package com.cfca.util.pki.pkcs;

import com.cfca.util.ini.MACAddressUtil;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.ASN1InputStream;
import com.cfca.util.pki.asn1.ASN1OctetString;
import com.cfca.util.pki.asn1.ASN1Sequence;
import com.cfca.util.pki.asn1.ASN1Set;
import com.cfca.util.pki.asn1.BERSet;
import com.cfca.util.pki.asn1.DEREncodable;
import com.cfca.util.pki.asn1.DERInteger;
import com.cfca.util.pki.asn1.DERNull;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DEROctetString;
import com.cfca.util.pki.asn1.DERSequence;
import com.cfca.util.pki.asn1.DERSet;
import com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import com.cfca.util.pki.asn1.pkcs.pkcs7.ContentInfo;
import com.cfca.util.pki.asn1.pkcs.pkcs7.IssuerAndSerialNumber;
import com.cfca.util.pki.asn1.pkcs.pkcs7.SignedData;
import com.cfca.util.pki.asn1.pkcs.pkcs7.SignerInfo;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.DigestInfo;
import com.cfca.util.pki.asn1.x509.X509CertificateStructure;
import com.cfca.util.pki.asn1.x509.X509Name;
import com.cfca.util.pki.asn1.x9.X9ObjectIdentifiers;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.crl.X509CRL;
import com.cfca.util.pki.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class PKCS7SignedData {
    static final String CFCA_MAC_ID = "CFCASECLD";
    static final String pkcs_7 = "1.2.840.113549.1.7";
    private Session session;
    public static final String DATA = new DERObjectIdentifier("1.2.840.113549.1.7.1").getId();
    public static final String SIGNED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.2").getId();
    public static final String ENVELOPED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.3").getId();
    public static final String SIGNED_ENVELOPED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.4").getId();
    public static final String DIGESTED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.5").getId();
    public static final String ENCRYPTED_DATA = new DERObjectIdentifier("1.2.840.113549.1.7.6").getId();
    private String signedMAC = null;
    private SignedData signedData = null;

    public PKCS7SignedData(Session session) {
        this.session = null;
        this.session = session;
    }

    private X509Cert getSignerCert(X509Cert[] x509CertArr, IssuerAndSerialNumber issuerAndSerialNumber) throws PKIException {
        String x509Name = issuerAndSerialNumber.getName().toString();
        BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
        for (int i = 0; i < x509CertArr.length; i++) {
            String issuer = x509CertArr[i].getIssuer();
            BigInteger serialNumber = x509CertArr[i].getSerialNumber();
            if (issuer.equals(x509Name) && serialNumber.compareTo(value) == 0) {
                return x509CertArr[i];
            }
        }
        return null;
    }

    private void load(InputStream inputStream) throws PKIException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        try {
            SignedData signedData = SignedData.getInstance(ContentInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()).getContent());
            inputStream.close();
            aSN1InputStream.close();
            this.signedData = signedData;
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    private boolean verifySignerInfo(InputStream inputStream, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        Mechanism mechanism;
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        while (objects.hasMoreElements()) {
            SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
            X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
            if (signerCert == null) {
                throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
            }
            DERObjectIdentifier objectId = signerInfo.getDigestEncryptionAlgorithm().getObjectId();
            if (!objectId.equals(PKCSObjectIdentifiers.rsaEncryption) && !objectId.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            DERObjectIdentifier objectId2 = signerInfo.getDigestAlgorithm().getObjectId();
            if (objectId.equals(PKCSObjectIdentifiers.rsaEncryption)) {
                if (objectId2.equals(PKCSObjectIdentifiers.md2)) {
                    mechanism = new Mechanism("MD2withRSAEncryption");
                } else if (objectId2.equals(PKCSObjectIdentifiers.md5)) {
                    mechanism = new Mechanism("MD5withRSAEncryption");
                } else if (objectId2.equals(PKCSObjectIdentifiers.sha1)) {
                    mechanism = new Mechanism("SHA1withRSAEncryption");
                } else {
                    if (!objectId2.equals(PKCSObjectIdentifiers.sha256)) {
                        throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
                    }
                    mechanism = new Mechanism("SHA256withRSAEncryption");
                }
            } else if (objectId2.equals(PKCSObjectIdentifiers.sha1)) {
                mechanism = new Mechanism("SHA1withECDSA");
            } else if (objectId2.equals(PKCSObjectIdentifiers.sha256)) {
                mechanism = new Mechanism("SHA256withECDSA");
            } else {
                if (!objectId2.equals(PKCSObjectIdentifiers.sm3)) {
                    throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
                }
                mechanism = new Mechanism("SCHwithECDSA");
            }
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            if (!this.session.verifySign(mechanism, signerCert.getPublicKey(), inputStream, octets)) {
                return false;
            }
        }
        return true;
    }

