package cn.com.jit.ida.util.pki.cms;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1OctetString;
import cn.com.jit.ida.util.pki.asn1.ASN1OutputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1Set;
import cn.com.jit.ida.util.pki.asn1.BERConstructedOctetString;
import cn.com.jit.ida.util.pki.asn1.DEREncodable;
import cn.com.jit.ida.util.pki.asn1.DERNull;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DEROutputStream;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.DERUTCTime;
import cn.com.jit.ida.util.pki.asn1.cms.Attribute;
import cn.com.jit.ida.util.pki.asn1.cms.AttributeTable;
import cn.com.jit.ida.util.pki.asn1.cms.CMSAttributes;
import cn.com.jit.ida.util.pki.asn1.cms.ContentInfo;
import cn.com.jit.ida.util.pki.asn1.cms.IssuerAndSerialNumber;
import cn.com.jit.ida.util.pki.asn1.cms.SignedData;
import cn.com.jit.ida.util.pki.asn1.cms.SignerIdentifier;
import cn.com.jit.ida.util.pki.asn1.cms.SignerInfo;
import cn.com.jit.ida.util.pki.asn1.cms.Time;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.SubjectKeyIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.TBSCertificateStructure;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.crl.X509CRL;
import cn.com.jit.ida.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.ocsp.CertificateID;

/* loaded from: classes.dex */
public class CMSSignedData {
    private ASN1EncodableVector certs;
    private ASN1EncodableVector clss;
    private byte[] msg;
    private Session session;
    private SignedData signedData;
    private ArrayList signers;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class Signer {
        X509Cert cert;
        JKey privateKey;
        AttributeTable sAttr;
        Session session;
        Mechanism sign_Mechanism;
        AttributeTable unsAttr;

        Signer(Session session, JKey jKey, X509Cert x509Cert, Mechanism mechanism) {
            this.privateKey = null;
            this.cert = null;
            this.sign_Mechanism = null;
            this.sAttr = null;
            this.unsAttr = null;
            this.session = null;
            this.session = session;
            this.privateKey = jKey;
            this.cert = x509Cert;
            this.sign_Mechanism = mechanism;
        }

        Signer(Session session, JKey jKey, X509Cert x509Cert, Mechanism mechanism, AttributeTable attributeTable, AttributeTable attributeTable2) {
            this.privateKey = null;
            this.cert = null;
            this.sign_Mechanism = null;
            this.sAttr = null;
            this.unsAttr = null;
            this.session = null;
            this.session = session;
            this.privateKey = jKey;
            this.cert = x509Cert;
            this.sign_Mechanism = mechanism;
            this.sAttr = attributeTable;
            this.unsAttr = attributeTable2;
        }

        private String GetSignatureAlgTypeOID() {
            String mechanismType = this.sign_Mechanism.getMechanismType();
            if (mechanismType.equals("SHA1withRSAEncryption")) {
                return "1.2.840.113549.1.1.5";
            }
            if (mechanismType.equals("SHA256withRSAEncryption")) {
                return "1.2.840.113549.1.1.11";
            }
            if (mechanismType.equals("SHA384withRSAEncryption")) {
                return "1.2.840.113549.1.1.12";
            }
            if (mechanismType.equals("SHA512withRSAEncryption")) {
                return "1.2.840.113549.1.1.13";
            }
            if (mechanismType.equals("MD5withRSAEncryption")) {
                return "1.2.840.113549.1.1.4";
            }
            if (mechanismType.equals("MD2withRSAEncryption")) {
                return "1.2.840.113549.1.1.2";
            }
            if (mechanismType.equals("SHA1withECDSA")) {
                return "1.2.840.10045.4.1";
            }
            if (mechanismType.equals("SHA224withECDSA")) {
                return "1.2.840.10045.4.3.1";
            }
            if (mechanismType.equals("SHA256withECDSA")) {
                return "1.2.840.10045.4.3.2";
            }
            if (mechanismType.equals("SHA1withDSA")) {
                return "1.2.840.10040.4.3";
            }
            if (mechanismType.equals(Mechanism.SHA224_DSA)) {
                return "2.16.840.1.101.3.4.3.1";
            }
            if (mechanismType.equals(Mechanism.SHA256_DSA)) {
                return "2.16.840.1.101.3.4.3.2";
            }
            if (mechanismType.equals("SM3withSM2Encryption")) {
                return "1.2.156.10197.1.501";
            }
            return null;
        }

