package cfca.rsa.envelope;

import cfca.asn1.parser.ASN1Node;
import cfca.asn1.parser.BigFileDecrypt;
import cfca.asn1.parser.EnvelopFileParser;
import cfca.internal.tool.ASN1Parser;
import cfca.internal.tool.Mechanism_Inside;
import cfca.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.org.bouncycastle.asn1.ASN1OctetString;
import cfca.org.bouncycastle.asn1.ASN1Sequence;
import cfca.org.bouncycastle.asn1.ASN1Set;
import cfca.org.bouncycastle.asn1.BEROctetString;
import cfca.org.bouncycastle.asn1.DEROctetString;
import cfca.org.bouncycastle.asn1.DEROutputStream;
import cfca.org.bouncycastle.asn1.DERSet;
import cfca.org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import cfca.org.bouncycastle.asn1.cms.ContentInfo;
import cfca.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import cfca.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.org.bouncycastle.asn1.cms.RecipientIdentifier;
import cfca.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.org.bouncycastle.crypto.engines.DESedeEngine;
import cfca.org.bouncycastle.crypto.engines.RC4Engine;
import cfca.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cfca.org.bouncycastle.crypto.paddings.PKCS7Padding;
import cfca.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cfca.org.bouncycastle.crypto.params.KeyParameter;
import cfca.org.bouncycastle.crypto.params.ParametersWithIV;
import cfca.sm2rsa.common.CBCParam;
import cfca.sm2rsa.common.GlobalVariable;
import cfca.sm2rsa.common.PKCS7EnvelopedData;
import cfca.sm2rsa.common.PKCSObjectIdentifiers;
import cfca.sm2rsa.common.PKIException;
import cfca.sm2rsa.common.SymmetricAlgorithm;
import cfca.util.Base64;
import cfca.util.cipher.lib.BCSoftLib;
import cfca.util.cipher.lib.JCrypto;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:cfca/rsa/envelope/RSAEnvelopeUtil.class */
public class RSAEnvelopeUtil {
    private static final int recipientPolicy = 0;
    private static String RSA_PKCS = "RSA/ECB/PKCS1PADDING";

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws Exception {
        return envelopeMessage(bArr, str, x509CertArr, session, 0);
    }

    public static final byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session, int i) throws Exception {
        SymmetricAlgorithm.SymmetricAlgorithmParameters buildSymmetricAlgorithmParameters = buildSymmetricAlgorithmParameters(str, x509CertArr, session, i);
        return Base64.encode(ASN1Parser.writeDERObj2Bytes(new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.envelopedData, new EnvelopedData(null, new DERSet(buildSymmetricAlgorithmParameters.recipientInfos), new EncryptedContentInfo(PKCSObjectIdentifiers.data, buildSymmetricAlgorithmParameters.contentEncryptionAlgId, new BEROctetString(RSASymmetricCryptoUtil.encrypt(buildSymmetricAlgorithmParameters.symmetricKey, bArr, buildSymmetricAlgorithmParameters.contentEncryptionAlg))), null))).toASN1Structure()));
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws Exception {
        return envelopeMessage(bArr, str, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws Exception {
        envelopeFile(str, str2, str3, x509CertArr, session, 0);
    }

