package cmbc.cfca.util;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cmbc.cfca.asn1.parser.ASN1Node;
import cmbc.cfca.asn1.parser.BigFileDecrypt;
import cmbc.cfca.asn1.parser.EnvelopFileParser;
import cmbc.cfca.internal.tool.ASN1Parser;
import cmbc.cfca.org.bouncycastle.asn1.ASN1OctetString;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Primitive;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Sequence;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Set;
import cmbc.cfca.org.bouncycastle.asn1.DEROctetString;
import cmbc.cfca.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cmbc.cfca.org.bouncycastle.asn1.cms.EnvelopedData;
import cmbc.cfca.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cmbc.cfca.org.bouncycastle.asn1.cms.RecipientInfo;
import cmbc.cfca.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cmbc.cfca.org.bouncycastle.cms.CMSEnvelopedData;
import cmbc.cfca.org.bouncycastle.crypto.engines.DESedeEngine;
import cmbc.cfca.org.bouncycastle.crypto.engines.RC4Engine;
import cmbc.cfca.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cmbc.cfca.org.bouncycastle.crypto.paddings.PKCS7Padding;
import cmbc.cfca.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cmbc.cfca.org.bouncycastle.crypto.params.KeyParameter;
import cmbc.cfca.org.bouncycastle.crypto.params.ParametersWithIV;
import cmbc.cfca.rsa.envelope.RSAEnvelopeUtil;
import cmbc.cfca.rsa.envelope.RSASymmetricCryptoUtil;
import cmbc.cfca.sm.algorithm.SM4Engine;
import cmbc.cfca.sm2.envelope.SM2EnvelopeUtil;
import cmbc.cfca.sm2.envelope.SM2SymmetricCryptoUtil;
import cmbc.cfca.sm2rsa.common.CBCParam;
import cmbc.cfca.sm2rsa.common.GlobalVariable;
import cmbc.cfca.sm2rsa.common.Mechanism;
import cmbc.cfca.sm2rsa.common.PKCS7EnvelopedData;
import cmbc.cfca.sm2rsa.common.PKCS7SignedData2;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.Debugger;
import cmbc.cfca.system.SM2Compatible;
import cmbc.cfca.util.cipher.lib.BCSoftLib;
import cmbc.cfca.util.cipher.lib.Session;
import cmbc.cfca.x509.certificate.X509Cert;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.security.PrivateKey;

/* loaded from: input_file:cmbc/cfca/util/EnvelopeUtil.class */
public class EnvelopeUtil {
    public static final int recipient_policy_requiredSubjectKeyId = 0;
    public static final int recipient_policy_useSubjectKeyIdExt = 1;
    public static final int recipient_policy_useIssuerAndSerialNumber = 2;
    static final Logger logger;

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws PKIException {
        return envelopeMessage(bArr, str, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws PKIException {
        return envelopeMessage(bArr, str, x509CertArr, session, 0);
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session, int i) throws PKIException {
        byte[] envelopeMessage;
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("envelopeMessage>>>>>>Running");
            stringBuffer.append("\n sourceData: ");
            stringBuffer.append(Debugger.dump(bArr));
            stringBuffer.append("\n symmetricAlgorithm: " + str);
            stringBuffer.append("\n receiverCerts: ");
            stringBuffer.append(Debugger.dump(x509CertArr));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            stringBuffer.append("\n recipientPolicyType: " + i);
            logger.debug(stringBuffer.toString());
        }
        if (bArr != null) {
            try {
                if (bArr.length > 0) {
                    if (str == null) {
                        throw new PKIException("851200", "数字信封工具包存在必要参数: symmetricAlgorithm");
                    }
                    if (x509CertArr == null || x509CertArr.length == 0 || x509CertArr[0] == null) {
                        throw new PKIException("851200", "数字信封工具包存在必要参数: receiverCerts");
                    }
                    if (session == null) {
                        throw new PKIException("851200", "数字信封工具包存在必要参数: session");
                    }
                    try {
                        if (x509CertArr[0].isSM2Cert()) {
                            logger.debug("envelopeMessage::::::SM2EnvelopeMessage");
                            envelopeMessage = SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session, i);
                        } else {
                            if (!x509CertArr[0].isRSACert()) {
                                throw new PKIException("851201", "数字信封工具包存在无效参数: receiverCerts[RSA/SM2]");
                            }
                            logger.debug("envelopeMessage::::::RSAEnvelopeMessage");
                            envelopeMessage = RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session, i);
                        }
                        if (logger.isDebugEnabled()) {
                            logger.debug("envelopeMessage<<<<<<Finished: base64EnvelopeMessage=" + Debugger.dumpBase64(envelopeMessage));
                        }
                        return envelopeMessage;
                    } catch (Exception e) {
                        throw new PKIException("851210", "数字信封工具包创建数字信封失败", e);
                    }
                }
            } catch (PKIException e2) {