        String GetDigestTypeName() throws PKIException {
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                return "MD2";
            }
            if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                return "MD5";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                return Mechanism.SHA1;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
                return Mechanism.SHA256;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption")) {
                return Mechanism.SHA384;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                return Mechanism.SHA512;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                return Mechanism.SHA1;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                return Mechanism.SHA224;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                return Mechanism.SHA256;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SM3withSM2Encryption")) {
                return Mechanism.SM3;
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(PKIException.SIGN_DES);
            stringBuffer.append(" ");
            stringBuffer.append(PKIException.NOT_SUP_DES);
            stringBuffer.append(" ");
            stringBuffer.append(this.sign_Mechanism.getMechanismType());
            throw new PKIException("8195", stringBuffer.toString());
        }

        String GetDigestTypeOID() throws PKIException {
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                return "1.2.840.113549.2.2";
            }
            if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                return "1.2.840.113549.2.5";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                return CertificateID.HASH_SHA1;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
                return "2.16.840.1.101.3.4.2.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                return "2.16.840.1.101.3.4.2.2";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                return CertificateID.HASH_SHA1;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                return "2.16.840.1.101.3.4.2.4";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                return "2.16.840.1.101.3.4.2.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
                return "2.16.840.1.101.3.4.2.4";
            }
            if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                return "2.16.840.1.101.3.4.2.1";
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(PKIException.SIGN_DES);
            stringBuffer.append(" ");
            stringBuffer.append(PKIException.NOT_SUP_DES);
            stringBuffer.append(" ");
            stringBuffer.append(this.sign_Mechanism.getMechanismType());
            throw new PKIException("8125", stringBuffer.toString());
        }

        String GetEncTypeName() throws PKIException {
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                return Mechanism.RSA;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA") || this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA) || this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                return Mechanism.DSA;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA") || this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA") || this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                return Mechanism.ECDSA;
            }
            if (this.sign_Mechanism.getMechanismType().equals("SM3withSM2Encryption")) {
                return Mechanism.SM2;
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(PKIException.SIGN_DES);
            stringBuffer.append(" ");
            stringBuffer.append(PKIException.NOT_SUP_DES);
            stringBuffer.append(" ");
            stringBuffer.append(this.sign_Mechanism.getMechanismType());
            throw new PKIException("8125", stringBuffer.toString());
        }

        String GetEncTypeOID() throws PKIException {
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                return "1.2.840.113549.1.1.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                return "1.2.840.10040.4.3";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption") || this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                return "1.2.840.113549.1.1.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                return "1.2.840.10045.4.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                return "1.2.840.10045.4.3.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                return "1.2.840.10045.4.3.2";
            }
            if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
                return "2.16.840.1.101.3.4.3.1";
            }
            if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                return "2.16.840.1.101.3.4.3.2";
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(PKIException.SIGN_DES);
            stringBuffer.append(" ");
            stringBuffer.append(PKIException.NOT_SUP_DES);
            stringBuffer.append(" ");
            stringBuffer.append(this.sign_Mechanism.getMechanismType());
            throw new PKIException("8125", stringBuffer.toString());
        }

        X509Cert getCertificate() {
            return this.cert;
        }

        JKey getKey() {
            return this.privateKey;
        }

        Mechanism getSignMechanism() {
            return this.sign_Mechanism;
        }

        AttributeTable getSignedAttributes() {
            return this.sAttr;
        }

        AttributeTable getUnsignedAttributes() {
            return this.unsAttr;
        }

