package com.cfca.util.pki.api;

import com.azt.yxd.tools.TimeUtils;
import com.cfca.util.ini.MACAddressUtil;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.DERNull;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DEROctetString;
import com.cfca.util.pki.asn1.DERSequence;
import com.cfca.util.pki.asn1.DERSet;
import com.cfca.util.pki.asn1.cms.AttributeTable;
import com.cfca.util.pki.asn1.cms.CMSAttributes;
import com.cfca.util.pki.asn1.cms.Time;
import com.cfca.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.DigestInfo;
import com.cfca.util.pki.cert.X509Cert;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.cipher.lib.JSoftLib;
import com.cfca.util.pki.cms.CMSException;
import com.cfca.util.pki.cms.CMSSignedData;
import com.cfca.util.pki.cms.CMSSignedDataParser;
import com.cfca.util.pki.cms.CMSSignedDataStreamGenerator;
import com.cfca.util.pki.cms.CMSTypedStream;
import com.cfca.util.pki.cms.DefaultSignedAttributeTableGenerator;
import com.cfca.util.pki.cms.SignerInformation;
import com.cfca.util.pki.cms.SignerInformationStore;
import com.cfca.util.pki.crl.X509CRL;
import com.cfca.util.pki.encoders.Base64;
import com.cfca.util.pki.pkcs.PKCS7SignedData;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class SignatureUtil {
    static final String CFCA_MAC_ID = "CFCASECLD";
    public static final String MD5 = "MD5";
    public static final String MD5_RSA = "MD5withRSAEncryption";
    public static final String SHA1 = "SHA1";
    public static final String SHA1_RSA = "SHA1withRSAEncryption";
    public static final String SHA256_RSA = "SHA256withRSAEncryption";
    private String signedMAC = null;
    private byte[] signedContent = null;
    private List signerCertsList = null;
    private X509Cert[] sigerX509Cert = null;
    private boolean verifyFileOpt = false;
    private boolean verifyMsgOpt = false;

    public X509Cert[] getSigerCert() throws PKIException {
        if (this.verifyMsgOpt) {
            return this.sigerX509Cert;
        }
        if (!this.verifyFileOpt) {
            throw new PKIException(CertAppKitException.API_NOT_DO_VERIFY_ERR, CertAppKitException.API_NOT_DO_VERIFY_ERR_DES);
        }
        int size = this.signerCertsList.size();
        if (size == 0) {
            return null;
        }
        this.sigerX509Cert = new X509Cert[size];
        for (int i = 0; i < size; i++) {
            try {
                this.sigerX509Cert[i] = new X509Cert(((X509Certificate) this.signerCertsList.get(i)).getEncoded());
            } catch (CertificateEncodingException e) {
                throw new PKIException(CertAppKitException.API_ENCODE_SIGNER_CERT_ERR, "获得签名者证书的X509Certificate编码失败 " + e.getMessage(), e);
            }
        }
        return this.sigerX509Cert;
    }

    public byte[] getSignedContent() throws PKIException {
        if (this.verifyMsgOpt) {
            return this.signedContent;
        }
        throw new PKIException(CertAppKitException.API_NOT_DO_VERIFY_ERR, CertAppKitException.API_NOT_DO_VERIFY_ERR_DES);
    }

    public String getSignedMAC() {
        return this.signedMAC;
    }

    public String getTimeFromTimeStamp(byte[] bArr) throws PKIException {
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new ByteArrayInputStream(Base64.decode(Parser.convertBase64(bArr))));
            Iterator it2 = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
            String str = null;
            while (it2.hasNext()) {
                str = new SimpleDateFormat(TimeUtils.DATE_FORMAT_STRING_YMDHMS).format(Time.getInstance(((SignerInformation) it2.next()).getSignedAttributes().get(CMSAttributes.signingTime).getAttrValues().getObjectAt(0).getDERObject()).getDate());
            }
            cMSSignedDataParser.close();
            return str;
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e.getMessage(), e);
        }
    }

