package com.koalii.util.pkcs7;

import com.koalii.asn1.ASN1EncodableVector;
import com.koalii.asn1.ASN1InputStream;
import com.koalii.asn1.DERInteger;
import com.koalii.asn1.DEROctetString;
import com.koalii.asn1.DERSequence;
import com.koalii.asn1.DERSet;
import com.koalii.asn1.cms.CMSObjectIdentifiers;
import com.koalii.asn1.cms.ContentInfo;
import com.koalii.asn1.cms.EncryptedContentInfo;
import com.koalii.asn1.cms.EnvelopedData;
import com.koalii.asn1.cms.IssuerAndSerialNumber;
import com.koalii.asn1.cms.KeyTransRecipientInfo;
import com.koalii.asn1.cms.RecipientIdentifier;
import com.koalii.asn1.cms.RecipientInfo;
import com.koalii.asn1.x509.AlgorithmIdentifier;
import com.koalii.asn1.x509.X509Name;
import com.koalii.asn1.x509.X509NameTokenizer;
import com.koalii.cert.SecretStore;
import com.koalii.crypto.DESUtil;
import com.koalii.crypto.RSAUtil;
import com.koalii.crypto.engines.DESedeEngine;
import com.koalii.crypto.modes.CBCBlockCipher;
import com.koalii.crypto.paddings.PaddedBufferedBlockCipher;
import com.koalii.crypto.params.KeyParameter;
import com.koalii.util.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;

/* loaded from: classes2.dex */
public class PKCS7EnvelopUtil {
    private SecretStore decryptStore;

    /* loaded from: classes2.dex */
    public class EnvelopResult {
        public byte[] envelop_key = null;
        public String cert_sn = null;
        public byte[] envelop_content = null;
        public byte[] envelop_ivparam = null;

        public EnvelopResult() {
        }
    }

    public PKCS7EnvelopUtil() {
    }

    public PKCS7EnvelopUtil(SecretStore secretStore) {
        this.decryptStore = secretStore;
    }

    public static byte[] createEnvelop(X509Certificate x509Certificate, byte[] bArr) throws PKCS7Exception {
        DESUtil.DESResulte dESResulte;
        if (x509Certificate == null || bArr == null) {
            throw new IllegalArgumentException();
        }
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(toX509Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber());
        byte[] generateKey = DESUtil.generateKey(null);
        try {
            KeyTransRecipientInfo keyTransRecipientInfo = new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumber), new AlgorithmIdentifier(CMSObjectIdentifiers.rsaEncryption), new DEROctetString(RSAUtil.pubKeyEncrypt(x509Certificate.getPublicKey(), generateKey)));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new RecipientInfo(keyTransRecipientInfo));
            try {
                dESResulte = DESUtil.encrypt(generateKey, bArr);
            } catch (Exception e) {
                e.printStackTrace();
                dESResulte = null;
            }
            return new ContentInfo(CMSObjectIdentifiers.envelopedData, new EnvelopedData(null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(CMSObjectIdentifiers.data, new AlgorithmIdentifier(CMSObjectIdentifiers.des_EDE3_CBC, new DEROctetString(dESResulte.m_ivp)), new DEROctetString(dESResulte.m_encrypt)), null)).getDEREncoded();
        } catch (Exception e2) {
            throw new PKCS7Exception(e2);
        }
    }

