package com.cfca.util.pki.api;

import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.cipher.lib.JSoftLib;
import com.cfca.util.pki.cipher.param.CBCParam;
import com.cfca.util.pki.cms.CMSEnvelopedData;
import com.cfca.util.pki.cms.CMSEnvelopedDataGenerator;
import com.cfca.util.pki.cms.CMSEnvelopedDataStreamGenerator;
import com.cfca.util.pki.cms.CMSProcessableByteArray;
import com.cfca.util.pki.cms.RecipientId;
import com.cfca.util.pki.cms.RecipientInformation;
import com.cfca.util.pki.cms.RecipientInformationStore;
import com.cfca.util.pki.encoders.Base64;
import com.cfca.util.pki.pkcs.PKCS7EncryptedData;
import com.cfca.util.pki.pkcs.PKCS7EnvelopedData;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes2.dex */
public class EnvelopUtil {
    public static final String DES3_CBC = "DESede/CBC/PKCS7Padding";
    public static final String DES3_ECB = "DESede/ECB/PKCS7Padding";
    public static final String DES_CBC = "DES/CBC/PKCS7Padding";
    public static final String DES_ECB = "DES/ECB/PKCS7Padding";
    public static final String DIGEST_MD5 = "1.2.840.113549.2.5";
    public static final String DIGEST_SHA1 = "1.3.14.3.2.26";
    public static final String RC4 = "RC4";
    private List recipientCerts = new ArrayList();
    public boolean cmsFlag = false;

    public void addRecipient(X509Cert x509Cert) throws PKIException {
        this.recipientCerts.add(x509Cert);
    }

    public void envelopeFile(String str, String str2, int i, String str3, Session session) throws PKIException {
        Mechanism mechanism;
        CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator = new CMSEnvelopedDataStreamGenerator(session);
        if (this.recipientCerts.size() == 0) {
            throw new PKIException(CertAppKitException.API_NO_RECIPIENT_CERT_ERR, CertAppKitException.API_NO_RECIPIENT_CERT_ERR_DES);
        }
        if (!str3.equals("RC4") && !str3.equals("DES/ECB/PKCS7Padding") && !str3.equals("DES/CBC/PKCS7Padding") && !str3.equals("DESede/ECB/PKCS7Padding") && !str3.equals("DESede/CBC/PKCS7Padding")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR, CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR_DES);
        }
        if (str3.indexOf("CBC") > 0 && str3.indexOf("AES") > 0) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(EncryptUtil.IV_16);
            mechanism = new Mechanism(str3, cBCParam);
        } else if (str3.indexOf("CBC") > 0) {
            CBCParam cBCParam2 = new CBCParam();
            cBCParam2.setIv(EncryptUtil.IV_8);
            mechanism = new Mechanism(str3, cBCParam2);
        } else {
            mechanism = new Mechanism(str3);
        }
        for (X509Cert x509Cert : this.recipientCerts) {
            if (this.cmsFlag) {
                JKey publicKey = x509Cert.getPublicKey();
                if (x509Cert.getSubjectKeyIdentifier() == null) {
                    throw new PKIException(CertAppKitException.API_NO_SUBPUBKEY_ERR, CertAppKitException.API_NO_SUBPUBKEY_ERR_DES);
                }
                cMSEnvelopedDataStreamGenerator.addKeyTransRecipient(publicKey, x509Cert.getSubjectKeyIdentifier().getSubKeyIdentifier());
            } else {
                cMSEnvelopedDataStreamGenerator.addKeyTransRecipient(x509Cert);
            }
        }
        try {
            if (session instanceof JSoftLib) {
                FileOutputStream fileOutputStream = new FileOutputStream(str2);
                BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSEnvelopedDataStreamGenerator.open(fileOutputStream, mechanism), i);
                FileInputStream fileInputStream = new FileInputStream(str);
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream, i);
                int available = fileInputStream.available();
                byte[] bArr = new byte[i];
                int i2 = 0;
                while (true) {
                    if (i2 >= available) {
                        break;
                    }
                    int read = bufferedInputStream.read(bArr);
                    if (read != -1) {
                        bufferedOutputStream.write(bArr, 0, read);
                        i2 += read;
                    } else if (available != i2) {
                        throw new Exception("读取原文数据错误");
                    }
                }
                bufferedInputStream.close();
                bufferedOutputStream.close();
                fileOutputStream.close();
                return;
            }
            FileOutputStream fileOutputStream2 = new FileOutputStream(str2);
            BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(cMSEnvelopedDataStreamGenerator.open(fileOutputStream2, mechanism), i);
            FileInputStream fileInputStream2 = new FileInputStream(str);
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream2, i);
            int available2 = fileInputStream2.available();
            byte[] bArr2 = new byte[i];
            int i3 = 0;
            while (true) {
                if (i3 >= available2) {
                    break;
                }
                int read2 = bufferedInputStream2.read(bArr2);
                if (read2 != -1) {
                    bufferedOutputStream2.write(bArr2, 0, read2);
                    i3 += read2;
                } else if (available2 != i3) {
                    throw new Exception("读取原文数据错误");
                }
            }
            bufferedInputStream2.close();
            bufferedOutputStream2.close();
            fileOutputStream2.close();
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_ENVELOP_ERR, "产生文件数字信封失败 " + e.getMessage(), e);
        }
    }

