package signgate.crypto.pkcs7;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import signgate.crypto.asn1.OctetString;
import signgate.crypto.util.CipherUtil;
import signgate.crypto.util.SignUtil;
import signgate.crypto.x509.AlgorithmId;
import signgate.crypto.x509.Attribute;
import signgate.javax.crypto.Signature;
import signgate.provider.oid.OID;

/* loaded from: input_file:signgate/crypto/pkcs7/Signer.class */
public class Signer {
    private Set certs;
    private X509Certificate signerCert;
    private CertPath cpc;
    private PrivateKey privKey;
    private Set signedAttributes;
    private Set unsignedAttributes;
    private String digestAlg;
    private String sigAlg;
    private byte[] toBeSigned;
    private byte[] signature;
    private String provider;
    private int version;

    public Signer(X509Certificate x509Certificate, Set set, PrivateKey privateKey) {
        this.cpc = null;
        this.signedAttributes = null;
        this.unsignedAttributes = null;
        this.digestAlg = "SHA";
        this.sigAlg = null;
        this.toBeSigned = null;
        this.signature = null;
        this.provider = null;
        this.signerCert = x509Certificate;
        if (this.certs == null) {
            this.certs = new HashSet();
        } else {
            this.certs = set;
        }
        this.certs.add(x509Certificate);
        this.privKey = privateKey;
        this.signedAttributes = new HashSet();
        try {
            this.cpc = new CertPath(this.certs, new IssuerAndSerialNumber(x509Certificate));
        } catch (CMSException e) {
            e.printStackTrace();
        }
    }

    public Signer(SignerInfo signerInfo, Set set) throws CMSException {
        this.cpc = null;
        this.signedAttributes = null;
        this.unsignedAttributes = null;
        this.digestAlg = "SHA";
        this.sigAlg = null;
        this.toBeSigned = null;
        this.signature = null;
        this.provider = null;
        this.signedAttributes = signerInfo.getSignedAttributes();
        this.signature = signerInfo.getSignature();
        this.sigAlg = signerInfo.getSignatureAlgorithm();
        if (this.sigAlg.equals("RSA")) {
            this.sigAlg = new StringBuffer().append(signerInfo.getDigestAlgorithm()).append("/RSA").toString();
        }
        this.certs = set;
        this.version = signerInfo.getVersion();
        this.cpc = new CertPath(this.certs, signerInfo.getIssuerAndSerialNumber(), this.version);
        this.signerCert = this.cpc.getSignerCert();
        this.toBeSigned = signerInfo.getToBeSigned();
    }

    public X509Certificate getSignerCert() {
        return this.signerCert;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set getCertificates() {
        return this.certs;
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlg = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDigestAlgorithm() {
        return this.digestAlg;
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlg = str;
    }

    String getSignatureAlgorithm() {
        return this.sigAlg;
    }

    public void setSignedAttributes(Set set) {
        this.signedAttributes = set;
    }

    public void setUnsignedAttributes(Set set) {
        this.unsignedAttributes = set;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfo sign(byte[] bArr) throws CMSException {
        if (this.sigAlg == null) {
            throw new CMSException("Signature algorithm not set");
        }
        if (this.signedAttributes == null) {
            this.signedAttributes = new HashSet();
        }
        this.signedAttributes.add(new MessageDigest(digest(bArr)));
        this.signature = sign();
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(this.signerCert);
        String str = this.sigAlg;
        if (this.sigAlg.endsWith("RSA")) {
            str = "RSA";
        }
        return new SignerInfo(issuerAndSerialNumber, new AlgorithmId(OID.getAlgOid(this.digestAlg)), this.signedAttributes, str, this.signature);
    }

    public void verify(byte[] bArr) throws CMSException {
        verify(bArr, null, null);
    }

    public void verify(byte[] bArr, byte[] bArr2, byte[] bArr3) throws CMSException {
        if (this.signedAttributes != null) {
            if (!Arrays.equals(getDigest(), digest(bArr))) {
                throw new CMSException("Message digest incorrect.");
            }
            verifySignature();
            return;
        }
        byte[] bArr4 = null;
        if (bArr2 != null) {
            CipherUtil cipherUtil = new CipherUtil();
            try {
                if (bArr3 == null) {
                    cipherUtil.decryptInit(bArr2);
                } else {
                    cipherUtil.decryptInit(bArr2, bArr3);
                }
                bArr4 = cipherUtil.decryptUpdate(this.signature);
                cipherUtil.decryptFinal();
            } catch (Exception e) {
                throw new CMSException("Digital signature value decryption failed. please check key pair correct.");
            }
        }
        SignUtil signUtil = new SignUtil(this.sigAlg);
        try {
            signUtil.verifyInit(this.signerCert.getEncoded());
            signUtil.verifyUpdate(bArr);
            boolean verifyFinal = bArr4 != null ? signUtil.verifyFinal(bArr4) : signUtil.verifyFinal(this.signature);
            if (!verifyFinal) {
                SignUtil signUtil2 = new SignUtil(this.sigAlg);
                signUtil2.verifyInit(this.signerCert.getEncoded());
                signUtil2.verifyUpdate(bArr);
                verifyFinal = signUtil2.verifyFinal(this.signature);
            }
            if (verifyFinal) {
            } else {
                throw new CMSException("Digital signature is wrong");
            }
        } catch (Exception e2) {
            throw new CMSException("Digital signature verification failed. please check key pair correct.");
        }
    }

    public CertPath getCertPath() {
        return this.cpc;
    }

    private byte[] digest(byte[] bArr) throws CMSException {
        try {
            signgate.javax.crypto.MessageDigest messageDigest = signgate.javax.crypto.MessageDigest.getInstance(this.digestAlg, "SignGATE");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new CMSException(e.toString());
        }
    }

    private byte[] sign() throws CMSException {
        try {
            Signature signature = this.provider == null ? Signature.getInstance(this.sigAlg) : Signature.getInstance(this.sigAlg, this.provider);
            signature.initSign(this.privKey);
            this.toBeSigned = new SignedAttributes(this.signedAttributes).encode();
            signature.update(this.toBeSigned);
            return signature.sign();
        } catch (Exception e) {
            throw new CMSException(e.toString());
        }
    }

    private void verifySignature() throws CMSException {
        try {
            if (this.sigAlg.equals("RDN_RSA")) {
                this.sigAlg = "SHA1/RSA";
            }
            Signature signature = Signature.getInstance(this.sigAlg, "SignGATE");
            signature.initVerify(this.signerCert.getPublicKey());
            signature.update(this.toBeSigned);
            if (signature.verify(this.signature)) {
            } else {
                throw new CMSException("Digital signature verification failed.");
            }
        } catch (Exception e) {
            throw new CMSException("Digital signature verification failed. please check key pair correct.");
        }
    }

    private byte[] getDigest() {
        for (Attribute attribute : this.signedAttributes) {
            if (attribute.getType().equals(OID.id_messageDigest)) {
                return ((OctetString) attribute.getValues().elementAt(0)).getBytes();
            }
        }
        return null;
    }
}
