package cn.com.jit.ida.util.pki.pkcs;

import cn.com.jit.ida.exception.PKI30ExceptionMessage;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.ASN1Set;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.DERUTCTime;
import cn.com.jit.ida.util.pki.asn1.mof.MOFSignedData;
import cn.com.jit.ida.util.pki.asn1.mof.SM2Signature;
import cn.com.jit.ida.util.pki.asn1.mof.ServerInfo;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.X509CertificateStructure;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.Mechanisms;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.cipher.lib.JSoftLib;
import cn.com.jit.ida.util.pki.cipher.param.P7Param;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.util.ArraysUtil;
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.Date;

/* loaded from: classes.dex */
public class MOFPKCS7 {
    private Session digSession;
    private P7Param p7cnt;
    private Session session;
    private MOFSignedData signedData;

    public MOFPKCS7(Session session) throws PKIException {
        this.session = session;
        if (session instanceof JSoftLib) {
            this.digSession = session;
            return;
        }
        JCrypto jCrypto = JCrypto.getInstance();
        jCrypto.initialize(JCrypto.JSOFT_LIB, null);
        this.digSession = jCrypto.openSession(JCrypto.JSOFT_LIB);
    }

    private X509Cert[] GetCerts(ASN1Set aSN1Set) throws PKIException {
        if (aSN1Set == null) {
            return null;
        }
        DERSet dERSet = (DERSet) aSN1Set;
        X509Cert[] x509CertArr = new X509Cert[dERSet.size()];
        for (int i = 0; i < dERSet.size(); i++) {
            x509CertArr[i] = new X509Cert(X509CertificateStructure.getInstance(dERSet.getObjectAt(i)));
        }
        return x509CertArr;
    }

    private int parserCnt(ContentInfo contentInfo) throws PKIException {
        DERObjectIdentifier contentType = contentInfo.getContentType();
        this.p7cnt = new P7Param();
        if (!contentType.equals(PKCSObjectIdentifiers.gm_PKCS7_signedData)) {
            if (contentType.equals(PKCSObjectIdentifiers.gm_PKCS7_envelopedData)) {
                return 3;
            }
            return contentType.equals(PKCSObjectIdentifiers.gm_PKCS7_signedAndEnvelopedData) ? 4 : 0;
        }
        MOFSignedData mOFSignedData = MOFSignedData.getInstance(contentInfo.getContent());
        this.signedData = mOFSignedData;
        this.p7cnt.SetSignCerts(GetCerts(mOFSignedData.getCertificates()));
        return 2;
    }

    public byte[] genP7_Sign(byte[] bArr, byte[] bArr2, P7Param[] p7ParamArr, boolean z, boolean z2) throws PKIException {
        DERSet dERSet;
        DEROctetString dEROctetString;
        if (this.session == null) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0100);
        }
        if (p7ParamArr == null || p7ParamArr.length == 0) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0101);
        }
        if (!p7ParamArr[0].GetSignMech().equals(Mechanisms.SM3_SM2)) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0102, p7ParamArr[0].GetSignMech().toString());
        }
        if (z && (p7ParamArr[0].GetSignCerts() == null || p7ParamArr[0].GetSignCerts().length == 0)) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0103);
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.SM3);
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.SM2_SIGN);
        if (z) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(p7ParamArr[0].GetSignCerts()[0].getCertStructure());
            dERSet = new DERSet(aSN1EncodableVector);
        } else {
            dERSet = null;
        }
        ServerInfo serverInfo = new ServerInfo(new DEROctetString(bArr2), new DERUTCTime(new Date()));
        byte[] digest = this.digSession.digest(Mechanisms.SM3.m8clone(), Parser.writeDERObj2Bytes(serverInfo));
        byte[] digest2 = this.digSession.digest(Mechanisms.SM3.m8clone(), bArr);
        SM2Signature sM2Signature = new SM2Signature(this.session.sign(Mechanisms.SM3_SM2.m8clone(), p7ParamArr[0].GetPrvKey(), z2 ? ArraysUtil.concat(digest2, digest) : digest2));
        if (z2) {
            byte[] bArr3 = new byte[32];
            for (int i = 0; i < 32; i++) {
                bArr3[i] = (byte) (digest2[i] & digest[i]);
            }
            dEROctetString = new DEROctetString(bArr3);
        } else {
            dEROctetString = null;
        }
        this.signedData = new MOFSignedData(dERSet, algorithmIdentifier, algorithmIdentifier2, serverInfo, sM2Signature, dEROctetString);
        return Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.gm_PKCS7_signedData, this.signedData));
    }

    public P7Param getP7cnt() {
        return this.p7cnt;
    }

    public int load(byte[] bArr) throws PKIException {
        byte[] decodePem = Parser.decodePem(bArr);
        if (Parser.isBase64Encode(decodePem)) {
            decodePem = Base64.decode(decodePem);
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodePem);
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            ContentInfo contentInfo = new ContentInfo((ASN1Sequence) aSN1InputStream.readObject());
            aSN1InputStream.close();
            byteArrayInputStream.close();
            return parserCnt(contentInfo);
        } catch (Exception e) {
            throw new PKIException(PKIException.P7_LOAD_ERR, PKIException.P7_LOAD_ERR_DES, e);
        }
    }

    public boolean verifyP7Sign(byte[] bArr, X509Cert[] x509CertArr) throws PKIException {
        if (this.session == null) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0100);
        }
        if (bArr == null) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0104);
        }
        if (this.signedData == null) {
            throw new PKIException(PKI30ExceptionMessage.PK30E0105);
        }
        if (this.p7cnt.GetSignCerts() != null) {
            x509CertArr = this.p7cnt.GetSignCerts();
        }
        byte[] digest = this.digSession.digest(Mechanisms.SM3, Parser.writeDERObj2Bytes(this.signedData.getServerInfo()));
        byte[] digest2 = this.digSession.digest(Mechanisms.SM3, bArr);
        DEROctetString extendData = this.signedData.getExtendData();
        if (extendData != null) {
            byte[] bArr2 = new byte[32];
            for (int i = 0; i < 32; i++) {
                bArr2[i] = (byte) (digest2[i] & digest[i]);
            }
            if (!Arrays.equals(bArr2, extendData.getOctets())) {
                return false;
            }
            digest2 = ArraysUtil.concat(digest2, digest);
        }
        return this.session.verifySign(Mechanisms.SM3_SM2.m8clone(), x509CertArr[0].getPublicKey(), digest2, Parser.writeDERObj2Bytes(this.signedData.getSignature()));
    }
}
