package cfca.sadk.util;

import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.algorithm.common.PKCS7SignedFile;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.util.BigIntegerUtil;
import cfca.sadk.algorithm.util.FileUtil;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.DERInteger;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.cms.CMSAttributes;
import cfca.sadk.org.bouncycastle.asn1.cms.Time;
import cfca.sadk.org.bouncycastle.cms.CMSSignedDataParser;
import cfca.sadk.org.bouncycastle.cms.SignerInformation;
import cfca.sadk.org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Iterator;

/* loaded from: input_file:cfca/sadk/util/Signature.class */
public class Signature {
    private X509Cert signCert = null;
    private String digestAlgorithm = null;
    private byte[] signature = null;
    private byte[] sourceData = null;

    public X509Cert getSignerX509CertFromP7SignData(byte[] bArr) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(null);
        pKCS7SignedData.loadBase64(bArr);
        return pKCS7SignedData.getSignerX509Cert();
    }

    public byte[] getContentFromP7SignData(byte[] bArr) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(null);
        pKCS7SignedData.loadBase64(bArr);
        return pKCS7SignedData.getSourceData();
    }

    public String getDigestAlgorithmFromP7SignData(byte[] bArr) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(null);
        pKCS7SignedData.loadBase64(bArr);
        return pKCS7SignedData.getDigestAlgorithm();
    }

    public byte[] getSourceData() {
        return this.sourceData;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public X509Cert getSignerCert() {
        return this.signCert;
    }

    private byte[] RStoASN1(byte[] bArr) throws PKIException {
        byte[] bArr2;
        byte[] bArr3;
        if (bArr == null || bArr.length != 64) {
            return bArr;
        }
        if ((bArr[0] & 128) != 0) {
            bArr2 = new byte[33];
            bArr2[0] = 0;
            System.arraycopy(bArr, 0, bArr2, 1, 32);
        } else {
            bArr2 = new byte[32];
            System.arraycopy(bArr, 0, bArr2, 0, 32);
        }
        if ((bArr[32] & 128) != 0) {
            bArr3 = new byte[33];
            bArr3[0] = 0;
            System.arraycopy(bArr, 32, bArr3, 1, 32);
        } else {
            bArr3 = new byte[32];
            System.arraycopy(bArr, 32, bArr3, 0, 32);
        }
        DERInteger dERInteger = new DERInteger(bArr2);
        DERInteger dERInteger2 = new DERInteger(bArr3);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERInteger);
        aSN1EncodableVector.add(dERInteger2);
        try {
            return new DERSequence(aSN1EncodableVector).getEncoded();
        } catch (IOException e) {
            throw new PKIException(e.getMessage());
        }
    }

    private byte[] ASN1toRS(byte[] bArr) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(bArr);
        ASN1Integer aSN1Integer = (ASN1Integer) aSN1Sequence.getObjectAt(0);
        ASN1Integer aSN1Integer2 = (ASN1Integer) aSN1Sequence.getObjectAt(1);
        byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(aSN1Integer.getPositiveValue());
        byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(aSN1Integer2.getPositiveValue());
        byte[] bArr2 = new byte[64];
        System.arraycopy(asUnsigned32ByteArray, 0, bArr2, 0, 32);
        System.arraycopy(asUnsigned32ByteArray2, 0, bArr2, 32, 32);
        return bArr2;
    }

    public byte[] p1SignByHash(String str, byte[] bArr, PrivateKey privateKey, Session session) throws PKIException {
        return Base64.encode(RStoASN1(session.signByHash(new Mechanism(str), privateKey, bArr)));
    }

    public byte[] p7SignByHash(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        return Base64.encode(new PKCS7SignedData(session).packageSignedData(false, null, null, session.signByHash(new Mechanism(str), privateKey, bArr), new Mechanism(str), new X509Cert[]{x509Cert}));
    }

    public boolean p1VerifyByHash(String str, byte[] bArr, byte[] bArr2, PublicKey publicKey, Session session) throws PKIException {
        byte[] decode = ASN1Parser.isBase64Compatability(bArr2) ? Base64.decode(bArr2) : bArr2;
        if (decode.length == 64 || decode.length >= 128) {
            return session.verifyByHash(new Mechanism(str), publicKey, bArr, decode);
        }
        if (decode.length < 66 || decode.length > 72) {
            throw new PKIException("the sign data is wrong!");
        }
        return session.verifyByHash(new Mechanism(str), publicKey, bArr, ASN1toRS(decode));
    }

