package com.initech.android.sfilter.plugin.sign;

import com.initech.android.sfilter.core.BasicPluginActionResult;
import com.initech.android.sfilter.core.DynamicParamEntity;
import com.initech.android.sfilter.core.Logger;
import com.initech.android.sfilter.core.PluginRequestFilterResult;
import com.initech.android.sfilter.core.SHTTPClient;
import com.initech.android.sfilter.core.SHTTPClientPlugin;
import com.initech.android.sfilter.core.X509Token;
import com.initech.android.sfilter.plugin.pki.CertificateEntry;
import com.initech.android.sfilter.util.Base64OutputStream;
import com.initech.android.sfilter.util.Base64Util;
import com.initech.android.sfilter.util.PolicyMap;
import com.initech.android.sfilter.util.UltraBase64;
import com.initech.asn1.ASN1Exception;
import com.initech.asn1.BEREncoder;
import com.initech.asn1.DEREncoder;
import com.initech.asn1.useful.AlgorithmID;
import com.initech.asn1.useful.IssuerAndSerialNumber;
import com.initech.cryptox.SecretKeyFactory;
import com.initech.cryptox.spec.SecretKeySpec;
import com.initech.pkcs.pkcs7.ContentInfo;
import com.initech.pkcs.pkcs7.Data;
import com.initech.pkcs.pkcs7.EnvelopedData;
import com.initech.pkcs.pkcs7.PKCS7Exception;
import com.initech.pkcs.pkcs7.PKCS7Facade;
import com.initech.pkcs.pkcs7.Sealer;
import com.initech.pkcs.pkcs7.SignedAndEnvelopedData;
import com.initech.pkcs.pkcs7.SignedData;
import com.initech.pkcs.pkcs7.SigningSigner;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpRequest;
import org.apache.http.ParseException;
import org.apache.http.message.BasicNameValuePair;

/* loaded from: classes.dex */
public final class SignPlugin extends SHTTPClientPlugin {
    private boolean a = false;
    private boolean b = false;

