package org.cesi.security.pki.utl;

import java.io.ByteArrayInputStream;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DEREncodableVector;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.util.encoders.Base64;
import org.cesi.security.pki.DSecTransfer;
import org.cesi.security.pki.PKIException;
import org.cesi.security.pki.Recipient;
import org.cesi.security.pki.utl.certificate.PKCS12;
import org.cesi.security.pki.utl.cryption.CryptionFactory;
import org.cesi.security.pki.utl.cryption.CryptionInterface;
import org.cesi.security.pki.utl.key.RSAKey;
import org.cesi.security.pki.utl.key.SymmetricKey;

/* loaded from: input_file:org/cesi/security/pki/utl/DSecTransferUtl.class */
public class DSecTransferUtl implements DSecTransfer {
    @Override // org.cesi.security.pki.DSecTransfer
    public byte[] sealEvpWithCertForP7(byte[] bArr, Recipient recipient) throws PKIException {
        try {
            IssuerAndSerialNumber[] issuerAndSerialNumberArr = new IssuerAndSerialNumber[recipient.size()];
            X509Certificate[] x509CertificateArr = new X509Certificate[recipient.size()];
            for (int i = 0; i < recipient.size(); i++) {
                byte[] bArr2 = recipient.get(i);
                byte[] checkPEM = MiscTools.checkPEM(bArr2);
                if (checkPEM != null) {
                    bArr2 = Base64.decode(checkPEM);
                }
                x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr2));
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509CertificateArr[i].getEncoded());
                ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
                X509CertificateStructure x509CertificateStructure = new X509CertificateStructure(aSN1InputStream.readObject());
                aSN1InputStream.close();
                issuerAndSerialNumberArr[i] = new IssuerAndSerialNumber(x509CertificateStructure.getIssuer(), x509CertificateStructure.getSerialNumber());
                byteArrayInputStream.close();
            }
            byte[] bArr3 = new byte[1];
            Date date = new Date();
            SymmetricKey symmetricKey = new SymmetricKey();
            symmetricKey.setKey(String.valueOf(date.getTime()).getBytes());
            CryptionFactory.release();
            CryptionFactory.invoke("SOFT");
            EncryptedContentInfo encryptedContentInfo = new EncryptedContentInfo(new DERObjectIdentifier("1.2.840.113549.1.7.1"), new AlgorithmIdentifier(new DERObjectIdentifier("1.3.6.1.4.1.188.7.1.1.1"), new DERNull()), new BERConstructedOctetString(CryptionFactory.getInstance().encrypt("SDBI", symmetricKey, bArr)));
            DEREncodable[] dEREncodableArr = new RecipientInfo[x509CertificateArr.length];
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                byte[] key = symmetricKey.getKey();
                PublicKey publicKey = x509CertificateArr[i2].getPublicKey();
                RSAKey rSAKey = new RSAKey();
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(publicKey.getEncoded());
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(byteArrayInputStream2);
                ASN1Sequence readObject = aSN1InputStream2.readObject();
                aSN1InputStream2.close();
                byteArrayInputStream2.close();
                rSAKey.setPublickey(DERBitString.getInstance(readObject.getObjectAt(1)).getBytes());
                rSAKey.setKeySizeInBits(1024);
                CryptionFactory.release();
                CryptionFactory.invoke("SOFT");
                dEREncodableArr[i2] = new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(issuerAndSerialNumberArr[i2]), new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.1"), new DERNull()), new DEROctetString(CryptionFactory.getInstance().encrypt("RSAPubKey", rSAKey, key))));
            }
            DEREncodableVector dEREncodableVector = new DEREncodableVector();
            for (DEREncodable dEREncodable : dEREncodableArr) {
                dEREncodableVector.add(dEREncodable);
            }
            return Base64.encode(new DERBitString(new EnvelopedData((OriginatorInfo) null, new DERSet(dEREncodableVector), encryptedContentInfo, (ASN1Set) null)).getBytes());
        } catch (Exception e) {
            throw new PKIException(4);
        }
    }

