package cfca.util;

import cfca.asn1.parser.ASN1Node;
import cfca.asn1.parser.BigFileDecrypt;
import cfca.asn1.parser.EnvelopFileParser;
import cfca.org.bouncycastle.asn1.ASN1OctetString;
import cfca.org.bouncycastle.asn1.ASN1Sequence;
import cfca.org.bouncycastle.asn1.ASN1Set;
import cfca.org.bouncycastle.asn1.DEROctetString;
import cfca.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import cfca.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.org.bouncycastle.crypto.engines.DESedeEngine;
import cfca.org.bouncycastle.crypto.engines.RC4Engine;
import cfca.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cfca.org.bouncycastle.crypto.paddings.PKCS7Padding;
import cfca.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cfca.org.bouncycastle.crypto.params.KeyParameter;
import cfca.org.bouncycastle.crypto.params.ParametersWithIV;
import cfca.rsa.envelope.RSAEnvelopeUtil;
import cfca.rsa.envelope.RSASymmetricCryptoUtil;
import cfca.sm.algorithm.SM4Engine;
import cfca.sm2.envelope.SM2EnvelopeUtil;
import cfca.sm2.envelope.SM2SymmetricCryptoUtil;
import cfca.sm2rsa.common.CBCParam;
import cfca.sm2rsa.common.CertAppKitException;
import cfca.sm2rsa.common.GlobalVariable;
import cfca.sm2rsa.common.Mechanism;
import cfca.sm2rsa.common.PKCS7EnvelopedData;
import cfca.sm2rsa.common.PKCS7SignedData2;
import cfca.sm2rsa.common.PKIException;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/util/EnvelopeUtil.class */
public class EnvelopeUtil {
    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws PKIException {
        if (bArr == null || bArr.length <= 0) {
            throw new PKIException("null not allowed for parameters: sourceData");
        }
        if (str == null) {
            throw new PKIException("null not allowed for parameters: symmetricAlgorithm");
        }
        if (x509CertArr == null || x509CertArr.length == 0) {
            throw new PKIException("null/length not allowed for parameters: receiverCerts");
        }
        try {
            return CertUtil.isSM2Cert(x509CertArr[0]) ? SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr) : RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr);
        } catch (Exception e) {
            throw new PKIException("envelope message failure", e);
        }
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (bArr == null || bArr.length <= 0) {
            throw new PKIException("null not allowed for parameters: sourceData");
        }
        if (str == null) {
            throw new PKIException("null not allowed for parameters: symmetricAlgorithm");
        }
        if (x509CertArr == null || x509CertArr.length == 0) {
            throw new PKIException("null/length not allowed for parameters: receiverCerts");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        try {
            return CertUtil.isSM2Cert(x509CertArr[0]) ? SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session) : RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session);
        } catch (Exception e) {
            throw new PKIException("envelope message failure", e);
        }
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws PKIException {
        if (str == null) {
            throw new PKIException("null not allowed for parameters: sourceFilePath");
        }
        if (str2 == null) {
            throw new PKIException("null not allowed for parameters: encryptFilePath");
        }
        if (str3 == null) {
            throw new PKIException("null not allowed for parameters: symmetricAlgorithm");
        }
        if (x509CertArr == null || x509CertArr.length == 0) {
            throw new PKIException("null/length not allowed for parameters: receiverCerts");
        }
        try {
            if (new File(str).length() <= 0) {
                throw new PKIException("the souce file is null or empty!");
            }
            if (CertUtil.isSM2Cert(x509CertArr[0])) {
                SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr);
            } else {
                RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr);
            }
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("envelope file failure", e2);
        }
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (str == null) {
            throw new PKIException("null not allowed for parameters: sourceFilePath");
        }
        if (str2 == null) {
            throw new PKIException("null not allowed for parameters: encryptFilePath");
        }
        if (str3 == null) {
            throw new PKIException("null not allowed for parameters: symmetricAlgorithm");
        }
        if (x509CertArr == null || x509CertArr.length == 0) {
            throw new PKIException("null/length not allowed for parameters: receiverCerts");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        try {
            if (new File(str).length() <= 0) {
                throw new PKIException("the souce file is null or empty!");
            }
            if (CertUtil.isSM2Cert(x509CertArr[0])) {
                SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session);
            } else {
                RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session);
            }
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("envelope file failure", e2);
        }
    }