    private boolean verifySignerInfo(byte[] bArr, ASN1Set aSN1Set, X509Cert[] x509CertArr) throws PKIException {
        Mechanism mechanism;
        if (x509CertArr == null) {
            try {
                x509CertArr = getSignerCerts();
            } catch (Exception e) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, e);
            }
        }
        Enumeration objects = aSN1Set.getObjects();
        boolean z = false;
        while (objects.hasMoreElements()) {
            SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
            X509Cert signerCert = getSignerCert(x509CertArr, signerInfo.getIssuerAndSerialNumber());
            if (signerCert == null) {
                throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR, PKIException.VERIFY_P7_SIGNEDDATA_CERT_NOTFUND_ERR_DES);
            }
            DERObjectIdentifier objectId = signerInfo.getDigestEncryptionAlgorithm().getObjectId();
            if (!objectId.equals(PKCSObjectIdentifiers.rsaEncryption) && !objectId.equals(X9ObjectIdentifiers.id_ecPublicKey)) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
            }
            DERObjectIdentifier objectId2 = signerInfo.getDigestAlgorithm().getObjectId();
            if (objectId.equals(PKCSObjectIdentifiers.rsaEncryption)) {
                if (objectId2.equals(PKCSObjectIdentifiers.md2)) {
                    mechanism = new Mechanism("MD2withRSAEncryption");
                } else if (objectId2.equals(PKCSObjectIdentifiers.md5)) {
                    mechanism = new Mechanism("MD5withRSAEncryption");
                } else if (objectId2.equals(PKCSObjectIdentifiers.sha1)) {
                    mechanism = new Mechanism("SHA1withRSAEncryption");
                } else {
                    if (!objectId2.equals(PKCSObjectIdentifiers.sha256)) {
                        throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
                    }
                    mechanism = new Mechanism("SHA256withRSAEncryption");
                }
            } else if (objectId2.equals(PKCSObjectIdentifiers.sha1)) {
                mechanism = new Mechanism("SHA1withECDSA");
            } else if (objectId2.equals(PKCSObjectIdentifiers.sha256)) {
                mechanism = new Mechanism("SHA256withECDSA");
            } else {
                if (!objectId2.equals(PKCSObjectIdentifiers.sm3)) {
                    throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_SIGNED_ALG_SIGNANDENVELOP_ERR_DES);
                }
                mechanism = new Mechanism("SCHwithECDSA");
            }
            JKey publicKey = signerCert.getPublicKey();
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
            if (authenticatedAttributes != null) {
                if (!this.session.verifySign(mechanism, publicKey, Parser.writeDERObj2Bytes(authenticatedAttributes), octets)) {
                    return z;
                }
                boolean z2 = z;
                for (int i = 0; i < authenticatedAttributes.size(); i++) {
                    DERSequence dERSequence = (DERSequence) authenticatedAttributes.getObjectAt(i).getDERObject();
                    if (PKCSObjectIdentifiers.pkcs_9_at_messageDigest.toString().equalsIgnoreCase(dERSequence.getObjectAt(0).toString())) {
                        DEREncodable objectAt = ((DERSet) dERSequence.getObjectAt(1)).getObjectAt(0);
                        if (objectAt instanceof ASN1OctetString) {
                            if (new DEROctetString(this.session.digest(mechanism.getMechanismType().equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), bArr)).toString().equalsIgnoreCase(new DEROctetString(((ASN1OctetString) objectAt).getOctets()).toString())) {
                                z2 = true;
                            }
                        }
                    } else if (PKCSObjectIdentifiers.id_ct_MACAddress.toString().equalsIgnoreCase(dERSequence.getObjectAt(0).toString())) {
                        DEREncodable objectAt2 = ((DERSet) dERSequence.getObjectAt(1)).getObjectAt(0);
                        if (objectAt2 instanceof ASN1OctetString) {
                            this.signedMAC = new String(((ASN1OctetString) objectAt2).getOctets());
                            if (this.signedMAC.indexOf(CFCA_MAC_ID) == -1) {
                                this.signedMAC = null;
                            } else {
                                this.signedMAC = this.signedMAC.substring(9);
                            }
                        }
                    }
                }
                z = z2;
            } else {
                if (!this.session.verifySign(mechanism, publicKey, bArr, octets)) {
                    return z;
                }
                z = true;
            }
        }
        return z;
    }