        SignerInfo toSignerInfo(DERObjectIdentifier dERObjectIdentifier, byte[] bArr, boolean z, boolean z2) throws PKIException, IOException {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(GetDigestTypeOID()), new DERNull());
            AlgorithmIdentifier algorithmIdentifier2 = GetEncTypeOID().equals("1.2.840.10040.4.3") ? new AlgorithmIdentifier(new DERObjectIdentifier(GetEncTypeOID())) : new AlgorithmIdentifier(new DERObjectIdentifier(GetEncTypeOID()), new DERNull());
            AlgorithmIdentifier algorithmIdentifier3 = new AlgorithmIdentifier(new DERObjectIdentifier(GetSignatureAlgTypeOID()), new DERNull());
            DERSet dERSet = null;
            DERSet dERSet2 = null;
            byte[] digest = this.session.digest(new Mechanism(GetDigestTypeName()), bArr);
            AttributeTable signedAttributes = getSignedAttributes();
            if (signedAttributes != null) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                if (signedAttributes.get(CMSAttributes.contentType) == null) {
                    aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, new DERSet(dERObjectIdentifier)));
                } else {
                    aSN1EncodableVector.add(signedAttributes.get(CMSAttributes.contentType));
                }
                if (signedAttributes.get(CMSAttributes.signingTime) == null) {
                    aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DERSet(new Time(new Date()))));
                } else {
                    aSN1EncodableVector.add(signedAttributes.get(CMSAttributes.signingTime));
                }
                aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digest))));
                Hashtable hashtable = signedAttributes.toHashtable();
                hashtable.remove(CMSAttributes.contentType);
                hashtable.remove(CMSAttributes.signingTime);
                hashtable.remove(CMSAttributes.messageDigest);
                Iterator it = hashtable.values().iterator();
                while (it.hasNext()) {
                    aSN1EncodableVector.add(Attribute.getInstance(it.next()));
                }
                dERSet = new DERSet(aSN1EncodableVector);
            } else if (z) {
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.contentType, new DERSet(dERObjectIdentifier)));
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))));
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digest))));
                dERSet = new DERSet(aSN1EncodableVector2);
            }
            AttributeTable unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                Iterator it2 = unsignedAttributes.toHashtable().values().iterator();
                ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                while (it2.hasNext()) {
                    aSN1EncodableVector3.add(Attribute.getInstance(it2.next()));
                }
                dERSet2 = new DERSet(aSN1EncodableVector3);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (dERSet != null) {
                DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                dEROutputStream.writeObject(dERSet);
                dEROutputStream.flush();
                dEROutputStream.close();
            } else {
                byteArrayOutputStream.write(bArr);
            }
            DEROctetString dEROctetString = new DEROctetString(this.session.sign(this.sign_Mechanism, this.privateKey, byteArrayOutputStream.toByteArray()));
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.cert.getTBSCertificate());
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(aSN1InputStream.readObject());
            SignerInfo signerInfo = z2 ? new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), algorithmIdentifier, dERSet, algorithmIdentifier3, dEROctetString, dERSet2) : new SignerInfo(new SignerIdentifier((ASN1OctetString) new SubjectKeyIdentifier(this.cert.getCertStructure().getSubjectPublicKeyInfo()).getDERObject()), algorithmIdentifier, dERSet, algorithmIdentifier2, dEROctetString, dERSet2);
            byteArrayOutputStream.flush();
            byteArrayOutputStream.close();
            aSN1InputStream.close();
            byteArrayInputStream.close();
            return signerInfo;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class SignerId extends X509CertSelector {
        private SignerId() {
        }

        /* synthetic */ SignerId(CMSSignedData cMSSignedData, SignerId signerId) {
            this();
        }

        public boolean equals(Object obj) {
            byte[] subjectKeyIdentifier;
            if (!(obj instanceof SignerId)) {
                return false;
            }
            SignerId signerId = (SignerId) obj;
            if (signerId.getSerialNumber() != null && !signerId.getSerialNumber().equals(getSerialNumber())) {
                return false;
            }
            if (signerId.getIssuerAsString() != null && !signerId.getIssuerAsString().equals(getIssuerAsString())) {
                return false;
            }
            byte[] subjectKeyIdentifier2 = getSubjectKeyIdentifier();
            return subjectKeyIdentifier2 == null || ((subjectKeyIdentifier = signerId.getSubjectKeyIdentifier()) != null && Arrays.equals(subjectKeyIdentifier2, subjectKeyIdentifier));
        }

        public int hashCode() {
            int hashCode = getSerialNumber() != null ? 0 ^ getSerialNumber().hashCode() : 0;
            if (getIssuerAsString() != null) {
                hashCode ^= getIssuerAsString().hashCode();
            }
            byte[] subjectKeyIdentifier = getSubjectKeyIdentifier();
            if (subjectKeyIdentifier != null) {
                for (int i = 0; i != subjectKeyIdentifier.length; i++) {
                    hashCode ^= (subjectKeyIdentifier[i] & 255) << (i % 4);
                }
            }
            return hashCode;
        }
    }

