package cn.com.infosec.jce;

import cn.com.infosec.asn1.ASN1OctetString;
import cn.com.infosec.asn1.ASN1Set;
import cn.com.infosec.asn1.DERConstructedSequence;
import cn.com.infosec.asn1.DERConstructedSet;
import cn.com.infosec.asn1.DEREncodable;
import cn.com.infosec.asn1.DERInputStream;
import cn.com.infosec.asn1.DERInteger;
import cn.com.infosec.asn1.DERObject;
import cn.com.infosec.asn1.DERObjectIdentifier;
import cn.com.infosec.asn1.DEROctetString;
import cn.com.infosec.asn1.DEROutputStream;
import cn.com.infosec.asn1.DERTaggedObject;
import cn.com.infosec.asn1.pkcs.ContentInfo;
import cn.com.infosec.asn1.pkcs.IssuerAndSerialNumber;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.pkcs.SignedData;
import cn.com.infosec.asn1.pkcs.SignerInfo;
import cn.com.infosec.asn1.x509.AlgorithmIdentifier;
import cn.com.infosec.asn1.x509.CertificateList;
import cn.com.infosec.asn1.x509.X509CertificateStructure;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.jce.provider.X509CRLObject;
import cn.com.infosec.jce.provider.X509CertificateObject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:lib/ISFJ_v2_0_1_127_3_BAISC_JDK14.jar:cn/com/infosec/jce/PKCS7SignedData.class */
public class PKCS7SignedData implements PKCSObjectIdentifiers {
    private int version;
    private int signerversion;
    private Set digestalgos;
    private Collection certs;
    private Collection crls;
    private X509Certificate signCert;
    private byte[] digest;
    private String digestAlgorithm;
    private String digestEncryptionAlgorithm;
    private Signature sig;
    private transient PrivateKey privKey;
    private byte[] contentData;
    private final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
    private final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
    private final String ID_MD5 = "1.2.840.113549.2.5";
    private final String ID_MD2 = "1.2.840.113549.2.2";
    private final String ID_SHA1 = "1.3.14.3.2.26";
    private final String ID_RSA = "1.2.840.113549.1.1.1";
    private final String ID_DSA = "1.2.840.10040.4.1";

    public PKCS7SignedData(byte[] bArr) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException {
        this(bArr, "INFOSEC");
    }

    public PKCS7SignedData(byte[] bArr, String str) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException {
        this.ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
        this.ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
        this.ID_MD5 = "1.2.840.113549.2.5";
        this.ID_MD2 = "1.2.840.113549.2.2";
        this.ID_SHA1 = "1.3.14.3.2.26";
        this.ID_RSA = "1.2.840.113549.1.1.1";
        this.ID_DSA = "1.2.840.10040.4.1";
        try {
            DERObject readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            if (!(readObject instanceof DERConstructedSequence)) {
                throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
                throw new SecurityException(new StringBuffer().append("Not a valid PKCS#7 signed-data object - wrong header ").append(contentInfo.getContentType().getId()).toString());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            this.certs = new ArrayList();
            if (signedData.getCertificates() != null) {
                Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
                while (objects.hasMoreElements()) {
                    this.certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(objects.nextElement())));
                }
            }
            this.crls = new ArrayList();
            if (signedData.getCRLs() != null) {
                Enumeration objects2 = ASN1Set.getInstance(signedData.getCRLs()).getObjects();
                while (objects2.hasMoreElements()) {
                    this.crls.add(new X509CRLObject(CertificateList.getInstance(objects2.nextElement())));
                }
            }
            this.version = signedData.getVersion().getValue().intValue();
            DEREncodable content = signedData.getContentInfo().getContent();
            if (content != null) {
                this.contentData = ((ASN1OctetString) content).getOctets();
            } else {
                this.contentData = null;
            }
            this.digestalgos = new HashSet();
            Enumeration objects3 = signedData.getDigestAlgorithms().getObjects();
            while (objects3.hasMoreElements()) {
                this.digestalgos.add(((DERObjectIdentifier) ((DERConstructedSequence) objects3.nextElement()).getObjectAt(0)).getId());
            }
            DERConstructedSet dERConstructedSet = (DERConstructedSet) signedData.getSignerInfos();
            if (dERConstructedSet.getSize() != 1) {
                throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
            }
            SignerInfo signerInfo = SignerInfo.getInstance(dERConstructedSet.getObjectAt(0));
            this.signerversion = signerInfo.getVersion().getValue().intValue();
            IssuerAndSerialNumber issuerAndSerialNumber = signerInfo.getIssuerAndSerialNumber();
            BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
            X509Principal x509Principal = new X509Principal(issuerAndSerialNumber.getName());
            Iterator it = this.certs.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate x509Certificate = (X509Certificate) it.next();
                if (value.equals(x509Certificate.getSerialNumber()) && x509Principal.equals(x509Certificate.getIssuerDN())) {
                    this.signCert = x509Certificate;
                    break;
                }
            }
            if (this.signCert == null) {
                throw new SecurityException(new StringBuffer().append("Can't find signing certificate with serial ").append(value.toString(16)).toString());
            }
            this.digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId();
            this.digest = signerInfo.getEncryptedDigest().getOctets();
            this.digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId();
            this.sig = Signature.getInstance(getDigestAlgorithm(), str);
            this.sig.initVerify(this.signCert.getPublicKey());
        } catch (IOException e) {
            throw new SecurityException("can't decode PKCS7SignedData object");
        }
    }