    /* JADX WARN: Removed duplicated region for block: B:28:0x00c2 A[Catch: Exception -> 0x0007, TryCatch #0 {Exception -> 0x0007, blocks: (B:40:0x0002, B:2:0x000a, B:4:0x0014, B:6:0x0026, B:7:0x002f, B:9:0x0030, B:11:0x0040, B:13:0x0048, B:14:0x0051, B:15:0x0052, B:17:0x0062, B:20:0x006b, B:22:0x0073, B:24:0x0078, B:25:0x0081, B:26:0x009b, B:28:0x00c2, B:29:0x00d1, B:31:0x00ca, B:32:0x0082, B:33:0x008b, B:34:0x008c, B:36:0x0091, B:37:0x009a), top: B:39:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00ca A[Catch: Exception -> 0x0007, TryCatch #0 {Exception -> 0x0007, blocks: (B:40:0x0002, B:2:0x000a, B:4:0x0014, B:6:0x0026, B:7:0x002f, B:9:0x0030, B:11:0x0040, B:13:0x0048, B:14:0x0051, B:15:0x0052, B:17:0x0062, B:20:0x006b, B:22:0x0073, B:24:0x0078, B:25:0x0081, B:26:0x009b, B:28:0x00c2, B:29:0x00d1, B:31:0x00ca, B:32:0x0082, B:33:0x008b, B:34:0x008c, B:36:0x0091, B:37:0x009a), top: B:39:0x0002 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifySignerInfoByHash(byte[] r5, com.cfca.util.pki.asn1.ASN1Set r6, com.cfca.util.pki.cert.X509Cert[] r7) throws com.cfca.util.pki.PKIException {
        /*
            r4 = this;
            if (r7 != 0) goto La
            com.cfca.util.pki.cert.X509Cert[] r7 = r4.getSignerCerts()     // Catch: java.lang.Exception -> L7
            goto La
        L7:
            r5 = move-exception
            goto Lde
        La:
            java.util.Enumeration r6 = r6.getObjects()     // Catch: java.lang.Exception -> L7
            boolean r0 = r6.hasMoreElements()     // Catch: java.lang.Exception -> L7
            if (r0 == 0) goto Ldc
            java.lang.Object r6 = r6.nextElement()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.pkcs.pkcs7.SignerInfo r6 = com.cfca.util.pki.asn1.pkcs.pkcs7.SignerInfo.getInstance(r6)     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.pkcs.pkcs7.IssuerAndSerialNumber r0 = r6.getIssuerAndSerialNumber()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.cert.X509Cert r7 = r4.getSignerCert(r7, r0)     // Catch: java.lang.Exception -> L7
            if (r7 != 0) goto L30
            com.cfca.util.pki.PKIException r5 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> L7
            java.lang.String r6 = "850649"
            java.lang.String r7 = "验证签名时，签名数据中缺少签名者证书"
            r5.<init>(r6, r7)     // Catch: java.lang.Exception -> L7
            throw r5     // Catch: java.lang.Exception -> L7
        L30:
            com.cfca.util.pki.asn1.x509.AlgorithmIdentifier r0 = r6.getDigestEncryptionAlgorithm()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERObjectIdentifier r0 = r0.getObjectId()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERObjectIdentifier r1 = com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers.rsaEncryption     // Catch: java.lang.Exception -> L7
            boolean r1 = r0.equals(r1)     // Catch: java.lang.Exception -> L7
            if (r1 != 0) goto L52
            com.cfca.util.pki.asn1.DERObjectIdentifier r1 = com.cfca.util.pki.asn1.x9.X9ObjectIdentifiers.id_ecPublicKey     // Catch: java.lang.Exception -> L7
            boolean r1 = r0.equals(r1)     // Catch: java.lang.Exception -> L7
            if (r1 != 0) goto L52
            com.cfca.util.pki.PKIException r5 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> L7
            java.lang.String r6 = "850629"
            java.lang.String r7 = "解析数字签名数据,算法不支持"
            r5.<init>(r6, r7)     // Catch: java.lang.Exception -> L7
            throw r5     // Catch: java.lang.Exception -> L7
        L52:
            com.cfca.util.pki.asn1.x509.AlgorithmIdentifier r1 = r6.getDigestAlgorithm()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERObjectIdentifier r1 = r1.getObjectId()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERObjectIdentifier r2 = com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers.md2     // Catch: java.lang.Exception -> L7
            boolean r2 = r1.equals(r2)     // Catch: java.lang.Exception -> L7
            if (r2 != 0) goto L8c
            com.cfca.util.pki.asn1.DERObjectIdentifier r2 = com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers.md5     // Catch: java.lang.Exception -> L7
            boolean r2 = r1.equals(r2)     // Catch: java.lang.Exception -> L7
            if (r2 == 0) goto L6b
            goto L8c
        L6b:
            com.cfca.util.pki.asn1.DERObjectIdentifier r2 = com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers.sha1     // Catch: java.lang.Exception -> L7
            boolean r2 = r1.equals(r2)     // Catch: java.lang.Exception -> L7
            if (r2 == 0) goto L82
            int r2 = r5.length     // Catch: java.lang.Exception -> L7
            r3 = 20
            if (r2 == r3) goto L9b
            com.cfca.util.pki.PKIException r5 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> L7
            java.lang.String r6 = "850652"
            java.lang.String r7 = "文摘值与签名数据中的签名算法不匹配"
            r5.<init>(r6, r7)     // Catch: java.lang.Exception -> L7
            throw r5     // Catch: java.lang.Exception -> L7
        L82:
            com.cfca.util.pki.PKIException r5 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> L7
            java.lang.String r6 = "850629"
            java.lang.String r7 = "解析数字签名数据,算法不支持"
            r5.<init>(r6, r7)     // Catch: java.lang.Exception -> L7
            throw r5     // Catch: java.lang.Exception -> L7
        L8c:
            int r2 = r5.length     // Catch: java.lang.Exception -> L7
            r3 = 16
            if (r2 == r3) goto L9b
            com.cfca.util.pki.PKIException r5 = new com.cfca.util.pki.PKIException     // Catch: java.lang.Exception -> L7
            java.lang.String r6 = "850652"
            java.lang.String r7 = "文摘值与签名数据中的签名算法不匹配"
            r5.<init>(r6, r7)     // Catch: java.lang.Exception -> L7
            throw r5     // Catch: java.lang.Exception -> L7
        L9b:
            com.cfca.util.pki.asn1.ASN1OctetString r6 = r6.getEncryptedDigest()     // Catch: java.lang.Exception -> L7
            byte[] r6 = r6.getOctets()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.cipher.JKey r7 = r7.getPublicKey()     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.x509.AlgorithmIdentifier r2 = new com.cfca.util.pki.asn1.x509.AlgorithmIdentifier     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERNull r3 = new com.cfca.util.pki.asn1.DERNull     // Catch: java.lang.Exception -> L7
            r3.<init>()     // Catch: java.lang.Exception -> L7
            r2.<init>(r1, r3)     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.x509.DigestInfo r1 = new com.cfca.util.pki.asn1.x509.DigestInfo     // Catch: java.lang.Exception -> L7
            r1.<init>(r2, r5)     // Catch: java.lang.Exception -> L7
            byte[] r5 = com.cfca.util.pki.Parser.writeDERObj2Bytes(r1)     // Catch: java.lang.Exception -> L7
            com.cfca.util.pki.asn1.DERObjectIdentifier r1 = com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers.rsaEncryption     // Catch: java.lang.Exception -> L7
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L7
            if (r0 == 0) goto Lca
            com.cfca.util.pki.cipher.Mechanism r0 = new com.cfca.util.pki.cipher.Mechanism     // Catch: java.lang.Exception -> L7
            java.lang.String r1 = "RSA/ECB/PKCS1PADDING"
            r0.<init>(r1)     // Catch: java.lang.Exception -> L7
            goto Ld1
        Lca:
            com.cfca.util.pki.cipher.Mechanism r0 = new com.cfca.util.pki.cipher.Mechanism     // Catch: java.lang.Exception -> L7
            java.lang.String r1 = "EC_DSA"
            r0.<init>(r1)     // Catch: java.lang.Exception -> L7
        Ld1:
            com.cfca.util.pki.cipher.Session r1 = r4.session     // Catch: java.lang.Exception -> L7
            byte[] r6 = r1.decrypt(r0, r7, r6)     // Catch: java.lang.Exception -> L7
            boolean r5 = java.util.Arrays.equals(r6, r5)     // Catch: java.lang.Exception -> L7
            return r5
        Ldc:
            r5 = 1
            return r5
        Lde:
            com.cfca.util.pki.PKIException r6 = new com.cfca.util.pki.PKIException
            java.lang.String r7 = "850604"
            java.lang.String r0 = "验证PKCS7签名失败"
            r6.<init>(r7, r0, r5)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cfca.util.pki.pkcs.PKCS7SignedData.verifySignerInfoByHash(byte[], com.cfca.util.pki.asn1.ASN1Set, com.cfca.util.pki.cert.X509Cert[]):boolean");
    }