    private CMSSignedData() {
        this.certs = new ASN1EncodableVector();
        this.clss = new ASN1EncodableVector();
        this.signers = new ArrayList();
        this.session = null;
        this.signedData = null;
        this.msg = null;
    }

    public CMSSignedData(Session session) {
        this.certs = new ASN1EncodableVector();
        this.clss = new ASN1EncodableVector();
        this.signers = new ArrayList();
        this.session = null;
        this.signedData = null;
        this.msg = null;
        this.session = session;
    }

    private String GetDigestTypeName(Mechanism mechanism) throws PKIException {
        if (mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
            return "MD2";
        }
        if (mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
            return "MD5";
        }
        if (mechanism.getMechanismType().equals("SHA1withRSAEncryption") || mechanism.getMechanismType().equals("SHA1withDSA")) {
            return Mechanism.SHA1;
        }
        if (mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
            return Mechanism.SHA256;
        }
        if (mechanism.getMechanismType().equals("SHA384withRSAEncryption")) {
            return Mechanism.SHA384;
        }
        if (mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
            return Mechanism.SHA512;
        }
        if (mechanism.getMechanismType().equals("SHA1withECDSA")) {
            return Mechanism.SHA1;
        }
        if (mechanism.getMechanismType().equals("SHA224withECDSA")) {
            return Mechanism.SHA224;
        }
        if (mechanism.getMechanismType().equals("SHA256withECDSA")) {
            return Mechanism.SHA256;
        }
        if (mechanism.getMechanismType().equals("SHA1withDSA")) {
            return Mechanism.SHA1;
        }
        if (mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
            return Mechanism.SHA224;
        }
        if (mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
            return Mechanism.SHA256;
        }
        if (mechanism.getMechanismType().equals("SM3withSM2Encryption")) {
            return Mechanism.SM3;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(PKIException.SIGN_DES);
        stringBuffer.append(" ");
        stringBuffer.append(PKIException.NOT_SUP_DES);
        stringBuffer.append(" ");
        stringBuffer.append(mechanism.getMechanismType());
        throw new PKIException("8125", stringBuffer.toString());
    }

    private Mechanism GetSignMechanism(SignerInfo signerInfo) {
        String id = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId();
        if (id.equals("1.2.840.113549.1.1.5")) {
            return new Mechanism("SHA1withRSAEncryption");
        }
        if (id.equals("1.2.840.113549.1.1.11")) {
            return new Mechanism("SHA256withRSAEncryption");
        }
        if (id.equals("1.2.840.113549.1.1.12")) {
            return new Mechanism("SHA384withRSAEncryption");
        }
        if (id.equals("1.2.840.113549.1.1.13")) {
            return new Mechanism("SHA512withRSAEncryption");
        }
        if (id.equals("1.2.840.113549.1.1.4")) {
            return new Mechanism("MD5withRSAEncryption");
        }
        if (id.equals("1.2.840.113549.1.1.2")) {
            return new Mechanism("MD2withRSAEncryption");
        }
        if (id.equals("1.2.840.10045.4.1")) {
            return new Mechanism("SHA1withECDSA");
        }
        if (id.equals("1.2.840.10045.4.3.1")) {
            return new Mechanism("SHA224withECDSA");
        }
        if (id.equals("1.2.840.10045.4.3.2")) {
            return new Mechanism("SHA256withECDSA");
        }
        if (id.equals("1.2.840.10040.4.3")) {
            return new Mechanism("SHA1withDSA");
        }
        if (id.equals("2.16.840.1.101.3.4.3.1")) {
            return new Mechanism(Mechanism.SHA224_DSA);
        }
        if (id.equals("2.16.840.1.101.3.4.3.2")) {
            return new Mechanism(Mechanism.SHA256_DSA);
        }
        if (id.equals("1.2.156.10197.1.301.1")) {
            return new Mechanism("SM3withSM2Encryption");
        }
        String id2 = signerInfo.getDigestAlgorithm().getObjectId().getId();
        if (id2.equals(PKCSObjectIdentifiers.sha1.getId())) {
            return new Mechanism("SHA1withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.sha224.getId())) {
            return new Mechanism("SHA224withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.sha256.getId())) {
            return new Mechanism("SHA256withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.sha384.getId())) {
            return new Mechanism("SHA384withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.sha512.getId())) {
            return new Mechanism("SHA512withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.md2.getId())) {
            return new Mechanism("MD2withRSAEncryption");
        }
        if (id2.equals(PKCSObjectIdentifiers.md5.getId())) {
            return new Mechanism("MD5withRSAEncryption");
        }
        return null;
    }

