package com.tibco.security.smime.oOOO;

import com.tibco.security.AXSecurityException;
import com.tibco.security.Cert;
import com.tibco.security.CertFactory;
import com.tibco.security.Hasher;
import com.tibco.security.Identity;
import com.tibco.security.PK;
import com.tibco.security.smime.PKCS7Util;
import com.tibco.security.smime.SMIMEConstants;
import iaik.asn1.DerCoder;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.DigestInfo;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.KeyTransRecipientInfo;
import iaik.cms.RecipientInfo;
import iaik.cms.SignedDataStream;
import iaik.cms.SignerInfo;
import iaik.smime.SMimeEncrypted;
import iaik.smime.SMimeSigned;
import iaik.x509.X509Certificate;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;

/* compiled from: PKCS7UtilImpl.java */
/* loaded from: input_file:com/tibco/security/smime/oOOO/oOOO.class */
public class oOOO implements PKCS7Util {
    @Override // com.tibco.security.smime.PKCS7Util
    public byte[] signData(InputStream inputStream, Cert[] certArr, PK pk, String str, String str2) throws AXSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        signDataToStream(inputStream, certArr, pk, str, str2, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public void signDataToStream(InputStream inputStream, Cert[] certArr, PK pk, String str, String str2, OutputStream outputStream) throws AXSecurityException {
        AlgorithmID algorithmID;
        AlgorithmID algorithmID2;
        int read;
        if (inputStream == null) {
            throw new AXSecurityException("no Data available to sign");
        }
        try {
            SMimeSigned sMimeSigned = new SMimeSigned(inputStream, 2);
            X509Certificate[] x509CertificateArr = new X509Certificate[certArr.length];
            for (int i = 0; i < certArr.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certArr[i].getContents();
            }
            sMimeSigned.setCertificates(x509CertificateArr);
            if (str2.equalsIgnoreCase(Hasher.SHA1) || str2.equalsIgnoreCase(SMIMEConstants.SHA1)) {
                algorithmID = AlgorithmID.sha1;
            } else {
                if (!str2.equalsIgnoreCase("MD5")) {
                    throw new AXSecurityException("unrecognized message digest algorithm " + str2);
                }
                if (str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("DSA with MD5 is not supported");
                }
                algorithmID = AlgorithmID.md5;
            }
            if (str.equalsIgnoreCase("RSA")) {
                algorithmID2 = AlgorithmID.rsaEncryption;
            } else {
                if (!str.equalsIgnoreCase("DSA")) {
                    throw new AXSecurityException("unrecognized signature algorithm " + str);
                }
                algorithmID2 = AlgorithmID.dsa;
            }
            sMimeSigned.addSignerInfo(new SignerInfo(new IssuerAndSerialNumber((X509Certificate) certArr[0].getContents()), algorithmID, algorithmID2, (PrivateKey) pk.getContents()));
            InputStream inputStream2 = sMimeSigned.getInputStream();
            byte[] bArr = new byte[o00000(inputStream2.available())];
            do {
                read = inputStream2.read(bArr);
            } while (read > 0);
            sMimeSigned.writeTo(outputStream, read);
        } catch (IOException e) {
            throw new AXSecurityException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AXSecurityException(e2);
        }
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public Cert[] verify(InputStream inputStream, InputStream inputStream2) throws AXSecurityException {
        return o00000(inputStream, inputStream2, (Cert) null);
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public void verify(InputStream inputStream, InputStream inputStream2, Cert cert) throws AXSecurityException {
        o00000(inputStream, inputStream2, cert);
    }