    public byte[] envelopeMS(byte[] bArr, String str, String str2, JKey jKey, X509Cert x509Cert, X509Cert x509Cert2, Session session) throws PKIException {
        Mechanism mechanism;
        Mechanism mechanism2;
        if (!str.equals("RC4") && !str.equals("DES/ECB/PKCS7Padding") && !str.equals("DES/CBC/PKCS7Padding") && !str.equals("DESede/ECB/PKCS7Padding") && !str.equals("DESede/CBC/PKCS7Padding")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR, CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR_DES);
        }
        if (!str2.equals(DIGEST_SHA1) && !str2.equals(DIGEST_MD5)) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR, CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR_DES);
        }
        if (str.indexOf("CBC") > 0 && str.indexOf("AES") > 0) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(EncryptUtil.IV_16);
            mechanism2 = new Mechanism(str, cBCParam);
        } else {
            if (str.indexOf("CBC") <= 0) {
                mechanism = new Mechanism(str);
                PKCS7EnvelopedData pKCS7EnvelopedData = new PKCS7EnvelopedData(session);
                return Base64.encode(pKCS7EnvelopedData.generateCryptoAPISignAndEnvContent(pKCS7EnvelopedData.generateSignAndEnvDataExtendCryptAPI(PKCS7EncryptedData.DATA, bArr, str2, mechanism, jKey, x509Cert2, x509Cert)));
            }
            CBCParam cBCParam2 = new CBCParam();
            cBCParam2.setIv(EncryptUtil.IV_8);
            mechanism2 = new Mechanism(str, cBCParam2);
        }
        mechanism = mechanism2;
        PKCS7EnvelopedData pKCS7EnvelopedData2 = new PKCS7EnvelopedData(session);
        return Base64.encode(pKCS7EnvelopedData2.generateCryptoAPISignAndEnvContent(pKCS7EnvelopedData2.generateSignAndEnvDataExtendCryptAPI(PKCS7EncryptedData.DATA, bArr, str2, mechanism, jKey, x509Cert2, x509Cert)));
    }

