package cn.com.syan.jcee.common.impl.pkcs7;

import cn.com.syan.jcee.a.b;
import cn.com.syan.jcee.common.impl.SparkSignature;
import cn.com.syan.jcee.common.impl.identifier.SparkAlgorithmIdentifier;
import cn.com.syan.jcee.common.impl.utils.CertificateConverter;
import cn.com.syan.jcee.exception.JCEEException;
import cn.unitid.spark.cm.sdk.business.Algorithm;
import cn.unitid.spark.cm.sdk.config.DigestAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.ASN1UTCTime;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSObjectIdentifiers;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.SignerIdentifier;
import org.spongycastle.asn1.cms.SignerInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataStreamGenerator;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.crypto.digests.SM3Digest;
import org.spongycastle.jce.interfaces.ECPublicKey;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.spongycastle.util.Store;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class PKCS7Signature {
    private List<X509Certificate> certChain;
    private PrivateKey privateKey;
    private X509Certificate signCert;
    private byte[] tobeSignedData;

    public PKCS7Signature() {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        this.certChain = new ArrayList();
    }

    private ASN1EncodableVector buildAuthenticatedAttributes(byte[] bArr, AlgorithmIdentifier algorithmIdentifier) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(PKCSObjectIdentifiers.pkcs_9_at_contentType);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(PKCSObjectIdentifiers.data);
        aSN1EncodableVector.add(new DERSet(aSN1EncodableVector2));
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        aSN1EncodableVector4.add(new ASN1UTCTime(new Date()));
        aSN1EncodableVector3.add(new DERSet(aSN1EncodableVector4));
        DERSequence dERSequence2 = new DERSequence(aSN1EncodableVector3);
        ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
        aSN1EncodableVector5.add(PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
        ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
        aSN1EncodableVector6.add(new DEROctetString(makeDigest(bArr, algorithmIdentifier.getAlgorithm().getId())));
        aSN1EncodableVector5.add(new DERSet(aSN1EncodableVector6));
        DERSequence dERSequence3 = new DERSequence(aSN1EncodableVector5);
        ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
        aSN1EncodableVector7.add(dERSequence);
        aSN1EncodableVector7.add(dERSequence2);
        aSN1EncodableVector7.add(dERSequence3);
        return aSN1EncodableVector7;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private SignerInfo buildSignerInfo() throws SignatureException {
        byte[] sign;
        try {
            String algorithm = getSignerCert().getPublicKey().getAlgorithm();
            SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(new JcaX509CertificateHolder(this.signCert).toASN1Structure()));
            AlgorithmIdentifier algorithmIdentifier = algorithm.equals(Algorithm.RSA) ? new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"), DERNull.INSTANCE) : new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.401"), DERNull.INSTANCE);
            DERSet dERSet = new DERSet(buildAuthenticatedAttributes(this.tobeSignedData, algorithmIdentifier));
            AlgorithmIdentifier algorithmIdentifier2 = algorithm.equals(Algorithm.RSA) ? new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE) : new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.301.1"), DERNull.INSTANCE);
            if (algorithm.equals(Algorithm.RSA)) {
                Signature signature = Signature.getInstance("SHA1WITHRSA");
                signature.initSign(this.privateKey);
                signature.update(this.tobeSignedData);
                sign = signature.sign();
            } else {
                SparkSignature sparkSignature = SparkSignature.getInstance("ECDSASM2withSM3");
                sparkSignature.initSign(this.privateKey);
                sparkSignature.update(dERSet.getEncoded());
                sign = sparkSignature.sign((ECPublicKey) this.signCert.getPublicKey());
            }
            return new SignerInfo(signerIdentifier, algorithmIdentifier, dERSet, algorithmIdentifier2, new DEROctetString(sign), (ASN1Set) null);
        } catch (Exception e) {
            throw new SignatureException("failed to build signer info", e);
        }
    }

    private String getRSASignatureAlgorithm(String str) {
        return "2.16.840.1.101.3.4.2.1".equals(str) ? "SHA256withRSA" : "1.3.14.3.2.26".equals(str) ? "SHA1withRSA" : str;
    }