    private boolean doVerify(JKey jKey, AttributeTable attributeTable, Mechanism mechanism, ASN1Set aSN1Set, byte[] bArr, byte[] bArr2) throws PKIException {
        boolean verifySign;
        if (bArr == null) {
            if (this.msg != null) {
                bArr = this.msg;
            } else {
                try {
                    bArr = getContent();
                } catch (PKIException e) {
                    return false;
                }
            }
            if (bArr == null) {
                return false;
            }
        }
        if (mechanism == null) {
            return false;
        }
        try {
            if (attributeTable == null) {
                verifySign = this.session.verifySign(mechanism, jKey, bArr, bArr2);
            } else {
                this.session.digest(new Mechanism(GetDigestTypeName(mechanism)), bArr);
                Attribute attribute = attributeTable.get(CMSAttributes.messageDigest);
                Attribute attribute2 = attributeTable.get(CMSAttributes.contentType);
                if (attribute == null) {
                    verifySign = false;
                } else if (attribute2 == null) {
                    verifySign = false;
                } else {
                    ((ASN1OctetString) attribute.getAttrValues().getObjectAt(0)).getOctets();
                    if (((DERObjectIdentifier) attribute2.getAttrValues().getObjectAt(0)).equals(this.signedData.getEncapContentInfo().getContentType())) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                        dEROutputStream.writeObject(aSN1Set);
                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                        dEROutputStream.flush();
                        dEROutputStream.close();
                        byteArrayOutputStream.flush();
                        byteArrayOutputStream.close();
                        verifySign = this.session.verifySign(mechanism, jKey, byteArray, bArr2);
                    } else {
                        verifySign = false;
                    }
                }
            }
            return verifySign;
        } catch (PKIException e2) {
            return false;
        } catch (IOException e3) {
            return false;
        }
    }

    public static void main(String[] strArr) throws Exception {
        JCrypto jCrypto = JCrypto.getInstance();
        jCrypto.initialize(JCrypto.JSJY05B_LIB, null);
        Session openSession = jCrypto.openSession(JCrypto.JSJY05B_LIB);
        CMSSignedData cMSSignedData = new CMSSignedData(openSession);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        FileInputStream fileInputStream = new FileInputStream("d:\\sm2.cer");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        cMSSignedData.AddSigner(openSession.generateKeyPair(new Mechanism(Mechanism.SM2), 256).getPrivateKey(), new X509Cert(x509Certificate.getEncoded()), new Mechanism("SM3withSM2Encryption"));
        cMSSignedData.Generate("hello word".getBytes(), true, true);
        cMSSignedData.GetSignedDataForFile("d:/signeddatanotcert.bin");
    }

    private boolean verifySignerInfo(byte[] bArr, X509Cert x509Cert, SignerInfo signerInfo, boolean z) throws PKIException {
        Attribute attribute;
        AttributeTable attributeTable = new AttributeTable(signerInfo.getAuthenticatedAttributes());
        if (!z || attributeTable == null || (attribute = attributeTable.get(CMSAttributes.signingTime)) == null || x509Cert.checkValidity(Time.getInstance(attribute.getAttrValues().getObjectAt(0).getDERObject()).getDate())) {
            return doVerify(x509Cert.getPublicKey(), attributeTable, GetSignMechanism(signerInfo), signerInfo.getAuthenticatedAttributes(), bArr, signerInfo.getEncryptedDigest().getOctets());
        }
        return false;
    }

    private boolean verifySignerInfo(byte[] bArr, X509Cert[] x509CertArr) {
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        boolean z = true;
        for (int i = 0; i < signerInfos.size(); i++) {
            SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(i));
            SignerId signerId = new SignerId(this, null);
            SignerIdentifier sid = signerInfo.getSID();
            if (sid.isTagged()) {
                signerId.setSubjectKeyIdentifier(ASN1OctetString.getInstance(sid.getId()).getOctets());
            } else {
                IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(sid.getId());
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
                try {
                    aSN1OutputStream.writeObject(issuerAndSerialNumber.getName());
                    signerId.setIssuer(byteArrayOutputStream.toByteArray());
                    aSN1OutputStream.flush();
                    aSN1OutputStream.close();
                    byteArrayOutputStream.flush();
                    byteArrayOutputStream.close();
                    signerId.setSerialNumber(issuerAndSerialNumber.getSerialNumber().getValue());
                } catch (IOException e) {
                    return false;
                }
            }
            try {
                if (!verifySignerInfo(bArr, x509CertArr[i], signerInfo, true)) {
                    z = false;
                }
            } catch (PKIException e2) {
                z = false;
            }
        }
        return z;
    }