                if (logger.isErrorEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer();
                    stringBuffer2.append("envelopeMessage>>>>>>Failure");
                    stringBuffer2.append("\n sourceData: ");
                    stringBuffer2.append(Debugger.dump(bArr));
                    stringBuffer2.append("\n symmetricAlgorithm: " + str);
                    stringBuffer2.append("\n receiverCerts: ");
                    stringBuffer2.append(Debugger.dump(x509CertArr));
                    stringBuffer2.append("\n session: ");
                    stringBuffer2.append(Debugger.dump(session));
                    logger.error(stringBuffer2.toString(), (Throwable) e2);
                }
                throw e2;
            }
        }
        throw new PKIException("851200", "数字信封工具包存在必要参数: sourceData");
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws PKIException {
        envelopeFile(str, str2, str3, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws PKIException {
        envelopeFile(str, str2, str3, x509CertArr, session, 0);
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session, int i) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("envelopeFile>>>>>>Running");
            stringBuffer.append("\n sourceFilePath: ");
            stringBuffer.append(Debugger.dump(str));
            stringBuffer.append("\n encryptFilePath: ");
            stringBuffer.append(Debugger.dump(str2));
            stringBuffer.append("\n symmetricAlgorithm: " + str3);
            stringBuffer.append("\n receiverCerts: ");
            stringBuffer.append(Debugger.dump(x509CertArr));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            stringBuffer.append("\n recipientPolicyType: " + i);
            logger.debug(stringBuffer.toString());
        }
        try {
            if (str == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: sourceFilePath");
            }
            if (str2 == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: encryptFilePath");
            }
            if (str3 == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: symmetricAlgorithm");
            }
            if (x509CertArr == null || x509CertArr.length == 0 || x509CertArr[0] == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: receiverCerts");
            }
            if (session == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: session");
            }
            if (new File(str).length() <= 0) {
                throw new PKIException("851220", "数字信封工具包存在无效的文件");
            }
            try {
                if (x509CertArr[0].isSM2Cert()) {
                    logger.debug("envelopeFile::::::SM2EnvelopeFile");
                    SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session, i);
                } else {
                    if (!x509CertArr[0].isRSACert()) {
                        throw new PKIException("851200", "数字信封工具包存在必要参数: receiverCerts[RSA/SM2]");
                    }
                    logger.debug("envelopeFile::::::RSAEnvelopeFile");
                    RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session, i);
                }
                logger.debug("envelopeFile<<<<<<Finished: binaryEnvelopeFile=" + str2);
            } catch (PKIException e) {
                throw e;
            } catch (Exception e2) {
                throw new PKIException("851210", "数字信封工具包创建数字信封失败", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("envelopeFile<<<<<<Failure");
                stringBuffer2.append("\n sourceFilePath: ");
                stringBuffer2.append(Debugger.dump(str));
                stringBuffer2.append("\n encryptFilePath: ");
                stringBuffer2.append(Debugger.dump(str2));
                stringBuffer2.append("\n symmetricAlgorithm: " + str3);
                stringBuffer2.append("\n receiverCerts: ");
                stringBuffer2.append(Debugger.dump(x509CertArr));
                stringBuffer2.append("\n session: ");
                stringBuffer2.append(Debugger.dump(session));
                logger.error(stringBuffer2.toString(), (Throwable) e3);
            }
            throw e3;
        }
    }

    public static byte[] envelopeMS(byte[] bArr, String str, PrivateKey privateKey, X509Cert x509Cert, String str2, X509Cert[] x509CertArr, Session session, boolean z) throws PKIException {
        return envelopeMS(bArr, str, privateKey, x509Cert, str2, x509CertArr, session, z, 0);
    }

    public static byte[] envelopeMS(byte[] bArr, String str, PrivateKey privateKey, X509Cert x509Cert, String str2, X509Cert[] x509CertArr, Session session, boolean z, int i) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("envelopeMS>>>>>>Running");
            stringBuffer.append("\n sourceData: ");
            stringBuffer.append(Debugger.dump(bArr));
            stringBuffer.append("\n signAlg: " + str);
            stringBuffer.append("\n signPriKey: ");
            stringBuffer.append(Debugger.dump(privateKey));
            stringBuffer.append("\n signCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            stringBuffer.append("\n symmetricAlgorithm: " + str2);
            stringBuffer.append("\n receiverCerts: ");
