package cn.esa.topesa;

import androidx.annotation.Keep;
import f.a.a.a.d0;
import f.a.a.a.g2;
import f.a.a.a.h0;
import f.a.a.a.r;
import f.a.a.a.z1;
import f.a.a.c.v;
import f.b.a.a.a.b.b0;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

@Keep
/* loaded from: classes.dex */
public final class Pkcs7 {
    private static final String e1 = "-----END PKCS7-----";
    private static final String h1 = "-----BEGIN PKCS7-----";
    private f.b.a.a.a.b.f cmsEnvelopedData;
    private f.b.a.a.a.b.n cmsSignedData;
    private z1 pkcs7Type;
    private static f licMgr = f.a();
    private static d keyMgr = d.c();

    public Pkcs7(String str) throws CertApiException {
        init(n.o(str.contains(h1) ? str.replaceAll(h1, "").replaceAll(e1, "") : str));
    }

    public Pkcs7(byte[] bArr) throws CertApiException {
        init(bArr);
    }

    private ArrayList doGetCerts() {
        return (ArrayList) this.cmsSignedData.b().a(null);
    }

    private Certificate doVerify(byte[] bArr, ArrayList arrayList) throws CertApiException {
        if (bArr == null) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_VERIFY_NOPLAIN);
        }
        if (arrayList == null || arrayList.size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_VERIFY_NOCERT);
        }
        ArrayList arrayList2 = (ArrayList) this.cmsSignedData.a().a();
        if (arrayList2.size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_NOSIGNER);
        }
        for (int i2 = 0; i2 < arrayList2.size(); i2++) {
            b0 b0Var = (b0) arrayList2.get(0);
            v a = b0Var.a();
            for (int i3 = 0; i3 < arrayList.size(); i3++) {
                f.a.a.b.d dVar = (f.a.a.b.d) arrayList.get(0);
                if (a.a(dVar)) {
                    try {
                        X509Certificate g2 = n.g(dVar.f());
                        if (verifySignerInfo(bArr, b0Var, g2.getPublicKey())) {
                            return new Certificate(g2.getEncoded());
                        }
                    } catch (IOException e2) {
                        throw new CertApiException(TCAErrCode.ERR_STREAM, e2);
                    } catch (CertificateEncodingException e3) {
                        throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e3);
                    }
                }
            }
        }
        return null;
    }

    private void init(byte[] bArr) throws CertApiException {
        z1 z1Var = (z1) g2.n(bArr).k(0);
        if (z1Var.equals(f.a.a.a.a.e.R) || z1Var.equals(f.b.a.a.a.a.a.a.c2)) {
            this.pkcs7Type = f.a.a.a.q1.e.t0;
            try {
                this.cmsSignedData = new f.b.a.a.a.b.n(bArr);
                return;
            } catch (f.a.a.c.e e2) {
                throw new CertApiException(TCAErrCode.ERR_CMS_BADSIGN, e2);
            }
        }
        if (z1Var.equals(f.a.a.a.a.e.S) || z1Var.equals(f.b.a.a.a.a.a.a.d2)) {
            this.pkcs7Type = f.a.a.a.q1.e.x0;
            try {
                this.cmsEnvelopedData = new f.b.a.a.a.b.f(bArr);
                return;
            } catch (f.a.a.c.e e3) {
                throw new CertApiException(TCAErrCode.ERR_GENERATE_ENVELOPDATA, e3);
            }
        }
        if (z1Var.equals(f.a.a.a.a.e.T) || z1Var.equals(f.b.a.a.a.a.a.a.e2)) {
            throw new CertApiException(TCAErrCode.ERR_CONTENTTYPE);
        }
        if (z1Var.equals(f.a.a.a.a.e.U) || z1Var.equals(f.b.a.a.a.a.a.a.f2)) {
            throw new CertApiException(TCAErrCode.ERR_CONTENTTYPE);
        }
        if (!z1Var.equals(f.a.a.a.a.e.V) && !z1Var.equals(f.b.a.a.a.a.a.a.g2)) {
            throw new CertApiException(TCAErrCode.ERR_CONTENTTYPE);
        }
        throw new CertApiException(TCAErrCode.ERR_CONTENTTYPE);
    }

    private boolean verifySignerInfo(byte[] bArr, b0 b0Var, PublicKey publicKey) throws CertApiException {
        String str;
        byte[] q;
        String str2 = publicKey.getAlgorithm().equalsIgnoreCase(TCA.SM2) ? TCA.SM2 : "RSA";
        if (b0Var.c().equals(f.b.c.g.a.O.toString())) {
            str = TCA.SM3;
        } else if (b0Var.c().equals(f.b.c.g.a.f11080f.toString())) {
            str = TCA.SHA1;
        } else {
            if (!b0Var.c().equals(f.b.c.g.a.f11081g.toString())) {
                throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
            }
            str = TCA.SHA256;
        }
        String str3 = str + "With" + str2;
        if (b0Var.d() != null) {
            f.a.a.a.a.c d2 = b0Var.d();
            if (d2.a() != 3) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_ATTR_ERR);
            }
            if (d2.b(f.a.a.a.a.d.a) == null) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_CT);
            }
            if (d2.b(f.a.a.a.a.d.f10432c) == null) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_ST);
            }
            if (d2.b(f.a.a.a.a.d.b) == null) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_NOFOUND_MD);
            }
            byte[] m2 = ((h0) b0Var.d().b(f.a.a.a.a.d.b).j().k(0)).m();
            d2.b(f.a.a.a.a.d.b).j().k(0).c().g();
            if (str.equalsIgnoreCase(TCA.SM3)) {
                q = n.r(bArr);
            } else if (str.equalsIgnoreCase(TCA.SHA1)) {
                q = n.p(bArr);
            } else {
                if (!str.equalsIgnoreCase(TCA.SHA256)) {
                    throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
                }
                q = n.q(bArr);
            }
            if (!Arrays.equals(m2, q)) {
                throw new CertApiException(TCAErrCode.ERR_PKCS7_MD_VERIFY);
            }
            try {
                bArr = b0Var.f();
            } catch (IOException e2) {
                throw new CertApiException(TCAErrCode.ERR_STREAM, e2);
            }
        }
        try {
            if (str2.equals(TCA.SM2)) {
                f.b.c.e.o d3 = n.d();
                d3.c(publicKey);
                return d3.e(b0Var.e(), bArr);
            }
            f.a.a.e.c.n j2 = n.j(str);
            j2.b(publicKey);
            return j2.c(b0Var.e(), bArr);
        } catch (InvalidKeyException e3) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e3);
        } catch (SignatureException e4) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_VERIFY_FAILD, e4);
        }
    }

