package ext.org.bouncycastle.cms;

import ext.org.bouncycastle.asn1.ASN1EncodableVector;
import ext.org.bouncycastle.asn1.ASN1InputStream;
import ext.org.bouncycastle.asn1.ASN1Null;
import ext.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import ext.org.bouncycastle.asn1.ASN1OctetString;
import ext.org.bouncycastle.asn1.ASN1Sequence;
import ext.org.bouncycastle.asn1.ASN1Set;
import ext.org.bouncycastle.asn1.DEREncodable;
import ext.org.bouncycastle.asn1.DERObject;
import ext.org.bouncycastle.asn1.DERObjectIdentifier;
import ext.org.bouncycastle.asn1.DERSet;
import ext.org.bouncycastle.asn1.cms.Attribute;
import ext.org.bouncycastle.asn1.cms.AttributeTable;
import ext.org.bouncycastle.asn1.cms.CMSAttributes;
import ext.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import ext.org.bouncycastle.asn1.cms.SignerIdentifier;
import ext.org.bouncycastle.asn1.cms.SignerInfo;
import ext.org.bouncycastle.asn1.cms.Time;
import ext.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import ext.org.bouncycastle.asn1.x509.DigestInfo;
import ext.org.bouncycastle.operator.ContentVerifier;
import ext.org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import ext.org.bouncycastle.operator.DigestCalculator;
import ext.org.bouncycastle.operator.OperatorCreationException;
import ext.org.bouncycastle.operator.RawContentVerifier;
import ext.org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder;
import ext.org.bouncycastle.util.Arrays;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.Cipher;

/* loaded from: classes.dex */
public class SignerInformation {

    /* renamed from: a, reason: collision with root package name */
    private SignerId f675a;
    private SignerInfo b;
    private AlgorithmIdentifier c;
    private AlgorithmIdentifier d;
    private final ASN1Set e;
    private final ASN1Set f;
    private CMSProcessable g;
    private byte[] h;
    private ASN1ObjectIdentifier i;
    private k j;
    private byte[] k;
    private SignatureAlgorithmIdentifierFinder l;
    private AttributeTable m;
    private AttributeTable n;
    private boolean o;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInformation(SignerInfo signerInfo, ASN1ObjectIdentifier aSN1ObjectIdentifier, CMSProcessable cMSProcessable, k kVar, SignatureAlgorithmIdentifierFinder signatureAlgorithmIdentifierFinder) {
        this.b = signerInfo;
        this.i = aSN1ObjectIdentifier;
        this.l = signatureAlgorithmIdentifierFinder;
        this.o = aSN1ObjectIdentifier == null;
        SignerIdentifier sid = signerInfo.getSID();
        if (sid.isTagged()) {
            this.f675a = new SignerId(ASN1OctetString.getInstance(sid.getId()).getOctets());
        } else {
            IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(sid.getId());
            this.f675a = new SignerId(issuerAndSerialNumber.getName(), issuerAndSerialNumber.getSerialNumber().getValue());
        }
        this.c = signerInfo.getDigestAlgorithm();
        this.e = signerInfo.getAuthenticatedAttributes();
        this.f = signerInfo.getUnauthenticatedAttributes();
        this.d = signerInfo.getDigestEncryptionAlgorithm();
        this.h = signerInfo.getEncryptedDigest().getOctets();
        this.g = cMSProcessable;
        this.j = kVar;
    }

    private DERObject a(DERObjectIdentifier dERObjectIdentifier, String str) {
        AttributeTable unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes != null && unsignedAttributes.getAll(dERObjectIdentifier).size() > 0) {
            throw new CMSException("The " + str + " attribute MUST NOT be an unsigned attribute");
        }
        AttributeTable signedAttributes = getSignedAttributes();
        if (signedAttributes == null) {
            return null;
        }
        ASN1EncodableVector all = signedAttributes.getAll(dERObjectIdentifier);
        switch (all.size()) {
            case 0:
                return null;
            case 1:
                ASN1Set attrValues = ((Attribute) all.get(0)).getAttrValues();
                if (attrValues.size() != 1) {
                    throw new CMSException("A " + str + " attribute MUST have a single attribute value");
                }
                return attrValues.getObjectAt(0).getDERObject();
            default:
                throw new CMSException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + str + " attribute");
        }
    }