    public static byte[] envelopeMS(byte[] bArr, String str, PrivateKey privateKey, X509Cert x509Cert, String str2, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (bArr == null) {
            throw new PKIException("null not allowed for parameters: sourceData");
        }
        if (str == null) {
            throw new PKIException("null not allowed for parameters: signAlg");
        }
        if (privateKey == null) {
            throw new PKIException("null not allowed for parameters: signPriKey");
        }
        if (x509Cert == null) {
            throw new PKIException("null not allowed for parameters: signCert");
        }
        if (str2 == null) {
            throw new PKIException("null not allowed for parameters: symmetricAlg");
        }
        if (x509CertArr == null || x509CertArr.length == 0) {
            throw new PKIException("null/length not allowed for parameters: recvCerts");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        PKCS7SignedData2 pKCS7SignedData2 = new PKCS7SignedData2(session);
        X509Cert[] x509CertArr2 = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return envelopeMessage(pKCS7SignedData2.packageSignedData(true, null, bArr, session.sign(mechanism, privateKey, bArr), mechanism, x509CertArr2), str2, x509CertArr);
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (bArr == null) {
            throw new PKIException("null not allowed for parameters: cmsEnvelopedData");
        }
        if (privateKey == null) {
            throw new PKIException("null not allowed for parameters: privateKey");
        }
        if (x509Cert == null) {
            throw new PKIException("null not allowed for parameters: recipientCert");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        try {
            boolean isSM2Cert = CertUtil.isSM2Cert(x509Cert);
            EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(bArr)).toASN1Structure().getContent());
            byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(isSM2Cert, privateKey, x509Cert, envelopedData.getRecipientInfos(), session);
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            Mechanism buildMechanism = buildMechanism(encryptedContentInfo.getContentEncryptionAlgorithm());
            byte[] octets = encryptedContentInfo.getEncryptedContent().getOctets();
            return isSM2Cert ? SM2SymmetricCryptoUtil.cryptoUtil(false, checkRecipientsAndSymmetricKey, octets, buildMechanism) : RSASymmetricCryptoUtil.decrypt(checkRecipientsAndSymmetricKey, octets, buildMechanism);
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException(CertAppKitException.API_PARSER_MSG_ENVELOP_ERR, CertAppKitException.API_PARSER_MSG_ENVELOP_ERR_DES, e2);
        }
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (str == null) {
            throw new PKIException("null not allowed for parameters: envelopedFilePath");
        }
        if (str2 == null) {
            throw new PKIException("null not allowed for parameters: plainTextFilePath");
        }
        if (privateKey == null) {
            throw new PKIException("null not allowed for parameters: privateKey");
        }
        if (x509Cert == null) {
            throw new PKIException("null not allowed for parameters: recipientCert");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        FileOutputStream fileOutputStream = null;
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
                envelopFileParser.parser();
                ASN1Node receiver_node = envelopFileParser.getReceiver_node();
                ASN1Node encrypted_node = envelopFileParser.getEncrypted_node();
                boolean isSM2Cert = CertUtil.isSM2Cert(x509Cert);
                byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(isSM2Cert, privateKey, x509Cert, ASN1Set.getInstance(receiver_node.getData()), session);
                Mechanism buildMechanism = buildMechanism(AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) encrypted_node.childNodes.get(1)).getData())));
                File file = new File(str2);
                if (!file.exists()) {
                    file.createNewFile();
                }
                FileOutputStream fileOutputStream2 = new FileOutputStream(file);
                BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(fileOutputStream2, GlobalVariable.BIG_FILE_BUFFER);
                if (isSM2Cert) {
                    ASN1Node aSN1Node = (ASN1Node) encrypted_node.childNodes.get(2);
                    if (aSN1Node.childNodes.size() == 1) {
                        aSN1Node = (ASN1Node) aSN1Node.childNodes.get(0);
                    }
                    BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new SM4Engine(), (CBCParam) buildMechanism.getParam(), aSN1Node, bufferedOutputStream2);
                } else {
                    ASN1Node aSN1Node2 = (ASN1Node) encrypted_node.childNodes.get(2);
                    if (aSN1Node2.childNodes.size() == 0) {
                        if (buildMechanism.getMechanismType().equals("RC4")) {
                            BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node2, bufferedOutputStream2);
                        } else {
                            BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node2, bufferedOutputStream2);
                        }
                    } else if (aSN1Node2.childNodes.size() == 1) {
                        ASN1Node aSN1Node3 = (ASN1Node) aSN1Node2.childNodes.get(0);
                        if (buildMechanism.getMechanismType().equals("RC4")) {
                            BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node3, bufferedOutputStream2);
                        } else {
                            BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                        }
                    } else {
                        DecryptMicrosoftFile(buildMechanism, checkRecipientsAndSymmetricKey, aSN1Node2, bufferedOutputStream2);
                    }
                }
                if (bufferedOutputStream2 != null) {
                    try {
                        bufferedOutputStream2.close();
                    } catch (Exception e) {
                    }
                }
                if (fileOutputStream2 != null) {
                    try {
                        fileOutputStream2.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (PKIException e3) {
                throw e3;
            } catch (Exception e4) {
                throw new PKIException(CertAppKitException.API_PARSER_MSG_ENVELOP_ERR, CertAppKitException.API_PARSER_MSG_ENVELOP_ERR_DES, e4);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedOutputStream.close();
                } catch (Exception e5) {
                }
            }
            if (0 != 0) {
                try {
                    fileOutputStream.close();
                } catch (Exception e6) {
                }
            }
            throw th;
        }
    }

