package cn.com.jit.ida.util.pki.pkcs;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.ASN1EncodableVector;
import cn.com.jit.ida.util.pki.asn1.ASN1InputStream;
import cn.com.jit.ida.util.pki.asn1.ASN1OctetString;
import cn.com.jit.ida.util.pki.asn1.ASN1Sequence;
import cn.com.jit.ida.util.pki.asn1.ASN1Set;
import cn.com.jit.ida.util.pki.asn1.DERInteger;
import cn.com.jit.ida.util.pki.asn1.DERNull;
import cn.com.jit.ida.util.pki.asn1.DERObject;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DEROctetString;
import cn.com.jit.ida.util.pki.asn1.DEROutputStream;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.DERSet;
import cn.com.jit.ida.util.pki.asn1.DERUTCTime;
import cn.com.jit.ida.util.pki.asn1.cms.Attribute;
import cn.com.jit.ida.util.pki.asn1.cms.AttributeTable;
import cn.com.jit.ida.util.pki.asn1.cms.CMSAttributes;
import cn.com.jit.ida.util.pki.asn1.cms.IssuerAndSerialNumber;
import cn.com.jit.ida.util.pki.asn1.cms.SignerIdentifier;
import cn.com.jit.ida.util.pki.asn1.cms.SignerInfo;
import cn.com.jit.ida.util.pki.asn1.cms.Time;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import cn.com.jit.ida.util.pki.asn1.pkcs.pkcs7.SignedData;
import cn.com.jit.ida.util.pki.asn1.x509.AlgorithmIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.CRLEntry;
import cn.com.jit.ida.util.pki.asn1.x509.SubjectKeyIdentifier;
import cn.com.jit.ida.util.pki.asn1.x509.TBSCertificateStructure;
import cn.com.jit.ida.util.pki.asn1.x509.X509CertificateStructure;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.ida.util.pki.crl.X509CRL;
import cn.com.jit.ida.util.pki.encoders.Base64;
import cn.com.jit.ida.util.pki.extension.ExtendedKeyUsageExt;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;

/* loaded from: input_file:cn/com/jit/ida/util/pki/pkcs/CTL.class */
public class CTL {
    private ASN1EncodableVector certs;
    private ASN1EncodableVector crls;
    private ArrayList signers;
    private Session session;
    private X509Cert[] xcerts;
    private X509CRL[] xcrls;
    private DERObject digObj;
    private DERSet digSet;
    private ExtendedKeyUsageExt keyUsg;
    private String ctlName;
    private Date validDate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/com/jit/ida/util/pki/pkcs/CTL$Signer.class */
    public class Signer {
        JKey privateKey;
        X509Cert cert;
        Mechanism sign_Mechanism;
        AttributeTable sAttr;
        AttributeTable unsAttr;
        Session session;

        Signer(Session session, JKey jKey, X509Cert x509Cert, Mechanism mechanism) {
            this.privateKey = null;
            this.cert = null;
            this.sign_Mechanism = null;
            this.sAttr = null;
            this.unsAttr = null;
            this.session = null;
            this.session = session;
            this.privateKey = jKey;
            this.cert = x509Cert;
            this.sign_Mechanism = mechanism;
        }

        Signer(Session session, JKey jKey, X509Cert x509Cert, Mechanism mechanism, AttributeTable attributeTable, AttributeTable attributeTable2) {
            this.privateKey = null;
            this.cert = null;
            this.sign_Mechanism = null;
            this.sAttr = null;
            this.unsAttr = null;
            this.session = null;
            this.session = session;
            this.privateKey = jKey;
            this.cert = x509Cert;
            this.sign_Mechanism = mechanism;
            this.sAttr = attributeTable;
            this.unsAttr = attributeTable2;
        }

        AttributeTable getSignedAttributes() {
            return this.sAttr;
        }

        AttributeTable getUnsignedAttributes() {
            return this.unsAttr;
        }