    public static byte[] createEnvelop(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKCS7Exception {
        DESUtil.DESResulte dESResulte;
        if (x509Certificate == null || bArr == null) {
            throw new IllegalArgumentException();
        }
        KeyTransRecipientInfo keyTransRecipientInfo = new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(toX509Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber())), new AlgorithmIdentifier(CMSObjectIdentifiers.rsaEncryption), new DEROctetString(bArr2));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new RecipientInfo(keyTransRecipientInfo));
        try {
            dESResulte = DESUtil.encrypt(bArr3, bArr);
        } catch (Exception e) {
            e.printStackTrace();
            dESResulte = null;
        }
        return new ContentInfo(CMSObjectIdentifiers.envelopedData, new EnvelopedData(null, new DERSet(aSN1EncodableVector), new EncryptedContentInfo(CMSObjectIdentifiers.data, new AlgorithmIdentifier(CMSObjectIdentifiers.des_EDE3_CBC, new DEROctetString(dESResulte.m_ivp)), new DEROctetString(dESResulte.m_encrypt)), null)).getDEREncoded();
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        if (bArr == null || bArr2 == null) {
            throw new IllegalArgumentException();
        }
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
        paddedBufferedBlockCipher.init(false, new KeyParameter(bArr));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr4 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr2.length)];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr2, 0, bArr2.length, bArr4, 0);
        if (processBytes > 0) {
            byteArrayOutputStream.write(bArr4, 0, processBytes);
        }
        int doFinal = paddedBufferedBlockCipher.doFinal(bArr4, 0);
        if (doFinal > 0) {
            byteArrayOutputStream.write(bArr4, 0, doFinal);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byte[] bArr5 = new byte[8];
        for (int i = 0; i < bArr3.length; i++) {
            bArr5[i] = (byte) (bArr3[i] ^ byteArray[i]);
        }
        System.arraycopy(bArr5, 0, byteArray, 0, bArr5.length);
        return byteArray;
    }

    protected static IssuerAndSerialNumber getIssuerDnAndSN(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(new ASN1InputStream(bArr).readObject());
            if (!contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
                throw new PKCS7Exception("illegal content type " + contentInfo.getContentType().getId());
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(contentInfo.getContent());
            if (envelopedData == null) {
                throw new PKCS7Exception("parse envelopedData error");
            }
            if (envelopedData.getVersion().getValue().intValue() == 0) {
                try {
                    return IssuerAndSerialNumber.getInstance(new ASN1InputStream(KeyTransRecipientInfo.getInstance(envelopedData.getRecipientInfos().getObjectAt(0)).getRecipientIdentifier().getDEREncoded()).readObject());
                } catch (Exception e) {
                    throw new PKCS7Exception(e);
                }
            }
            throw new PKCS7Exception("unsupported envelopedData version " + envelopedData.getVersion().getValue().intValue());
        } catch (Exception e2) {
            throw new PKCS7Exception(e2);
        }
    }

    public static X509Name getRecipientIssuerDN(byte[] bArr) throws PKCS7Exception {
        return getIssuerDnAndSN(bArr).getName();
    }

    public static BigInteger getRecipientSN(byte[] bArr) throws PKCS7Exception {
        return getIssuerDnAndSN(bArr).getSerialNumber().getPositiveValue();
    }

    public static X509Certificate[] parseB64Cert(String str) {
        return parseDerCert(Base64.decode(str.getBytes()));
    }

    public static X509Certificate[] parseDerCert(byte[] bArr) {
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
            X509Certificate[] x509CertificateArr = new X509Certificate[generateCertificates.size()];
            generateCertificates.toArray(x509CertificateArr);
            return x509CertificateArr;
        } catch (Exception e) {
            throw new IllegalArgumentException("parse der cert  - " + e);
        }
    }

    public static byte[] parseEnvelop(SecretStore secretStore, byte[] bArr) throws PKCS7Exception {
        return new PKCS7EnvelopUtil(secretStore).parseEnvelop(bArr);
    }

    public static byte[] parseEnvelopData(byte[] bArr, byte[] bArr2, byte[] bArr3) throws PKCS7Exception {
        try {
            return DESUtil.decrypt(bArr, bArr2, bArr3);
        } catch (Exception e) {
            throw new PKCS7Exception(e);
        }
    }

    public static X509Name toX509Name(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        if (!x509NameTokenizer.hasMoreTokens()) {
            throw new IllegalArgumentException("badly formated directory string");
        }
        String nextToken = x509NameTokenizer.nextToken();
        int indexOf = nextToken.indexOf(61);
        if (indexOf == -1) {
            throw new IllegalArgumentException("badly formated directory string");
        }
        nextToken.substring(0, indexOf).equalsIgnoreCase("CN");
        return new X509Name(true, str);
    }