    private static byte[] writeDERObj2Bytes(DEREncodable dEREncodable) throws PKIException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        try {
            dEROutputStream.writeObject(dEREncodable);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            dEROutputStream.flush();
            dEROutputStream.close();
            byteArrayOutputStream.flush();
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Exception e) {
            throw new PKIException("8136", PKIException.DEROBJ_BYTES_DES, e);
        }
    }

    public void AddCRL(X509CRL x509crl) throws PKIException {
        this.clss.add(Parser.convertJITCertList2BCCertList(x509crl.getCertificateList()));
    }

    public void AddCert(X509Cert x509Cert) throws PKIException {
        this.certs.add(Parser.convertJITCertStruct2BCCertStruct(x509Cert.getCertStructure()));
    }

    public void AddSigner(JKey jKey, X509Cert x509Cert, Mechanism mechanism) {
        this.signers.add(new Signer(this.session, jKey, x509Cert, mechanism));
    }

    public void AddSigner(JKey jKey, X509Cert x509Cert, Mechanism mechanism, AttributeTable attributeTable, AttributeTable attributeTable2) {
        this.signers.add(new Signer(this.session, jKey, x509Cert, mechanism, attributeTable, attributeTable2));
    }

    public void Generate(String str, byte[] bArr, boolean z, boolean z2) throws PKIException, IOException {
        Generate(str, bArr, z, true, z2);
    }

    public void Generate(String str, byte[] bArr, boolean z, boolean z2, boolean z3) throws PKIException, IOException {
        ContentInfo contentInfo;
        if (this.msg == null || this.signedData == null) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(str);
            Iterator it = this.signers.iterator();
            while (it.hasNext()) {
                Signer signer = (Signer) it.next();
                aSN1EncodableVector.add(new AlgorithmIdentifier(new DERObjectIdentifier(signer.GetDigestTypeOID()), new DERNull()));
                aSN1EncodableVector2.add(signer.toSignerInfo(dERObjectIdentifier, bArr, z2, z3));
            }
            DERSet dERSet = new DERSet(this.certs);
            DERSet dERSet2 = new DERSet(this.clss);
            if (z) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(bArr);
                contentInfo = new ContentInfo(dERObjectIdentifier, new BERConstructedOctetString(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.flush();
                byteArrayOutputStream.close();
            } else {
                contentInfo = new ContentInfo(dERObjectIdentifier, null);
            }
            this.signedData = new SignedData(new DERSet(aSN1EncodableVector), contentInfo, dERSet, dERSet2, new DERSet(aSN1EncodableVector2));
            this.msg = bArr;
        }
    }

    public void Generate(byte[] bArr, boolean z, boolean z2) throws PKIException, IOException {
        Generate(PKCSObjectIdentifiers.data.getId(), bArr, z, z2);
    }

    public void Generate(byte[] bArr, boolean z, boolean z2, boolean z3) throws PKIException, IOException {
        Generate(PKCSObjectIdentifiers.data.getId(), bArr, z, z2, z3);
    }

    public SignedData GetSignedData() throws PKIException {
        return this.signedData;
    }

    public byte[] GetSignedDataForByte() throws PKIException, IOException {
        if (this.signedData == null) {
            return null;
        }
        ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.signedData, this.signedData);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        dEROutputStream.writeObject(contentInfo);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        dEROutputStream.flush();
        dEROutputStream.close();
        byteArrayOutputStream.flush();
        byteArrayOutputStream.close();
        return byteArray;
    }

    public void GetSignedDataForFile(String str) throws PKIException, IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(GetSignedDataForByte());
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    public InputStream GetSignedDataForInputStream() throws PKIException, IOException {
        return new ByteArrayInputStream(GetSignedDataForByte());
    }

