package esign.utils.sign.impl;

import esign.util.constant.ErrorConstant;
import esign.util.constant.SystemConstant;
import esign.utils.Base64;
import esign.utils.security.SoftKeyTool;
import esign.utils.sign.ISign;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import net.sf.json.JSONObject;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:esign/utils/sign/impl/Sign.class */
public class Sign implements ISign {
    private static final Logger LOGGER = LoggerFactory.getLogger(Sign.class);
    private static String iv = "1111111111111111";

    @Override // esign.utils.sign.ISign
    public JSONObject pkcs7SignData(Date date, String str, String str2, String str3) {
        String str4 = null;
        int i = 0;
        JSONObject jSONObject = new JSONObject();
        try {
            byte[] pkcs7Signature = getPkcs7Signature(Base64.decode(str3), decryptData(new SimpleDateFormat("yyyyMMdd00000000").format(date).getBytes(), Base64.decode(str)), Base64.decode(str2));
            if (pkcs7Signature != null) {
                jSONObject.put("signData", Base64.encode(pkcs7Signature));
            } else {
                i = 10000;
                str4 = "获取pkcs7的签名失败";
            }
        } catch (Exception e) {
            LOGGER.error("pkcs7SignData failed.", e);
            i = 10000;
            str4 = e.getMessage();
        }
        jSONObject.put(ErrorConstant.PARAM_ERRCODE, Integer.valueOf(i));
        jSONObject.put(ErrorConstant.PARAM_ERRMSG, null == str4 ? ErrorConstant.getErrMsg(i) : str4);
        return jSONObject;
    }

    private byte[] decryptData(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = null;
        if (SystemConstant.SYSTEM_SIGN_TYPE != SystemConstant.Signature_TYPE.FishermanJCE) {
            bArr3 = new SoftKeyTool().SymDecrypt(SystemConstant.SYSTEM_SYM_DECRYPT_ALGORITHM, bArr, bArr2, iv.getBytes());
        }
        return bArr3;
    }

    private byte[] getPkcs7Signature(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr3);
            Certificate certificate = null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                certificate = certificateFactory.generateCertificate(byteArrayInputStream);
            }
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr2));
            Security.addProvider(new BouncyCastleProvider());
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC").setDirectSignature(true).build(SystemConstant.SERVER_SIGN_ALG, generatePrivate, (X509Certificate) certificate));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getContentInfo().getEncoded("DER");
        } catch (Exception e) {
            LOGGER.error("getPkcs7Signature failed.", e.getMessage());
            return null;
        }
    }
}