        JKey getKey() {
            return this.privateKey;
        }

        X509Cert getCertificate() {
            return this.cert;
        }

        Mechanism getSignMechanism() {
            return this.sign_Mechanism;
        }

        String GetDigestTypeName() throws PKIException {
            String str;
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                str = Mechanism.MD2;
            } else if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                str = Mechanism.MD5;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                str = Mechanism.SHA1;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                str = Mechanism.SHA1;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
                str = Mechanism.SHA256;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption")) {
                str = Mechanism.SHA384;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                str = Mechanism.SHA512;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                str = Mechanism.SHA1;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                str = Mechanism.SHA224;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                str = Mechanism.SHA256;
            } else {
                if (!this.sign_Mechanism.getMechanismType().equals("SM3withSM2Encryption")) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(PKIException.SIGN_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(PKIException.NOT_SUP_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(this.sign_Mechanism.getMechanismType());
                    throw new PKIException("8125", stringBuffer.toString());
                }
                str = Mechanism.SM3;
            }
            return str;
        }

        String GetEncTypeName() throws PKIException {
            String str;
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                str = Mechanism.RSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                str = Mechanism.RSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                str = Mechanism.RSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                str = Mechanism.DSA;
            } else if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
                str = Mechanism.DSA;
            } else if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                str = Mechanism.DSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                str = Mechanism.ECDSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                str = Mechanism.ECDSA;
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                str = Mechanism.ECDSA;
            } else {
                if (!this.sign_Mechanism.getMechanismType().equals("SM3withSM2Encryption")) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(PKIException.SIGN_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(PKIException.NOT_SUP_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(this.sign_Mechanism.getMechanismType());
                    throw new PKIException("8125", stringBuffer.toString());
                }
                str = Mechanism.SM2;
            }
            return str;
        }

        private String GetSignatureAlgTypeOID() {
            String mechanismType = this.sign_Mechanism.getMechanismType();
            if (mechanismType.equals("SHA1withRSAEncryption")) {
                return "1.2.840.113549.1.1.5";
            }
            if (mechanismType.equals("SHA256withRSAEncryption")) {
                return "1.2.840.113549.1.1.11";
            }
            if (mechanismType.equals("SHA384withRSAEncryption")) {
                return "1.2.840.113549.1.1.12";
            }
            if (mechanismType.equals("SHA512withRSAEncryption")) {
                return "1.2.840.113549.1.1.13";
            }
            if (mechanismType.equals("MD5withRSAEncryption")) {
                return "1.2.840.113549.1.1.4";
            }
            if (mechanismType.equals("MD2withRSAEncryption")) {
                return "1.2.840.113549.1.1.2";
            }
            if (mechanismType.equals("SHA1withECDSA")) {
                return "1.2.840.10045.4.1";
            }
            if (mechanismType.equals("SHA224withECDSA")) {
                return "1.2.840.10045.4.3.1";
            }
            if (mechanismType.equals("SHA256withECDSA")) {
                return "1.2.840.10045.4.3.2";
            }
            if (mechanismType.equals("SHA1withDSA")) {
                return "1.2.840.10040.4.3";
            }
            if (mechanismType.equals(Mechanism.SHA224_DSA)) {
                return "2.16.840.1.101.3.4.3.1";
            }
            if (mechanismType.equals(Mechanism.SHA256_DSA)) {
                return "2.16.840.1.101.3.4.3.2";
            }
            if (mechanismType.equals("SM3withSM2Encryption")) {
                return "1.2.156.10197.1.501";
            }
            return null;
        }

        String GetDigestTypeOID() throws PKIException {
            String str;
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                str = "1.2.840.113549.2.2";
            } else if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                str = "1.2.840.113549.2.5";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                str = "1.3.14.3.2.26";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                str = "1.3.14.3.2.26";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
                str = "2.16.840.1.101.3.4.2.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption")) {
                str = "2.16.840.1.101.3.4.2.2";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                str = "2.16.840.1.101.3.4.2.2";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                str = "1.3.14.3.2.26";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                str = "2.16.840.1.101.3.4.2.4";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                str = "2.16.840.1.101.3.4.2.1";
            } else if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
                str = "2.16.840.1.101.3.4.2.4";
            } else {
                if (!this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(PKIException.SIGN_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(PKIException.NOT_SUP_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(this.sign_Mechanism.getMechanismType());
                    throw new PKIException("8125", stringBuffer.toString());
                }
                str = "2.16.840.1.101.3.4.2.1";
            }
            return str;
        }