    private Time a() {
        DERObject a2 = a(CMSAttributes.signingTime, "signing-time");
        if (a2 == null) {
            return null;
        }
        try {
            return Time.getInstance(a2);
        } catch (IllegalArgumentException e) {
            throw new CMSException("signing-time attribute value not a valid 'Time' structure");
        }
    }

    private boolean a(SignerInformationVerifier signerInformationVerifier) {
        g gVar = g.f689a;
        String a2 = g.a(getDigestAlgOID());
        g gVar2 = g.f689a;
        String b = g.b(getEncryptionAlgOID());
        String str = a2 + "with" + b;
        try {
            if (this.j != null) {
                this.k = this.j.a();
            } else {
                DigestCalculator digestCalculator = signerInformationVerifier.getDigestCalculator(getDigestAlgorithmID());
                if (this.g != null) {
                    OutputStream outputStream = digestCalculator.getOutputStream();
                    this.g.write(outputStream);
                    outputStream.close();
                } else if (this.e == null) {
                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
                }
                this.k = digestCalculator.getDigest();
            }
            DERObject a3 = a(CMSAttributes.contentType, "content-type");
            if (a3 == null) {
                if (!this.o && this.e != null) {
                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a3 instanceof DERObjectIdentifier)) {
                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((DERObjectIdentifier) a3).equals(this.i)) {
                    throw new CMSException("content-type attribute value does not match eContentType");
                }
            }
            DERObject a4 = a(CMSAttributes.messageDigest, "message-digest");
            if (a4 == null) {
                if (this.e != null) {
                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a4 instanceof ASN1OctetString)) {
                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!Arrays.constantTimeAreEqual(this.k, ((ASN1OctetString) a4).getOctets())) {
                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
                }
            }
            AttributeTable signedAttributes = getSignedAttributes();
            if (signedAttributes != null && signedAttributes.getAll(CMSAttributes.counterSignature).size() > 0) {
                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
            }
            AttributeTable unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                ASN1EncodableVector all = unsignedAttributes.getAll(CMSAttributes.counterSignature);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < all.size()) {
                        if (((Attribute) all.get(i2)).getAttrValues().size() <= 0) {
                            throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                ContentVerifier contentVerifier = signerInformationVerifier.getContentVerifier(this.l.find(str));
                OutputStream outputStream2 = contentVerifier.getOutputStream();
                if (this.e != null) {
                    outputStream2.write(getEncodedSignedAttributes());
                } else {
                    if (this.j != null) {
                        if (!(contentVerifier instanceof RawContentVerifier)) {
                            throw new CMSException("verifier unable to process raw signature");
                        }
                        RawContentVerifier rawContentVerifier = (RawContentVerifier) contentVerifier;
                        return b.equals("RSA") ? rawContentVerifier.verify(new DigestInfo(this.c, this.k).getDEREncoded(), getSignature()) : rawContentVerifier.verify(this.k, getSignature());
                    }
                    if (this.g != null) {
                        this.g.write(outputStream2);
                    }
                }
                outputStream2.close();
                return contentVerifier.verify(getSignature());
            } catch (OperatorCreationException e) {
                throw new CMSException("can't create content verifier: " + e.getMessage(), e);
            } catch (IOException e2) {
                throw new CMSException("can't process mime object to create signature.", e2);
            }
        } catch (OperatorCreationException e3) {
            throw new CMSException("can't create digest calculator: " + e3.getMessage(), e3);
        } catch (IOException e4) {
            throw new CMSException("can't process mime object to create signature.", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new CMSException("can't find algorithm: " + e5.getMessage(), e5);
        }
    }

