package nbcb.cfca.sadk.signature.decoder;

import com.nbopen.file.common.constant.GlobalCons;
import java.io.InputStream;
import java.security.PublicKey;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import nbcb.cfca.sadk.algorithm.common.Mechanism;
import nbcb.cfca.sadk.algorithm.common.MechanismKit;
import nbcb.cfca.sadk.algorithm.common.PKIException;
import nbcb.cfca.sadk.algorithm.sm2.SM2PublicKey;
import nbcb.cfca.sadk.asn1.parser.ASN1Node;
import nbcb.cfca.sadk.asn1.parser.PKCS7SignFileParser;
import nbcb.cfca.sadk.lib.crypto.Session;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Encodable;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import nbcb.cfca.sadk.org.bouncycastle.asn1.ASN1Set;
import nbcb.cfca.sadk.org.bouncycastle.asn1.cms.Attribute;
import nbcb.cfca.sadk.org.bouncycastle.asn1.cms.AttributeTable;
import nbcb.cfca.sadk.org.bouncycastle.asn1.cms.CMSAttributes;
import nbcb.cfca.sadk.org.bouncycastle.asn1.cms.Time;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.AuthenticatedAttributesUtil;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.SignedData;
import nbcb.cfca.sadk.org.bouncycastle.asn1.pkcs.SignerInfo;
import nbcb.cfca.sadk.signature.decoder.SM3DualHash;
import nbcb.cfca.sadk.signature.sm2.SM2SignerInfo;
import nbcb.cfca.sadk.system.CompatibleAlgorithm;
import nbcb.cfca.sadk.system.Mechanisms;
import nbcb.cfca.sadk.system.logging.LoggerManager;
import nbcb.cfca.sadk.x509.certificate.X509Cert;

/* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/signature/decoder/AbstractPKCS7Decoder.class */
abstract class AbstractPKCS7Decoder {
    final SignedData signedData;
    final PKCS7SignFileParser signedFile;
    final Session session;
    final ASN1Encodable signerInfo;
    final String digestAlgorithm;
    String signTime;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/signature/decoder/AbstractPKCS7Decoder$AuthAttrVerifyResult.class */
    public static final class AuthAttrVerifyResult {
        final byte[] hashValue;
        final boolean noneAuthAttr;
        final boolean signValid;

        AuthAttrVerifyResult(byte[] bArr, boolean z, boolean z2) {
            this.hashValue = bArr;
            this.noneAuthAttr = z;
            this.signValid = z2;
        }

        static AuthAttrVerifyResult haveAuthAttr(byte[] bArr, boolean z) {
            return new AuthAttrVerifyResult(bArr, false, z);
        }

        static AuthAttrVerifyResult noneAuthAttr() {
            return new AuthAttrVerifyResult(null, true, false);
        }
    }

    /* loaded from: input_file:sdklib/nbcb-SADK-3.7.1.0.jar:nbcb/cfca/sadk/signature/decoder/AbstractPKCS7Decoder$SignHashAlgorithm.class */
    static final class SignHashAlgorithm {
        final Mechanism signAlg;
        final String hashAlg;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SignHashAlgorithm(Mechanism mechanism, String str) {
            this.signAlg = mechanism;
            this.hashAlg = str;
        }
    }

    public AbstractPKCS7Decoder(Session session, SignedData signedData, boolean z) throws PKIException {
        this.signTime = null;
        this.session = session;
        this.signedData = signedData;
        this.signedFile = null;
        this.signerInfo = getFirstSignerInfo(z);
        this.digestAlgorithm = z ? MechanismKit.SM3 : getDigestAlgorithm(this.signerInfo);
    }

    public AbstractPKCS7Decoder(Session session, PKCS7SignFileParser pKCS7SignFileParser, boolean z) throws PKIException {
        this.signTime = null;
        this.session = session;
        this.signedData = null;
        this.signedFile = pKCS7SignFileParser;
        this.signerInfo = getFirstSignerInfo(z);
        this.digestAlgorithm = z ? MechanismKit.SM3 : getDigestAlgorithm(this.signerInfo);
    }