    @Override // org.cesi.security.pki.DSecTransfer
    public byte[] decryptEvpForP7(byte[] bArr, byte[] bArr2, String str) throws PKIException {
        try {
            byte[] checkPEM = MiscTools.checkPEM(bArr2);
            if (checkPEM != null) {
                bArr2 = Base64.decode(checkPEM);
            }
            ArrayList arrayList = new ArrayList();
            byte[] openPfx = new PKCS12().openPfx(bArr2, str, arrayList);
            if (openPfx == null) {
                throw new PKIException(3);
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(arrayList.get(0).toString().getBytes()));
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            ASN1Sequence readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            byteArrayInputStream.close();
            X509CertificateStructure x509CertificateStructure = new X509CertificateStructure(readObject);
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertificateStructure.getIssuer(), x509CertificateStructure.getSerialNumber());
            RSAKey rSAKey = new RSAKey();
            rSAKey.setPrivatekey(openPfx, null);
            byte[] checkPEM2 = MiscTools.checkPEM(bArr);
            if (checkPEM2 != null) {
                bArr = Base64.decode(checkPEM2);
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            contentEncryptionAlgorithm.getObjectId().getId();
            KeyTransRecipientInfo keyTransRecipientInfo = null;
            for (int i = 0; envelopedData.getRecipientInfos().getObjectAt(i) != null; i++) {
                keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(new RecipientInfo(envelopedData.getRecipientInfos().getObjectAt(i)).getInfo());
                if (keyTransRecipientInfo.getRecipientIdentifier().getId().getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber())) {
                    break;
                }
            }
            if (keyTransRecipientInfo == null) {
                throw new PKIException(6);
            }
            ASN1OctetString encryptedKey = keyTransRecipientInfo.getEncryptedKey();
            keyTransRecipientInfo.getKeyEncryptionAlgorithm();
            CryptionFactory.release();
            CryptionFactory.invoke("SOFT");
            CryptionInterface cryptionFactory = CryptionFactory.getInstance();
            byte[] decrypt = cryptionFactory.decrypt("RSAPriKey", rSAKey, encryptedKey.getOctets());
            SymmetricKey symmetricKey = new SymmetricKey();
            symmetricKey.setKey(decrypt);
            byte[] bArr3 = (byte[]) null;
            if (contentEncryptionAlgorithm.getObjectId().getId().equalsIgnoreCase("1.3.6.1.4.1.188.7.1.1.1")) {
                bArr3 = cryptionFactory.decrypt("SDBI", symmetricKey, encryptedContent.getOctets());
                CryptionFactory.release();
            }
            return bArr3;
        } catch (Exception e) {
            throw new PKIException(5);
        }
    }

    @Override // org.cesi.security.pki.DSecTransfer
    public byte[] decryptEvpForP7(byte[] bArr, int i, String str) throws PKIException {
        try {
            SunEpass sunEpass = SunEpass.getInstance(str);
            byte[] encoded = sunEpass.getEpassEntryArray()[i].getCert().getEncoded();
            byte[] checkPEM = MiscTools.checkPEM(encoded);
            if (checkPEM != null) {
                encoded = Base64.decode(checkPEM);
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encoded);
            ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
            ASN1Sequence readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            byteArrayInputStream.close();
            X509CertificateStructure x509CertificateStructure = new X509CertificateStructure(readObject);
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(x509CertificateStructure.getIssuer(), x509CertificateStructure.getSerialNumber());
            byte[] checkPEM2 = MiscTools.checkPEM(bArr);
            if (checkPEM2 != null) {
                bArr = Base64.decode(checkPEM2);
            }
            EnvelopedData envelopedData = EnvelopedData.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
            EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
            ASN1OctetString encryptedContent = encryptedContentInfo.getEncryptedContent();
            AlgorithmIdentifier contentEncryptionAlgorithm = encryptedContentInfo.getContentEncryptionAlgorithm();
            contentEncryptionAlgorithm.getObjectId().getId();
            KeyTransRecipientInfo keyTransRecipientInfo = null;
            for (int i2 = 0; envelopedData.getRecipientInfos().getObjectAt(i2) != null; i2++) {
                keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(new RecipientInfo(envelopedData.getRecipientInfos().getObjectAt(i2)).getInfo());
                if (keyTransRecipientInfo.getRecipientIdentifier().getId().getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber())) {
                    break;
                }
            }
            if (keyTransRecipientInfo == null) {
                throw new PKIException(6);
            }
            ASN1OctetString encryptedKey = keyTransRecipientInfo.getEncryptedKey();
            keyTransRecipientInfo.getKeyEncryptionAlgorithm();
            CryptionFactory.release();
            CryptionFactory.invoke("SOFT");
            CryptionInterface cryptionFactory = CryptionFactory.getInstance();
            byte[] crypto = sunEpass.crypto(i, false, encryptedKey.getOctets(), str);
            SymmetricKey symmetricKey = new SymmetricKey();
            symmetricKey.setKey(crypto);
            byte[] bArr2 = (byte[]) null;
            if (contentEncryptionAlgorithm.getObjectId().getId().equalsIgnoreCase("1.3.6.1.4.1.188.7.1.1.1")) {
                bArr2 = cryptionFactory.decrypt("SDBI", symmetricKey, encryptedContent.getOctets());
                CryptionFactory.release();
            }
            return bArr2;
        } catch (Exception e) {
            throw new PKIException(7);
        }
    }
}
