package com.ksign.asn1;

import com.amc.ui.UIConstants;
import com.ksign.asn1.cms.CMSObjectIdentifiers;
import com.ksign.asn1.cms.IssuerAndSerialNumber;
import com.ksign.asn1.cms.KeyTransRecipientInfo;
import com.ksign.asn1.cms.RecipientInfo;
import com.ksign.asn1.kisa.KISAObjectIdentifiers;
import com.ksign.asn1.oiw.OIWObjectIdentifiers;
import com.ksign.asn1.pkcs.PKCSObjectIdentifiers;
import com.ksign.asn1.x500.RDN;
import com.ksign.util.x500.DN;
import com.ksign.wizsign.app.authProtocol.SecureChannel;
import com.ksign.wizsign.others.smartchannel.crypt.Crypto;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javak.crypto.Cipher;
import javak.crypto.CipherInputStream;
import javak.crypto.SecretKey;
import javak.crypto.spec.IvParameterSpec;
import javak.crypto.spec.SecretKeySpec;
import ksign.jce.provider.pkcs.OIDNotFoundException;
import ksign.jce.provider.pkcs.PKCS7Exception;
import ksign.jce.provider.x509.X509CertificateObject;
import ksign.jce.util.JCEUtil;

/* loaded from: classes.dex */
public class CMSStreamSeperate extends FilterInputStream implements DERTags {
    public static final ASN1ObjectIdentifier ENVELOPED_DATA = CMSObjectIdentifiers.envelopedData;
    private ASN1OctetString iv;
    private final int limit;
    private ArrayList oids;
    private final OutputStream out;
    private ASN1Set recipientInfos;
    private SecretKey secretKey;

    public CMSStreamSeperate(InputStream inputStream, OutputStream outputStream) {
        super(inputStream);
        this.recipientInfos = null;
        this.secretKey = null;
        this.limit = findLimit(inputStream);
        this.oids = new ArrayList();
        this.out = outputStream;
        init();
    }

    private Cipher getRSACipher(KeyTransRecipientInfo keyTransRecipientInfo) {
        String str = "RSA";
        ASN1ObjectIdentifier algorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm().getAlgorithm();
        if (algorithm.equals(PKCSObjectIdentifiers.rsaEncryption)) {
            str = "RSA";
        } else if (algorithm.equals(PKCSObjectIdentifiers.id_RSAES_OAEP)) {
            str = "RSA/OAEP";
        }
        return Cipher.getInstance(str, "Ksign");
    }

    ASN1EncodableVector buildDEREncodableVector(DefiniteLengthInputStream definiteLengthInputStream) {
        return new ASN1InputStream(definiteLengthInputStream).buildEncodableVector();
    }

    protected DERObject buildObject(int i, int i2, int i3) {
        int i4;
        boolean z = (i & 32) != 0;
        if ((i & 128) == 0 || this.oids.size() <= 1) {
            if (z) {
                switch (i2) {
                    case 17:
                        this.recipientInfos = DERFactory.createSet(buildDEREncodableVector(new DefiniteLengthInputStream(this, i3)), false);
                        break;
                }
            }
            return createPrimitiveDERObject(i2, i3);
        }
        if (this.oids.size() >= 2) {
            int i5 = 1048576;
            do {
                i4 = i5 > i3 ? i3 % 1048576 : 1048576;
                byte[] bArr = new byte[i4];
                this.out.write(bArr, 0, read(bArr));
                i5 += i4;
            } while (i4 >= 1048576);
        }
        return null;
    }

