package cn.com.infosec.netsign.crypto.util;

import cn.com.infosec.asn1.ASN1InputStream;
import cn.com.infosec.asn1.ASN1Sequence;
import cn.com.infosec.asn1.DERConstructedSequence;
import cn.com.infosec.asn1.DEREncodable;
import cn.com.infosec.asn1.DERInputStream;
import cn.com.infosec.asn1.DERInteger;
import cn.com.infosec.asn1.DERObjectIdentifier;
import cn.com.infosec.asn1.DEROctetString;
import cn.com.infosec.asn1.DEROutputStream;
import cn.com.infosec.asn1.DERSet;
import cn.com.infosec.asn1.DERTaggedObject;
import cn.com.infosec.asn1.pkcs.ContentInfo;
import cn.com.infosec.asn1.pkcs.IssuerAndSerialNumber;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.x509.AlgorithmIdentifier;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.jce.exception.CertificateNotMatchException;
import cn.com.infosec.jce.exception.DecryptDataException;
import cn.com.infosec.jce.exception.DecryptKeyException;
import cn.com.infosec.jce.exception.EncryptDataException;
import cn.com.infosec.jce.exception.EncryptKeyException;
import cn.com.infosec.jce.exception.WriteEnvDataException;
import cn.com.infosec.jce.provider.InfosecProvider;
import cn.com.infosec.netsign.asn1.util.DerUtil;
import cn.com.infosec.netsign.crypto.algorithm.SymmetricalAlgorithm;
import cn.com.infosec.netsign.frame.config.ExtendedConfig;
import cn.com.infosec.pkcs.EncryptedContentInfo;
import cn.com.infosec.pkcs.EnvelopedData;
import cn.com.infosec.pkcs.FastPkcs7;
import cn.com.infosec.pkcs.Item;
import cn.com.infosec.pkcs.RecipientInfo;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cn/com/infosec/netsign/crypto/util/PKCS7EnvelopedData.class */
public class PKCS7EnvelopedData implements PKCSObjectIdentifiers {
    public static SecretKey key;
    public static final int TRIPLE_DES_CBC = 1;
    public static final int DES_CBC = 2;
    public static final int RC2_CBC = 3;
    public static final int RC4 = 4;
    private static final String OID_ENVELOPEDDATATYPE = "1.2.840.113549.1.7.3";
    private static final String OID_ENCRYPTCONTENT = "1.2.840.113549.1.7.1";
    private static final String OID_RSA_ECB_PKCS1PADDING = "1.2.840.113549.1.1.1";
    private String encAlg;

    public String getEncAlg() {
        return this.encAlg;
    }

    public byte[] decrypt(byte[] bArr, Certificate certificate, PrivateKey privateKey) throws SecurityException, CertificateNotMatchException, DecryptKeyException, DecryptDataException, NoSuchAlgorithmException {
        return decrypt(bArr, certificate, privateKey, "INFOSEC");
    }

