package cn.eseals.crypto;

import cn.eseals.certificate.CommonCertificate;
import cn.eseals.certificate.X509Principal;
import cn.eseals.data.DerInputStream;
import cn.eseals.data.DerOutputStream;
import cn.eseals.data.DerValue;
import cn.eseals.data.ObjectIdentifier;
import cn.eseals.security.spec.CommonAlgorithmId;
import com.eseals.itextpdf.text.pdf.security.SecurityIDs;
import com.eseals.itextpdf.text.xml.xmp.XmpWriter;
import java.io.IOException;

/* loaded from: input_file:cn/eseals/crypto/SignedData.class */
class SignedData implements ISignedData {
    private CommonCertificate cert;
    private static ObjectIdentifier OID_SignedData;
    private static ObjectIdentifier OID_Data;
    private CommonAlgorithmId hashAlg;
    private CommonAlgorithmId signAlg;
    private byte[] sigContent;
    private ICryptoProvider privoder;
    public static final int SIGNED_DATA_VERSION = 1;
    public static final int SIGNER_INFO_VERSION = 1;
    private ISignature signer;

    static {
        try {
            OID_SignedData = new ObjectIdentifier(SecurityIDs.ID_PKCS7_SIGNED_DATA);
            OID_Data = new ObjectIdentifier(SecurityIDs.ID_PKCS7_DATA);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public SignedData(ICryptoProvider iCryptoProvider) {
        this.privoder = iCryptoProvider;
    }

    @Override // cn.eseals.crypto.ISignedData
    public void init(byte[] bArr) throws Exception {
        init(bArr, null, null);
    }

    private void initData(byte[] bArr) throws Exception {
        try {
            this.cert = new CommonCertificate(bArr);
            this.sigContent = null;
            this.hashAlg = null;
        } catch (Exception e) {
            DerValue derValue = new DerValue(bArr);
            DerValue derValue2 = derValue.data.getDerValue();
            if (derValue2.tag != 6 || !derValue2.getOID().equals(OID_SignedData)) {
                throw new Exception("Invalid signed data.");
            }
            DerValue derValue3 = derValue.data.getDerValue();
            if (!derValue3.isContextSpecific((byte) 0)) {
                throw new Exception("Invalid signed data top element.");
            }
            DerValue derValue4 = derValue3.data.getDerValue();
            if (derValue4.tag != 48) {
                throw new Exception("Invalid signed data element.");
            }
            DerInputStream derInputStream = derValue4.data;
            if (1 != derInputStream.getInteger()) {
                throw new Exception("Invalid version of signed data.");
            }
            DerValue derValue5 = derInputStream.getDerValue();
            if (derValue5.tag != 49) {
                throw new Exception("Invalid hash algoritm element type.");
            }
            CommonAlgorithmId commonAlgorithmId = new CommonAlgorithmId(derValue5.data.getDerValue());
            DerValue derValue6 = derInputStream.getDerValue();
            if (derValue6.tag != 48) {
                throw new Exception("Invalid content of signed data.");
            }
            DerValue derValue7 = derValue6.data.getDerValue();
            if (derValue7.tag != 6 || !derValue7.getOID().equals(OID_Data)) {
                throw new Exception("Invalid content identifier of signed data.");
            }
            DerValue derValue8 = derInputStream.getDerValue();
            if (!derValue8.isContextSpecific((byte) 0)) {
                throw new Exception("Invalid certificate element of signed data.");
            }
            DerValue derValue9 = derValue8.data.getDerValue();
            if (derValue9.tag != 48) {
                throw new Exception("Invalid certificate content of signed data.");
            }
            this.cert = new CommonCertificate(derValue9.toByteArray());
            DerValue derValue10 = derInputStream.getDerValue();
            if (derInputStream.available() != 0) {
                derValue10 = derInputStream.getDerValue();
            }
            if (derValue10.tag != 49) {
                throw new Exception("Invalid signature set of signed data.");
            }
            DerValue derValue11 = derValue10.data.getDerValue();
            if (derValue10.data.available() != 0) {
                throw new Exception("More than one signature in a signed data.");
            }
            DerInputStream derInputStream2 = derValue11.data;
            if (1 != derInputStream2.getInteger()) {
                throw new Exception("Invalid version of signer data.");
            }
            DerValue derValue12 = derInputStream2.getDerValue();
            if (derValue12.tag != 48) {
                throw new Exception("Invalid issuer tag.");
            }
            if (!new X509Principal(derValue12.data.getDerValue().toByteArray()).equals(this.cert.getIssuerDN())) {
                throw new Exception("Invalid signer.");
            }
            DerValue derValue13 = derValue12.data.getDerValue();
            if (derValue13.tag != 2 || !derValue13.getBigInteger().equals(this.cert.getSerialNumber())) {
                throw new Exception("Invalid serial number.");
            }
            this.hashAlg = new CommonAlgorithmId(derInputStream2.getDerValue());
            if (!this.hashAlg.equals(commonAlgorithmId)) {
                throw new Exception("正文哈希算法和签名哈希算法不一致。");
            }
            this.signAlg = new CommonAlgorithmId(derInputStream2.getDerValue());
            this.sigContent = derInputStream2.getOctetString();
        }
    }