            stringBuffer.append(Debugger.dump(x509CertArr));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            stringBuffer.append("\n sm2WithZFlag: " + z);
            stringBuffer.append("\n recipientPolicyType: " + i);
            logger.debug(stringBuffer.toString());
        }
        try {
            if (bArr == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: sourceData");
            }
            if (str == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: signAlg");
            }
            if (privateKey == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: signPriKey");
            }
            if (x509Cert == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: signCert");
            }
            if (str2 == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: symmetricAlgorithm");
            }
            if (x509CertArr == null || x509CertArr.length == 0) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: receiverCerts");
            }
            if (session == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: session");
            }
            try {
                PKCS7SignedData2 pKCS7SignedData2 = new PKCS7SignedData2(session);
                X509Cert[] x509CertArr2 = {x509Cert};
                Mechanism mechanism = new Mechanism(str);
                byte[] sign = session.sign(mechanism, privateKey, bArr, z);
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer();
                    stringBuffer2.append("envelopeMS::::::p7SignMessageAttach, signture=");
                    stringBuffer2.append(Debugger.dump(sign));
                    logger.debug(stringBuffer2.toString());
                }
                byte[] packageSignedData = pKCS7SignedData2.packageSignedData(true, null, bArr, sign, mechanism, x509CertArr2);
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer3 = new StringBuffer();
                    stringBuffer3.append("envelopeMS::::::p7SignMessageAttach, signedData=");
                    stringBuffer3.append(Debugger.dump(packageSignedData));
                    logger.debug(stringBuffer3.toString());
                }
                try {
                    byte[] envelopeMessage = envelopeMessage(packageSignedData, str2, x509CertArr, session, i);
                    if (logger.isDebugEnabled()) {
                        StringBuffer stringBuffer4 = new StringBuffer();
                        stringBuffer4.append("envelopeMS<<<<<<EnvelopeMessage, base64EnvelopeMessage=");
                        stringBuffer4.append(Debugger.dumpBase64(envelopeMessage));
                        logger.debug(stringBuffer4.toString());
                    }
                    return envelopeMessage;
                } catch (Exception e) {
                    throw new PKIException("851210", "数字信封工具包创建数字信封失败", e);
                }
            } catch (Exception e2) {
                throw new PKIException("851212", "数字信封工具包创建数字签名失败", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer5 = new StringBuffer();
                stringBuffer5.append("envelopeMS<<<<<<Failure");
                stringBuffer5.append("\n sourceData: ");
                stringBuffer5.append(Debugger.dump(bArr));
                stringBuffer5.append("\n signAlg: " + str);
                stringBuffer5.append("\n signPriKey: ");
                stringBuffer5.append(Debugger.dump(privateKey));
                stringBuffer5.append("\n signCert: ");
                stringBuffer5.append(Debugger.dump(x509Cert));
                stringBuffer5.append("\n symmetricAlgorithm: " + str2);
                stringBuffer5.append("\n receiverCerts: ");
                stringBuffer5.append(Debugger.dump(x509CertArr));
                stringBuffer5.append("\n session: ");
                stringBuffer5.append(Debugger.dump(session));
                stringBuffer5.append("\n sm2WithZFlag: " + z);
                logger.error(stringBuffer5.toString(), (Throwable) e3);
            }
            throw e3;
        }
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        byte[] decrypt;
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("openEvelopedMessage>>>>>>Running");
            stringBuffer.append("\n base64EnvelopedData: ");
            stringBuffer.append(Debugger.dump(bArr));
            stringBuffer.append("\n privateKey: ");
            stringBuffer.append(Debugger.dump(privateKey));
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (bArr == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: base64EnvelopedData");
            }
            if (privateKey == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: privateKey");
            }
            if (x509Cert == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recipientCert");
            }
            if (!x509Cert.isSM2Cert() && !x509Cert.isRSACert()) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recipientCert[RSA/SM2]");
            }
            if (session == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: session");
            }
            try {
                boolean isSM2Cert = x509Cert.isSM2Cert();
                EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(ASN1Parser.isBase64Encode(bArr) ? Base64.decode(bArr) : bArr).toASN1Structure().getContent());
                byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(isSM2Cert, privateKey, x509Cert, envelopedData.getRecipientInfos(), session);
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                Mechanism buildMechanism = buildMechanism(encryptedContentInfo.getContentEncryptionAlgorithm());
                byte[] octets = encryptedContentInfo.getEncryptedContent().getOctets();
                if (isSM2Cert) {
                    if (logger.isDebugEnabled()) {
                        StringBuffer stringBuffer2 = new StringBuffer();
                        stringBuffer2.append("openEvelopedMessage::::::SM2Decrypt");
                        stringBuffer2.append(",symmetricKey=");
                        stringBuffer2.append(Debugger.dump(checkRecipientsAndSymmetricKey));
                        stringBuffer2.append(",mechanism=");
                        stringBuffer2.append(Debugger.dump(buildMechanism));
                        logger.debug(stringBuffer2.toString());
                    }
                    decrypt = SM2SymmetricCryptoUtil.cryptoUtil(false, checkRecipientsAndSymmetricKey, octets, buildMechanism);
                } else {
                    if (logger.isDebugEnabled()) {
                        StringBuffer stringBuffer3 = new StringBuffer();
                        stringBuffer3.append("openEvelopedMessage::::::RSADecrypt");
                        stringBuffer3.append(",symmetricKey=");
                        stringBuffer3.append(Debugger.dump(checkRecipientsAndSymmetricKey));
                        stringBuffer3.append(",mechanism=");
                        stringBuffer3.append(Debugger.dump(buildMechanism));
                        logger.debug(stringBuffer3.toString());
                    }
                    decrypt = RSASymmetricCryptoUtil.decrypt(checkRecipientsAndSymmetricKey, octets, buildMechanism);
                }
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer4 = new StringBuffer();
                    stringBuffer4.append("openEvelopedMessage<<<<<<sourceData=");
                    stringBuffer4.append(Debugger.dump(decrypt));
                    logger.debug(stringBuffer4.toString());
                }
                return decrypt;
            } catch (PKIException e) {
                throw e;
            } catch (Exception e2) {
                throw new PKIException("851211", "数字信封工具包创建数字信封失败", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer5 = new StringBuffer();
                stringBuffer5.append("openEvelopedMessage<<<<<<Failure");
                stringBuffer5.append("\n base64EnvelopedData: ");
                stringBuffer5.append(Debugger.dump(bArr));
                stringBuffer5.append("\n privateKey: ");
                stringBuffer5.append(Debugger.dump(privateKey));
                stringBuffer5.append("\n recipientCert: ");
                stringBuffer5.append(Debugger.dump(x509Cert));
                stringBuffer5.append("\n session: ");
                stringBuffer5.append(Debugger.dump(session));
                logger.error(stringBuffer5.toString(), (Throwable) e3);
            }
            throw e3;
        }
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("openEnvelopedFile>>>>>>Running");
            stringBuffer.append("\n envelopedFilePath: ");
            stringBuffer.append(Debugger.dump(str));
            stringBuffer.append("\n plainTextFilePath: ");
            stringBuffer.append(Debugger.dump(str2));
            stringBuffer.append("\n privateKey: ");
            stringBuffer.append(Debugger.dump(privateKey));
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (str == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: envelopedFilePath");
            }
            if (str2 == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: plainTextFilePath");
            }
            if (privateKey == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: privateKey");
            }
            if (x509Cert == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recipientCert");
            }
            if (!x509Cert.isSM2Cert() && !x509Cert.isRSACert()) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recipientCert[RSA/SM2]");
            }
            if (session == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: session");
            }
            FileOutputStream fileOutputStream = null;
            BufferedOutputStream bufferedOutputStream = null;
            try {
                try {
                    EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
                    envelopFileParser.parser();
                    ASN1Node receiver_node = envelopFileParser.getReceiver_node();
                    ASN1Node encrypted_node = envelopFileParser.getEncrypted_node();
                    boolean isSM2Cert = x509Cert.isSM2Cert();
                    byte[] checkRecipientsAndSymmetricKey = checkRecipientsAndSymmetricKey(isSM2Cert, privateKey, x509Cert, ASN1Set.getInstance(receiver_node.getData()), session);
                    Mechanism buildMechanism = buildMechanism(AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) encrypted_node.childNodes.get(1)).getData())));
                    File file = new File(str2);
