package ksign.jce.provider.pkcs;

import com.ksign.KCaseLogging;
import com.ksign.asn1.ASN1Encodable;
import com.ksign.asn1.ASN1EncodableVector;
import com.ksign.asn1.ASN1InputStream;
import com.ksign.asn1.ASN1ObjectIdentifier;
import com.ksign.asn1.ASN1OctetString;
import com.ksign.asn1.ASN1Sequence;
import com.ksign.asn1.ASN1Set;
import com.ksign.asn1.ASN1UTCTime;
import com.ksign.asn1.BERSet;
import com.ksign.asn1.DEREncodable;
import com.ksign.asn1.DERObject;
import com.ksign.asn1.DEROctetString;
import com.ksign.asn1.DERSequence;
import com.ksign.asn1.DERUTCTime;
import com.ksign.asn1.DERUTF8String;
import com.ksign.asn1.cms.CMSObjectIdentifiers;
import com.ksign.asn1.cms.ContentInfo;
import com.ksign.asn1.cms.EncryptedContentInfo;
import com.ksign.asn1.cms.EncryptedData;
import com.ksign.asn1.cms.EnvelopedData;
import com.ksign.asn1.cms.IssuerAndSerialNumber;
import com.ksign.asn1.cms.KeyTransRecipientInfo;
import com.ksign.asn1.cms.RecipientIdentifier;
import com.ksign.asn1.cms.RecipientInfo;
import com.ksign.asn1.cms.SignedAndEnveloped;
import com.ksign.asn1.cms.SignedData;
import com.ksign.asn1.cms.SignerIdentifier;
import com.ksign.asn1.cms.SignerInfo;
import com.ksign.asn1.kisa.KISAObjectIdentifiers;
import com.ksign.asn1.nist.NISTObjectIdentifiers;
import com.ksign.asn1.oiw.OIWObjectIdentifiers;
import com.ksign.asn1.pkcs.PBEParameter;
import com.ksign.asn1.pkcs.PKCSObjectIdentifiers;
import com.ksign.asn1.util.ASN1Dump;
import com.ksign.asn1.x500.RDN;
import com.ksign.asn1.x509.AlgorithmIdentifier;
import com.ksign.asn1.x509.Time;
import com.ksign.asn1.x509.X509CertificateStructure;
import com.ksign.util.x500.DN;
import com.ksign.wizsign.app.authProtocol.SecureChannel;
import com.ksign.wizsign.others.smartchannel.crypt.Crypto;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import javak.crypto.Cipher;
import javak.crypto.CipherInputStream;
import javak.crypto.SecretKey;
import javak.crypto.SecretKeyFactory;
import javak.crypto.spec.IvParameterSpec;
import javak.crypto.spec.PBEKeySpec;
import javak.crypto.spec.PBEParameterSpec;
import javak.crypto.spec.SecretKeySpec;
import ksign.jce.provider.x509.X509CertificateObject;
import ksign.jce.util.JCEUtil;

/* loaded from: classes2.dex */
public class CMSMessageObject {
    public static final String Data = "Data";
    public static final String EncryptedData = "EncryptedData";
    public static final String EnvelopedData = "EnvelopedData";
    public static final String SignedAndEnvelopedData = "SignedAndEnvelopedData";
    public static final String SignedData = "SignedData";
    protected String algo;
    protected ArrayList certRecipient;
    protected String fileName;
    protected IvParameterSpec iv;
    protected PBEParameterSpec pbeParamSpec;
    protected SecretKey secretKey;
    protected ArrayList signCertificate;
    protected Time time;
    protected final ASN1ObjectIdentifier DEFAULT_ALGORITHM_OID = PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC;
    protected final ASN1ObjectIdentifier DESEDE = PKCSObjectIdentifiers.des_EDE3_CBC;
    protected final ASN1ObjectIdentifier ARIA = KISAObjectIdentifiers.ariaCBC;
    protected final ASN1ObjectIdentifier SEED1 = KISAObjectIdentifiers.seedCBCWithSHA1;
    protected final ASN1ObjectIdentifier DATA = CMSObjectIdentifiers.data;
    protected final ASN1ObjectIdentifier ENCRYPTED_DATA = CMSObjectIdentifiers.encryptedData;
    protected final ASN1ObjectIdentifier ENVELOPED_DATA = CMSObjectIdentifiers.envelopedData;
    protected final ASN1ObjectIdentifier SIGNED_DATA = CMSObjectIdentifiers.signedData;
    protected final ASN1ObjectIdentifier SIGNEDANDENVELOPED_DATA = CMSObjectIdentifiers.signedAndEnvelopedData;
    protected boolean isFile = false;
    private ContentInfo contentInfo = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public CMSMessageObject() {
        init();
    }

    private void checkData(Object obj, String str) throws PKCS7Exception {
        if (obj != null) {
            return;
        }
        JCEUtil.setErrorcode("20007");
        throw new PKCS7Exception("(KSign) CMSMessage " + str + " value is null");
    }

    private byte[] envlopeData(byte[] bArr, String str) throws PKCS7Exception {
        try {
            checkData(bArr, "envlopeData");
            checkData(this.certRecipient, "Certificate");
            checkData(str, "cipherAlgorithm");
            setBlockcipherKeySet(str);
            ASN1Set recipientInfos = getRecipientInfos();
            byte[] blockCipher = toBlockCipher(bArr, getSymBlockCipher(1));
            ContentInfo contentInfo = new ContentInfo(this.ENVELOPED_DATA, new EnvelopedData(null, recipientInfos, new EncryptedContentInfo(this.DATA, getBlockCipherAlgorithmIdentifier(this.algo), this.isFile ? null : new DEROctetString(blockCipher)), null));
            if (!this.isFile) {
                return contentInfo.getDEREncoded();
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(contentInfo.getDEREncoded());
            byteArrayOutputStream.write(new DERUTF8String(this.fileName).getDEREncoded());
            byteArrayOutputStream.write(new DERUTCTime(new Date()).getDEREncoded());
            byteArrayOutputStream.write(new DEROctetString(blockCipher).getDEREncoded());
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) PKCS7 : envelopedData's generate Error    " + e.toString());
        }
    }

    private boolean equals(String str, String str2, String str3, String str4) {
        return str.equalsIgnoreCase(str2) && str3.equalsIgnoreCase(str4);
    }

