package com.cfca.util.pki.pkcs;

import com.alibaba.fastjson.asm.Opcodes;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.ASN1InputStream;
import com.cfca.util.pki.asn1.ASN1Sequence;
import com.cfca.util.pki.asn1.ASN1Set;
import com.cfca.util.pki.asn1.BERSet;
import com.cfca.util.pki.asn1.DERInteger;
import com.cfca.util.pki.asn1.DERNull;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DEROctetString;
import com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import com.cfca.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import com.cfca.util.pki.asn1.pkcs.pkcs7.EncryptedContentInfo;
import com.cfca.util.pki.asn1.pkcs.pkcs7.EnvelopedData;
import com.cfca.util.pki.asn1.pkcs.pkcs7.IssuerAndSerialNumber;
import com.cfca.util.pki.asn1.pkcs.pkcs7.RecipientInfo;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.X509Name;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JCrypto;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.cipher.lib.JSoftLib;
import com.cfca.util.pki.cipher.param.CBCParam;
import com.cfca.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.crypto.spec.IvParameterSpec;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;

/* loaded from: input_file:com/cfca/util/pki/pkcs/PKCS7EnvelopedData.class */
public class PKCS7EnvelopedData {
    private Session session;
    private EnvelopedData envelopedData = null;
    private List recipientCerts = new ArrayList();
    public static Hashtable MECH_OID = new Hashtable();
    public static Hashtable OID_MECH = new Hashtable();

    static {
        MECH_OID.put("DES/CBC/PKCS7Padding", PKCSObjectIdentifiers.desCBCEncryption);
        MECH_OID.put("DES/ECB/PKCS7Padding", PKCSObjectIdentifiers.desEncryption);
        MECH_OID.put("DESede/CBC/PKCS7Padding", PKCSObjectIdentifiers.des3CBCEncryption);
        MECH_OID.put("DESede/ECB/PKCS7Padding", PKCSObjectIdentifiers.des3Encryption);
        MECH_OID.put(Mechanism.RSA_PKCS, PKCSObjectIdentifiers.rsaEncryption);
        MECH_OID.put(Mechanism.RC2_CBC, PKCSObjectIdentifiers.rc2CBCEncryption);
        MECH_OID.put(Mechanism.RC2_ECB, PKCSObjectIdentifiers.rc2Encryption);
        MECH_OID.put(Mechanism.AES_ECB, PKCSObjectIdentifiers.AES_ECB);
        MECH_OID.put(Mechanism.AES_CBC, PKCSObjectIdentifiers.AES_CBC);
        MECH_OID.put("RC4", PKCSObjectIdentifiers.rc4Encryption);
        MECH_OID.put("PBEWithMD5AndDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC);
        MECH_OID.put("PBEWithSHA1AndDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC);
        MECH_OID.put("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC);
        MECH_OID.put("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC);
        OID_MECH.put(PKCSObjectIdentifiers.desCBCEncryption, "DES/CBC/PKCS7Padding");
        OID_MECH.put(PKCSObjectIdentifiers.desEncryption, "DES/ECB/PKCS7Padding");
        OID_MECH.put(PKCSObjectIdentifiers.des3CBCEncryption, "DESede/CBC/PKCS7Padding");
        OID_MECH.put(PKCSObjectIdentifiers.des3Encryption, "DESede/ECB/PKCS7Padding");
        OID_MECH.put(PKCSObjectIdentifiers.rsaEncryption, Mechanism.RSA_PKCS);
        OID_MECH.put(PKCSObjectIdentifiers.rc2CBCEncryption, Mechanism.RC2_CBC);
        OID_MECH.put(PKCSObjectIdentifiers.rc2Encryption, Mechanism.RC2_ECB);
        OID_MECH.put(PKCSObjectIdentifiers.rc4Encryption, "RC4");
        OID_MECH.put(PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWithMD5AndDES");
        OID_MECH.put(PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWithSHA1AndDES");
        OID_MECH.put(PKCSObjectIdentifiers.pbeWithSHAAnd2DESCBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
        OID_MECH.put(PKCSObjectIdentifiers.pbeWithSHAAnd3DESCBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
    }

    public PKCS7EnvelopedData(Session session) {
        this.session = null;
        this.session = session;
    }

    public void addRecipient(X509Cert x509Cert) throws PKIException {
        this.recipientCerts.add(x509Cert);
    }

