package cn.topca.core.ext.bc.cms;

import cn.tca.TopBasicCrypto.asn1.ASN1EncodableVector;
import cn.tca.TopBasicCrypto.asn1.ASN1ObjectIdentifier;
import cn.tca.TopBasicCrypto.asn1.DERSequence;
import cn.tca.TopBasicCrypto.asn1.cms.ContentInfo;
import cn.tca.TopBasicCrypto.asn1.cms.IssuerAndSerialNumber;
import cn.tca.TopBasicCrypto.asn1.cms.SignerIdentifier;
import cn.tca.TopBasicCrypto.asn1.x509.TBSCertificateStructure;
import cn.tca.TopBasicCrypto.asn1.x509.X509CertificateStructure;
import cn.tca.TopBasicCrypto.cert.CertException;
import cn.tca.TopBasicCrypto.cert.X509CertificateHolder;
import cn.tca.TopBasicCrypto.cms.CMSException;
import cn.tca.TopBasicCrypto.cms.SignerId;
import cn.tca.TopBasicCrypto.operator.OperatorCreationException;
import cn.tca.TopBasicCrypto.util.CollectionStore;
import cn.tca.TopBasicCrypto.util.Store;
import cn.tca.TopBasicCrypto.x509.X509CertStoreSelector;
import cn.topca.core.ext.bc.asn1.cms.CMSObjectIdentifiers;
import cn.topca.core.ext.bc.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import cn.topca.core.ext.bc.cms.jcajce.JceCMSContentEncryptorBuilder;
import cn.topca.core.ext.bc.cms.jcajce.JceKeyTransEnvelopedRecipient;
import cn.topca.core.ext.bc.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import cn.topca.core.ext.bc.operator.jcajce.JcaContentSignerBuilder;
import cn.topca.core.ext.bc.operator.jcajce.JcaContentVerifierProviderBuilder;
import cn.topca.core.ext.bc.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import cn.topca.core.ext.bc.util.X509CertificateHolderSelector;
import cn.topca.security.JCAJCEUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:cn/topca/core/ext/bc/cms/CMSOperatorUtils.class */
public class CMSOperatorUtils {
    private static Provider smProvider;

    /* loaded from: input_file:cn/topca/core/ext/bc/cms/CMSOperatorUtils$SignedDataVerifyResult.class */
    public static final class SignedDataVerifyResult {
        private byte[] plaintext;
        private Set<SignerId> success = new HashSet();
        private Map<SignerId, VerifyStatus> failed = new HashMap();

        SignedDataVerifyResult() {
        }

        void setPlaintext(byte[] bArr) {
            this.plaintext = bArr;
        }

        void setSuccess(SignerId signerId) {
            this.success.add(signerId);
        }

        void setFailed(SignerId signerId, VerifyStatus verifyStatus) {
            this.failed.put(signerId, verifyStatus);
        }

        public byte[] getPlaintext() {
            return this.plaintext;
        }

        public Set<SignerId> getSuccess() {
            return this.success;
        }

        public Map<SignerId, VerifyStatus> getFailed() {
            return this.failed;
        }
    }

    /* loaded from: input_file:cn/topca/core/ext/bc/cms/CMSOperatorUtils$VerifyStatus.class */
    public enum VerifyStatus {
        Success,
        Failed,
        UnTrusted
    }

    public static CMSEnvelopedData generateEnvelopedData(byte[] bArr, Certificate certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CertificateEncodingException, CMSException {
        return generateEnvelopedData(bArr, certificate, aSN1ObjectIdentifier, JCAJCEUtils.isGMAlgorithm(certificate.getPublicKey().getAlgorithm()));
    }

    public static CMSEnvelopedData generateEnvelopedData(byte[] bArr, Certificate certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) throws CertificateEncodingException, CMSException {
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate) certificate));
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).build());
        if (z) {
            generate = new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.gm_envelopedData, generate.getContentInfo().getContent()));
        }
        return generate;
    }

    public static CMSEnvelopedData generateEnvelopedDatas(byte[] bArr, Certificate[] certificateArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) throws CertificateEncodingException, CMSException {
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        for (Certificate certificate : certificateArr) {
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate) certificate));
        }
        CMSEnvelopedData generate = cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).build());
        new ArrayList();
        if (z) {
            generate = new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.gm_envelopedData, generate.getContentInfo().getContent()));
        }
        return generate;
    }

    public static CMSSignedData generateSignedData(byte[] bArr, PrivateKey privateKey, Certificate certificate, Provider provider, boolean z) throws OperatorCreationException, CMSException, CertificateEncodingException {
        X509CertificateStructure x509CertificateStructure = X509CertificateStructure.getInstance(certificate.getEncoded());
        TBSCertificateStructure tBSCertificate = x509CertificateStructure.getTBSCertificate();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(tBSCertificate.getIssuer());
        aSN1EncodableVector.add(tBSCertificate.getSerialNumber());
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(new DERSequence(aSN1EncodableVector)));
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(tBSCertificate.getSignature().getAlgorithm().getId());
        if (provider != null) {
            jcaContentSignerBuilder.setProvider(provider);
        }
        SignerInfoGenerator signerInfoGenerator = new SignerInfoGenerator(signerIdentifier, jcaContentSignerBuilder.build(privateKey), new JcaDigestCalculatorProviderBuilder().build(), false);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new X509CertificateHolder(x509CertificateStructure));
        cMSSignedDataGenerator.addCertificates(new CollectionStore(arrayList));
        return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), z);
    }

    public static CMSSignedData generateSignedData(byte[] bArr, PrivateKey privateKey, Certificate certificate, Provider provider) throws OperatorCreationException, CMSException, CertificateEncodingException {
        return generateSignedData(bArr, privateKey, certificate, provider, true);
    }