    public byte[] generateSignedData(boolean z, String str, InputStream inputStream, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            inputStream.close();
            return generateSignedData(z, str, bArr, mechanism, jKey, x509CertArr, x509crlArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR, PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR_DES, e);
        }
    }

    public byte[] generateSignedData(boolean z, String str, byte[] bArr, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        AlgorithmIdentifier algorithmIdentifier2;
        Mechanism mechanism2;
        AlgorithmIdentifier algorithmIdentifier3;
        AlgorithmIdentifier algorithmIdentifier4;
        ContentInfo contentInfo;
        ContentInfo contentInfo2;
        ContentInfo contentInfo3;
        BERSet bERSet;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        if (jKey.getKeyType().equals(JKey.RSA_PRV_KEY) || jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
            if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
                mechanism2 = new Mechanism("MD2withRSAEncryption");
            } else if (mechanism.getMechanismType().equals("MD5")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
                mechanism2 = new Mechanism("MD5withRSAEncryption");
            } else if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withRSAEncryption");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                    mechanism2 = new Mechanism("SHA256withRSAEncryption");
                }
                algorithmIdentifier3 = algorithmIdentifier;
                mechanism2 = null;
                algorithmIdentifier4 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        } else {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new DERNull());
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withECDSA");
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withECDSA");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                    mechanism2 = new Mechanism("SCHwithECDSA");
                }
                algorithmIdentifier3 = algorithmIdentifier;
                mechanism2 = null;
                algorithmIdentifier4 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        }
        SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier4, null, algorithmIdentifier3, new DEROctetString(this.session.sign(mechanism2, jKey, bArr)), null);
        DEROctetString dEROctetString = new DEROctetString(bArr);
        if (z) {
            if (str == null) {
                contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.data, dEROctetString);
                contentInfo3 = contentInfo2;
            } else {
                contentInfo = new ContentInfo(new DERObjectIdentifier(str), dEROctetString);
                contentInfo3 = contentInfo;
            }
        } else if (str == null) {
            contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.data);
            contentInfo3 = contentInfo2;
        } else {
            contentInfo = new ContentInfo(new DERObjectIdentifier(str));
            contentInfo3 = contentInfo;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(algorithmIdentifier4);
        BERSet bERSet2 = new BERSet(aSN1EncodableVector);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(signerInfo);
        DERSet dERSet = new DERSet(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector3.add(x509Cert.getCertStructure());
        }
        BERSet bERSet3 = new BERSet(aSN1EncodableVector3);
        if (x509crlArr != null) {
            for (X509CRL x509crl : x509crlArr) {
                aSN1EncodableVector3.add(x509crl.getCertificateList());
            }
            bERSet = new BERSet(aSN1EncodableVector3);
        } else {
            bERSet = null;
        }
        return Parser.writeDERObj2Bytes(new SignedData(new DERInteger(1), bERSet2, contentInfo3, bERSet3, bERSet, dERSet));
    }