    Cert[] o00000(InputStream inputStream, InputStream inputStream2, Cert cert) throws AXSecurityException {
        if (inputStream == null) {
            throw new AXSecurityException("no signature provided to verify");
        }
        int i = 0;
        if (inputStream2 != null) {
            try {
                i = inputStream2.available();
            } catch (IOException e) {
                throw new AXSecurityException(e);
            }
        }
        SMimeSigned o00000 = o00000(inputStream2, inputStream, i);
        SignerInfo[] signerInfos = o00000.getSignerInfos();
        if (signerInfos == null || signerInfos.length < 1) {
            throw new AXSecurityException("This SignedData object contains no signatures");
        }
        X509Certificate x509Certificate = null;
        try {
            if (cert == null) {
                x509Certificate = o00000.verify();
            } else {
                o00000.verify(cert.getCertificate().getPublicKey());
            }
            SignerInfo signerInfo = null;
            X509Certificate certificate = cert == null ? x509Certificate : cert.getCertificate();
            int i2 = 0;
            while (true) {
                if (i2 >= signerInfos.length) {
                    break;
                }
                if (signerInfos[0].getSignerIdentifier().identifiesCert(certificate)) {
                    signerInfo = signerInfos[i2];
                    break;
                }
                i2++;
            }
            return o00000(o00000, signerInfo);
        } catch (SignatureException e2) {
            throw new AXSecurityException(e2);
        }
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public byte[] getSignedMessageDigest(InputStream inputStream, InputStream inputStream2, int i, Cert cert) throws AXSecurityException {
        return o00000(inputStream, inputStream2, i, cert, null);
    }

    public byte[] o00000(InputStream inputStream, InputStream inputStream2, int i, Cert cert, ByteArrayOutputStream byteArrayOutputStream) throws AXSecurityException {
        try {
            SignerInfo[] signerInfos = o00000(inputStream, inputStream2, i).getSignerInfos();
            if (signerInfos == null || signerInfos.length < 1) {
                throw new AXSecurityException("This SignedData object contains no signatures");
            }
            byte[] bArr = (byte[]) null;
            SignerInfo signerInfo = null;
            int i2 = 0;
            while (true) {
                if (i2 >= signerInfos.length) {
                    break;
                }
                if (signerInfos[i2].getSignerIdentifier().identifiesCert(cert.getCertificate())) {
                    signerInfo = signerInfos[i2];
                    break;
                }
                i2++;
            }
            if (signerInfo == null) {
                throw new AXSecurityException("Couldn't find SignerInfo in signed content");
            }
            try {
                bArr = signerInfo.getSignedDigest();
            } catch (CMSException unused) {
            }
            if (bArr == null) {
                byte[] signatureValue = signerInfo.getSignatureValue();
                if (signerInfo.getSignatureAlgorithm().equals(AlgorithmID.rsaEncryption)) {
                    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                    cipher.init(2, cert.getCertificate().getPublicKey());
                    bArr = new DigestInfo(DerCoder.decode(cipher.doFinal(signatureValue))).getDigest();
                }
            }
            return bArr;
        } catch (Exception e) {
            throw new AXSecurityException("Error retrieving message digest", e);
        }
    }

