package cfca.sadk.util;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.MechanismKit;
import cfca.sadk.algorithm.common.PKCS7EnvelopedData;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.sm2.SM4Engine;
import cfca.sadk.algorithm.util.BigFileCipherUtil;
import cfca.sadk.algorithm.util.RSAAndItsCloseSymAlgUtil;
import cfca.sadk.algorithm.util.SM2AndItsCloseSymAlgUtil;
import cfca.sadk.asn1.parser.ASN1Node;
import cfca.sadk.asn1.parser.EnvelopFileParser;
import cfca.sadk.envelope.rsa.RSAEnvelopeUtil;
import cfca.sadk.envelope.sm2.SM2EnvelopeUtil;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.lib.crypto.card.CardLib;
import cfca.sadk.lib.crypto.jni.JNISoftLib;
import cfca.sadk.lib.crypto.jni.JNISymAlg;
import cfca.sadk.org.bouncycastle.asn1.ASN1OctetString;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import cfca.sadk.org.bouncycastle.asn1.DEROctetString;
import cfca.sadk.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.EnvelopedData;
import cfca.sadk.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.cms.RecipientInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.cms.CMSEnvelopedData;
import cfca.sadk.org.bouncycastle.crypto.engines.DESedeEngine;
import cfca.sadk.org.bouncycastle.crypto.engines.RC4Engine;
import cfca.sadk.org.bouncycastle.crypto.modes.CBCBlockCipher;
import cfca.sadk.org.bouncycastle.crypto.paddings.PKCS7Padding;
import cfca.sadk.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import cfca.sadk.org.bouncycastle.crypto.params.KeyParameter;
import cfca.sadk.org.bouncycastle.crypto.params.ParametersWithIV;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.global.FileAndBufferConfig;
import cfca.sadk.x509.certificate.X509Cert;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.RandomAccessFile;
import java.security.PrivateKey;

/* loaded from: input_file:cfca/sadk/util/EnvelopeUtil.class */
public class EnvelopeUtil {
    public static final int recipient_policy_requiredSubjectKeyId = 0;
    public static final int recipient_policy_useSubjectKeyIdExt = 1;
    public static final int recipient_policy_useIssuerAndSerialNumber = 2;
    static final Logger logger;

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr) throws PKIException {
        return envelopeMessage(bArr, str, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session) throws PKIException {
        return envelopeMessage(bArr, str, x509CertArr, session, 0);
    }

    private static byte[] envelopeMessage(byte[] bArr, String str, X509Cert[] x509CertArr, Session session, int i) throws PKIException {
        byte[] envelopeMessage;
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("envelopeMessage>>>>>>Running");
            stringBuffer.append("\n sourceData: ");
            stringBuffer.append(SADKDebugger.dump(bArr));
            stringBuffer.append("\n symmetricAlgorithm: ");
            stringBuffer.append(SADKDebugger.dump(str));
            stringBuffer.append("\n receiverCerts: ");
            stringBuffer.append(SADKDebugger.dump(x509CertArr));
            stringBuffer.append("\n session: ");
            stringBuffer.append(SADKDebugger.dump(session));
            stringBuffer.append("\n recipientPolicyType: " + i);
            logger.debug(stringBuffer.toString());
        }
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    if (x509CertArr == null || x509CertArr.length < 1 || x509CertArr[0] == null) {
                        throw new PKIException("required receiverCerts!");
                    }
                    if (x509CertArr[0].isSM2Cert()) {
                        logger.debug("envelopeMessage::::::SM2EnvelopeMessage");
                        envelopeMessage = SM2EnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session, i);
                    } else {
                        logger.debug("envelopeMessage::::::RSAEnvelopeMessage");
                        envelopeMessage = RSAEnvelopeUtil.envelopeMessage(bArr, str, x509CertArr, session, i);
                    }
                    if (logger.isDebugEnabled()) {
                        logger.debug("envelopeMessage<<<<<<Finished: base64EnvelopeMessageBytes=" + SADKDebugger.dumpBase64(envelopeMessage));
                    }
                    return envelopeMessage;
                }
            } catch (PKIException e) {
                if (logger.isErrorEnabled()) {
                    logger.error("envelopeMessage<<<<<<Failure", e);
                }
                throw e;
            } catch (Throwable th) {
                if (logger.isErrorEnabled()) {
                    logger.error("envelopeMessage<<<<<<Failure", th);
                }
                throw new PKIException("EnvelopeMessage Failure", th);
            }
        }
        throw new PKIException("required sourceData!");
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr) throws PKIException {
        envelopeFile(str, str2, str3, x509CertArr, BCSoftLib.INSTANCE(), 0);
    }