    DERObject createPrimitiveDERObject(int i, int i2) {
        switch (i) {
            case 1:
                byte[] bArr = new byte[i2];
                read(bArr);
                return new ASN1Boolean(bArr);
            case 2:
                byte[] bArr2 = new byte[i2];
                read(bArr2);
                return new ASN1Integer(bArr2);
            case 3:
                byte[] bArr3 = new byte[i2];
                read(bArr3);
                return DERBitString.fromOctetString(bArr3);
            case 4:
                byte[] bArr4 = new byte[i2];
                read(bArr4);
                this.iv = new DEROctetString(bArr4);
                return this.iv;
            case 5:
                System.out.println("\t NULL");
                return DERNull.INSTANCE;
            case 6:
                byte[] bArr5 = new byte[i2];
                read(bArr5);
                this.oids.add(new ASN1ObjectIdentifier(bArr5));
                return null;
            case 7:
            case 8:
            case 9:
            case 11:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 21:
            case 25:
            case 29:
            default:
                return null;
            case 10:
                byte[] bArr6 = new byte[i2];
                read(bArr6);
                return new ASN1Enumerated(bArr6);
            case 12:
                byte[] bArr7 = new byte[i2];
                read(bArr7);
                return new DERUTF8String(bArr7);
            case 18:
                byte[] bArr8 = new byte[i2];
                read(bArr8);
                return new DERNumericString(bArr8);
            case 19:
                byte[] bArr9 = new byte[i2];
                read(bArr9);
                return new DERPrintableString(bArr9);
            case 20:
                byte[] bArr10 = new byte[i2];
                read(bArr10);
                return new DERT61String(bArr10);
            case 22:
                byte[] bArr11 = new byte[i2];
                read(bArr11);
                return new DERIA5String(bArr11);
            case 23:
                byte[] bArr12 = new byte[i2];
                read(bArr12);
                return new ASN1UTCTime(bArr12);
            case 24:
                byte[] bArr13 = new byte[i2];
                read(bArr13);
                return new ASN1GeneralizedTime(bArr13);
            case 26:
                byte[] bArr14 = new byte[i2];
                read(bArr14);
                return new DERVisibleString(bArr14);
            case 27:
                byte[] bArr15 = new byte[i2];
                read(bArr15);
                return new DERGeneralString(bArr15);
            case 28:
                byte[] bArr16 = new byte[i2];
                read(bArr16);
                return new DERUniversalString(bArr16);
            case 30:
                byte[] bArr17 = new byte[i2];
                read(bArr17);
                return new DERBMPString(bArr17);
        }
    }

    public void decrykey(Certificate certificate, PrivateKey privateKey, InputStream inputStream, OutputStream outputStream) {
        RecipientInfo recipientInfo;
        boolean z;
        Cipher cipher;
        byte[] bytes;
        CipherInputStream cipherInputStream = null;
        Enumeration objects = this.recipientInfos.getObjects();
        KeyTransRecipientInfo keyTransRecipientInfo = null;
        RecipientInfo recipientInfo2 = null;
        while (true) {
            if (!objects.hasMoreElements()) {
                recipientInfo = recipientInfo2;
                z = false;
                break;
            }
            recipientInfo = RecipientInfo.getInstance((ASN1Encodable) objects.nextElement());
            if (!recipientInfo.isTagged()) {
                keyTransRecipientInfo = (KeyTransRecipientInfo) recipientInfo.getInfo();
                IssuerAndSerialNumber issuerAndSerialNumber = (IssuerAndSerialNumber) keyTransRecipientInfo.getRecipientIdentifier().getId();
                RDN[] rDNs = issuerAndSerialNumber.getName().getRDNs();
                X509CertificateObject x509CertificateObject = (X509CertificateObject) certificate;
                if (x509CertificateObject.getSerialNumber().equals(issuerAndSerialNumber.getSerialNumber().getValue()) && x509CertificateObject.getIssuerDN().getName().equalsIgnoreCase(DN.getAltDN(rDNs))) {
                    z = true;
                    break;
                }
                recipientInfo2 = recipientInfo;
            } else {
                recipientInfo2 = recipientInfo;
            }
        }
        if (recipientInfo.isTagged()) {
            throw new PKCS7Exception("(KSign) getEnvelopedData() : unsupported receipientInfo choice tag");
        }
        if (!z) {
            throw new PKCS7Exception("(KSign) getEnvelopedData() : Invalid Recepient");
        }
        byte[] octets = keyTransRecipientInfo.getEncryptedKey().getOctets();
        if (octets == null) {
            JCEUtil.setErrorcode("30034");
            throw new PKCS7Exception("(KSign) getEnvelopedData's encryptedkey is null");
        }
        try {
            Cipher rSACipher = getRSACipher(keyTransRecipientInfo);
            rSACipher.init(2, privateKey);
            byte[] doFinal = rSACipher.doFinal(octets);
            if (this.oids == null || this.oids.size() < 2) {
                throw new PKCS7Exception("(KSign) getEnvelopedData's oids Exception" + this.oids);
            }
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) this.oids.get(this.oids.size() - 1);
            try {
                if (aSN1ObjectIdentifier.equals(OIWObjectIdentifiers.desCBC)) {
                    cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, Crypto.ALGORITHM_DES);
                } else if (aSN1ObjectIdentifier.equals(KISAObjectIdentifiers.seedCBC)) {
                    cipher = Cipher.getInstance(SecureChannel.CipherAlgorithm2, "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "SEED");
                } else if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.des_EDE3_CBC)) {
                    cipher = Cipher.getInstance("DESEDE/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, "DESEDE");
                } else {
                    if (!aSN1ObjectIdentifier.equals(KISAObjectIdentifiers.ariaCBC)) {
                        JCEUtil.setErrorcode("60004");
                        throw new OIDNotFoundException("(KSign)getEnvelopedData's CipherAlgorithm is not exist" + aSN1ObjectIdentifier.toString());
                    }
                    cipher = Cipher.getInstance("ARIA/CBC/PKCS5Padding", "Ksign");
                    this.secretKey = new SecretKeySpec(doFinal, Crypto.ALGORITHM_ARIA);
                }
                try {
                    bytes = this.iv.getOctets();
                } catch (Exception e) {
                    bytes = "0123456789012345".getBytes();
                }
                cipher.init(2, this.secretKey, new IvParameterSpec(bytes));
                byte[] bArr = new byte[2048];
                try {
                    CipherInputStream cipherInputStream2 = new CipherInputStream(inputStream, cipher);
                    while (true) {
                        try {
                            int read = cipherInputStream2.read(bArr);
                            if (read == -1) {
                                break;
                            } else {
                                outputStream.write(bArr, 0, read);
                            }
                        } catch (Throwable th) {
                            th = th;
                            cipherInputStream = cipherInputStream2;
                            if (cipherInputStream != null) {
                                cipherInputStream.close();
                            }
                            throw th;
                        }
                    }
                    outputStream.flush();
                    if (cipherInputStream2 != null) {
                        cipherInputStream2.close();
                    }
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (Exception e2) {
                throw new PKCS7Exception("(KSign) getEnvelopedData's Decrypt encryptedcont " + e2.getMessage());
            }
        } catch (Exception e3) {
            throw new PKCS7Exception("(KSign) getEnvelopedData's Sessionkey decrypt " + e3.getMessage());
        }
    }

