package cfca.sm2rsa.common;

import cfca.internal.tool.ASN1Parser;
import cfca.internal.tool.BigIntegerUtil;
import cfca.org.bouncycastle.asn1.ASN1Encodable;
import cfca.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.org.bouncycastle.asn1.ASN1InputStream;
import cfca.org.bouncycastle.asn1.ASN1Integer;
import cfca.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.org.bouncycastle.asn1.ASN1OctetString;
import cfca.org.bouncycastle.asn1.ASN1Sequence;
import cfca.org.bouncycastle.asn1.ASN1Set;
import cfca.org.bouncycastle.asn1.BERSet;
import cfca.org.bouncycastle.asn1.DERInteger;
import cfca.org.bouncycastle.asn1.DERNull;
import cfca.org.bouncycastle.asn1.DERObjectIdentifier;
import cfca.org.bouncycastle.asn1.DEROctetString;
import cfca.org.bouncycastle.asn1.DERSet;
import cfca.org.bouncycastle.asn1.pkcs.ContentInfo;
import cfca.org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import cfca.org.bouncycastle.asn1.pkcs.SignedData;
import cfca.org.bouncycastle.asn1.pkcs.SignerInfo;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.org.bouncycastle.asn1.x509.Certificate;
import cfca.sm2.signature.SM2SignerInfo;
import cfca.sm2.signature.SM2SignerInfo2;
import cfca.sm2.signature.SM2SignerInfox;
import cfca.util.Base64;
import cfca.util.CertUtil;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Enumeration;

/* loaded from: input_file:cfca/sm2rsa/common/PKCS7SignedData.class */
public class PKCS7SignedData {
    private Session session;
    private SignedData signedData = null;
    static final String pkcs_7 = "1.2.840.113549.1.7";
    public static final String DATA = new DERObjectIdentifier("1.2.840.113549.1.7.1").getId();
    public static final String SIGNED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.2").getId();
    public static final String ENVELOPED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.3").getId();
    public static final String SIGNED_ENVELOPED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.4").getId();
    public static final String DIGESTED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.5").getId();
    public static final String ENCRYPTED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.6").getId();

    public PKCS7SignedData(Session session) {
        this.session = null;
        this.session = session;
    }

    public final byte[] packageSM2SignedData(boolean z, String str, byte[] bArr, byte[] bArr2, X509Cert[] x509CertArr) throws Exception {
        byte[] bArr3;
        byte[] bArr4;
        ContentInfo contentInfo;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        if (bArr2 == null || bArr2.length != 64) {
            throw new Exception("the encrypt data is null or not 64 bytes!");
        }
        if ((bArr2[0] & 128) != 0) {
            bArr3 = new byte[33];
            bArr3[0] = 0;
            System.arraycopy(bArr2, 0, bArr3, 1, 32);
        } else {
            bArr3 = new byte[32];
            System.arraycopy(bArr2, 0, bArr3, 0, 32);
        }
        if ((bArr2[32] & 128) != 0) {
            bArr4 = new byte[33];
            bArr4[0] = 0;
            System.arraycopy(bArr2, 32, bArr4, 1, 32);
        } else {
            bArr4 = new byte[32];
            System.arraycopy(bArr2, 32, bArr4, 0, 32);
        }
        DERInteger dERInteger = new DERInteger(bArr3);
        DERInteger dERInteger2 = new DERInteger(bArr4);
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertArr[0].getIssuerX500Name(), x509CertArr[0].getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.SM2_sign, (ASN1Encodable) new DERNull());
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, (ASN1Encodable) new DERNull());
        ASN1Encodable sM2SignerInfo2 = isNewFormat() ? new SM2SignerInfo2(new ASN1Integer(1), issuerAndSerialNumber, algorithmIdentifier2, null, algorithmIdentifier, ASN1Integer.getInstance(dERInteger), ASN1Integer.getInstance(dERInteger2), null) : new SM2SignerInfo(new ASN1Integer(1), issuerAndSerialNumber, algorithmIdentifier2, null, algorithmIdentifier, ASN1Integer.getInstance(dERInteger), ASN1Integer.getInstance(dERInteger2), null);
        if (z) {
            DEROctetString dEROctetString = new DEROctetString(bArr);
            contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.sm2Data, dEROctetString) : new ContentInfo(new ASN1ObjectIdentifier(str), dEROctetString);
        } else {
            contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.sm2Data, null) : new ContentInfo(new ASN1ObjectIdentifier(str), null);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(algorithmIdentifier2);
        DERSet dERSet = new DERSet(aSN1EncodableVector);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(sM2SignerInfo2);
        DERSet dERSet2 = new DERSet(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector3.add(x509Cert.getCertStructure());
        }
        return ASN1Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.sm2SignedData, new SignedData(new ASN1Integer(1), dERSet, contentInfo, new BERSet(aSN1EncodableVector3), null, dERSet2)));
    }