        String GetEncTypeOID() throws PKIException {
            String str;
            if (this.sign_Mechanism.getMechanismType().equals("MD2withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("MD5withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withDSA")) {
                str = "1.2.840.10040.4.3";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA384withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA512withRSAEncryption")) {
                str = "1.2.840.113549.1.1.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA1withECDSA")) {
                str = "1.2.840.10045.4.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA224withECDSA")) {
                str = "1.2.840.10045.4.3.1";
            } else if (this.sign_Mechanism.getMechanismType().equals("SHA256withECDSA")) {
                str = "1.2.840.10045.4.3.2";
            } else if (this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA224_DSA)) {
                str = "2.16.840.1.101.3.4.3.1";
            } else {
                if (!this.sign_Mechanism.getMechanismType().equals(Mechanism.SHA256_DSA)) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(PKIException.SIGN_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(PKIException.NOT_SUP_DES);
                    stringBuffer.append(" ");
                    stringBuffer.append(this.sign_Mechanism.getMechanismType());
                    throw new PKIException("8125", stringBuffer.toString());
                }
                str = "2.16.840.1.101.3.4.3.2";
            }
            return str;
        }

        SignerInfo toSignerInfo(DERObjectIdentifier dERObjectIdentifier, byte[] bArr, boolean z, boolean z2) throws PKIException, IOException {
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(GetDigestTypeOID()), new DERNull());
            AlgorithmIdentifier algorithmIdentifier2 = GetEncTypeOID().equals("1.2.840.10040.4.3") ? new AlgorithmIdentifier(new DERObjectIdentifier(GetEncTypeOID())) : new AlgorithmIdentifier(new DERObjectIdentifier(GetEncTypeOID()), new DERNull());
            AlgorithmIdentifier algorithmIdentifier3 = new AlgorithmIdentifier(new DERObjectIdentifier(GetSignatureAlgTypeOID()), new DERNull());
            DERSet dERSet = null;
            DERSet dERSet2 = null;
            byte[] digest = this.session.digest(new Mechanism(GetDigestTypeName()), bArr);
            AttributeTable signedAttributes = getSignedAttributes();
            if (signedAttributes != null) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                if (signedAttributes.get(CMSAttributes.contentType) == null) {
                    aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, new DERSet(dERObjectIdentifier)));
                } else {
                    aSN1EncodableVector.add(signedAttributes.get(CMSAttributes.contentType));
                }
                if (signedAttributes.get(CMSAttributes.signingTime) == null) {
                    aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DERSet(new Time(new Date()))));
                } else {
                    aSN1EncodableVector.add(signedAttributes.get(CMSAttributes.signingTime));
                }
                aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digest))));
                Hashtable hashtable = signedAttributes.toHashtable();
                hashtable.remove(CMSAttributes.contentType);
                hashtable.remove(CMSAttributes.signingTime);
                hashtable.remove(CMSAttributes.messageDigest);
                Iterator it = hashtable.values().iterator();
                while (it.hasNext()) {
                    aSN1EncodableVector.add(Attribute.getInstance(it.next()));
                }
                dERSet = new DERSet(aSN1EncodableVector);
            } else if (z) {
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.contentType, new DERSet(dERObjectIdentifier)));
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))));
                aSN1EncodableVector2.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(digest))));
                dERSet = new DERSet(aSN1EncodableVector2);
            }
            AttributeTable unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                Iterator it2 = unsignedAttributes.toHashtable().values().iterator();
                ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                while (it2.hasNext()) {
                    aSN1EncodableVector3.add(Attribute.getInstance(it2.next()));
                }
                dERSet2 = new DERSet(aSN1EncodableVector3);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (dERSet != null) {
                DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                dEROutputStream.writeObject(dERSet);
                dEROutputStream.flush();
                dEROutputStream.close();
            } else {
                byteArrayOutputStream.write(bArr);
            }
            DEROctetString dEROctetString = new DEROctetString(this.session.sign(this.sign_Mechanism, this.privateKey, byteArrayOutputStream.toByteArray()));
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.cert.getTBSCertificate());
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(aSN1InputStream.readObject());
            SignerInfo signerInfo = z2 ? new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), algorithmIdentifier, dERSet, algorithmIdentifier3, dEROctetString, dERSet2) : new SignerInfo(new SignerIdentifier((ASN1OctetString) new SubjectKeyIdentifier(this.cert.getCertStructure().getSubjectPublicKeyInfo()).getDERObject()), algorithmIdentifier, dERSet, algorithmIdentifier2, dEROctetString, dERSet2);
            byteArrayOutputStream.flush();
            byteArrayOutputStream.close();
            aSN1InputStream.close();
            byteArrayInputStream.close();
            return signerInfo;
        }
    }