    private boolean innerRSAVerify(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws JCEEException {
        byte[] b;
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, x509Certificate);
            byte[] doFinal = cipher.doFinal(bArr);
            int length = doFinal.length;
            if (length == 16) {
                b = b.b(bArr2, "MD5");
            } else if (length != 20) {
                if (length != 35 && length != 51) {
                    throw new JCEEException("signature with length " + doFinal.length + " is not supported.");
                }
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(doFinal);
                ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(0);
                doFinal = ((DEROctetString) aSN1Sequence.getObjectAt(1)).getOctets();
                b = b.b(bArr2, ((ASN1ObjectIdentifier) aSN1Sequence2.getObjectAt(0)).getId());
            } else {
                b = b.b(bArr2, DigestAlgorithm.SHA1);
            }
            return Arrays.equals(b, doFinal);
        } catch (Exception e) {
            throw new JCEEException("Inner RSA verify failed. cause:" + e.getMessage());
        }
    }

    private boolean innerSignatureVerify(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, String str) throws JCEEException {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(x509Certificate);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (Exception e) {
            throw new JCEEException("Inner RSA Signature verify failed. cause:" + e.getMessage());
        }
    }

    private byte[] makeDigest(byte[] bArr, String str) {
        if (str.equals("1.3.14.3.2.26") || str.equals("2.16.840.1.101.3.4.2.1")) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(str);
                messageDigest.update(bArr);
                return messageDigest.digest();
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
                return null;
            }
        }
        if (str.equals("1.2.156.10197.1.401")) {
            return makeSM3DigestWithoutPublicKey(bArr);
        }
        throw new InvalidParameterException("invalid digest algorithm: " + str);
    }

    private byte[] makeSM3DigestWithoutPublicKey(byte[] bArr) {
        if (bArr == null) {
            throw new InvalidParameterException("data to be verified must be set first");
        }
        SM3Digest sM3Digest = new SM3Digest();
        sM3Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[32];
        sM3Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    public void addCertificates(List<X509Certificate> list) {
        if (list != null) {
            this.certChain.addAll(list);
        }
    }

    public void addSigner(X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            this.signCert = x509Certificate;
            this.certChain.add(this.signCert);
        }
    }

    public CMSSignedData buildCMSSignedData(SignerInfo signerInfo) throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(signerInfo, true);
    }