    public byte[] generateEnvelopedData(String str, byte[] bArr, Mechanism mechanism) throws PKIException {
        if (str == null) {
            str = PKCS7SignedData.DATA;
        }
        if (this.recipientCerts.size() == 0) {
            throw new PKIException(PKIException.NULL_P7_RECIPIENTCERT_ERR, PKIException.NULL_P7_RECIPIENTCERT_ERR_DES);
        }
        AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(mechanism, (DERObjectIdentifier) MECH_OID.get(mechanism.getMechanismType()));
        JKey sessionKey = getSessionKey(mechanism);
        if (sessionKey == null) {
            throw new PKIException(PKIException.FAIL_P7_GENERATEKEY_ERR, PKIException.FAIL_P7_GENERATEKEY_ERR_DES);
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i < this.recipientCerts.size(); i++) {
            X509Cert x509Cert = (X509Cert) this.recipientCerts.get(i);
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509Cert.getIssuer()), x509Cert.getSerialNumber());
            if (x509Cert.getSignatureAlgName().indexOf("RSA") == -1) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_ERR_DES);
            }
            aSN1EncodableVector.add(new RecipientInfo(new DERInteger(0), issuerAndSerialNumber, new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.RSA_PKCS), x509Cert.getPublicKey(), sessionKey.getKey()))));
        }
        return Parser.writeDERObj2Bytes(new EnvelopedData(new DERInteger(0), new BERSet(aSN1EncodableVector), new EncryptedContentInfo(new DERObjectIdentifier(str), algorithmIdentifier, new DEROctetString(this.session.encrypt(mechanism, sessionKey, bArr)))));
    }

    public byte[] generateEnvelopedData(String str, byte[] bArr, Mechanism mechanism, X509Cert x509Cert) throws PKIException {
        if (str == null) {
            str = PKCS7SignedData.DATA;
        }
        if (x509Cert == null) {
            throw new PKIException(PKIException.NULL_P7_RECIPIENTCERT_ERR, PKIException.NULL_P7_RECIPIENTCERT_ERR_DES);
        }
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509Cert.getIssuer()), x509Cert.getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(mechanism, (DERObjectIdentifier) MECH_OID.get(mechanism.getMechanismType()));
        JKey sessionKey = getSessionKey(mechanism);
        if (sessionKey == null) {
            throw new PKIException(PKIException.FAIL_P7_GENERATEKEY_ERR, PKIException.FAIL_P7_GENERATEKEY_ERR_DES);
        }
        if (x509Cert.getSignatureAlgName().indexOf("RSA") == -1) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_ERR_DES);
        }
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
        RecipientInfo recipientInfo = new RecipientInfo(new DERInteger(0), issuerAndSerialNumber, algorithmIdentifier2, new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.RSA_PKCS), x509Cert.getPublicKey(), sessionKey.getKey())));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(recipientInfo);
        return Parser.writeDERObj2Bytes(new EnvelopedData(new DERInteger(0), new BERSet(aSN1EncodableVector), new EncryptedContentInfo(new DERObjectIdentifier(str), algorithmIdentifier, new DEROctetString(this.session.encrypt(mechanism, sessionKey, bArr)))));
    }

    public byte[] generateEnvelopedDataContent(byte[] bArr) throws PKIException {
        return Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.envelopedData, EnvelopedData.getInstance(Parser.writeBytes2DERObj(bArr))));
    }

    public byte[] generateCryptoAPISignAndEnvContent(byte[] bArr) throws PKIException {
        return Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.envelopedData, EnvelopedData.getInstance(Parser.writeBytes2DERObj(bArr))));
    }

