package code.ponfee.commons.jce.pkcs;

import code.ponfee.commons.jce.Providers;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.binary.Hex;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.ParsingException;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: input_file:code/ponfee/commons/jce/pkcs/PKCS7Signature.class */
public class PKCS7Signature {
    public static byte[] sign(PrivateKey privateKey, X509Certificate x509Certificate, byte[] bArr, boolean z) {
        return sign(new PrivateKey[]{privateKey}, new X509Certificate[]{x509Certificate}, bArr, z);
    }

    public static byte[] sign(PrivateKey[] privateKeyArr, X509Certificate[] x509CertificateArr, byte[] bArr, boolean z) {
        return sign(z ? new ContentInfo(bArr) : new ContentInfo(ContentInfo.DATA_OID, (DerValue) null), bArr, x509CertificateArr, privateKeyArr);
    }

    public static byte[] sign(PrivateKey privateKey, X509Certificate x509Certificate, String str, boolean z) {
        return sign(new PrivateKey[]{privateKey}, new X509Certificate[]{x509Certificate}, str, z);
    }

    public static byte[] sign(PrivateKey[] privateKeyArr, X509Certificate[] x509CertificateArr, String str, boolean z) {
        DerValue derValue = null;
        if (z) {
            try {
                derValue = new DerValue(str);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return sign(new ContentInfo(ContentInfo.DATA_OID, derValue), str.getBytes(), x509CertificateArr, privateKeyArr);
    }

    public static byte[] verify(byte[] bArr) {
        PKCS7 pkcs7 = getPkcs7(bArr);
        byte[] content = getContent(pkcs7);
        verify(pkcs7, content);
        return content;
    }

    public static void verify(byte[] bArr, byte[] bArr2) {
        verify(getPkcs7(bArr), bArr2);
    }

    public static void verify(PKCS7 pkcs7, byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("the origin data cannot be null.");
        }
        try {
            for (SignerInfo signerInfo : pkcs7.getSignerInfos()) {
                if (pkcs7.verify(signerInfo, bArr) == null) {
                    throw new SecurityException("验签失败[certSN：" + Hex.encodeHexString(signerInfo.getCertificateSerialNumber().toByteArray()) + "；subjectDN：" + signerInfo.getCertificate(pkcs7).getSubjectX500Principal().getName() + "]");
                }
            }
        } catch (IOException | NoSuchAlgorithmException | SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] sign(ContentInfo contentInfo, byte[] bArr, X509Certificate[] x509CertificateArr, PrivateKey[] privateKeyArr) {
        SignerInfo[] signerInfoArr = new SignerInfo[privateKeyArr.length];
        AlgorithmId[] algorithmIdArr = new AlgorithmId[privateKeyArr.length];
        for (int i = 0; i < privateKeyArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            PrivateKey privateKey = privateKeyArr[i];
            try {
                AlgorithmId algorithmId = AlgorithmId.get(AlgorithmId.getDigAlgFromSigAlg(x509Certificate.getSigAlgName()));
                AlgorithmId algorithmId2 = AlgorithmId.get(AlgorithmId.getEncAlgFromSigAlg(x509Certificate.getSigAlgName()));
                algorithmIdArr[i] = algorithmId;
                X500Name x500Name = new X500Name(x509Certificate.getIssuerX500Principal().getEncoded());
                Signature signature = Providers.getSignature(x509Certificate.getSigAlgName());
                signature.initSign(privateKey);
                signature.update(bArr);
                signerInfoArr[i] = new SignerInfo(x500Name, x509Certificate.getSerialNumber(), algorithmId, algorithmId2, signature.sign());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        PKCS7 pkcs7 = new PKCS7(algorithmIdArr, contentInfo, x509CertificateArr, signerInfoArr);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            pkcs7.encodeSignedData(byteArrayOutputStream);
            byteArrayOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static PKCS7 getPkcs7(byte[] bArr) {
        try {
            return new PKCS7(bArr);
        } catch (ParsingException e) {
            throw new IllegalArgumentException("Invalid pacs7 data", e);
        }
    }

    public static byte[] getContent(PKCS7 pkcs7) {
        byte[] dataBytes;
        ContentInfo contentInfo = pkcs7.getContentInfo();
        try {
            if (contentInfo.getContent() == null) {
                dataBytes = contentInfo.getData();
            } else {
                try {
                    dataBytes = contentInfo.getContent().getOctetString();
                } catch (Exception e) {
                    dataBytes = contentInfo.getContent().getDataBytes();
                }
            }
            return dataBytes;
        } catch (IOException e2) {
            throw new SecurityException("Get content from pkcs7 occur error", e2);
        }
    }
}