    public byte[] packageSignedData(boolean z, String str, byte[] bArr, byte[] bArr2, Mechanism mechanism, X509Cert[] x509CertArr) throws PKIException {
        try {
            if (x509CertArr == null) {
                throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
            }
            return CertUtil.isSM2Cert(x509CertArr[0]) ? packageSM2SignedData(z, str, bArr, bArr2, x509CertArr) : packageRSASignedData(z, str, bArr, bArr2, mechanism, x509CertArr);
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public void loadDer(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(bArr));
    }

    public void loadBase64(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(Base64.decode(ASN1Parser.convertBase64(bArr))));
    }

    private void load(InputStream inputStream) throws PKIException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()).getContent());
            inputStream.close();
            aSN1InputStream.close();
            this.signedData = signedData;
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public boolean verifyP7SignedDataAttach() throws PKIException {
        byte[] sourceData = getSourceData();
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return isSM2Cert() ? verifySM2SignerInfo((byte[]) sourceData.clone(), true, null, signerInfos, null) : verifySignerInfo((byte[]) sourceData.clone(), signerInfos, null);
    }

    public byte[] getSourceData() throws PKIException {
        byte[] octets;
        ContentInfo contentInfo = this.signedData.getContentInfo();
        if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) && !contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo) && !contentInfo.getContentType().equals(PKCSObjectIdentifiers.sm2Data)) {
            octets = ASN1Parser.writeDERObj2Bytes(contentInfo.getContent().toASN1Primitive());
        } else {
            if (contentInfo.getContent() == null) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, new Exception("no sourceData to be verify."));
            }
            octets = ((ASN1OctetString) contentInfo.getContent()).getOctets();
        }
        return (byte[]) octets.clone();
    }

    private boolean verifySignerInfoByFile(String str, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        Mechanism mechanism;
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
        X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
        if (signerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm = signerInfo.getDigestEncryptionAlgorithm().getAlgorithm();
        if (!algorithm.equals(PKCSObjectIdentifiers.rsaEncryption) && !algorithm.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm2 = signerInfo.getDigestAlgorithm().getAlgorithm();
        if (algorithm2.equals(PKCSObjectIdentifiers.md5)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha1)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha256)) {
            mechanism = new Mechanism("SHA256withRSAEncryption");
        } else {
            if (!algorithm2.equals(PKCSObjectIdentifiers.sha512)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            mechanism = new Mechanism("SHA512withRSA");
        }
        return this.session.verifySign(mechanism, signerCert.getPublicKey(), str, signerInfo.getEncryptedDigest().getOctets());
    }

    private boolean verifySignerInfo(byte[] bArr, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        Mechanism mechanism;
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
        X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
        if (signerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm = signerInfo.getDigestEncryptionAlgorithm().getAlgorithm();
        if (!algorithm.equals(PKCSObjectIdentifiers.rsaEncryption) && !algorithm.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm2 = signerInfo.getDigestAlgorithm().getAlgorithm();
        if (algorithm2.equals(PKCSObjectIdentifiers.md5)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha1)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha256)) {
            mechanism = new Mechanism("SHA256withRSAEncryption");
        } else {
            if (!algorithm2.equals(PKCSObjectIdentifiers.sha512)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            mechanism = new Mechanism("SHA512withRSA");
        }
        PublicKey publicKey = signerCert.getPublicKey();
        byte[] octets = signerInfo.getEncryptedDigest().getOctets();
        ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
        if (authenticatedAttributes == null) {
            return this.session.verifySign(mechanism, publicKey, bArr, octets);
        }
        return this.session.verifySign(mechanism, publicKey, ASN1Parser.writeDERObj2Bytes(authenticatedAttributes), octets);
    }