                    if (!file.exists()) {
                        file.createNewFile();
                    }
                    FileOutputStream fileOutputStream2 = new FileOutputStream(file);
                    BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(fileOutputStream2, GlobalVariable.BIG_FILE_BUFFER);
                    if (isSM2Cert) {
                        if (logger.isDebugEnabled()) {
                            StringBuffer stringBuffer2 = new StringBuffer();
                            stringBuffer2.append("openEnvelopedFile::::::SM2Decrypt Running");
                            stringBuffer2.append(",symmetricKey=");
                            stringBuffer2.append(Debugger.dump(checkRecipientsAndSymmetricKey));
                            stringBuffer2.append(",mechanism=");
                            stringBuffer2.append(Debugger.dump(buildMechanism));
                            logger.debug(stringBuffer2.toString());
                        }
                        ASN1Node aSN1Node = (ASN1Node) encrypted_node.childNodes.get(2);
                        if (aSN1Node.childNodes.size() == 1) {
                            aSN1Node = (ASN1Node) aSN1Node.childNodes.get(0);
                        }
                        BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new SM4Engine(), (CBCParam) buildMechanism.getParam(), aSN1Node, bufferedOutputStream2);
                        logger.debug("openEnvelopedFile::::::SM2Decrypt Finished.");
                    } else {
                        if (logger.isDebugEnabled()) {
                            StringBuffer stringBuffer3 = new StringBuffer();
                            stringBuffer3.append("openEnvelopedFile::::::RSADecrypt Running");
                            stringBuffer3.append(",symmetricKey=");
                            stringBuffer3.append(Debugger.dump(checkRecipientsAndSymmetricKey));
                            stringBuffer3.append(",mechanism=");
                            stringBuffer3.append(Debugger.dump(buildMechanism));
                            logger.debug(stringBuffer3.toString());
                        }
                        ASN1Node aSN1Node2 = (ASN1Node) encrypted_node.childNodes.get(2);
                        if (aSN1Node2.childNodes.size() == 0) {
                            logger.debug("openEnvelopedFile::::::DEREncoding");
                            if (buildMechanism.getMechanismType().equals("RC4")) {
                                logger.debug("openEnvelopedFile::::::DEREncoding#RC4");
                                BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node2, bufferedOutputStream2);
                            } else {
                                logger.debug("openEnvelopedFile::::::DEREncoding#DESede");
                                BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node2, bufferedOutputStream2);
                            }
                        } else if (aSN1Node2.childNodes.size() == 1) {
                            logger.debug("openEnvelopedFile::::::BEREncoding");
                            ASN1Node aSN1Node3 = (ASN1Node) aSN1Node2.childNodes.get(0);
                            if (buildMechanism.getMechanismType().equals("RC4")) {
                                logger.debug("openEnvelopedFile::::::BEREncoding#RC4");
                                BigFileDecrypt.bigFileRC4Decrypt(checkRecipientsAndSymmetricKey, aSN1Node3, bufferedOutputStream2);
                            } else {
                                logger.debug("openEnvelopedFile::::::BEREncoding#DESede");
                                BigFileDecrypt.bigFileBlockDecrypt(checkRecipientsAndSymmetricKey, new DESedeEngine(), (CBCParam) buildMechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                            }
                        } else {
                            logger.debug("openEnvelopedFile::::::MSEncoding");
                            DecryptMicrosoftFile(buildMechanism, checkRecipientsAndSymmetricKey, aSN1Node2, bufferedOutputStream2);
                        }
                        logger.debug("openEnvelopedFile::::::RSADecrypt Finished.");
                    }
                    if (bufferedOutputStream2 != null) {
                        try {
                            bufferedOutputStream2.close();
                        } catch (Exception e) {
                        }
                    }
                    if (fileOutputStream2 != null) {
                        try {
                            fileOutputStream2.close();
                        } catch (Exception e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            bufferedOutputStream.close();
                        } catch (Exception e3) {
                        }
                    }
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e4) {
                        }
                    }
                    throw th;
                }
            } catch (PKIException e5) {
                throw e5;
            } catch (Exception e6) {
                throw new PKIException("851211", "数字信封工具包创建数字信封失败", e6);
            }
        } catch (PKIException e7) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer();