    private AlgorithmIdentifier getBlockCipherAlgorithmIdentifier(String str) throws OIDNotFoundException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (str.equals(Crypto.ALGORITHM_DES)) {
            aSN1ObjectIdentifier = OIWObjectIdentifiers.desCBC;
        } else if (str.equals("SEED")) {
            aSN1ObjectIdentifier = KISAObjectIdentifiers.seedCBC;
        } else if (str.equals("DESEDE")) {
            aSN1ObjectIdentifier = PKCSObjectIdentifiers.des_EDE3_CBC;
        } else {
            if (!str.equals("ARIA")) {
                JCEUtil.setErrorcode("60004");
                throw new OIDNotFoundException("(KSign) envelopedData's cipherAlgorithm is not defined, " + str);
            }
            aSN1ObjectIdentifier = KISAObjectIdentifiers.ariaCBC;
        }
        return new AlgorithmIdentifier(aSN1ObjectIdentifier, new DEROctetString(this.iv.getIV()));
    }

    private AlgorithmIdentifier getContentEncryptionAlgorithm() throws OIDNotFoundException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (this.algo.equals(Crypto.ALGORITHM_DES)) {
            aSN1ObjectIdentifier = OIWObjectIdentifiers.desCBC;
        } else if (this.algo.equals("SEED")) {
            aSN1ObjectIdentifier = KISAObjectIdentifiers.seedCBC;
        } else if (this.algo.equals("DESEDE")) {
            aSN1ObjectIdentifier = PKCSObjectIdentifiers.des_EDE3_CBC;
        } else {
            if (!this.algo.equals("ARIA")) {
                JCEUtil.setErrorcode("60004");
                throw new OIDNotFoundException("(KSign) envelopedData's CipherAlgorithm is not defined, " + this.algo);
            }
            aSN1ObjectIdentifier = KISAObjectIdentifiers.ariaCBC;
        }
        return new AlgorithmIdentifier(aSN1ObjectIdentifier, new DEROctetString(this.iv.getIV()));
    }

    private AlgorithmIdentifier getDigetstAlgIdentifier(String str) throws OIDNotFoundException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (str.equals(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_MD5)) {
            aSN1ObjectIdentifier = PKCSObjectIdentifiers.md5;
        } else if (str.equals("SHA1")) {
            aSN1ObjectIdentifier = OIWObjectIdentifiers.idSHA1;
        } else if (str.equals("SHA256")) {
            aSN1ObjectIdentifier = NISTObjectIdentifiers.id_sha256;
        } else if (str.equals(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_SHA512)) {
            aSN1ObjectIdentifier = NISTObjectIdentifiers.id_sha512;
        } else {
            if (!str.equals("SHA224")) {
                JCEUtil.setErrorcode("60003");
                throw new OIDNotFoundException("(KSign) signedData's Message Digest algorithm is not defined : " + str);
            }
            aSN1ObjectIdentifier = NISTObjectIdentifiers.id_sha224;
        }
        return new AlgorithmIdentifier(aSN1ObjectIdentifier);
    }

    private ASN1Set getRecipientInfos() throws Exception {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSASSA_PSS, new DERSequence());
        Cipher cipher = Cipher.getInstance("RSA", "Ksign");
        for (int i = 0; i < this.certRecipient.size(); i++) {
            X509CertificateObject x509CertificateObject = (X509CertificateObject) this.certRecipient.get(i);
            cipher.init(1, x509CertificateObject);
            aSN1EncodableVector.add(new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(x509CertificateObject.getIssuerDnName(), x509CertificateObject.getSerialNumber())), algorithmIdentifier, new DEROctetString(cipher.doFinal(this.secretKey.getEncoded())))));
        }
        return new BERSet(aSN1EncodableVector);
    }

    private AlgorithmIdentifier getSigAlgIdentifier(String str, String str2) throws OIDNotFoundException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = equals(str, "RSA", str2, com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_MD5) ? PKCSObjectIdentifiers.md5WithRSAEncryption : equals(str, "RSA", str2, "SHA1") ? PKCSObjectIdentifiers.sha1WithRSAEncryption : equals(str, "RSA", str2, "SHA256") ? PKCSObjectIdentifiers.sha256WithRSAEncryption : equals(str, com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1, str2, "SHA1") ? KISAObjectIdentifiers.kcdsaWithHAS160 : equals(str, com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1, str2, "SHA256") ? KISAObjectIdentifiers.kcdsa1 : null;
        if (aSN1ObjectIdentifier != null) {
            return new AlgorithmIdentifier(aSN1ObjectIdentifier);
        }
        JCEUtil.setErrorcode("60003");
        throw new OIDNotFoundException("(KSign) signedData's Digital Signature Algorithm does not support  : " + str + "With" + str2);
    }

    private String getSignAlgName(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws NoSuchAlgorithmException, NoSuchProviderException, OIDNotFoundException {
        if (isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.md5WithRSAEncryption) || (isEqualsOID(algorithmIdentifier, PKCSObjectIdentifiers.md5) && isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.rsaEncryption))) {
            return "MD5WITHRSA";
        }
        if (isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.sha1WithRSAEncryption) || (isEqualsOID(algorithmIdentifier, OIWObjectIdentifiers.idSHA1) && isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.rsaEncryption))) {
            return "SHA1WITHRSA";
        }
        if (isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.sha256WithRSAEncryption) || (isEqualsOID(algorithmIdentifier, NISTObjectIdentifiers.id_sha256) && isEqualsOID(algorithmIdentifier2, PKCSObjectIdentifiers.rsaEncryption))) {
            return "SHA256WITHRSA";
        }
        if (isEqualsOID(algorithmIdentifier2, KISAObjectIdentifiers.kcdsaWithHAS160)) {
            return com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1;
        }
        if (isEqualsOID(algorithmIdentifier, OIWObjectIdentifiers.idSHA1) && isEqualsOID(algorithmIdentifier2, KISAObjectIdentifiers.kcdsa1)) {
            return com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1;
        }
        if ((isEqualsOID(algorithmIdentifier, NISTObjectIdentifiers.id_sha256) && isEqualsOID(algorithmIdentifier2, KISAObjectIdentifiers.kcdsa1)) || isEqualsOID(algorithmIdentifier2, KISAObjectIdentifiers.kcdsa256) || isEqualsOID(algorithmIdentifier2, KISAObjectIdentifiers.kcdsaWithSHA256)) {
            return "SHA256WITHKCDSA";
        }
        JCEUtil.setErrorcode("60004");
        throw new OIDNotFoundException("(KSign) (KSign) getSignedData's, DigestAlgorithm : " + algorithmIdentifier.getAlgorithm().toString() + ", SigAlgorithm : " + algorithmIdentifier2.getAlgorithm());
    }