    public byte[] generateSignAndEnvDataExtendCryptAPI(String str, byte[] bArr, String str2, Mechanism mechanism, JKey jKey, X509Cert x509Cert, X509Cert x509Cert2) throws PKIException {
        if (x509Cert2 == null) {
            throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_NULL_RECIPIENTCERT_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_NULL_RECIPIENTCERT_ERR_DES);
        }
        PrivateKey convertPrivateKey = Parser.convertPrivateKey(jKey);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Cert.getEncoded()));
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            try {
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER);
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addSigner(convertPrivateKey, x509Certificate, str2);
                try {
                    cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
                    try {
                        CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true, JSoftLib.PROVIDER);
                        try {
                            byte[] encoded = generate.getEncoded();
                            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509Cert2.getIssuer()), x509Cert2.getSerialNumber());
                            AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(mechanism, (DERObjectIdentifier) MECH_OID.get(mechanism.getMechanismType()));
                            JKey sessionKey = getSessionKey(mechanism);
                            if (sessionKey == null) {
                                throw new PKIException(PKIException.FAIL_P7_GENERATEKEY_ERR, PKIException.FAIL_P7_GENERATEKEY_ERR_DES);
                            }
                            if (x509Cert2.getSignatureAlgName().indexOf("RSA") == -1) {
                                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_ERR_DES);
                            }
                            AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
                            RecipientInfo recipientInfo = new RecipientInfo(new DERInteger(0), issuerAndSerialNumber, algorithmIdentifier2, new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.RSA_PKCS), x509Cert2.getPublicKey(), sessionKey.getKey())));
                            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                            aSN1EncodableVector.add(recipientInfo);
                            return Parser.writeDERObj2Bytes(new EnvelopedData(new DERInteger(0), new BERSet(aSN1EncodableVector), new EncryptedContentInfo(new DERObjectIdentifier(str), algorithmIdentifier, new DEROctetString(this.session.encrypt(mechanism, sessionKey, encoded)))));
                        } catch (IOException e) {
                            throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e);
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e2);
                    } catch (NoSuchProviderException e3) {
                        throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e3);
                    } catch (CMSException e4) {
                        throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e4);
                    }
                } catch (CMSException e5) {
                    throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e5);
                } catch (CertStoreException e6) {
                    throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e6);
                }
            } catch (InvalidAlgorithmParameterException e7) {
                throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e7);
            } catch (NoSuchAlgorithmException e8) {
                throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e8);
            } catch (NoSuchProviderException e9) {
                throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e9);
            }
        } catch (Exception e10) {
            throw new PKIException(PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR, PKIException.GEN_CRYPTO_API_SIGNED_AND_ENVELOP_ERR_DES, e10);
        }
    }

    public byte[] getEnvelopedDataFromContentInfo(byte[] bArr) throws PKIException {
        ContentInfo contentInfo = ContentInfo.getInstance(Parser.writeBytes2DERObj(bArr));
        if (contentInfo.getContentType().equals(PKCSObjectIdentifiers.envelopedData)) {
            return Parser.writeDERObj2Bytes(EnvelopedData.getInstance(contentInfo.getContent()));
        }
        throw new PKIException(PKIException.NOT_ENVELOPED_DATA_TYPE_ERR, PKIException.NOT_ENVELOPED_DATA_TYPE_ERR_DES);
    }

    private AlgorithmIdentifier getAlgorithmIdentifier(Mechanism mechanism, DERObjectIdentifier dERObjectIdentifier) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(dERObjectIdentifier, new DERNull());
        try {
            if (mechanism.getMechanismType().toUpperCase().indexOf("CBC") == -1) {
                return algorithmIdentifier;
            }
            if (mechanism.getParam() == null) {
                throw new PKIException(PKIException.NULL_P7_ENVELOP_CBC_ERR, PKIException.NULL_P7_ENVELOP_CBC_ERR_DES);
            }
            return new AlgorithmIdentifier(dERObjectIdentifier, new DEROctetString(((CBCParam) mechanism.getParam()).getIv()));
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_GENERATE_ERR, PKIException.FAIL_P7_ENVELOP_GENERATE_ERR_DES, e);
        }
    }

