package com.xdja.pki.gmssl.core.utils;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.CMSVerifierCertificateNotValidException;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

/* loaded from: input_file:BOOT-INF/lib/gmssl-core-1.3.4-SNAPSHOT.jar:com/xdja/pki/gmssl/core/utils/GMSSLP7Utils.class */
public class GMSSLP7Utils {

    /* loaded from: input_file:BOOT-INF/lib/gmssl-core-1.3.4-SNAPSHOT.jar:com/xdja/pki/gmssl/core/utils/GMSSLP7Utils$PKCS7SignedData.class */
    public static class PKCS7SignedData {
        public CMSSignedData cmsSignedData;
        public byte[] content;
        public List<VerifyResult> verifyResults;
        public VerifyResult verifyResult0;
    }

    /* loaded from: input_file:BOOT-INF/lib/gmssl-core-1.3.4-SNAPSHOT.jar:com/xdja/pki/gmssl/core/utils/GMSSLP7Utils$VerifyEnum.class */
    public enum VerifyEnum {
        SIGN_VERIFY_SUCCESS,
        SIGN_VERIFY_FAILED,
        SIGN_CERTIFICATE_CONVERT_ERROR,
        SIGN_CERTIFICATE_NOT_VALID_ON_NOW,
        SIGN_TIME_NOT_VALID_ON_CERTIFICATE,
        SIGN_VERIFY_ERROR
    }

    /* loaded from: input_file:BOOT-INF/lib/gmssl-core-1.3.4-SNAPSHOT.jar:com/xdja/pki/gmssl/core/utils/GMSSLP7Utils$VerifyResult.class */
    public static class VerifyResult {
        public VerifyEnum verifyEnum;
        public X509Certificate verifyCert;
    }

    public static byte[] encodeSignData(X509Certificate x509Certificate, String str, PrivateKey privateKey, byte[] bArr) throws CertificateEncodingException, IOException, OperatorCreationException, CMSException {
        return encodeSignData(null, x509Certificate, str, privateKey, true, bArr);
    }

    public static byte[] encodeSignData(List<X509Certificate> list, X509Certificate x509Certificate, String str, PrivateKey privateKey, boolean z, byte[] bArr) throws OperatorCreationException, CertificateEncodingException, CMSException, IOException {
        CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
        if (list == null) {
            list = new ArrayList();
            list.add(x509Certificate);
        } else if (!list.contains(x509Certificate)) {
            list.add(x509Certificate);
        }
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder(str).setProvider("BC").build(privateKey), x509Certificate));
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(list));
        return cMSSignedDataGenerator.generate(cMSProcessableByteArray, z).toASN1Structure().getEncoded(ASN1Encoding.DER);
    }

    public static PKCS7SignedData decodeAndVerifySignData(byte[] bArr) throws CMSException {
        return decodeSignData(bArr, true);
    }

    public static PKCS7SignedData decodeSignData(byte[] bArr, boolean z) throws CMSException {
        CMSSignedData cMSSignedData = new CMSSignedData(bArr);
        CMSTypedData signedContent = cMSSignedData.getSignedContent();
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData();
        if (signedContent != null && (signedContent.getContent() instanceof byte[])) {
            pKCS7SignedData.content = (byte[]) signedContent.getContent();
        }
        pKCS7SignedData.cmsSignedData = cMSSignedData;
        if (!z) {
            return pKCS7SignedData;
        }
        List<VerifyResult> verifySignData = verifySignData(cMSSignedData.getCertificates(), cMSSignedData.getSignerInfos());
        if (verifySignData.size() > 0) {
            pKCS7SignedData.verifyResult0 = verifySignData.get(0);
        }
        pKCS7SignedData.verifyResults = verifySignData;
        return pKCS7SignedData;
    }

    public static List<VerifyResult> verifySignData(Store store, SignerInformationStore signerInformationStore) {
        ArrayList arrayList = new ArrayList();
        for (SignerInformation signerInformation : signerInformationStore.getSigners()) {
            VerifyResult verifyResult = new VerifyResult();
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) store.getMatches(signerInformation.getSID()).iterator().next();
            X509Certificate x509Certificate = null;
            try {
                x509Certificate = GMSSLX509Utils.convertCertificate(x509CertificateHolder);
            } catch (Exception e) {
                verifyResult.verifyEnum = VerifyEnum.SIGN_CERTIFICATE_CONVERT_ERROR;
            }
            verifyResult.verifyCert = x509Certificate;
            if (x509CertificateHolder.isValidOn(new Date())) {
                try {
                    if (verifySignData(signerInformation, x509CertificateHolder)) {
                        verifyResult.verifyEnum = VerifyEnum.SIGN_VERIFY_SUCCESS;
                    } else {
                        verifyResult.verifyEnum = VerifyEnum.SIGN_VERIFY_FAILED;
                    }
                } catch (CMSVerifierCertificateNotValidException e2) {
                    verifyResult.verifyEnum = VerifyEnum.SIGN_TIME_NOT_VALID_ON_CERTIFICATE;
                } catch (Exception e3) {
                    verifyResult.verifyEnum = VerifyEnum.SIGN_VERIFY_ERROR;
                }
            } else {
                verifyResult.verifyEnum = VerifyEnum.SIGN_CERTIFICATE_NOT_VALID_ON_NOW;
            }
            arrayList.add(verifyResult);
        }
        return arrayList;
    }

    public static boolean verifySignData(SignerInformation signerInformation, X509CertificateHolder x509CertificateHolder) throws CMSException, CertificateException, OperatorCreationException {
        return signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder));
    }

    public static boolean verifySignData(SignerInformation signerInformation, X509Certificate x509Certificate) throws CMSException, CertificateException, OperatorCreationException {
        return signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509Certificate));
    }
}