    public boolean p7VerifyByHash(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        this.signCert = pKCS7SignedData.getSignerX509Cert();
        this.digestAlgorithm = pKCS7SignedData.getDigestAlgorithm();
        this.signature = pKCS7SignedData.getSignature();
        return pKCS7SignedData.verifyP7SignedDataByHash(bArr);
    }

    public byte[] p1SignMessage(String str, byte[] bArr, PrivateKey privateKey, Session session) throws PKIException {
        return Base64.encode(RStoASN1(session.sign(new Mechanism(str), privateKey, bArr)));
    }

    public byte[] p1SignFile(String str, String str2, PrivateKey privateKey, Session session) throws PKIException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str2);
                byte[] encode = Base64.encode(RStoASN1(session.sign(new Mechanism(str), privateKey, fileInputStream)));
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                        throw new PKIException(e.getMessage());
                    }
                }
                return encode;
            } catch (Exception e2) {
                throw new PKIException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e3) {
                    throw new PKIException(e3.getMessage());
                }
            }
            throw th;
        }
    }

    public byte[] p7SignMessageAttach(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        X509Cert[] x509CertArr = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return Base64.encode(pKCS7SignedData.packageSignedData(true, null, bArr, session.sign(mechanism, privateKey, bArr), mechanism, x509CertArr));
    }

    public byte[] p7SignMessageDetach(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        X509Cert[] x509CertArr = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return Base64.encode(pKCS7SignedData.packageSignedData(false, null, bArr, session.sign(mechanism, privateKey, bArr), mechanism, x509CertArr));
    }

    public void p7SignFileAttach(String str, String str2, String str3, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        FileInputStream fileInputStream = null;
        try {
            try {
                FileInputStream fileInputStream2 = new FileInputStream(str2);
                Mechanism mechanism = new Mechanism(str);
                byte[] sign = session.sign(mechanism, privateKey, fileInputStream2);
                fileInputStream = new FileInputStream(str2);
                new PKCS7SignedFile(session).packageSignedFile(null, str2, str3, sign, mechanism, new X509Cert[]{x509Cert});
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                        throw new PKIException(e.getMessage());
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                        throw new PKIException(e2.getMessage());
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new PKIException(e3.getMessage());
        }
    }

    public byte[] p7SignFileDetach(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        FileInputStream fileInputStream = null;
        try {
            try {
                Mechanism mechanism = new Mechanism(str);
                fileInputStream = new FileInputStream(str2);
                byte[] encode = Base64.encode(new PKCS7SignedData(session).packageSignedData(false, null, null, session.sign(mechanism, privateKey, fileInputStream), mechanism, new X509Cert[]{x509Cert}));
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        throw new PKIException(e.getMessage());
                    }
                }
                return encode;
            } catch (Exception e2) {
                throw new PKIException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    throw new PKIException(e3.getMessage());
                }
            }
            throw th;
        }
    }

    public boolean p1VerifyMessage(String str, byte[] bArr, byte[] bArr2, PublicKey publicKey, Session session) throws PKIException {
        byte[] decode = ASN1Parser.isBase64Compatability(bArr2) ? Base64.decode(bArr2) : bArr2;
        if (decode.length == 64 || decode.length >= 128) {
            return session.verify(new Mechanism(str), publicKey, bArr, decode);
        }
        if (decode.length < 66 || decode.length > 72) {
            throw new PKIException("the sign data is wrong!");
        }
        return session.verify(new Mechanism(str), publicKey, bArr, ASN1toRS(decode));
    }