    private JKey getSessionKey(Mechanism mechanism) throws PKIException {
        JKey jKey = null;
        try {
            if (mechanism.getMechanismType().toUpperCase().indexOf("CBC") != -1) {
                CBCParam cBCParam = (CBCParam) mechanism.getParam();
                if (cBCParam == null) {
                    throw new PKIException(PKIException.NULL_P7_ENVELOP_CBC_ERR, PKIException.NULL_P7_ENVELOP_CBC_ERR_DES);
                }
                new IvParameterSpec(cBCParam.getIv());
                if (mechanism.getMechanismType().equals("DES/CBC/PKCS7Padding")) {
                    jKey = this.session.generateKey(new Mechanism("DES"), 64);
                } else if (mechanism.getMechanismType().equals("DESede/CBC/PKCS7Padding")) {
                    jKey = this.session.generateKey(new Mechanism("DESede"), Opcodes.CHECKCAST);
                } else if (mechanism.getMechanismType().equals(Mechanism.RC2_CBC)) {
                    jKey = this.session.generateKey(new Mechanism("RC2"), 128);
                } else if (mechanism.getMechanismType().equals(Mechanism.IDEA_CBC)) {
                    jKey = this.session.generateKey(new Mechanism("IDEA"), 128);
                } else if (mechanism.getMechanismType().equals(Mechanism.AES_CBC)) {
                    jKey = this.session.generateKey(new Mechanism("AES"), 128);
                }
            } else if (mechanism.getMechanismType().toUpperCase().indexOf("ECB") != -1) {
                if (mechanism.getMechanismType().equals("DES/ECB/PKCS7Padding")) {
                    jKey = this.session.generateKey(new Mechanism("DES"), 64);
                } else if (mechanism.getMechanismType().equals("DESede/ECB/PKCS7Padding")) {
                    jKey = this.session.generateKey(new Mechanism("DESede"), Opcodes.CHECKCAST);
                } else if (mechanism.getMechanismType().equals(Mechanism.RC2_ECB)) {
                    jKey = this.session.generateKey(new Mechanism("RC2"), 128);
                } else if (mechanism.getMechanismType().equals(Mechanism.IDEA_ECB)) {
                    jKey = this.session.generateKey(new Mechanism("IDEA"), 128);
                } else if (mechanism.getMechanismType().equals(Mechanism.AES_ECB)) {
                    jKey = this.session.generateKey(new Mechanism("AES"), 128);
                }
            } else if (mechanism.getMechanismType().toUpperCase().equals("RC4")) {
                jKey = this.session.generateKey(new Mechanism("RC4"), 128);
            }
            return jKey;
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_GENERATEKEY_ERR, PKIException.FAIL_P7_GENERATEKEY_ERR_DES, e);
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (Parser.isBase64Encode(bArr)) {
            bArr = Base64.decode(Parser.convertBase64(bArr));
        }
        load(new ByteArrayInputStream(bArr));
    }

    public void load(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            load(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public void loadDer(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(bArr));
    }

    public void loadBase64(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(Base64.decode(Parser.convertBase64(bArr))));
    }

    public void loadDer(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            loadDer(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public void loadBase64(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            loadBase64(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public void load(EnvelopedData envelopedData) throws PKIException {
        this.envelopedData = envelopedData;
    }