    private byte[] getSignData(String str, PrivateKey privateKey, byte[] bArr) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        Signature signature = Signature.getInstance(str, "Ksign");
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private Signature getSignature(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws NoSuchAlgorithmException, NoSuchProviderException, OIDNotFoundException {
        if (algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            return Signature.getInstance("MD5WITHRSA", "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(PKCSObjectIdentifiers.md5) && algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
            return Signature.getInstance("MD5WITHRSA", "Ksign");
        }
        if (algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
            return Signature.getInstance("SHA1WITHRSA", "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(OIWObjectIdentifiers.idSHA1) && algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
            return Signature.getInstance("SHA1WITHRSA", "Ksign");
        }
        if (algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
            return Signature.getInstance("SHA256WITHRSA", "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256) && algorithmIdentifier2.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) {
            return Signature.getInstance("SHA256WITHRSA", "Ksign");
        }
        if (algorithmIdentifier2.getAlgorithm().equals(KISAObjectIdentifiers.kcdsaWithHAS160)) {
            return Signature.getInstance(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1, "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(OIWObjectIdentifiers.idSHA1) && algorithmIdentifier2.getAlgorithm().equals(KISAObjectIdentifiers.kcdsa1)) {
            return Signature.getInstance(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_KCDSA1, "Ksign");
        }
        if (algorithmIdentifier.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256) && algorithmIdentifier2.getAlgorithm().equals(KISAObjectIdentifiers.kcdsa1)) {
            return Signature.getInstance("SHA256WITHKCDSA", "Ksign");
        }
        if ((!algorithmIdentifier.getAlgorithm().equals(NISTObjectIdentifiers.id_sha256) || !algorithmIdentifier2.getAlgorithm().equals(KISAObjectIdentifiers.kcdsaWithSHA256)) && !algorithmIdentifier2.getAlgorithm().equals(KISAObjectIdentifiers.kcdsa256)) {
            JCEUtil.setErrorcode("60004");
            throw new OIDNotFoundException("(KSign) (KSign) getSignedData's, DigestAlgorithm : " + algorithmIdentifier.getAlgorithm().toString() + ", SigAlgorithm : " + algorithmIdentifier2.getAlgorithm());
        }
        return Signature.getInstance("SHA256WITHKCDSA", "Ksign");
    }

    private Cipher getSymBlockCipher(int i) throws Exception {
        Cipher cipher = Cipher.getInstance(String.valueOf(this.algo) + "/CBC/PKCS5Padding", "Ksign");
        cipher.init(i, this.secretKey, this.iv);
        return cipher;
    }

    private boolean isEqualsOID(AlgorithmIdentifier algorithmIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return algorithmIdentifier.getAlgorithm().equals(aSN1ObjectIdentifier);
    }

    private boolean isVerify(String str, Certificate certificate, byte[] bArr, byte[] bArr2) throws InvalidKeyException, CertException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        Signature signature = Signature.getInstance(str, "Ksign");
        signature.initVerify(certificate);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    private void setBlockcipherKeySet(String str) throws OIDNotFoundException {
        int i = 8;
        int i2 = 16;
        if (!str.equals(Crypto.ALGORITHM_DES)) {
            if (!str.equals("SEED")) {
                if (str.equals("DESEDE")) {
                    i = 24;
                } else if (!str.equals("ARIA")) {
                    JCEUtil.setErrorcode("60004");
                    throw new OIDNotFoundException("(KSign) envelopedData's CipherAlgorithm is not defined, " + str);
                }
            }
            i = 16;
            byte[] bArr = new byte[i];
            byte[] bArr2 = new byte[i2];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            secureRandom.nextBytes(bArr2);
            this.algo = str;
            this.secretKey = new SecretKeySpec(bArr, str);
            this.iv = new IvParameterSpec(bArr2);
        }
        i2 = 8;
        byte[] bArr3 = new byte[i];
        byte[] bArr22 = new byte[i2];
        SecureRandom secureRandom2 = new SecureRandom();
        secureRandom2.nextBytes(bArr3);
        secureRandom2.nextBytes(bArr22);
        this.algo = str;
        this.secretKey = new SecretKeySpec(bArr3, str);
        this.iv = new IvParameterSpec(bArr22);
    }

    private void setContentInfo(ASN1InputStream aSN1InputStream) throws IOException {
        DERObject readObject = aSN1InputStream.readObject();
        if (!(readObject instanceof ASN1Sequence)) {
            if (readObject instanceof ContentInfo) {
                this.contentInfo = ContentInfo.getInstance(readObject);
                return;
            }
            return;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) readObject;
        if (aSN1Sequence.size() == 5) {
            this.contentInfo = new ContentInfo(this.SIGNED_DATA, aSN1Sequence);
        } else if (aSN1Sequence.size() == 3) {
            this.contentInfo = new ContentInfo(this.ENVELOPED_DATA, aSN1Sequence);
        } else if (aSN1Sequence.size() == 2) {
            this.contentInfo = ContentInfo.getInstance(readObject);
        }
    }

    private void setFileName(DERObject dERObject) {
        if (dERObject == null || !(dERObject instanceof DERUTF8String)) {
            return;
        }
        this.fileName = ((DERUTF8String) dERObject).toString();
        this.isFile = true;
    }

    private void setTime(DERObject dERObject) {
        if (dERObject == null || !(dERObject instanceof ASN1UTCTime)) {
            return;
        }
        this.time = new Time((ASN1UTCTime) dERObject);
    }

    private OutputStream verifyData(ASN1InputStream aSN1InputStream, OutputStream outputStream) throws PKCS7Exception {
        try {
            checkData(aSN1InputStream, "Content");
            outputStream.write(ASN1OctetString.getInstance(this.contentInfo.getDERObject()).getOctets());
            outputStream.flush();
            return outputStream;
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60012");
            }
            throw new PKCS7Exception("(KSign) CMSMessage : Data get error    " + e.toString());
        }
    }

    private void verifyEncrypted(ASN1InputStream aSN1InputStream, OutputStream outputStream, char[] cArr) throws PKCS7Exception {
        Cipher cipher;
        SecretKeyFactory secretKeyFactory;
        try {
            EncryptedContentInfo encryptedContentInfo = EncryptedData.getInstance(ASN1Sequence.getInstance(this.contentInfo.getContent().getDERObject().getEncoded())).getEncryptedContentInfo();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
            PBEParameter pBEParameter = PBEParameter.getInstance(contentEncryptionAlgorithm.getParameters());
            this.pbeParamSpec = new PBEParameterSpec(pBEParameter.getSalt(), pBEParameter.getIterationCount().intValue());
            ASN1ObjectIdentifier algorithm = contentEncryptionAlgorithm.getAlgorithm();
            if (algorithm.equals(this.DEFAULT_ALGORITHM_OID)) {
                secretKeyFactory = SecretKeyFactory.getInstance("PBEWithSHA1AndDES", "Ksign");
                cipher = Cipher.getInstance("PBEWithSHA1AndDES", "Ksign");
            } else if (algorithm.equals(this.SEED1)) {
                secretKeyFactory = SecretKeyFactory.getInstance("PBEWithSHA1AndSEED", "Ksign");
                cipher = Cipher.getInstance("PBEWITHSHA1ANDSEED", "Ksign");
            } else {
                if (!algorithm.equals(this.DESEDE)) {
                    JCEUtil.setErrorcode("60004");
                    throw new OIDNotFoundException("(KSign) getEncryptedData's cipher algoirthm is not exist " + algorithm);
                }
                SecretKeyFactory secretKeyFactory2 = SecretKeyFactory.getInstance("PBEWithSHAAnd3-KeyTripleDES-CBC", "Ksign");
                cipher = Cipher.getInstance("PBEWithSHAAnd3-KeyTripleDES-CBC", "Ksign");
                secretKeyFactory = secretKeyFactory2;
            }
            SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
            this.secretKey = generateSecret;
            cipher.init(2, generateSecret, this.pbeParamSpec);
            toBlockCipher(encryptedContentInfo.getEncryptedContent().getOctets(), outputStream, cipher);
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60012");
            }
            throw new PKCS7Exception("(KSign) CMSMessage : Data get error    " + e.toString());
        }
    }