    public byte[] generateSignedDataByHash(String str, byte[] bArr, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        AlgorithmIdentifier algorithmIdentifier2;
        AlgorithmIdentifier algorithmIdentifier3;
        AlgorithmIdentifier algorithmIdentifier4;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        BERSet bERSet = null;
        if (jKey.getKeyType().equals(JKey.RSA_PRV_KEY) || jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
            if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
            } else if (mechanism.getMechanismType().equals("MD5")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
            } else {
                if (mechanism.getMechanismType().equals("SHA1")) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                }
                algorithmIdentifier3 = algorithmIdentifier;
                algorithmIdentifier4 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        } else {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new DERNull());
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                }
                algorithmIdentifier3 = algorithmIdentifier;
                algorithmIdentifier4 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        }
        SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier4, null, algorithmIdentifier3, new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.RSA_PKCS), jKey, Parser.writeDERObj2Bytes(new DigestInfo(algorithmIdentifier4, bArr)))), null);
        ContentInfo contentInfo = str == null ? new ContentInfo(PKCSObjectIdentifiers.data) : new ContentInfo(new DERObjectIdentifier(str));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(algorithmIdentifier4);
        BERSet bERSet2 = new BERSet(aSN1EncodableVector);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(signerInfo);
        DERSet dERSet = new DERSet(aSN1EncodableVector2);
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector3.add(x509Cert.getCertStructure());
        }
        BERSet bERSet3 = new BERSet(aSN1EncodableVector3);
        if (x509crlArr != null) {
            for (X509CRL x509crl : x509crlArr) {
                aSN1EncodableVector3.add(x509crl.getCertificateList());
            }
            bERSet = new BERSet(aSN1EncodableVector3);
        }
        return Parser.writeDERObj2Bytes(new SignedData(new DERInteger(1), bERSet2, contentInfo, bERSet3, bERSet, dERSet));
    }

    public byte[] generateSignedDataContent(byte[] bArr) throws PKIException {
        return Parser.writeDERObj2Bytes(new ContentInfo(PKCSObjectIdentifiers.signedData, SignedData.getInstance(Parser.writeBytes2DERObj(bArr))));
    }

    public byte[] generateSignedDataWithMAC(boolean z, String str, byte[] bArr, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        AlgorithmIdentifier algorithmIdentifier2;
        Mechanism mechanism2;
        AlgorithmIdentifier algorithmIdentifier3;
        AlgorithmIdentifier algorithmIdentifier4;
        ContentInfo contentInfo;
        ContentInfo contentInfo2;
        ContentInfo contentInfo3;
        BERSet bERSet;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        if (jKey.getKeyType().equals(JKey.RSA_PRV_KEY) || jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
            if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
                mechanism2 = new Mechanism("MD2withRSAEncryption");
            } else if (mechanism.getMechanismType().equals("MD5")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
                mechanism2 = new Mechanism("MD5withRSAEncryption");
            } else if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withRSAEncryption");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                    mechanism2 = new Mechanism("SHA256withRSAEncryption");
                }
                algorithmIdentifier3 = algorithmIdentifier;
                algorithmIdentifier4 = null;
                mechanism2 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        } else {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new DERNull());
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withECDSA");
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withECDSA");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                    mechanism2 = new Mechanism("SCHwithECDSA");
                }
                algorithmIdentifier3 = algorithmIdentifier;
                algorithmIdentifier4 = null;
                mechanism2 = null;
            }
            algorithmIdentifier3 = algorithmIdentifier;
            algorithmIdentifier4 = algorithmIdentifier2;
        }
        DERObjectIdentifier dERObjectIdentifier = PKCSObjectIdentifiers.pkcs_9_at_contentType;
        DERSet dERSet = new DERSet(PKCSObjectIdentifiers.data);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERObjectIdentifier);
        aSN1EncodableVector.add(dERSet);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        DERObjectIdentifier dERObjectIdentifier2 = PKCSObjectIdentifiers.pkcs_9_at_messageDigest;
        DERSet dERSet2 = new DERSet(new DEROctetString(this.session.digest(mechanism, bArr)));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(dERObjectIdentifier2);
        aSN1EncodableVector2.add(dERSet2);
        DERSequence dERSequence2 = new DERSequence(aSN1EncodableVector2);
        DERObjectIdentifier dERObjectIdentifier3 = PKCSObjectIdentifiers.id_ct_MACAddress;
        try {
            DERSet dERSet3 = new DERSet(new DEROctetString((CFCA_MAC_ID + MACAddressUtil.getMacAddress()).getBytes()));
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            aSN1EncodableVector3.add(dERObjectIdentifier3);
            aSN1EncodableVector3.add(dERSet3);
            DERSequence dERSequence3 = new DERSequence(aSN1EncodableVector3);
            ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
            aSN1EncodableVector4.add(dERSequence);
            aSN1EncodableVector4.add(dERSequence2);
            aSN1EncodableVector4.add(dERSequence3);
            DERSet dERSet4 = new DERSet(aSN1EncodableVector4);
            SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier4, dERSet4, algorithmIdentifier3, new DEROctetString(this.session.sign(mechanism2, jKey, Parser.writeDERObj2Bytes(dERSet4))), null);
            DEROctetString dEROctetString = new DEROctetString(bArr);
            if (z) {
                if (str == null) {
                    contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.data, dEROctetString);
                    contentInfo3 = contentInfo2;
                } else {
                    contentInfo = new ContentInfo(new DERObjectIdentifier(str), dEROctetString);
                    contentInfo3 = contentInfo;
                }
            } else if (str == null) {
                contentInfo2 = new ContentInfo(PKCSObjectIdentifiers.data);
                contentInfo3 = contentInfo2;
            } else {
                contentInfo = new ContentInfo(new DERObjectIdentifier(str));
                contentInfo3 = contentInfo;
            }
            ASN1EncodableVector aSN1EncodableVector5 = new ASN1EncodableVector();
            aSN1EncodableVector5.add(algorithmIdentifier4);
            BERSet bERSet2 = new BERSet(aSN1EncodableVector5);
            ASN1EncodableVector aSN1EncodableVector6 = new ASN1EncodableVector();
            aSN1EncodableVector6.add(signerInfo);
            DERSet dERSet5 = new DERSet(aSN1EncodableVector6);
            ASN1EncodableVector aSN1EncodableVector7 = new ASN1EncodableVector();
            for (X509Cert x509Cert : x509CertArr) {
                aSN1EncodableVector7.add(x509Cert.getCertStructure());
            }
            BERSet bERSet3 = new BERSet(aSN1EncodableVector7);
            if (x509crlArr != null) {
                for (X509CRL x509crl : x509crlArr) {
                    aSN1EncodableVector7.add(x509crl.getCertificateList());
                }
                bERSet = new BERSet(aSN1EncodableVector7);
            } else {
                bERSet = null;
            }
            return Parser.writeDERObj2Bytes(new SignedData(new DERInteger(1), bERSet2, contentInfo3, bERSet3, bERSet, dERSet5));
        } catch (IOException e) {
            throw new PKIException(PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR, PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR_DES, e);
        }
    }