    @Override // cn.eseals.crypto.ISignedData
    public void init(byte[] bArr, byte[] bArr2) throws Exception {
        init(bArr, null, bArr2);
    }

    private void initSigner() throws Exception {
        if (this.hashAlg == null) {
            if (this.cert == null) {
                throw new Exception("还没初始化。");
            }
            String algorithm = this.cert.getPublicKey().getAlgorithm();
            if (algorithm.equals(CommonAlgorithmId.ALGORITHM_SM2) || algorithm.equals("ECC")) {
                this.hashAlg = new CommonAlgorithmId(CommonAlgorithmId.ALGORITHM_SM3);
                this.signAlg = new CommonAlgorithmId(CommonAlgorithmId.ALGORITHM_SM2);
            } else {
                if (!algorithm.equals("RSA")) {
                    throw new Exception("未知的算法：" + algorithm + "/" + this.cert.getPublicKey().getAlgorithm());
                }
                this.hashAlg = new CommonAlgorithmId("SHA1");
                this.signAlg = new CommonAlgorithmId("RSA");
            }
        }
        if (this.signAlg.getAlgorithm().equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            this.signer = this.privoder.createSigner("SM3withSM2");
        } else {
            if (!this.signAlg.getAlgorithm().equals("RSA")) {
                throw new Exception("未知的算法：" + this.signAlg.getAlgorithm());
            }
            this.signer = this.privoder.createSigner(CommonAlgorithmId.ALGORITHM_SHA1WITHRSA);
        }
    }

    @Override // cn.eseals.crypto.ISignedData
    public void update(byte[] bArr) throws Exception {
        this.signer.update(bArr);
    }

    @Override // cn.eseals.crypto.ISignedData
    public void setStringData(String str) throws Exception {
        this.signer.update(str.getBytes(XmpWriter.UTF16LE));
    }

    @Override // cn.eseals.crypto.ISignedData
    public byte[] getCertificate() throws Exception {
        if (this.cert == null) {
            return null;
        }
        return this.cert.getEncoded();
    }

    @Override // cn.eseals.crypto.ISignedData
    public byte[] sign() throws Exception {
        this.sigContent = this.signer.sign();
        DerOutputStream derOutputStream = new DerOutputStream();
        encodeSignerInfo(derOutputStream);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        encodeSignedDataContent(derOutputStream2, derOutputStream);
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.putOID(OID_SignedData);
        derOutputStream3.write((byte) -96, new DerOutputStream((byte) 48, derOutputStream2));
        return new DerOutputStream(derOutputStream3).toByteArray();
    }

    private void encodeSignedDataContent(DerOutputStream derOutputStream, DerOutputStream derOutputStream2) throws Exception {
        derOutputStream.putInteger(1);
        DerOutputStream derOutputStream3 = new DerOutputStream();
        this.hashAlg.encode(derOutputStream3);
        derOutputStream.write((byte) 49, derOutputStream3);
        DerOutputStream derOutputStream4 = new DerOutputStream();
        derOutputStream4.putOID(OID_Data);
        derOutputStream.write((byte) 48, derOutputStream4);
        derOutputStream.write((byte) -96, this.cert.getEncoded());
        derOutputStream.write((byte) 49, new DerOutputStream(derOutputStream2));
    }

    private void encodeSignerInfo(DerOutputStream derOutputStream) throws Exception {
        derOutputStream.putInteger(1);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.write(this.cert.getIssuerX500Principal().getEncoded());
        derOutputStream2.putInteger(this.cert.getSerialNumber());
        derOutputStream.write((byte) 48, derOutputStream2);
        this.hashAlg.encode(derOutputStream);
        this.signAlg.encode(derOutputStream);
        derOutputStream.putOctetString(this.sigContent);
    }

    @Override // cn.eseals.crypto.ISignedData
    public void verify() throws Exception {
        if (this.signer == null) {
            throw new Exception("尚未设置原文数据，无法验证。");
        }
        this.signer.verify(this.sigContent);
    }

    @Override // cn.eseals.crypto.ISignedData
    public void init(byte[] bArr, IPrivateKey iPrivateKey) throws Exception {
        init(bArr, iPrivateKey, null);
    }

    @Override // cn.eseals.crypto.ISignedData
    public void init(byte[] bArr, IPrivateKey iPrivateKey, byte[] bArr2) throws Exception {
        initData(bArr);
        initSigner();
        if (this.sigContent == null) {
            this.signer.initSign(iPrivateKey, bArr2);
        } else {
            this.signer.initVerify(this.cert.getPublicKey().getEncoded(), bArr2);
        }
    }
}