    private void verifyEnvelopedData(ASN1InputStream aSN1InputStream, OutputStream outputStream, Certificate certificate, PrivateKey privateKey) throws PKCS7Exception, PKCS7Exception, IOException {
        boolean z;
        Cipher cipher;
        byte[] bytes;
        setFileName(aSN1InputStream.readObject());
        setTime(aSN1InputStream.readObject());
        DERObject readObject = aSN1InputStream.readObject();
        EnvelopedData envelopedData = EnvelopedData.getInstance(ASN1Sequence.getInstance(this.contentInfo.getContent()));
        Enumeration objects = envelopedData.getRecipientInfos().getObjects();
        byte[] bArr = null;
        String str = "RSA";
        RecipientInfo recipientInfo = null;
        KeyTransRecipientInfo keyTransRecipientInfo = null;
        while (true) {
            if (!objects.hasMoreElements()) {
                z = false;
                break;
            }
            recipientInfo = RecipientInfo.getInstance((ASN1Encodable) objects.nextElement());
            if (!recipientInfo.isTagged()) {
                keyTransRecipientInfo = (KeyTransRecipientInfo) recipientInfo.getInfo();
                IssuerAndSerialNumber issuerAndSerialNumber = (IssuerAndSerialNumber) keyTransRecipientInfo.getRecipientIdentifier().getId();
                ASN1ObjectIdentifier algorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm().getAlgorithm();
                if (algorithm != null && algorithm.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
                    str = "RSA/OAEP";
                }
                RDN[] rDNs = issuerAndSerialNumber.getName().getRDNs();
                X509CertificateObject x509CertificateObject = (X509CertificateObject) certificate;
                if (x509CertificateObject.getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber().getValue()) && x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(DN.getAltDN(rDNs))) {
                    z = true;
                    break;
                }
            }
        }
        if (recipientInfo.isTagged()) {
            throw new PKCS7Exception("(KSign) getEnvelopedData() : unsupported receipientInfo choice tag");
        }
        if (!z) {
            throw new PKCS7Exception("(KSign) getEnvelopedData() : Invalid Recepient");
        }
        byte[] octets = keyTransRecipientInfo.getEncryptedKey().getOctets();
        if (octets == null) {
            JCEUtil.setErrorcode("30034");
            throw new PKCS7Exception("(KSign) getEnvelopedData's encryptedkey is null");
        }
        try {
            Cipher cipher2 = Cipher.getInstance(str, "Ksign");
            cipher2.init(2, privateKey);
            byte[] doFinal = cipher2.doFinal(octets);
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            ASN1ObjectIdentifier algorithm2 = contentEncryptionAlgorithm.getAlgorithm();
            try {
                if (algorithm2.equals(OIWObjectIdentifiers.desCBC)) {
                    cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, Crypto.ALGORITHM_DES);
                } else if (algorithm2.equals(KISAObjectIdentifiers.seedCBC)) {
                    cipher = Cipher.getInstance(SecureChannel.CipherAlgorithm2, "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "SEED");
                } else if (algorithm2.equals(PKCSObjectIdentifiers.des_EDE3_CBC)) {
                    cipher = Cipher.getInstance("DESEDE/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "DESEDE");
                } else {
                    if (!algorithm2.equals(KISAObjectIdentifiers.ariaCBC)) {
                        JCEUtil.setErrorcode("60004");
                        throw new OIDNotFoundException("(KSign)getEnvelopedData's CipherAlgorithm is not exist" + algorithm2.toString());
                    }
                    cipher = Cipher.getInstance("ARIA/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "ARIA");
                }
                try {
                    bytes = ASN1OctetString.getInstance(contentEncryptionAlgorithm.getParameters()).getOctets();
                } catch (Exception unused) {
                    bytes = "0123456789012345".getBytes();
                }
                if (encryptedContentInfo.getEncryptedContent() != null) {
                    bArr = encryptedContentInfo.getEncryptedContent().getOctets();
                } else if (readObject != null) {
                    bArr = ASN1OctetString.getInstance(readObject).getOctets();
                }
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bytes);
                this.iv = ivParameterSpec;
                cipher.init(2, this.secretKey, ivParameterSpec);
                toBlockCipher(bArr, outputStream, cipher);
            } catch (Exception e) {
                throw new PKCS7Exception("(KSign) getEnvelopedData's Decrypt encryptedcont " + e.getMessage());
            }
        } catch (Exception e2) {
            throw new PKCS7Exception("(KSign) getEnvelopedData's Sessionkey decrypt " + e2.getMessage());
        }
    }

