package sun.security.pkcs;

import com.stub.StubApp;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.bouncycastle.crypto.tls.CipherSuite;
import sun.misc.e;
import sun.security.util.Debug;
import sun.security.util.DerEncoder;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.X500Name;

/* loaded from: classes3.dex */
public class SignerInfo implements DerEncoder {
    PKCS9Attributes authenticatedAttributes;
    BigInteger certificateSerialNumber;
    AlgorithmId digestAlgorithmId;
    AlgorithmId digestEncryptionAlgorithmId;
    byte[] encryptedDigest;
    X500Name issuerName;
    PKCS9Attributes unauthenticatedAttributes;
    BigInteger version;

    public SignerInfo(DerInputStream derInputStream) throws IOException, ParsingException {
        this(derInputStream, false);
    }

    public SignerInfo(DerInputStream derInputStream, boolean z) throws IOException, ParsingException {
        this.version = derInputStream.getBigInteger();
        DerValue[] sequence = derInputStream.getSequence(2);
        this.issuerName = new X500Name(new DerValue((byte) 48, sequence[0].toByteArray()));
        this.certificateSerialNumber = sequence[1].getBigInteger();
        this.digestAlgorithmId = AlgorithmId.parse(derInputStream.getDerValue());
        if (z) {
            derInputStream.getSet(0);
        } else if (((byte) derInputStream.peekByte()) == -96) {
            this.authenticatedAttributes = new PKCS9Attributes(derInputStream);
        }
        this.digestEncryptionAlgorithmId = AlgorithmId.parse(derInputStream.getDerValue());
        this.encryptedDigest = derInputStream.getOctetString();
        if (z) {
            derInputStream.getSet(0);
        } else if (derInputStream.available() != 0 && ((byte) derInputStream.peekByte()) == -95) {
            this.unauthenticatedAttributes = new PKCS9Attributes(derInputStream, true);
        }
        if (derInputStream.available() != 0) {
            throw new ParsingException(StubApp.getString2(11224));
        }
    }

    public SignerInfo(X500Name x500Name, BigInteger bigInteger, AlgorithmId algorithmId, PKCS9Attributes pKCS9Attributes, AlgorithmId algorithmId2, byte[] bArr, PKCS9Attributes pKCS9Attributes2) {
        this.version = BigInteger.ONE;
        this.issuerName = x500Name;
        this.certificateSerialNumber = bigInteger;
        this.digestAlgorithmId = algorithmId;
        this.authenticatedAttributes = pKCS9Attributes;
        this.digestEncryptionAlgorithmId = algorithmId2;
        this.encryptedDigest = bArr;
        this.unauthenticatedAttributes = pKCS9Attributes2;
    }

    public SignerInfo(X500Name x500Name, BigInteger bigInteger, AlgorithmId algorithmId, AlgorithmId algorithmId2, byte[] bArr) {
        this.version = BigInteger.ONE;
        this.issuerName = x500Name;
        this.certificateSerialNumber = bigInteger;
        this.digestAlgorithmId = algorithmId;
        this.digestEncryptionAlgorithmId = algorithmId2;
        this.encryptedDigest = bArr;
    }

    @Override // sun.security.util.DerEncoder
    public void derEncode(OutputStream outputStream) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putInteger(this.version);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        this.issuerName.encode(derOutputStream2);
        derOutputStream2.putInteger(this.certificateSerialNumber);
        derOutputStream.write((byte) 48, derOutputStream2);
        this.digestAlgorithmId.encode(derOutputStream);
        PKCS9Attributes pKCS9Attributes = this.authenticatedAttributes;
        if (pKCS9Attributes != null) {
            pKCS9Attributes.encode((byte) -96, derOutputStream);
        }
        this.digestEncryptionAlgorithmId.encode(derOutputStream);
        derOutputStream.putOctetString(this.encryptedDigest);
        PKCS9Attributes pKCS9Attributes2 = this.unauthenticatedAttributes;
        if (pKCS9Attributes2 != null) {
            pKCS9Attributes2.encode((byte) -95, derOutputStream);
        }
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.write((byte) 48, derOutputStream);
        outputStream.write(derOutputStream3.toByteArray());
    }

    public void encode(DerOutputStream derOutputStream) throws IOException {
        derEncode(derOutputStream);
    }

    public PKCS9Attributes getAuthenticatedAttributes() {
        return this.authenticatedAttributes;
    }

    public X509Certificate getCertificate(PKCS7 pkcs7) throws IOException {
        return pkcs7.getCertificate(this.certificateSerialNumber, this.issuerName);
    }

    public ArrayList<X509Certificate> getCertificateChain(PKCS7 pkcs7) throws IOException {
        boolean z;
        X509Certificate certificate = pkcs7.getCertificate(this.certificateSerialNumber, this.issuerName);
        if (certificate == null) {
            return null;
        }
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        arrayList.add(certificate);
        X509Certificate[] certificates = pkcs7.getCertificates();
        if (certificates == null || certificate.getSubjectDN().equals(certificate.getIssuerDN())) {
            return arrayList;
        }
        Principal issuerDN = certificate.getIssuerDN();
        int i = 0;
        do {
            int i2 = i;
            while (true) {
                if (i2 >= certificates.length) {
                    z = false;
                    break;
                }
                if (issuerDN.equals(certificates[i2].getSubjectDN())) {
                    arrayList.add(certificates[i2]);
                    if (certificates[i2].getSubjectDN().equals(certificates[i2].getIssuerDN())) {
                        i = certificates.length;
                    } else {
                        issuerDN = certificates[i2].getIssuerDN();
                        X509Certificate x509Certificate = certificates[i];
                        certificates[i] = certificates[i2];
                        certificates[i2] = x509Certificate;
                        i++;
                    }
                    z = true;
                } else {
                    i2++;
                }
            }
        } while (z);
        return arrayList;
    }