    public String getDigestAlgorithm() throws PKIException {
        return this.digestAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean verifySignerInfo(byte[] bArr, X509Cert x509Cert) throws PKIException {
        boolean compareHashValue;
        SignHashAlgorithm signHashAlgorithm = getSignHashAlgorithm();
        byte[] signValue = getSignValue();
        PublicKey publicKey = x509Cert.getPublicKey();
        AuthAttrVerifyResult verifyAuthAttr = verifyAuthAttr(signHashAlgorithm.signAlg, publicKey, signValue);
        if (verifyAuthAttr.noneAuthAttr) {
            compareHashValue = verifyByHash(signHashAlgorithm.signAlg, hashData(signHashAlgorithm.hashAlg, bArr, publicKey), publicKey, signValue);
            if (!compareHashValue && isSM2Type() && CompatibleAlgorithm.isCompatibleSM2WithoutZ()) {
                compareHashValue = verifyByHash(signHashAlgorithm.signAlg, hashData(signHashAlgorithm.hashAlg, bArr, (PublicKey) null), publicKey, signValue);
            }
        } else {
            compareHashValue = verifyAuthAttr.signValid ? compareHashValue(hashData(signHashAlgorithm.hashAlg, bArr, (PublicKey) null), verifyAuthAttr) : verifyAuthAttr.signValid;
        }
        return compareHashValue;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifySignerInfoByFile(InputStream inputStream, X509Cert x509Cert) throws PKIException {
        SignHashAlgorithm signHashAlgorithm = getSignHashAlgorithm();
        byte[] signValue = getSignValue();
        PublicKey publicKey = x509Cert.getPublicKey();
        AuthAttrVerifyResult verifyAuthAttr = verifyAuthAttr(signHashAlgorithm.signAlg, publicKey, signValue);
        return verifyAuthAttr.noneAuthAttr ? isSM2Type() ? verifyByHash(signHashAlgorithm.signAlg, SM3DualHash.sm2HashFile((SM2PublicKey) publicKey, inputStream, this.session), publicKey, signValue) : verifyByHash(signHashAlgorithm.signAlg, hashData(signHashAlgorithm.hashAlg, inputStream, publicKey), publicKey, signValue) : verifyAuthAttr.signValid ? compareHashValue(hashData(signHashAlgorithm.hashAlg, inputStream, (PublicKey) null), verifyAuthAttr) : verifyAuthAttr.signValid;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifySignerInfoByHash(byte[] bArr, X509Cert x509Cert) throws PKIException {
        SignHashAlgorithm signHashAlgorithm = getSignHashAlgorithm();
        byte[] signValue = getSignValue();
        PublicKey publicKey = x509Cert.getPublicKey();
        AuthAttrVerifyResult verifyAuthAttr = verifyAuthAttr(signHashAlgorithm.signAlg, publicKey, signValue);
        return verifyAuthAttr.noneAuthAttr ? verifyByHash(signHashAlgorithm.signAlg, bArr, publicKey, signValue) : verifyAuthAttr.signValid ? compareHashValue(bArr, verifyAuthAttr) : verifyAuthAttr.signValid;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifyP7SignedFile(String str, X509Cert x509Cert) throws PKIException {
        SignHashAlgorithm signHashAlgorithm = getSignHashAlgorithm();
        byte[] signValue = getSignValue();
        PublicKey publicKey = x509Cert.getPublicKey();
        AuthAttrVerifyResult verifyAuthAttr = verifyAuthAttr(signHashAlgorithm.signAlg, publicKey, signValue);
        ASN1Node aSN1Node = (ASN1Node) ((ASN1Node) this.signedFile.getSourceData_node().childNodes.get(1)).childNodes.get(0);
        if (aSN1Node.childNodes.size() == 1) {
            aSN1Node = (ASN1Node) aSN1Node.childNodes.get(0);
        }
        return verifyAuthAttr.noneAuthAttr ? isSM2Type() ? verifyByHash(signHashAlgorithm.signAlg, SM3DualHash.sm2HashFile((SM2PublicKey) publicKey, aSN1Node, str, this.session), publicKey, signValue) : verifyByHash(signHashAlgorithm.signAlg, hashData(signHashAlgorithm.hashAlg, aSN1Node, null, str), publicKey, signValue) : verifyAuthAttr.signValid ? compareHashValue(hashData(signHashAlgorithm.hashAlg, aSN1Node, null, str), verifyAuthAttr) : verifyAuthAttr.signValid;
    }