    int findLimit(InputStream inputStream) {
        return inputStream instanceof ByteArrayInputStream ? ((ByteArrayInputStream) inputStream).available() : UIConstants.MAX_PRIORITY;
    }

    public IvParameterSpec getSecretIv() {
        return new IvParameterSpec(this.iv.getOctets());
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }

    public Object init() {
        int read = read();
        if (read > 0) {
            int readTagNumber = readTagNumber(this, read);
            boolean z = (read & 32) != 0;
            int readLength = readLength();
            if (readLength >= 0) {
                try {
                    buildObject(read, readTagNumber, readLength);
                } catch (IllegalArgumentException e) {
                    throw new ASN1Exception("corrupted stream detected", e);
                }
            } else if (!z) {
                throw new IOException("indefinite length primitive encoding encountered");
            }
            init();
        } else if (read == 0) {
            throw new IOException("unexpected end-of-contents marker");
        }
        return null;
    }

    protected int readLength() {
        return readLength(this, this.limit);
    }

    int readLength(InputStream inputStream, int i) {
        int i2 = 0;
        int read = inputStream.read();
        if (read < 0) {
            throw new EOFException("EOF found when length expected");
        }
        if (read == 128) {
            return -1;
        }
        if (read <= 127) {
            return read;
        }
        int i3 = read & 127;
        if (i3 > 4) {
            throw new IOException("DER length more than 4 bytes: " + i3);
        }
        int i4 = 0;
        while (i2 < i3) {
            int read2 = inputStream.read();
            if (read2 < 0) {
                throw new EOFException("EOF found reading length");
            }
            i2++;
            i4 = read2 + (i4 << 8);
        }
        if (i4 < 0) {
            throw new IOException("corrupted stream - negative length found");
        }
        if (i4 >= i) {
            throw new IOException("corrupted stream - out of bounds length found");
        }
        return i4;
    }

    int readTagNumber(InputStream inputStream, int i) {
        int i2 = i & 31;
        if (i2 != 31) {
            return i2;
        }
        int i3 = 0;
        int read = inputStream.read();
        if ((read & 127) == 0) {
            throw new IOException("corrupted stream - invalid high tag number found");
        }
        while (read >= 0 && (read & 128) != 0) {
            i3 = ((read & 127) | i3) << 7;
            read = inputStream.read();
        }
        if (read < 0) {
            throw new EOFException("EOF found inside tag value.");
        }
        return (read & 127) | i3;
    }
}
