package code.ponfee.commons.jce.pkcs;

import code.ponfee.commons.jce.Providers;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.Store;

/* loaded from: input_file:code/ponfee/commons/jce/pkcs/CryptoMessageSyntax.class */
public final class CryptoMessageSyntax {
    public static byte[] sign(byte[] bArr, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        return sign(bArr, (List<PrivateKey>) Collections.singletonList(privateKey), (List<X509Certificate[]>) Collections.singletonList(x509CertificateArr));
    }

    public static byte[] sign(byte[] bArr, List<PrivateKey> list, List<X509Certificate[]> list2) {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            DigestCalculatorProvider build = new JcaDigestCalculatorProviderBuilder().setProvider(Providers.BC).build();
            for (int i = 0; i < list.size(); i++) {
                cMSSignedDataGenerator.addCertificates(new JcaCertStore(Arrays.asList(list2.get(i))));
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(build).build(new JcaContentSignerBuilder(list2.get(i)[0].getSigAlgName()).setProvider(Providers.BC).build(list.get(i)), list2.get(i)[0]));
            }
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
        } catch (OperatorCreationException | CertificateEncodingException | CMSException | IOException e) {
            throw new SecurityException((Throwable) e);
        }
    }

    public static void verify(byte[] bArr) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Store certificates = cMSSignedData.getCertificates();
            JcaSimpleSignerInfoVerifierBuilder provider = new JcaSimpleSignerInfoVerifierBuilder().setProvider(Providers.BC);
            Iterator it = cMSSignedData.getSignerInfos().iterator();
            while (it.hasNext()) {
                SignerInformation signerInformation = (SignerInformation) it.next();
                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
                if (!signerInformation.verify(provider.build(x509CertificateHolder))) {
                    throw new SecurityException("signature verify fail[" + Hex.encodeHexString(x509CertificateHolder.getSerialNumber().toByteArray()) + ", " + x509CertificateHolder.getSubject().toString() + "]");
                }
            }
        } catch (OperatorCreationException | CertificateException | CMSException e) {
            throw new SecurityException((Throwable) e);
        }
    }

    public static byte[] envelop(byte[] bArr, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(x509Certificate).setProvider(Providers.BC));
            return cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), new JceCMSContentEncryptorBuilder(aSN1ObjectIdentifier).setProvider(Providers.BC).build()).getEncoded();
        } catch (CertificateEncodingException | CMSException | IOException e) {
            throw new SecurityException(e);
        }
    }

    public static byte[] unenvelop(byte[] bArr, X509Certificate x509Certificate, PrivateKey privateKey) {
        try {
            for (RecipientInformation recipientInformation : new CMSEnvelopedData(bArr).getRecipientInfos().getRecipients()) {
                if (x509Certificate.getSerialNumber().equals(recipientInformation.getRID().getSerialNumber())) {
                    return recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(privateKey).setProvider(Providers.BC));
                }
            }
            return null;
        } catch (CMSException e) {
            throw new SecurityException((Throwable) e);
        }
    }
}
