package cfca.util;

import cfca.internal.tool.ASN1Parser;
import cfca.internal.tool.FileUtil;
import cfca.org.bouncycastle.asn1.cms.CMSAttributes;
import cfca.org.bouncycastle.asn1.cms.Time;
import cfca.org.bouncycastle.cms.CMSSignedDataParser;
import cfca.org.bouncycastle.cms.SignerInformation;
import cfca.org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.org.bouncycastle.util.BigIntegers;
import cfca.sm2rsa.common.CertAppKitException;
import cfca.sm2rsa.common.Mechanism;
import cfca.sm2rsa.common.PKCS7SignedData;
import cfca.sm2rsa.common.PKCS7SignedData2;
import cfca.sm2rsa.common.PKCS7SignedFile;
import cfca.sm2rsa.common.PKCS7SignedFile2;
import cfca.sm2rsa.common.PKIException;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Iterator;

/* loaded from: input_file:cfca/util/SignatureUtil.class */
public class SignatureUtil {
    private X509Cert signCert = null;
    private String digestAlgorithm = null;
    private byte[] signature = null;
    private byte[] sourceData = null;

    public final byte[] getSourceData() {
        return this.sourceData;
    }

    public final byte[] getSignature() {
        return this.signature;
    }

    public final String getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public final X509Cert getSignerCert() {
        return this.signCert;
    }

    public final String getTimeFromTimeStamp(byte[] bArr) throws PKIException {
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), new ByteArrayInputStream(Base64.decode(ASN1Parser.convertBase64(bArr))));
            Iterator it = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
            String str = null;
            while (it.hasNext()) {
                str = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Time.getInstance(((SignerInformation) it.next()).getSignedAttributes().get(CMSAttributes.signingTime).getAttrValues().getObjectAt(0).toASN1Primitive()).getDate());
            }
            cMSSignedDataParser.close();
            return str;
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, new StringBuffer().append("解析文件签名失败 ").append(e.getMessage()).toString(), e);
        }
    }

    public final byte[] p1SignByHash(String str, byte[] bArr, PrivateKey privateKey, Session session) throws PKIException {
        return Base64.encode(encodedToASN1(session.signByHash(new Mechanism(str), privateKey, bArr)));
    }

    public final boolean p1VerifyByHash(String str, byte[] bArr, byte[] bArr2, PublicKey publicKey, Session session) throws PKIException {
        return session.verifyByHash(new Mechanism(str), publicKey, bArr, decodedSignValue(bArr2));
    }

    public final byte[] p1SignMessage(String str, byte[] bArr, PrivateKey privateKey, Session session) throws PKIException {
        return Base64.encode(encodedToASN1(session.sign(new Mechanism(str), privateKey, bArr)));
    }

    public final boolean p1VerifyMessage(String str, byte[] bArr, byte[] bArr2, PublicKey publicKey, Session session) throws PKIException {
        return session.verifySign(new Mechanism(str), publicKey, bArr, decodedSignValue(bArr2));
    }

    public final byte[] p1SignFile(String str, String str2, PrivateKey privateKey, Session session) throws PKIException {
        return Base64.encode(encodedToASN1(session.sign(new Mechanism(str), privateKey, str2)));
    }

    public final boolean p1VerifyFile(String str, String str2, byte[] bArr, PublicKey publicKey, Session session) throws PKIException {
        return session.verifySign(new Mechanism(str), publicKey, str2, decodedSignValue(bArr));
    }

    public final byte[] p7SignByHash(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        return Base64.encode(buildPKCS7SignedData(session).packageSignedData(false, null, null, session.signByHash(new Mechanism(str), privateKey, bArr), new Mechanism(str), new X509Cert[]{x509Cert}));
    }

    public final boolean p7VerifyByHash(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        buildPKCS7SignedData.loadBase64(bArr2);
        this.signCert = buildPKCS7SignedData.getSignerX509Cert();
        this.digestAlgorithm = buildPKCS7SignedData.getDigestAlgorithm();
        this.signature = buildPKCS7SignedData.getSignature();
        return buildPKCS7SignedData.verifyP7SignedDataByHash(bArr);
    }

    public final byte[] p7SignMessageAttach(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        X509Cert[] x509CertArr = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return Base64.encode(buildPKCS7SignedData.packageSignedData(true, null, bArr, session.sign(mechanism, privateKey, bArr), mechanism, x509CertArr));
    }

    public final boolean p7VerifyMessageAttach(byte[] bArr, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        buildPKCS7SignedData.loadBase64(bArr);
        this.signCert = buildPKCS7SignedData.getSignerX509Cert();
        this.sourceData = buildPKCS7SignedData.getSourceData();
        this.digestAlgorithm = buildPKCS7SignedData.getDigestAlgorithm();
        this.signature = buildPKCS7SignedData.getSignature();
        return buildPKCS7SignedData.verifyP7SignedDataAttach();
    }