    public final String getSignTime() throws PKIException {
        ASN1Set authenticatedAttributes;
        if (this.signTime == null && (authenticatedAttributes = getAuthenticatedAttributes()) != null) {
            Attribute attribute = new AttributeTable(authenticatedAttributes).get(CMSAttributes.signingTime);
            if (hasSignTime(attribute)) {
                this.signTime = new SimpleDateFormat(GlobalCons.DateFormatPatt).format(Time.getInstance(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()).getDate());
            }
        }
        return this.signTime;
    }

    abstract boolean isSM2Type();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract byte[] getSignValue() throws PKIException;

    abstract SignHashAlgorithm getSignHashAlgorithm() throws PKIException;

    final AuthAttrVerifyResult verifyAuthAttr(Mechanism mechanism, PublicKey publicKey, byte[] bArr) throws PKIException {
        AuthAttrVerifyResult haveAuthAttr;
        ASN1Set authenticatedAttributes = getAuthenticatedAttributes();
        if (authenticatedAttributes != null) {
            try {
                haveAuthAttr = AuthAttrVerifyResult.haveAuthAttr(AuthenticatedAttributesUtil.getMessageDigest(authenticatedAttributes), this.session.verify(mechanism, publicKey, authenticatedAttributes.getEncoded(), bArr));
            } catch (Exception e) {
                throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, "signAuthAttr verify failed", e);
            }
        } else {
            haveAuthAttr = AuthAttrVerifyResult.noneAuthAttr();
        }
        return haveAuthAttr;
    }

    final boolean dualCompareHashValue(SM3DualHash.SM3DualHashResult sM3DualHashResult, AuthAttrVerifyResult authAttrVerifyResult) throws PKIException {
        return compareHashValue(sM3DualHashResult.hashValue, authAttrVerifyResult) || (sM3DualHashResult.supportedWithoutZ && compareHashValue(sM3DualHashResult.hashWithoutZ, authAttrVerifyResult));
    }

    final boolean compareHashValue(byte[] bArr, AuthAttrVerifyResult authAttrVerifyResult) throws PKIException {
        boolean equals = Arrays.equals(bArr, authAttrVerifyResult.hashValue);
        if (!equals) {
            LoggerManager.exceptionLogger.error("the sourceHash is not equals with hashValue in authAttributes!");
        }
        return equals;
    }

    final boolean verifyByHash(Mechanism mechanism, byte[] bArr, PublicKey publicKey, byte[] bArr2) throws PKIException {
        try {
            return this.session.verifyByHash(mechanism, publicKey, bArr, bArr2);
        } catch (Exception e) {
            throw new PKIException(PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES, "signature verify failed", e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:7:0x002c, code lost:
    
        if (r6.session.verifyByHash(r7, r9, r8.hashWithoutZ, r10) != false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean verifyByHash(nbcb.cfca.sadk.algorithm.common.Mechanism r7, nbcb.cfca.sadk.signature.decoder.SM3DualHash.SM3DualHashResult r8, java.security.PublicKey r9, byte[] r10) throws nbcb.cfca.sadk.algorithm.common.PKIException {
        /*
            r6 = this;
            r0 = r6
            nbcb.cfca.sadk.lib.crypto.Session r0 = r0.session     // Catch: java.lang.Exception -> L35
            r1 = r7
            r2 = r9
            r3 = r8
            byte[] r3 = r3.hashValue     // Catch: java.lang.Exception -> L35
            r4 = r10
            boolean r0 = r0.verifyByHash(r1, r2, r3, r4)     // Catch: java.lang.Exception -> L35
            if (r0 != 0) goto L2f
            r0 = r8
            boolean r0 = r0.supportedWithoutZ     // Catch: java.lang.Exception -> L35
            if (r0 == 0) goto L33
            r0 = r6
            nbcb.cfca.sadk.lib.crypto.Session r0 = r0.session     // Catch: java.lang.Exception -> L35
            r1 = r7
            r2 = r9
            r3 = r8
            byte[] r3 = r3.hashWithoutZ     // Catch: java.lang.Exception -> L35
            r4 = r10
            boolean r0 = r0.verifyByHash(r1, r2, r3, r4)     // Catch: java.lang.Exception -> L35
            if (r0 == 0) goto L33
        L2f:
            r0 = 1
            goto L34
        L33:
            r0 = 0
        L34:
            return r0
        L35:
            r11 = move-exception
            nbcb.cfca.sadk.algorithm.common.PKIException r0 = new nbcb.cfca.sadk.algorithm.common.PKIException
            r1 = r0
            java.lang.String r2 = nbcb.cfca.sadk.algorithm.common.PKIException.VERIFY_P7_SIGNEDDATA_ERR_DES
            java.lang.String r3 = "signature verify failed"
            r4 = r11
            r1.<init>(r2, r3, r4)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: nbcb.cfca.sadk.signature.decoder.AbstractPKCS7Decoder.verifyByHash(nbcb.cfca.sadk.algorithm.common.Mechanism, nbcb.cfca.sadk.signature.decoder.SM3DualHash$SM3DualHashResult, java.security.PublicKey, byte[]):boolean");
    }