    public CMSSignedData buildCMSSignedData(SignerInfo signerInfo, boolean z) throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(z ? this.tobeSignedData : null, signerInfo, this.certChain);
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0089  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x008c  */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.spongycastle.cms.CMSSignedData buildCMSSignedData(byte[] r12, org.spongycastle.asn1.cms.SignerInfo r13, java.util.List<java.security.cert.X509Certificate> r14) throws java.security.SignatureException, java.security.cert.CertificateEncodingException {
        /*
            r11 = this;
            org.spongycastle.asn1.ASN1EncodableVector r0 = new org.spongycastle.asn1.ASN1EncodableVector
            r0.<init>()
            org.spongycastle.asn1.ASN1EncodableVector r1 = new org.spongycastle.asn1.ASN1EncodableVector
            r1.<init>()
            java.security.cert.X509Certificate r2 = r11.getSignerCert()
            java.security.PublicKey r2 = r2.getPublicKey()
            java.lang.String r2 = r2.getAlgorithm()
            java.lang.String r3 = "RSA"
            boolean r2 = r2.equals(r3)
            r3 = 0
            if (r12 != 0) goto L21
            r4 = r3
            goto L26
        L21:
            org.spongycastle.asn1.BEROctetString r4 = new org.spongycastle.asn1.BEROctetString
            r4.<init>(r12)
        L26:
            org.spongycastle.asn1.cms.ContentInfo r7 = new org.spongycastle.asn1.cms.ContentInfo
            if (r2 == 0) goto L2d
            org.spongycastle.asn1.ASN1ObjectIdentifier r5 = org.spongycastle.asn1.cms.CMSObjectIdentifiers.data
            goto L34
        L2d:
            org.spongycastle.asn1.ASN1ObjectIdentifier r5 = new org.spongycastle.asn1.ASN1ObjectIdentifier
            java.lang.String r6 = "1.2.156.10197.6.1.4.2.1"
            r5.<init>(r6)
        L34:
            r7.<init>(r5, r4)
            org.spongycastle.asn1.x509.AlgorithmIdentifier r4 = r13.getDigestAlgorithm()
            r0.add(r4)
            r1.add(r13)
            r9 = 0
            int r13 = r14.size()
            if (r13 == 0) goto L74
            org.spongycastle.asn1.ASN1EncodableVector r13 = new org.spongycastle.asn1.ASN1EncodableVector
            r13.<init>()
            java.util.Iterator r14 = r14.iterator()     // Catch: java.io.IOException -> L70
        L51:
            boolean r4 = r14.hasNext()     // Catch: java.io.IOException -> L70
            if (r4 == 0) goto L69
            java.lang.Object r4 = r14.next()     // Catch: java.io.IOException -> L70
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.io.IOException -> L70
            byte[] r4 = r4.getEncoded()     // Catch: java.io.IOException -> L70
            org.spongycastle.asn1.ASN1Primitive r4 = org.spongycastle.asn1.ASN1Sequence.fromByteArray(r4)     // Catch: java.io.IOException -> L70
            r13.add(r4)     // Catch: java.io.IOException -> L70
            goto L51
        L69:
            org.spongycastle.asn1.BERSet r14 = new org.spongycastle.asn1.BERSet     // Catch: java.io.IOException -> L70
            r14.<init>(r13)     // Catch: java.io.IOException -> L70
            r8 = r14
            goto L75
        L70:
            r13 = move-exception
            r13.printStackTrace()
        L74:
            r8 = r3
        L75:
            org.spongycastle.asn1.cms.SignedData r13 = new org.spongycastle.asn1.cms.SignedData
            org.spongycastle.asn1.DERSet r6 = new org.spongycastle.asn1.DERSet
            r6.<init>(r0)
            org.spongycastle.asn1.DERSet r10 = new org.spongycastle.asn1.DERSet
            r10.<init>(r1)
            r5 = r13
            r5.<init>(r6, r7, r8, r9, r10)
            org.spongycastle.asn1.cms.ContentInfo r14 = new org.spongycastle.asn1.cms.ContentInfo
            if (r2 == 0) goto L8c
            org.spongycastle.asn1.ASN1ObjectIdentifier r0 = org.spongycastle.asn1.cms.CMSObjectIdentifiers.signedData
            goto L93
        L8c:
            org.spongycastle.asn1.ASN1ObjectIdentifier r0 = new org.spongycastle.asn1.ASN1ObjectIdentifier
            java.lang.String r1 = "1.2.156.10197.6.1.4.2.2"
            r0.<init>(r1)
        L93:
            r14.<init>(r0, r13)
            org.spongycastle.cms.CMSProcessableByteArray r13 = new org.spongycastle.cms.CMSProcessableByteArray     // Catch: org.spongycastle.cms.CMSException -> La1
            r13.<init>(r12)     // Catch: org.spongycastle.cms.CMSException -> La1
            org.spongycastle.cms.CMSSignedData r12 = new org.spongycastle.cms.CMSSignedData     // Catch: org.spongycastle.cms.CMSException -> La1
            r12.<init>(r13, r14)     // Catch: org.spongycastle.cms.CMSException -> La1
            return r12
        La1:
            r12 = move-exception
            java.security.SignatureException r13 = new java.security.SignatureException
            java.lang.String r14 = "pkcs7 sign failed"
            r13.<init>(r14, r12)
            throw r13
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.com.syan.jcee.common.impl.pkcs7.PKCS7Signature.buildCMSSignedData(byte[], org.spongycastle.asn1.cms.SignerInfo, java.util.List):org.spongycastle.cms.CMSSignedData");
    }