    @Override // com.initech.android.sfilter.core.SHTTPClientPlugin
    public final PluginRequestFilterResult doRequestFilter(boolean z, SHTTPClient sHTTPClient, HttpRequest httpRequest) {
        String str;
        String str2;
        AlgorithmID algorithmID;
        boolean z2;
        String str3;
        boolean z3;
        if (!z) {
            return BasicPluginActionResult.NoneResult;
        }
        PolicyMap policyMap = (PolicyMap) httpRequest.getParams().getParameter("UrlPolicyMap");
        int i = policyMap.getInt("SignatureMode", -1);
        int i2 = policyMap.getInt("SignatureVersionInfo", -1);
        String string = policyMap.getString("SignaturePlainTextEncoding", null);
        String string2 = policyMap.getString("SignatureHashAlgorithm", null);
        byte[] bytes = policyMap.getBytes("SignatureEnvelopedSessionKey");
        byte[] bytes2 = policyMap.getBytes("SignatureEnvelopedIV");
        String string3 = policyMap.getString("IsSignatureContentTypeRemove", "0");
        X509Token x509Token = (X509Token) httpRequest.getParams().getParameter("_shttp_x509token_");
        String str4 = (String) httpRequest.getParams().getParameter("_shttp_plaintext_");
        boolean equals = "1".equals(policyMap.getString("CertHashAlgorithmEnable", "0"));
        try {
            try {
            } catch (Exception e) {
                Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e);
            }
        } catch (ASN1Exception e2) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e2);
        } catch (PKCS7Exception e3) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e3);
        } catch (UnsupportedEncodingException e4) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e4);
        } catch (IOException e5) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e5);
        } catch (NoSuchAlgorithmException e6) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e6);
        } catch (NoSuchProviderException e7) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e7);
        } catch (InvalidKeySpecException e8) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e8);
        } catch (ParseException e9) {
            Logger.debug("[v1.5.7]SignPlugin", "AndroidSHTTPSignPlugin.doRequestFilter", "Unexpected Error", e9);
        }
        if ((i == 3 || i == 4) && (bytes == null || bytes2 == null)) {
            return new BasicPluginActionResult(sHTTPClient.makeErrorResponse(999, "봉인정보를 처리할 키정보가 수신되지 않았습니다"));
        }
        byte[] bytes3 = string != null ? str4.getBytes(string) : str4.getBytes((String) sHTTPClient.getParams().getParameter("RequestCharacterEncoding"));
        if (i == 1) {
            if (CertificateEntry.STORAGE_TYPE_USIM.equalsIgnoreCase(x509Token.getStorageType())) {
                try {
                    str = new String(Base64Util.encode(x509Token.pkcs1Sign(string2, bytes3)));
                } catch (Exception e10) {
                    e10.printStackTrace();
                    str = null;
                }
            } else {
                TokenSigningSigner tokenSigningSigner = new TokenSigningSigner(x509Token);
                if (equals) {
                    str3 = x509Token.getCertificate().getSigAlgName();
                    z3 = false;
                } else {
                    str3 = null;
                    z3 = true;
                }
                if (z3) {
                    str3 = string2 + "with" + x509Token.getPrivateKeyAlgorithm();
                }
                tokenSigningSigner.setSigningKey(str3, (X509Certificate) null);
                tokenSigningSigner.sign(bytes3);
                str = UltraBase64.encodeToString(tokenSigningSigner.getSignerInfo().getEncryptedDigest(), false);
            }
        } else if (i == 2) {
            if (CertificateEntry.STORAGE_TYPE_USIM.equalsIgnoreCase(x509Token.getStorageType())) {
                try {
                    str = new String(Base64Util.encode(x509Token.sign(null, null, bytes3)));
                } catch (Exception e11) {
                    e11.printStackTrace();
                    str = null;
                }
            } else {
                Logger.debug("[v1.5.7]SignPlugin", "pkcs7SignedData", i2 + ", HGPOLICY=" + equals + ", " + x509Token.getCertificate().getSigAlgName());
                SignedData signedData = new SignedData();
                if (equals) {
                    String sigAlgName = x509Token.getCertificate().getSigAlgName();
                    String upperCase = sigAlgName.toUpperCase();
                    if ("KCDSA".equals(x509Token.getPrivateKeyAlgorithm())) {
                        if (upperCase.indexOf("SHA256") != -1) {
                            str2 = "SHA256withKCDSA";
                            algorithmID = AlgorithmID.SHA256;
                            z2 = false;
                        } else {
                            str2 = "HAS160withKCDSA";
                            algorithmID = AlgorithmID.HAS160;
                            z2 = false;
                        }
                    } else if (upperCase.indexOf("SHA256") != -1) {
                        str2 = sigAlgName;
                        algorithmID = AlgorithmID.SHA256;
                        z2 = false;
                    } else if (upperCase.indexOf("SHA384") != -1) {
                        str2 = sigAlgName;
                        algorithmID = AlgorithmID.SHA384;
                        z2 = false;
                    } else if (upperCase.indexOf("SHA512") != -1) {
                        str2 = sigAlgName;
                        algorithmID = AlgorithmID.SHA512;
                        z2 = false;
                    } else {
                        str2 = sigAlgName;
                        algorithmID = null;
                        z2 = true;
                    }
                } else {
                    str2 = null;
                    algorithmID = null;
                    z2 = true;
                }
                if (z2) {
                    if (string2.equals("SHA1")) {
                        algorithmID = AlgorithmID.SHA1;
                    } else if (string2.equals("MD5")) {
                        algorithmID = AlgorithmID.MD5;
                    } else if (string2.equals("HAS160")) {
                        algorithmID = AlgorithmID.HAS160;
                    }
                    str2 = string2 + "with" + x509Token.getPrivateKeyAlgorithm();
                }
                Logger.debug("[v1.5.7]SignPlugin", "doRequest", algorithmID.getAlgName() + " , " + str2);
                signedData.addMessageDigestAlgorithm(algorithmID);
                if (i2 != -1) {
                    signedData.setVersion(i2);
                }
