package cfca.sadk.signature.decoder;

import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.asn1.parser.PKCS7SignFileParser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1Encodable;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DERTaggedObject;
import cfca.sadk.org.bouncycastle.asn1.pkcs.ContentInfo;
import cfca.sadk.org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import cfca.sadk.org.bouncycastle.asn1.pkcs.SignedData;
import cfca.sadk.org.bouncycastle.asn1.x509.Certificate;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;

/* loaded from: input_file:cfca/sadk/signature/decoder/PKCS7DecodeFacade.class */
public final class PKCS7DecodeFacade {
    final Session session;
    final SignedData signedData;
    final PKCS7SignFileParser signedFile;
    final String digestAlgorithm;
    final X509Cert signCert;
    final byte[] signValue;
    final AbstractPKCS7Decoder decoder;
    byte[] sourceData = null;

    public PKCS7DecodeFacade(Session session, byte[] bArr) throws PKIException {
        AbstractPKCS7Decoder pKCS7ECCDecoder;
        this.session = session == null ? BCSoftLib.INSTANCE() : session;
        if (bArr == null || bArr.length == 0) {
            throw new PKIException("PKCS7SignedData encoding required not  be null");
        }
        if (bArr.length < 1) {
            throw new PKIException("PKCS7SignedData encoding required length>0");
        }
        byte[] bArr2 = bArr;
        if (bArr[0] == 77) {
            try {
                bArr2 = Base64.decode(bArr);
            } catch (Exception e) {
                throw new PKIException("PKCS7SignedData encoding with invalid base64", e);
            }
        }
        try {
            try {
                SignedData signedData = SignedData.getInstance(ContentInfo.getInstance(ASN1Sequence.getInstance(bArr2)).getContent());
                X509Cert firstSignerCert = getFirstSignerCert(signedData, null);
                if (firstSignerCert.isSM2Cert()) {
                    pKCS7ECCDecoder = new PKCS7SM2Decoder(session, signedData, true);
                } else if (firstSignerCert.isRSACert()) {
                    pKCS7ECCDecoder = new PKCS7RSADecoder(session, signedData, false);
                } else {
                    if (!firstSignerCert.isECCCert()) {
                        throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, "PKCS7SignedData invalid signCertType");
                    }
                    pKCS7ECCDecoder = new PKCS7ECCDecoder(session, signedData, false);
                }
                this.signedData = signedData;
                this.signedFile = null;
                this.decoder = pKCS7ECCDecoder;
                this.signValue = pKCS7ECCDecoder.getSignValue();
                this.digestAlgorithm = pKCS7ECCDecoder.getDigestAlgorithm();
                this.signCert = firstSignerCert;
            } catch (Exception e2) {
                throw new PKIException("PKCS7SignedData encoding with invalid signedData-encoding", e2);
            }
        } catch (Exception e3) {
            throw new PKIException("PKCS7SignedData encoding with invalid asn1-encoding", e3);
        }
    }

    public PKCS7DecodeFacade(Session session, String str) throws PKIException {
        AbstractPKCS7Decoder pKCS7ECCDecoder;
        this.session = session == null ? BCSoftLib.INSTANCE() : session;
        if (str == null) {
            throw new PKIException("PKCS7SignedFile signFilePath==null");
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new PKIException("PKCS7SignedFile noexists: " + file.getAbsolutePath());
        }
        if (!file.isFile()) {
            throw new PKIException("PKCS7SignedFile is not file: " + file.getAbsolutePath());
        }
        try {
            PKCS7SignFileParser pKCS7SignFileParser = new PKCS7SignFileParser(file);
            pKCS7SignFileParser.parser();
            X509Cert firstSignerCert = getFirstSignerCert(null, pKCS7SignFileParser);
            if (firstSignerCert.isSM2Cert()) {
                pKCS7ECCDecoder = new PKCS7SM2Decoder(session, pKCS7SignFileParser, true);
            } else if (firstSignerCert.isRSACert()) {
                pKCS7ECCDecoder = new PKCS7RSADecoder(session, pKCS7SignFileParser, false);
            } else {
                if (!firstSignerCert.isECCCert()) {
                    throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, "PKCS7SignedData invalid signCertType");
                }
                pKCS7ECCDecoder = new PKCS7ECCDecoder(session, pKCS7SignFileParser, false);
            }
            this.signedFile = pKCS7SignFileParser;
            this.signedData = null;
            this.decoder = pKCS7ECCDecoder;
            this.signValue = pKCS7ECCDecoder.getSignValue();
            this.digestAlgorithm = pKCS7ECCDecoder.getDigestAlgorithm();
            this.signCert = firstSignerCert;
        } catch (Exception e) {
            throw new PKIException("PKCS7SignedFile is invalid", e);
        }
    }