    private void verifySignedAndEnveloped(ASN1InputStream aSN1InputStream, OutputStream outputStream, Certificate certificate, PrivateKey privateKey) throws PKCS7Exception, IOException {
        Cipher cipher;
        SignedAndEnveloped signedAndEnveloped = SignedAndEnveloped.getInstance(this.contentInfo.getContent());
        boolean z = false;
        try {
            Enumeration objects = signedAndEnveloped.getRecipientInfos().getObjects();
            RecipientInfo recipientInfo = null;
            KeyTransRecipientInfo keyTransRecipientInfo = null;
            while (true) {
                if (!objects.hasMoreElements()) {
                    break;
                }
                recipientInfo = RecipientInfo.getInstance((ASN1Encodable) objects.nextElement());
                if (!recipientInfo.isTagged()) {
                    keyTransRecipientInfo = (KeyTransRecipientInfo) recipientInfo.getInfo();
                    IssuerAndSerialNumber issuerAndSerialNumber = (IssuerAndSerialNumber) keyTransRecipientInfo.getRecipientIdentifier().getId();
                    RDN[] rDNs = issuerAndSerialNumber.getName().getRDNs();
                    X509CertificateObject x509CertificateObject = (X509CertificateObject) certificate;
                    if (x509CertificateObject.getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber().getValue()) && x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(DN.getAltDN(rDNs))) {
                        z = true;
                        break;
                    }
                }
            }
            if (recipientInfo.isTagged()) {
                throw new PKCS7Exception("(KSign) getEnvelopedData() : unsupported receipientInfo choice tag");
            }
            if (!z) {
                throw new PKCS7Exception("(KSign) getEnvelopedData() : Invalid Recepient");
            }
            byte[] octets = keyTransRecipientInfo.getEncryptedKey().getOctets();
            if (octets == null) {
                JCEUtil.setErrorcode("30034");
                throw new PKCS7Exception("(KSign) getEnvelopedData's encryptedkey is null");
            }
            try {
                ASN1ObjectIdentifier algorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm().getAlgorithm();
                String str = "RSA";
                if (!algorithm.equals(PKCSObjectIdentifiers.rsaEncryption) && algorithm.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
                    str = "RSA/OAEP";
                }
                Cipher cipher2 = Cipher.getInstance(str, "Ksign");
                cipher2.init(2, privateKey);
                byte[] doFinal = cipher2.doFinal(octets);
                EncryptedContentInfo encryptedContentInfo = signedAndEnveloped.getEncryptedContentInfo();
                AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
                ASN1ObjectIdentifier algorithm2 = contentEncryptionAlgorithm.getAlgorithm();
                if (algorithm2.equals(OIWObjectIdentifiers.desCBC)) {
                    cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, Crypto.ALGORITHM_DES);
                } else if (algorithm2.equals(KISAObjectIdentifiers.seedCBC)) {
                    cipher = Cipher.getInstance(SecureChannel.CipherAlgorithm2, "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "SEED");
                } else if (algorithm2.equals(PKCSObjectIdentifiers.des_EDE3_CBC)) {
                    cipher = Cipher.getInstance("DESEDE/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "DESEDE");
                } else {
                    if (!algorithm2.equals(KISAObjectIdentifiers.ariaCBC)) {
                        JCEUtil.setErrorcode("60004");
                        throw new OIDNotFoundException("(KSign)getEnvelopedData's CipherAlgorithm is not exist" + algorithm2.toString());
                    }
                    cipher = Cipher.getInstance("ARIA/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "ARIA");
                }
                IvParameterSpec ivParameterSpec = new IvParameterSpec(ASN1OctetString.getInstance(contentEncryptionAlgorithm.getParameters()).getOctets());
                this.iv = ivParameterSpec;
                cipher.init(2, this.secretKey, ivParameterSpec);
                byte[] blockCipher = toBlockCipher(encryptedContentInfo.getEncryptedContent().getOctets(), cipher);
                try {
                    X509CertificateObject x509CertificateObject2 = (X509CertificateObject) CMSMessageUtil.getCertificate(signedAndEnveloped.getCertificate().getDERObject().getDEREncoded());
                    if (x509CertificateObject2 == null) {
                        JCEUtil.setErrorcode("60027");
                        throw new CertException("(KSign) getSignedAndEnvelopedData : The SignedData doesn't have the field for signer's certificate.");
                    }
                    Enumeration objects2 = signedAndEnveloped.getSignerInfos().getObjects();
                    if (objects2 == null || !objects2.hasMoreElements()) {
                        return;
                    }
                    DEREncodable dEREncodable = (DEREncodable) objects2.nextElement();
                    KCaseLogging.println("DEREncodable : \n" + ASN1Dump.dumpAsString(dEREncodable));
                    SignerInfo signerInfo = SignerInfo.getInstance(dEREncodable);
                    byte[] doFinal2 = cipher.doFinal(signerInfo.getEncryptedDigest().getOctets());
                    Signature signature = getSignature(signerInfo.getDigestAlgorithm(), x509CertificateObject2.getCertificate().getSignatureAlgorithm());
                    signature.initVerify(x509CertificateObject2);
                    signature.update(blockCipher);
                    if (!signature.verify(doFinal2)) {
                        JCEUtil.setErrorcode("80014");
                    }
                    throw new PKCS7Exception("(KSign) Failed to validate electronic signatures. : " + signerInfo.getDigestAlgorithm().getAlgorithm() + ", SignAlgorithm : " + signerInfo.getDigestEncryptionAlgorithm().getAlgorithm());
                } catch (Exception e) {
                    KCaseLogging.print(e);
                    throw new PKCS7Exception(e.getMessage());
                }
            } catch (Exception e2) {
                throw new PKCS7Exception("(KSign) getEnvelopedData's Sessionkey decrypt " + e2.getMessage());
            }
        } catch (Exception e3) {
            KCaseLogging.print(e3);
            throw new PKCS7Exception("(KSign) SignedEnvelopedData's Decrypt encryptedcont " + e3.getMessage());
        }
    }

    protected void addRecipientCert(Certificate certificate) {
        this.certRecipient.add(certificate);
    }

    protected void addRecipientCert(Certificate[] certificateArr) throws PKCS7Exception {
        if (certificateArr == null || certificateArr.length == 0) {
            JCEUtil.setErrorcode("20007");
            throw new PKCS7Exception("(KSign) envelopedData's Certificate value is null");
        }
        for (Certificate certificate : certificateArr) {
            addRecipientCert(certificate);
        }
    }