    public byte[] hash(String str, int i, String str2, Session session) throws PKIException {
        if (!str2.equals("MD5") && !str2.equals("SHA1")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR, CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR_DES);
        }
        try {
            return Base64.encode(session.digest(new Mechanism(str2), new FileInputStream(str), i));
        } catch (FileNotFoundException e) {
            throw new PKIException(CertAppKitException.API_DIGEST_FILE_ERR, "对文件做HASH失败 " + e.getMessage(), e);
        }
    }

    public byte[] hash(byte[] bArr, String str, Session session) throws PKIException {
        if (str.equals("MD5") || str.equals("SHA1")) {
            return Base64.encode(session.digest(new Mechanism(str), bArr));
        }
        throw new PKIException(CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR, CertAppKitException.API_UNSUPPORT_DIGEST_TYPE_ERR_DES);
    }

    public byte[] p1SignByHash(byte[] bArr, String str, JKey jKey, Session session) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier;
        if (str.equals("MD5withRSAEncryption")) {
            dERObjectIdentifier = PKCSObjectIdentifiers.md5;
        } else {
            if (!str.equals("SHA1withRSAEncryption")) {
                throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
            }
            dERObjectIdentifier = PKCSObjectIdentifiers.sha1;
        }
        return Base64.encode(session.encrypt(new Mechanism(Mechanism.RSA_PKCS), jKey, Parser.writeDERObj2Bytes(new DigestInfo(new AlgorithmIdentifier(dERObjectIdentifier, new DERNull()), Base64.decode(bArr)))));
    }

    public byte[] p1SignMessage(byte[] bArr, String str, JKey jKey, Session session) throws PKIException {
        if (str.equals("MD5withRSAEncryption") || str.equals("SHA1withRSAEncryption")) {
            return Base64.encode(session.sign(new Mechanism(str), jKey, bArr));
        }
        throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
    }

    public boolean p1VerifySignByHash(byte[] bArr, byte[] bArr2, String str, X509Cert x509Cert, Session session) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier;
        if (str.equals("MD5withRSAEncryption")) {
            dERObjectIdentifier = PKCSObjectIdentifiers.md5;
        } else {
            if (!str.equals("SHA1withRSAEncryption")) {
                throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
            }
            dERObjectIdentifier = PKCSObjectIdentifiers.sha1;
        }
        byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(new DigestInfo(new AlgorithmIdentifier(dERObjectIdentifier, new DERNull()), Base64.decode(bArr)));
        byte[] decrypt = session.decrypt(new Mechanism(Mechanism.RSA_PKCS), x509Cert.getPublicKey(), Base64.decode(bArr2));
        this.verifyMsgOpt = true;
        return Arrays.equals(decrypt, writeDERObj2Bytes);
    }

    public boolean p1VerifySignMessage(byte[] bArr, byte[] bArr2, String str, X509Cert x509Cert, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        boolean verifySign = session.verifySign(new Mechanism(str), x509Cert.getPublicKey(), bArr, Base64.decode(bArr2));
        this.verifyMsgOpt = true;
        return verifySign;
    }

    public byte[] p7ReSignByHash(byte[] bArr, byte[] bArr2, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.reSignSignedDataByHash(Base64.decode(bArr), str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, null)));
    }

    public void p7ReSignFile(String str, String str2, int i, String str3, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str3.equals("MD5withRSAEncryption") && !str3.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new BufferedInputStream(new FileInputStream(str), i));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            cMSSignedDataParser.getSignedContent().drain(byteArrayOutputStream);
            CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
            SignerInformationStore signerInfos = cMSSignedDataParser.getSignerInfos();
            Collection<? extends Certificate> certificates = certificatesAndCRLs.getCertificates(null);
            PKCSObjectIdentifiers.sha1.getId();
            String id = str3.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId();
            FileOutputStream fileOutputStream = new FileOutputStream(str2);
            CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, id);
            cMSSignedDataStreamGenerator.addSigners(signerInfos);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            arrayList.addAll(certificates);
            cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(fileOutputStream, true), i);
            byteArrayOutputStream.writeTo(bufferedOutputStream);
            bufferedOutputStream.close();
            byteArrayOutputStream.close();
            cMSSignedDataParser.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
        }
    }