    public PKCS7SignedData(PrivateKey privateKey, Certificate[] certificateArr, String str) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this(privateKey, certificateArr, str, "INFOSEC");
    }

    public PKCS7SignedData(PrivateKey privateKey, Certificate[] certificateArr, String str, String str2) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this(privateKey, certificateArr, null, str, str2);
    }

    public PKCS7SignedData(PrivateKey privateKey, Certificate[] certificateArr, CRL[] crlArr, String str, String str2) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this.ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
        this.ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
        this.ID_MD5 = "1.2.840.113549.2.5";
        this.ID_MD2 = "1.2.840.113549.2.2";
        this.ID_SHA1 = "1.3.14.3.2.26";
        this.ID_RSA = "1.2.840.113549.1.1.1";
        this.ID_DSA = "1.2.840.10040.4.1";
        this.privKey = privateKey;
        if (str.equals("MD5")) {
            this.digestAlgorithm = "1.2.840.113549.2.5";
        } else if (str.equals("MD2")) {
            this.digestAlgorithm = "1.2.840.113549.2.2";
        } else if (str.equals("SHA")) {
            this.digestAlgorithm = "1.3.14.3.2.26";
        } else {
            if (!str.equals("SHA1")) {
                throw new NoSuchAlgorithmException(new StringBuffer().append("Unknown Hash Algorithm ").append(str).toString());
            }
            this.digestAlgorithm = "1.3.14.3.2.26";
        }
        this.signerversion = 1;
        this.version = 1;
        this.certs = new ArrayList();
        this.crls = new ArrayList();
        this.digestalgos = new HashSet();
        this.digestalgos.add(this.digestAlgorithm);
        this.signCert = (X509Certificate) certificateArr[0];
        for (Certificate certificate : certificateArr) {
            this.certs.add(certificate);
        }
        if (crlArr != null) {
            for (CRL crl : crlArr) {
                this.crls.add(crl);
            }
        }
        this.digestEncryptionAlgorithm = privateKey.getAlgorithm();
        if (this.digestEncryptionAlgorithm.equals("RSA")) {
            this.digestEncryptionAlgorithm = "1.2.840.113549.1.1.1";
        } else {
            if (!this.digestEncryptionAlgorithm.equals("DSA")) {
                throw new NoSuchAlgorithmException(new StringBuffer().append("Unknown Key Algorithm ").append(this.digestEncryptionAlgorithm).toString());
            }
            this.digestEncryptionAlgorithm = "1.2.840.10040.4.1";
        }
        this.sig = Signature.getInstance(getDigestAlgorithm(), str2);
        this.sig.initSign(privateKey);
    }

    public String getDigestAlgorithm() {
        String str = this.digestAlgorithm;
        String str2 = this.digestEncryptionAlgorithm;
        if (this.digestAlgorithm.equals("1.2.840.113549.2.5")) {
            str = "MD5";
        } else if (this.digestAlgorithm.equals("1.2.840.113549.2.2")) {
            str = "MD2";
        } else if (this.digestAlgorithm.equals("1.3.14.3.2.26")) {
            str = "SHA1";
        }
        if (this.digestEncryptionAlgorithm.equals("1.2.840.113549.1.1.1")) {
            str2 = "RSA";
        } else if (this.digestEncryptionAlgorithm.equals("1.2.840.10040.4.1")) {
            str2 = "DSA";
        }
        return new StringBuffer().append(str).append("with").append(str2).toString();
    }

    public void reset() {
        try {
            if (this.privKey == null) {
                this.sig.initVerify(this.signCert.getPublicKey());
            } else {
                this.sig.initSign(this.privKey);
            }
        } catch (Exception e) {
            throw new RuntimeException(e.toString());
        }
    }

