package cfca.util.api;

import cfca.asn1.parser.ASN1Node;
import cfca.asn1.parser.PKCS7SignFileParser;
import cfca.org.bouncycastle.asn1.ASN1Set;
import cfca.org.bouncycastle.asn1.DERTaggedObject;
import cfca.org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import cfca.org.bouncycastle.asn1.pkcs.SignerInfo;
import cfca.org.bouncycastle.asn1.x500.X500Name;
import cfca.org.bouncycastle.asn1.x509.Certificate;
import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sm2rsa.common.PKCS7SignedData2;
import cfca.sm2rsa.common.PKIException;
import cfca.system.Debugger;
import cfca.util.Base64;
import cfca.util.cipher.lib.JCrypto;
import cfca.util.cipher.lib.Session;
import cfca.x509.certificate.X509Cert;
import java.io.File;
import java.math.BigInteger;
import java.util.Enumeration;

/* loaded from: input_file:cfca/util/api/P7Helper.class */
public final class P7Helper {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) P7Helper.class);
    static volatile Session session = null;

    public static final P7Info getP7InfoFromMessage(String str) throws PKIException {
        if (StringHelper.isEmpty(str)) {
            throw new PKIException("null not allowed for base64P7SignedString");
        }
        try {
            PKCS7SignedData2 pKCS7SignedData2 = new PKCS7SignedData2(session());
            pKCS7SignedData2.loadBase64(Base64.decode(str));
            X509Cert signerX509Cert = pKCS7SignedData2.getSignerX509Cert();
            return new P7Info(signerX509Cert, pKCS7SignedData2.getSignOID(), signerX509Cert.getCertType());
        } catch (Exception e) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("getP7InfoFromMessage<<<<<<Failure");
            stringBuffer.append("\n base64P7SignedString: ");
            stringBuffer.append(Debugger.dump(str));
            logger.error(stringBuffer.toString(), (Throwable) e);
            throw new PKIException("850604", "解析PKCS7签名数据包失败", e);
        }
    }

    public static final P7Info getP7InfoFromFile(String str) throws PKIException {
        if (StringHelper.isEmpty(str)) {
            throw new PKIException("null not allowed for signFile");
        }
        try {
            PKCS7SignFileParser pKCS7SignFileParser = new PKCS7SignFileParser(new File(str));
            pKCS7SignFileParser.parser();
            logger.debug("verifyP7SignedFile::::::Parser Okay");
            ASN1Node certificate_node = pKCS7SignFileParser.getCertificate_node();
            ASN1Set aSN1Set = ASN1Set.getInstance(pKCS7SignFileParser.getSingerinfo_node().getData());
            ASN1Set aSN1Set2 = ASN1Set.getInstance(DERTaggedObject.getInstance(certificate_node.getData()), false);
            X509Cert[] x509CertArr = new X509Cert[aSN1Set2.size()];
            for (int i = 0; i < aSN1Set2.size(); i++) {
                x509CertArr[i] = new X509Cert(Certificate.getInstance(aSN1Set2.getObjectAt(i)));
            }
            Enumeration objects = aSN1Set.getObjects();
            X509Cert x509Cert = null;
            String str2 = null;
            if (objects.hasMoreElements()) {
                SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
                str2 = signerInfo.getDigestEncryptionAlgorithm().getAlgorithm().getId();
                IssuerAndSerialNumber issuerAndSerialNumber = signerInfo.getIssuerAndSerialNumber();
                x509Cert = getSignerCert(x509CertArr, issuerAndSerialNumber);
                if (x509Cert == null) {
                    if (logger.isErrorEnabled()) {
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append("verifySM2P7SignedFile<<<<<<Failure: DO NOT FIND SignerCert");
                        stringBuffer.append("\n issuerAndSN: ");
                        stringBuffer.append(Debugger.dump(issuerAndSerialNumber));
                        stringBuffer.append("\n certs: ");
                        stringBuffer.append(Debugger.dump(x509CertArr));
                        logger.error(stringBuffer.toString());
                    }
                    throw new PKIException("850649", "验证签名时，签名数据中缺少签名者证书");
                }
            }
            return new P7Info(x509Cert, str2, x509Cert.getCertType());
        } catch (Exception e) {
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append("getP7InfoFromFile<<<<<<Failure");
            stringBuffer2.append("\n signFile: ");
            stringBuffer2.append(str);
            logger.error(stringBuffer2.toString(), (Throwable) e);
            throw new PKIException("850604", "解析PKCS7签名数据包失败", e);
        }
    }

    private static X509Cert getSignerCert(X509Cert[] x509CertArr, IssuerAndSerialNumber issuerAndSerialNumber) throws PKIException {
        try {
            if (x509CertArr == null) {
                throw new PKIException("null not allowed for certs");
            }
            if (issuerAndSerialNumber == null) {
                throw new PKIException("null not allowed for issuerAndSN");
            }
            String x500Name = issuerAndSerialNumber.getName().toString();
            BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
            for (int i = 0; i < x509CertArr.length; i++) {
                if (x509CertArr[i] != null) {
                    X500Name issuerX500Name = x509CertArr[i].getIssuerX500Name();
                    BigInteger serialNumber = x509CertArr[i].getSerialNumber();
                    if (issuerX500Name.toString().equals(x500Name) && serialNumber.compareTo(value) == 0) {
                        if (logger.isDebugEnabled()) {
                            StringBuffer stringBuffer = new StringBuffer();
                            stringBuffer.append("getSignerCert::<<<<<<Finished");
                            stringBuffer.append("\n match cert: ");
                            stringBuffer.append(Debugger.dump(x509CertArr[i]));
                            logger.debug(stringBuffer.toString());
                        }
                        return x509CertArr[i];
                    }
                }
            }
            if (!logger.isErrorEnabled()) {
                return null;
            }
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append("getSignerCert::<<<<<<NO NOT FIND SignerCert");
            stringBuffer2.append("\n certs: ");
            stringBuffer2.append(Debugger.dump(x509CertArr));
            stringBuffer2.append("\n issuerAndSN: ");
            stringBuffer2.append(Debugger.dump(issuerAndSerialNumber));
            logger.error(stringBuffer2.toString());
            return null;
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer();
                stringBuffer3.append("getSignerCert::<<<<<<Failure");
                stringBuffer3.append("\n certs: ");
                stringBuffer3.append(Debugger.dump(x509CertArr));
                stringBuffer3.append("\n issuerAndSN: ");
                stringBuffer3.append(Debugger.dump(issuerAndSerialNumber));
                logger.error(stringBuffer3.toString(), (Throwable) e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isErrorEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer();
                stringBuffer4.append("getSignerCert::<<<<<<Failure");
                stringBuffer4.append("\n certs: ");
                stringBuffer4.append(Debugger.dump(x509CertArr));
                stringBuffer4.append("\n issuerAndSN: ");
                stringBuffer4.append(Debugger.dump(issuerAndSerialNumber));
                logger.error(stringBuffer4.toString(), (Throwable) e2);
            }
            throw new PKIException(e2);
        }
    }

    private static final Session session() throws PKIException {
        if (session == null) {
            synchronized (Session.class) {
                if (session == null) {
                    try {
                        JCrypto.getInstance().initialize("JSOFT_LIB", null);
                        session = JCrypto.getInstance().openSession("JSOFT_LIB");
                    } catch (PKIException e) {
                        throw new PKIException("Open session failure: " + e.getMessage());
                    }
                }
            }
        }
        return session;
    }
}