    public void p7ReSignFileDetached(String str, String str2, String str3, int i, String str4, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str4.equals("MD5withRSAEncryption") && !str4.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str2), i);
            CMSSignedData cMSSignedData = new CMSSignedData(bufferedInputStream);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
            SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
            Collection<? extends Certificate> certificates = certificatesAndCRLs.getCertificates(null);
            PKCSObjectIdentifiers.sha1.getId();
            String id = str4.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId();
            FileOutputStream fileOutputStream = new FileOutputStream(str3);
            CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, id);
            cMSSignedDataStreamGenerator.addSigners(signerInfos);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            arrayList.addAll(certificates);
            cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(fileOutputStream), i);
            FileInputStream fileInputStream = new FileInputStream(str);
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream, i);
            int available = fileInputStream.available();
            byte[] bArr = new byte[i];
            int i2 = 0;
            while (true) {
                if (i2 >= available) {
                    break;
                }
                int read = bufferedInputStream2.read(bArr);
                if (read != -1) {
                    bufferedOutputStream.write(bArr, 0, read);
                    i2 += read;
                } else if (available != i2) {
                    throw new Exception("读取数据错误");
                }
            }
            bufferedInputStream2.close();
            bufferedOutputStream.close();
            bufferedInputStream.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
        }
    }

    public byte[] p7ReSignFileDetachedOutMsg(String str, byte[] bArr, int i, String str2, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str2.equals("MD5withRSAEncryption") && !str2.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(Base64.decode(bArr)), i);
            CMSSignedData cMSSignedData = new CMSSignedData(bufferedInputStream);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
            SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
            Collection<? extends Certificate> certificates = certificatesAndCRLs.getCertificates(null);
            PKCSObjectIdentifiers.sha1.getId();
            String id = str2.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, id);
            cMSSignedDataStreamGenerator.addSigners(signerInfos);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            arrayList.addAll(certificates);
            cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(byteArrayOutputStream), i);
            FileInputStream fileInputStream = new FileInputStream(str);
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream, i);
            int available = fileInputStream.available();
            byte[] bArr2 = new byte[i];
            int i2 = 0;
            while (true) {
                if (i2 >= available) {
                    break;
                }
                int read = bufferedInputStream2.read(bArr2);
                if (read != -1) {
                    bufferedOutputStream.write(bArr2, 0, read);
                    i2 += read;
                } else if (available != i2) {
                    throw new Exception("读取数据错误");
                }
            }
            bufferedInputStream2.close();
            bufferedOutputStream.close();
            bufferedInputStream.close();
            byteArrayOutputStream.close();
            return Base64.encode(byteArrayOutputStream.toByteArray());
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
        }
    }

    public byte[] p7ReSignMessage(byte[] bArr, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.reSignSignedData(str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, null)));
    }

    public byte[] p7ReSignMessageDetached(byte[] bArr, byte[] bArr2, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.reSignSignedData(bArr, str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, null)));
    }

    public byte[] p7SignByHash(byte[] bArr, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.generateSignedDataByHash(PKCS7SignedData.DATA, Base64.decode(bArr), str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, null)));
    }