    public byte[] decrypt1(byte[] bArr, Certificate certificate, PrivateKey privateKey, String str) throws SecurityException, CertificateNotMatchException, DecryptKeyException, DecryptDataException {
        try {
            DERConstructedSequence readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            if (!(readObject instanceof DERConstructedSequence)) {
                throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(envelopedData)) {
                throw new SecurityException(new StringBuffer("Not a valid PKCS#7 envloped-data object - wrong header ").append(contentInfo.getContentType().getId()).toString());
            }
            DERConstructedSequence dERConstructedSequence = DERConstructedSequence.getInstance(readObject.getObjectAt(1), true);
            DERConstructedSequence dERConstructedSequence2 = DERConstructedSequence.getInstance(DERSet.getInstance(dERConstructedSequence.getObjectAt(1)).getObjectAt(0));
            IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(dERConstructedSequence2.getObjectAt(1));
            String x509Name = issuerAndSerialNumber.getName().toString();
            String bigInteger = issuerAndSerialNumber.getCertificateSerialNumber().getValue().toString(10);
            String principal = ((X509Certificate) certificate).getIssuerDN().toString();
            String bigInteger2 = ((X509Certificate) certificate).getSerialNumber().toString(10);
            if (!CryptoUtil.compereDN(x509Name, principal) || !bigInteger2.equals(bigInteger)) {
                throw new CertificateNotMatchException("Certification is not match");
            }
            DEROctetString objectAt = dERConstructedSequence2.getObjectAt(3);
            DERConstructedSequence dERConstructedSequence3 = DERConstructedSequence.getInstance(dERConstructedSequence.getObjectAt(2));
            AlgorithmIdentifier algorithmIdentifier = AlgorithmIdentifier.getInstance(dERConstructedSequence3.getObjectAt(1));
            SymmetricalAlgorithm symmetricalAlgByOId = AlgorithmUtil.getSymmetricalAlgByOId(algorithmIdentifier.getObjectId().getId());
            DEROctetString dEROctetString = null;
            DEROctetString parameters = algorithmIdentifier.getParameters();
            if (parameters instanceof DEROctetString) {
                dEROctetString = parameters;
            }
            if (parameters instanceof DERConstructedSequence) {
                DERConstructedSequence parameters2 = algorithmIdentifier.getParameters();
                if (parameters2.getSize() == 0) {
                    throw new SecurityException("The ALGParam Sequence size is 0");
                }
                dEROctetString = (DEROctetString) parameters2.getObjectAt(parameters2.getSize() - 1);
            }
            IvParameterSpec ivParameterSpec = null;
            if (dEROctetString != null) {
                ivParameterSpec = new IvParameterSpec(dEROctetString.getOctets());
            }
            DEROctetString dEROctetString2 = DEROctetString.getInstance(dERConstructedSequence3.getObjectAt(2), true);
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str);
                cipher.init(2, privateKey);
                byte[] doFinal = cipher.doFinal(objectAt.getOctets());
                CryptoUtil.debug(doFinal);
                CryptoUtil.debug(dEROctetString2.getOctets());
                try {
                    Cipher cipher2 = Cipher.getInstance(symmetricalAlgByOId.getAlgorithmString(), str);
                    cipher2.init(2, new SecretKeySpec(doFinal, symmetricalAlgByOId.getAlgorithmString()), ivParameterSpec);
                    return cipher2.doFinal(dEROctetString2.getOctets());
                } catch (Exception e) {
                    throw new DecryptDataException(e.getMessage());
                }
            } catch (Exception e2) {
                throw new DecryptKeyException(e2.getMessage());
            }
        } catch (IOException e3) {
            throw new SecurityException("can't decode PKCS7EnvlopedData object");
        }
    }