    public byte[] contentMessage() throws CertApiException {
        if (!this.pkcs7Type.equals(f.a.a.a.q1.e.t0)) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PKCS7TYPE);
        }
        if (this.cmsSignedData.c() == null) {
            return null;
        }
        return (byte[]) this.cmsSignedData.c().a();
    }

    public byte[] decryptMessage(Certificate certificate) throws CertApiException {
        ArrayList arrayList = (ArrayList) this.cmsEnvelopedData.a().a();
        if (arrayList.size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_NORECIPIENT);
        }
        if (CertStore.listAllCerts().size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_DECRYPT_NOCERT);
        }
        Iterator it = arrayList.iterator();
        if (!it.hasNext()) {
            return null;
        }
        f.b.a.a.a.b.v vVar = (f.b.a.a.a.b.v) it.next();
        String upperCase = new String(f.a.a.i.a.d.b(vVar.a().getSerialNumber().toByteArray())).toUpperCase();
        String x500Principal = vVar.a().getIssuer().toString();
        if (!upperCase.equalsIgnoreCase(certificate.serialNumber()) || x500Principal.equals(certificate.issuer())) {
            throw new CertApiException(TCAErrCode.ERR_NOFOUND_PRIKEY);
        }
        if (!licMgr.d(n.f(certificate.toBase64()))) {
            throw new CertApiException(TCAErrCode.ERR_CERT_UNLIC);
        }
        byte[] decryptRaw = certificate.decryptRaw(vVar.d());
        f.b.a.a.a.b.m b = vVar.b();
        r l2 = b.b().l();
        try {
            return f.b.d.a.c(b.b().j(), decryptRaw, l2 instanceof d0 ? null : ((h0) l2).m()).a().f(vVar.c());
        } catch (f.a.a.c.e e2) {
            throw new CertApiException(TCAErrCode.ERR_DEC_PKCS7, e2);
        } catch (IOException e3) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e3);
        } catch (BadPaddingException e4) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PADDING, e4);
        } catch (IllegalBlockSizeException e5) {
            throw new CertApiException(TCAErrCode.ERR_ILLEGAL_BLOCK, e5);
        }
    }

    public CertSet getCerts() throws CertApiException {
        if (!this.pkcs7Type.equals(f.a.a.a.q1.e.t0)) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PKCS7TYPE);
        }
        ArrayList doGetCerts = doGetCerts();
        Certificate[] certificateArr = new Certificate[doGetCerts.size()];
        for (int i2 = 0; i2 < doGetCerts.size(); i2++) {
            try {
                certificateArr[i2] = new Certificate(((f.a.a.b.d) doGetCerts.get(0)).f());
            } catch (IOException e2) {
                throw new CertApiException(TCAErrCode.ERR_CONV_CERT, e2);
            }
        }
        return new CertSet(certificateArr);
    }

    public Certificate getEncCert() throws CertApiException {
        ArrayList arrayList = (ArrayList) this.cmsEnvelopedData.a().a();
        if (arrayList.size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_NORECIPIENT);
        }
        CertSet listAllCerts = CertStore.listAllCerts();
        if (listAllCerts.size() == 0) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_DECRYPT_NOCERT);
        }
        Iterator it = arrayList.iterator();
        if (!it.hasNext()) {
            throw new CertApiException(TCAErrCode.ERR_PKCS7_DECRYPT_NOCERT);
        }
        CertSet bySerialnumber = listAllCerts.bySerialnumber(new String(f.a.a.i.a.d.b(((f.b.a.a.a.b.v) it.next()).a().getSerialNumber().toByteArray())).toUpperCase());
        if (bySerialnumber.size() != 0) {
            return bySerialnumber.get(0);
        }
        throw new CertApiException(TCAErrCode.ERR_PKCS7_DECRYPT_NOCERT);
    }

    public Certificate verify() throws CertApiException {
        if (this.pkcs7Type.equals(f.a.a.a.q1.e.t0)) {
            return doVerify(contentMessage(), doGetCerts());
        }
        throw new CertApiException(TCAErrCode.ERR_BAD_PKCS7TYPE);
    }

    public Certificate verify(byte[] bArr) throws CertApiException {
        if (this.pkcs7Type.equals(f.a.a.a.q1.e.t0)) {
            return doVerify(bArr, doGetCerts());
        }
        throw new CertApiException(TCAErrCode.ERR_BAD_PKCS7TYPE);
    }
}