                signedData.setContent(bytes3);
                if (this.a) {
                    Logger.debug("[v1.5.7]SignPlugin", "addCertificate", String.valueOf(x509Token.getCertificate()));
                    signedData.addCertificate(x509Token.getCertificate());
                }
                TokenSigningSigner tokenSigningSigner2 = new TokenSigningSigner(x509Token);
                tokenSigningSigner2.setDigestAlgorithm(algorithmID);
                tokenSigningSigner2.setVerioninfo(i2);
                if (this.a) {
                    Logger.debug("[v1.5.7]SignPlugin", "addCertificate", String.valueOf(x509Token.getCertificate()));
                    tokenSigningSigner2.setSigningKey(x509Token.getPrivateKeyAlgorithm(), x509Token.getCertificate());
                } else {
                    tokenSigningSigner2.setSigningKey(x509Token.getPrivateKeyAlgorithm(), (X509Certificate) null);
                }
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber();
                issuerAndSerialNumber.set(x509Token.getCertificate());
                tokenSigningSigner2.setIssuerAndSerialNumber(issuerAndSerialNumber);
                if (i2 != 0) {
                    tokenSigningSigner2.getSignerInfo().setSigningTime();
                }
                signedData.sign(new SigningSigner[]{tokenSigningSigner2});
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Base64OutputStream base64OutputStream = new Base64OutputStream(byteArrayOutputStream);
                BEREncoder bEREncoder = new BEREncoder(base64OutputStream);
                ContentInfo contentInfo = new ContentInfo();
                contentInfo.setContent(signedData);
                contentInfo.encode(bEREncoder);
                base64OutputStream.flush();
                str = new String(byteArrayOutputStream.toByteArray());
            }
        } else if (i == 3) {
            AlgorithmID algorithmID2 = new AlgorithmID(PKCS7Facade.ASYMMETRIC_KEY_ALGORITHM);
            AlgorithmID algorithmID3 = new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM);
            DEREncoder dEREncoder = new DEREncoder();
            dEREncoder.encodeOctetString(bytes2);
            algorithmID3.setParameter(dEREncoder.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            Base64OutputStream base64OutputStream2 = new Base64OutputStream(byteArrayOutputStream2);
            BEREncoder bEREncoder2 = new BEREncoder(base64OutputStream2);
            Data data = new Data();
            data.setContent(bytes3);
            Sealer sealer = new Sealer();
            sealer.setKeyEncryptionAlgorithm(algorithmID2);
            sealer.setCertificate(x509Token.getCertificate());
            EnvelopedData envelopedData = new EnvelopedData();
            envelopedData.setContent(data);
            SecretKeyFactory.getInstance(algorithmID3.getAlgName(), "Initech").generateSecret(new SecretKeySpec(bytes, algorithmID3.getAlgName()));
            envelopedData.seal(algorithmID3, new Sealer[]{sealer});
            if ("1".equals(string3)) {
                envelopedData.encode(bEREncoder2);
            } else {
                ContentInfo contentInfo2 = new ContentInfo();
                contentInfo2.setContent(envelopedData);
                contentInfo2.encode(bEREncoder2);
            }
            base64OutputStream2.flush();
            str = new String(byteArrayOutputStream2.toByteArray());
        } else if (i == 4) {
            AlgorithmID algorithmID4 = new AlgorithmID(PKCS7Facade.ASYMMETRIC_KEY_ALGORITHM);
            AlgorithmID algorithmID5 = new AlgorithmID(PKCS7Facade.SYMMETRIC_KEY_ALGORITHM);
            DEREncoder dEREncoder2 = new DEREncoder();
            dEREncoder2.encodeOctetString(bytes2);
            algorithmID5.setParameter(dEREncoder2.toByteArray());
            AlgorithmID algorithmID6 = new AlgorithmID("SHA1");
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            Base64OutputStream base64OutputStream3 = new Base64OutputStream(byteArrayOutputStream3);
            BEREncoder bEREncoder3 = new BEREncoder(base64OutputStream3);
            Data data2 = new Data();
            data2.setContent(bytes3);
            TokenSigningSigner tokenSigningSigner3 = new TokenSigningSigner(x509Token);
            tokenSigningSigner3.setSigningKey(x509Token.getPrivateKeyAlgorithm(), x509Token.getCertificate());
            tokenSigningSigner3.getSignerInfo().setSigningTime();
            Sealer sealer2 = new Sealer();
            sealer2.setKeyEncryptionAlgorithm(algorithmID4);
            sealer2.setCertificate(x509Token.getCertificate());
            SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData();
            signedAndEnvelopedData.addMessageDigestAlgorithm(algorithmID6);
            signedAndEnvelopedData.setContent(data2);
            signedAndEnvelopedData.signAndSeal(new SigningSigner[]{tokenSigningSigner3}, SecretKeyFactory.getInstance(algorithmID5.getAlgName(), "Initech").generateSecret(new SecretKeySpec(bytes, algorithmID5.getAlgName())), algorithmID5, new Sealer[]{sealer2}, null);
            if ("1".equals(string3)) {
                signedAndEnvelopedData.encode(bEREncoder3);
            } else {
                ContentInfo contentInfo3 = new ContentInfo();
                contentInfo3.setContent(signedAndEnvelopedData);
                contentInfo3.encode(bEREncoder3);
            }
            base64OutputStream3.flush();
            str = new String(byteArrayOutputStream3.toByteArray());
        } else {
            str = null;
        }
        if (str != null) {
            DynamicParamEntity dynamicParamEntity = (DynamicParamEntity) ((HttpEntityEnclosingRequest) httpRequest).getEntity();
            if (!this.b) {
                str4 = "";
            }
            dynamicParamEntity.addParameter(new BasicNameValuePair("_shttp_client_plaintext_", str4));
            dynamicParamEntity.addParameter(new BasicNameValuePair("_shttp_client_signature_", str));
            Logger.debug("[v1.5.7]SignPlugin", "doRequestFilter.makeSignData", str);
        }
        return BasicPluginActionResult.NoneResult;
    }

    @Override // com.initech.android.sfilter.core.SHTTPClientPlugin
    public final String getPluginName() {
        return "AndroidSFilterSign";
    }

    @Override // com.initech.android.sfilter.core.SHTTPClientPlugin
    public final void init(SHTTPClient sHTTPClient, SHTTPClientPlugin[] sHTTPClientPluginArr) {
    }

    @Override // com.initech.android.sfilter.core.SHTTPClientPlugin
    public final boolean isEnabled() {
        return false;
    }

    public final void setIncludeCertificate(boolean z) {
        this.a = z;
    }

    public final void setIncludePlainText(boolean z) {
        this.b = z;
    }
}