    public CTL() {
        this.certs = new ASN1EncodableVector();
        this.crls = new ASN1EncodableVector();
        this.signers = new ArrayList();
        this.session = null;
        this.xcerts = null;
        this.xcrls = null;
        this.digObj = null;
        this.digSet = null;
        this.keyUsg = null;
        this.ctlName = null;
        this.validDate = null;
    }

    public CTL(Session session) {
        this.certs = new ASN1EncodableVector();
        this.crls = new ASN1EncodableVector();
        this.signers = new ArrayList();
        this.session = null;
        this.xcerts = null;
        this.xcrls = null;
        this.digObj = null;
        this.digSet = null;
        this.keyUsg = null;
        this.ctlName = null;
        this.validDate = null;
        this.session = session;
    }

    public void AddCert(X509Cert x509Cert) throws PKIException {
        this.certs.add(Parser.convertJITCertStruct2BCCertStruct(x509Cert.getCertStructure()));
        this.xcerts = new X509Cert[this.certs.size()];
        for (int i = 0; i < this.certs.size(); i++) {
            this.xcerts[i] = new X509Cert(Parser.writeDERObj2Bytes(this.certs.get(i)));
        }
    }

    public X509Cert[] getCert() throws PKIException {
        return this.xcerts;
    }

    public void AddCRL(X509CRL x509crl) throws PKIException {
        this.crls.add(Parser.convertJITCertList2BCCertList(x509crl.getCertificateList()));
        this.xcrls = new X509CRL[this.crls.size()];
        for (int i = 0; i < this.crls.size(); i++) {
            this.xcrls[i] = new X509CRL(Parser.writeDERObj2Bytes(this.crls.get(i)));
        }
    }

    public X509CRL[] getCRL() throws PKIException {
        return this.xcrls;
    }

    public void SetSess(Session session) {
        this.session = session;
    }

    public void AddSigner(JKey jKey, X509Cert x509Cert, Mechanism mechanism) {
        this.signers.add(new Signer(this.session, jKey, x509Cert, mechanism));
    }

    public void AddSigner(JKey jKey, X509Cert x509Cert, Mechanism mechanism, AttributeTable attributeTable, AttributeTable attributeTable2) {
        this.signers.add(new Signer(this.session, jKey, x509Cert, mechanism, attributeTable, attributeTable2));
    }

    public ArrayList getSigner() throws PKIException {
        return this.signers;
    }