    public byte[] decrypt(byte[] bArr, Certificate certificate, PrivateKey privateKey, String str) throws SecurityException, CertificateNotMatchException, DecryptKeyException, DecryptDataException, NoSuchAlgorithmException {
        FastPkcs7 fastPkcs7 = new FastPkcs7();
        if (!fastPkcs7.pkcs7SignedData(bArr, str)) {
            throw new SecurityException("can't decode PKCS7EnvlopedData object");
        }
        EnvelopedData envelopedData = fastPkcs7.getEnvelopedData();
        if (envelopedData == null) {
            throw new SecurityException(new StringBuffer("Not a valid PKCS#7 envloped-data object - wrong header").append(fastPkcs7.getContentType()).toString());
        }
        RecipientInfo recipientInfo = (RecipientInfo) envelopedData.getVRecipientInfo().get(0);
        cn.com.infosec.pkcs.IssuerAndSerialNumber issuerAndSerialNumber = new cn.com.infosec.pkcs.IssuerAndSerialNumber(bArr, recipientInfo.getIssuerAndSerialNumber());
        Item issuer = issuerAndSerialNumber.getIssuer();
        byte[] bArr2 = new byte[issuer.length];
        System.arraycopy(bArr, issuer.offset, bArr2, 0, bArr2.length);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr2);
        CryptoUtil.debug(bArr2);
        try {
            String x509Name = new X509Name(ASN1Sequence.getInstance(aSN1InputStream.readObject())).toString();
            CryptoUtil.debug(x509Name);
            aSN1InputStream.close();
            String bigInteger = issuerAndSerialNumber.getSerialNumber().getSerialNumber().toString(10);
            CryptoUtil.debug(bigInteger);
            String principal = ((X509Certificate) certificate).getIssuerDN().toString();
            CryptoUtil.debug(principal);
            String bigInteger2 = ((X509Certificate) certificate).getSerialNumber().toString(10);
            CryptoUtil.debug(bigInteger2);
            if (!CryptoUtil.compereDN(x509Name, principal) || !bigInteger2.equals(bigInteger)) {
                throw new CertificateNotMatchException("Certification is not match");
            }
            byte[] encKey = recipientInfo.getEncKey();
            EncryptedContentInfo encryptedContentInfoObject = envelopedData.getEncryptedContentInfoObject();
            Item contentEncryptionAlgorithm = encryptedContentInfoObject.getContentEncryptionAlgorithm();
            byte[] bArr3 = new byte[contentEncryptionAlgorithm.length];
            System.arraycopy(bArr, contentEncryptionAlgorithm.offset, bArr3, 0, bArr3.length);
            try {
                String id = AlgorithmIdentifier.getInstance(new ASN1InputStream(bArr3).readObject()).getObjectId().getId();
                SymmetricalAlgorithm symmetricalAlgByOId = AlgorithmUtil.getSymmetricalAlgByOId(id);
                this.encAlg = symmetricalAlgByOId == null ? id : symmetricalAlgByOId.getName();
                CryptoUtil.debug(this.encAlg);
                Item ivParameter = encryptedContentInfoObject.getIvParameter();
                byte[] bArr4 = new byte[ivParameter.length];
                System.arraycopy(bArr, ivParameter.offset, bArr4, 0, bArr4.length);
                IvParameterSpec ivParameterSpec = null;
                if (bArr4.length != 0 && (bArr4[0] != 5 || bArr4[1] != 0)) {
                    if (bArr4[0] == 48) {
                        ivParameterSpec = new IvParameterSpec(DerUtil.getDERInnerData(DerUtil.getDERInnerData(bArr4), 2));
                    } else {
                        byte[] bArr5 = new byte[255 & bArr4[1]];
                        System.arraycopy(bArr4, 2, bArr5, 0, bArr5.length);
                        ivParameterSpec = new IvParameterSpec(bArr5);
                    }
                }
                Item encryptedContent = encryptedContentInfoObject.getEncryptedContent();
                byte[] bArr6 = new byte[encryptedContent.length];
                System.arraycopy(bArr, encryptedContent.offset, bArr6, 0, bArr6.length);
                String str2 = str;
                if ("jce:SwxaJCE".equals(ExtendedConfig.getPrivateKeyAlg()) && ExtendedConfig.isUsehardkeystore()) {
                    str2 = "SwxaJCE";
                }
                try {
                    Cipher cipher = Cipher.getInstance(new StringBuffer(String.valueOf(privateKey.getAlgorithm())).append("/ECB/PKCS1Padding").toString(), str2);
                    cipher.init(2, privateKey);
                    byte[] doFinal = cipher.doFinal(encKey);
                    CryptoUtil.debug(doFinal);
                    CryptoUtil.debug(bArr6);
                    try {
                        Cipher cipher2 = Cipher.getInstance(symmetricalAlgByOId.getAlgorithmString(), str);
                        SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, symmetricalAlgByOId.getAlgorithmString());
                        if (ivParameterSpec != null) {
                            cipher2.init(2, secretKeySpec, ivParameterSpec);
                        } else {
                            cipher2.init(2, secretKeySpec);
                        }
                        return cipher2.doFinal(bArr6);
                    } catch (Exception e) {
                        e.printStackTrace(System.out);
                        throw new DecryptDataException(e.getMessage());
                    }
                } catch (Exception e2) {
                    throw new DecryptKeyException(e2.getMessage());
                }
            } catch (Exception e3) {
                throw new SecurityException(new StringBuffer("Not a valid PKCS#7 envloped-data object - parse symmetrical algorithm failed:").append(e3.toString()).toString());
            }
        } catch (Exception e4) {
            throw new SecurityException(new StringBuffer("Not a valid PKCS#7 envloped-data object - parse issuer subject failed:").append(e4.toString()).toString());
        }
    }

