package cfca.sadk.util;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7EnvelopedData;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM4Engine;
import cfca.sadk.algorithm.util.BigFileCipherUtil;
import cfca.sadk.asn1.parser.ASN1Node;
import cfca.sadk.asn1.parser.EnvelopFileParser;
import cfca.sadk.envelope.rsa.RSAEnvelopeUtil;
import cfca.sadk.envelope.rsa.RSASymmetricCryptoUtil;
import cfca.sadk.envelope.sm2.SM2EnvelopeUtil;
import cfca.sadk.envelope.sm2.SM2SymmetricCryptoUtil;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.lib.crypto.jni.JNISymAlg;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.org.bouncycastle.crypto.engines.DESedeEngine;
import cfca.sadk.org.bouncycastle.crypto.engines.RC4Engine;
import cfca.sadk.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cfca.sadk.org.bouncycastle.crypto.paddings.PKCS7Padding;
import cfca.sadk.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cfca.sadk.org.bouncycastle.crypto.params.KeyParameter;
import cfca.sadk.org.bouncycastle.crypto.params.ParametersWithIV;
import cfca.sadk.system.global.FileAndBufferConfig;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/sadk/util/EnvelopeUtil.class */
public class EnvelopeUtil {
    public static boolean isRecipient(X509Cert x509Cert, byte[] bArr) throws PKIException {
        try {
            ASN1Set recipientInfos = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(bArr)).toASN1Structure().getContent()).getRecipientInfos();
            X500Name issuerX500Name = x509Cert.getIssuerX500Name();
            BigInteger serialNumber = x509Cert.getSerialNumber();
            byte[] keyIdentifier = x509Cert.getSubjectKeyIdentifier().getKeyIdentifier();
            if (recipientInfos == null) {
                return false;
            }
            int size = recipientInfos.size();
            for (int i = 0; i < size; i++) {
                RecipientInfo recipientInfo = RecipientInfo.getInstance(recipientInfos.getObjectAt(i));
                if ((recipientInfo.getInfo() instanceof KeyTransRecipientInfo) && hasRecipent(KeyTransRecipientInfo.getInstance(recipientInfo.getInfo()), keyIdentifier, issuerX500Name, serialNumber)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws PKIException {
        if (bArr != null) {
            try {
                if (bArr.length > 0) {
                    return CertUtil.isSM2Cert(x509CertArr[0]) ? SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr) : RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr);
                }
            } catch (Exception e) {
                throw new PKIException(e.getMessage());
            }
        }
        throw new PKIException("the souce data is null or empty!");
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (bArr != null) {
            try {
                if (bArr.length > 0) {
                    return CertUtil.isSM2Cert(x509CertArr[0]) ? SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session) : RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session);
                }
            } catch (Exception e) {
                throw new PKIException(e.getMessage());
            }
        }
        throw new PKIException("the souce data is null or empty!");
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws PKIException {
        try {
            if (new File(str).length() <= 0) {
                throw new PKIException("the souce file is null or empty!");
            }
            if (CertUtil.isSM2Cert(x509CertArr[0])) {
                SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr);
            } else {
                RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr);
            }
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws PKIException {
        try {
            if (new File(str).length() <= 0) {
                throw new PKIException("the souce file is null or empty!");
            }
            if (CertUtil.isSM2Cert(x509CertArr[0])) {
                SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session);
            } else {
                RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session);
            }
        } catch (Exception e) {
            throw new PKIException(e.getMessage());
        }
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        try {
            EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
            envelopFileParser.parser();
            openEnvelopFile_ASN1Node(envelopFileParser.getReceiver_node(), envelopFileParser.getEncrypted_node(), privateKey, x509Cert, str2, session);
        } catch (Exception e) {
            throw new PKIException(CertKitException.API_PARSER_MSG_ENVELOP_ERR, CertKitException.API_PARSER_MSG_ENVELOP_ERR_DES, e);
        }
    }

    private static boolean hasRecipent(KeyTransRecipientInfo keyTransRecipientInfo, byte[] bArr, X500Name x500Name, BigInteger bigInteger) {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        return recipientIdentifier.getId().toASN1Primitive().asn1Equals(new DEROctetString(bArr)) || recipientIdentifier.getId().toASN1Primitive().asn1Equals(new IssuerAndSerialNumber(x500Name, bigInteger).toASN1Primitive());
    }

    private static void openEnvelopFile_ASN1Node(ASN1Node aSN1Node, ASN1Node aSN1Node2, PrivateKey privateKey, X509Cert x509Cert, String str, Session session) throws PKIException {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        BufferedOutputStream bufferedOutputStream = null;
        boolean isSM2Cert = CertUtil.isSM2Cert(x509Cert);
        try {
            try {
                X500Name issuerX500Name = x509Cert.getIssuerX500Name();
                BigInteger serialNumber = x509Cert.getSerialNumber();
                byte[] keyIdentifier = x509Cert.getSubjectKeyIdentifier().getKeyIdentifier();
                ASN1Set aSN1Set = ASN1Set.getInstance(aSN1Node.getData());
                int size = aSN1Set.size();
