package com.wizvera.wcrypto;

import com.wizvera.cert.X509CertificateHolder;
import com.wizvera.cert.jcajce.JcaCertStore;
import com.wizvera.cms.CMSException;
import com.wizvera.cms.CMSProcessableByteArray;
import com.wizvera.cms.CMSSignedData;
import com.wizvera.cms.CMSSignedDataGenerator;
import com.wizvera.cms.CMSVerifierCertificateNotValidException;
import com.wizvera.cms.SignerId;
import com.wizvera.cms.SignerInformation;
import com.wizvera.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import com.wizvera.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import com.wizvera.operator.OperatorCreationException;
import com.wizvera.operator.jcajce.JcaContentSignerBuilder;
import com.wizvera.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import com.wizvera.provider.asn1.ASN1InputStream;
import com.wizvera.provider.asn1.ASN1Primitive;
import com.wizvera.provider.asn1.cms.Attribute;
import com.wizvera.provider.asn1.cms.CMSAttributes;
import com.wizvera.provider.asn1.cms.ContentInfo;
import com.wizvera.provider.asn1.x509.Time;
import com.wizvera.provider.util.Store;
import com.wizvera.wcrypto.WCmsSignedDataVerifyResult;
import com.wizvera.wcrypto.key.WEcdsaPrivateKey;
import com.wizvera.wcrypto.key.WPrivateKey;
import com.wizvera.wcrypto.key.WRsaPrivateKey;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;

/* loaded from: classes4.dex */
public class WCms {
    private static final JcaSimpleSignerInfoVerifierBuilder SignerInfoVerifierBuilder = new JcaSimpleSignerInfoVerifierBuilder().setProvider(WizConstants.WIZ_PROVIDER);

    private static void close(ASN1InputStream aSN1InputStream) {
        if (aSN1InputStream == null) {
            return;
        }
        try {
            aSN1InputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private static byte[] generateSignedData(byte[] bArr, PrivateKey privateKey, X509Certificate x509Certificate) throws WCryptoException {
        try {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(WizConstants.WIZ_PROVIDER).build()).build(new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).setProvider(WizConstants.WIZ_PROVIDER).build(privateKey), x509Certificate));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            return cMSSignedDataGenerator.generate(cMSProcessableByteArray, true).toASN1Structure().getEncoded("DER");
        } catch (Exception e) {
            throw new WCryptoException(e.getMessage(), e);
        }
    }

    private static X509CertificateHolder matchX509CertificateHolder(Store<X509CertificateHolder> store, SignerId signerId) {
        return store.getMatches(signerId).iterator().next();
    }

    public static byte[] sign(WCertificate wCertificate, WPrivateKey wPrivateKey, byte[] bArr) throws WCryptoException {
        PrivateKey privateKey = wPrivateKey instanceof WRsaPrivateKey ? ((WRsaPrivateKey) wPrivateKey).getPrivateKey() : null;
        if (wPrivateKey instanceof WEcdsaPrivateKey) {
            privateKey = ((WEcdsaPrivateKey) wPrivateKey).getPrivateKey();
        }
        return generateSignedData(bArr, privateKey, wCertificate.x509Certificate());
    }

    private static Date toDate(Attribute attribute) {
        try {
            return new Time((ASN1Primitive) attribute.getAttrValues().iterator().next()).getDate();
        } catch (Exception unused) {
            return null;
        }
    }

    public static WCmsSignedDataVerifyResult verify(byte[] bArr) throws WCryptoException, WSignatureException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        try {
            try {
                try {
                    CMSSignedData cMSSignedData = new CMSSignedData(ContentInfo.getInstance(aSN1InputStream.readObject()));
                    try {
                        Store certificates = cMSSignedData.getCertificates();
                        Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
                        ArrayList arrayList = new ArrayList();
                        for (SignerInformation signerInformation : signers) {
                            X509CertificateHolder matchX509CertificateHolder = matchX509CertificateHolder(certificates, signerInformation.getSID());
                            if (!signerInformation.verify(SignerInfoVerifierBuilder.build(matchX509CertificateHolder))) {
                                throw new WSignatureException("");
                            }
                            arrayList.add(new WCmsSignedDataVerifyResult.SingerInfo(new WCertificate(matchX509CertificateHolder.getEncoded()), toDate(signerInformation.getSignedAttributes().get(CMSAttributes.signingTime))));
                        }
                        return new WCmsSignedDataVerifyResult((byte[]) ((CMSProcessableByteArray) cMSSignedData.getSignedContent()).getContent(), (WCmsSignedDataVerifyResult.SingerInfo[]) arrayList.toArray(new WCmsSignedDataVerifyResult.SingerInfo[0]));
                    } catch (CMSVerifierCertificateNotValidException e) {
                        throw new WCryptoException(e);
                    } catch (CMSException e2) {
                        throw new WCryptoException(e2);
                    } catch (OperatorCreationException e3) {
                        throw new WCryptoException(e3);
                    } catch (IOException e4) {
                        throw new WCryptoException(e4);
                    } catch (CertificateException e5) {
                        throw new WCryptoException(e5);
                    }
                } catch (CMSException e6) {
                    throw new WCryptoException("invalid CMSSignedData", e6);
                }
            } catch (IOException e7) {
                throw new WCryptoException("invalid CMSSignedData", e7);
            }
        } finally {
            close(aSN1InputStream);
        }
    }
}
