return genSignedData(x509Certificate, privateKey, arrayList, str, bArr, false);
    }

    private static byte[] genSignedData(X509Certificate x509Certificate, PrivateKey privateKey, ArrayList<X509Certificate> arrayList, String str, byte[] bArr, boolean z) throws PKCS7Exception {
        String digestOID = AlgorithmUtils.getDigestOID(str);
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        try {
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), PROVIDER);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSigner(privateKey, x509Certificate, digestOID);
            try {
                cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
                try {
                    try {
                        return cMSSignedDataGenerator.generate(cMSProcessableByteArray, z, PROVIDER).getContentInfo().getDEREncoded();
                    } catch (IOException e) {
                        throw new PKCS7Exception("Fail to encode signedData", e);
                    }
                } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                    throw new PKCS7Exception("Fail to generate CMSSigendData", e2);
                }
            } catch (CMSException | CertStoreException e3) {
                throw new PKCS7Exception("Fail to add certificates", e3);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e4) {
            throw new PKCS7Exception("Fail to construct CertStore", e4);
        }
    }

    public static PKCS7Result verifyAttachedSignedData(byte[] bArr, boolean z) throws PKCS7Exception {
        PKCS7Result pKCS7Result = new PKCS7Result();
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            try {
                SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
                try {
                    X509Certificate x509Certificate = (X509Certificate) cMSSignedData.getCertificatesAndCRLs("Collection", PROVIDER).getCertificates(signerInformation.getSID()).iterator().next();
                    try {
                        pKCS7Result.setValid(signerInformation.verify(x509Certificate.getPublicKey(), PROVIDER));
                        if (z) {
                            try {
                                pKCS7Result.setCertificate(x509Certificate.getEncoded());
                                pKCS7Result.setX509Certificate(x509Certificate);
                                pKCS7Result.setSignature(signerInformation.getSignature());
                                pKCS7Result.setDigestAlgorithmOID(signerInformation.getDigestAlgOID());
                                pKCS7Result.setSignatureAlgorithmOID(signerInformation.getEncryptionAlgOID());
                                pKCS7Result.setPlain((byte[]) cMSSignedData.getSignedContent().getContent());
                            } catch (CertificateEncodingException e) {
                                throw new PKCS7Exception("Fail to encode certificate", e);
                            }
                        }
                        return pKCS7Result;
                    } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e2) {
                        throw new PKCS7Exception("Fail to verify signature", e2);
                    }
                } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException | CertStoreException e3) {
                    throw new PKCS7Exception("Fail to  get certificate", e3);
                }
            } catch (Exception e4) {
                throw new PKCS7Exception("Fail to get signer", e4);
            }
        } catch (CMSException e5) {
            throw new PKCS7Exception("Fail to decode CMSSignedData", e5);
        }
    }

    public static PKCS7Result verifyDetachedSignedData(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, boolean z) throws PKCS7Exception {
        PKCS7Result pKCS7Result = new PKCS7Result();
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr2), bArr);
            try {
                SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
                if (bArr2 == null) {
                    throw new PKCS7Exception("Plain data can not be null");
                }
                if (x509Certificate == null) {
                    try {
                        x509Certificate = (X509Certificate) cMSSignedData.getCertificatesAndCRLs("Collection", PROVIDER).getCertificates(signerInformation.getSID()).iterator().next();
                    } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException | CertStoreException e) {
                        throw new PKCS7Exception("Fail to  get certificate", e);
                    }
                }
                try {
                    signerInformation.setCheckDigest(true);
                    pKCS7Result.setValid(signerInformation.verify(x509Certificate.getPublicKey(), PROVIDER));
                    if (z) {
                        try {
                            pKCS7Result.setCertificate(x509Certificate.getEncoded());
                            pKCS7Result.setX509Certificate(x509Certificate);
                            pKCS7Result.setSignature(signerInformation.getSignature());
                            pKCS7Result.setDigestAlgorithmOID(signerInformation.getDigestAlgOID());
                            pKCS7Result.setSignatureAlgorithmOID(signerInformation.getEncryptionAlgOID());
                            pKCS7Result.setPlain(bArr2);
                        } catch (CertificateEncodingException e2) {
                            throw new PKCS7Exception("Fail to encode certificate", e2);
                        }
                    }
                    return pKCS7Result;
                } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e3) {
                    throw new PKCS7Exception("Fail to verify signature", e3);
                }
            } catch (Exception e4) {
                throw new PKCS7Exception("Fail to get signer", e4);
            }
        } catch (CMSException e5) {
            throw new PKCS7Exception("Fail to decode CMSSignedData", e5);
        }
    }

    public static byte[] genEnvelopedData(X509Certificate x509Certificate, String str, byte[] bArr) throws PKCS7Exception {
        String encryptOID = AlgorithmUtils.getEncryptOID(str);
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addKeyTransRecipient(x509Certificate);
        try {
            try {
                return cMSEnvelopedDataGenerator.generate(cMSProcessableByteArray, encryptOID, PROVIDER).getContentInfo().getDEREncoded();
            } catch (IOException e) {
                throw new PKCS7Exception("Fail to encode envelopedData", e);
            }
        } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new PKCS7Exception("Fail to generate CMSEncelopedData", e2);
        }
    }