    public static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session) throws PKIException {
        envelopeFile(str, str2, str3, x509CertArr, session, 0);
    }

    private static void envelopeFile(String str, String str2, String str3, X509Cert[] x509CertArr, Session session, int i) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("envelopeFile>>>>>>Running");
            stringBuffer.append("\n sourceFilePath: ");
            stringBuffer.append(SADKDebugger.dump(str));
            stringBuffer.append("\n outEnvelopedFilePath: ");
            stringBuffer.append(SADKDebugger.dump(str2));
            stringBuffer.append("\n symmetricAlgorithm: ");
            stringBuffer.append(SADKDebugger.dump(str3));
            stringBuffer.append("\n receiverCerts: ");
            stringBuffer.append(SADKDebugger.dump(x509CertArr));
            stringBuffer.append("\n session: ");
            stringBuffer.append(SADKDebugger.dump(session));
            stringBuffer.append("\n recipientPolicyType: " + i);
            logger.debug(stringBuffer.toString());
        }
        try {
            if (new File(str).length() <= 0) {
                throw new PKIException("required sourceFilePath!");
            }
            if (x509CertArr == null || x509CertArr.length < 1 || x509CertArr[0] == null) {
                throw new PKIException("required receiverCerts!");
            }
            if (x509CertArr[0].isSM2Cert()) {
                logger.debug("envelopeFile::::::SM2EnvelopeFile");
                SM2EnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session, i);
            } else {
                logger.debug("envelopeFile::::::RSAEnvelopeFile");
                RSAEnvelopeUtil.envelopeFile(str, str2, str3, x509CertArr, session, i);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("envelopeFile<<<<<<Finished: outEnvelopedFilePath=" + str2);
            }
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                logger.error("envelopeFile<<<<<<Failure", e);
            }
            throw e;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("envelopeFile<<<<<<Failure", th);
            }
            throw new PKIException("EnvelopeFile Failure", th);
        }
    }

    public static final void openEnvelopedFile(String str, String str2, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("openEnvelopedFile>>>>>>Running");
            stringBuffer.append("\n inEnvelopedFilePath: ");
            stringBuffer.append(SADKDebugger.dump(str));
            stringBuffer.append("\n outSourceFilePath: ");
            stringBuffer.append(SADKDebugger.dump(str2));
            stringBuffer.append("\n PrivateKey: ");
            stringBuffer.append(SADKDebugger.dump(privateKey));
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(SADKDebugger.dump(x509Cert));
            stringBuffer.append("\n session: ");
            stringBuffer.append(SADKDebugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            EnvelopFileParser envelopFileParser = new EnvelopFileParser(new File(str));
            envelopFileParser.parser();
            openEnvelopFile_ASN1Node(envelopFileParser.getReceiver_node(), envelopFileParser.getEncrypted_node(), privateKey, x509Cert, str2, session);
            if (logger.isDebugEnabled()) {
                logger.debug("openEnvelopedFile<<<<<<Finished: outSourceFilePath=" + str2);
            }
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                logger.error("openEnvelopedFile<<<<<<Failure", e);
            }
            throw e;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("openEnvelopedFile<<<<<<Failure", th);
            }
            throw new PKIException(CertKitException.API_PARSER_MSG_ENVELOP_ERR, CertKitException.API_PARSER_MSG_ENVELOP_ERR_DES, th);
        }
    }