    public void p7SignFile(boolean z, String str, String str2, int i, String str3, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str3.equals("MD5withRSAEncryption") && !str3.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
        PKCSObjectIdentifiers.sha1.getId();
        try {
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, str3.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId());
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            try {
                try {
                    cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(new File(str2));
                        try {
                            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(fileOutputStream, z), i);
                            FileInputStream fileInputStream = new FileInputStream(str);
                            BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream, i);
                            int available = fileInputStream.available();
                            byte[] bArr = new byte[i];
                            int i2 = 0;
                            while (true) {
                                if (i2 >= available) {
                                    break;
                                }
                                int read = bufferedInputStream.read(bArr);
                                if (read != -1) {
                                    bufferedOutputStream.write(bArr, 0, read);
                                    i2 += read;
                                } else if (available != i2) {
                                    throw new Exception("读取原文数据错误");
                                }
                            }
                            bufferedInputStream.close();
                            bufferedOutputStream.close();
                            fileOutputStream.close();
                        } catch (Exception e) {
                            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
                        }
                    } catch (FileNotFoundException e2) {
                        throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e2.getMessage(), e2);
                    }
                } catch (CMSException e3) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e3.getMessage(), e3);
                } catch (CertStoreException e4) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e4.getMessage(), e4);
                }
            } catch (InvalidAlgorithmParameterException e5) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e5.getMessage(), e5);
            } catch (NoSuchAlgorithmException e6) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e6.getMessage(), e6);
            } catch (NoSuchProviderException e7) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e7.getMessage(), e7);
            }
        } catch (InvalidKeyException e8) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e8.getMessage(), e8);
        } catch (NoSuchAlgorithmException e9) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e9.getMessage(), e9);
        } catch (NoSuchProviderException e10) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e10.getMessage(), e10);
        }
    }

    public byte[] p7SignFileDetachedOutMsg(String str, int i, String str2, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str2.equals("MD5withRSAEncryption") && !str2.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
        PKCSObjectIdentifiers.sha1.getId();
        try {
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, str2.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId());
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            try {
                try {
                    cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(byteArrayOutputStream, false), i);
                        FileInputStream fileInputStream = new FileInputStream(str);
                        BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream, i);
                        int available = fileInputStream.available();
                        byte[] bArr = new byte[i];
                        int i2 = 0;
                        while (true) {
                            if (i2 >= available) {
                                break;
                            }
                            int read = bufferedInputStream.read(bArr);
                            if (read != -1) {
                                bufferedOutputStream.write(bArr, 0, read);
                                i2 += read;
                            } else if (available != i2) {
                                throw new Exception("读取原文数据错误");
                            }
                        }
                        bufferedInputStream.close();
                        bufferedOutputStream.close();
                        byteArrayOutputStream.close();
                        return Base64.encode(byteArrayOutputStream.toByteArray());
                    } catch (Exception e) {
                        throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
                    }
                } catch (CMSException e2) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e2.getMessage(), e2);
                } catch (CertStoreException e3) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e3.getMessage(), e3);
                }
            } catch (InvalidAlgorithmParameterException e4) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e4.getMessage(), e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e5.getMessage(), e5);
            } catch (NoSuchProviderException e6) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e6.getMessage(), e6);
            }
        } catch (InvalidKeyException e7) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e7.getMessage(), e7);
        } catch (NoSuchAlgorithmException e8) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e8.getMessage(), e8);
        } catch (NoSuchProviderException e9) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e9.getMessage(), e9);
        }
    }