    private boolean verifySM2SignerInfoByFile(String str, boolean z, byte[] bArr, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_SM2_SIGNEDDATA_ERR, PKIException.VERIFY_SM2_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SM2SignerInfox sM2SignerInfo2 = isNewFormat() ? SM2SignerInfo2.getInstance(objects.nextElement()) : SM2SignerInfo.getInstance(objects.nextElement());
        X509Cert sM2SignerCert = getSM2SignerCert(x509CertArr, sM2SignerInfo2.getIssuerAndSerialNumber());
        if (sM2SignerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        PublicKey publicKey = sM2SignerCert.getPublicKey();
        byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestR().getPositiveValue());
        byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestS().getPositiveValue());
        byte[] bArr2 = new byte[64];
        System.arraycopy(asUnsigned32ByteArray, 0, bArr2, 0, 32);
        System.arraycopy(asUnsigned32ByteArray2, 0, bArr2, 32, 32);
        return this.session.verifySign(new Mechanism("SM3withSM2"), publicKey, str, bArr2);
    }

    private boolean verifySM2SignerInfo(byte[] bArr, boolean z, byte[] bArr2, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_SM2_SIGNEDDATA_ERR, PKIException.VERIFY_SM2_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SM2SignerInfox sM2SignerInfo2 = isNewFormat() ? SM2SignerInfo2.getInstance(objects.nextElement()) : SM2SignerInfo.getInstance(objects.nextElement());
        X509Cert sM2SignerCert = getSM2SignerCert(x509CertArr, sM2SignerInfo2.getIssuerAndSerialNumber());
        if (sM2SignerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        PublicKey publicKey = sM2SignerCert.getPublicKey();
        byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestR().getPositiveValue());
        byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestS().getPositiveValue());
        byte[] bArr3 = new byte[64];
        System.arraycopy(asUnsigned32ByteArray, 0, bArr3, 0, 32);
        System.arraycopy(asUnsigned32ByteArray2, 0, bArr3, 32, 32);
        ASN1Set authenticatedAttributes = sM2SignerInfo2.getAuthenticatedAttributes();
        if (authenticatedAttributes != null) {
            return this.session.verifySign(new Mechanism("SM3withSM2"), publicKey, ASN1Parser.writeDERObj2Bytes(authenticatedAttributes), bArr3);
        }
        return this.session.verifySign(new Mechanism("SM3withSM2"), publicKey, bArr, bArr3);
    }

    private boolean isSM2Cert() {
        return CertUtil.isSM2Cert(new X509Cert(Certificate.getInstance(this.signedData.getCertificates().getObjectAt(0))));
    }

    private X509Cert[] getSignerCerts() throws PKIException {
        ASN1Set certificates = this.signedData.getCertificates();
        X509Cert[] x509CertArr = new X509Cert[certificates.size()];
        for (int i = 0; i < certificates.size(); i++) {
            x509CertArr[i] = new X509Cert(Certificate.getInstance(certificates.getObjectAt(i)));
        }
        return x509CertArr;
    }

    public X509Cert getSignerX509Cert() throws PKIException {
        return new X509Cert(Certificate.getInstance(this.signedData.getCertificates().getObjectAt(0)));
    }

    private X509Cert getSignerCert(X509Cert[] x509CertArr, IssuerAndSerialNumber issuerAndSerialNumber) throws PKIException {
        String x500Name = issuerAndSerialNumber.getName().toString();
        BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
        for (int i = 0; i < x509CertArr.length; i++) {
            X500Name issuerX500Name = x509CertArr[i].getIssuerX500Name();
            BigInteger serialNumber = x509CertArr[i].getSerialNumber();
            if (issuerX500Name.toString().equals(x500Name) && serialNumber.compareTo(value) == 0) {
                return x509CertArr[i];
            }
        }
        return null;
    }

    private X509Cert getSM2SignerCert(X509Cert[] x509CertArr, IssuerAndSerialNumber issuerAndSerialNumber) throws PKIException {
        String x500Name = issuerAndSerialNumber.getName().toString();
        BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
        for (int i = 0; i < x509CertArr.length; i++) {
            X500Name issuerX500Name = x509CertArr[i].getIssuerX500Name();
            BigInteger serialNumber = x509CertArr[i].getSerialNumber();
            if (issuerX500Name.toString().equals(x500Name) && serialNumber.compareTo(value) == 0) {
                return x509CertArr[i];
            }
        }
        return null;
    }