    public final byte[] p7SignMessageDetach(String str, byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        X509Cert[] x509CertArr = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return Base64.encode(buildPKCS7SignedData.packageSignedData(false, null, bArr, session.sign(mechanism, privateKey, bArr), mechanism, x509CertArr));
    }

    public final boolean p7VerifyMessageDetach(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        buildPKCS7SignedData.loadBase64(bArr2);
        this.signCert = buildPKCS7SignedData.getSignerX509Cert();
        this.digestAlgorithm = buildPKCS7SignedData.getDigestAlgorithm();
        this.signature = buildPKCS7SignedData.getSignature();
        return buildPKCS7SignedData.verifyP7SignedData(bArr);
    }

    public final void p7SignFileAttach(String str, String str2, String str3, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        Mechanism mechanism = new Mechanism(str);
        buildPKCS7SignedFile(session).packageSignedFile(null, str2, str3, session.sign(mechanism, privateKey, str2), mechanism, new X509Cert[]{x509Cert});
    }

    public final boolean p7VerifyFileAttach(String str, String str2, Session session) throws PKIException {
        try {
            if (new File(str).length() <= 53477376) {
                boolean p7VerifyMessageAttach = p7VerifyMessageAttach(FileUtil.getBytesFromFile(str), session);
                if (str2 != null && !str2.trim().equals("")) {
                    FileUtil.writeBytesToFile(getSourceData(), str2);
                }
                return p7VerifyMessageAttach;
            }
            PKCS7SignedFile buildPKCS7SignedFile = buildPKCS7SignedFile(session);
            boolean verifyP7SignedFile = buildPKCS7SignedFile.verifyP7SignedFile(str, str2);
            this.signCert = buildPKCS7SignedFile.getSignerX509Cert();
            this.digestAlgorithm = buildPKCS7SignedFile.getDigestAlgorithm();
            this.signature = buildPKCS7SignedFile.getSignature();
            return verifyP7SignedFile;
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public final byte[] p7SignFileDetach(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
        X509Cert[] x509CertArr = {x509Cert};
        Mechanism mechanism = new Mechanism(str);
        return Base64.encode(buildPKCS7SignedData.packageSignedData(false, null, null, session.sign(mechanism, privateKey, str2), mechanism, x509CertArr));
    }

    public final boolean p7VerifyFileDetach(String str, byte[] bArr, Session session) throws PKIException {
        try {
            PKCS7SignedData buildPKCS7SignedData = buildPKCS7SignedData(session);
            buildPKCS7SignedData.loadBase64(bArr);
            this.signCert = buildPKCS7SignedData.getSignerX509Cert();
            this.digestAlgorithm = buildPKCS7SignedData.getDigestAlgorithm();
            this.signature = buildPKCS7SignedData.getSignature();
            return buildPKCS7SignedData.verifyP7SignedData(str);
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    final PKCS7SignedData buildPKCS7SignedData(Session session) {
        return isNewFormat() ? new PKCS7SignedData2(session) : new PKCS7SignedData(session);
    }

    final PKCS7SignedFile buildPKCS7SignedFile(Session session) {
        return isNewFormat() ? new PKCS7SignedFile2(session) : new PKCS7SignedFile(session);
    }

    boolean isNewFormat() {
        return false;
    }

    private final byte[] decodedSignValue(byte[] bArr) throws PKIException {
        byte[] bArr2;
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for signData");
        }
        byte[] decode = Base64.decode(bArr);
        if (decode.length == 64 || decode.length >= 128) {
            bArr2 = decode;
        } else {
            if (decode.length < 66 || decode.length > 72) {
                throw new PKIException("The signData is wrong!");
            }
            bArr2 = decodedFromASN1(decode);
        }
        return bArr2;
    }

    private final byte[] encodedToASN1(byte[] bArr) throws PKIException {
        byte[] bArr2;
        if (bArr == null) {
            return bArr;
        }
        if (isNewFormat() && bArr.length == 64) {
            try {
                bArr2 = new ASN1SM2Signature(bArr).getEncoded();
            } catch (IOException e) {
                throw new PKIException(e.getMessage());
            }
        } else {
            bArr2 = bArr;
        }
        return bArr2;
    }

    private final byte[] decodedFromASN1(byte[] bArr) {
        if (bArr == null) {
            throw new SecurityException("Unknown signature value");
        }
        if (!isNewFormat()) {
            return bArr;
        }
        ASN1SM2Signature aSN1SM2Signature = new ASN1SM2Signature(bArr);
        byte[] bArr2 = new byte[64];
        System.arraycopy(BigIntegers.asUnsignedByteArray(32, aSN1SM2Signature.getR().getValue()), 0, bArr2, 0, 32);
        System.arraycopy(BigIntegers.asUnsignedByteArray(32, aSN1SM2Signature.getS().getValue()), 0, bArr2, 32, 32);
        return bArr2;
    }
}