    public byte[] p7SignFileDetachedOutMsgWithMAC(String str, int i, String str2, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str2.equals("MD5withRSAEncryption") && !str2.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
        PKCSObjectIdentifiers.sha1.getId();
        String id = str2.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId();
        try {
            DERObjectIdentifier dERObjectIdentifier = PKCSObjectIdentifiers.id_ct_MACAddress;
            DERSet dERSet = new DERSet(new DEROctetString((CFCA_MAC_ID + MACAddressUtil.getMacAddress()).getBytes()));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(dERObjectIdentifier);
            aSN1EncodableVector.add(dERSet);
            DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(dERSequence);
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, id, new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector2)), null);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            try {
                try {
                    cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(byteArrayOutputStream, false), i);
                        FileInputStream fileInputStream = new FileInputStream(str);
                        BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream, i);
                        int available = fileInputStream.available();
                        byte[] bArr = new byte[i];
                        int i2 = 0;
                        while (true) {
                            if (i2 >= available) {
                                break;
                            }
                            int read = bufferedInputStream.read(bArr);
                            if (read != -1) {
                                bufferedOutputStream.write(bArr, 0, read);
                                i2 += read;
                            } else if (available != i2) {
                                throw new Exception("读取原文数据错误");
                            }
                        }
                        bufferedInputStream.close();
                        bufferedOutputStream.close();
                        byteArrayOutputStream.close();
                        return Base64.encode(byteArrayOutputStream.toByteArray());
                    } catch (Exception e) {
                        throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
                    }
                } catch (CMSException e2) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e2.getMessage(), e2);
                } catch (CertStoreException e3) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e3.getMessage(), e3);
                }
            } catch (InvalidAlgorithmParameterException e4) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e4.getMessage(), e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e5.getMessage(), e5);
            } catch (NoSuchProviderException e6) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e6.getMessage(), e6);
            }
        } catch (IOException e7) {
            throw new PKIException(PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR, PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR_DES, e7);
        } catch (InvalidKeyException e8) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e8.getMessage(), e8);
        } catch (NoSuchAlgorithmException e9) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e9.getMessage(), e9);
        } catch (NoSuchProviderException e10) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e10.getMessage(), e10);
        }
    }

    public void p7SignFileWithMAC(boolean z, String str, String str2, int i, String str3, JKey jKey, X509Cert x509Cert, Session session) throws PKIException {
        if (!str3.equals("MD5withRSAEncryption") && !str3.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator(session);
        PKCSObjectIdentifiers.sha1.getId();
        String id = str3.equals("MD5withRSAEncryption") ? PKCSObjectIdentifiers.md5.getId() : PKCSObjectIdentifiers.sha1.getId();
        try {
            DERObjectIdentifier dERObjectIdentifier = PKCSObjectIdentifiers.id_ct_MACAddress;
            DERSet dERSet = new DERSet(new DEROctetString((CFCA_MAC_ID + MACAddressUtil.getMacAddress()).getBytes()));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(dERObjectIdentifier);
            aSN1EncodableVector.add(dERSet);
            DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(dERSequence);
            cMSSignedDataStreamGenerator.addSigner(jKey, x509Cert, id, new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector2)), null);
            ArrayList arrayList = new ArrayList();
            arrayList.add(Parser.convertX509Cert(x509Cert));
            try {
                try {
                    cMSSignedDataStreamGenerator.addCertificatesAndCRLs(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), JSoftLib.PROVIDER));
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(new File(str2));
                        try {
                            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(cMSSignedDataStreamGenerator.open(fileOutputStream, z), i);
                            FileInputStream fileInputStream = new FileInputStream(str);
                            BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream, i);
                            int available = fileInputStream.available();
                            byte[] bArr = new byte[i];
                            int i2 = 0;
                            while (true) {
                                if (i2 >= available) {
                                    break;
                                }
                                int read = bufferedInputStream.read(bArr);
                                if (read != -1) {
                                    bufferedOutputStream.write(bArr, 0, read);
                                    i2 += read;
                                } else if (available != i2) {
                                    throw new Exception("读取原文数据错误");
                                }
                            }
                            bufferedInputStream.close();
                            bufferedOutputStream.close();
                            fileOutputStream.close();
                        } catch (Exception e) {
                            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e.getMessage(), e);
                        }
                    } catch (FileNotFoundException e2) {
                        throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e2.getMessage(), e2);
                    }
                } catch (CMSException e3) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e3.getMessage(), e3);
                } catch (CertStoreException e4) {
                    throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e4.getMessage(), e4);
                }
            } catch (InvalidAlgorithmParameterException e5) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e5.getMessage(), e5);
            } catch (NoSuchAlgorithmException e6) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e6.getMessage(), e6);
            } catch (NoSuchProviderException e7) {
                throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e7.getMessage(), e7);
            }
        } catch (IOException e8) {
            throw new PKIException(PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR, PKIException.PARSE_P7_GENERATESIGNEDDATA_ERR_DES, e8);
        } catch (InvalidKeyException e9) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e9.getMessage(), e9);
        } catch (NoSuchAlgorithmException e10) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e10.getMessage(), e10);
        } catch (NoSuchProviderException e11) {
            throw new PKIException(CertAppKitException.API_GEN_FILE_SIGN_ERR, "产生文件签名失败 " + e11.getMessage(), e11);
        }
    }