    public final SignedData getSignedData() {
        return this.signedData;
    }

    public final byte[] getSourceData() throws PKIException {
        byte[] encoded;
        if (this.sourceData == null && this.signedData != null) {
            ContentInfo contentInfo = this.signedData.getContentInfo();
            ASN1Encodable content = contentInfo.getContent();
            if (content == null) {
                throw new PKIException("no sourceData to be verify.");
            }
            if (isP7DataType(contentInfo.getContentType())) {
                encoded = ((ASN1OctetString) content).getOctets();
            } else {
                try {
                    encoded = content.toASN1Primitive().getEncoded();
                } catch (IOException e) {
                    throw new PKIException("sourceData obtain failed", e);
                }
            }
            this.sourceData = encoded;
        }
        return this.sourceData;
    }

    private final X509Cert getFirstSignerCert(SignedData signedData, PKCS7SignFileParser pKCS7SignFileParser) throws PKIException {
        ASN1Set aSN1Set;
        ASN1Set aSN1Set2;
        if (signedData != null) {
            aSN1Set = signedData.getCertificates();
            aSN1Set2 = signedData.getSignerInfos();
        } else {
            if (pKCS7SignFileParser == null) {
                throw new PKIException("invalid signedData/signedFile");
            }
            try {
                aSN1Set = ASN1Set.getInstance(DERTaggedObject.getInstance(pKCS7SignFileParser.getCertificate_node().getData()), false);
                aSN1Set2 = ASN1Set.getInstance(pKCS7SignFileParser.getSingerinfo_node().getData());
            } catch (Exception e) {
                throw new PKIException("PKCS7SignedFile decode signedData/signedFile failed");
            }
        }
        if (aSN1Set.size() == 0) {
            throw new PKIException("no signerCerts on signedData/signedFile");
        }
        if (aSN1Set2.size() == 0) {
            throw new PKIException("no signerInfos on signedData/signedFile");
        }
        IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(ASN1Sequence.getInstance(aSN1Set2.getObjectAt(0)).getObjectAt(1));
        X509Cert x509Cert = null;
        int i = 0;
        int size = aSN1Set.size();
        while (true) {
            if (i >= size) {
                break;
            }
            Certificate certificate = Certificate.getInstance(aSN1Set.getObjectAt(i));
            if (new IssuerAndSerialNumber(certificate.getIssuer(), certificate.getSerialNumber().getPositiveValue()).equals(issuerAndSerialNumber)) {
                x509Cert = new X509Cert(certificate);
                break;
            }
            i++;
        }
        if (x509Cert == null) {
            throw new PKIException("no signing cert on signedData/signedFile");
        }
        return x509Cert;
    }

    public final X509Cert getSignerX509Cert() throws PKIException {
        return this.signCert;
    }

    public byte[] getSignature() throws PKIException {
        return this.signValue;
    }

    public String getDigestAlgorithm() throws PKIException {
        return this.decoder.getDigestAlgorithm();
    }

    public final String getSignTime() throws PKIException {
        return this.decoder.getSignTime();
    }

    public final boolean verifyP7SignedDataAttach() throws PKIException {
        return this.decoder.verifySignerInfo(getSourceData(), this.signCert);
    }

    public boolean verifyP7SignedData(InputStream inputStream) throws PKIException {
        return this.decoder.verifySignerInfoByFile(inputStream, this.signCert);
    }

    public boolean verifyP7SignedData(byte[] bArr) throws PKIException {
        return this.decoder.verifySignerInfo(bArr, this.signCert);
    }

    public boolean verifyP7SignedDataByHash(byte[] bArr) throws PKIException {
        return this.decoder.verifySignerInfoByHash(bArr, this.signCert);
    }

    public final boolean verifyP7SignedFileAttach(String str) throws PKIException {
        return this.decoder.verifyP7SignedFile(str, this.signCert);
    }

    public static boolean isP7DataType(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return PKCSObjectIdentifiers.data.equals(aSN1ObjectIdentifier) || PKCSObjectIdentifiers.sm2Data.equals(aSN1ObjectIdentifier) || PKCSObjectIdentifiers.id_ct_TSTInfo.equals(aSN1ObjectIdentifier);
    }
}