    private boolean a(PublicKey publicKey, Provider provider) {
        g gVar = g.f689a;
        String a2 = g.a(getDigestAlgOID());
        g gVar2 = g.f689a;
        String str = a2 + "with" + g.b(getEncryptionAlgOID());
        g gVar3 = g.f689a;
        Signature b = g.b(str, provider);
        MessageDigest a3 = g.f689a.a(a2, provider);
        try {
            if (this.j != null) {
                this.k = this.j.a();
            } else {
                if (this.g != null) {
                    this.g.write(new j(a3));
                } else if (this.e == null) {
                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
                }
                this.k = a3.digest();
            }
            DERObject a4 = a(CMSAttributes.contentType, "content-type");
            if (a4 == null) {
                if (!this.o && this.e != null) {
                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a4 instanceof DERObjectIdentifier)) {
                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((DERObjectIdentifier) a4).equals(this.i)) {
                    throw new CMSException("content-type attribute value does not match eContentType");
                }
            }
            DERObject a5 = a(CMSAttributes.messageDigest, "message-digest");
            if (a5 == null) {
                if (this.e != null) {
                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a5 instanceof ASN1OctetString)) {
                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!Arrays.constantTimeAreEqual(this.k, ((ASN1OctetString) a5).getOctets())) {
                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
                }
            }
            AttributeTable signedAttributes = getSignedAttributes();
            if (signedAttributes != null && signedAttributes.getAll(CMSAttributes.counterSignature).size() > 0) {
                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
            }
            AttributeTable unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                ASN1EncodableVector all = unsignedAttributes.getAll(CMSAttributes.counterSignature);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < all.size()) {
                        if (((Attribute) all.get(i2)).getAttrValues().size() <= 0) {
                            throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                b.initVerify(publicKey);
                if (this.e != null) {
                    b.update(getEncodedSignedAttributes());
                } else {
                    if (this.j != null) {
                        return a(this.k, publicKey, getSignature(), provider);
                    }
                    if (this.g != null) {
                        this.g.write(new t(b));
                    }
                }
                return b.verify(getSignature());
            } catch (IOException e) {
                throw new CMSException("can't process mime object to create signature.", e);
            } catch (InvalidKeyException e2) {
                throw new CMSException("key not appropriate to signature in message.", e2);
            } catch (SignatureException e3) {
                throw new CMSException("invalid signature format in message: " + e3.getMessage(), e3);
            }
        } catch (IOException e4) {
            throw new CMSException("can't process mime object to create signature.", e4);
        }
    }

    private boolean a(byte[] bArr, PublicKey publicKey, byte[] bArr2, Provider provider) {
        g gVar = g.f689a;
        String b = g.b(getEncryptionAlgOID());
        try {
            if (!b.equals("RSA")) {
                if (!b.equals("DSA")) {
                    throw new CMSException("algorithm: " + b + " not supported in base signatures.");
                }
                g gVar2 = g.f689a;
                Signature b2 = g.b("NONEwithDSA", provider);
                b2.initVerify(publicKey);
                b2.update(bArr);
                return b2.verify(bArr2);
            }
            Cipher a2 = c.f681a.a("RSA/ECB/PKCS1Padding", provider);
            a2.init(2, publicKey);
            byte[] doFinal = a2.doFinal(bArr2);
            if (doFinal[0] != 48) {
                throw new IOException("not a digest info object");
            }
            DigestInfo digestInfo = new DigestInfo((ASN1Sequence) new ASN1InputStream(doFinal).readObject());
            if (digestInfo.getEncoded().length != doFinal.length) {
                throw new CMSException("malformed RSA signature");
            }
            if (!digestInfo.getAlgorithmId().getObjectId().equals(this.c.getObjectId())) {
                return false;
            }
            DEREncodable parameters = digestInfo.getAlgorithmId().getParameters();
            if ((parameters instanceof ASN1Null) || parameters == null) {
                return Arrays.constantTimeAreEqual(bArr, digestInfo.getDigest());
            }
            return false;
        } catch (IOException e) {
            throw new CMSException("Exception decoding signature: " + e, e);
        } catch (GeneralSecurityException e2) {
            throw new CMSException("Exception processing signature: " + e2, e2);
        }
    }

    private static byte[] a(DEREncodable dEREncodable) {
        if (dEREncodable != null) {
            return dEREncodable.getDERObject().getEncoded();
        }
        return null;
    }

    public static SignerInformation addCounterSigners(SignerInformation signerInformation, SignerInformationStore signerInformationStore) {
        SignerInfo signerInfo = signerInformation.b;
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        ASN1EncodableVector aSN1EncodableVector = unsignedAttributes != null ? unsignedAttributes.toASN1EncodableVector() : new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        Iterator it = signerInformationStore.getSigners().iterator();
        while (it.hasNext()) {
            aSN1EncodableVector2.add(((SignerInformation) it.next()).toSignerInfo());
        }
        aSN1EncodableVector.add(new Attribute(CMSAttributes.counterSignature, new DERSet(aSN1EncodableVector2)));
        return new SignerInformation(new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet(aSN1EncodableVector)), signerInformation.i, signerInformation.g, null, new DefaultSignatureAlgorithmIdentifierFinder());
    }