    public byte[] p7SignMessage(boolean z, byte[] bArr, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.generateSignedData(z, PKCS7SignedData.DATA, bArr, str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, (X509CRL[]) null)));
    }

    public byte[] p7SignMessageWithMAC(boolean z, byte[] bArr, String str, JKey jKey, X509Cert[] x509CertArr, Session session) throws PKIException {
        if (!str.equals("MD5withRSAEncryption") && !str.equals("SHA1withRSAEncryption")) {
            throw new PKIException(CertAppKitException.API_UNSUPPORT_SIGN_ALG_ERR, "不支持的签名算法");
        }
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        return Base64.encode(pKCS7SignedData.generateSignedDataContent(pKCS7SignedData.generateSignedDataWithMAC(z, PKCS7SignedData.DATA, bArr, str.equals("MD5withRSAEncryption") ? new Mechanism("MD5") : new Mechanism("SHA1"), jKey, x509CertArr, null)));
    }

    public boolean p7VerifySignByHash(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        boolean verifyP7SignedDataByHash = pKCS7SignedData.verifyP7SignedDataByHash(Base64.decode(bArr));
        this.verifyMsgOpt = true;
        this.sigerX509Cert = pKCS7SignedData.getSignerCerts();
        return verifyP7SignedDataByHash;
    }

    public boolean p7VerifySignFile(String str, String str2, int i, Session session) throws PKIException {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str2), i);
            boolean z = false;
            try {
                CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(bufferedInputStream);
                cMSSignedDataParser.getSignedContent().drain(str);
                CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
                Iterator it2 = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    SignerInformation signerInformation = (SignerInformation) it2.next();
                    boolean verify = signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), JSoftLib.PROVIDER);
                    if (!verify) {
                        z = verify;
                        break;
                    }
                    this.signedMAC = signerInformation.getSignedMAC();
                    z = verify;
                }
                Iterator<? extends Certificate> it3 = certificatesAndCRLs.getCertificates(null).iterator();
                this.signerCertsList = new ArrayList();
                while (it3.hasNext()) {
                    this.signerCertsList.add(it3.next());
                }
                cMSSignedDataParser.close();
                this.verifyFileOpt = true;
                return z;
            } catch (Exception e) {
                throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e.getMessage(), e);
            }
        } catch (FileNotFoundException e2) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e2.getMessage(), e2);
        }
    }

    public boolean p7VerifySignFileDetached(String str, String str2, int i, Session session) throws PKIException {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str2), i);
            try {
                CMSTypedStream cMSTypedStream = new CMSTypedStream(PKCSObjectIdentifiers.data.getId(), new FileInputStream(str), i);
                boolean z = false;
                try {
                    CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(cMSTypedStream, bufferedInputStream);
                    cMSSignedDataParser.getSignedContent().drain();
                    CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
                    Iterator it2 = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        SignerInformation signerInformation = (SignerInformation) it2.next();
                        boolean verify = signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), JSoftLib.PROVIDER);
                        if (!verify) {
                            z = verify;
                            break;
                        }
                        this.signedMAC = signerInformation.getSignedMAC();
                        z = verify;
                    }
                    Iterator<? extends Certificate> it3 = certificatesAndCRLs.getCertificates(null).iterator();
                    this.signerCertsList = new ArrayList();
                    while (it3.hasNext()) {
                        this.signerCertsList.add(it3.next());
                    }
                    cMSSignedDataParser.close();
                    this.verifyFileOpt = true;
                    return z;
                } catch (Exception e) {
                    throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e.getMessage(), e);
                }
            } catch (FileNotFoundException e2) {
                throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e2.getMessage(), e2);
            }
        } catch (FileNotFoundException e3) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e3.getMessage(), e3);
        }
    }