    abstract byte[] hashData(String str, byte[] bArr, PublicKey publicKey) throws PKIException;

    abstract byte[] hashData(String str, InputStream inputStream, PublicKey publicKey) throws PKIException;

    abstract byte[] hashData(String str, ASN1Node aSN1Node, PublicKey publicKey, String str2) throws PKIException;

    private final boolean hasSignTime(Attribute attribute) {
        boolean z = false;
        if (attribute != null) {
            z = attribute.getAttrValues() != null && attribute.getAttrValues().size() > 0;
        }
        return z;
    }

    private final ASN1Encodable getFirstSignerInfo(boolean z) throws PKIException {
        ASN1Encodable aSN1Encodable;
        ASN1Set aSN1Set;
        if (this.signerInfo != null) {
            aSN1Encodable = this.signerInfo;
        } else {
            if (this.signedData == null && this.signedFile == null) {
                throw new PKIException("can not get SignerInfo object: signedData/signedFile==null");
            }
            if (this.signedData != null) {
                aSN1Set = this.signedData.getSignerInfos();
            } else {
                try {
                    aSN1Set = ASN1Set.getInstance(this.signedFile.getSingerinfo_node().getData());
                } catch (Exception e) {
                    throw new PKIException("signedFile get signerInfo object failed", e);
                }
            }
            if (aSN1Set.size() == 0) {
                throw new PKIException("can not get SignerInfo object: signerInfos==0");
            }
            ASN1Encodable objectAt = aSN1Set.getObjectAt(0);
            aSN1Encodable = z ? SM2SignerInfo.getInstance(objectAt) : SignerInfo.getInstance(objectAt);
        }
        return aSN1Encodable;
    }

    private final ASN1Set getAuthenticatedAttributes() throws PKIException {
        ASN1Set authenticatedAttributes;
        ASN1Encodable firstSignerInfo = getFirstSignerInfo(isSM2Type());
        if (firstSignerInfo instanceof SignerInfo) {
            authenticatedAttributes = ((SignerInfo) firstSignerInfo).getAuthenticatedAttributes();
        } else {
            if (!(firstSignerInfo instanceof SM2SignerInfo)) {
                throw new PKIException(PKIException.PARSE_P7_SIGNEDDATA_ERR, "signedAttribute invalid");
            }
            authenticatedAttributes = ((SM2SignerInfo) firstSignerInfo).getAuthenticatedAttributes();
        }
        return authenticatedAttributes;
    }

    public static String getDigestAlgorithm(ASN1Encodable aSN1Encodable) throws PKIException {
        ASN1ObjectIdentifier algorithm = SignerInfo.getInstance(aSN1Encodable).getDigestAlgorithm().getAlgorithm();
        String digestAlgorithmName = Mechanisms.getDigestAlgorithmName(algorithm);
        if (digestAlgorithmName == null) {
            throw new PKIException(PKIException.UNSUPPORT_ENCRYPT_ALG_SIGNANDENVELOP_ERR, "do not support digestId=" + algorithm);
        }
        return digestAlgorithmName;
    }
}