    public void AddDig(Mechanism mechanism) throws PKIException {
        String str;
        if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
            str = "1.2.840.113549.2.2";
        } else if (mechanism.getMechanismType().equals(Mechanism.MD5)) {
            str = "1.2.840.113549.2.5";
        } else if (mechanism.getMechanismType().equals(Mechanism.SHA1)) {
            str = "1.3.14.3.2.26";
        } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
            str = "2.16.840.1.101.3.4.2.1";
        } else if (mechanism.getMechanismType().equals(Mechanism.SHA384)) {
            str = "2.16.840.1.101.3.4.2.2";
        } else if (mechanism.getMechanismType().equals(Mechanism.SHA512)) {
            str = "2.16.840.1.101.3.4.2.2";
        } else {
            if (!mechanism.getMechanismType().equals(Mechanism.SHA224)) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(PKIException.SIGN_DES);
                stringBuffer.append(" ");
                stringBuffer.append(PKIException.NOT_SUP_DES);
                stringBuffer.append(" ");
                stringBuffer.append(mechanism.getMechanismType());
                throw new PKIException("8122", stringBuffer.toString());
            }
            str = "2.16.840.1.101.3.4.2.1";
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull());
        this.digObj = algorithmIdentifier.toASN1Object();
        this.digSet = new DERSet(algorithmIdentifier);
    }

    public Mechanism getDig() throws PKIException {
        Mechanism mechanism;
        String id = AlgorithmIdentifier.getInstance(this.digObj).getObjectId().getId();
        if (id.equals("1.2.840.113549.2.2".toString())) {
            mechanism = new Mechanism(Mechanism.MD2);
        } else if (id.equals("1.2.840.113549.2.5".toString())) {
            mechanism = new Mechanism(Mechanism.MD5);
        } else if (id.equals("1.3.14.3.2.26".toString())) {
            mechanism = new Mechanism(Mechanism.SHA1);
        } else if (id.equals("2.16.840.1.101.3.4.2.1".toString())) {
            mechanism = new Mechanism(Mechanism.SHA256);
        } else if (id.equals("2.16.840.1.101.3.4.2.2".toString())) {
            mechanism = new Mechanism(Mechanism.SHA384);
        } else if (id.equals("2.16.840.1.101.3.4.2.2".toString())) {
            mechanism = new Mechanism(Mechanism.SHA512);
        } else {
            if (!id.equals("2.16.840.1.101.3.4.2.1".toString())) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("2");
                stringBuffer.append(" ");
                stringBuffer.append(PKIException.NOT_SUP_DES);
                stringBuffer.append(" ");
                stringBuffer.append(id);
                throw new PKIException("8122", stringBuffer.toString());
            }
            mechanism = new Mechanism(Mechanism.SHA224);
        }
        return mechanism;
    }

    public void AddKeyUsg(ExtendedKeyUsageExt extendedKeyUsageExt) throws PKIException {
        this.keyUsg = extendedKeyUsageExt;
    }

    public ExtendedKeyUsageExt getKeyUsg() throws PKIException {
        return this.keyUsg;
    }

    public void SetName(String str) throws PKIException {
        this.ctlName = str;
    }

    public String getName() throws PKIException {
        return this.ctlName;
    }

    public void SetValidDate(Date date) throws PKIException {
        this.validDate = date;
    }

    public Date getValidDate() throws PKIException {
        return this.validDate;
    }