    private static void openEnvelopFile_ASN1Node(ASN1Node aSN1Node, ASN1Node aSN1Node2, PrivateKey privateKey, X509Cert x509Cert, String str, Session session) throws PKIException {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher;
        if (logger.isDebugEnabled()) {
            logger.debug("openEnvelopFile_ASN1Node::>>>>>>Running");
        }
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                try {
                    if (x509Cert == null) {
                        throw new PKIException("required recipientCert");
                    }
                    boolean isSM2Cert = x509Cert.isSM2Cert();
                    ASN1Set aSN1Set = ASN1Set.getInstance(aSN1Node.getData());
                    int size = aSN1Set.size();
                    ASN1OctetString aSN1OctetString = null;
                    AlgorithmIdentifier algorithmIdentifier = null;
                    int i = 0;
                    while (true) {
                        if (i >= size) {
                            break;
                        }
                        RecipientInfo recipientInfo = RecipientInfo.getInstance(aSN1Set.getObjectAt(i));
                        if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                            KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                            if (x509Cert.isRecipent(keyTransRecipientInfo)) {
                                aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                                algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                                break;
                            }
                        }
                        i++;
                    }
                    if (aSN1OctetString == null || algorithmIdentifier == null) {
                        throw new PKIException("openEnvelopFile: can not find the receiver!!!");
                    }
                    AlgorithmIdentifier algorithmIdentifier2 = AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(((ASN1Node) aSN1Node2.childNodes.get(1)).getData()));
                    String str2 = (String) PKCS7EnvelopedData.OID_MECH.get(algorithmIdentifier2.getAlgorithm());
                    Mechanism mechanism = null;
                    boolean z = false;
                    if (session != null) {
                        z = (session instanceof JNISoftLib) || (session instanceof CardLib);
                    }
                    if (str2.indexOf("CBC") != -1) {
                        CBCParam cBCParam = new CBCParam(((DEROctetString) algorithmIdentifier2.getParameters()).getOctets());
                        if (str2.equals(MechanismKit.DES3_CBC)) {
                            mechanism = new Mechanism(MechanismKit.DES3_CBC, cBCParam);
                        } else if (str2.equals(MechanismKit.SM4_CBC)) {
                            mechanism = new Mechanism(MechanismKit.SM4_CBC, cBCParam);
                        }
                    } else if (str2.indexOf("ECB") != -1) {
                        if (str2.equals(MechanismKit.DES3_ECB)) {
                            mechanism = new Mechanism(MechanismKit.DES3_ECB);
                        } else if (str2.equals(MechanismKit.SM4_ECB)) {
                            mechanism = new Mechanism(MechanismKit.SM4_ECB);
                        }
                    } else if (str2.indexOf("RC4") != -1) {
                        mechanism = new Mechanism("RC4");
                    }
                    if (mechanism == null) {
                        throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES + "Algorithm is:" + str2);
                    }
                    byte[] decrypt = session.decrypt(isSM2Cert ? new Mechanism(MechanismKit.SM2) : new Mechanism(MechanismKit.RSA_PKCS), privateKey, aSN1OctetString.getOctets());
                    File file = new File(str);
                    if (!file.exists()) {
                        file.createNewFile();
                    }
                    BufferedOutputStream bufferedOutputStream2 = new BufferedOutputStream(new FileOutputStream(file), FileAndBufferConfig.BIG_FILE_BUFFER);
                    ASN1Node aSN1Node3 = (ASN1Node) aSN1Node2.childNodes.get(2);
                    if (isSM2Cert) {
                        if (aSN1Node3.childNodes.size() == 1) {
                            aSN1Node3 = (ASN1Node) aSN1Node3.childNodes.get(0);
                        }
                        if (z && str2.equals(MechanismKit.SM4_CBC)) {
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_ChinaSM4_CBC, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                        } else {
                            BigFileCipherUtil.bigFileBlockDecrypt(decrypt, new SM4Engine(), (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                        }
                    } else if (aSN1Node3.childNodes.size() < 2) {
                        if (aSN1Node3.childNodes.size() == 1) {
                            aSN1Node3 = (ASN1Node) aSN1Node3.childNodes.get(0);
                        }
                        if (mechanism.getMechanismType().equals("RC4")) {
                            if (z) {
                                BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_rc4, decrypt, null, aSN1Node3, bufferedOutputStream2);
                            } else {
                                BigFileCipherUtil.bigFileRC4Decrypt(new RC4Engine(), decrypt, aSN1Node3, bufferedOutputStream2);
                            }
                        } else if (!z) {
                            BigFileCipherUtil.bigFileBlockDecrypt(decrypt, new DESedeEngine(), (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                        } else if (str2.equals(MechanismKit.DES3_CBC)) {
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_cbc, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2);
                        } else {
                            if (!str2.equals(MechanismKit.DES3_ECB)) {
                                throw new PKIException("do not support this algorithm:" + str2);
                            }
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_ecb, decrypt, null, aSN1Node3, bufferedOutputStream2);
                        }
                    } else if (mechanism.getMechanismType().equals("RC4")) {
                        RandomAccessFile randomAccessFile = new RandomAccessFile(aSN1Node3.f, "r");
                        if (z) {
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_rc4, decrypt, null, aSN1Node3, bufferedOutputStream2, randomAccessFile);
                        } else {
                            RC4Engine rC4Engine = new RC4Engine();
                            rC4Engine.init(false, new KeyParameter(decrypt));
                            BigFileCipherUtil.bigFileRC4Decrypt(rC4Engine, aSN1Node3, bufferedOutputStream2, randomAccessFile);
                        }
                    } else {
                        RandomAccessFile randomAccessFile2 = new RandomAccessFile(aSN1Node3.f, "r");
                        if (!z) {
                            DESedeEngine dESedeEngine = new DESedeEngine();
                            CBCParam cBCParam2 = (CBCParam) mechanism.getParam();
                            if (cBCParam2 == null) {
                                paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(dESedeEngine, new PKCS7Padding());
                                paddedBufferedBlockCipher.init(false, new KeyParameter(decrypt));
                            } else {
                                paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(dESedeEngine), new PKCS7Padding());
                                paddedBufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(decrypt), cBCParam2.getIv()));
                            }
                            BigFileCipherUtil.bigFileBlockDecrypt(paddedBufferedBlockCipher, aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                        } else if (str2.equals(MechanismKit.DES3_CBC)) {
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_cbc, decrypt, (CBCParam) mechanism.getParam(), aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                        } else {
                            if (!str2.equals(MechanismKit.DES3_ECB)) {
                                if (randomAccessFile2 != null) {
                                    try {
                                        randomAccessFile2.close();
                                    } catch (Exception e) {
                                    }
                                }
                                throw new PKIException("do not support this algorithm:" + str2);
                            }
                            BigFileCipherUtil.bigFileDecrypt_JNI(JNISymAlg.NID_des_ede3_ecb, decrypt, null, aSN1Node3, bufferedOutputStream2, randomAccessFile2);
                        }
                    }
                    if (bufferedOutputStream2 != null) {
                        try {
                            bufferedOutputStream2.close();
                        } catch (Exception e2) {
                            throw new PKIException("OpenEnvelopeFile Failure", e2);
                        }
                    }
                } catch (Throwable th) {
                    if (logger.isErrorEnabled()) {
                        logger.error("OpenEnvelopeFile<<<<<<Failure", th);
                    }
                    throw new PKIException("OpenEnvelopeFile Failure", th);
                }
            } catch (PKIException e3) {
                if (logger.isErrorEnabled()) {
                    logger.error("OpenEnvelopeFile<<<<<<Failure", e3);
                }
                throw e3;
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                try {
                    bufferedOutputStream.close();
                } catch (Exception e4) {
                    throw new PKIException("OpenEnvelopeFile Failure", e4);
                }
            }
            throw th2;
        }
    }