                stringBuffer4.append("openEnvelopedFile>>>>>>Running");
                stringBuffer4.append("\n envelopedFilePath: ");
                stringBuffer4.append(Debugger.dump(str));
                stringBuffer4.append("\n plainTextFilePath: ");
                stringBuffer4.append(Debugger.dump(str2));
                stringBuffer4.append("\n privateKey: ");
                stringBuffer4.append(Debugger.dump(privateKey));
                stringBuffer4.append("\n recipientCert: ");
                stringBuffer4.append(Debugger.dump(x509Cert));
                stringBuffer4.append("\n session: ");
                stringBuffer4.append(Debugger.dump(session));
                logger.error(stringBuffer4.toString(), (Throwable) e7);
            }
            throw e7;
        }
    }

    public static byte[] openEnvelopedMS(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("openEnvelopedMS>>>>>>Running");
            stringBuffer.append("\n base64P7SignedDataAndEnvelopedData: ");
            stringBuffer.append(Debugger.dump(bArr));
            stringBuffer.append("\n recvPriKey: ");
            stringBuffer.append(Debugger.dump(privateKey));
            stringBuffer.append("\n recvCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (bArr == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: base64P7SignedDataAndEnvelopedData");
            }
            if (privateKey == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recvPriKey");
            }
            if (x509Cert == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: recvCert");
            }
            if (session == null) {
                throw new PKIException("851200", "数字信封工具包存在必要参数: session");
            }
            try {
                byte[] openEvelopedMessage = openEvelopedMessage(bArr, privateKey, x509Cert, session);
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer();
                    stringBuffer2.append("openEnvelopedMS::::::openEvelopedMessage, signedData=");
                    stringBuffer2.append(Debugger.dump(openEvelopedMessage));
                    logger.debug(stringBuffer2.toString());
                }
                boolean z = true;
                byte[] bArr2 = null;
                try {
                    PKCS7SignedData2 pKCS7SignedData2 = new PKCS7SignedData2(session);
                    pKCS7SignedData2.loadAsn1(openEvelopedMessage);
                    if (pKCS7SignedData2.verifyP7SignedDataAttach()) {
                        bArr2 = pKCS7SignedData2.getSourceData();
                    } else {
                        z = false;
                    }
                    if (logger.isDebugEnabled()) {
                        StringBuffer stringBuffer3 = new StringBuffer();
                        stringBuffer3.append("openEnvelopedMS::::::p7VerifyMessageAttach, pass=");
                        stringBuffer3.append(z);
                        stringBuffer3.append(",sourceData=");
                        stringBuffer3.append(Debugger.dump(bArr2));
                        logger.debug(stringBuffer3.toString());
                    }
                    if (z) {
                        return bArr2;
                    }
                    throw new PKIException("851213", "数字信封工具包存在无效数字签名失");
                } catch (Exception e) {
                    throw new PKIException("851214", "851214", e);
                }
            } catch (Exception e2) {
                throw new PKIException("851211", "数字信封工具包创建数字信封失败", e2);
            }
        } catch (PKIException e3) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer();
                stringBuffer4.append("openEnvelopedMS<<<<<<Failure");
                stringBuffer4.append("\n base64P7SignedDataAndEnvelopedData: ");
                stringBuffer4.append(Debugger.dump(bArr));
                stringBuffer4.append("\n recvPriKey: ");
                stringBuffer4.append(Debugger.dump(privateKey));
                stringBuffer4.append("\n recvCert: ");
                stringBuffer4.append(Debugger.dump(x509Cert));
                stringBuffer4.append("\n session: ");
                stringBuffer4.append(Debugger.dump(session));
                logger.error(stringBuffer4.toString(), (Throwable) e3);
            }
            throw e3;
        }
    }

    private static byte[] checkRecipientsAndSymmetricKey(boolean z, PrivateKey privateKey, X509Cert x509Cert, ASN1Set aSN1Set, Session session) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("checkRecipientsAndSymmetricKey::>>>>>>Running");
            stringBuffer.append("\n sm2Type: " + z);
            stringBuffer.append("\n privateKey: ");
            stringBuffer.append(Debugger.dump(privateKey));
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(Debugger.dump(x509Cert));
            stringBuffer.append("\n receivers: ");
            stringBuffer.append(Debugger.dump((ASN1Primitive) aSN1Set));
            stringBuffer.append("\n session: ");
            stringBuffer.append(Debugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (aSN1Set == null) {
                throw new PKIException("851221", "数字信封工具包没有接收者信息");
            }
            ASN1OctetString aSN1OctetString = null;