    public byte[] encrypt(byte[] bArr, Certificate certificate, String str, String str2, PublicKey publicKey) throws EncryptDataException, EncryptKeyException, WriteEnvDataException, NoSuchProviderException, NoSuchAlgorithmException {
        DERInteger dERInteger = new DERInteger(0);
        DERInteger dERInteger2 = new DERInteger(0);
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(((X509Certificate) certificate).getIssuerDN(), new DERInteger(((X509Certificate) certificate).getSerialNumber()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(OID_RSA_ECB_PKCS1PADDING), (DEREncodable) null);
        SymmetricalAlgorithm symmetricalAlgByName = AlgorithmUtil.getSymmetricalAlgByName(str);
        if (symmetricalAlgByName == null) {
            throw new NoSuchAlgorithmException(new StringBuffer(String.valueOf(str)).append(" can not be supported").toString());
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(symmetricalAlgByName.getMechanismString(), str2);
        if (str2.equals("DatechCrypto")) {
            keyGenerator.init(SecureRandom.getInstance("DevRandom", str2));
        }
        SecretKey generateKey = keyGenerator.generateKey();
        byte[] encoded = generateKey.getEncoded();
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str2);
            cipher.init(1, publicKey);
            DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(encoded));
            DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
            dERConstructedSequence.addObject(dERInteger2);
            dERConstructedSequence.addObject(issuerAndSerialNumber);
            dERConstructedSequence.addObject(algorithmIdentifier);
            dERConstructedSequence.addObject(dEROctetString);
            DERSet dERSet = new DERSet(dERConstructedSequence);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(OID_ENCRYPTCONTENT);
            List algorithmIdentifier2 = PKCS7EnvelopedDataUtil.getAlgorithmIdentifier(symmetricalAlgByName);
            AlgorithmIdentifier algorithmIdentifier3 = (AlgorithmIdentifier) algorithmIdentifier2.get(0);
            IvParameterSpec ivParameterSpec = null;
            DEROctetString dEROctetString2 = (DEROctetString) algorithmIdentifier2.get(1);
            if (dEROctetString2 != null) {
                ivParameterSpec = new IvParameterSpec(dEROctetString2.getOctets());
            }
            try {
                Cipher cipher2 = Cipher.getInstance(symmetricalAlgByName.getAlgorithmString(), str2);
                cipher2.init(1, generateKey, ivParameterSpec);
                DERTaggedObject dERTaggedObject = new DERTaggedObject(true, 0, new DEROctetString(cipher2.doFinal(bArr)));
                DERConstructedSequence dERConstructedSequence2 = new DERConstructedSequence();
                dERConstructedSequence2.addObject(dERObjectIdentifier);
                dERConstructedSequence2.addObject(algorithmIdentifier3);
                dERConstructedSequence2.addObject(dERTaggedObject);
                DERConstructedSequence dERConstructedSequence3 = new DERConstructedSequence();
                dERConstructedSequence3.addObject(dERInteger);
                dERConstructedSequence3.addObject(dERSet);
                dERConstructedSequence3.addObject(dERConstructedSequence2);
                DERConstructedSequence dERConstructedSequence4 = new DERConstructedSequence();
                dERConstructedSequence4.addObject(new DERObjectIdentifier(OID_ENVELOPEDDATATYPE));
                dERConstructedSequence4.addObject(new DERTaggedObject(true, 0, dERConstructedSequence3));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    new DEROutputStream(byteArrayOutputStream).writeObject(dERConstructedSequence4);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e) {
                    }
                    return byteArray;
                } catch (IOException e2) {
                    throw new WriteEnvDataException(e2.getMessage());
                }
            } catch (Exception e3) {
                e3.printStackTrace(System.out);
                throw new EncryptDataException(e3.toString());
            }
        } catch (Exception e4) {
            throw new EncryptKeyException(e4.getMessage());
        }
    }