    public void parseCTL(ContentInfo contentInfo) throws PKIException {
        if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
            throw new PKIException("8172", "parsing P7B certificate chain structure failed Certificate chain type does not match " + contentInfo.getContentType().getId());
        }
        SignedData signedData = SignedData.getInstance(contentInfo.getContent());
        ASN1Set certificates = signedData.getCertificates();
        if (certificates != null) {
            Enumeration objects = certificates.getObjects();
            while (objects.hasMoreElements()) {
                this.certs.add(Parser.convertJITCertStruct2BCCertStruct(new X509Cert(X509CertificateStructure.getInstance(objects.nextElement())).getCertStructure()));
            }
            this.xcerts = new X509Cert[this.certs.size()];
            for (int i = 0; i < this.certs.size(); i++) {
                this.xcerts[i] = new X509Cert(Parser.writeDERObj2Bytes(this.certs.get(i)));
            }
        }
        ASN1Set cRLs = signedData.getCRLs();
        if (cRLs != null) {
            Enumeration objects2 = cRLs.getObjects();
            while (objects2.hasMoreElements()) {
                this.crls.add(Parser.convertJITCertList2BCCertList(new X509CRL(Parser.writeDERObj2Bytes(new CRLEntry((ASN1Sequence) objects2.nextElement()).getDERObject())).getCertificateList()));
            }
            this.xcrls = new X509CRL[this.crls.size()];
            for (int i2 = 0; i2 < this.crls.size(); i2++) {
                this.xcrls[i2] = new X509CRL(Parser.writeDERObj2Bytes(this.crls.get(i2)));
            }
        }
        ASN1Set signerInfos = signedData.getSignerInfos();
        if (signerInfos != null) {
            Enumeration objects3 = signerInfos.getObjects();
            this.signers.clear();
            while (objects3.hasMoreElements()) {
                this.signers.add(objects3.nextElement());
            }
        }
        ContentInfo contentInfo2 = signedData.getContentInfo();
        if (contentInfo2 != null) {
            DERSequence dERSequence = (DERSequence) new DERSequence(contentInfo2.getContent()).getObjectAt(0);
            if (dERSequence.size() > 0) {
                this.keyUsg = new ExtendedKeyUsageExt(ASN1Sequence.getInstance(dERSequence.getObjectAt(0)));
            }
            if (dERSequence.size() > 1) {
                this.ctlName = new String(DEROctetString.getInstance(dERSequence.getObjectAt(1)).getOctets());
            }
            if (dERSequence.size() > 2) {
                this.validDate = Time.getInstance(dERSequence.getObjectAt(2)).getDate();
            }
            if (dERSequence.size() > 3) {
                DERSequence dERSequence2 = (DERSequence) new DERSequence(dERSequence.getObjectAt(3).getDERObject()).getObjectAt(0);
                this.digObj = dERSequence2.getObjectAt(0).getDERObject();
                this.digSet = new DERSet(dERSequence2.getObjectAt(0).getDERObject());
            }
            dERSequence.size();
        }
    }

    public void parseCTL(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            parseCTL(bArr);
        } catch (Exception e) {
            throw new PKIException("8172", PKIException.PARSE_P7B_ERR_DES, e);
        }
    }

    private void parseCTL(InputStream inputStream) throws PKIException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            inputStream.close();
            parseCTL(bArr);
        } catch (Exception e) {
            throw new PKIException("8172", PKIException.PARSE_P7B_ERR_DES, e);
        }
    }

    public void parseCTL(byte[] bArr) throws PKIException {
        if (Parser.isBase64Encode(bArr)) {
            bArr = Base64.decode(Parser.convertBase64(bArr));
        }
        if (bArr[0] != 48) {
            throw new PKIException("8172", PKIException.PARSE_P7B_ERR_DES, new Exception("The P7B certification chain content error."));
        }
        try {
            parseCTL(ContentInfo.getInstance((ASN1Sequence) Parser.writeBytes2DERObj(bArr)));
        } catch (Exception e) {
            throw new PKIException("8172", PKIException.PARSE_P7B_ERR_DES, e);
        }
    }