    public byte[] getContent() throws PKIException {
        ContentInfo contentInfo = this.signedData.getContentInfo();
        if (contentInfo.getContent() == null) {
            return null;
        }
        return (contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) || contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo)) ? ((ASN1OctetString) contentInfo.getContent()).getOctets() : Parser.writeDERObj2Bytes(contentInfo.getContent().getDERObject());
    }

    public String getSignedMAC() {
        return this.signedMAC;
    }

    public X509Cert[] getSignerCerts() throws PKIException {
        ASN1Set certificates = this.signedData.getCertificates();
        X509Cert[] x509CertArr = new X509Cert[certificates.size()];
        for (int i = 0; i < certificates.size(); i++) {
            x509CertArr[i] = new X509Cert(X509CertificateStructure.getInstance(certificates.getObjectAt(i)));
        }
        return x509CertArr;
    }

    public void load(SignedData signedData) throws PKIException {
        this.signedData = signedData;
    }

    public void load(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            load(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void load(byte[] bArr) throws PKIException {
        if (Parser.isBase64Encode(bArr)) {
            new ByteArrayInputStream(Base64.decode(Parser.convertBase64(bArr)));
        }
        load(new ByteArrayInputStream(bArr));
    }

    public void loadBase64(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            loadBase64(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void loadBase64(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(Base64.decode(Parser.convertBase64(bArr))));
    }

    public void loadDer(String str) throws PKIException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            loadDer(bArr);
        } catch (Exception e) {
            throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.PARSE_P7_SIGNEDDATA_ERR_DES, e);
        }
    }

    public void loadDer(byte[] bArr) throws PKIException {
        load(new ByteArrayInputStream(bArr));
    }

    public byte[] reSignSignedData(Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        Mechanism mechanism2;
        BERSet bERSet;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        if (this.signedData == null) {
            throw new PKIException(PKIException.RE_SIGN_NULL_SIGN_ERR, PKIException.RE_SIGN_NULL_SIGN_ERR_DES);
        }
        ContentInfo contentInfo = this.signedData.getContentInfo();
        if (contentInfo.getContent() == null) {
            throw new PKIException(PKIException.RE_SIGN_NULL_SRC_ERR, PKIException.RE_SIGN_NULL_SRC_ERR_DES);
        }
        byte[] octets = (contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) || contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo)) ? ((ASN1OctetString) contentInfo.getContent()).getOctets() : Parser.writeDERObj2Bytes(contentInfo.getContent().getDERObject());
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        ASN1Set certificates = this.signedData.getCertificates();
        ASN1Set crls = this.signedData.getCrls();
        ASN1Set digestAlgorithms = this.signedData.getDigestAlgorithms();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
        if (!jKey.getKeyType().equals(JKey.RSA_PRV_KEY) && !jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withECDSA");
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withECDSA");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                    mechanism2 = new Mechanism("SCHwithECDSA");
                }
                algorithmIdentifier = null;
                mechanism2 = null;
            }
        } else if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
            mechanism2 = new Mechanism("MD2withRSAEncryption");
        } else if (mechanism.getMechanismType().equals("MD5")) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
            mechanism2 = new Mechanism("MD5withRSAEncryption");
        } else if (mechanism.getMechanismType().equals("SHA1")) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            mechanism2 = new Mechanism("SHA1withRSAEncryption");
        } else {
            if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withRSAEncryption");
            }
            algorithmIdentifier = null;
            mechanism2 = null;
        }
        SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier, null, algorithmIdentifier2, new DEROctetString(this.session.sign(mechanism2, jKey, octets)), null);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration objects = signerInfos.getObjects();
        if (objects.hasMoreElements()) {
            aSN1EncodableVector.add((DEREncodable) objects.nextElement());
        }
        aSN1EncodableVector.add(signerInfo);
        this.signedData.setSignerInfos(new DERSet(aSN1EncodableVector));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Enumeration objects2 = certificates.getObjects();
        if (objects2.hasMoreElements()) {
            aSN1EncodableVector2.add((DEREncodable) objects2.nextElement());
        }
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector2.add(x509Cert.getCertStructure());
        }
        this.signedData.setCertificates(new BERSet(aSN1EncodableVector2));
        if (x509crlArr != null) {
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            Enumeration objects3 = crls.getObjects();
            if (objects3.hasMoreElements()) {
                aSN1EncodableVector3.add((DEREncodable) objects3.nextElement());
            }
            for (X509CRL x509crl : x509crlArr) {
                aSN1EncodableVector3.add(x509crl.getCertificateList());
            }
            bERSet = new BERSet(aSN1EncodableVector3);
        } else {
            bERSet = null;
        }
        this.signedData.setCrls(bERSet);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        Enumeration objects4 = digestAlgorithms.getObjects();
        if (objects4.hasMoreElements()) {
            aSN1EncodableVector4.add((DEREncodable) objects4.nextElement());
        }
        aSN1EncodableVector4.add(algorithmIdentifier);
        this.signedData.setDigestAlgorithms(new BERSet(aSN1EncodableVector4));
        return Parser.writeDERObj2Bytes(this.signedData);
    }