    public static SignedDataVerifyResult verifySignedData(InputStream inputStream, Store store) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        return verifySignedData(new CMSSignedData(inputStream), store);
    }

    public static SignedDataVerifyResult verifySignedData(CMSSignedData cMSSignedData, Store store) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        byte[] bArr = null;
        if (cMSSignedData.getSignedContent() != null) {
            bArr = (byte[]) cMSSignedData.getSignedContent().getContent();
        }
        return verifySignedData(cMSSignedData, store, bArr);
    }

    public static SignedDataVerifyResult verifySignedData(InputStream inputStream, Store store, byte[] bArr) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        return verifySignedData(new CMSSignedData(inputStream), store, bArr);
    }

    public static SignedDataVerifyResult verifySignedData(CMSSignedData cMSSignedData, Store store, byte[] bArr) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        Store certificates = cMSSignedData.getCertificates();
        SignedDataVerifyResult signedDataVerifyResult = new SignedDataVerifyResult();
        for (SignerInformation signerInformation : signerInfos.getSigners()) {
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
            if (bArr != null) {
                System.out.println();
            }
            if (store != null) {
                X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
                x509CertStoreSelector.setSubject(x509CertificateHolder.getIssuer().getEncoded());
                Collection matches = store.getMatches(x509CertStoreSelector);
                if (matches.size() < 1) {
                    signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.UnTrusted);
                } else {
                    if (!x509CertificateHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().build((X509CertificateHolder) matches.iterator().next()))) {
                        signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.UnTrusted);
                    }
                }
            }
            if (signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(x509CertificateHolder))) {
                signedDataVerifyResult.setSuccess(signerInformation.getSID());
            } else {
                signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.Failed);
            }
        }
        signedDataVerifyResult.setPlaintext(bArr);
        return signedDataVerifyResult;
    }

    public static SignedDataVerifyResult verifySignedDatas(CMSSignedData cMSSignedData, Store store, byte[] bArr) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        Store certificates = cMSSignedData.getCertificates();
        SignedDataVerifyResult signedDataVerifyResult = new SignedDataVerifyResult();
        for (SignerInformation signerInformation : signerInfos.getSigners()) {
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
            X509Certificate x509Cert = getX509Cert(x509CertificateHolder);
            signerInformation.getSID().setCertificate(x509Cert);
            if (bArr != null) {
                System.out.println();
            }
            if (store != null) {
                X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector();
                x509CertificateHolderSelector.setSubject(x509CertificateHolder.getIssuer().getEncoded());
                Collection matches = store.getMatches(x509CertificateHolderSelector);
                if (matches.size() < 1) {
                    signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.UnTrusted);
                } else {
                    X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) matches.iterator().next();
                    JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
                    if (x509Cert.getPublicKey().getAlgorithm().equals("RSA")) {
                        smProvider = null;
                    }
                    if (smProvider != null) {
                        jcaContentVerifierProviderBuilder.setProvider(smProvider);
                    }
                    if (!x509CertificateHolder.isSignatureValid(jcaContentVerifierProviderBuilder.build(x509CertificateHolder2))) {
                        signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.UnTrusted);
                    }
                }
            }
            signedDataVerifyResult.setSuccess(signerInformation.getSID());
        }
        signedDataVerifyResult.setPlaintext(bArr);
        return signedDataVerifyResult;
    }

    public static SignedDataVerifyResult verifySignedDatas(CMSSignedData cMSSignedData, byte[] bArr, X509Certificate x509Certificate) throws CMSException, IOException, CertificateException, OperatorCreationException, CertException {
        SignedDataVerifyResult signedDataVerifyResult = new SignedDataVerifyResult();
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            signerInformation.getSID().setCertificate(x509Certificate);
            if (bArr != null) {
                System.out.println();
            }
            JcaSimpleSignerInfoVerifierBuilder jcaSimpleSignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder();
            if (x509Certificate.getPublicKey().getAlgorithm().equals("SM2") && smProvider != null) {
                jcaSimpleSignerInfoVerifierBuilder.setProvider(smProvider);
            }
            if (signerInformation.verify(jcaSimpleSignerInfoVerifierBuilder.build(x509Certificate))) {
                signedDataVerifyResult.setSuccess(signerInformation.getSID());
            } else {
                signedDataVerifyResult.setFailed(signerInformation.getSID(), VerifyStatus.Failed);
            }
        }
        signedDataVerifyResult.setPlaintext(bArr);
        return signedDataVerifyResult;
    }

    public static X509Certificate getX509Cert(X509CertificateHolder x509CertificateHolder) throws IOException, CertificateException {
        CertificateFactory certificateFactory = smProvider == null ? CertificateFactory.getInstance("X.509") : CertificateFactory.getInstance("X.509", smProvider);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }

    public static byte[] decryptEnvelopedData(InputStream inputStream, PrivateKey privateKey, Provider provider) throws CMSException, IOException {
        Iterator it = new CMSEnvelopedData(inputStream).getRecipientInfos().getRecipients().iterator();
        if (!it.hasNext()) {
            return null;
        }
        RecipientInformation recipientInformation = (RecipientInformation) it.next();
        JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient(privateKey);
        if (provider != null) {
            jceKeyTransEnvelopedRecipient.setProvider(provider);
        }
        return recipientInformation.getContent(jceKeyTransEnvelopedRecipient);
    }

    private static String toStringSerialNumber(BigInteger bigInteger) {
        String upperCase = bigInteger.toString(16).toUpperCase();
        if (upperCase.length() % 2 == 1) {
            upperCase = "0" + upperCase;
        }
        return upperCase;
    }

    static {
        smProvider = null;
        smProvider = Security.getProvider("TopSM");
    }
}