                ASN1OctetString aSN1OctetString = null;
                AlgorithmIdentifier algorithmIdentifier = null;
                int i = 0;
                while (true) {
                    if (i >= size) {
                        break;
                    }
                    RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
                    if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                        KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                        if (hasRecipent(keyTransRecipientInfo, keyIdentifier, issuerX500Name, serialNumber)) {
                            aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                            algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                            break;
                        }
                    }
                    i++;
                }
                if (aSN1OctetString == null || algorithmIdentifier == null) {
                    throw new Exception("can not find the receiver!!!");
                }
                AlgorithmIdentifier algorithmIdentifier2 = AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) aSN1Node2.childNodes.get(1)).getData()));
                String str2 = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier2.getAlgorithm());
                Mechanism mechanism = null;
                boolean z = false;
                if (session != null && (session instanceof JNISoftLib)) {
                    z = true;
                }
                if (str2.indexOf("CBC") != -1) {
                    DEROctetString dEROctetString = (DEROctetString) algorithmIdentifier2.getParameters();
                    CBCParam cBCParam = new CBCParam();
                    cBCParam.setIv(dEROctetString.getOctets());
                    if (str2.equals(Mechanism.DES3_CBC)) {
                        mechanism = new Mechanism(Mechanism.DES3_CBC, cBCParam);
                    } else if (str2.equals(Mechanism.SM4_CBC)) {
                        mechanism = new Mechanism(Mechanism.SM4_CBC, cBCParam);
                    }
                } else if (str2.indexOf("ECB") != -1) {
                    if (str2.equals(Mechanism.DES3_ECB)) {
                        mechanism = new Mechanism(Mechanism.DES3_ECB);
                    } else if (str2.equals(Mechanism.SM4_ECB)) {
                        mechanism = new Mechanism(Mechanism.SM4_ECB);
                    }
                } else if (str2.indexOf("RC4") != -1) {
                    mechanism = new Mechanism("RC4");
                }
                if (mechanism == null) {
                    throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, new StringBuffer().append(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES).append("Algorithm is:").append(str2).toString());
                }
                byte[] decrypt = session.decrypt(isSM2Cert ? new Mechanism(Mechanism.SM2) : new Mechanism(Mechanism.RSA_PKCS), privateKey, aSN1OctetString.getOctets());
                File file = new File(str);
                if (!file.exists()) {
                    file.createNewFile();
                }
                BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(file), FileAndBufferConfig.BIG_FILE_BUFFER);
                ASN1Node aSN1Node3 = (ASN1Node) aSN1Node2.childNodes.get(2);
                if (isSM2Cert) {
                    if (aSN1Node3.childNodes.size() == 1) {
                        aSN1Node3 = (ASN1Node) aSN1Node3.childNodes.get(0);
                    }
                    if (z && str2.equals(Mechanism.SM4_CBC)) {
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_ChinaSM4_CBC, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                    } else {
                        BigFileCipherUtil.bigFileBlockDecrypt(decrypt, new SM4Engine(), (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                    }
                } else if (aSN1Node3.childNodes.size() < 2) {
                    if (aSN1Node3.childNodes.size() == 1) {
                        aSN1Node3 = (ASN1Node) aSN1Node3.childNodes.get(0);
                    }
                    if (mechanism.getMechanismType().equals("RC4")) {
                        if (z) {
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_rc4, decrypt, null, aSN1Node3, bufferedOutputStream2);
                        } else {
                            BigFileCipherUtil.bigFileRC4Decrypt(new RC4Engine(), decrypt, aSN1Node3, bufferedOutputStream2);
                        }
                    } else if (!z) {
                        BigFileCipherUtil.bigFileBlockDecrypt(decrypt, new DESedeEngine(), (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                    } else if (str2.equals(Mechanism.DES3_CBC)) {
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_cbc, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                    } else {
                        if (!str2.equals(Mechanism.DES3_ECB)) {
                            throw new PKIException(new StringBuffer().append("do not support this algorithm:").append(str2).toString());
                        }
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_ecb, decrypt, null, aSN1Node3, bufferedOutputStream2);
                    }
                } else if (mechanism.getMechanismType().equals("RC4")) {
                    RandomAccessFile randomAccessFile = new RandomAccessFile(aSN1Node3.f, "r");
                    if (z) {
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_rc4, decrypt, null, aSN1Node3, bufferedOutputStream2, randomAccessFile);
                    } else {
                        RC4Engine rC4Engine = new RC4Engine();
                        rC4Engine.init(false, new KeyParameter(decrypt));
                        BigFileCipherUtil.bigFileRC4Decrypt(rC4Engine, aSN1Node3, bufferedOutputStream2, randomAccessFile);
                    }
                } else {