    public static PKCS7Result decEnvelopedData(byte[] bArr, PrivateKey privateKey, boolean z) throws PKCS7Exception {
        try {
            CMSEnvelopedData cMSEnvelopedData = new CMSEnvelopedData(bArr);
            RecipientInformation recipientInformation = (RecipientInformation) cMSEnvelopedData.getRecipientInfos().getRecipients().iterator().next();
            PKCS7Result pKCS7Result = new PKCS7Result();
            try {
                pKCS7Result.setPlain(recipientInformation.getContent(privateKey, PROVIDER));
                pKCS7Result.setEncryptAlgorithmOID(cMSEnvelopedData.getEncryptionAlgOID());
                pKCS7Result.setCipher(cMSEnvelopedData.getEncryptedContentInfo().getEncryptedContent().getOctets());
                return pKCS7Result;
            } catch (CMSException | NoSuchProviderException e) {
                throw new PKCS7Exception("Fail to get content", e);
            }
        } catch (CMSException e2) {
            throw new PKCS7Exception("Fail to parse envelopedData", e2);
        }
    }

    public static byte[] genSignedAndEnvelopedData(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, String str, String str2, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return genSignedAndEnvelopedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, x509Certificate2, str, str2, bArr);
    }

    public static byte[] genSignedAndEnvelopedData(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, X509Certificate x509Certificate3, String str, String str2, byte[] bArr) throws PKCS7Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(x509Certificate2);
        return genSignedAndEnvelopedData(x509Certificate, privateKey, (ArrayList<X509Certificate>) arrayList, x509Certificate3, str, str2, bArr);
    }

    public static byte[] genSignedAndEnvelopedData(X509Certificate x509Certificate, PrivateKey privateKey, ArrayList<X509Certificate> arrayList, X509Certificate x509Certificate2, String str, String str2, byte[] bArr) throws PKCS7Exception {
        String encryptOID = AlgorithmUtils.getEncryptOID(str);
        String digestOID = AlgorithmUtils.getDigestOID(str2);
        try {
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), PROVIDER);
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            CMSSignedAndEnvelopedDataGenerator cMSSignedAndEnvelopedDataGenerator = new CMSSignedAndEnvelopedDataGenerator();
            cMSSignedAndEnvelopedDataGenerator.addSigner(privateKey, x509Certificate, digestOID);
            cMSSignedAndEnvelopedDataGenerator.addKeyTransRecipient(x509Certificate2);
            try {
                cMSSignedAndEnvelopedDataGenerator.addCertificatesAndCRLs(certStore);
                try {
                    return cMSSignedAndEnvelopedDataGenerator.generate(cMSProcessableByteArray, encryptOID, PROVIDER);
                } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e) {
                    throw new PKCS7Exception("Fail to generate signedAndEnvelopedData", e);
                }
            } catch (CMSException | CertStoreException e2) {
                throw new PKCS7Exception("Fail to add certificate", e2);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e3) {
            throw new PKCS7Exception("Fail to construct CertStore", e3);
        }
    }

    public static PKCS7Result decSignedAndEnvelopedData(byte[] bArr, PrivateKey privateKey, boolean z) throws PKCS7Exception {
        try {
            CMSSignedAndEnvelopedData cMSSignedAndEnvelopedData = new CMSSignedAndEnvelopedData(bArr);
            try {
                SignerInformation signerInformation = (SignerInformation) cMSSignedAndEnvelopedData.getSignerInfos(privateKey).getSigners().iterator().next();
                try {
                    X509Certificate x509Certificate = (X509Certificate) cMSSignedAndEnvelopedData.getCertificatesAndCRLs("Collection", PROVIDER).getCertificates(signerInformation.getSID()).iterator().next();
                    try {
                        boolean verify = signerInformation.verify(x509Certificate.getPublicKey(), PROVIDER);
                        PKCS7Result pKCS7Result = new PKCS7Result();
                        pKCS7Result.setValid(verify);
                        if (verify) {
                            try {
                                byte[] content = ((RecipientInformation) cMSSignedAndEnvelopedData.getRecipientInfos().getRecipients().iterator().next()).getContent(privateKey, PROVIDER);
                                try {
                                    pKCS7Result.setCertificate(x509Certificate.getEncoded());
                                    pKCS7Result.setX509Certificate(x509Certificate);
                                    pKCS7Result.setPlain(content);
                                    pKCS7Result.setSignature(signerInformation.getSignature());
                                    pKCS7Result.setCipher(cMSSignedAndEnvelopedData.getEncryptedContentInfo().getEncryptedContent().getOctets());
                                    pKCS7Result.setDigestAlgorithmOID(signerInformation.getDigestAlgOID());
                                    pKCS7Result.setEncryptAlgorithmOID(cMSSignedAndEnvelopedData.getEncryptionAlgOID());
                                    pKCS7Result.setSignatureAlgorithmOID(signerInformation.getEncryptionAlgOID());
                                } catch (CertificateEncodingException e) {
                                    throw new PKCS7Exception("Fail to encode certificate", e);
                                }
                            } catch (CMSException | NoSuchProviderException e2) {
                                throw new PKCS7Exception("Fail to generate signedAndEnvelopedData", e2);
                            }
                        }
                        return pKCS7Result;
                    } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException e3) {
                        throw new PKCS7Exception("Fail to verify signature", e3);
                    }
                } catch (CMSException | NoSuchAlgorithmException | NoSuchProviderException | CertStoreException e4) {
                    throw new PKCS7Exception("Fail to  get certificate", e4);
                }
            } catch (CMSException | NoSuchProviderException e5) {
                throw new PKCS7Exception("Fail to get signer", e5);
            }
        } catch (CMSException e6) {
            throw new PKCS7Exception("Fail to parse signedAndEnvelopedData", e6);
        }
    }
}