    public boolean verifyP7SignedData(String str) throws PKIException {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return isSM2Cert() ? verifySM2SignerInfoByFile(str, true, null, signerInfos, null) : verifySignerInfoByFile(str, signerInfos, null);
    }

    public boolean verifyP7SignedData(byte[] bArr) throws PKIException {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return isSM2Cert() ? verifySM2SignerInfo(bArr, true, null, signerInfos, null) : verifySignerInfo(bArr, signerInfos, null);
    }

    private byte[] getSM2Signature() throws PKIException {
        Enumeration objects = this.signedData.getSignerInfos().getObjects();
        if (!objects.hasMoreElements()) {
            throw new PKIException("can not get SM2SignerInfo object!!!");
        }
        SM2SignerInfox sM2SignerInfo2 = isNewFormat() ? SM2SignerInfo2.getInstance(objects.nextElement()) : SM2SignerInfo.getInstance(objects.nextElement());
        byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestR().getPositiveValue());
        byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestS().getPositiveValue());
        byte[] bArr = new byte[64];
        System.arraycopy(asUnsigned32ByteArray, 0, bArr, 0, 32);
        System.arraycopy(asUnsigned32ByteArray2, 0, bArr, 32, 32);
        return bArr;
    }

    public byte[] getSignature() throws PKIException {
        if (isSM2Cert()) {
            return getSM2Signature();
        }
        Enumeration objects = this.signedData.getSignerInfos().getObjects();
        if (objects.hasMoreElements()) {
            return SignerInfo.getInstance(objects.nextElement()).getEncryptedDigest().getOctets();
        }
        throw new PKIException("can not get SignerInfo object!!!");
    }

    public String getDigestAlgorithm() throws PKIException {
        String str;
        if (isSM2Cert()) {
            return Mechanism.SM3;
        }
        Enumeration objects = this.signedData.getSignerInfos().getObjects();
        if (!objects.hasMoreElements()) {
            throw new PKIException("can not get SignerInfo object!!!");
        }
        ASN1ObjectIdentifier algorithm = SignerInfo.getInstance(objects.nextElement()).getDigestAlgorithm().getAlgorithm();
        if (algorithm.equals(PKCSObjectIdentifiers.md5)) {
            str = "MD5";
        } else if (algorithm.equals(PKCSObjectIdentifiers.sha1)) {
            str = "SHA1";
        } else if (algorithm.equals(PKCSObjectIdentifiers.sha256)) {
            str = "SHA256";
        } else {
            if (!algorithm.equals(PKCSObjectIdentifiers.sha512)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            str = "SHA512";
        }
        return str;
    }

    public boolean verifySM2SignedData(String str, boolean z, byte[] bArr) throws PKIException {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return z ? bArr != null ? verifySM2SignerInfoByFile(str, true, (byte[]) bArr.clone(), signerInfos, null) : verifySM2SignerInfoByFile(str, true, null, signerInfos, null) : verifySM2SignerInfoByFile(str, false, null, signerInfos, null);
    }

    public boolean verifySM2SignedData(byte[] bArr, boolean z, byte[] bArr2) throws PKIException {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return z ? bArr2 != null ? verifySM2SignerInfo((byte[]) bArr.clone(), true, (byte[]) bArr2.clone(), signerInfos, null) : verifySM2SignerInfo((byte[]) bArr.clone(), true, null, signerInfos, null) : verifySM2SignerInfo((byte[]) bArr.clone(), false, null, signerInfos, null);
    }