            AlgorithmIdentifier algorithmIdentifier = null;
            int size = aSN1Set.size();
            if (logger.isDebugEnabled()) {
                logger.debug("checkRecipientsAndSymmetricKey::::::::FindRecipientInfo[Runnning]");
            }
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
                if (logger.isDebugEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer();
                    stringBuffer2.append("checkRecipientsAndSymmetricKey::::::::ShowRecipientInfo");
                    stringBuffer2.append("\n RecipientInfo=");
                    stringBuffer2.append(Debugger.dump(recipientInfo));
                    logger.debug(stringBuffer2.toString());
                }
                if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                    KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                    if (x509Cert.isRecipent(keyTransRecipientInfo)) {
                        aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                        algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                        if (logger.isDebugEnabled()) {
                            StringBuffer stringBuffer3 = new StringBuffer();
                            stringBuffer3.append("checkRecipientsAndSymmetricKey::::::::FindRecipientInfo");
                            stringBuffer3.append("\n EncryptedKey=");
                            stringBuffer3.append(Debugger.dump((ASN1Primitive) aSN1OctetString));
                            stringBuffer3.append("\n EncryptionAlgorithm=");
                            stringBuffer3.append(Debugger.dump(algorithmIdentifier));
                            logger.debug(stringBuffer3.toString());
                        }
                        z2 = true;
                    }
                }
                i++;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("checkRecipientsAndSymmetricKey::::::::FindRecipientInfo[Finished] findResult=" + z2);
            }
            if (aSN1OctetString == null) {
                throw new PKIException("851222", "数字信封工具包没有接收者密钥信息");
            }
            if (algorithmIdentifier == null) {
                throw new PKIException("851223", "数字信封工具包没有接收者算法信息");
            }
            Mechanism mechanism = z ? new Mechanism("SM2") : new Mechanism("RSA/ECB/PKCS1PADDING");
            byte[] octets = aSN1OctetString.getOctets();
            if (logger.isDebugEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer();
                stringBuffer4.append("checkRecipientsAndSymmetricKey::::::::Decrypt Running");
                stringBuffer4.append("\n contentEncryptionAlg: ");
                stringBuffer4.append(Debugger.dump(mechanism));
                stringBuffer4.append("\n privateKey: ");
                stringBuffer4.append(Debugger.dump(privateKey));
                stringBuffer4.append("\n encryptedKeyData: ");
                stringBuffer4.append(Debugger.dump(octets));
                stringBuffer4.append("\n session: ");
                stringBuffer4.append(Debugger.dump(session));
                logger.debug(stringBuffer4.toString());
            }
            byte[] decrypt = session.decrypt(mechanism, privateKey, octets);
            if (decrypt == null) {
                throw new PKIException("851224", "数字信封工具包恢复解密密钥失败");
            }
            return decrypt;
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer5 = new StringBuffer();
                stringBuffer5.append("checkRecipientsAndSymmetricKey::<<<<<<Failure");
                stringBuffer5.append("\n sm2Type: " + z);
                stringBuffer5.append("\n privateKey: ");
                stringBuffer5.append(Debugger.dump(privateKey));
                stringBuffer5.append("\n recipientCert: ");
                stringBuffer5.append(Debugger.dump(x509Cert));
                stringBuffer5.append("\n receivers: ");
                stringBuffer5.append(Debugger.dump((ASN1Primitive) aSN1Set));
                stringBuffer5.append("\n session: ");
                stringBuffer5.append(Debugger.dump(session));
                logger.error(stringBuffer5.toString(), (Throwable) e);
            }
            throw e;
        }
    }

    private static Mechanism buildMechanism(AlgorithmIdentifier algorithmIdentifier) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("buildMechanism::>>>>>>Running");
            stringBuffer.append("\n symmetricAlgId: ");
            stringBuffer.append(Debugger.dump(algorithmIdentifier));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (algorithmIdentifier == null) {
                throw new PKIException("851223", "数字信封工具包没有接收者算法信息");
            }
            Mechanism mechanism = null;
            String str = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier.getAlgorithm());
            if (str.indexOf("CBC") != -1) {
                CBCParam cBCParam = new CBCParam(((DEROctetString) algorithmIdentifier.getParameters()).getOctets());
                if (str.equals("DESede/CBC/PKCS7Padding")) {
                    logger.debug("buildMechanism::::::::CBC: DES3");
                    mechanism = new Mechanism("DESede/CBC/PKCS7Padding", cBCParam);