    public static final byte[] openEvelopedMessage(byte[] bArr, PrivateKey privateKey, X509Cert x509Cert, Session session) throws PKIException {
        byte[] crypto;
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("openEvelopedMessage>>>>>>Running");
            stringBuffer.append("\n base64EnvelopeMessage: ");
            stringBuffer.append(SADKDebugger.dumpBase64(bArr));
            stringBuffer.append("\n privateKey: ");
            stringBuffer.append(SADKDebugger.dump(privateKey));
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(SADKDebugger.dump(x509Cert));
            stringBuffer.append("\n session: ");
            stringBuffer.append(SADKDebugger.dump(session));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (session == null) {
                throw new PKIException("required session");
            }
            if (x509Cert == null) {
                throw new PKIException("required recipientCert");
            }
            boolean isSM2Cert = x509Cert.isSM2Cert();
            EnvelopedData envelopedData = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(bArr)).toASN1Structure().getContent());
            ASN1Set recipientInfos = envelopedData.getRecipientInfos();
            if (recipientInfos == null) {
                throw new PKIException("the receiver is null!!!");
            }
            ASN1OctetString aSN1OctetString = null;
            AlgorithmIdentifier algorithmIdentifier = null;
            int size = recipientInfos.size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    break;
                }
                RecipientInfo recipientInfo = RecipientInfo.getInstance(recipientInfos.getObjectAt(i));
                if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
                    KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
                    if (x509Cert.isRecipent(keyTransRecipientInfo)) {
                        aSN1OctetString = keyTransRecipientInfo.getEncryptedKey();
                        algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
                        break;
                    }
                }
                i++;
            }
            if (aSN1OctetString == null || algorithmIdentifier == null) {
                throw new PKIException("can not find the receiver!!!");
            }
            byte[] decrypt = session.decrypt(isSM2Cert ? new Mechanism(MechanismKit.SM2) : new Mechanism(MechanismKit.RSA_PKCS), privateKey, aSN1OctetString.getOctets());
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            String str = (String) PKCS7EnvelopedData.OID_MECH.get(contentEncryptionAlgorithm.getAlgorithm());
            Mechanism mechanism = null;
            if (str.indexOf("CBC") != -1) {
                CBCParam cBCParam = new CBCParam(((DEROctetString) contentEncryptionAlgorithm.getParameters()).getOctets());
                if (str.equals(MechanismKit.DES3_CBC)) {
                    mechanism = new Mechanism(MechanismKit.DES3_CBC, cBCParam);
                } else if (str.equals(MechanismKit.SM4_CBC)) {
                    mechanism = new Mechanism(MechanismKit.SM4_CBC, cBCParam);
                }
            } else if (str.indexOf("ECB") != -1) {
                if (str.equals(MechanismKit.DES3_ECB)) {
                    mechanism = new Mechanism(MechanismKit.DES3_ECB);
                } else if (str.equals(MechanismKit.SM4_ECB)) {
                    mechanism = new Mechanism(MechanismKit.SM4_ECB);
                }
            } else if (str.indexOf("RC4") != -1) {
                mechanism = new Mechanism("RC4");
            }
            if (mechanism == null) {
                throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR_DES + "Algorithm is:" + str);
            }
            boolean z = false;
            if (session != null) {
                z = (session instanceof JNISoftLib) || (session instanceof CardLib);
            }
            if (isSM2Cert) {
                logger.debug("openEvelopedMessage::::::SM2EnvelopeMessage");
                crypto = SM2AndItsCloseSymAlgUtil.crypto(z, false, decrypt, encryptedContent.getOctets(), mechanism);
            } else {
                logger.debug("openEvelopedMessage::::::RSAEnvelopeMessage");
                crypto = RSAAndItsCloseSymAlgUtil.crypto(z, false, decrypt, encryptedContent.getOctets(), mechanism);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("openEvelopedMessage<<<<<<Finished: sourceData=" + SADKDebugger.dump(crypto));
            }
            return crypto;
        } catch (PKIException e) {
            if (logger.isErrorEnabled()) {
                logger.error("openEvelopedMessage<<<<<<Failure", e);
            }
            throw e;
        } catch (Throwable th) {
            if (logger.isErrorEnabled()) {
                logger.error("openEvelopedMessage<<<<<<Failure", th);
            }
            throw new PKIException(CertKitException.API_PARSER_MSG_ENVELOP_ERR, CertKitException.API_PARSER_MSG_ENVELOP_ERR_DES, th);
        }
    }

