package esign.utils.security;

import com.timevale.tgtext.bouncycastle.asn1.ASN1Set;
import com.timevale.tgtext.bouncycastle.asn1.x509.X509Name;
import com.timevale.tgtext.bouncycastle.cert.X509CertificateHolder;
import com.timevale.tgtext.bouncycastle.cert.jcajce.JcaCertStore;
import com.timevale.tgtext.bouncycastle.cms.CMSAlgorithm;
import com.timevale.tgtext.bouncycastle.cms.CMSEnvelopedDataGenerator;
import com.timevale.tgtext.bouncycastle.cms.CMSException;
import com.timevale.tgtext.bouncycastle.cms.CMSProcessableByteArray;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedData;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedDataGenerator;
import com.timevale.tgtext.bouncycastle.cms.SignerInformation;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import com.timevale.tgtext.bouncycastle.jce.PKCS10CertificationRequest;
import com.timevale.tgtext.bouncycastle.jce.provider.BouncyCastleProvider;
import com.timevale.tgtext.bouncycastle.util.Store;
import com.timevale.tgtext.text.pdf.dg;
import com.timevale.tgtext.text.pdf.security.x;
import esign.utils.Base64;
import esign.utils.ca.fisherman.FMSYS;
import esign.utils.exception.ErrorsDiscriptor;
import esign.utils.exception.SuperException;
import esign.utils.security.provider.DigestProivder;
import esign.utils.security.provider.Provider;
import esign.utils.security.verify.VerifyResult;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:esign/utils/security/SoftKeyTool.class */
public class SoftKeyTool {
    private PrivateKey privateKey = null;
    private PublicKey publicKey = null;
    private static final Logger LOGGER = LoggerFactory.getLogger(SoftKeyTool.class);

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public KeyPairGenerator generateKey() {
        KeyPairGenerator keyPairGenerator = null;
        try {
            keyPairGenerator = KeyPairGenerator.getInstance(x.bvt);
            keyPairGenerator.initialize(2048, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.publicKey = generateKeyPair.getPublic();
            this.privateKey = generateKeyPair.getPrivate();
        } catch (NoSuchAlgorithmException e) {
        }
        return keyPairGenerator;
    }

    public byte[] generatePKCS10(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        byte[] bArr = null;
        if (null != generateKey()) {
            bArr = new PKCS10CertificationRequest("MD5WithRSA", new X509Name("CN=" + str + ",OU=" + str2 + ",O=" + str3 + ",L=" + str4 + ",ST=" + str5 + ",C=" + str6), this.publicKey, (ASN1Set) null, this.privateKey).getEncoded();
        }
        return bArr;
    }

    public static Certificate getCertFromFile(String str) {
        Certificate certificate = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (fileInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(fileInputStream);
            }
            return certificate;
        } catch (Exception e) {
            e.printStackTrace();
            return certificate;
        }
    }

    public static String getInfoFromDn(String str, String str2) {
        String str3 = dg.aNs;
        String[] split = str.split(",");
        if (split.length > 0) {
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].trim();
                if (split[i].contains(str2.toUpperCase() + "=")) {
                    str3 = split[i].substring(split[i].indexOf(str2.toUpperCase()) + str2.length() + 1, split[i].length());
                }
            }
        }
        return str3;
    }

    public byte[] SymEncrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = null;
        try {
            FMSYS fmsys = new FMSYS(BouncyCastleProvider.PROVIDER_NAME);
            SecretKey generatekey = fmsys.generatekey(bArr, str);
            if (generatekey != null) {
                bArr4 = fmsys.sysenc(generatekey, str.split("/").length >= 2 ? str.split("/")[1] : "CBC", true, bArr2, bArr3);
            }
            return bArr4;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public byte[] SymDecrypt(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = null;
        try {
            FMSYS fmsys = new FMSYS(BouncyCastleProvider.PROVIDER_NAME);
            SecretKey generatekey = fmsys.generatekey(bArr, str);
            if (generatekey != null) {
                bArr4 = fmsys.sysdec(generatekey, str.split("/").length >= 2 ? str.split("/")[1] : "CBC", true, bArr2, bArr3);
            }
            return bArr4;
        } catch (Exception e) {
            return null;
        }
    }