    public byte[] reSignSignedData(byte[] bArr, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        Mechanism mechanism2;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        if (this.signedData == null) {
            throw new PKIException(PKIException.RE_SIGN_NULL_SIGN_ERR, PKIException.RE_SIGN_NULL_SIGN_ERR_DES);
        }
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        ASN1Set certificates = this.signedData.getCertificates();
        ASN1Set crls = this.signedData.getCrls();
        ASN1Set digestAlgorithms = this.signedData.getDigestAlgorithms();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
        BERSet bERSet = null;
        if (!jKey.getKeyType().equals(JKey.RSA_PRV_KEY) && !jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
                mechanism2 = new Mechanism("SHA1withECDSA");
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withECDSA");
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                    mechanism2 = new Mechanism("SCHwithECDSA");
                }
                algorithmIdentifier = null;
                mechanism2 = null;
            }
        } else if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
            mechanism2 = new Mechanism("MD2withRSAEncryption");
        } else if (mechanism.getMechanismType().equals("MD5")) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
            mechanism2 = new Mechanism("MD5withRSAEncryption");
        } else if (mechanism.getMechanismType().equals("SHA1")) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            mechanism2 = new Mechanism("SHA1withRSAEncryption");
        } else {
            if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
                mechanism2 = new Mechanism("SHA256withRSAEncryption");
            }
            algorithmIdentifier = null;
            mechanism2 = null;
        }
        SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier, null, algorithmIdentifier2, new DEROctetString(this.session.sign(mechanism2, jKey, bArr)), null);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration objects = signerInfos.getObjects();
        if (objects.hasMoreElements()) {
            aSN1EncodableVector.add((DEREncodable) objects.nextElement());
        }
        aSN1EncodableVector.add(signerInfo);
        this.signedData.setSignerInfos(new DERSet(aSN1EncodableVector));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Enumeration objects2 = certificates.getObjects();
        if (objects2.hasMoreElements()) {
            aSN1EncodableVector2.add((DEREncodable) objects2.nextElement());
        }
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector2.add(x509Cert.getCertStructure());
        }
        this.signedData.setCertificates(new BERSet(aSN1EncodableVector2));
        if (x509crlArr != null) {
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            Enumeration objects3 = crls.getObjects();
            if (objects3.hasMoreElements()) {
                aSN1EncodableVector3.add((DEREncodable) objects3.nextElement());
            }
            for (X509CRL x509crl : x509crlArr) {
                aSN1EncodableVector3.add(x509crl.getCertificateList());
            }
            bERSet = new BERSet(aSN1EncodableVector3);
        }
        this.signedData.setCrls(bERSet);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        Enumeration objects4 = digestAlgorithms.getObjects();
        if (objects4.hasMoreElements()) {
            aSN1EncodableVector4.add((DEREncodable) objects4.nextElement());
        }
        aSN1EncodableVector4.add(algorithmIdentifier);
        this.signedData.setDigestAlgorithms(new BERSet(aSN1EncodableVector4));
        return Parser.writeDERObj2Bytes(this.signedData);
    }