    public byte[] envelopeMessage(byte[] bArr, String str, Session session) throws PKIException {
        Mechanism mechanism;
        if (!str.equals("RC4") && !str.equals("DES/ECB/PKCS7Padding") && !str.equals("DES/CBC/PKCS7Padding") && !str.equals("DESede/ECB/PKCS7Padding") && !str.equals("DESede/CBC/PKCS7Padding")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR, CertAppKitException.API_UNSUPPORT_ENC_TYPE_ERR_DES);
        }
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(session);
        if (this.recipientCerts.size() == 0) {
            throw new PKIException(CertAppKitException.API_NO_RECIPIENT_CERT_ERR, CertAppKitException.API_NO_RECIPIENT_CERT_ERR_DES);
        }
        for (X509Cert x509Cert : this.recipientCerts) {
            if (this.cmsFlag) {
                JKey publicKey = x509Cert.getPublicKey();
                if (x509Cert.getSubjectKeyIdentifier() == null) {
                    throw new PKIException(CertAppKitException.API_NO_SUBPUBKEY_ERR, CertAppKitException.API_NO_SUBPUBKEY_ERR_DES);
                }
                cMSEnvelopedDataGenerator.addKeyTransRecipient(publicKey, x509Cert.getSubjectKeyIdentifier().getSubKeyIdentifier());
            } else {
                cMSEnvelopedDataGenerator.addKeyTransRecipient(x509Cert);
            }
        }
        if (str.indexOf("CBC") > 0 && str.indexOf("AES") > 0) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(EncryptUtil.IV_16);
            mechanism = new Mechanism(str, cBCParam);
        } else if (str.indexOf("CBC") > 0) {
            CBCParam cBCParam2 = new CBCParam();
            cBCParam2.setIv(EncryptUtil.IV_8);
            mechanism = new Mechanism(str, cBCParam2);
        } else {
            mechanism = new Mechanism(str);
        }
        try {
            return Base64.encode(cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), mechanism).getEncoded());
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_GEN_MSG_ENVELOP_ERR, CertAppKitException.API_GEN_MSG_ENVELOP_ERR_DES, e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x009a A[Catch: Exception -> 0x00af, TryCatch #0 {Exception -> 0x00af, blocks: (B:4:0x0006, B:5:0x0031, B:7:0x0038, B:9:0x0050, B:12:0x0062, B:13:0x0082, B:15:0x0089, B:17:0x008d, B:18:0x0095, B:20:0x009a, B:21:0x00a3, B:24:0x0056, B:27:0x005c, B:35:0x00a5, B:36:0x00ae), top: B:1:0x0000 }] */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00a4 A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void openEnvelopedFile(java.lang.String r8, java.lang.String r9, int r10, com.cfca.util.pki.cipher.JKey r11, com.cfca.util.pki.cert.X509Cert r12, com.cfca.util.pki.cipher.Session r13) throws com.cfca.util.pki.PKIException {
        /*
            r7 = this;
            if (r12 == 0) goto La5
            if (r11 != 0) goto L6
            goto La5
        L6:
            java.lang.String r13 = r12.getIssuer()     // Catch: java.lang.Exception -> Laf
            java.math.BigInteger r0 = r12.getSerialNumber()     // Catch: java.lang.Exception -> Laf
            com.cfca.util.pki.extension.SubjectKeyIdentifierExt r12 = r12.getSubjectKeyIdentifier()     // Catch: java.lang.Exception -> Laf
            byte[] r12 = r12.getSubKeyIdentifier()     // Catch: java.lang.Exception -> Laf
            java.io.FileInputStream r1 = new java.io.FileInputStream     // Catch: java.lang.Exception -> Laf
            r1.<init>(r9)     // Catch: java.lang.Exception -> Laf
            java.io.BufferedInputStream r9 = new java.io.BufferedInputStream     // Catch: java.lang.Exception -> Laf
            r9.<init>(r1, r10)     // Catch: java.lang.Exception -> Laf
            com.cfca.util.pki.cms.CMSEnvelopedDataParser r1 = new com.cfca.util.pki.cms.CMSEnvelopedDataParser     // Catch: java.lang.Exception -> Laf
            r1.<init>(r9)     // Catch: java.lang.Exception -> Laf
            com.cfca.util.pki.cms.RecipientInformationStore r9 = r1.getRecipientInfos()     // Catch: java.lang.Exception -> Laf
            java.util.Collection r9 = r9.getRecipients()     // Catch: java.lang.Exception -> Laf
            java.util.Iterator r9 = r9.iterator()     // Catch: java.lang.Exception -> Laf
        L31:
            boolean r2 = r9.hasNext()     // Catch: java.lang.Exception -> Laf
            r3 = 0
            if (r2 == 0) goto L94
            java.lang.Object r2 = r9.next()     // Catch: java.lang.Exception -> Laf
            com.cfca.util.pki.cms.RecipientInformation r2 = (com.cfca.util.pki.cms.RecipientInformation) r2     // Catch: java.lang.Exception -> Laf
            com.cfca.util.pki.cms.RecipientId r4 = r2.getRID()     // Catch: java.lang.Exception -> Laf
            java.lang.String r5 = r4.getIssuerAsString()     // Catch: java.lang.Exception -> Laf
            java.math.BigInteger r6 = r4.getSerialNumber()     // Catch: java.lang.Exception -> Laf
            byte[] r4 = r4.getSubjectKeyIdentifier()     // Catch: java.lang.Exception -> Laf
            if (r4 == 0) goto L56
            boolean r4 = java.util.Arrays.equals(r4, r12)     // Catch: java.lang.Exception -> Laf
            if (r4 != 0) goto L62
        L56:
            boolean r4 = r13.equals(r5)     // Catch: java.lang.Exception -> Laf
            if (r4 == 0) goto L31
            int r4 = r0.compareTo(r6)     // Catch: java.lang.Exception -> Laf
            if (r4 != 0) goto L31
        L62:
            r9 = 1
            java.security.PrivateKey r11 = com.cfca.util.pki.Parser.convertPrivateKey(r11)     // Catch: java.lang.Exception -> Laf
            java.lang.String r12 = "BC"
            com.cfca.util.pki.cms.CMSTypedStream r11 = r2.getContentStream(r11, r12)     // Catch: java.lang.Exception -> Laf
            java.io.InputStream r11 = r11.getContentStream()     // Catch: java.lang.Exception -> Laf
            java.io.BufferedInputStream r12 = new java.io.BufferedInputStream     // Catch: java.lang.Exception -> Laf
            r12.<init>(r11, r10)     // Catch: java.lang.Exception -> Laf
            java.io.FileOutputStream r11 = new java.io.FileOutputStream     // Catch: java.lang.Exception -> Laf
            r11.<init>(r8)     // Catch: java.lang.Exception -> Laf
            java.io.BufferedOutputStream r8 = new java.io.BufferedOutputStream     // Catch: java.lang.Exception -> Laf
            r8.<init>(r11, r10)     // Catch: java.lang.Exception -> Laf
            byte[] r10 = new byte[r10]     // Catch: java.lang.Exception -> Laf
        L82:
            int r11 = r10.length     // Catch: java.lang.Exception -> Laf
            int r11 = r12.read(r10, r3, r11)     // Catch: java.lang.Exception -> Laf
            if (r11 <= 0) goto L8d
            r8.write(r10, r3, r11)     // Catch: java.lang.Exception -> Laf
            goto L82
        L8d:
            r12.close()     // Catch: java.lang.Exception -> Laf
            r8.close()     // Catch: java.lang.Exception -> Laf
            goto L95
        L94:
            r9 = r3
        L95:
            r1.close()     // Catch: java.lang.Exception -> Laf
            if (r9 != 0) goto La4
            com.cfca.util.pki.PKIException r8 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> Laf
            java.lang.String r9 = "850634"
            java.lang.String r10 = "使用的私钥证书和封装数字信封的公钥证书不匹配"
            r8.<init>(r9, r10)     // Catch: java.lang.Exception -> Laf
            throw r8     // Catch: java.lang.Exception -> Laf
        La4:
            return
        La5:
            com.cfca.util.pki.PKIException r8 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> Laf
            java.lang.String r9 = "850918"
            java.lang.String r10 = "解析文件数字信封，接收者私钥和证书不能为空"
            r8.<init>(r9, r10)     // Catch: java.lang.Exception -> Laf
            throw r8     // Catch: java.lang.Exception -> Laf
        Laf:
            r8 = move-exception
            com.cfca.util.pki.PKIException r9 = new com.cfca.util.pki.PKIException
            java.lang.String r10 = "850934"
            java.lang.StringBuilder r11 = new java.lang.StringBuilder
            r11.<init>()
            java.lang.String r12 = "解析文件数字信封失败 "
            r11.append(r12)
            java.lang.String r12 = r8.toString()
            r11.append(r12)
            java.lang.String r11 = r11.toString()
            r9.<init>(r10, r11, r8)
            throw r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cfca.util.pki.api.EnvelopUtil.openEnvelopedFile(java.lang.String, java.lang.String, int, com.cfca.util.pki.cipher.JKey, com.cfca.util.pki.cert.X509Cert, com.cfca.util.pki.cipher.Session):void");
    }

