package com.xdja.ca.pkcs7;

import com.xdja.ca.asn1.DigestObjectIdentifiers;
import com.xdja.ca.asn1.RsaObjectIdentifiers;
import com.xdja.ca.asn1.SM2ObjectIdentifiers;
import com.xdja.ca.constant.SdkConstants;
import com.xdja.ca.utils.DnUtil;
import com.xdja.ca.utils.SdkCertUtils;
import com.xdja.ca.utils.SdkHsmUtils;
import com.xdja.pki.gmssl.core.utils.GMSSLByteArrayUtils;
import com.xdja.pki.gmssl.crypto.sdf.SdfCryptoType;
import com.xdja.pki.gmssl.crypto.sdf.SdfSymmetricKeyParameters;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2EncryptUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM4ECBEncryptUtils;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/ca/pkcs7/Pkcs7Utils.class */
public class Pkcs7Utils {
    public static final String PKCS7_TYPE = "PKCS7";
    public static final String PKCS_BEGIN_HEADER = "-----BEGIN PKCS7-----";
    public static final String PKCS_END_HEADER = "-----END PKCS7-----";
    private static final Logger logger = LoggerFactory.getLogger(Pkcs7Utils.class);
    static final ASN1ObjectIdentifier smAlgorithm = new ASN1ObjectIdentifier("1.2.156.10197.1");
    static final ASN1ObjectIdentifier sm4 = smAlgorithm.branch("104");
    static final ASN1ObjectIdentifier sm2256 = smAlgorithm.branch("301");
    static final ASN1ObjectIdentifier sm2256_encrypt = sm2256.branch("3");
    static final ASN1ObjectIdentifier rsa = new ASN1ObjectIdentifier("1.2.840.113549.1.1.1");

    public static ASN1Set makeRecipientInfos(Integer num, String str, BigInteger bigInteger, PublicKey publicKey, byte[] bArr) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        DEROctetString dEROctetString;
        RecipientIdentifier recipientIdentifier = new RecipientIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str), bigInteger));
        if (SdkConstants.RSA_ALG_1.intValue() == num.intValue()) {
            algorithmIdentifier = new AlgorithmIdentifier(rsa);
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
            pKCS1Encoding.init(true, new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            dEROctetString = new DEROctetString(pKCS1Encoding.processBlock(bArr, 0, bArr.length));
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm2256_encrypt);
            try {
                dEROctetString = new DEROctetString(GMSSLByteArrayUtils.base64Decode(GMSSLSM2EncryptUtils.encryptASN1ByYunhsm(publicKey, GMSSLByteArrayUtils.base64Encode(bArr))));
            } catch (Exception e) {
                logger.error("使用公钥加密会话密钥异常", e);
                throw new Exception("使用公钥加密会话密钥异常");
            }
        }
        return new DERSet(new KeyTransRecipientInfo(recipientIdentifier, algorithmIdentifier, dEROctetString));
    }

    public static EncryptedContentInfo makeEncryptedContentInfo(Integer num, byte[] bArr) {
        return new EncryptedContentInfo(new DERObjectIdentifier("1.2.156.10197.6.1.4.2.104"), (AlgorithmIdentifier) null, (ASN1OctetString) null);
    }

    public EncryptedContentInfo makeEncryptedContentInfo(Integer num, byte[] bArr, X509Certificate x509Certificate) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        DEROctetString dEROctetString;
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier("1.2.156.10197.6.1.4.2.104");
        if (SdkConstants.RSA_ALG_1.intValue() == num.intValue()) {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            try {
                dEROctetString = new DEROctetString(Sm4.sm4_encrypt_ecb(bArr, SdkCertUtils.writeObjectToByteArray(x509Certificate)));
            } catch (Exception e) {
                logger.error("加密异常", e);
                throw new Exception("加密异常");
            }
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(sm4);
            dEROctetString = new DEROctetString(GMSSLSM4ECBEncryptUtils.sm4SymmetricSdfWithPadding(true, SdfCryptoType.YUNHSM, SdfSymmetricKeyParameters.PaddingType.PKCS7Padding, bArr, SdkCertUtils.writeObjectToByteArray(x509Certificate)));
        }
        return new EncryptedContentInfo(dERObjectIdentifier, algorithmIdentifier, dEROctetString);
    }

