package com.hebca.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org2.bouncycastle.asn1.ASN1InputStream;
import org2.bouncycastle.asn1.cms.ContentInfo;
import org2.bouncycastle.cert.X509CertificateHolder;
import org2.bouncycastle.cms.CMSEnvelopedData;
import org2.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org2.bouncycastle.cms.CMSException;
import org2.bouncycastle.cms.CMSProcessable;
import org2.bouncycastle.cms.CMSProcessableByteArray;
import org2.bouncycastle.cms.CMSSignedData;
import org2.bouncycastle.cms.CMSSignedDataGenerator;
import org2.bouncycastle.cms.CMSSignedDataParser;
import org2.bouncycastle.cms.RecipientInformation;
import org2.bouncycastle.cms.SignerInformation;
import org2.bouncycastle.cms.hebca.HebcaKeyTransEnvelopedRecipient;
import org2.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org2.bouncycastle.jce.provider.BouncyCastleProvider;
import org2.bouncycastle.operator.OperatorCreationException;
import org2.bouncycastle.operator.hebca.HebcaContentSignerBuilder;
import org2.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org2.bouncycastle.util.encoders.Base64;

/* loaded from: classes2.dex */
public class Pkcs7 {
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;

    public static byte[] envelop(byte[] bArr, List<String> list) throws OperatorCreationException, CMSException, IOException, NoSuchAlgorithmException, NoSuchProviderException, CertificateException {
        if (list.size() < 1) {
            return null;
        }
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(it.next()));
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BC).generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            cMSEnvelopedDataGenerator.addKeyTransRecipient(x509Certificate);
        }
        return cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), CMSEnvelopedDataGenerator.DES_EDE3_CBC, BC).getEncoded();
    }

    public static byte[] sign(byte[] bArr, Cert cert) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, CertificateEncodingException, CertStoreException, CMSException, IOException {
        ArrayList arrayList = new ArrayList();
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        arrayList.add(cert.getX509Certificate());
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), BC);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(new HebcaContentSignerBuilder().build(cert), cert.getX509Certificate()));
        cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
        return cMSSignedDataGenerator.generate((CMSProcessable) cMSProcessableByteArray, true, BC).getEncoded();
    }

    public static byte[] signAndEnvelop(byte[] bArr, Cert cert, List<String> list) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, CertStoreException, CMSException, IOException, CertificateException {
        return envelop(sign(bArr, cert), list);
    }

    public static byte[] unenvelop(byte[] bArr, Cert cert) throws Exception, CMSException {
        for (RecipientInformation recipientInformation : new CMSEnvelopedData(ContentInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject())).getRecipientInfos().getRecipients()) {
            if (recipientInformation.getRID().match(new X509CertificateHolder(cert.getX509Certificate().getEncoded()))) {
                return recipientInformation.getContent(new HebcaKeyTransEnvelopedRecipient(cert, BC));
            }
        }
        return null;
    }

    public static boolean unenvelopAndVerify(byte[] bArr, Cert cert) throws CMSException, Exception {
        return verifySign(unenvelop(bArr, cert));
    }

    public static boolean verifySign(byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, Exception, CertStoreException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        CMSSignedData cMSSignedData = new CMSSignedData(ContentInfo.getInstance(new ASN1InputStream(byteArrayInputStream).readObject()));
        CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", BC);
        new CMSSignedDataParser(bArr).getSignedContent().getContentStream().read(new byte[bArr.length]);
        for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
            X509Certificate x509Certificate = (X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next();
            signerInformation.getSID();
            ByteArrayInputStream byteArrayInputStream2 = byteArrayInputStream;
            if (!signerInformation.verify(x509Certificate.getPublicKey(), BC)) {
                return false;
            }
            byteArrayInputStream = byteArrayInputStream2;
        }
        return true;
    }
}