    public static SignerInformation replaceUnsignedAttributes(SignerInformation signerInformation, AttributeTable attributeTable) {
        SignerInfo signerInfo = signerInformation.b;
        return new SignerInformation(new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), attributeTable != null ? new DERSet(attributeTable.toASN1EncodableVector()) : null), signerInformation.i, signerInformation.g, null, new DefaultSignatureAlgorithmIdentifierFinder());
    }

    public byte[] getContentDigest() {
        if (this.k == null) {
            throw new IllegalStateException("method can only be called after verify.");
        }
        return (byte[]) this.k.clone();
    }

    public ASN1ObjectIdentifier getContentType() {
        return this.i;
    }

    public SignerInformationStore getCounterSignatures() {
        int i = 0;
        AttributeTable unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes == null) {
            return new SignerInformationStore(new ArrayList(0));
        }
        ArrayList arrayList = new ArrayList();
        ASN1EncodableVector all = unsignedAttributes.getAll(CMSAttributes.counterSignature);
        while (true) {
            int i2 = i;
            if (i2 >= all.size()) {
                return new SignerInformationStore(arrayList);
            }
            ASN1Set attrValues = ((Attribute) all.get(i2)).getAttrValues();
            attrValues.size();
            Enumeration objects = attrValues.getObjects();
            while (objects.hasMoreElements()) {
                SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
                g gVar = g.f689a;
                arrayList.add(new SignerInformation(signerInfo, null, null, new i(g.a(signerInfo.getDigestAlgorithm().getObjectId().getId()), null, getSignature()), new DefaultSignatureAlgorithmIdentifierFinder()));
            }
            i = i2 + 1;
        }
    }

    public String getDigestAlgOID() {
        return this.c.getObjectId().getId();
    }

    public byte[] getDigestAlgParams() {
        try {
            return a(this.c.getParameters());
        } catch (Exception e) {
            throw new RuntimeException("exception getting digest parameters " + e);
        }
    }

    public AlgorithmIdentifier getDigestAlgorithmID() {
        return this.c;
    }

    public byte[] getEncodedSignedAttributes() {
        if (this.e != null) {
            return this.e.getEncoded("DER");
        }
        return null;
    }

    public String getEncryptionAlgOID() {
        return this.d.getObjectId().getId();
    }

    public byte[] getEncryptionAlgParams() {
        try {
            return a(this.d.getParameters());
        } catch (Exception e) {
            throw new RuntimeException("exception getting encryption parameters " + e);
        }
    }

    public SignerId getSID() {
        return this.f675a;
    }

    public byte[] getSignature() {
        return (byte[]) this.h.clone();
    }

    public AttributeTable getSignedAttributes() {
        if (this.e != null && this.m == null) {
            this.m = new AttributeTable(this.e);
        }
        return this.m;
    }

    public AttributeTable getUnsignedAttributes() {
        if (this.f != null && this.n == null) {
            this.n = new AttributeTable(this.f);
        }
        return this.n;
    }

    public int getVersion() {
        return this.b.getVersion().getValue().intValue();
    }

    public boolean isCounterSignature() {
        return this.o;
    }

    public SignerInfo toASN1Structure() {
        return this.b;
    }

    public SignerInfo toSignerInfo() {
        return this.b;
    }

    public boolean verify(SignerInformationVerifier signerInformationVerifier) {
        Time a2 = a();
        if (!signerInformationVerifier.hasAssociatedCertificate() || a2 == null || signerInformationVerifier.getAssociatedCertificate().isValidOn(a2.getDate())) {
            return a(signerInformationVerifier);
        }
        throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime");
    }

    public boolean verify(PublicKey publicKey, String str) {
        return verify(publicKey, h.a(str));
    }

    public boolean verify(PublicKey publicKey, Provider provider) {
        a();
        return a(publicKey, provider);
    }

    public boolean verify(X509Certificate x509Certificate, String str) {
        return verify(x509Certificate, h.a(str));
    }

    public boolean verify(X509Certificate x509Certificate, Provider provider) {
        Time a2 = a();
        if (a2 != null) {
            x509Certificate.checkValidity(a2.getDate());
        }
        return a(x509Certificate.getPublicKey(), provider);
    }
}