                    RandomAccessFile randomAccessFile2 = new RandomAccessFile(aSN1Node3.f, "r");
                    if (!z) {
                        DESedeEngine dESedeEngine = new DESedeEngine();
                        CBCParam cBCParam2 = (CBCParam) mechanism.getParam();
                        if (cBCParam2 == null) {
                            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(dESedeEngine, new PKCS7Padding());
                            paddedBufferedBlockCipher.init(false, new KeyParameter(decrypt));
                        } else {
                            paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(dESedeEngine), new PKCS7Padding());
                            paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(decrypt), cBCParam2.getIv()));
                        }
                        BigFileCipherUtil.bigFileBlockDecrypt(paddedBufferedBlockCipher, aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                    } else if (str2.equals(Mechanism.DES3_CBC)) {
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_cbc, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                    } else {
                        if (!str2.equals(Mechanism.DES3_ECB)) {
                            throw new PKIException(new StringBuffer().append("do not support this algorithm:").append(str2).toString());
                        }
                        BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_ecb, decrypt, null, aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                    }
                }
                if (bufferedOutputStream2 != null) {
                    try {
                        bufferedOutputStream2.close();
                    } catch (IOException e) {
                        throw new PKIException(e.getMessage());
                    }
                }
            } catch (Exception e2) {
                throw new PKIException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedOutputStream.close();
                } catch (IOException e3) {
                    throw new PKIException(e3.getMessage());
                }
            }
            throw th;
        }
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        try {
            boolean isSM2Cert = CertUtil.isSM2Cert(x509Cert);
            EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(bArr)).toASN1Structure().getContent());
            ASN1Set recipientInfos = envelopedData.getRecipientInfos();
            X500Name issuerX500Name = x509Cert.getIssuerX500Name();
            BigInteger serialNumber = x509Cert.getSerialNumber();
            byte[] keyIdentifier = x509Cert.getSubjectKeyIdentifier().getKeyIdentifier();
            if (recipientInfos == null) {
                throw new PKIException("the receiver is null!!!");
            }
            ASN1OctetString aSN1OctetString = null;
            AlgorithmIdentifier algorithmIdentifier = null;
            int size = recipientInfos.size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                RecipientInfo recipientInfo = RecipientInfo.getInstance(recipientInfos.getObjectAt(i));
                if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                    KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                    if (hasRecipent(keyTransRecipientInfo, keyIdentifier, issuerX500Name, serialNumber)) {
                        aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                        algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                        break;
                    }
                }
                i++;
            }
            if (aSN1OctetString == null || algorithmIdentifier == null) {
                throw new PKIException("can not find the receiver!!!");
            }
            byte[] decrypt = session.decrypt(isSM2Cert ? new Mechanism(Mechanism.SM2) : new Mechanism(Mechanism.RSA_PKCS), privateKey, aSN1OctetString.getOctets());
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            String str = (String) PKCS7EnvelopedData.OID_MECH.get(contentEncryptionAlgorithm.getAlgorithm());
            Mechanism mechanism = null;
            if (str.indexOf("CBC") != -1) {
                DEROctetString dEROctetString = (DEROctetString) contentEncryptionAlgorithm.getParameters();
                CBCParam cBCParam = new CBCParam();
                cBCParam.setIv(dEROctetString.getOctets());
                if (str.equals(Mechanism.DES3_CBC)) {
                    mechanism = new Mechanism(Mechanism.DES3_CBC, cBCParam);
                } else if (str.equals(Mechanism.SM4_CBC)) {
                    mechanism = new Mechanism(Mechanism.SM4_CBC, cBCParam);
                }
            } else if (str.indexOf("ECB") != -1) {
                if (str.equals(Mechanism.DES3_ECB)) {
                    mechanism = new Mechanism(Mechanism.DES3_ECB);
                } else if (str.equals(Mechanism.SM4_ECB)) {
                    mechanism = new Mechanism(Mechanism.SM4_ECB);
                }
            } else if (str.indexOf("RC4") != -1) {
                mechanism = new Mechanism("RC4");
            }
            if (mechanism == null) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, new StringBuffer().append(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES).append("Algorithm is:").append(str).toString());
            }
            boolean z = false;
            if (session != null && (session instanceof JNISoftLib)) {
                z = true;
            }
            return isSM2Cert ? SM2SymmetricCryptoUtil.cryptoUtil(z, false, decrypt, encryptedContent.getOctets(), mechanism) : RSASymmetricCryptoUtil.cryptoUtil(z, false, decrypt, encryptedContent.getOctets(), mechanism);
        } catch (Exception e) {
            throw new PKIException(CertKitException.API_PARSER_MSG_ENVELOP_ERR, CertKitException.API_PARSER_MSG_ENVELOP_ERR_DES, e);
        }
    }
}