    public boolean p1VerifyFile(String str, String str2, byte[] bArr, PublicKey publicKey, Session session) throws PKIException {
        InputStream inputStream = null;
        try {
            try {
                byte[] decode = Base64.decode(bArr);
                FileInputStream fileInputStream = new FileInputStream(str2);
                if (decode.length == 64 || decode.length >= 128) {
                    boolean verify = session.verify(new Mechanism(str), publicKey, fileInputStream, decode);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            throw new PKIException(e.getMessage());
                        }
                    }
                    return verify;
                }
                if (decode.length < 66 || decode.length > 72) {
                    throw new PKIException("the sign data is wrong!");
                }
                boolean verify2 = session.verify(new Mechanism(str), publicKey, fileInputStream, ASN1toRS(decode));
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        throw new PKIException(e2.getMessage());
                    }
                }
                return verify2;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e3) {
                        throw new PKIException(e3.getMessage());
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            throw new PKIException(e4.getMessage());
        }
    }

    public boolean p7VerifyMessageAttach(byte[] bArr, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr);
        this.signCert = pKCS7SignedData.getSignerX509Cert();
        this.sourceData = pKCS7SignedData.getSourceData();
        this.digestAlgorithm = pKCS7SignedData.getDigestAlgorithm();
        this.signature = pKCS7SignedData.getSignature();
        return pKCS7SignedData.verifyP7SignedDataAttach();
    }

    public boolean p7VerifyMessageDetach(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        this.signCert = pKCS7SignedData.getSignerX509Cert();
        this.digestAlgorithm = pKCS7SignedData.getDigestAlgorithm();
        this.signature = pKCS7SignedData.getSignature();
        return pKCS7SignedData.verifyP7SignedData(bArr);
    }

    public boolean p7VerifyFileAttach(String str, String str2, Session session) throws PKIException {
        try {
            if (new File(str).length() > 53477376) {
                PKCS7SignedFile pKCS7SignedFile = new PKCS7SignedFile(session);
                boolean verifyP7SignedFile = pKCS7SignedFile.verifyP7SignedFile(str, str2);
                this.signCert = pKCS7SignedFile.getSignerX509Cert();
                this.digestAlgorithm = pKCS7SignedFile.getDigestAlgorithm();
                this.signature = pKCS7SignedFile.getSignature();
                return verifyP7SignedFile;
            }
            boolean p7VerifyMessageAttach = p7VerifyMessageAttach(FileUtil.getBytesFromFile(str), session);
            if (str2 != null && !str2.trim().equals("")) {
                FileOutputStream fileOutputStream = new FileOutputStream(str2);
                FileUtil.writeBytesToFile(getSourceData(), fileOutputStream);
                fileOutputStream.close();
            }
            return p7VerifyMessageAttach;
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public boolean p7VerifyFileDetach(String str, byte[] bArr, Session session) throws PKIException {
        FileInputStream fileInputStream = null;
        try {
            try {
                PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
                pKCS7SignedData.loadBase64(bArr);
                this.signCert = pKCS7SignedData.getSignerX509Cert();
                this.digestAlgorithm = pKCS7SignedData.getDigestAlgorithm();
                this.signature = pKCS7SignedData.getSignature();
                fileInputStream = new FileInputStream(str);
                boolean verifyP7SignedData = pKCS7SignedData.verifyP7SignedData(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        throw new PKIException(e.getMessage());
                    }
                }
                return verifyP7SignedData;
            } catch (Exception e2) {
                throw new PKIException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    throw new PKIException(e3.getMessage());
                }
            }
            throw th;
        }
    }

    public String getTimeFromTimeStamp(byte[] bArr) throws PKIException {
        byte[] bArr2 = null;
        try {
            if (ASN1Parser.isBase64Compatability(bArr)) {
                bArr2 = ASN1Parser.deleteCRLF(bArr);
            }
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new ByteArrayInputStream(Base64.decode(bArr2)));
            Iterator it = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
            String str = null;
            while (it.hasNext()) {
                str = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Time.getInstance(((SignerInformation) it.next()).getSignedAttributes().get(CMSAttributes.signingTime).getAttrValues().getObjectAt(0).toASN1Primitive()).getDate());
            }
            cMSSignedDataParser.close();
            return str;
        } catch (Exception e) {
            throw new PKIException(CertKitException.API_PARSE_FILE_SIGNATRUE_ERR, new StringBuffer().append("解析文件签名失败 ").append(e.getMessage()).toString(), e);
        }
    }
}