    public static byte[] openEnvelopedMS(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (bArr == null) {
            throw new PKIException("null not allowed for parameters: cmsEnvelopedData");
        }
        if (privateKey == null) {
            throw new PKIException("null not allowed for parameters: recvPriKey");
        }
        if (x509Cert == null) {
            throw new PKIException("null not allowed for parameters: recvCert");
        }
        if (session == null) {
            throw new PKIException("null not allowed for parameters: session");
        }
        byte[] openEvelopedMessage = openEvelopedMessage(bArr, privateKey, x509Cert, session);
        PKCS7SignedData2 pKCS7SignedData2 = new PKCS7SignedData2(session);
        pKCS7SignedData2.loadBase64(openEvelopedMessage);
        if (pKCS7SignedData2.verifyP7SignedDataAttach()) {
            return pKCS7SignedData2.getSourceData();
        }
        throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES);
    }

    private static boolean hasRecipent(KeyTransRecipientInfo keyTransRecipientInfo, byte[] bArr, X500Name x500Name, BigInteger bigInteger) {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        return recipientIdentifier.getId().toASN1Primitive().asn1Equals(new DEROctetString(bArr)) || recipientIdentifier.getId().toASN1Primitive().asn1Equals(new IssuerAndSerialNumber(x500Name, bigInteger).toASN1Primitive());
    }

    private static byte[] checkRecipientsAndSymmetricKey(boolean z, PrivateKey privateKey, X509Cert x509Cert, ASN1Set aSN1Set, Session session) throws PKIException {
        if (aSN1Set == null) {
            throw new PKIException("the receiver is null!!!");
        }
        byte[] keyIdentifier = x509Cert.getSubjectKeyIdentifier().getKeyIdentifier();
        X500Name issuerX500Name = x509Cert.getIssuerX500Name();
        BigInteger serialNumber = x509Cert.getSerialNumber();
        ASN1OctetString aSN1OctetString = null;
        AlgorithmIdentifier algorithmIdentifier = null;
        int size = aSN1Set.size();
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
            if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                if (hasRecipent(keyTransRecipientInfo, keyIdentifier, issuerX500Name, serialNumber)) {
                    aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                    algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                    break;
                }
            }
            i++;
        }
        if (aSN1OctetString == null || algorithmIdentifier == null) {
            throw new PKIException("can not find the receiver!!!");
        }
        byte[] decrypt = session.decrypt(z ? new Mechanism(Mechanism.SM2) : new Mechanism(Mechanism.RSA_PKCS), privateKey, aSN1OctetString.getOctets());
        if (decrypt == null) {
            throw new PKIException("decrypt symmetricKey failure");
        }
        return decrypt;
    }

    private static Mechanism buildMechanism(AlgorithmIdentifier algorithmIdentifier) throws PKIException {
        if (algorithmIdentifier == null) {
            throw new PKIException("missing symmetric encryption algorithm identifier ");
        }
        Mechanism mechanism = null;
        String str = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier.getAlgorithm());
        if (str.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam(((DEROctetString) algorithmIdentifier.getParameters()).getOctets());
            if (str.equals("DESede/CBC/PKCS7Padding")) {
                mechanism = new Mechanism("DESede/CBC/PKCS7Padding", cBCParam);
            } else if (str.equals("SM4/CBC/PKCS7Padding")) {
                mechanism = new Mechanism("SM4/CBC/PKCS7Padding", cBCParam);
            }
        } else if (str.indexOf("ECB") != -1) {
            if (str.equals("DESede/ECB/PKCS7Padding")) {
                mechanism = new Mechanism("DESede/ECB/PKCS7Padding");
            } else if (str.equals("SM4/ECB/PKCS7Padding")) {
                mechanism = new Mechanism("SM4/ECB/PKCS7Padding");
            }
        } else if (str.indexOf("RC4") != -1) {
            mechanism = new Mechanism("RC4");
        }
        if (mechanism == null) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, new StringBuffer().append("产生签名数字信封数据,算法不支持Algorithm is:").append(str).toString());
        }
        return mechanism;
    }

    private static final void DecryptMicrosoftFile(Mechanism mechanism, byte[] bArr, ASN1Node aSN1Node, BufferedOutputStream bufferedOutputStream) throws Exception {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        if (mechanism.getMechanismType().equals("RC4")) {
            RC4Engine rC4Engine = new RC4Engine();
            rC4Engine.init(false, new KeyParameter(bArr));
            BigFileDecrypt.bigFileRC4Decrypt(rC4Engine, aSN1Node, bufferedOutputStream, new RandomAccessFile(aSN1Node.f, "r"));
            return;
        }
        DESedeEngine dESedeEngine = new DESedeEngine();
        CBCParam cBCParam = (CBCParam) mechanism.getParam();
        if (cBCParam == null) {
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(dESedeEngine, new PKCS7Padding());
            paddedBufferedBlockCipher.init(false, new KeyParameter(bArr));
        } else {
            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(dESedeEngine), new PKCS7Padding());
            paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), cBCParam.getIv()));
        }
        BigFileDecrypt.bigFileBlockDecrypt(paddedBufferedBlockCipher, aSN1Node, bufferedOutputStream, new RandomAccessFile(aSN1Node.f, "r"));
    }
}