    private void load(InputStream inputStream) throws PKIException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        try {
            EnvelopedData envelopedData = EnvelopedData.getInstance(ContentInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()).getContent());
            inputStream.close();
            aSN1InputStream.close();
            this.envelopedData = envelopedData;
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public byte[] getContent(X509Cert x509Cert, JKey jKey) throws PKIException {
        byte[] writeDERObj2Bytes;
        try {
            byte[] bArr = (byte[]) null;
            EncryptedContentInfo encryptedContentInfo = this.envelopedData.getEncryptedContentInfo();
            if (encryptedContentInfo == null) {
                throw new PKIException(PKIException.NULL_P7_ENVELOP_PARSE_ERR, PKIException.NULL_P7_ENVELOP_PARSE_ERR_DES);
            }
            if (!encryptedContentInfo.getContentType().equals(PKCSObjectIdentifiers.data)) {
                writeDERObj2Bytes = Parser.writeDERObj2Bytes(encryptedContentInfo.getEncryptedContent().getDERObject());
            } else {
                if (encryptedContentInfo.getEncryptedContent() == null) {
                    throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, new Exception("no sourceData to be verify."));
                }
                writeDERObj2Bytes = encryptedContentInfo.getEncryptedContent().getOctets();
            }
            ASN1Set recipientInfos = this.envelopedData.getRecipientInfos();
            boolean z = false;
            for (int i = 0; i < recipientInfos.size(); i++) {
                RecipientInfo recipientInfo = RecipientInfo.getInstance(this.envelopedData.getRecipientInfos().getObjectAt(i));
                if (new IssuerAndSerialNumber(new X509Name(x509Cert.getIssuer()), x509Cert.getSerialNumber()).equals(recipientInfo.getIssuerAndSerialNumber())) {
                    z = true;
                    byte[] octets = recipientInfo.getEncryptedKey().getOctets();
                    AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
                    DERObjectIdentifier objectId = contentEncryptionAlgorithm.getObjectId();
                    byte[] decrypt = this.session.decrypt(new Mechanism(Mechanism.RSA_PKCS), jKey, octets);
                    JKey jKey2 = null;
                    Mechanism mechanism = null;
                    String str = (String) OID_MECH.get(objectId);
                    if (str.indexOf("CBC") != -1) {
                        DEROctetString dEROctetString = (DEROctetString) contentEncryptionAlgorithm.getParameters();
                        CBCParam cBCParam = new CBCParam();
                        cBCParam.setIv(dEROctetString.getOctets());
                        if (str.equals("DES/CBC/PKCS7Padding")) {
                            mechanism = new Mechanism("DES/CBC/PKCS7Padding", cBCParam);
                            jKey2 = new JKey("DES", decrypt);
                        } else if (str.equals("DESede/CBC/PKCS7Padding")) {
                            mechanism = new Mechanism("DESede/CBC/PKCS7Padding", cBCParam);
                            jKey2 = new JKey("DESede", decrypt);
                        }
                    } else if (str.indexOf("ECB") == -1) {
                        if (!str.equals("RC4")) {
                            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, new StringBuffer("产生签名数字信封数据,算法不支持Algorithm is:").append(str).toString());
                        }
                        mechanism = new Mechanism("RC4");
                        jKey2 = this.session instanceof JSoftLib ? new JKey("RC4", decrypt) : new JKey("RC4_KEY", decrypt);
                    } else if (str.equals("DES/ECB/PKCS7Padding")) {
                        mechanism = new Mechanism("DES/ECB/PKCS7Padding");
                        jKey2 = new JKey("DES", decrypt);
                    } else if (str.equals("DESede/ECB/PKCS7Padding")) {
                        mechanism = new Mechanism("DESede/ECB/PKCS7Padding");
                        jKey2 = new JKey("DESede", decrypt);
                    }
                    bArr = this.session.decrypt(mechanism, jKey2, writeDERObj2Bytes);
                }
            }
            if (z) {
                return bArr;
            }
            throw new PKIException(PKIException.ENVELOP_CERTIFICATE_NOT_MATCH_ERR, PKIException.ENVELOP_CERTIFICATE_NOT_MATCH_ERR_DES);
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_P7_ENVELOP_PARSE_ERR, PKIException.FAIL_P7_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public byte[] getContentExtendCryptoAPI(JKey jKey) throws PKIException {
        return getContentExtendCryptoAPI(null, jKey);
    }

