package cfca.sadk.envelope.rsa;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7EnvelopedData;
import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.util.RSAAndItsCloseSymAlgUtil;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.BEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.DEROutputStream;
import cfca.sadk.org.bouncycastle.asn1.DERSet;
import cfca.sadk.org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import cfca.sadk.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.OriginatorInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.FileOutputStream;

/* loaded from: input_file:cfca/sadk/envelope/rsa/RSAEnvelopeUtil.class */
public class RSAEnvelopeUtil {
    private static byte[] IV_8 = {50, 51, 52, 53, 54, 55, 56, 57};

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws Exception {
        return Base64.encode(envelopeMesage_None64(bArr, str, x509CertArr, null));
    }

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws Exception {
        return Base64.encode(envelopeMesage_None64(bArr, str, x509CertArr, session));
    }

    private static byte[] envelopeMesage_None64(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws PKIException, Exception {
        Mechanism mechanism;
        byte[] generateSecretKey = RSAAndItsCloseSymAlgUtil.generateSecretKey(str);
        IV_8 = RSAAndItsCloseSymAlgUtil.generateIV();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey, session));
        }
        if (!Mechanism.isSymmetricAlgorithmValid(str)) {
            throw new PKIException(new StringBuffer().append("can not support this symetric algorithm:").append(str).toString());
        }
        if (str.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(IV_8);
            mechanism = new Mechanism(str, cBCParam);
        } else {
            mechanism = new Mechanism(str);
        }
        boolean z = false;
        if (session != null && (session instanceof JNISoftLib)) {
            z = true;
        }
        return ASN1Parser.parseDERObj2Bytes(new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.envelopedData, new EnvelopedData((OriginatorInfo) null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(PKCSObjectIdentifiers.data, getAlgorithmIdentifier(mechanism, (ASN1ObjectIdentifier) PKCS7EnvelopedData.MECH_OID.get(str)), new BEROctetString(RSAAndItsCloseSymAlgUtil.crypto(z, true, generateSecretKey, bArr, mechanism))), ASN1Set.getInstance(null)))).toASN1Structure());
    }

    private static AlgorithmIdentifier getAlgorithmIdentifier(Mechanism mechanism, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier, DERNull.INSTANCE);
        if (mechanism.getMechanismType().toUpperCase().indexOf("CBC") == -1) {
            return algorithmIdentifier;
        }
        if (mechanism.getParam() == null) {
            throw new PKIException(PKIException.NULL_P7_ENVELOP_CBC_ERR, PKIException.NULL_P7_ENVELOP_CBC_ERR_DES);
        }
        return new AlgorithmIdentifier(aSN1ObjectIdentifier, new DEROctetString(((CBCParam) mechanism.getParam()).getIv()));
    }

    private static RecipientInfo toRecipientInfo(X509Cert x509Cert, byte[] bArr, Session session) throws Exception {
        DEROctetString dEROctetString = new DEROctetString((session == null || !(session instanceof JNISoftLib)) ? RSAAndItsCloseSymAlgUtil.rsaEncrypt(true, x509Cert.getPublicKey(), bArr) : RSAAndItsCloseSymAlgUtil.rsaEncryptByJNI(true, x509Cert.getPublicKey(), bArr));
        SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
        if (subjectKeyIdentifier == null) {
            throw new Exception("the cert has no extension data with SubjectKeyIdentifier,can not create envelope data");
        }
        return new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier((ASN1OctetString) new DEROctetString(subjectKeyIdentifier.getKeyIdentifier())), x509Cert.getCertStructure().getSubjectPublicKeyInfo().getAlgorithm(), dEROctetString));
    }

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws Exception {
        envelopeFile(str, str2, str3, x509CertArr, null);
    }

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws Exception {
        Mechanism mechanism;
        byte[] generateSecretKey = RSAAndItsCloseSymAlgUtil.generateSecretKey(str3);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(toRecipientInfo(x509Cert, generateSecretKey, session));
        }
        if (!Mechanism.isSymmetricAlgorithmValid(str3)) {
            throw new PKIException(new StringBuffer().append("can not support this symetric algorithm:").append(str3).toString());
        }
        if (str3.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam();
            cBCParam.setIv(IV_8);
            mechanism = new Mechanism(str3, cBCParam);
        } else {
            mechanism = new Mechanism(str3);
        }
        AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(mechanism, (ASN1ObjectIdentifier) PKCS7EnvelopedData.MECH_OID.get(str3));
        boolean z = false;
        if (session != null && (session instanceof JNISoftLib)) {
            z = true;
        }
        ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, new RSAEnvelopedData(null, new DERSet(aSN1EncodableVector), new RSAEncryptedContentInfo(PKCSObjectIdentifiers.encryptedData, algorithmIdentifier, new RSAEncryptedInputStream(z, new File(str), generateSecretKey, mechanism)), null));
        File file = new File(str2);
        if (!file.exists()) {
            file.createNewFile();
        }
        DEROutputStream dEROutputStream = new DEROutputStream(new FileOutputStream(str2));
        dEROutputStream.writeObject(contentInfo);
        dEROutputStream.close();
    }
}