                } else if (str.equals("SM4/CBC/PKCS7Padding")) {
                    logger.debug("buildMechanism::::::::CBC: SM4");
                    mechanism = new Mechanism("SM4/CBC/PKCS7Padding", cBCParam);
                } else {
                    logger.debug("buildMechanism::::::::CBC: DoNothing");
                }
            } else if (str.indexOf("ECB") != -1) {
                if (str.equals("DESede/ECB/PKCS7Padding")) {
                    logger.debug("buildMechanism::::::::ECB: DES3");
                    mechanism = new Mechanism("DESede/ECB/PKCS7Padding");
                } else if (str.equals("SM4/ECB/PKCS7Padding")) {
                    logger.debug("buildMechanism::::::::ECB: SM4");
                    mechanism = new Mechanism("SM4/ECB/PKCS7Padding");
                } else {
                    logger.debug("buildMechanism::::::::ECB: DoNothing");
                }
            } else if (str.indexOf("RC4") != -1) {
                logger.debug("buildMechanism::::::::RC4");
                mechanism = new Mechanism("RC4");
            } else {
                logger.debug("buildMechanism::::::::DoNothing");
            }
            if (mechanism == null) {
                throw new PKIException("851225", "数字信封工具包解密算法不支持: " + str);
            }
            if (logger.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("buildMechanism::<<<<<<Finished,mechanism=");
                stringBuffer2.append(Debugger.dump(mechanism));
                logger.debug(stringBuffer2.toString());
            }
            return mechanism;
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer();
                stringBuffer3.append("buildMechanism::<<<<<<Failure");
                stringBuffer3.append("\n symmetricAlgId: ");
                stringBuffer3.append(Debugger.dump(algorithmIdentifier));
                logger.error(stringBuffer3.toString(), (Throwable) e);
            }
            throw e;
        }
    }

    private static final void DecryptMicrosoftFile(Mechanism mechanism, byte[] bArr, ASN1Node aSN1Node, BufferedOutputStream bufferedOutputStream) throws Exception {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("DecryptMicrosoftFile::>>>>>>Running");
            stringBuffer.append("\n mechanism: ");
            stringBuffer.append(Debugger.dump(mechanism));
            stringBuffer.append("\n symmetricKey: ");
            stringBuffer.append(Debugger.dump(bArr));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (mechanism.getMechanismType().equals("RC4")) {
                logger.debug("DecryptMicrosoftFile::::::::RC4");
                RC4Engine rC4Engine = new RC4Engine();
                rC4Engine.init(false, new KeyParameter(bArr));
                BigFileDecrypt.bigFileRC4Decrypt(rC4Engine, aSN1Node, bufferedOutputStream, new RandomAccessFile(aSN1Node.f, "r"));
            } else {
                DESedeEngine dESedeEngine = new DESedeEngine();
                CBCParam cBCParam = (CBCParam) mechanism.getParam();
                if (cBCParam == null) {
                    logger.debug("DecryptMicrosoftFile::::::::DESede/ECB/PKCS7Padding");
                    paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(dESedeEngine, new PKCS7Padding());
                    paddedBufferedBlockCipher.init(false, new KeyParameter(bArr));
                } else {
                    logger.debug("DecryptMicrosoftFile::::::::DESede/CBC/PKCS7Padding");
                    paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(dESedeEngine), new PKCS7Padding());
                    paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), cBCParam.getIv()));
                }
                BigFileDecrypt.bigFileBlockDecrypt(paddedBufferedBlockCipher, aSN1Node, bufferedOutputStream, new RandomAccessFile(aSN1Node.f, "r"));
            }
            if (logger.isDebugEnabled()) {
                logger.debug("DecryptMicrosoftFile::<<<<<<Finished");
            }
        } catch (Exception e) {
            if (logger.isDebugEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                stringBuffer2.append("DecryptMicrosoftFile::<<<<<<Failure");
                stringBuffer2.append("\n mechanism: ");
                stringBuffer2.append(Debugger.dump(mechanism));
                stringBuffer2.append("\n symmetricKey: ");
                stringBuffer2.append(Debugger.dump(bArr));
                logger.debug(stringBuffer2.toString());
            }
            throw e;
        }
    }

    public static byte[] envelopeMS(byte[] bArr, String str, PrivateKey privateKey, X509Cert x509Cert, String str2, X509Cert[] x509CertArr, Session session) throws PKIException {
        logger.debug("envelopeMS::>>>>>>Running");
        try {
            byte[] envelopeMS = envelopeMS(bArr, str, privateKey, x509Cert, str2, x509CertArr, session, SM2Compatible.isOutputSM2SignedWithZ(), 0);
            logger.debug("envelopeMS::<<<<<<Finished");
            return envelopeMS;
        } catch (Throwable th) {
            logger.debug("envelopeMS::<<<<<<Finished");
            throw th;
        }
    }

    static {
        Debugger.setDebugger();
        logger = LoggerFactory.getLogger((Class<?>) EnvelopeUtil.class);
    }
}