    public static void printBytes(byte[] bArr) {
        if (bArr == null) {
            logger.info("bs is null =======================\n");
            return;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (i % 20 == 0) {
                System.out.printf("%4s:  ", Integer.valueOf(i));
            }
            System.out.print(toHex(bArr[i]));
            if (i % 10 == 9) {
                System.out.print("  ");
            }
            if (i % 20 == 19) {
                System.out.print("\n");
            } else {
                System.out.print(" ");
            }
        }
        System.out.println("\n");
    }

    public static final String toHex(byte b) {
        return "" + "0123456789ABCDEF".charAt(15 & (b >> 4)) + "0123456789ABCDEF".charAt(b & 15);
    }

    public static ASN1Set makeSignerInfos(byte[] bArr, boolean z, String str, String str2, BigInteger bigInteger, int i, String str3, byte[] bArr2) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        AlgorithmIdentifier algorithmIdentifier2;
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(DnUtil.getRFC4519X500Name(str2), bigInteger));
        if ("SHA-1WithRSA".equalsIgnoreCase(str) || "SHA1WithRSA".equalsIgnoreCase(str) || "SHA256WithRSA".equalsIgnoreCase(str)) {
            algorithmIdentifier = new AlgorithmIdentifier(DigestObjectIdentifiers.sha1);
            algorithmIdentifier2 = new AlgorithmIdentifier(RsaObjectIdentifiers.rsaEncryption);
        } else {
            algorithmIdentifier = new AlgorithmIdentifier(DigestObjectIdentifiers.sm3);
            algorithmIdentifier2 = new AlgorithmIdentifier(SM2ObjectIdentifiers.sm2256_sign);
        }
        return new DERSet(new SignerInfo(signerIdentifier, algorithmIdentifier, (ASN1Set) null, algorithmIdentifier2, ASN1OctetString.getInstance(new DEROctetString(GMSSLByteArrayUtils.base64Decode(z ? SdkHsmUtils.signByYunHsm(str, i, str3, Base64.toBase64String(bArr2)) : SdkHsmUtils.signByBC(str, bArr, Base64.toBase64String(bArr2))))), (ASN1Set) null));
    }

    public static String createCertChainByCerts(List<X509Certificate> list) throws Exception {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray("".getBytes());
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(list));
            return writeP7bPem(cMSSignedDataGenerator.generate(cMSProcessableByteArray).toASN1Structure());
        } catch (Exception e) {
            throw new Exception("创建证书链异常", e);
        }
    }

    public static String writeP7bPem(ContentInfo contentInfo) throws Exception {
        try {
            return writePemObject(new PemObject(PKCS7_TYPE, contentInfo.getEncoded("DER")));
        } catch (Exception e) {
            throw new Exception("将p7b对象转换为Pem格式异常", e);
        }
    }

    public static String writeP7bPem(CMSSignedData cMSSignedData) throws Exception {
        try {
            return writePemObject(new PemObject(PKCS7_TYPE, cMSSignedData.toASN1Structure().getEncoded("DER")));
        } catch (Exception e) {
            throw new Exception("将p7b对象转换为Pem格式异常", e);
        }
    }

    public static String writePemObject(PemObject pemObject) throws Exception {
        PemWriter pemWriter = null;
        try {
            try {
                StringWriter stringWriter = new StringWriter();
                pemWriter = new PemWriter(stringWriter);
                pemWriter.writeObject(pemObject);
                pemWriter.flush();
                String stringWriter2 = stringWriter.toString();
                if (null != pemWriter) {
                    pemWriter.close();
                }
                return stringWriter2;
            } catch (Exception e) {
                throw new Exception("打印pemObject对象异常", e);
            }
        } catch (Throwable th) {
            if (null != pemWriter) {
                pemWriter.close();
            }
            throw th;
        }
    }
}