    public boolean p7VerifySignFileDetachedOutMsg(String str, byte[] bArr, int i, Session session) throws PKIException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(Base64.decode(bArr)), i);
        try {
            CMSTypedStream cMSTypedStream = new CMSTypedStream(PKCSObjectIdentifiers.data.getId(), new FileInputStream(str), i);
            boolean z = false;
            try {
                CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(cMSTypedStream, bufferedInputStream);
                cMSSignedDataParser.getSignedContent().drain();
                CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
                Iterator it2 = cMSSignedDataParser.getSignerInfos().getSigners().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    SignerInformation signerInformation = (SignerInformation) it2.next();
                    boolean verify = signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), JSoftLib.PROVIDER);
                    if (!verify) {
                        z = verify;
                        break;
                    }
                    this.signedMAC = signerInformation.getSignedMAC();
                    z = verify;
                }
                Iterator<? extends Certificate> it3 = certificatesAndCRLs.getCertificates(null).iterator();
                this.signerCertsList = new ArrayList();
                while (it3.hasNext()) {
                    this.signerCertsList.add(it3.next());
                }
                cMSSignedDataParser.close();
                this.verifyFileOpt = true;
                return z;
            } catch (Exception e) {
                throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e.getMessage(), e);
            }
        } catch (FileNotFoundException e2) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e2.getMessage(), e2);
        }
    }

    public boolean p7VerifySignMessage(byte[] bArr, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr);
        boolean verifyP7SignedData = pKCS7SignedData.verifyP7SignedData();
        this.signedMAC = pKCS7SignedData.getSignedMAC();
        this.verifyMsgOpt = true;
        this.signedContent = pKCS7SignedData.getContent();
        this.sigerX509Cert = pKCS7SignedData.getSignerCerts();
        return verifyP7SignedData;
    }

    public boolean p7VerifySignMessageDetached(byte[] bArr, byte[] bArr2, Session session) throws PKIException {
        PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(session);
        pKCS7SignedData.loadBase64(bArr2);
        boolean verifyP7SignedData = pKCS7SignedData.verifyP7SignedData(bArr);
        this.signedMAC = pKCS7SignedData.getSignedMAC();
        this.verifyMsgOpt = true;
        this.sigerX509Cert = pKCS7SignedData.getSignerCerts();
        return verifyP7SignedData;
    }

    public boolean verifyTimeStamp(byte[] bArr, Session session) throws PKIException {
        try {
            CMSSignedDataParser cMSSignedDataParser = new CMSSignedDataParser(new ByteArrayInputStream(Base64.decode(Parser.convertBase64(bArr))));
            cMSSignedDataParser.getSignedContent().drain();
            CertStore certificatesAndCRLs = cMSSignedDataParser.getCertificatesAndCRLs("Collection", JSoftLib.PROVIDER);
            boolean z = false;
            for (SignerInformation signerInformation : cMSSignedDataParser.getSignerInfos().getSigners()) {
                z = signerInformation.verify((X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next(), JSoftLib.PROVIDER);
                if (!z) {
                    break;
                }
            }
            Iterator<? extends Certificate> it2 = certificatesAndCRLs.getCertificates(null).iterator();
            this.signerCertsList = new ArrayList();
            while (it2.hasNext()) {
                this.signerCertsList.add(it2.next());
            }
            cMSSignedDataParser.close();
            this.verifyFileOpt = true;
            return z;
        } catch (Exception e) {
            throw new PKIException(CertAppKitException.API_PARSE_FILE_SIGNATRUE_ERR, "解析文件签名失败 " + e.getMessage(), e);
        }
    }
}