    Cert[] o00000(SignedDataStream signedDataStream, SignerInfo signerInfo) throws AXSecurityException {
        X509Certificate x509Certificate;
        try {
            X509Certificate[] certificates = signedDataStream.getCertificates();
            if (certificates == null) {
                return null;
            }
            int length = certificates.length;
            ArrayList arrayList = new ArrayList();
            X509Certificate certificate = signedDataStream.getCertificate(signerInfo.getSignerIdentifier());
            if (certificate == null) {
                return null;
            }
            arrayList.add(certificate);
            loop0: while (true) {
                Principal subjectDN = certificate.getSubjectDN();
                Principal issuerDN = certificate.getIssuerDN();
                if (!subjectDN.equals(issuerDN)) {
                    for (int i = 0; i < length; i++) {
                        x509Certificate = certificates[i];
                        if (x509Certificate.getSubjectDN().equals(issuerDN)) {
                            break;
                        }
                    }
                    break loop0;
                }
                break;
                arrayList.add(x509Certificate);
                certificate = x509Certificate;
            }
            Cert[] certArr = new Cert[arrayList.size()];
            Iterator it = arrayList.iterator();
            int i2 = 0;
            while (it.hasNext()) {
                int i3 = i2;
                i2++;
                certArr[i3] = CertFactory.createCert(it.next());
            }
            return certArr;
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public void encryptToStream(InputStream inputStream, Cert[] certArr, PK pk, int i, OutputStream outputStream) throws AXSecurityException, IOException {
        AlgorithmID algorithmID;
        int i2 = -1;
        switch (i) {
            case 1:
                algorithmID = AlgorithmID.rc2_CBC;
                i2 = 40;
                break;
            case 2:
                algorithmID = AlgorithmID.rc2_CBC;
                i2 = 128;
                break;
            case 11:
                algorithmID = AlgorithmID.des_CBC;
                break;
            case 21:
                algorithmID = AlgorithmID.des_EDE3_CBC;
                break;
            case 30:
                algorithmID = AlgorithmID.aes_128_CBC;
                i2 = 128;
                break;
            case 32:
                algorithmID = AlgorithmID.aes_192_CBC;
                i2 = 192;
                break;
            case SMIMEConstants.AES_256_CBC /* 34 */:
                algorithmID = AlgorithmID.aes_256_CBC;
                i2 = 256;
                break;
            default:
                throw new AXSecurityException("unsupported algorithm: " + i);
        }
        try {
            SMimeEncrypted sMimeEncrypted = new SMimeEncrypted(inputStream, algorithmID, i2);
            int length = certArr.length;
            RecipientInfo[] recipientInfoArr = new RecipientInfo[length];
            for (int i3 = 0; i3 < length; i3++) {
                X509Certificate certificate = certArr[i3].getCertificate();
                if (certificate.getPublicKey() instanceof DSAPrivateKey) {
                    throw new AXSecurityException("Error: DSA certificate is not supported for encryption");
                }
                recipientInfoArr[i3] = new KeyTransRecipientInfo(certificate, AlgorithmID.rsaEncryption);
            }
            sMimeEncrypted.setRecipientInfos(recipientInfoArr);
            sMimeEncrypted.writeTo(outputStream, o00000(inputStream.available()));
        } catch (NoSuchAlgorithmException e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public byte[] encrypt(InputStream inputStream, Cert[] certArr, PK pk, int i) throws AXSecurityException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptToStream(inputStream, certArr, pk, i, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public byte[] decrypt(InputStream inputStream, Identity identity) throws AXSecurityException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        decryptToStream(inputStream, identity, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.tibco.security.smime.PKCS7Util
    public void decryptToStream(InputStream inputStream, Identity identity, OutputStream outputStream) throws AXSecurityException, IOException {
        try {
            SMimeEncrypted sMimeEncrypted = new SMimeEncrypted(inputStream);
            sMimeEncrypted.setupCipher(identity.getEncryptionKey().getPrivateKey(), (X509Certificate) identity.getEncryptionCertificate().getContents());
            InputStream inputStream2 = sMimeEncrypted.getInputStream();
            int o00000 = o00000(inputStream2.available());
            byte[] bArr = new byte[o00000];
            while (true) {
                int read = inputStream2.read(bArr, 0, o00000);
                if (read == -1) {
                    return;
                } else {
                    outputStream.write(bArr, 0, read);
                }
            }
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    int o00000(int i) {
        int i2 = 8096;
        if (i > 3000000 && i <= 5000000) {
            i2 = 16192;
        } else if (i > 5000000 && i <= 25000000) {
            i2 = 65536;
        } else if (i > 25000000) {
            i2 = 256000;
        }
        return i2;
    }

    SMimeSigned o00000(InputStream inputStream, InputStream inputStream2, int i) throws AXSecurityException {
        try {
            int o00000 = o00000(i);
            SMimeSigned sMimeSigned = inputStream != null ? new SMimeSigned(inputStream, new AlgorithmID[]{AlgorithmID.sha1, AlgorithmID.md5}) : new SMimeSigned(inputStream2);
            int mode = sMimeSigned.getMode();
            if ((inputStream != null) ^ (mode == 2)) {
                throw new AXSecurityException("signing mode " + (mode == 2 ? "EXPLICIT" : "IMPLICIT") + " not expected.");
            }
            do {
            } while (sMimeSigned.getInputStream().read(new byte[o00000]) > 0);
            if (mode == 2) {
                sMimeSigned.decode(inputStream2);
            }
            return sMimeSigned;
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }
}