    public static boolean isRecipient(X509Cert x509Cert, byte[] bArr) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("isRecipient>>>>>>Running");
            stringBuffer.append("\n recipientCert: ");
            stringBuffer.append(SADKDebugger.dump(x509Cert));
            stringBuffer.append("\n base64EnvelopeData: ");
            stringBuffer.append(SADKDebugger.dumpBase64(bArr));
            logger.debug(stringBuffer.toString());
        }
        if (x509Cert == null) {
            throw new PKIException("isRecipient: required recipientCert");
        }
        if (bArr == null) {
            throw new PKIException("isRecipient: required base64EnvelopeData");
        }
        try {
            try {
                ASN1Set recipientInfos = EnvelopedData.getInstance(new CMSEnvelopedData(Base64.decode(bArr)).toASN1Structure().getContent()).getRecipientInfos();
                if (recipientInfos == null) {
                    return false;
                }
                try {
                    int size = recipientInfos.size();
                    for (int i = 0; i < size; i++) {
                        RecipientInfo recipientInfo = RecipientInfo.getInstance(recipientInfos.getObjectAt(i));
                        if ((recipientInfo.getInfo() instanceof KeyTransRecipientInfo) && x509Cert.isRecipent(KeyTransRecipientInfo.getInstance(recipientInfo.getInfo()))) {
                            return true;
                        }
                    }
                    return false;
                } catch (PKIException e) {
                    if (logger.isErrorEnabled()) {
                        logger.error("isRecipient<<<<<<Failure", e);
                    }
                    throw e;
                } catch (Throwable th) {
                    if (logger.isErrorEnabled()) {
                        logger.error("isRecipient<<<<<<Failure", th);
                    }
                    throw new PKIException("isRecipient Failure", th);
                }
            } catch (Exception e2) {
                if (logger.isErrorEnabled()) {
                    logger.error("isRecipient<<<<<<Failure", e2);
                }
                throw new PKIException("isRecipient: cmsEnvelopedData invalid");
            }
        } catch (Exception e3) {
            if (logger.isErrorEnabled()) {
                logger.error("isRecipient<<<<<<Failure", e3);
            }
            throw new PKIException("isRecipient: base64EnvelopeData invalid");
        }
    }

    static {
        SADKDebugger.setDebugger();
        logger = LoggerFactory.getLogger(EnvelopeUtil.class);
    }
}