    public byte[] reSignSignedDataByHash(byte[] bArr, Mechanism mechanism, JKey jKey, X509Cert[] x509CertArr, X509CRL[] x509crlArr) throws PKIException {
        AlgorithmIdentifier algorithmIdentifier;
        if (x509CertArr == null) {
            throw new PKIException(PKIException.NULL_ENCRYPT_CERTS_ERR, PKIException.NULL_ENCRYPT_CERTS_ERR_DES);
        }
        if (this.signedData == null) {
            throw new PKIException(PKIException.RE_SIGN_NULL_SIGN_ERR, PKIException.RE_SIGN_NULL_SIGN_ERR_DES);
        }
        ASN1Set signerInfos = this.signedData.getSignerInfos();
        ASN1Set certificates = this.signedData.getCertificates();
        ASN1Set crls = this.signedData.getCrls();
        ASN1Set digestAlgorithms = this.signedData.getDigestAlgorithms();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(new X509Name(x509CertArr[0].getIssuer()), x509CertArr[0].getSerialNumber());
        AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull());
        BERSet bERSet = null;
        if (!jKey.getKeyType().equals(JKey.RSA_PRV_KEY) && !jKey.getKeyType().equals(JKey.RSA_PRV_KEY_ID)) {
            if (!jKey.getKeyType().equals(JKey.EC_PRV_KEY) && !jKey.getKeyType().equals(JKey.EC_PRV_KEY_ID)) {
                throw new PKIException(PKIException.GEN_SIGN_PRIKEY_TYPE_ERR, PKIException.GEN_SIGN_PRIKEY_TYPE_ERR_DES);
            }
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            } else if (mechanism.getMechanismType().equals(Mechanism.SHA256)) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256, new DERNull());
            } else {
                if (mechanism.getMechanismType().equals(Mechanism.SCH)) {
                    algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sm3, new DERNull());
                }
                algorithmIdentifier = null;
            }
        } else if (mechanism.getMechanismType().equals(Mechanism.MD2)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md2, new DERNull());
        } else if (mechanism.getMechanismType().equals("MD5")) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, new DERNull());
        } else {
            if (mechanism.getMechanismType().equals("SHA1")) {
                algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1, new DERNull());
            }
            algorithmIdentifier = null;
        }
        SignerInfo signerInfo = new SignerInfo(new DERInteger(1), issuerAndSerialNumber, algorithmIdentifier, null, algorithmIdentifier2, new DEROctetString(this.session.encrypt(new Mechanism(Mechanism.RSA_PKCS), jKey, Parser.writeDERObj2Bytes(new DigestInfo(algorithmIdentifier, bArr)))), null);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration objects = signerInfos.getObjects();
        if (objects.hasMoreElements()) {
            aSN1EncodableVector.add((DEREncodable) objects.nextElement());
        }
        aSN1EncodableVector.add(signerInfo);
        this.signedData.setSignerInfos(new DERSet(aSN1EncodableVector));
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Enumeration objects2 = certificates.getObjects();
        if (objects2.hasMoreElements()) {
            aSN1EncodableVector2.add((DEREncodable) objects2.nextElement());
        }
        for (X509Cert x509Cert : x509CertArr) {
            aSN1EncodableVector2.add(x509Cert.getCertStructure());
        }
        this.signedData.setCertificates(new BERSet(aSN1EncodableVector2));
        if (x509crlArr != null) {
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            Enumeration objects3 = crls.getObjects();
            if (objects3.hasMoreElements()) {
                aSN1EncodableVector3.add((DEREncodable) objects3.nextElement());
            }
            for (X509CRL x509crl : x509crlArr) {
                aSN1EncodableVector3.add(x509crl.getCertificateList());
            }
            bERSet = new BERSet(aSN1EncodableVector3);
        }
        this.signedData.setCrls(bERSet);
        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
        Enumeration objects4 = digestAlgorithms.getObjects();
        if (objects4.hasMoreElements()) {
            aSN1EncodableVector4.add((DEREncodable) objects4.nextElement());
        }
        aSN1EncodableVector4.add(algorithmIdentifier);
        this.signedData.setDigestAlgorithms(new BERSet(aSN1EncodableVector4));
        return Parser.writeDERObj2Bytes(this.signedData);
    }

    public boolean verifyP7SignedData() throws PKIException {
        byte[] octets;
        ContentInfo contentInfo = this.signedData.getContentInfo();
        if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) && !contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo)) {
            octets = Parser.writeDERObj2Bytes(contentInfo.getContent().getDERObject());
        } else {
            if (contentInfo.getContent() == null) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, new Exception("no sourceData to be verify."));
            }
            octets = ((ASN1OctetString) contentInfo.getContent()).getOctets();
        }
        return verifySignerInfo((byte[]) octets.clone(), this.signedData.getSignerInfos(), (X509Cert[]) null);
    }

    public boolean verifyP7SignedData(InputStream inputStream) throws PKIException {
        return verifySignerInfo(inputStream, this.signedData.getSignerInfos(), (X509Cert[]) null);
    }

    public boolean verifyP7SignedData(InputStream inputStream, X509Cert[] x509CertArr) throws PKIException {
        return verifySignerInfo(inputStream, this.signedData.getSignerInfos(), x509CertArr);
    }

    public boolean verifyP7SignedData(byte[] bArr) throws PKIException {
        return verifySignerInfo(bArr, this.signedData.getSignerInfos(), (X509Cert[]) null);
    }

    public boolean verifyP7SignedData(byte[] bArr, X509Cert[] x509CertArr) throws PKIException {
        return verifySignerInfo(bArr, this.signedData.getSignerInfos(), x509CertArr);
    }

    public boolean verifyP7SignedData(X509Cert[] x509CertArr) throws PKIException {
        byte[] octets;
        ContentInfo contentInfo = this.signedData.getContentInfo();
        if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.data) && !contentInfo.getContentType().equals(PKCSObjectIdentifiers.id_ct_TSTInfo)) {
            octets = Parser.writeDERObj2Bytes(contentInfo.getContent().getDERObject());
        } else {
            if (contentInfo.getContent() == null) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, new Exception("no sourceData to be verify."));
            }
            octets = ((ASN1OctetString) contentInfo.getContent()).getOctets();
        }
        return verifySignerInfo(octets, this.signedData.getSignerInfos(), x509CertArr);
    }

    public boolean verifyP7SignedDataByHash(byte[] bArr) throws PKIException {
        return verifySignerInfoByHash(bArr, this.signedData.getSignerInfos(), null);
    }

    public boolean verifyP7SignedDataByHash(byte[] bArr, X509Cert[] x509CertArr) throws PKIException {
        return verifySignerInfoByHash(bArr, this.signedData.getSignerInfos(), x509CertArr);
    }
}