    public byte[] packageRSASignedData(boolean z, String str, byte[] bArr, byte[] bArr2, Mechanism mechanism, X509Cert[] x509CertArr) throws PKIException {
        ContentInfo contentInfo;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        DEROctetString dEROctetString = new DEROctetString(bArr2);
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertArr[0].getIssuerX500Name(), x509CertArr[0].getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, (ASN1Encodable) new DERNull());
        AlgorithmIdentifier algorithmIdentifier2 = null;
        String mechanismType = mechanism.getMechanismType();
        if (mechanismType.equals("MD5") || mechanismType.equals("MD5withRSAEncryption")) {
            algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, (ASN1Encodable) new DERNull());
        } else if (mechanismType.equals("SHA1") || mechanismType.equals("SHA1withRSAEncryption")) {
            algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, (ASN1Encodable) new DERNull());
        } else if (mechanismType.equals("SHA256") || mechanismType.equals("SHA256withRSAEncryption")) {
            algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, (ASN1Encodable) new DERNull());
        } else if (mechanismType.equals("SHA512") || mechanismType.equals("SHA512withRSA")) {
            algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha512, (ASN1Encodable) new DERNull());
        }
        SignerInfo signerInfo = new SignerInfo(new ASN1Integer(1), issuerAndSerialNumber, algorithmIdentifier2, null, algorithmIdentifier, dEROctetString, null);
        if (z) {
            DEROctetString dEROctetString2 = new DEROctetString(bArr);
            contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.data, dEROctetString2) : new ContentInfo(new ASN1ObjectIdentifier(str), dEROctetString2);
        } else {
            contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.data, null) : new ContentInfo(new ASN1ObjectIdentifier(str), null);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(algorithmIdentifier2);
        BERSet bERSet = new BERSet(aSN1EncodableVector);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(signerInfo);
        DERSet dERSet = new DERSet(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector3.add(x509Cert.getCertStructure());
        }
        return ASN1Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new ASN1Integer(1), bERSet, contentInfo, new BERSet(aSN1EncodableVector3), null, dERSet)));
    }

    public boolean verifyP7SignedDataByHash(byte[] bArr) throws PKIException {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        return isSM2Cert() ? verifySM2SignerInfoByHash(bArr, signerInfos, null) : verifySignerInfoByHash(bArr, signerInfos, null);
    }

    private boolean verifySignerInfoByHash(byte[] bArr, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        Mechanism mechanism;
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
        X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
        if (signerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm = signerInfo.getDigestEncryptionAlgorithm().getAlgorithm();
        if (!algorithm.equals(PKCSObjectIdentifiers.rsaEncryption) && !algorithm.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption) && !algorithm.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
        }
        ASN1ObjectIdentifier algorithm2 = signerInfo.getDigestAlgorithm().getAlgorithm();
        if (algorithm2.equals(PKCSObjectIdentifiers.md5)) {
            mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha1)) {
            mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (algorithm2.equals(PKCSObjectIdentifiers.sha256)) {
            mechanism = new Mechanism("SHA256withRSAEncryption");
        } else {
            if (!algorithm2.equals(PKCSObjectIdentifiers.sha512)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            mechanism = new Mechanism("SHA512withRSA");
        }
        return this.session.verifyByHash(mechanism, signerCert.getPublicKey(), bArr, signerInfo.getEncryptedDigest().getOctets());
    }

    private boolean verifySM2SignerInfoByHash(byte[] bArr, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_SM2_SIGNEDDATA_ERR, PKIException.VERIFY_SM2_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        if (!objects.hasMoreElements()) {
            return false;
        }
        SM2SignerInfox sM2SignerInfo2 = isNewFormat() ? SM2SignerInfo2.getInstance(objects.nextElement()) : SM2SignerInfo.getInstance(objects.nextElement());
        X509Cert sM2SignerCert = getSM2SignerCert(x509CertArr, sM2SignerInfo2.getIssuerAndSerialNumber());
        if (sM2SignerCert == null) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
        }
        PublicKey publicKey = sM2SignerCert.getPublicKey();
        byte[] asUnsigned32ByteArray = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestR().getPositiveValue());
        byte[] asUnsigned32ByteArray2 = BigIntegerUtil.asUnsigned32ByteArray(sM2SignerInfo2.getEncryptedDigestS().getPositiveValue());
        byte[] bArr2 = new byte[64];
        System.arraycopy(asUnsigned32ByteArray, 0, bArr2, 0, 32);
        System.arraycopy(asUnsigned32ByteArray2, 0, bArr2, 32, 32);
        return this.session.verifyByHash(new Mechanism("SM3withSM2"), publicKey, bArr, bArr2);
    }

    boolean isNewFormat() {
        return false;
    }
}