    public byte[] parseEnvelop(byte[] bArr) throws PKCS7Exception {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        if (this.decryptStore == null) {
            throw new PKCS7Exception("not find decrypt store");
        }
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(new ASN1InputStream(bArr).readObject());
            if (!contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
                throw new PKCS7Exception("illegal content type " + contentInfo.getContentType().getId());
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(contentInfo.getContent());
            if (envelopedData == null) {
                throw new PKCS7Exception("parse envelopedData error");
            }
            if (envelopedData.getVersion().getValue().intValue() != 0) {
                throw new PKCS7Exception("unsupported envelopedData version " + envelopedData.getVersion().getValue().intValue());
            }
            KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(envelopedData.getRecipientInfos().getObjectAt(0));
            if (!keyTransRecipientInfo.getKeyEncryptionAlgorithm().getObjectId().equals(CMSObjectIdentifiers.rsaEncryption)) {
                throw new PKCS7Exception("unsupported encrypt key alg " + keyTransRecipientInfo.getKeyEncryptionAlgorithm().getObjectId());
            }
            try {
                byte[] privKeyDecrypt = RSAUtil.privKeyDecrypt(this.decryptStore.getPrivKey(), keyTransRecipientInfo.getEncryptedKey().getOctets());
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                if (encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId().equals(CMSObjectIdentifiers.des_EDE3_CBC)) {
                    try {
                        return DESUtil.decrypt(privKeyDecrypt, encryptedContentInfo.getEncryptedContent().getOctets());
                    } catch (Exception e) {
                        throw new PKCS7Exception(e);
                    }
                }
                throw new PKCS7Exception("unsupported encrypt content alg " + encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId());
            } catch (Exception e2) {
                throw new PKCS7Exception(e2);
            }
        } catch (Exception e3) {
            throw new PKCS7Exception(e3);
        }
    }

    public EnvelopResult parseEnvelopKey(byte[] bArr) throws PKCS7Exception {
        EnvelopResult envelopResult = new EnvelopResult();
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(new ASN1InputStream(bArr).readObject());
            if (!contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) {
                throw new PKCS7Exception("illegal content type " + contentInfo.getContentType().getId());
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(contentInfo.getContent());
            if (envelopedData == null) {
                throw new PKCS7Exception("parse envelopedData error");
            }
            if (envelopedData.getVersion().getValue().intValue() != 0) {
                throw new PKCS7Exception("unsupported envelopedData version " + envelopedData.getVersion().getValue().intValue());
            }
            envelopResult.cert_sn = printHexString(((DERInteger) ((DERSequence) ((DERSequence) envelopedData.getRecipientInfos().getObjectAt(0).getDERObject()).getObjectAt(1)).getObjectAt(1)).getPositiveValue().toByteArray());
            KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(envelopedData.getRecipientInfos().getObjectAt(0));
            if (!keyTransRecipientInfo.getKeyEncryptionAlgorithm().getObjectId().equals(CMSObjectIdentifiers.rsaEncryption)) {
                throw new PKCS7Exception("unsupported encrypt key alg " + keyTransRecipientInfo.getKeyEncryptionAlgorithm().getObjectId());
            }
            envelopResult.envelop_key = keyTransRecipientInfo.getEncryptedKey().getOctets();
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            if (!encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId().equals(CMSObjectIdentifiers.des_EDE3_CBC)) {
                throw new PKCS7Exception("unsupported encrypt content alg " + encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId());
            }
            byte[] octets = ((DEROctetString) encryptedContentInfo.getContentEncryptionAlgorithm().getParameters()).getOctets();
            envelopResult.envelop_content = encryptedContentInfo.getEncryptedContent().getOctets();
            envelopResult.envelop_ivparam = octets;
            return envelopResult;
        } catch (Exception e) {
            throw new PKCS7Exception(e);
        }
    }

    public String printHexString(byte[] bArr) {
        String str = "";
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                hexString = String.valueOf('0') + hexString;
            }
            str = String.valueOf(str) + hexString.toUpperCase();
        }
        return str;
    }
}