    public byte[] encrypt(byte[] bArr, Certificate certificate, String str, String str2) throws EncryptDataException, EncryptKeyException, WriteEnvDataException, NoSuchProviderException, NoSuchAlgorithmException {
        DERInteger dERInteger = new DERInteger(0);
        DERInteger dERInteger2 = new DERInteger(0);
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(((X509Certificate) certificate).getIssuerDN(), new DERInteger(((X509Certificate) certificate).getSerialNumber()));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(OID_RSA_ECB_PKCS1PADDING), (DEREncodable) null);
        SymmetricalAlgorithm symmetricalAlgByName = AlgorithmUtil.getSymmetricalAlgByName(str);
        if (symmetricalAlgByName == null) {
            throw new NoSuchAlgorithmException(new StringBuffer(String.valueOf(str)).append(" can not be supported").toString());
        }
        SecretKey generateKey = KeyGenerator.getInstance(symmetricalAlgByName.getMechanismString(), str2).generateKey();
        byte[] encoded = generateKey.getEncoded();
        PublicKey publicKey = certificate.getPublicKey();
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", str2);
            cipher.init(1, publicKey);
            DEROctetString dEROctetString = new DEROctetString(cipher.doFinal(encoded));
            DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
            dERConstructedSequence.addObject(dERInteger2);
            dERConstructedSequence.addObject(issuerAndSerialNumber);
            dERConstructedSequence.addObject(algorithmIdentifier);
            dERConstructedSequence.addObject(dEROctetString);
            DERSet dERSet = new DERSet(dERConstructedSequence);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(OID_ENCRYPTCONTENT);
            List algorithmIdentifier2 = PKCS7EnvelopedDataUtil.getAlgorithmIdentifier(symmetricalAlgByName);
            AlgorithmIdentifier algorithmIdentifier3 = (AlgorithmIdentifier) algorithmIdentifier2.get(0);
            IvParameterSpec ivParameterSpec = null;
            DEROctetString dEROctetString2 = (DEROctetString) algorithmIdentifier2.get(1);
            if (dEROctetString2 != null) {
                ivParameterSpec = new IvParameterSpec(dEROctetString2.getOctets());
            }
            try {
                Cipher cipher2 = Cipher.getInstance(symmetricalAlgByName.getAlgorithmString(), str2);
                cipher2.init(1, generateKey, ivParameterSpec);
                byte[] doFinal = cipher2.doFinal(bArr);
                CryptoUtil.debug(doFinal);
                DERTaggedObject dERTaggedObject = new DERTaggedObject(true, 0, new DEROctetString(doFinal));
                DERConstructedSequence dERConstructedSequence2 = new DERConstructedSequence();
                dERConstructedSequence2.addObject(dERObjectIdentifier);
                dERConstructedSequence2.addObject(algorithmIdentifier3);
                dERConstructedSequence2.addObject(dERTaggedObject);
                DERConstructedSequence dERConstructedSequence3 = new DERConstructedSequence();
                dERConstructedSequence3.addObject(dERInteger);
                dERConstructedSequence3.addObject(dERSet);
                dERConstructedSequence3.addObject(dERConstructedSequence2);
                DERConstructedSequence dERConstructedSequence4 = new DERConstructedSequence();
                dERConstructedSequence4.addObject(new DERObjectIdentifier(OID_ENVELOPEDDATATYPE));
                dERConstructedSequence4.addObject(new DERTaggedObject(true, 0, dERConstructedSequence3));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    new DEROutputStream(byteArrayOutputStream).writeObject(dERConstructedSequence4);
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e) {
                    }
                    return byteArray;
                } catch (IOException e2) {
                    throw new WriteEnvDataException(e2.getMessage());
                }
            } catch (Exception e3) {
                throw new EncryptDataException(e3.getMessage());
            }
        } catch (Exception e4) {
            throw new EncryptKeyException(e4.getMessage());
        }
    }

    public byte[] encrypt(byte[] bArr, Certificate certificate, String str) throws EncryptDataException, EncryptKeyException, WriteEnvDataException, NoSuchProviderException, NoSuchAlgorithmException {
        return encrypt(bArr, certificate, str, "INFOSEC");
    }

    public static void main(String[] strArr) {
        Security.addProvider(new InfosecProvider());
        try {
            FileInputStream fileInputStream = new FileInputStream("c:\\testharddes");
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            FileOutputStream fileOutputStream = new FileOutputStream("c:\\testharddes1");
            fileOutputStream.write(Base64.decode(bArr));
            fileOutputStream.close();
        } catch (Exception e) {
        }
    }
}