    public byte[] openEnvelopedMS(byte[] bArr, JKey jKey, Session session) throws PKIException {
        if (jKey == null) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_ENVELOP_NULL_PARAM_ERR, CertAppKitException.API_PARSE_FILE_ENVELOP_NULL_PARAM_ERR_DES);
        }
        PKCS7EnvelopedData pKCS7EnvelopedData = new PKCS7EnvelopedData(session);
        pKCS7EnvelopedData.loadBase64(bArr);
        return pKCS7EnvelopedData.getContentExtendCryptoAPI(jKey);
    }

    public byte[] openEnvelopedMessage(byte[] bArr, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        try {
            if (x509Cert == null || jKey == null) {
                throw new PKIException(CertAppKitException.API_PARSE_FILE_ENVELOP_NULL_PARAM_ERR, CertAppKitException.API_PARSE_FILE_ENVELOP_NULL_PARAM_ERR_DES);
            }
            RecipientInformationStore recipientInfos = new CMSEnvelopedData(Base64.decode(bArr)).getRecipientInfos();
            String issuer = x509Cert.getIssuer();
            BigInteger serialNumber = x509Cert.getSerialNumber();
            byte[] subKeyIdentifier = x509Cert.getSubjectKeyIdentifier().getSubKeyIdentifier();
            boolean z = false;
            byte[] bArr2 = null;
            for (RecipientInformation recipientInformation : recipientInfos.getRecipients()) {
                RecipientId rid = recipientInformation.getRID();
                String issuerAsString = rid.getIssuerAsString();
                BigInteger serialNumber2 = rid.getSerialNumber();
                byte[] subjectKeyIdentifier = rid.getSubjectKeyIdentifier();
                if ((subjectKeyIdentifier != null && Arrays.equals(subjectKeyIdentifier, subKeyIdentifier)) || (issuer.equals(issuerAsString) && serialNumber.compareTo(serialNumber2) == 0)) {
                    z = true;
                }
                bArr2 = recipientInformation.getContent(Parser.convertPrivateKey(jKey), "BC");
            }
            if (z) {
                return bArr2;
            }
            throw new PKIException(PKIException.ENVELOP_CERTIFICATE_NOT_MATCH_ERR, PKIException.ENVELOP_CERTIFICATE_NOT_MATCH_ERR_DES);
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_PARSER_MSG_ENVELOP_ERR, "解析消息数字信封失败 " + e.toString(), e);
        }
    }

    public void setCMSFlag() {
        this.cmsFlag = true;
    }
}