    public BigInteger getCertificateSerialNumber() {
        return this.certificateSerialNumber;
    }

    public AlgorithmId getDigestAlgorithmId() {
        return this.digestAlgorithmId;
    }

    public AlgorithmId getDigestEncryptionAlgorithmId() {
        return this.digestEncryptionAlgorithmId;
    }

    public byte[] getEncryptedDigest() {
        return this.encryptedDigest;
    }

    public X500Name getIssuerName() {
        return this.issuerName;
    }

    public PKCS9Attributes getUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public BigInteger getVersion() {
        return this.version;
    }

    public String toString() {
        e eVar = new e();
        String str = ((("" + StubApp.getString2(11225) + this.issuerName + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA)) + StubApp.getString2(11226) + Debug.toHexString(this.version) + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA)) + StubApp.getString2(11227) + Debug.toHexString(this.certificateSerialNumber) + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA)) + StubApp.getString2(11228) + this.digestAlgorithmId + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
        if (this.authenticatedAttributes != null) {
            str = str + StubApp.getString2(11229) + this.authenticatedAttributes + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
        }
        String str2 = (str + StubApp.getString2(11230) + this.digestEncryptionAlgorithmId + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA)) + StubApp.getString2(11231) + eVar.b(this.encryptedDigest) + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
        if (this.unauthenticatedAttributes == null) {
            return str2;
        }
        return str2 + StubApp.getString2(11232) + this.unauthenticatedAttributes + StubApp.getString2(CipherSuite.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA);
    }

    SignerInfo verify(PKCS7 pkcs7) throws NoSuchAlgorithmException, SignatureException {
        return verify(pkcs7, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfo verify(PKCS7 pkcs7, byte[] bArr) throws NoSuchAlgorithmException, SignatureException {
        byte[] bArr2;
        try {
            try {
                ContentInfo contentInfo = pkcs7.getContentInfo();
                if (bArr == null) {
                    bArr = contentInfo.getContentBytes();
                }
                String name = getDigestAlgorithmId().getName();
                if (name.equalsIgnoreCase(StubApp.getString2("11233"))) {
                    name = StubApp.getString2("1639");
                }
                if (this.authenticatedAttributes != null) {
                    ObjectIdentifier objectIdentifier = (ObjectIdentifier) this.authenticatedAttributes.getAttributeValue(PKCS9Attribute.CONTENT_TYPE_OID);
                    if (objectIdentifier == null || !objectIdentifier.equals(contentInfo.contentType) || (bArr2 = (byte[]) this.authenticatedAttributes.getAttributeValue(PKCS9Attribute.MESSAGE_DIGEST_OID)) == null) {
                        return null;
                    }
                    byte[] digest = MessageDigest.getInstance(name).digest(bArr);
                    if (bArr2.length != digest.length) {
                        return null;
                    }
                    for (int i = 0; i < bArr2.length; i++) {
                        if (bArr2[i] != digest[i]) {
                            return null;
                        }
                    }
                    bArr = this.authenticatedAttributes.getDerEncoding();
                }
                String name2 = getDigestEncryptionAlgorithmId().getName();
                if (name2.equalsIgnoreCase(StubApp.getString2("11234"))) {
                    name2 = StubApp.getString2("11235");
                }
                Signature signature = Signature.getInstance(name + StubApp.getString2("1128") + name2);
                X509Certificate certificate = getCertificate(pkcs7);
                if (certificate == null) {
                    return null;
                }
                if (certificate.hasUnsupportedCriticalExtension()) {
                    throw new SignatureException(StubApp.getString2("11239"));
                }
                boolean[] keyUsage = certificate.getKeyUsage();
                if (keyUsage != null) {
                    try {
                        KeyUsageExtension keyUsageExtension = new KeyUsageExtension(keyUsage);
                        boolean booleanValue = ((Boolean) keyUsageExtension.get("digital_signature")).booleanValue();
                        boolean booleanValue2 = ((Boolean) keyUsageExtension.get(StubApp.getString2("11236"))).booleanValue();
                        if (!booleanValue && !booleanValue2) {
                            throw new SignatureException(StubApp.getString2("11237"));
                        }
                    } catch (IOException unused) {
                        throw new SignatureException(StubApp.getString2("11238"));
                    }
                }
                signature.initVerify(certificate.getPublicKey());
                signature.update(bArr);
                if (signature.verify(this.encryptedDigest)) {
                    return this;
                }
                return null;
            } catch (IOException e) {
                throw new SignatureException(StubApp.getString2(11241) + e.getMessage());
            }
        } catch (InvalidKeyException e2) {
            throw new SignatureException(StubApp.getString2(11240) + e2.getMessage());
        }
    }
}