    protected void digest(InputStream inputStream, OutputStream outputStream, String str) throws NoSuchAlgorithmException, NoSuchProviderException, IOException {
        MessageDigest messageDigest = MessageDigest.getInstance(str, "Ksign");
        byte[] bArr = new byte[5120];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                outputStream.write(messageDigest.digest());
                outputStream.flush();
                return;
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] encryptedData(byte[] bArr, char[] cArr, String str) throws PKCS7Exception {
        AlgorithmIdentifier algorithmIdentifier;
        String str2;
        try {
            checkData(bArr, "encrypted Data");
            checkData(cArr, "encrypted password");
            byte[] bArr2 = new byte[8];
            new SecureRandom().nextBytes(bArr2);
            PBEParameter pBEParameter = new PBEParameter(bArr2, 1024);
            if (str != null && !str.equals(Crypto.ALGORITHM_DES)) {
                if (str.equals("SEED")) {
                    algorithmIdentifier = new AlgorithmIdentifier(this.SEED1, pBEParameter);
                    str2 = "PBEWITHSHA1ANDSEED";
                } else {
                    if (!str.equals("DESEDE")) {
                        JCEUtil.setErrorcode("60004");
                        throw new OIDNotFoundException("(KSign) encryptedData's algorthm is not exist " + str + ", pbeAlgorithm " + ((String) null));
                    }
                    algorithmIdentifier = new AlgorithmIdentifier(this.DESEDE, pBEParameter);
                    str2 = "PBEWithSHAAnd3-KeyTripleDES-CBC";
                }
                this.secretKey = SecretKeyFactory.getInstance(str2, "Ksign").generateSecret(new PBEKeySpec(cArr));
                Cipher cipher = Cipher.getInstance(str2, "Ksign");
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr2, 1024);
                this.pbeParamSpec = pBEParameterSpec;
                cipher.init(1, this.secretKey, pBEParameterSpec);
                return new ContentInfo(this.ENCRYPTED_DATA, new EncryptedData(new EncryptedContentInfo(this.DATA, algorithmIdentifier, new DEROctetString(toBlockCipher(bArr, cipher))), null)).getDEREncoded();
            }
            algorithmIdentifier = new AlgorithmIdentifier(this.DEFAULT_ALGORITHM_OID, pBEParameter);
            str2 = "PBEWithSHA1AndDES";
            this.secretKey = SecretKeyFactory.getInstance(str2, "Ksign").generateSecret(new PBEKeySpec(cArr));
            Cipher cipher2 = Cipher.getInstance(str2, "Ksign");
            PBEParameterSpec pBEParameterSpec2 = new PBEParameterSpec(bArr2, 1024);
            this.pbeParamSpec = pBEParameterSpec2;
            cipher2.init(1, this.secretKey, pBEParameterSpec2);
            return new ContentInfo(this.ENCRYPTED_DATA, new EncryptedData(new EncryptedContentInfo(this.DATA, algorithmIdentifier, new DEROctetString(toBlockCipher(bArr, cipher2))), null)).getDEREncoded();
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) PKCS7 : encryptedData type generate error , algorithm : " + str + "    " + e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] envelopedDataCMS(byte[] bArr, Certificate[] certificateArr, String str) throws PKCS7Exception {
        AlgorithmIdentifier algorithmIdentifier;
        addRecipientCert(certificateArr);
        if (bArr == null) {
            JCEUtil.setErrorcode("20007");
            throw new PKCS7Exception("(KSign) envelopedData's input value is null");
        }
        if (certificateArr == null) {
            JCEUtil.setErrorcode("20007");
            throw new PKCS7Exception("(KSign) envelopedData's Certificate value is null");
        }
        if (str == null) {
            JCEUtil.setErrorcode("20007");
            throw new PKCS7Exception("(KSign) envelopedData's CipherAlgorithm value is null");
        }
        try {
            setBlockcipherKeySet(str);
            int length = certificateArr.length;
            X509CertificateObject[] x509CertificateObjectArr = new X509CertificateObject[length];
            for (int i = 0; i < certificateArr.length; i++) {
                x509CertificateObjectArr[i] = (X509CertificateObject) certificateArr[i];
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (int i2 = 0; i2 < length; i2++) {
                RecipientIdentifier recipientIdentifier = new RecipientIdentifier(new IssuerAndSerialNumber(x509CertificateObjectArr[i2].getIssuerDnName(), x509CertificateObjectArr[i2].getSerialNumber()));
                AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, new DERSequence());
                Cipher cipher = Cipher.getInstance("RSA/OAEP", "Ksign");
                cipher.init(1, x509CertificateObjectArr[i2]);
                aSN1EncodableVector.add(new RecipientInfo(new KeyTransRecipientInfo(recipientIdentifier, algorithmIdentifier2, new DEROctetString(cipher.doFinal(this.secretKey.getEncoded())))));
            }
            BERSet bERSet = new BERSet(aSN1EncodableVector);
            Cipher cipher2 = Cipher.getInstance(String.valueOf(str) + "/CBC/PKCS5Padding", "Ksign");
            cipher2.init(1, this.secretKey, this.iv);
            byte[] doFinal = cipher2.doFinal(bArr);
            if (str.equals(Crypto.ALGORITHM_DES)) {
                algorithmIdentifier = new AlgorithmIdentifier(OIWObjectIdentifiers.desCBC, new DEROctetString(this.iv.getIV()));
            } else if (str.equals("SEED")) {
                algorithmIdentifier = new AlgorithmIdentifier(KISAObjectIdentifiers.seedCBC, new DEROctetString(this.iv.getIV()));
            } else if (str.equals("DESEDE")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.des_EDE3_CBC, new DEROctetString(this.iv.getIV()));
            } else {
                if (!str.equals("ARIA")) {
                    JCEUtil.setErrorcode("60004");
                    throw new OIDNotFoundException("(KSign) envelopedData's CipherAlgorithm is not defined, " + str);
                }
                algorithmIdentifier = new AlgorithmIdentifier(KISAObjectIdentifiers.ariaCBC, new DEROctetString(this.iv.getIV()));
            }
            return new EnvelopedData(null, bERSet, new EncryptedContentInfo(this.DATA, algorithmIdentifier, new DEROctetString(doFinal)), null).getDEREncoded();
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) PKCS7 : envelopedData's generate Error    " + e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] envlopeData(byte[] bArr, Certificate certificate, String str) throws PKCS7Exception {
        addRecipientCert(certificate);
        return envlopeData(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] envlopeData(byte[] bArr, Certificate[] certificateArr, String str) throws PKCS7Exception, PKCS7Exception {
        addRecipientCert(certificateArr);
        return envlopeData(bArr, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDigestAlg(Certificate certificate) {
        String str;
        if (certificate instanceof X509CertificateObject) {
            str = ((X509CertificateObject) certificate).getSigAlgName();
        } else {
            try {
                str = CMSMessageUtil.getCertificate(certificate).getSigAlgName();
            } catch (Exception e) {
                KCaseLogging.print(e);
                str = "";
            }
        }
        String upperCase = str.toUpperCase();
        return upperCase.indexOf("SHA256") > -1 ? "SHA256" : upperCase.indexOf("SHA224") > -1 ? "SHA224" : upperCase.indexOf(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_SHA384) > -1 ? com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_SHA384 : upperCase.indexOf(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_SHA512) > -1 ? com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_SHA512 : upperCase.indexOf(com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_MD5) > -1 ? com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier.NAME_MD5 : upperCase.indexOf("SHA1") > -1 ? "SHA1" : "SHA256";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Certificate[] getSignCertficates() throws CertException {
        ArrayList arrayList = this.signCertificate;
        if (arrayList == null || arrayList.size() <= 0) {
            JCEUtil.setErrorcode("60027");
            throw new CertException("(KSign) getSignedData's usercert is null");
        }
        X509CertificateObject[] x509CertificateObjectArr = new X509CertificateObject[this.signCertificate.size()];
        this.signCertificate.toArray(x509CertificateObjectArr);
        return x509CertificateObjectArr;
    }