    public Certificate[] getCertificates() {
        return (X509Certificate[]) this.certs.toArray(new X509Certificate[0]);
    }

    public Collection getCRLs() {
        return this.crls;
    }

    public X509Certificate getSigningCertificate() {
        return this.signCert;
    }

    public int getVersion() {
        return this.version;
    }

    public int getSigningInfoVersion() {
        return this.signerversion;
    }

    public byte[] getContentData() {
        return this.contentData;
    }

    public void update(byte b) throws SignatureException {
        this.sig.update(b);
    }

    public void update(byte[] bArr, int i, int i2) throws SignatureException {
        this.sig.update(bArr, i, i2);
    }

    public boolean verify() throws SignatureException {
        return this.sig.verify(this.digest);
    }

    private DERObject getIssuer(byte[] bArr) {
        try {
            DERConstructedSequence dERConstructedSequence = (DERConstructedSequence) new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            return (DERObject) dERConstructedSequence.getObjectAt(dERConstructedSequence.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
        } catch (IOException e) {
            throw new Error(new StringBuffer().append("IOException reading from ByteArray: ").append(e).toString());
        }
    }

    public byte[] getEncoded() {
        return getEncoded(null);
    }

    public byte[] getEncoded(byte[] bArr) {
        try {
            if (null == this.digest) {
                this.digest = this.sig.sign();
            }
            DERConstructedSet dERConstructedSet = new DERConstructedSet();
            Iterator it = this.digestalgos.iterator();
            while (it.hasNext()) {
                dERConstructedSet.addObject(new AlgorithmIdentifier(new DERObjectIdentifier((String) it.next()), null));
            }
            DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
            dERConstructedSequence.addObject(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
            if (bArr != null) {
                dERConstructedSequence.addObject(new DERTaggedObject(0, new DEROctetString(bArr)));
            }
            DERConstructedSet dERConstructedSet2 = new DERConstructedSet();
            Iterator it2 = this.certs.iterator();
            while (it2.hasNext()) {
                dERConstructedSet2.addObject(new DERInputStream(new ByteArrayInputStream(((X509Certificate) it2.next()).getEncoded())).readObject());
            }
            DERConstructedSequence dERConstructedSequence2 = new DERConstructedSequence();
            dERConstructedSequence2.addObject(new DERInteger(this.signerversion));
            dERConstructedSequence2.addObject(new IssuerAndSerialNumber(new X509Name((DERConstructedSequence) getIssuer(this.signCert.getTBSCertificate())), new DERInteger(this.signCert.getSerialNumber())));
            dERConstructedSequence2.addObject(new AlgorithmIdentifier(new DERObjectIdentifier(this.digestAlgorithm), null));
            dERConstructedSequence2.addObject(new AlgorithmIdentifier(new DERObjectIdentifier(this.digestEncryptionAlgorithm), null));
            dERConstructedSequence2.addObject(new DEROctetString(this.digest));
            DERConstructedSequence dERConstructedSequence3 = new DERConstructedSequence();
            dERConstructedSequence3.addObject(new DERInteger(this.version));
            dERConstructedSequence3.addObject(dERConstructedSet);
            dERConstructedSequence3.addObject(dERConstructedSequence);
            dERConstructedSequence3.addObject(new DERTaggedObject(false, 0, dERConstructedSet2));
            if (this.crls.size() > 0) {
                DERConstructedSet dERConstructedSet3 = new DERConstructedSet();
                Iterator it3 = this.crls.iterator();
                while (it3.hasNext()) {
                    dERConstructedSet3.addObject(new DERInputStream(new ByteArrayInputStream(((X509CRL) it3.next()).getEncoded())).readObject());
                }
                dERConstructedSequence3.addObject(new DERTaggedObject(false, 1, dERConstructedSet3));
            }
            DERConstructedSet dERConstructedSet4 = new DERConstructedSet();
            dERConstructedSet4.addObject(dERConstructedSequence2);
            dERConstructedSequence3.addObject(dERConstructedSet4);
            DERConstructedSequence dERConstructedSequence4 = new DERConstructedSequence();
            dERConstructedSequence4.addObject(new DERObjectIdentifier("1.2.840.113549.1.7.2"));
            dERConstructedSequence4.addObject(new DERTaggedObject(0, dERConstructedSequence3));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
            dEROutputStream.writeObject(dERConstructedSequence4);
            dEROutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new RuntimeException(e.toString());
        }
    }
}