    public static VerifyResult verifySignedDataByP7(byte[] bArr) {
        VerifyResult verifyResult = new VerifyResult();
        verifyResult.setVerifies(true);
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                X509CertificateHolder next = certificates.getMatches(signerInformation.getSID()).iterator().next();
                verifyResult.add(next, signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(next)));
            }
        } catch (Exception e) {
            LOGGER.error("verify failed.", e);
            verifyResult.setVerifies(false);
        }
        return verifyResult;
    }

    @Deprecated
    public static VerifyResult verifySignedDataByP7(byte[] bArr, byte[] bArr2, DigestProivder digestProivder) {
        if (Arrays.equals(MessageDigestUtil.INSTANCE.digest(bArr2, digestProivder), GetP7SignDataInfo(bArr))) {
            return verifySignedDataByP7(bArr);
        }
        LOGGER.debug("orign data is not mathced with data in pkcs7.");
        return new VerifyResult();
    }

    public static VerifyResult verifyPKCS7(byte[] bArr, byte[] bArr2, DigestProivder digestProivder) throws SuperException {
        if (Arrays.equals(MessageDigestUtil.INSTANCE.digest(bArr2, digestProivder), getP7SignDataInfo(bArr))) {
            return verifySignedDataByP7(bArr);
        }
        LOGGER.debug("orign data is not mathced with data in pkcs7.");
        return new VerifyResult();
    }

    private static byte[] GetP7SignDataInfo(byte[] bArr) {
        try {
            return (byte[]) ((CMSProcessableByteArray) new CMSSignedData(bArr).getSignedContent()).getContent();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static byte[] getP7SignDataInfo(byte[] bArr) throws SuperException {
        try {
            return (byte[]) ((CMSProcessableByteArray) new CMSSignedData(bArr).getSignedContent()).getContent();
        } catch (CMSException e) {
            LOGGER.error("invalid data for pkcs7.", e);
            throw ErrorsDiscriptor.InvalidSignatureForPKCS7.e();
        }
    }

    public byte[] SignDataByP7(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(x.bvt).generatePrivate(new PKCS8EncodedKeySpec(bArr2));
            Signature.getInstance(x.bvt);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr3);
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).setDirectSignature(true).build(str, generatePrivate, (X509Certificate) certificate));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static byte[] pkcs1sign(byte[] bArr, byte[] bArr2, String str) {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(x.bvt).generatePrivate(new PKCS8EncodedKeySpec(bArr));
            Signature signature = Signature.getInstance(str);
            signature.initSign(generatePrivate);
            signature.update(bArr2);
            return signature.sign();
        } catch (Exception e) {
            System.out.println("签名失败");
            e.printStackTrace();
            return null;
        }
    }

    public static boolean pkcs1verify(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        try {
            Signature signature = Signature.getInstance(str);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            if (certificate == null) {
                return false;
            }
            signature.initVerify(certificate.getPublicKey());
            signature.update(bArr2);
            return signature.verify(bArr3);
        } catch (Throwable th) {
            System.out.println("校验签名失败");
            th.printStackTrace();
            return false;
        }
    }

    public static boolean pkcs1verify(String str, String str2, String str3, String str4) {
        try {
            Signature signature = Signature.getInstance(str4);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            if (str == null) {
                return false;
            }
            signature.initVerify(certificate.getPublicKey());
            signature.update(Base64.decode(str2));
            return signature.verify(Base64.decode(str3));
        } catch (Throwable th) {
            System.out.println("校验签名失败");
            th.printStackTrace();
            return false;
        }
    }

    public static byte[] PubKeyEncrypt(byte[] bArr, byte[] bArr2) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            if (null == certificate) {
                return null;
            }
            CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate) certificate).setProvider(BouncyCastleProvider.PROVIDER_NAME));
            return cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr2), new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME).build()).getEncoded();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void main(String[] strArr) {
        new SoftKeyTool();
    }

    static {
        Provider.BC.install();
    }
}