    protected void init() {
        this.secretKey = null;
        this.iv = null;
        this.algo = null;
        this.isFile = false;
        this.certRecipient = new ArrayList();
        this.fileName = null;
        this.time = null;
        this.signCertificate = null;
    }

    protected byte[] inputStreamToByteArray(InputStream inputStream) {
        int read;
        byte[] bArr = new byte[16384];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        do {
            try {
                read = inputStream.read(bArr);
                byteArrayOutputStream.write(bArr, 0, read);
            } catch (Exception unused) {
            } catch (Throwable th) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException unused2) {
                }
                throw th;
            }
        } while (read != -1);
        bArr = byteArrayOutputStream.toByteArray();
        try {
            byteArrayOutputStream.close();
        } catch (IOException unused3) {
            return bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setFileMode() {
        this.isFile = true;
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x0098  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x012d A[Catch: Exception -> 0x016f, IOException -> 0x0196, TryCatch #0 {Exception -> 0x016f, blocks: (B:4:0x0018, B:6:0x002b, B:8:0x0031, B:9:0x0054, B:11:0x005e, B:12:0x0063, B:34:0x009a, B:35:0x009e, B:47:0x00a4, B:49:0x00a8, B:52:0x00b0, B:54:0x00b6, B:56:0x00c0, B:57:0x00cc, B:58:0x00d7, B:61:0x00db, B:62:0x00ff, B:37:0x0100, B:39:0x010c, B:41:0x0110, B:42:0x0117, B:44:0x011c, B:63:0x0120, B:64:0x012c, B:65:0x012d, B:66:0x0139, B:24:0x0072, B:26:0x0078, B:28:0x0082, B:30:0x008d, B:14:0x013a, B:17:0x0148, B:72:0x0162, B:73:0x016e), top: B:3:0x0018, outer: #1 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void signVerify(com.ksign.asn1.ASN1InputStream r12, java.io.OutputStream r13) throws ksign.jce.provider.pkcs.PKCS7Exception {
        /*
            Method dump skipped, instructions count: 431
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ksign.jce.provider.pkcs.CMSMessageObject.signVerify(com.ksign.asn1.ASN1InputStream, java.io.OutputStream):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signedAndEnvelopedData(byte[] bArr, Certificate certificate, PrivateKey privateKey, Certificate[] certificateArr, String str, String str2) throws PKCS7Exception, Exception {
        addRecipientCert(certificateArr);
        checkData(bArr, "Sign and Envlope Data");
        checkData(this.certRecipient, "Certificate");
        checkData(str, "Cipher Algorithm");
        checkData(str2, "Message Digest Algorithm");
        setBlockcipherKeySet(str);
        try {
            ASN1Set recipientInfos = getRecipientInfos();
            Cipher symBlockCipher = getSymBlockCipher(1);
            EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(this.ENVELOPED_DATA, getContentEncryptionAlgorithm(), new DEROctetString(symBlockCipher.doFinal(bArr)));
            AlgorithmIdentifier digetstAlgIdentifier = getDigetstAlgIdentifier(str2);
            AlgorithmIdentifier sigAlgIdentifier = getSigAlgIdentifier(privateKey.getAlgorithm(), str2);
            byte[] doFinal = symBlockCipher.doFinal(getSignData(getSignAlgName(digetstAlgIdentifier, sigAlgIdentifier), privateKey, bArr));
            X509CertificateStructure certificate2 = ((X509CertificateObject) certificate).getCertificate();
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(certificate2.getIssuer(), certificate2.getSerialNumber().getValue())), digetstAlgIdentifier, null, sigAlgIdentifier, new DEROctetString(doFinal), null);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(signerInfo);
            return new ContentInfo(this.SIGNEDANDENVELOPED_DATA, new SignedAndEnveloped(recipientInfos, new BERSet(digetstAlgIdentifier), encryptedContentInfo, new BERSet(certificate2), new BERSet(aSN1EncodableVector))).getDEREncoded();
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) CMSMessage : signedAndEnvelopedData's Generate error    " + e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signedAndEnvelopedDataCMS(byte[] bArr, Certificate certificate, PrivateKey privateKey, Certificate[] certificateArr, String str, String str2) throws PKCS7Exception, Exception {
        AlgorithmIdentifier algorithmIdentifier;
        addRecipientCert(certificateArr);
        checkData(bArr, "Sign and Envlope Data");
        checkData(this.certRecipient, "Certificate");
        checkData(str, "Cipher Algorithm");
        checkData(str2, "Message Digest Algorithm");
        setBlockcipherKeySet(str);
        try {
            int length = certificateArr.length;
            X509CertificateObject[] x509CertificateObjectArr = new X509CertificateObject[length];
            for (int i = 0; i < certificateArr.length; i++) {
                x509CertificateObjectArr[i] = (X509CertificateObject) certificateArr[i];
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (int i2 = 0; i2 < length; i2++) {
                RecipientIdentifier recipientIdentifier = new RecipientIdentifier(new IssuerAndSerialNumber(x509CertificateObjectArr[i2].getIssuerDnName(), x509CertificateObjectArr[i2].getSerialNumber()));
                AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERSequence());
                Cipher cipher = Cipher.getInstance("RSA", "Ksign");
                cipher.init(1, x509CertificateObjectArr[i2]);
                aSN1EncodableVector.add(new RecipientInfo(new KeyTransRecipientInfo(recipientIdentifier, algorithmIdentifier2, new DEROctetString(cipher.doFinal(this.secretKey.getEncoded())))));
            }
            BERSet bERSet = new BERSet(aSN1EncodableVector);
            Cipher cipher2 = Cipher.getInstance(String.valueOf(str) + "/CBC/PKCS5Padding", "Ksign");
            cipher2.init(1, this.secretKey, this.iv);
            byte[] doFinal = cipher2.doFinal(bArr);
            if (str.equals(Crypto.ALGORITHM_DES)) {
                algorithmIdentifier = new AlgorithmIdentifier(OIWObjectIdentifiers.desCBC, new DEROctetString(this.iv.getIV()));
            } else if (str.equals("SEED")) {
                algorithmIdentifier = new AlgorithmIdentifier(KISAObjectIdentifiers.seedCBC, new DEROctetString(this.iv.getIV()));
            } else if (str.equals("DESEDE")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.des_EDE3_CBC, new DEROctetString(this.iv.getIV()));
            } else {
                if (!str.equals("ARIA")) {
                    JCEUtil.setErrorcode("60004");
                    throw new OIDNotFoundException("(KSign) envelopedData's CipherAlgorithm is not defined, " + str);
                }
                algorithmIdentifier = new AlgorithmIdentifier(KISAObjectIdentifiers.ariaCBC, new DEROctetString(this.iv.getIV()));
            }
            EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(this.DATA, algorithmIdentifier, new DEROctetString(doFinal));
            AlgorithmIdentifier digetstAlgIdentifier = getDigetstAlgIdentifier(str2);
            AlgorithmIdentifier sigAlgIdentifier = getSigAlgIdentifier(privateKey.getAlgorithm(), str2);
            byte[] doFinal2 = cipher2.doFinal(getSignData(getSignAlgName(digetstAlgIdentifier, sigAlgIdentifier), privateKey, bArr));
            X509CertificateStructure certificate2 = ((X509CertificateObject) certificate).getCertificate();
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(certificate2.getIssuer(), certificate2.getSerialNumber().getValue())), digetstAlgIdentifier, null, sigAlgIdentifier, new DEROctetString(doFinal2), null);
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(signerInfo);
            return new SignedAndEnveloped(bERSet, new BERSet(digetstAlgIdentifier), encryptedContentInfo, new BERSet(certificate2), new BERSet(aSN1EncodableVector2)).getDEREncoded();
        } catch (Exception e) {
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) CMSMessage : signedAndEnvelopedDataCMS's Generate error    " + e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] signedData(byte[] bArr, Certificate certificate, PrivateKey privateKey, String str) throws PKCS7Exception {
        try {
            checkData(bArr, "SignedData");
            checkData(certificate, "Certificate");
            checkData(privateKey, "Private");
            checkData(str, "Message Digest Algoirthm");
            X509CertificateObject x509CertificateObject = (X509CertificateObject) certificate;
            AlgorithmIdentifier digetstAlgIdentifier = getDigetstAlgIdentifier(str);
            AlgorithmIdentifier sigAlgIdentifier = getSigAlgIdentifier(privateKey.getAlgorithm(), str);
            SignerInfo signerInfo = new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(x509CertificateObject.getIssuerDnName(), x509CertificateObject.getSerialNumber())), digetstAlgIdentifier, null, sigAlgIdentifier, new DEROctetString(getSignData(getSignAlgName(digetstAlgIdentifier, sigAlgIdentifier), privateKey, bArr)), null);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(signerInfo);
            BERSet bERSet = new BERSet(aSN1EncodableVector);
            ContentInfo contentInfo = new ContentInfo(this.DATA, this.isFile ? null : new DEROctetString(bArr));
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(x509CertificateObject.getCertificate());
            ContentInfo contentInfo2 = new ContentInfo(this.SIGNED_DATA, new SignedData(new BERSet(digetstAlgIdentifier), contentInfo, new BERSet(aSN1EncodableVector2), null, bERSet));
            if (!this.isFile) {
                return contentInfo2.getDEREncoded();
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(contentInfo2.getDEREncoded());
            byteArrayOutputStream.write(new DERUTF8String(this.fileName).getDEREncoded());
            byteArrayOutputStream.write(new DERUTCTime(new Date()).getDEREncoded());
            byteArrayOutputStream.write(new DEROctetString(bArr).getDEREncoded());
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            KCaseLogging.print(e);
            if (JCEUtil.getErrorcode() == 0) {
                JCEUtil.setErrorcode("60013");
            }
            throw new PKCS7Exception("(KSign) PKCS7 : signedData type generate error    " + e.toString());
        }
    }