    public byte[] getContentExtendCryptoAPI(X509Cert x509Cert, JKey jKey) throws PKIException {
        byte[] writeDERObj2Bytes;
        try {
            EncryptedContentInfo encryptedContentInfo = this.envelopedData.getEncryptedContentInfo();
            if (encryptedContentInfo == null) {
                throw new PKIException(PKIException.NULL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR, PKIException.NULL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR_DES);
            }
            if (!encryptedContentInfo.getContentType().equals(PKCSObjectIdentifiers.data)) {
                writeDERObj2Bytes = Parser.writeDERObj2Bytes(encryptedContentInfo.getEncryptedContent().getDERObject());
            } else {
                if (encryptedContentInfo.getEncryptedContent() == null) {
                    throw new PKIException(PKIException.FAIL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR, PKIException.FAIL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR_DES, new Exception("no sourceData to be verify."));
                }
                writeDERObj2Bytes = encryptedContentInfo.getEncryptedContent().getOctets();
            }
            RecipientInfo recipientInfo = RecipientInfo.getInstance(this.envelopedData.getRecipientInfos().getObjectAt(0));
            byte[] octets = recipientInfo.getEncryptedKey().getOctets();
            if (x509Cert != null) {
                if (!new IssuerAndSerialNumber(new X509Name(x509Cert.getIssuer()), x509Cert.getSerialNumber()).equals(recipientInfo.getIssuerAndSerialNumber())) {
                    throw new PKIException(PKIException.CRYPTO_API_SIGNED_AND_ENVELOP_CERTIFICATE_NOT_MATCH_ERR, PKIException.CRYPTO_API_SIGNED_AND_ENVELOP_CERTIFICATE_NOT_MATCH_ERR_DES);
                }
            }
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            DERObjectIdentifier objectId = contentEncryptionAlgorithm.getObjectId();
            byte[] decrypt = this.session.decrypt(new Mechanism(Mechanism.RSA_PKCS), jKey, octets);
            JKey jKey2 = null;
            Mechanism mechanism = null;
            String str = (String) OID_MECH.get(objectId);
            if (str.indexOf("CBC") != -1) {
                DEROctetString dEROctetString = (DEROctetString) contentEncryptionAlgorithm.getParameters();
                CBCParam cBCParam = new CBCParam();
                cBCParam.setIv(dEROctetString.getOctets());
                if (str.equals("DES/CBC/PKCS7Padding")) {
                    mechanism = new Mechanism("DES/CBC/PKCS7Padding", cBCParam);
                    jKey2 = new JKey("DES", decrypt);
                } else if (str.equals("DESede/CBC/PKCS7Padding")) {
                    mechanism = new Mechanism("DESede/CBC/PKCS7Padding", cBCParam);
                    jKey2 = new JKey("DESede", decrypt);
                }
            } else if (str.indexOf("ECB") != -1) {
                if (str.equals("DES/ECB/PKCS7Padding")) {
                    mechanism = new Mechanism("DES/ECB/PKCS7Padding");
                    jKey2 = new JKey("DES", decrypt);
                } else if (str.equals("DESede/ECB/PKCS7Padding")) {
                    mechanism = new Mechanism("DESede/ECB/PKCS7Padding");
                    jKey2 = this.session instanceof JSoftLib ? new JKey("RC4", decrypt) : new JKey("RC4_KEY", decrypt);
                }
            } else {
                if (!str.equals("RC4")) {
                    throw new PKIException(PKIException.CRYPTO_API_SIGNED_AND_ENVELOP_UNSUPPORT_ENCRYPT_ALG_ERR, new StringBuffer("解析的Crypto API签名数字信封数据,加密算法不支持Algorithm is:").append(str).toString());
                }
                mechanism = new Mechanism("RC4");
                jKey2 = new JKey("RC4", decrypt);
            }
            byte[] decrypt2 = this.session.decrypt(mechanism, jKey2, writeDERObj2Bytes);
            CMSSignedData cMSSignedData = new CMSSignedData(decrypt2);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
            Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
            if (!it.hasNext()) {
                return decrypt2;
            }
            SignerInformation signerInformation = (SignerInformation) it.next();
            if (!signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), JSoftLib.PROVIDER)) {
                throw new PKIException(PKIException.CRYPTO_API_SIGNED_AND_ENVELOP_VERIFY_SIGN_ERR, PKIException.CRYPTO_API_SIGNED_AND_ENVELOP_VERIFY_SIGN_ERR);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            cMSSignedData.getSignedContent().write(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new PKIException(PKIException.FAIL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR, PKIException.FAIL_CRYPTO_API_SIGNED_AND_ENVELOP_PARSE_ERR_DES, e);
        }
    }

    public static void main(String[] strArr) {
        JCrypto jCrypto = JCrypto.getInstance();
        try {
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            Session openSession = jCrypto.openSession(JCrypto.JSOFT_LIB);
            Mechanism mechanism = new Mechanism("DES/CBC/PKCS7Padding", new CBCParam());
            PKCS7EnvelopedData pKCS7EnvelopedData = new PKCS7EnvelopedData(openSession);
            PKCS12 pkcs12 = new PKCS12();
            pkcs12.load("d:/temp/ZZW.pfx");
            pkcs12.decrypt("11111111".toCharArray());
            JKey privateKey = pkcs12.getPrivateKey();
            X509Cert x509Cert = pkcs12.getCerts()[0];
            PKCS12 pkcs122 = new PKCS12();
            pkcs122.load("d:/temp/userCert.pfx");
            pkcs122.decrypt("111".toCharArray());
            JKey privateKey2 = pkcs122.getPrivateKey();
            X509Cert certificate = pkcs122.getCertificate();
            byte[] bytes = "数字信封测试".getBytes("UTF-16LE");
            pKCS7EnvelopedData.addRecipient(x509Cert);
            pKCS7EnvelopedData.addRecipient(certificate);
            pKCS7EnvelopedData.load(pKCS7EnvelopedData.generateEnvelopedDataContent(pKCS7EnvelopedData.generateEnvelopedData(PKCS7EncryptedData.DATA, bytes, mechanism)));
            System.out.println(new StringBuffer("第一个接收者：").append(new String(pKCS7EnvelopedData.getContent(x509Cert, privateKey), "UTF-16LE")).toString());
            System.out.println(new StringBuffer("第二个接收者：").append(new String(pKCS7EnvelopedData.getContent(certificate, privateKey2), "UTF-16LE")).toString());
            System.out.println("OK!");
        } catch (Exception e) {
            System.out.println(e.toString());
        }
    }
}