    public ContentInfo generateCTL() throws PKIException, IOException {
        new DERSet();
        if (this.certs == null || this.signers == null) {
            return null;
        }
        DERSet dERSet = new DERSet(this.certs);
        DERSet dERSet2 = null;
        if (this.crls != null && this.crls.size() != 0) {
            dERSet2 = new DERSet(this.crls);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Iterator it = this.signers.iterator();
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(PKCSObjectIdentifiers.data.getId());
        while (it.hasNext()) {
            Signer signer = (Signer) it.next();
            aSN1EncodableVector2.add(new AlgorithmIdentifier(new DERObjectIdentifier(signer.GetDigestTypeOID()), new DERNull()));
            aSN1EncodableVector.add(signer.toSignerInfo(dERObjectIdentifier, "hello word".getBytes(), true, false));
        }
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        if (this.keyUsg != null) {
            aSN1EncodableVector3.add(Parser.writeBytes2DERObj(this.keyUsg.encode()));
        }
        if (this.ctlName != null) {
            aSN1EncodableVector3.add(new DEROctetString(this.ctlName.getBytes()));
        }
        if (this.validDate != null) {
            aSN1EncodableVector3.add(Parser.writeBytes2DERObj(new Time(this.validDate).getEncoded()));
        }
        if (this.digObj != null) {
            aSN1EncodableVector3.add(this.digObj);
        }
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        Mechanism dig = getDig();
        if (this.xcerts != null) {
            for (int i = 0; i < this.xcerts.length; i++) {
                aSN1EncodableVector4.add(new DERSequence(new DEROctetString(this.session.digest(dig, this.xcerts[i].getEncoded()))).getDERObject());
            }
        }
        if (this.xcrls != null) {
            for (int i2 = 0; i2 < this.xcrls.length; i2++) {
                aSN1EncodableVector4.add(new DERSequence(new DEROctetString(this.session.digest(dig, this.xcrls[i2].getEncoded()))).getDERObject());
            }
        }
        if (this.xcerts != null || this.xcrls != null) {
            aSN1EncodableVector3.add(new DERSequence(aSN1EncodableVector4));
        }
        return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new DERInteger(1), this.digSet, new ContentInfo(PKCSObjectIdentifiers.CTLContentData, new DERSequence(aSN1EncodableVector3)), dERSet, dERSet2, new DERSet(aSN1EncodableVector)));
    }

    public void generateCTLFile(String str) throws PKIException, IOException {
        ContentInfo generateCTL = generateCTL();
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            DEROutputStream dEROutputStream = new DEROutputStream(fileOutputStream);
            dEROutputStream.writeObject(generateCTL.getDERObject());
            dEROutputStream.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new PKIException("8171", PKIException.GEN_P7B_ERR_DES, e);
        }
    }

    public byte[] generateCTLData_DER() throws PKIException, IOException {
        return Parser.writeDERObj2Bytes(generateCTL().getDERObject());
    }

    public byte[] generateCTLData_B64() throws PKIException, IOException {
        return Base64.encode(generateCTLData_DER());
    }

    public static void main(String[] strArr) {
        try {
            JCrypto jCrypto = JCrypto.getInstance();
            jCrypto.initialize(JCrypto.JSJY05B_LIB, null);
            CTL ctl = new CTL(jCrypto.openSession(JCrypto.JSJY05B_LIB));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                FileInputStream fileInputStream = new FileInputStream("d:\\root.cer");
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                fileInputStream.close();
                x509Certificate.getEncoded();
                X509Cert x509Cert = new X509Cert(x509Certificate.getEncoded());
                PKCS12 pkcs12 = new PKCS12();
                pkcs12.load(new FileInputStream("d:\\key080903.pfx"));
                pkcs12.decrypt("111".toCharArray());
                JKey privateKey = pkcs12.getPrivateKey();
                X509Cert[] certs = pkcs12.getCerts();
                Mechanism mechanism = new Mechanism("SHA1withRSAEncryption");
                ctl.AddCert(x509Cert);
                ctl.AddDig(new Mechanism(Mechanism.SHA1));
                ctl.AddSigner(privateKey, certs[0], mechanism);
                ctl.SetName("this is test");
                ctl.SetValidDate(new Date(System.currentTimeMillis() + 86400000));
                ExtendedKeyUsageExt extendedKeyUsageExt = new ExtendedKeyUsageExt();
                extendedKeyUsageExt.addExtendedKeyUsage(ExtendedKeyUsageExt.SERVER_AUTH);
                ctl.AddKeyUsg(extendedKeyUsageExt);
                ctl.generateCTLFile("d:\\test.stl".toString());
                System.out.println("to generate success...");
            } catch (Exception e) {
                e.printStackTrace();
            }
        } catch (Exception e2) {
            System.err.println(e2.toString());
        }
    }
}