    public void streamClose(Object obj) {
        if (obj != null) {
            try {
                if (obj instanceof InputStream) {
                    ((InputStream) obj).close();
                } else if (obj instanceof OutputStream) {
                    ((OutputStream) obj).close();
                }
            } catch (Exception unused) {
            }
        }
    }

    protected void toBlockCipher(InputStream inputStream, OutputStream outputStream, Cipher cipher) throws IOException {
        byte[] bArr = new byte[1048576];
        Object obj = null;
        try {
            CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
            while (true) {
                try {
                    int read = cipherInputStream.read(bArr);
                    if (read == -1) {
                        outputStream.flush();
                        streamClose(cipherInputStream);
                        return;
                    }
                    outputStream.write(bArr, 0, read);
                } catch (Throwable th) {
                    th = th;
                    obj = cipherInputStream;
                    streamClose(obj);
                    throw th;
                }
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    protected void toBlockCipher(byte[] bArr, OutputStream outputStream, Cipher cipher) throws IOException {
        toBlockCipher(new ByteArrayInputStream(bArr), outputStream, cipher);
    }

    protected byte[] toBlockCipher(byte[] bArr, Cipher cipher) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        toBlockCipher(bArr, byteArrayOutputStream, cipher);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] toByteArray(InputStream inputStream) throws PKCS7Exception {
        byte[] bArr = new byte[1048576];
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        byteArrayOutputStream.flush();
                        streamClose(inputStream);
                        return byteArrayOutputStream.toByteArray();
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            } catch (IOException e) {
                KCaseLogging.print((Exception) e);
                throw new PKCS7Exception("Data Read Exception :" + e.getMessage());
            }
        } catch (Throwable th) {
            streamClose(inputStream);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public InputStream toInputStream(byte[] bArr) {
        return new ByteArrayInputStream(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OutputStream verify(InputStream inputStream, OutputStream outputStream, Certificate certificate, PrivateKey privateKey, char[] cArr) throws PKCS7Exception {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        if (outputStream == null) {
            outputStream = new ByteArrayOutputStream();
        }
        try {
            try {
                try {
                    setContentInfo(aSN1InputStream);
                    if (this.contentInfo.getContentType().equals(this.DATA)) {
                        verifyData(aSN1InputStream, outputStream);
                    } else if (this.contentInfo.getContentType().equals(this.ENCRYPTED_DATA)) {
                        verifyEncrypted(aSN1InputStream, outputStream, cArr);
                    } else if (this.contentInfo.getContentType().equals(this.ENVELOPED_DATA)) {
                        verifyEnvelopedData(aSN1InputStream, outputStream, certificate, privateKey);
                    } else if (this.contentInfo.getContentType().equals(this.SIGNED_DATA)) {
                        signVerify(aSN1InputStream, outputStream);
                    } else {
                        if (!this.contentInfo.getContentType().equals(this.SIGNEDANDENVELOPED_DATA)) {
                            JCEUtil.setErrorcode("60004");
                            throw new OIDNotFoundException("(KSign) verifyPKCS7's data type is error" + this.contentInfo.getContentType().toString());
                        }
                        verifySignedAndEnveloped(aSN1InputStream, outputStream, certificate, privateKey);
                    }
                    return outputStream;
                } catch (PKCS7Exception e) {
                    throw e;
                }
            } catch (Exception e2) {
                throw new PKCS7Exception("Unspecified  Exception :" + e2.getMessage());
            }
        } finally {
            streamClose(inputStream);
            streamClose(aSN1InputStream);
        }
    }
}