    public static final void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session, int i) throws Exception {
        SymmetricAlgorithm.SymmetricAlgorithmParameters buildSymmetricAlgorithmParameters = buildSymmetricAlgorithmParameters(str3, x509CertArr, session, i);
        FileOutputStream fileOutputStream = null;
        DEROutputStream dEROutputStream = null;
        try {
            try {
                ContentInfo contentInfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, new RSAEnvelopedData(null, new DERSet(buildSymmetricAlgorithmParameters.recipientInfos), new RSAEncryptedContentInfo(PKCSObjectIdentifiers.encryptedData, buildSymmetricAlgorithmParameters.contentEncryptionAlgId, new RSAEncryptedInputStream(new File(str), buildSymmetricAlgorithmParameters.symmetricKey, buildSymmetricAlgorithmParameters.contentEncryptionAlg)), null));
                File file = new File(str2);
                if (!file.exists()) {
                    file.createNewFile();
                }
                fileOutputStream = new FileOutputStream(str2);
                dEROutputStream = new DEROutputStream(fileOutputStream);
                dEROutputStream.writeObject(contentInfo);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e) {
                    }
                }
                if (dEROutputStream != null) {
                    try {
                        dEROutputStream.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e3) {
                    }
                }
                if (dEROutputStream != null) {
                    try {
                        dEROutputStream.close();
                    } catch (Exception e4) {
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            throw e5;
        }
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws Exception {
        envelopeFile(str, str2, str3, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws Exception {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for parameters: cmsEnvelopedData");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for  parameters: privateKey");
        }
        if (x509Cert == null) {
            throw new IllegalArgumentException("null not allowed for  parameters: recipientCert");
        }
        EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(ASN1Parser.isBase64Encode(bArr) ? Base64.decode(bArr) : bArr).toASN1Structure().getContent());
        byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(privateKey, x509Cert, envelopedData.getRecipientInfos(), session);
        EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
        ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
        if (encryptedContent == null) {
            throw new SecurityException("null not allowed for EncryptedContent");
        }
        return RSASymmetricCryptoUtil.decrypt(checkRecipientsAndSymmetricKey, encryptedContent.getOctets(), buildMechanism(encryptedContentInfo.getContentEncryptionAlgorithm()));
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert) throws Exception {
        JCrypto.getInstance().initialize("JSOFT_LIB", null);
        return openEvelopedMessage(bArr, privateKey, x509Cert, JCrypto.getInstance().openSession("JSOFT_LIB"));
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws Exception {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for parameters: envelopedFilePath");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("null not allowed for  parameters: privateKey");
        }
        if (x509Cert == null) {
            throw new IllegalArgumentException("null not allowed for  parameters: recipientCert");
        }
        EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
        envelopFileParser.parser();
        ASN1Node receiver_node = envelopFileParser.getReceiver_node();
        ASN1Node encrypted_node = envelopFileParser.getEncrypted_node();
        BufferedOutputStream bufferedOutputStream = null;
        RandomAccessFile randomAccessFile = null;
        try {
            byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(privateKey, x509Cert, ASN1Set.getInstance(receiver_node.getData()), session);
            Mechanism_Inside buildMechanism = buildMechanism(AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) encrypted_node.childNodes.get(1)).getData())));
            File file = new File(str2);
            if (!file.exists()) {
                file.createNewFile();
            }
            BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(file), GlobalVariable.BIG_FILE_BUFFER);
            ASN1Node aSN1Node = (ASN1Node) encrypted_node.childNodes.get(2);
            if (aSN1Node.childNodes.size() == 0) {
                if (buildMechanism.getMechanismType().equals("RC4")) {
                    BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node, bufferedOutputStream2);
                } else {
                    BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node, bufferedOutputStream2);
                }
            } else if (aSN1Node.childNodes.size() == 1) {
                ASN1Node aSN1Node2 = (ASN1Node) aSN1Node.childNodes.get(0);
                if (buildMechanism.getMechanismType().equals("RC4")) {
                    BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node2, bufferedOutputStream2);
                } else {
                    BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node2, bufferedOutputStream2);
                }
            } else if ("RC4".equals(buildMechanism.getMechanismType())) {
                RC4Engine rC4Engine = new RC4Engine();
                rC4Engine.init(false, new KeyParameter(checkRecipientsAndSymmetricKey));
                randomAccessFile = new RandomAccessFile(aSN1Node.f, "r");
                BigFileDecrypt.bigFileRC4Decrypt(rC4Engine, aSN1Node, bufferedOutputStream2, randomAccessFile);
            } else {
                DESedeEngine dESedeEngine = new DESedeEngine();
                CBCParam cBCParam = (CBCParam) buildMechanism.getParam();
                if (cBCParam == null) {
                    paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(dESedeEngine, new PKCS7Padding());
                    paddedBufferedBlockCipher.init(false, new KeyParameter(checkRecipientsAndSymmetricKey));
                } else {
                    paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(dESedeEngine), new PKCS7Padding());
                    paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(checkRecipientsAndSymmetricKey), cBCParam.getIv()));
                }
                randomAccessFile = new RandomAccessFile(aSN1Node.f, "r");
                BigFileDecrypt.bigFileBlockDecrypt(paddedBufferedBlockCipher, aSN1Node, bufferedOutputStream2, randomAccessFile);
            }
            if (bufferedOutputStream2 != null) {
                try {
                    bufferedOutputStream2.close();
                } catch (Exception e) {
                }
            }
            if (randomAccessFile != null) {
                try {
                    randomAccessFile.close();
                } catch (Exception e2) {
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedOutputStream.close();
                } catch (Exception e3) {
                }
            }
            if (0 != 0) {
                try {
                    randomAccessFile.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert) throws Exception {
        JCrypto.getInstance().initialize("JSOFT_LIB", null);
        openEnvelopedFile(str, str2, privateKey, x509Cert, JCrypto.getInstance().openSession("JSOFT_LIB"));
    }