    public byte[] getContent() throws PKIException {
        if (this.msg == null && this.signedData == null) {
            return null;
        }
        if (this.msg != null || this.signedData == null) {
            return this.msg != null ? this.msg : this.msg;
        }
        ContentInfo encapContentInfo = this.signedData.getEncapContentInfo();
        if (!encapContentInfo.getContentType().equals(PKCSObjectIdentifiers.data) && !encapContentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo)) {
            this.msg = writeDERObj2Bytes(encapContentInfo.getContent());
        } else {
            if (encapContentInfo.getContent() == null) {
                throw new PKIException("8175", "解析PKCS7签名数据包失败 解析PKCS7签名数据包失败", new Exception("no sourceData to be verify."));
            }
            this.msg = ((ASN1OctetString) encapContentInfo.getContent()).getOctets();
        }
        return this.msg;
    }

    public void load(SignedData signedData) throws PKIException {
        this.signedData = signedData;
        this.msg = null;
    }

    public void load(InputStream inputStream) throws PKIException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        try {
            this.signedData = SignedData.getInstance(ContentInfo.getInstance(aSN1InputStream.readObject()).getContent());
            inputStream.close();
            aSN1InputStream.close();
            this.msg = null;
        } catch (Exception e) {
            throw new PKIException("8175", PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void load(String str) throws PKIException {
        FileInputStream fileInputStream;
        try {
            fileInputStream = new FileInputStream(str);
        } catch (Exception e) {
            e = e;
        }
        try {
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            load(bArr);
        } catch (Exception e2) {
            e = e2;
            throw new PKIException("8175", PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (Parser.isBase64Encode(bArr)) {
            bArr = Base64.decode(Parser.convertBase64(bArr));
        }
        load(new ByteArrayInputStream(bArr));
    }

    public boolean verify() {
        return verify((byte[]) null);
    }

    public boolean verify(byte[] bArr) {
        new ArrayList();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        ASN1Set certificates = this.signedData.getCertificates();
        X509Cert[] x509CertArr = new X509Cert[certificates.size()];
        try {
            CertificateFactory.getInstance("X.509", "BC");
            if (certificates != null) {
                Enumeration objects = certificates.getObjects();
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (!objects.hasMoreElements()) {
                        break;
                    }
                    aSN1OutputStream.writeObject(objects.nextElement());
                    i = i2 + 1;
                    x509CertArr[i2] = new X509Cert(byteArrayOutputStream.toByteArray());
                    byteArrayOutputStream.reset();
                }
            }
            aSN1OutputStream.flush();
            aSN1OutputStream.close();
            byteArrayOutputStream.flush();
            byteArrayOutputStream.close();
            return verifySignerInfo(bArr, x509CertArr);
        } catch (PKIException e) {
            return false;
        } catch (IOException e2) {
            return false;
        } catch (CertificateException e3) {
            return false;
        } catch (Exception e4) {
            return false;
        }
    }

    public boolean verify(byte[] bArr, X509Cert x509Cert, SignerInfo signerInfo) {
        try {
            CertificateFactory.getInstance("X.509", "BC");
            return verifySignerInfo(bArr, x509Cert, signerInfo, true);
        } catch (Exception e) {
            return false;
        }
    }

    public boolean verify(byte[] bArr, Map map, Map map2, boolean z) {
        X509Cert x509Cert;
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        boolean z2 = true;
        int i = 0;
        while (true) {
            if (i >= signerInfos.size()) {
                break;
            }
            SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(i));
            SignerIdentifier sid = signerInfo.getSID();
            if (sid.isTagged()) {
                x509Cert = (X509Cert) map2.get((String) map.get(new String(Base64.encode(SubjectKeyIdentifier.getInstance(sid.getId()).getKeyIdentifier()))));
            } else {
                IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(sid.getId());
                x509Cert = (X509Cert) map2.get(String.valueOf(issuerAndSerialNumber.getName().toString()) + issuerAndSerialNumber.getSerialNumber().getValue().toString());
            }
            if (x509Cert == null) {
                z2 = false;
                break;
            }
            try {
                if (!verifySignerInfo(bArr, x509Cert, signerInfo, z)) {
                    z2 = false;
                    break;
                }
                i++;
            } catch (PKIException e) {
                return false;
            }
        }
        return z2;
    }

    public boolean verify(byte[] bArr, X509Cert[] x509CertArr) {
        return verifySignerInfo(bArr, x509CertArr);
    }

    public boolean verify(X509Cert[] x509CertArr) {
        return verify(null, x509CertArr);
    }
}