    public byte[] getPrimaryContent() {
        return this.tobeSignedData;
    }

    public X509Certificate getSignerCert() {
        return this.signCert;
    }

    public void initSign(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public CMSSignedData pkcs7Sign() throws SignatureException, CertificateEncodingException {
        return buildCMSSignedData(buildSignerInfo(), true);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public CMSSignedData pkcs7Sign(ContentSigner contentSigner, boolean z) throws SignatureException, CertificateEncodingException {
        try {
            String algorithm = getSignerCert().getPublicKey().getAlgorithm();
            SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(new JcaX509CertificateHolder(this.signCert).toASN1Structure()));
            AlgorithmIdentifier algorithmIdentifier = algorithm.equals(Algorithm.RSA) ? new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26"), DERNull.INSTANCE) : new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.401"), DERNull.INSTANCE);
            DERSet dERSet = new DERSet(buildAuthenticatedAttributes(this.tobeSignedData, algorithmIdentifier));
            AlgorithmIdentifier algorithmIdentifier2 = algorithm.equals(Algorithm.RSA) ? new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE) : new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.10197.1.301.1"), DERNull.INSTANCE);
            OutputStream outputStream = contentSigner.getOutputStream();
            new DEROutputStream(outputStream).writeObject(dERSet);
            outputStream.close();
            return buildCMSSignedData(new SignerInfo(signerIdentifier, algorithmIdentifier, dERSet, algorithmIdentifier2, new DEROctetString(contentSigner.getSignature()), (ASN1Set) null), z);
        } catch (Exception e) {
            throw new SignatureException("failed to build signer info", e);
        }
    }

    public CMSSignedData pkcs7Sign(boolean z) throws SignatureException {
        try {
            return new CMSSignedData(sign(z));
        } catch (CMSException e) {
            throw new SignatureException(e);
        }
    }

    public byte[] sign() throws SignatureException {
        return sign(true);
    }

    public byte[] sign(boolean z) throws SignatureException {
        if (this.signCert == null || this.privateKey == null) {
            throw new NullPointerException("signer cert or private key is null");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            if (!this.signCert.getPublicKey().getAlgorithm().equals(Algorithm.RSA)) {
                return buildCMSSignedData(buildSignerInfo(), z).getEncoded();
            }
            CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator();
            cMSSignedDataStreamGenerator.addCertificates(new JcaCertStore(this.certChain));
            cMSSignedDataStreamGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()).build(new JcaContentSignerBuilder("SHA1withRSA").build(this.privateKey), this.signCert));
            OutputStream open = cMSSignedDataStreamGenerator.open(byteArrayOutputStream, z);
            open.write(this.tobeSignedData);
            open.flush();
            open.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new SignatureException("sign pkcs7 failed. cause: " + e.getMessage(), e);
        }
    }

