package com.timevale.esign.paas.tech.util;

import com.timevale.tgtext.bouncycastle.asn1.DEROutputStream;
import com.timevale.tgtext.bouncycastle.asn1.cms.ContentInfo;
import com.timevale.tgtext.bouncycastle.cert.X509CertificateHolder;
import com.timevale.tgtext.bouncycastle.cert.jcajce.JcaCertStore;
import com.timevale.tgtext.bouncycastle.cms.CMSProcessableByteArray;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedData;
import com.timevale.tgtext.bouncycastle.cms.CMSSignedDataGenerator;
import com.timevale.tgtext.bouncycastle.cms.SignerInformation;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import com.timevale.tgtext.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import com.timevale.tgtext.bouncycastle.jce.provider.BouncyCastleProvider;
import com.timevale.tgtext.bouncycastle.operator.ContentSigner;
import com.timevale.tgtext.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import com.timevale.tgtext.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import com.timevale.tgtext.bouncycastle.util.Store;
import com.timevale.tgtext.text.pdf.security.x;
import esign.utils.security.provider.Provider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/timevale/esign/paas/tech/util/RSAUtil.class */
public class RSAUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(IOUtil.class);

    public static String pkcs1Sign(String str, String str2, String str3) {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(x.bvt).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str)));
            Signature signature = Signature.getInstance(str3);
            signature.initSign(generatePrivate);
            signature.update(str2.getBytes("utf-8"));
            return Base64.encodeBase64String(signature.sign());
        } catch (Exception e) {
            LOGGER.error("PKCS1签名异常: ", e);
            return null;
        }
    }

    public static boolean verifySignedDataByP1(String str, String str2, String str3, String str4) {
        try {
            Signature signature = Signature.getInstance(str4);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str));
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            if (certificate == null) {
                return false;
            }
            signature.initVerify(certificate.getPublicKey());
            signature.update(str2.getBytes("utf-8"));
            return signature.verify(Base64.decodeBase64(str3));
        } catch (Throwable th) {
            LOGGER.error("PKCS1签名校验异常: ", th);
            return false;
        }
    }

    public static boolean verifySignedDataByP7(String str, String str2) {
        byte[] decodeBase64 = Base64.decodeBase64(str);
        byte[] bArr = null;
        if (str2 != null) {
            bArr = str2.getBytes(Charset.forName("utf-8"));
        }
        try {
            CMSSignedData cMSSignedData = bArr != null ? new CMSSignedData(new CMSProcessableByteArray(bArr), decodeBase64) : new CMSSignedData(decodeBase64);
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().getSigners().iterator();
            if (!it.hasNext()) {
                return false;
            }
            SignerInformation next = it.next();
            return next.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificates.getMatches(next.getSID()).iterator().next()));
        } catch (Exception e) {
            LOGGER.error("PKCS7签名校验异常: ", e);
            return false;
        }
    }

    public static String pkcs7Sign(String str, String str2, String str3, String str4) throws Exception {
        try {
            byte[] bytes = str2.getBytes(Charset.forName("utf-8"));
            PrivateKey generatePrivate = KeyFactory.getInstance(x.bvt).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str4)));
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(str.getBytes(Charset.forName("utf-8")))));
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            ContentSigner build = new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(generatePrivate);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()).setDirectSignature(true).build(build, x509Certificate));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bytes);
            boolean z = false;
            if ("Attached".equals(str3)) {
                z = true;
            }
            if ("Detached".equals(str3)) {
                z = false;
            }
            ContentInfo aSN1Structure = cMSSignedDataGenerator.generate(cMSProcessableByteArray, z).toASN1Structure();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Structure);
                String str5 = new String(Base64.encodeBase64(byteArrayOutputStream.toByteArray()), Charset.forName("utf-8"));
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                return str5;
            } catch (Throwable th) {
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                throw th;
            }
        } catch (Exception e) {
            LOGGER.error("PKCS7签名异常: ", e);
            return null;
        }
    }

    static {
        Provider.BC.install();
    }
}