    private static byte[] checkRecipientsAndSymmetricKey(PrivateKey privateKey, X509Cert x509Cert, ASN1Set aSN1Set, Session session) throws Exception {
        if (aSN1Set == null) {
            throw new Exception("the receiver is null!!!");
        }
        SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
        X500Name issuerX500Name = x509Cert.getIssuerX500Name();
        BigInteger serialNumber = x509Cert.getSerialNumber();
        ASN1OctetString aSN1OctetString = null;
        AlgorithmIdentifier algorithmIdentifier = null;
        int size = aSN1Set.size();
        int i = 0;
        while (true) {
            if (i >= size) {
                break;
            }
            RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
            if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                if (hasRecipent(keyTransRecipientInfo, subjectKeyIdentifier, issuerX500Name, serialNumber)) {
                    aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                    algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                    break;
                }
            }
            i++;
        }
        if (aSN1OctetString == null || algorithmIdentifier == null) {
            throw new Exception("can not find the receiver!!!");
        }
        byte[] RSADecryptSymmetricKey = RSADecryptSymmetricKey(privateKey, aSN1OctetString.getOctets(), session);
        if (RSADecryptSymmetricKey == null) {
            throw new SecurityException("decrypt symmetricKey failure");
        }
        return RSADecryptSymmetricKey;
    }

    private static boolean hasRecipent(KeyTransRecipientInfo keyTransRecipientInfo, SubjectKeyIdentifier subjectKeyIdentifier, X500Name x500Name, BigInteger bigInteger) {
        RecipientIdentifier recipientIdentifier = keyTransRecipientInfo.getRecipientIdentifier();
        if (recipientIdentifier == null) {
            return false;
        }
        if (!recipientIdentifier.getId().toASN1Primitive().asn1Equals(new IssuerAndSerialNumber(x500Name, bigInteger).toASN1Primitive()) || subjectKeyIdentifier == null || recipientIdentifier.getId() == null) {
            return false;
        }
        return recipientIdentifier.getId().toASN1Primitive().asn1Equals(new DEROctetString(subjectKeyIdentifier.getKeyIdentifier()));
    }

    private static final SymmetricAlgorithm.SymmetricAlgorithmParameters buildSymmetricAlgorithmParameters(String str, X509Cert[] x509CertArr, Session session, int i) throws Exception {
        if (x509CertArr == null || x509CertArr.length == 0 || x509CertArr[0] == null) {
            throw new Exception("buildSymmetricAlgorithmParameters failure without ReceiverCerts");
        }
        SymmetricAlgorithm.SymmetricAlgorithmParameters buildRSASymmetricAlgorithmParameters = SymmetricAlgorithm.buildRSASymmetricAlgorithmParameters(str);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector.add(buildRecipientInfo(x509Cert, buildRSASymmetricAlgorithmParameters.symmetricKey, session, i));
        }
        buildRSASymmetricAlgorithmParameters.recipientInfos = aSN1EncodableVector;
        return buildRSASymmetricAlgorithmParameters;
    }

    private static final RecipientInfo buildRecipientInfo(X509Cert x509Cert, byte[] bArr, Session session, int i) throws Exception {
        return new RecipientInfo(new KeyTransRecipientInfo(x509Cert.generateRecipientIdentifier(i), x509Cert.getCertStructure().getSubjectPublicKeyInfo().getAlgorithm(), new DEROctetString(RSAEncryptSymmetricKey(x509Cert.getPublicKey(), bArr, session))));
    }

    private static Mechanism_Inside buildMechanism(AlgorithmIdentifier algorithmIdentifier) throws PKIException {
        Mechanism_Inside mechanism_Inside;
        String str = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier.getAlgorithm());
        if (str.indexOf("CBC") != -1) {
            CBCParam cBCParam = new CBCParam(((DEROctetString) algorithmIdentifier.getParameters()).getOctets());
            if (!str.equals("DESede/CBC/PKCS7Padding")) {
                throw new PKIException("850629", "产生签名数字信封数据,算法不支持Algorithm is:" + str);
            }
            mechanism_Inside = new Mechanism_Inside("DESede/CBC/PKCS7Padding", cBCParam);
        } else if (str.indexOf("ECB") != -1) {
            mechanism_Inside = new Mechanism_Inside("DESede/ECB/PKCS7Padding");
        } else {
            if (str.indexOf("RC4") == -1) {
                throw new PKIException("850629", "产生签名数字信封数据,算法不支持Algorithm is:" + str);
            }
            mechanism_Inside = new Mechanism_Inside("RC4");
        }
        return mechanism_Inside;
    }

    private static final byte[] RSAEncryptSymmetricKey(PublicKey publicKey, byte[] bArr, Session session) throws Exception {
        return session.encrypt(new Mechanism_Inside(RSA_PKCS), publicKey, bArr);
    }

    private static final byte[] RSADecryptSymmetricKey(PrivateKey privateKey, byte[] bArr, Session session) throws Exception {
        return session.encrypt(new Mechanism_Inside(RSA_PKCS), privateKey, bArr);
    }
}