    public void update(byte[] bArr) {
        this.tobeSignedData = bArr;
    }

    public boolean verify(String str) throws SignatureException {
        return verify(str, true);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean verify(String str, boolean z) throws SignatureException {
        ByteArrayOutputStream byteArrayOutputStream;
        byte[] bArr;
        byte[] bArr2;
        ByteArrayOutputStream byteArrayOutputStream2 = null;
        try {
            try {
                byteArrayOutputStream = new ByteArrayOutputStream();
                if (!z) {
                    try {
                        if (this.tobeSignedData == null) {
                            throw new SignatureException("非Attach模式下,必须先update待验证数据");
                        }
                    } catch (Exception e) {
                        e = e;
                        byteArrayOutputStream2 = byteArrayOutputStream;
                        throw new SignatureException("验证PKCS7签名异常. cause: " + e.getMessage(), e);
                    } catch (Throwable th) {
                        th = th;
                        if (byteArrayOutputStream != null) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (IOException e2) {
                                e2.printStackTrace();
                            }
                        }
                        throw th;
                    }
                }
                String signedContentTypeOID = new CMSSignedData(Base64.decode(str)).getSignedContentTypeOID();
                CMSSignedData cMSSignedData = signedContentTypeOID.equals(CMSObjectIdentifiers.data.getId()) ? z ? new CMSSignedData(Base64.decode(str)) : new CMSSignedData(new CMSProcessableByteArray(PKCSObjectIdentifiers.data, this.tobeSignedData), Base64.decode(str)) : z ? new CMSSignedData(Base64.decode(str)) : new CMSSignedData(new CMSProcessableByteArray(new ASN1ObjectIdentifier(SparkAlgorithmIdentifier.PKCS7_SM2_DATA_OID), this.tobeSignedData), Base64.decode(str));
                CMSTypedData signedContent = cMSSignedData.getSignedContent();
                if (z) {
                    if (signedContent == null) {
                        throw new IOException("PKCS7签名中没有包含签名数据");
                    }
                    signedContent.write(byteArrayOutputStream);
                    this.tobeSignedData = byteArrayOutputStream.toByteArray();
                }
                Store certificates = cMSSignedData.getCertificates();
                Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
                Iterator<SignerInformation> it = signers.iterator();
                int i = 0;
                while (it.hasNext()) {
                    cn.com.syan.jcee.common.impl.cms.SignerInformation signerInformation = cn.com.syan.jcee.common.impl.cms.SignerInformation.getInstance(it.next(), signedContent);
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                    if (signedContentTypeOID.equals(CMSObjectIdentifiers.data.getId())) {
                        this.signCert = CertificateConverter.fromBinary(x509CertificateHolder.getEncoded());
                        byte[] signature = signerInformation.getSignature();
                        AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                        if (signedAttributes != null) {
                            bArr = signerInformation.getEncodedSignedAttributes();
                            byte[] octets = ((DEROctetString) signedAttributes.get(PKCSObjectIdentifiers.pkcs_9_at_messageDigest).getAttrValues().getObjectAt(0)).getOctets();
                            String id2 = signerInformation.getDigestAlgorithmID().getAlgorithm().getId();
                            if (!"1.3.14.3.2.26".equals(id2) && !"2.16.840.1.101.3.4.2.1".equals(id2)) {
                                throw new SignatureException("unsupported digest algorithm:" + signerInformation.getDigestAlgorithmID().getAlgorithm().getId() + " in RSA P7");
                            }
                            if (!Arrays.equals(octets, makeDigest((byte[]) signedContent.getContent(), signerInformation.getDigestAlgorithmID().getAlgorithm().getId()))) {
                                try {
                                    byteArrayOutputStream.close();
                                } catch (IOException e3) {
                                    e3.printStackTrace();
                                }
                                return false;
                            }
                        } else {
                            bArr = this.tobeSignedData;
                        }
                        getRSASignatureAlgorithm(signerInformation.getDigestAlgOID());
                        if (innerRSAVerify(signature, bArr, this.signCert)) {
                            i++;
                        }
                    } else {
                        this.signCert = CertificateConverter.fromBinary(x509CertificateHolder.toASN1Structure().getEncoded());
                        byte[] signature2 = signerInformation.getSignature();
                        AttributeTable signedAttributes2 = signerInformation.getSignedAttributes();
                        if (signedAttributes2 != null) {
                            bArr2 = signerInformation.getEncodedSignedAttributes();
                            byte[] octets2 = ((DEROctetString) signedAttributes2.get(PKCSObjectIdentifiers.pkcs_9_at_messageDigest).getAttrValues().getObjectAt(0)).getOctets();
                            if (!"1.2.156.10197.1.401".equals(signerInformation.getDigestAlgorithmID().getAlgorithm().getId())) {
                                throw new SignatureException("invalid digest algorithm:" + signerInformation.getDigestAlgorithmID().getAlgorithm().getId() + " in SM2 Q7");
                            }
                            if (!Arrays.equals(octets2, makeSM3DigestWithoutPublicKey((byte[]) signedContent.getContent()))) {
                                try {
                                    byteArrayOutputStream.close();
                                } catch (IOException e4) {
                                    e4.printStackTrace();
                                }
                                return false;
                            }
                        } else {
                            bArr2 = this.tobeSignedData;
                        }
                        SparkSignature sparkSignature = SparkSignature.getInstance("ECDSASM2withSM3");
                        sparkSignature.initVerify(this.signCert);
                        sparkSignature.update(bArr2);
                        if (sparkSignature.verify(signature2)) {
                            i++;
                        }
                    }
                }
                boolean z2 = i == signers.size();
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
                return z2;
            } catch (Exception e6) {
                e = e6;
            }
        } catch (Throwable th2) {
            th = th2;
            byteArrayOutputStream = byteArrayOutputStream2;
        }
    }
}
